diff options
Diffstat (limited to 'MIBS/hp/HP-ICF-ARP-PROTECT')
| -rw-r--r-- | MIBS/hp/HP-ICF-ARP-PROTECT | 495 |
1 files changed, 495 insertions, 0 deletions
diff --git a/MIBS/hp/HP-ICF-ARP-PROTECT b/MIBS/hp/HP-ICF-ARP-PROTECT new file mode 100644 index 0000000..7ff9a8c --- /dev/null +++ b/MIBS/hp/HP-ICF-ARP-PROTECT @@ -0,0 +1,495 @@ +-- +HP-ICF-ARP-PROTECT DEFINITIONS ::= BEGIN + +IMPORTS + hpSwitch + FROM HP-ICF-OID + ifIndex + FROM IF-MIB + InetAddressType + FROM INET-ADDRESS-MIB + InetAddress + FROM INET-ADDRESS-MIB + VlanIndex + FROM Q-BRIDGE-MIB + OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP + FROM SNMPv2-CONF + Counter32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE + FROM SNMPv2-SMI + TruthValue, MacAddress + FROM SNMPv2-TC; + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37 +hpicfArpProtect MODULE-IDENTITY + LAST-UPDATED "200708290000Z" -- August 29, 2007 at 00:00 GMT + ORGANIZATION + "Hewlett-Packard Company + ProCurve Networking Business" + CONTACT-INFO + "Hewlett-Packard Company + 8000 Foothills Blvd. + Roseville, CA 95747" + DESCRIPTION + "This MIB module contains HP proprietary + objects for managing Dynamic ARP + Protection." + REVISION "200708290000Z" -- August 29, 2007 at 00:00 GMT + DESCRIPTION + "Added hpicfArpProtectNotification and associated objects." + REVISION "200605030027Z" -- May 03, 2006 at 00:27 GMT + DESCRIPTION + "Initial revision." + ::= { hpSwitch 37 } + + +-- +-- Node definitions +-- + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.0 +hpicfArpProtectNotifications OBJECT IDENTIFIER ::= { hpicfArpProtect 0 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.0.1 +hpicfArpProtectErrantReply NOTIFICATION-TYPE + OBJECTS { hpicfArpProtectErrantCnt, hpicfArpProtectErrantSrcMac, + hpicfArpProtectErrantSrcIpType, hpicfArpProtectErrantSrcIp, + hpicfArpProtectErrantDestMac, hpicfArpProtectErrantDestIpType, + hpicfArpProtectErrantDestIp } + STATUS current + DESCRIPTION + "An hpicfArpProtectErrantReply notification signifies that + the ARP protection entity is enabled and has detected + an errant ARP reply packet. The source and + destination addresses from the packet header are included + in the notification." + ::= { hpicfArpProtectNotifications 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1 +hpicfArpProtectObjects OBJECT IDENTIFIER ::= { hpicfArpProtect 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1 +hpicfArpProtectConfig OBJECT IDENTIFIER ::= { hpicfArpProtectObjects 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1 +hpicfArpProtectGlobalCfg OBJECT IDENTIFIER ::= { hpicfArpProtectConfig 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.1 +hpicfArpProtectEnable OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The administrative status of the ARP Protection + feature." + ::= { hpicfArpProtectGlobalCfg 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.2 +hpicfArpProtectVlanEnable OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (512)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The administrative status for Dynamic ARP Protection + on each VLAN. There will be one bit in this string + for each possible VLAN ID. Each octet within this + value specifies a set of eight VLANs, with the first + octet specifying VLAN IDs 1 through 8, the second + octet specifying VLAN IDs 9 through 16, etc. Within + each octet, the most significant bit represents the + lowest numbered VLAN ID, and the least significant + bit represents the highest numbered VLAN ID. Thus, + each possible VLAN ID of the bridge is represented by + a single bit within the value of this object. If + that bit has a value of '1', then Dynamic ARP + Protection is enabled on that VLAN; Dynamic ARP + Protection is not enabled on the VLAN its bit has a + value of '0'." + ::= { hpicfArpProtectGlobalCfg 2 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.3 +hpicfArpProtectValidation OBJECT-TYPE + SYNTAX BITS + { + srcMac(0), + dstMac(1), + ip(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Additional validation checks to perform on ARP + packets during Dynamic ARP Protection. + srcMac - Drop any ARP request or response + packet where the source MAC address in + the Ethernet header does not match the + sender MAC address in the body of the + ARP packet. + dstMac - Drop any unicast ARP response packet + where the destination MAC address in the + Ethernet header does not match the target + MAC address in the body of the ARP packet. + ip - Drop any ARP packet where the sender IP + address is invalid. Drop any ARP response + packet where the target IP address is + invalid. Invalid addresses include + 0.0.0.0, 255.255.255.255, all IP multicast + addresses, and all class E IP addresses. + These checks are only performed for ARP packets + received on untrusted ports in VLANs that are enabled + for Dynamic ARP Protection. ARP packets received on + trusted ports, and ARP packets in VLANs for which + Dynamic ARP Protection is disabled, are forwarded + without validation." + ::= { hpicfArpProtectGlobalCfg 3 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.4 +hpicfArpProtectErrantNotifyEnable OBJECT-TYPE + SYNTAX INTEGER + { + enabled(1), + disabled(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Provides operational control of hpicfArpProtectErrantReply." + ::= { hpicfArpProtectGlobalCfg 4 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2 +hpicfArpProtectPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF HpicfArpProtectPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Per-interface configuration for Dynamic ARP + Protection." + ::= { hpicfArpProtectConfig 2 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2.1 +hpicfArpProtectPortEntry OBJECT-TYPE + SYNTAX HpicfArpProtectPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Dynamic ARP Protection configuration information for + a single port." + INDEX { ifIndex } + ::= { hpicfArpProtectPortTable 1 } + + +HpicfArpProtectPortEntry ::= + SEQUENCE { + hpicfArpProtectPortTrust + TruthValue + } + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2.1.1 +hpicfArpProtectPortTrust OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "This object indicates whether this port is + trusted for Dynamic ARP Protection." + ::= { hpicfArpProtectPortEntry 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2 +hpicfArpProtectStatus OBJECT IDENTIFIER ::= { hpicfArpProtectObjects 2 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1 +hpicfArpProtectVlanStatTable OBJECT-TYPE + SYNTAX SEQUENCE OF HpicfArpProtectVlanStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Per-VLAN statistics for Dynamic ARP Protection." + ::= { hpicfArpProtectStatus 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1 +hpicfArpProtectVlanStatEntry OBJECT-TYPE + SYNTAX HpicfArpProtectVlanStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Dynamic ARP Protection statistics for a single VLAN." + INDEX { hpicfArpProtectVlanStatIndex } + ::= { hpicfArpProtectVlanStatTable 1 } + + +HpicfArpProtectVlanStatEntry ::= + SEQUENCE { + hpicfArpProtectVlanStatIndex + VlanIndex, + hpicfArpProtectVlanStatForwards + Counter32, + hpicfArpProtectVlanStatBadPkts + Counter32, + hpicfArpProtectVlanStatBadBindings + Counter32, + hpicfArpProtectVlanStatBadSrcMacs + Counter32, + hpicfArpProtectVlanStatBadDstMacs + Counter32, + hpicfArpProtectVlanStatBadIpAddrs + Counter32 + } + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.1 +hpicfArpProtectVlanStatIndex OBJECT-TYPE + SYNTAX VlanIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This variable uniquely identifies the VLAN that + the counters in this entry apply to. The VLAN + identified by this object is the same VLAN as + identified by the identical value in the + dot1qVlanIndex object." + ::= { hpicfArpProtectVlanStatEntry 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.2 +hpicfArpProtectVlanStatForwards OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ARP packets received on untrusted + ports in this VLAN that were successfully validated + and forwarded. This count does not increment for + VLANs for which Dynamic ARP Protection is not + enabled." + ::= { hpicfArpProtectVlanStatEntry 2 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.3 +hpicfArpProtectVlanStatBadPkts OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ARP packets received on untrusted + ports that were dropped because they were malformed + in some way. This may include an unrecognized + opcode, an unrecognized protocol type, an + unrecognized hardware type, an invalid protocol + address length, or an invalid hardware address + length. This count does not increment for VLANs + for which Dynamic ARP Protection is not enabled." + ::= { hpicfArpProtectVlanStatEntry 3 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.4 +hpicfArpProtectVlanStatBadBindings OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ARP packets received on untrusted + ports that were dropped because they advertized + a source IP-to-MAC binding that did not match a + known, valid binding. This count does not increment + for VLANs for which Dynamic ARP Protection is not + enabled." + ::= { hpicfArpProtectVlanStatEntry 4 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.5 +hpicfArpProtectVlanStatBadSrcMacs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ARP packets received on untrusted + ports that were dropped because the source MAC + address in the Ethernet header did not match the + sender MAC address in the body of the ARP packet. + This count does not increment when source MAC + validation is not enabled. This count does not + increment for VLANs for which Dynamic ARP Protection + is not enabled." + ::= { hpicfArpProtectVlanStatEntry 5 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.6 +hpicfArpProtectVlanStatBadDstMacs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of unicast ARP response packets received + on untrusted ports that were dropped because the + destination MAC address in the Ethernet header did + not match the target MAC address in the body of the + ARP packet. This count does not increment when + destination address validation is not enabled. + This count does not increment for VLANs for which + Dynamic ARP Protection is not enabled." + ::= { hpicfArpProtectVlanStatEntry 6 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.7 +hpicfArpProtectVlanStatBadIpAddrs OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of ARP packets received on untrusted + ports that were dropped because they contained + an invalid sender IP address, or they contained + an invalid target IP address in an ARP response. + This count does not increment when IP address + validation is not enabled. This count does not + increment for VLANs for which Dynamic ARP Protection + is not enabled." + ::= { hpicfArpProtectVlanStatEntry 7 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.3 +hpicfArpProtectErrantCnt OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "A count of hpicfArpProtectErrantReply sent + from the ARP Protection entity to the SNMP + entity. This count may differ from the count + of notifications transmitted due to rate + limiting or configuration." + ::= { hpicfArpProtectObjects 3 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.4 +hpicfArpProtectErrantSrcMac OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Errant source MAC address included in a + hpicfArpProtectNotification." + ::= { hpicfArpProtectObjects 4 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.5 +hpicfArpProtectErrantSrcIpType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "IP Address type reported in hpicfArpProtectErrantSrcIp." + ::= { hpicfArpProtectObjects 5 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.6 +hpicfArpProtectErrantSrcIp OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Errant source IP address included in a + hpicfArpProtectNotification." + ::= { hpicfArpProtectObjects 6 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.7 +hpicfArpProtectErrantDestMac OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Errant destination MAC address included in a + hpicfArpProtectNotification." + ::= { hpicfArpProtectObjects 7 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.8 +hpicfArpProtectErrantDestIpType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "IP Address type reported in hpicfArpProtectErrantDestIp." + ::= { hpicfArpProtectObjects 8 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.9 +hpicfArpProtectErrantDestIp OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS accessible-for-notify + STATUS current + DESCRIPTION + "Errant destination IP address included in a + hpicfArpProtectNotification." + ::= { hpicfArpProtectObjects 9 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2 +hpicfArpProtectConformance OBJECT IDENTIFIER ::= { hpicfArpProtect 2 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.1 +hpicfArpProtectGroups OBJECT IDENTIFIER ::= { hpicfArpProtectConformance 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.1.1 +hpicfArpProtectBaseGroup OBJECT-GROUP + OBJECTS { hpicfArpProtectEnable, hpicfArpProtectVlanEnable, + hpicfArpProtectValidation, hpicfArpProtectPortTrust, + hpicfArpProtectVlanStatForwards, hpicfArpProtectVlanStatBadPkts, + hpicfArpProtectVlanStatBadBindings, hpicfArpProtectVlanStatBadSrcMacs, + hpicfArpProtectVlanStatBadDstMacs, hpicfArpProtectVlanStatBadIpAddrs, + hpicfArpProtectErrantSrcMac, hpicfArpProtectErrantSrcIp, + hpicfArpProtectErrantDestMac, hpicfArpProtectErrantSrcIpType, + hpicfArpProtectErrantDestIpType, hpicfArpProtectErrantDestIp, + hpicfArpProtectErrantCnt, hpicfArpProtectErrantNotifyEnable } + STATUS current + DESCRIPTION + "A collection of objects for configuring and + monitoring the base Dynamic ARP Protection + functionality." + ::= { hpicfArpProtectGroups 1 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.1.2 +hpicfArpProtectionNotifications NOTIFICATION-GROUP + NOTIFICATIONS { hpicfArpProtectErrantReply } + STATUS current + DESCRIPTION + "A group of Notifications whose implementation is + mandatory when HP-ICF-ARP-PROTECTION is + implemented." + ::= { hpicfArpProtectGroups 2 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.2 +hpicfArpProtectCompliances OBJECT IDENTIFIER ::= { hpicfArpProtectConformance 2 } + + +-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.2.1 +hpicfArpProtectCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for HP ProCurve switches + that support Dynamic ARP Protection." + MODULE -- this module + MANDATORY-GROUPS { hpicfArpProtectBaseGroup, hpicfArpProtectionNotifications } + ::= { hpicfArpProtectCompliances 1 } + + + +END + |