From 98a672123c7872f6b9b75a9a2b6bb3aea504de6a Mon Sep 17 00:00:00 2001 From: David Leutgeb Date: Tue, 5 Dec 2023 12:25:34 +0100 Subject: Initial commit --- MIBS/linksys/LINKSYS-BRIDGE-SECURITY | 897 +++++++++++++++++++++++++++++++++++ 1 file changed, 897 insertions(+) create mode 100644 MIBS/linksys/LINKSYS-BRIDGE-SECURITY (limited to 'MIBS/linksys/LINKSYS-BRIDGE-SECURITY') diff --git a/MIBS/linksys/LINKSYS-BRIDGE-SECURITY b/MIBS/linksys/LINKSYS-BRIDGE-SECURITY new file mode 100644 index 0000000..507d29c --- /dev/null +++ b/MIBS/linksys/LINKSYS-BRIDGE-SECURITY @@ -0,0 +1,897 @@ +LINKSYS-BRIDGE-SECURITY DEFINITIONS ::= BEGIN + +-- Version: 7.43 +-- Date: 02-Apr-2006 + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + Unsigned32, IpAddress, Counter32 FROM SNMPv2-SMI + InterfaceIndex, ifIndex FROM IF-MIB + RowStatus, TEXTUAL-CONVENTION, MacAddress, + DisplayString, TruthValue FROM SNMPv2-TC + VlanId FROM Q-BRIDGE-MIB + rnd FROM LINKSYS-MIB; + +rlBridgeSecurity MODULE-IDENTITY + LAST-UPDATED "200604020000Z" + ORGANIZATION "" + CONTACT-INFO "" + DESCRIPTION + "The private MIB module definition for DHCP Snoop, ARP Inspection + and Ip source Guard features." + ::= { rnd 112} + +rlIpDhcpSnoop OBJECT IDENTIFIER ::= { rlBridgeSecurity 1} + +rlIpSourceGuard OBJECT IDENTIFIER ::= { rlBridgeSecurity 2} + +rlIpArpInspect OBJECT IDENTIFIER ::= { rlBridgeSecurity 3} + +rlProtocolFiltering OBJECT IDENTIFIER ::= { rlBridgeSecurity 4} +-- +-- DHCP Snoop +-- +rlIpDhcpSnoopMibVersion OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "MIB's version, the current version is 1." + ::= { rlIpDhcpSnoop 1 } + +rlIpDhcpSnoopEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a system DHCP Snoop enable state." + ::= { rlIpDhcpSnoop 2 } + +rlIpDhcpSnoopFileEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a system DHCP Snoop file enable state." + ::= { rlIpDhcpSnoop 3 } + +rlIpDhcpSnoopClearAction OBJECT-TYPE + SYNTAX INTEGER { + noAction(1), -- for get only + clearNow(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Used to clear DHCP Snoop Table." + ::= { rlIpDhcpSnoop 4 } + +rlIpDhcpSnoopFileUpdateTime OBJECT-TYPE + SYNTAX INTEGER(600..86400) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Configures in seconds the period of time between file updates. + The valid range is 600 - 86400." + ::= { rlIpDhcpSnoop 5 } + +rlIpDhcpSnoopVerifyMacAddress OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Configures on an un-trusted port whether the source MAC address in a DHCP packet matches + the client hardware address." + ::= { rlIpDhcpSnoop 6 } + +rlIpDhcpSnoopCurrentEntiresNumber OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contain the current number of DHCP snooping entries for all types." + ::= { rlIpDhcpSnoop 7 } + +rlIpDhcpOpt82InsertionEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a DHCP option 82 insertion enable state." + ::= { rlIpDhcpSnoop 8 } + +rlIpDhcpOpt82RxOnUntrustedEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a DHCP option 82 receive on untrusted port enable state." + ::= { rlIpDhcpSnoop 9 } + +-- +-- Dhcp Snoop Static table +-- +rlIpDhcpSnoopStaticTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpSnoopStaticEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table specifies all DHCP Snoop Static (configured by user) entries. + The entry contains a local IP address of the DHCP client, a Port interface to which a DHCP client is connected to the switch." + ::= { rlIpDhcpSnoop 10 } + +rlIpDhcpSnoopStaticEntry OBJECT-TYPE + SYNTAX RlIpDhcpSnoopStaticEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {rlIpDhcpSnoopStaticVLANTag, + rlIpDhcpSnoopStaticMACAddress} +::= { rlIpDhcpSnoopStaticTable 1 } + +RlIpDhcpSnoopStaticEntry ::= SEQUENCE { + rlIpDhcpSnoopStaticVLANTag VlanId, + rlIpDhcpSnoopStaticMACAddress MacAddress, + rlIpDhcpSnoopStaticIPAddress IpAddress, + rlIpDhcpSnoopStaticPortInterface InterfaceIndex, + rlIpDhcpSnoopStaticRowStatus RowStatus +} +rlIpDhcpSnoopStaticVLANTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop Static entry vlan tag." + ::= { rlIpDhcpSnoopStaticEntry 1 } + +rlIpDhcpSnoopStaticMACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop Static entry mac address" + ::= { rlIpDhcpSnoopStaticEntry 2 } + +rlIpDhcpSnoopStaticIPAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A DHCP Snoop Static entry IP address." + ::= { rlIpDhcpSnoopStaticEntry 3 } + +rlIpDhcpSnoopStaticPortInterface OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A DHCP Snoop Static entry Port interface." + ::= { rlIpDhcpSnoopStaticEntry 4 } + +rlIpDhcpSnoopStaticRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A status can be destroy, active or createAndGo" + ::= { rlIpDhcpSnoopStaticEntry 5 } + +-- +-- Dhcp Snoop table +-- + +RlIpDhcpSnoopType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip Dhcp Snoop entry type." + SYNTAX INTEGER { + learnedByProtocol(1), + deletedByTimeout(2), + static(3) +} + +rlIpDhcpSnoopTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpSnoopEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "DHCP Snoop entry. Use to add/delete a dynamic entries and to view all entries (dynamic and static)" + ::= { rlIpDhcpSnoop 11 } + +rlIpDhcpSnoopEntry OBJECT-TYPE + SYNTAX RlIpDhcpSnoopEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {rlIpDhcpSnoopVLANTag, + rlIpDhcpSnoopMACAddress} +::= { rlIpDhcpSnoopTable 1 } + +RlIpDhcpSnoopEntry ::= SEQUENCE { + rlIpDhcpSnoopVLANTag VlanId, + rlIpDhcpSnoopMACAddress MacAddress, + rlIpDhcpSnoopType RlIpDhcpSnoopType, + rlIpDhcpSnoopLeaseTime Unsigned32, + rlIpDhcpSnoopIPAddress IpAddress, + rlIpDhcpSnoopPortInterface InterfaceIndex, + rlIpDhcpSnoopRowStatus RowStatus +} +rlIpDhcpSnoopVLANTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop entry vlan tag." + ::= { rlIpDhcpSnoopEntry 1 } + +rlIpDhcpSnoopMACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop entry mac address" + ::= { rlIpDhcpSnoopEntry 2 } + +rlIpDhcpSnoopType OBJECT-TYPE + SYNTAX RlIpDhcpSnoopType + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A DHCP Snoop entry type: static or dynamic." + ::= { rlIpDhcpSnoopEntry 3 } + +rlIpDhcpSnoopLeaseTime OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A DHCP Snoop lease time. For static entry the lease time is 0xFFFFFFFF" + ::= { rlIpDhcpSnoopEntry 4 } + +rlIpDhcpSnoopIPAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The IP address of the DHCP client referred to in this table entry." + ::= { rlIpDhcpSnoopEntry 5 } + +rlIpDhcpSnoopPortInterface OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Identifies the port Interface ifindex, which connected to DHCP client identified with the entry." + ::= { rlIpDhcpSnoopEntry 6 } + +rlIpDhcpSnoopRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo or Delete." + ::= { rlIpDhcpSnoopEntry 7 } + +-- +-- Dhcp Snoop Enable VLAN Table +-- +rlIpDhcpSnoopEnableVlanTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpSnoopEnableVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An Ip Dhcp Snooping enabled VLAN table." + ::= { rlIpDhcpSnoop 12 } + +rlIpDhcpSnoopEnableVlanEntry OBJECT-TYPE + SYNTAX RlIpDhcpSnoopEnableVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An Ip Dhcp Snooping enabled VLAN entry." + INDEX {rlIpDhcpSnoopEnableVlanTag} +::= { rlIpDhcpSnoopEnableVlanTable 1 } + +RlIpDhcpSnoopEnableVlanEntry ::= SEQUENCE { + rlIpDhcpSnoopEnableVlanTag VlanId, + rlIpDhcpSnoopEnableVlanRowStatus RowStatus +} +rlIpDhcpSnoopEnableVlanTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop entry vlan tag." + ::= { rlIpDhcpSnoopEnableVlanEntry 1 } + +rlIpDhcpSnoopEnableVlanRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo and Delete." + ::= { rlIpDhcpSnoopEnableVlanEntry 2 } + +-- +-- Dhcp Snoop Trusted ports Table +-- +rlIpDhcpSnoopTrustedPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpSnoopTrustedPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "DHCP Snoop Trusted ports entry. The entry created when port is configured as trusted." + ::= { rlIpDhcpSnoop 13 } + +rlIpDhcpSnoopTrustedPortEntry OBJECT-TYPE + SYNTAX RlIpDhcpSnoopTrustedPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex} +::= { rlIpDhcpSnoopTrustedPortTable 1 } + +RlIpDhcpSnoopTrustedPortEntry ::= SEQUENCE { + rlIpDhcpSnoopTrustedPortRowStatus RowStatus +} + +rlIpDhcpSnoopTrustedPortRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo or Delete." + ::= { rlIpDhcpSnoopTrustedPortEntry 2 } + +-- +-- IP Source Guard +-- + +rlIpSourceGuardMibVersion OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "MIB's version, the current version is 1." + ::= { rlIpSourceGuard 1 } + +rlIpSourceGuardEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "FALSE - There is no Ip Source Guard in the system. + TRUE - Ip Source Guard is enabled on system." + ::= { rlIpSourceGuard 2 } + +rlIpSourceGuardRetryToInsert OBJECT-TYPE + SYNTAX INTEGER { + noAction(0), -- for get only + retryToInsertNow(1) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When setted to retryToInsertNow all IP Source Guard inactive entries + due to resource problem reinserted in the Policy. + On get always return noAction." + ::= { rlIpSourceGuard 3 } + +rlIpSourceGuardRetryTime OBJECT-TYPE + SYNTAX INTEGER (0..600) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Configures in seconds the period of time the application retries to + insert inactive by resource problem rules. The actual range is 10-600. + 0 used to sign that the timer is not active." + ::= { rlIpSourceGuard 4 } + +-- +-- IP Source Guard Ports table +-- + +rlIpSourceGuardPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpSourceGuardPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "IP Source Guard ports entry. The entry created when IP Source Guard + enabled on port." + ::= { rlIpSourceGuard 5 } + +rlIpSourceGuardPortEntry OBJECT-TYPE + SYNTAX RlIpSourceGuardPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex} +::= { rlIpSourceGuardPortTable 1 } + +RlIpSourceGuardPortEntry ::= SEQUENCE { + rlIpSourceGuardPortRowStatus RowStatus +} +rlIpSourceGuardPortRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateAndGo or Delete." + ::= { rlIpSourceGuardPortEntry 2 } + +-- +-- IP Source Guard table +-- + +RlIpSourceGuardType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip IP Source Guard entry type." + SYNTAX INTEGER { + dynamic(1), + static(2) +} +RlIpSourceGuardStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip IP Source Guard entry status." + SYNTAX INTEGER { + active(1), + inactive(2) +} +RlIpSourceGuardFailReason ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip IP Source Guard entry reason." + SYNTAX INTEGER { + noProblem(1), + noResource(2), + noSnoopVlan(3), + trustPort(4) +} + +rlIpSourceGuardTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpSourceGuardEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "IP Source Guard entry. Use to view all entries (dynamic and static)" + ::= { rlIpSourceGuard 6 } + +rlIpSourceGuardEntry OBJECT-TYPE + SYNTAX RlIpSourceGuardEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex, + rlIpSourceGuardIPAddress, + rlIpSourceGuardVLANTag} +::= { rlIpSourceGuardTable 1 } + +RlIpSourceGuardEntry ::= SEQUENCE { + rlIpSourceGuardIPAddress IpAddress, + rlIpSourceGuardVLANTag VlanId, + rlIpSourceGuardMACAddress MacAddress, + rlIpSourceGuardType RlIpSourceGuardType, + rlIpSourceGuardStatus RlIpSourceGuardStatus, + rlIpSourceGuardFailReason RlIpSourceGuardFailReason +} + +rlIpSourceGuardIPAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP address of the Ip Source Guard entry." + ::= { rlIpSourceGuardEntry 1 } + +rlIpSourceGuardVLANTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Ip Source Guard entry vlan tag." + ::= { rlIpSourceGuardEntry 2 } + +rlIpSourceGuardMACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A Ip Source Guard entry mac address" + ::= { rlIpSourceGuardEntry 3 } + +rlIpSourceGuardType OBJECT-TYPE + SYNTAX RlIpSourceGuardType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A Ip Source Guard entry type: static or dynamic." + ::= { rlIpSourceGuardEntry 4 } + +rlIpSourceGuardStatus OBJECT-TYPE + SYNTAX RlIpSourceGuardStatus + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the status of Ip Source Guard entry." + ::= { rlIpSourceGuardEntry 5 } + +rlIpSourceGuardFailReason OBJECT-TYPE + SYNTAX RlIpSourceGuardFailReason + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the reason for in-activity of Ip Source Guard entry." + ::= { rlIpSourceGuardEntry 6 } + +-- +-- IP Source Guard Permitted rules counter table +-- + +rlIpSourceGuardPermittedRuleCounterTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpSourceGuardPermittedRuleCounterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table includes, per vlan, the IP Source Guard permitted rules counters." + ::= { rlIpSourceGuard 7 } + +rlIpSourceGuardPermittedRuleCounterEntry OBJECT-TYPE + SYNTAX RlIpSourceGuardPermittedRuleCounterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {rlIpSourceGuardPermittedRuleCounterVLANTag} +::= { rlIpSourceGuardPermittedRuleCounterTable 1 } + +RlIpSourceGuardPermittedRuleCounterEntry ::= SEQUENCE { + rlIpSourceGuardPermittedRuleCounterVLANTag VlanId, + rlIpSourceGuardPermittedRuleCounterNumOfStaticRules Counter32, + rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules Counter32 +} +rlIpSourceGuardPermittedRuleCounterVLANTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Ip Source Guard permitted rules counters entry Vlan tag." + ::= { rlIpSourceGuardPermittedRuleCounterEntry 1 } + +rlIpSourceGuardPermittedRuleCounterNumOfStaticRules OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of static rules added by IP Source Guard for the permitted Hosts" + ::= { rlIpSourceGuardPermittedRuleCounterEntry 2 } + +rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of rules added by IP Source Guard for the permitted Hosts, + as a result of DHCP Snooping dynamic information." + ::= { rlIpSourceGuardPermittedRuleCounterEntry 3 } + +-- +-- ARP Inspection +-- +RlIpArpInspectListNameType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip arp inspection list name type." + SYNTAX DisplayString(SIZE(1..32)) + +rlIpArpInspectMibVersion OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "MIB's version, the current version is 1." + ::= { rlIpArpInspect 1 } + +rlIpArpInspectEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a system ARP Inspection enable state." + ::= { rlIpArpInspect 2 } + +rlIpArpInspectLogInterval OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Specify the minimal interval between successive ARP SYSLOG messages. + 0 - message is immediately generated. + 0xFFFFFFFF - messages would not be generated. A legal range is 0-86400." + ::= { rlIpArpInspect 3 } + +rlIpArpInspectValidation OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Defined a specific check on incoming ARP packets: + Source MAC: Compare the source MAC address in the Ethernet header against + the sender MAC address in the ARP body. This check is performed on both ARP requests and responses. + Destination MAC: Compare the destination MAC address in the Ethernet header against + the target MAC address in ARP body. This check is performed for ARP responses. + IP addresses: Compare the ARP body for invalid and unexpected IP addresses. + Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses." + ::= { rlIpArpInspect 4 } + +-- +-- ARP Inspection List table +-- +rlIpArpInspectListTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpArpInspectListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table specifies all ARP Inspection List entries. + The entry contains a list name, list IP address, a list Mac address." + ::= { rlIpArpInspect 5 } + +rlIpArpInspectListEntry OBJECT-TYPE + SYNTAX RlIpArpInspectListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {rlIpArpInspectListName, + rlIpArpInspectListIPAddress} +::= { rlIpArpInspectListTable 1 } + +RlIpArpInspectListEntry ::= SEQUENCE { + rlIpArpInspectListName RlIpArpInspectListNameType, + rlIpArpInspectListIPAddress IpAddress, + rlIpArpInspectListMACAddress MacAddress, + rlIpArpInspectListRowStatus RowStatus +} + +rlIpArpInspectListName OBJECT-TYPE + SYNTAX RlIpArpInspectListNameType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The Name of the Access List." + ::= { rlIpArpInspectListEntry 1} + +rlIpArpInspectListIPAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "ARP Inspection List IP address." + ::= { rlIpArpInspectListEntry 2 } + +rlIpArpInspectListMACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "ARP Inspection List mac address" + ::= { rlIpArpInspectListEntry 3 } + +rlIpArpInspectListRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A status can be destroy, active or createAndGo" + ::= { rlIpArpInspectListEntry 4 } + +-- +-- Arp Inspection Enable VLAN Table +-- +rlIpArpInspectEnableVlanTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpArpInspectEnableVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An Ip ARP Inspection enabled VLAN table." + ::= { rlIpArpInspect 6 } + +rlIpArpInspectEnableVlanEntry OBJECT-TYPE + SYNTAX RlIpArpInspectEnableVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An Ip ARP Inspection enabled VLAN entry." + INDEX {rlIpArpInspectEnableVlanTag} +::= { rlIpArpInspectEnableVlanTable 1 } + +RlIpArpInspectEnableVlanEntry ::= SEQUENCE { + rlIpArpInspectEnableVlanTag VlanId, + rlIpArpInspectAssignedListName RlIpArpInspectListNameType, + rlIpArpInspectEnableVlanRowStatus RowStatus, + rlIpArpInspectVlanNumOfArpForwarded Counter32, + rlIpArpInspectVlanNumOfArpDropped Counter32, + rlIpArpInspectVlanNumOfArpMismatched Counter32, + rlIpArpInspectVlanClearCountersAction TruthValue +} + +rlIpArpInspectEnableVlanTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Ip ARP Inspection entry vlan tag." + ::= { rlIpArpInspectEnableVlanEntry 1 } + +rlIpArpInspectAssignedListName OBJECT-TYPE + SYNTAX RlIpArpInspectListNameType + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An Ip ARP Inspection assigned ACL name." + ::= { rlIpArpInspectEnableVlanEntry 2 } + +rlIpArpInspectEnableVlanRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo and Delete." + ::= { rlIpArpInspectEnableVlanEntry 3 } + +rlIpArpInspectVlanNumOfArpForwarded OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Total number of forwarded ARP packets, packets which were validated by ARP inspection " + ::= { rlIpArpInspectEnableVlanEntry 4 } + +rlIpArpInspectVlanNumOfArpDropped OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of dropped ARP packets, which were validated by ARP inspection + (mismatch , not-found and dropped for any reason)" + ::= { rlIpArpInspectEnableVlanEntry 5 } + +rlIpArpInspectVlanNumOfArpMismatched OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of dropped ARP packets, which were validated by ARP inspection + and inconsistency was found for IP and MAC (mismatch)" + ::= { rlIpArpInspectEnableVlanEntry 6 } + +rlIpArpInspectVlanClearCountersAction OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "If true, clear (set to zero) all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded , + rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched" + DEFVAL{ false } + ::= { rlIpArpInspectEnableVlanEntry 7 } + + +-- +-- ARP Inspection Trusted ports Table +-- +rlIpArpInspectTrustedPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpArpInspectTrustedPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "ARP Inspection Trusted ports entry. The entry created when port is configured as trusted." + ::= { rlIpArpInspect 7 } + +rlIpArpInspectTrustedPortEntry OBJECT-TYPE + SYNTAX RlIpArpInspectTrustedPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex} +::= { rlIpArpInspectTrustedPortTable 1 } + +RlIpArpInspectTrustedPortEntry ::= SEQUENCE { + rlIpArpInspectTrustedPortRowStatus RowStatus +} +rlIpArpInspectTrustedPortRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo or Delete." + ::= { rlIpArpInspectTrustedPortEntry 2 } + + +rlIpArpInspectClearCountersAction OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "If true, clear (set to zero) on all vlans: all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded , + rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched" + DEFVAL{ false } + ::= { rlIpArpInspect 8 } + +-- +-- Protocol Filtering +-- +ProtocolFilteringMap ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This TC describes the list of protocol to be filtered. + The bit 'all(0)' indicates all Cisco protocols in range 0100.0ccc.ccc0 - 0100.0ccc.cccf + The bit 'cdp(1)' indicates Cisco CDP protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2000. + + The bit 'vtp(2)' indicates Cisco VTP protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2003. + + The bit 'dtp(3)' indicates Cisco DTP protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2004. + + The bit 'udld (4)' indicates Cisco UDLD protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x0111. + + The bit 'pagp(5)' indicates Cisco PAGP protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type: 0x0104. + + The bit 'sstp(6)' indicates Cisco SSTP protocol. + Identified by destination mac address: 0100.0ccc.cccd. + + " + SYNTAX BITS { + all(0), + cdp(1), + vtp(2), + dtp(3), + udld(4), + pagp(5), + sstp(6) + } + +rlProtocolFilteringTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlProtocolFilteringEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Protocol filter configuration entry" + ::= { rlProtocolFiltering 1 } + +rlProtocolFilteringEntry OBJECT-TYPE + SYNTAX RlProtocolFilteringEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex} +::= { rlProtocolFilteringTable 1 } + +RlProtocolFilteringEntry::= SEQUENCE { + rlProtocolFilteringList ProtocolFilteringMap, + rlProtocolFilteringRowStatus RowStatus +} + +rlProtocolFilteringList OBJECT-TYPE + SYNTAX ProtocolFilteringMap + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The list of protocol to be filtered." + ::= { rlProtocolFilteringEntry 1 } +rlProtocolFilteringRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A status can be destroy, active or createAndGo" + ::= { rlProtocolFilteringEntry 2 } + +END + -- cgit v1.2.3