1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
|
LINKSYS-BRIDGE-SECURITY DEFINITIONS ::= BEGIN
-- Version: 7.43
-- Date: 02-Apr-2006
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Unsigned32, IpAddress, Counter32 FROM SNMPv2-SMI
InterfaceIndex, ifIndex FROM IF-MIB
RowStatus, TEXTUAL-CONVENTION, MacAddress,
DisplayString, TruthValue FROM SNMPv2-TC
VlanId FROM Q-BRIDGE-MIB
rnd FROM LINKSYS-MIB;
rlBridgeSecurity MODULE-IDENTITY
LAST-UPDATED "200604020000Z"
ORGANIZATION ""
CONTACT-INFO ""
DESCRIPTION
"The private MIB module definition for DHCP Snoop, ARP Inspection
and Ip source Guard features."
::= { rnd 112}
rlIpDhcpSnoop OBJECT IDENTIFIER ::= { rlBridgeSecurity 1}
rlIpSourceGuard OBJECT IDENTIFIER ::= { rlBridgeSecurity 2}
rlIpArpInspect OBJECT IDENTIFIER ::= { rlBridgeSecurity 3}
rlProtocolFiltering OBJECT IDENTIFIER ::= { rlBridgeSecurity 4}
--
-- DHCP Snoop
--
rlIpDhcpSnoopMibVersion OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"MIB's version, the current version is 1."
::= { rlIpDhcpSnoop 1 }
rlIpDhcpSnoopEnable OBJECT-TYPE
SYNTAX INTEGER{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Specifies a system DHCP Snoop enable state."
::= { rlIpDhcpSnoop 2 }
rlIpDhcpSnoopFileEnable OBJECT-TYPE
SYNTAX INTEGER{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Specifies a system DHCP Snoop file enable state."
::= { rlIpDhcpSnoop 3 }
rlIpDhcpSnoopClearAction OBJECT-TYPE
SYNTAX INTEGER {
noAction(1), -- for get only
clearNow(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used to clear DHCP Snoop Table."
::= { rlIpDhcpSnoop 4 }
rlIpDhcpSnoopFileUpdateTime OBJECT-TYPE
SYNTAX INTEGER(600..86400)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures in seconds the period of time between file updates.
The valid range is 600 - 86400."
::= { rlIpDhcpSnoop 5 }
rlIpDhcpSnoopVerifyMacAddress OBJECT-TYPE
SYNTAX INTEGER{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures on an un-trusted port whether the source MAC address in a DHCP packet matches
the client hardware address."
::= { rlIpDhcpSnoop 6 }
rlIpDhcpSnoopCurrentEntiresNumber OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contain the current number of DHCP snooping entries for all types."
::= { rlIpDhcpSnoop 7 }
rlIpDhcpOpt82InsertionEnable OBJECT-TYPE
SYNTAX INTEGER{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Specifies a DHCP option 82 insertion enable state."
::= { rlIpDhcpSnoop 8 }
rlIpDhcpOpt82RxOnUntrustedEnable OBJECT-TYPE
SYNTAX INTEGER{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Specifies a DHCP option 82 receive on untrusted port enable state."
::= { rlIpDhcpSnoop 9 }
--
-- Dhcp Snoop Static table
--
rlIpDhcpSnoopStaticTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpDhcpSnoopStaticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The table specifies all DHCP Snoop Static (configured by user) entries.
The entry contains a local IP address of the DHCP client, a Port interface to which a DHCP client is connected to the switch."
::= { rlIpDhcpSnoop 10 }
rlIpDhcpSnoopStaticEntry OBJECT-TYPE
SYNTAX RlIpDhcpSnoopStaticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The row definition for this table."
INDEX {rlIpDhcpSnoopStaticVLANTag,
rlIpDhcpSnoopStaticMACAddress}
::= { rlIpDhcpSnoopStaticTable 1 }
RlIpDhcpSnoopStaticEntry ::= SEQUENCE {
rlIpDhcpSnoopStaticVLANTag VlanId,
rlIpDhcpSnoopStaticMACAddress MacAddress,
rlIpDhcpSnoopStaticIPAddress IpAddress,
rlIpDhcpSnoopStaticPortInterface InterfaceIndex,
rlIpDhcpSnoopStaticRowStatus RowStatus
}
rlIpDhcpSnoopStaticVLANTag OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A DHCP Snoop Static entry vlan tag."
::= { rlIpDhcpSnoopStaticEntry 1 }
rlIpDhcpSnoopStaticMACAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A DHCP Snoop Static entry mac address"
::= { rlIpDhcpSnoopStaticEntry 2 }
rlIpDhcpSnoopStaticIPAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A DHCP Snoop Static entry IP address."
::= { rlIpDhcpSnoopStaticEntry 3 }
rlIpDhcpSnoopStaticPortInterface OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A DHCP Snoop Static entry Port interface."
::= { rlIpDhcpSnoopStaticEntry 4 }
rlIpDhcpSnoopStaticRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A status can be destroy, active or createAndGo"
::= { rlIpDhcpSnoopStaticEntry 5 }
--
-- Dhcp Snoop table
--
RlIpDhcpSnoopType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "Ip Dhcp Snoop entry type."
SYNTAX INTEGER {
learnedByProtocol(1),
deletedByTimeout(2),
static(3)
}
rlIpDhcpSnoopTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpDhcpSnoopEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "DHCP Snoop entry. Use to add/delete a dynamic entries and to view all entries (dynamic and static)"
::= { rlIpDhcpSnoop 11 }
rlIpDhcpSnoopEntry OBJECT-TYPE
SYNTAX RlIpDhcpSnoopEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The row definition for this table."
INDEX {rlIpDhcpSnoopVLANTag,
rlIpDhcpSnoopMACAddress}
::= { rlIpDhcpSnoopTable 1 }
RlIpDhcpSnoopEntry ::= SEQUENCE {
rlIpDhcpSnoopVLANTag VlanId,
rlIpDhcpSnoopMACAddress MacAddress,
rlIpDhcpSnoopType RlIpDhcpSnoopType,
rlIpDhcpSnoopLeaseTime Unsigned32,
rlIpDhcpSnoopIPAddress IpAddress,
rlIpDhcpSnoopPortInterface InterfaceIndex,
rlIpDhcpSnoopRowStatus RowStatus
}
rlIpDhcpSnoopVLANTag OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A DHCP Snoop entry vlan tag."
::= { rlIpDhcpSnoopEntry 1 }
rlIpDhcpSnoopMACAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A DHCP Snoop entry mac address"
::= { rlIpDhcpSnoopEntry 2 }
rlIpDhcpSnoopType OBJECT-TYPE
SYNTAX RlIpDhcpSnoopType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A DHCP Snoop entry type: static or dynamic."
::= { rlIpDhcpSnoopEntry 3 }
rlIpDhcpSnoopLeaseTime OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A DHCP Snoop lease time. For static entry the lease time is 0xFFFFFFFF"
::= { rlIpDhcpSnoopEntry 4 }
rlIpDhcpSnoopIPAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The IP address of the DHCP client referred to in this table entry."
::= { rlIpDhcpSnoopEntry 5 }
rlIpDhcpSnoopPortInterface OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Identifies the port Interface ifindex, which connected to DHCP client identified with the entry."
::= { rlIpDhcpSnoopEntry 6 }
rlIpDhcpSnoopRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Entry status. A valid status is CreateandGo or Delete."
::= { rlIpDhcpSnoopEntry 7 }
--
-- Dhcp Snoop Enable VLAN Table
--
rlIpDhcpSnoopEnableVlanTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpDhcpSnoopEnableVlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An Ip Dhcp Snooping enabled VLAN table."
::= { rlIpDhcpSnoop 12 }
rlIpDhcpSnoopEnableVlanEntry OBJECT-TYPE
SYNTAX RlIpDhcpSnoopEnableVlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An Ip Dhcp Snooping enabled VLAN entry."
INDEX {rlIpDhcpSnoopEnableVlanTag}
::= { rlIpDhcpSnoopEnableVlanTable 1 }
RlIpDhcpSnoopEnableVlanEntry ::= SEQUENCE {
rlIpDhcpSnoopEnableVlanTag VlanId,
rlIpDhcpSnoopEnableVlanRowStatus RowStatus
}
rlIpDhcpSnoopEnableVlanTag OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A DHCP Snoop entry vlan tag."
::= { rlIpDhcpSnoopEnableVlanEntry 1 }
rlIpDhcpSnoopEnableVlanRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Entry status. A valid status is CreateandGo and Delete."
::= { rlIpDhcpSnoopEnableVlanEntry 2 }
--
-- Dhcp Snoop Trusted ports Table
--
rlIpDhcpSnoopTrustedPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpDhcpSnoopTrustedPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"DHCP Snoop Trusted ports entry. The entry created when port is configured as trusted."
::= { rlIpDhcpSnoop 13 }
rlIpDhcpSnoopTrustedPortEntry OBJECT-TYPE
SYNTAX RlIpDhcpSnoopTrustedPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The row definition for this table."
INDEX {ifIndex}
::= { rlIpDhcpSnoopTrustedPortTable 1 }
RlIpDhcpSnoopTrustedPortEntry ::= SEQUENCE {
rlIpDhcpSnoopTrustedPortRowStatus RowStatus
}
rlIpDhcpSnoopTrustedPortRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Entry status. A valid status is CreateandGo or Delete."
::= { rlIpDhcpSnoopTrustedPortEntry 2 }
--
-- IP Source Guard
--
rlIpSourceGuardMibVersion OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"MIB's version, the current version is 1."
::= { rlIpSourceGuard 1 }
rlIpSourceGuardEnable OBJECT-TYPE
SYNTAX INTEGER{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"FALSE - There is no Ip Source Guard in the system.
TRUE - Ip Source Guard is enabled on system."
::= { rlIpSourceGuard 2 }
rlIpSourceGuardRetryToInsert OBJECT-TYPE
SYNTAX INTEGER {
noAction(0), -- for get only
retryToInsertNow(1)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When setted to retryToInsertNow all IP Source Guard inactive entries
due to resource problem reinserted in the Policy.
On get always return noAction."
::= { rlIpSourceGuard 3 }
rlIpSourceGuardRetryTime OBJECT-TYPE
SYNTAX INTEGER (0..600)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures in seconds the period of time the application retries to
insert inactive by resource problem rules. The actual range is 10-600.
0 used to sign that the timer is not active."
::= { rlIpSourceGuard 4 }
--
-- IP Source Guard Ports table
--
rlIpSourceGuardPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpSourceGuardPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"IP Source Guard ports entry. The entry created when IP Source Guard
enabled on port."
::= { rlIpSourceGuard 5 }
rlIpSourceGuardPortEntry OBJECT-TYPE
SYNTAX RlIpSourceGuardPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The row definition for this table."
INDEX {ifIndex}
::= { rlIpSourceGuardPortTable 1 }
RlIpSourceGuardPortEntry ::= SEQUENCE {
rlIpSourceGuardPortRowStatus RowStatus
}
rlIpSourceGuardPortRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Entry status. A valid status is CreateAndGo or Delete."
::= { rlIpSourceGuardPortEntry 2 }
--
-- IP Source Guard table
--
RlIpSourceGuardType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "Ip IP Source Guard entry type."
SYNTAX INTEGER {
dynamic(1),
static(2)
}
RlIpSourceGuardStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "Ip IP Source Guard entry status."
SYNTAX INTEGER {
active(1),
inactive(2)
}
RlIpSourceGuardFailReason ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "Ip IP Source Guard entry reason."
SYNTAX INTEGER {
noProblem(1),
noResource(2),
noSnoopVlan(3),
trustPort(4)
}
rlIpSourceGuardTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpSourceGuardEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "IP Source Guard entry. Use to view all entries (dynamic and static)"
::= { rlIpSourceGuard 6 }
rlIpSourceGuardEntry OBJECT-TYPE
SYNTAX RlIpSourceGuardEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The row definition for this table."
INDEX {ifIndex,
rlIpSourceGuardIPAddress,
rlIpSourceGuardVLANTag}
::= { rlIpSourceGuardTable 1 }
RlIpSourceGuardEntry ::= SEQUENCE {
rlIpSourceGuardIPAddress IpAddress,
rlIpSourceGuardVLANTag VlanId,
rlIpSourceGuardMACAddress MacAddress,
rlIpSourceGuardType RlIpSourceGuardType,
rlIpSourceGuardStatus RlIpSourceGuardStatus,
rlIpSourceGuardFailReason RlIpSourceGuardFailReason
}
rlIpSourceGuardIPAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IP address of the Ip Source Guard entry."
::= { rlIpSourceGuardEntry 1 }
rlIpSourceGuardVLANTag OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A Ip Source Guard entry vlan tag."
::= { rlIpSourceGuardEntry 2 }
rlIpSourceGuardMACAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A Ip Source Guard entry mac address"
::= { rlIpSourceGuardEntry 3 }
rlIpSourceGuardType OBJECT-TYPE
SYNTAX RlIpSourceGuardType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A Ip Source Guard entry type: static or dynamic."
::= { rlIpSourceGuardEntry 4 }
rlIpSourceGuardStatus OBJECT-TYPE
SYNTAX RlIpSourceGuardStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Identifies the status of Ip Source Guard entry."
::= { rlIpSourceGuardEntry 5 }
rlIpSourceGuardFailReason OBJECT-TYPE
SYNTAX RlIpSourceGuardFailReason
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Identifies the reason for in-activity of Ip Source Guard entry."
::= { rlIpSourceGuardEntry 6 }
--
-- IP Source Guard Permitted rules counter table
--
rlIpSourceGuardPermittedRuleCounterTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpSourceGuardPermittedRuleCounterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table includes, per vlan, the IP Source Guard permitted rules counters."
::= { rlIpSourceGuard 7 }
rlIpSourceGuardPermittedRuleCounterEntry OBJECT-TYPE
SYNTAX RlIpSourceGuardPermittedRuleCounterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The row definition for this table."
INDEX {rlIpSourceGuardPermittedRuleCounterVLANTag}
::= { rlIpSourceGuardPermittedRuleCounterTable 1 }
RlIpSourceGuardPermittedRuleCounterEntry ::= SEQUENCE {
rlIpSourceGuardPermittedRuleCounterVLANTag VlanId,
rlIpSourceGuardPermittedRuleCounterNumOfStaticRules Counter32,
rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules Counter32
}
rlIpSourceGuardPermittedRuleCounterVLANTag OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Ip Source Guard permitted rules counters entry Vlan tag."
::= { rlIpSourceGuardPermittedRuleCounterEntry 1 }
rlIpSourceGuardPermittedRuleCounterNumOfStaticRules OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of static rules added by IP Source Guard for the permitted Hosts"
::= { rlIpSourceGuardPermittedRuleCounterEntry 2 }
rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rules added by IP Source Guard for the permitted Hosts,
as a result of DHCP Snooping dynamic information."
::= { rlIpSourceGuardPermittedRuleCounterEntry 3 }
--
-- ARP Inspection
--
RlIpArpInspectListNameType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "Ip arp inspection list name type."
SYNTAX DisplayString(SIZE(1..32))
rlIpArpInspectMibVersion OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"MIB's version, the current version is 1."
::= { rlIpArpInspect 1 }
rlIpArpInspectEnable OBJECT-TYPE
SYNTAX INTEGER{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION "Specifies a system ARP Inspection enable state."
::= { rlIpArpInspect 2 }
rlIpArpInspectLogInterval OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specify the minimal interval between successive ARP SYSLOG messages.
0 - message is immediately generated.
0xFFFFFFFF - messages would not be generated. A legal range is 0-86400."
::= { rlIpArpInspect 3 }
rlIpArpInspectValidation OBJECT-TYPE
SYNTAX INTEGER{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Defined a specific check on incoming ARP packets:
Source MAC: Compare the source MAC address in the Ethernet header against
the sender MAC address in the ARP body. This check is performed on both ARP requests and responses.
Destination MAC: Compare the destination MAC address in the Ethernet header against
the target MAC address in ARP body. This check is performed for ARP responses.
IP addresses: Compare the ARP body for invalid and unexpected IP addresses.
Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses."
::= { rlIpArpInspect 4 }
--
-- ARP Inspection List table
--
rlIpArpInspectListTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpArpInspectListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The table specifies all ARP Inspection List entries.
The entry contains a list name, list IP address, a list Mac address."
::= { rlIpArpInspect 5 }
rlIpArpInspectListEntry OBJECT-TYPE
SYNTAX RlIpArpInspectListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The row definition for this table."
INDEX {rlIpArpInspectListName,
rlIpArpInspectListIPAddress}
::= { rlIpArpInspectListTable 1 }
RlIpArpInspectListEntry ::= SEQUENCE {
rlIpArpInspectListName RlIpArpInspectListNameType,
rlIpArpInspectListIPAddress IpAddress,
rlIpArpInspectListMACAddress MacAddress,
rlIpArpInspectListRowStatus RowStatus
}
rlIpArpInspectListName OBJECT-TYPE
SYNTAX RlIpArpInspectListNameType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Name of the Access List."
::= { rlIpArpInspectListEntry 1}
rlIpArpInspectListIPAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"ARP Inspection List IP address."
::= { rlIpArpInspectListEntry 2 }
rlIpArpInspectListMACAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"ARP Inspection List mac address"
::= { rlIpArpInspectListEntry 3 }
rlIpArpInspectListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A status can be destroy, active or createAndGo"
::= { rlIpArpInspectListEntry 4 }
--
-- Arp Inspection Enable VLAN Table
--
rlIpArpInspectEnableVlanTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpArpInspectEnableVlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An Ip ARP Inspection enabled VLAN table."
::= { rlIpArpInspect 6 }
rlIpArpInspectEnableVlanEntry OBJECT-TYPE
SYNTAX RlIpArpInspectEnableVlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An Ip ARP Inspection enabled VLAN entry."
INDEX {rlIpArpInspectEnableVlanTag}
::= { rlIpArpInspectEnableVlanTable 1 }
RlIpArpInspectEnableVlanEntry ::= SEQUENCE {
rlIpArpInspectEnableVlanTag VlanId,
rlIpArpInspectAssignedListName RlIpArpInspectListNameType,
rlIpArpInspectEnableVlanRowStatus RowStatus,
rlIpArpInspectVlanNumOfArpForwarded Counter32,
rlIpArpInspectVlanNumOfArpDropped Counter32,
rlIpArpInspectVlanNumOfArpMismatched Counter32,
rlIpArpInspectVlanClearCountersAction TruthValue
}
rlIpArpInspectEnableVlanTag OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An Ip ARP Inspection entry vlan tag."
::= { rlIpArpInspectEnableVlanEntry 1 }
rlIpArpInspectAssignedListName OBJECT-TYPE
SYNTAX RlIpArpInspectListNameType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An Ip ARP Inspection assigned ACL name."
::= { rlIpArpInspectEnableVlanEntry 2 }
rlIpArpInspectEnableVlanRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Entry status. A valid status is CreateandGo and Delete."
::= { rlIpArpInspectEnableVlanEntry 3 }
rlIpArpInspectVlanNumOfArpForwarded OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of forwarded ARP packets, packets which were validated by ARP inspection "
::= { rlIpArpInspectEnableVlanEntry 4 }
rlIpArpInspectVlanNumOfArpDropped OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of dropped ARP packets, which were validated by ARP inspection
(mismatch , not-found and dropped for any reason)"
::= { rlIpArpInspectEnableVlanEntry 5 }
rlIpArpInspectVlanNumOfArpMismatched OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of dropped ARP packets, which were validated by ARP inspection
and inconsistency was found for IP and MAC (mismatch)"
::= { rlIpArpInspectEnableVlanEntry 6 }
rlIpArpInspectVlanClearCountersAction OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If true, clear (set to zero) all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded ,
rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched"
DEFVAL{ false }
::= { rlIpArpInspectEnableVlanEntry 7 }
--
-- ARP Inspection Trusted ports Table
--
rlIpArpInspectTrustedPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlIpArpInspectTrustedPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "ARP Inspection Trusted ports entry. The entry created when port is configured as trusted."
::= { rlIpArpInspect 7 }
rlIpArpInspectTrustedPortEntry OBJECT-TYPE
SYNTAX RlIpArpInspectTrustedPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The row definition for this table."
INDEX {ifIndex}
::= { rlIpArpInspectTrustedPortTable 1 }
RlIpArpInspectTrustedPortEntry ::= SEQUENCE {
rlIpArpInspectTrustedPortRowStatus RowStatus
}
rlIpArpInspectTrustedPortRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Entry status. A valid status is CreateandGo or Delete."
::= { rlIpArpInspectTrustedPortEntry 2 }
rlIpArpInspectClearCountersAction OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If true, clear (set to zero) on all vlans: all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded ,
rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched"
DEFVAL{ false }
::= { rlIpArpInspect 8 }
--
-- Protocol Filtering
--
ProtocolFilteringMap ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This TC describes the list of protocol to be filtered.
The bit 'all(0)' indicates all Cisco protocols in range 0100.0ccc.ccc0 - 0100.0ccc.cccf
The bit 'cdp(1)' indicates Cisco CDP protocol.
Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2000.
The bit 'vtp(2)' indicates Cisco VTP protocol.
Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2003.
The bit 'dtp(3)' indicates Cisco DTP protocol.
Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2004.
The bit 'udld (4)' indicates Cisco UDLD protocol.
Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x0111.
The bit 'pagp(5)' indicates Cisco PAGP protocol.
Identified by destination mac address: 0100.0ccc.cccc and protocol type: 0x0104.
The bit 'sstp(6)' indicates Cisco SSTP protocol.
Identified by destination mac address: 0100.0ccc.cccd.
"
SYNTAX BITS {
all(0),
cdp(1),
vtp(2),
dtp(3),
udld(4),
pagp(5),
sstp(6)
}
rlProtocolFilteringTable OBJECT-TYPE
SYNTAX SEQUENCE OF RlProtocolFilteringEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Protocol filter configuration entry"
::= { rlProtocolFiltering 1 }
rlProtocolFilteringEntry OBJECT-TYPE
SYNTAX RlProtocolFilteringEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The row definition for this table."
INDEX {ifIndex}
::= { rlProtocolFilteringTable 1 }
RlProtocolFilteringEntry::= SEQUENCE {
rlProtocolFilteringList ProtocolFilteringMap,
rlProtocolFilteringRowStatus RowStatus
}
rlProtocolFilteringList OBJECT-TYPE
SYNTAX ProtocolFilteringMap
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The list of protocol to be filtered."
::= { rlProtocolFilteringEntry 1 }
rlProtocolFilteringRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A status can be destroy, active or createAndGo"
::= { rlProtocolFilteringEntry 2 }
END
|
