1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
|
-- Port Security MIB overview:
-- Port Security MIB falls under lb6m MIB node of the private subtree.
NETGEAR-PORTSECURITY-PRIVATE-MIB DEFINITIONS ::= BEGIN
-- Netgear Inc NETGEAR Port Security MIB
-- Copyright Netgear Inc(2004-2007) All rights reserved.
-- This SNMP Management Information Specification
-- embodies Netgear Inc's confidential and proprietary
-- intellectual property. Netgear Inc retains all title
-- and ownership in the Specification including any revisions.
-- This Specification is supplied "AS IS", Netgear Inc
-- makes no warranty, either expressed or implied,
-- as to the use, operation, condition, or performance of the
-- Specification.
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
Unsigned32 FROM SNMPv2-SMI
TEXTUAL-CONVENTION,RowStatus,
MacAddress FROM SNMPv2-TC
ifIndex FROM IF-MIB
DisplayString FROM RFC1213-MIB
lb6m FROM QUANTA-LB6M-REF-MIB;
fastPathPortSecurity MODULE-IDENTITY
LAST-UPDATED "201101260000Z" -- 26 January 2011 12:00:00 GMT
ORGANIZATION "Netgear Inc"
CONTACT-INFO ""
DESCRIPTION
"The Netgear Private MIB for NETGEAR Port Security Feature."
-- Revision history.
REVISION
"201101260000Z" -- 26 January 2011 12:00:00 GMT
DESCRIPTION
"Postal address updated."
REVISION
"200705230000Z" -- 23 May 2007 12:00:00 GMT
DESCRIPTION
"Netgear branding related changes."
::= { lb6m 20 }
--**************************************************************************************
-- agentPortSecurityGroup -> contains MIB objects displaying Port Security
-- and associated Functionality
--
--**************************************************************************************
agentPortSecurityGroup OBJECT IDENTIFIER ::= { fastPathPortSecurity 1}
agentGlobalPortSecurityMode OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Mode showing whether at the global level, port security is enabled or not."
DEFVAL { disable }
::={ agentPortSecurityGroup 1 }
agentPortSecurityTable OBJECT-TYPE
SYNTAX SEQUENCE OF AgentPortSecurityEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "A table for Port Security and associated functionality."
::= { agentPortSecurityGroup 2 }
agentPortSecurityEntry OBJECT-TYPE
SYNTAX AgentPortSecurityEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Represents entry for port security table"
INDEX { ifIndex }
::={ agentPortSecurityTable 1}
AgentPortSecurityEntry ::=
SEQUENCE {
agentPortSecurityMode
INTEGER,
agentPortSecurityDynamicLimit
Unsigned32,
agentPortSecurityStaticLimit
Unsigned32,
agentPortSecurityViolationTrapMode
INTEGER,
agentPortSecurityStaticMACs
DisplayString,
agentPortSecurityLastDiscardedMAC
DisplayString,
agentPortSecurityMACAddressAdd
DisplayString,
agentPortSecurityMACAddressRemove
DisplayString,
agentPortSecurityMACAddressMove
INTEGER,
agentPortSecurityStickyMode
INTEGER
}
agentPortSecurityMode OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Mode showing whether at port level security is enabled or not."
DEFVAL { disable }
::={ agentPortSecurityEntry 1 }
agentPortSecurityDynamicLimit OBJECT-TYPE
SYNTAX Unsigned32(0..4096)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This variable signifies the limit of dynamically locked MAC addresses
allowed on a specific port."
DEFVAL { 4096 }
::={ agentPortSecurityEntry 2 }
agentPortSecurityStaticLimit OBJECT-TYPE
SYNTAX Unsigned32(0..20)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This variable signifies the limit of statically locked MAC addresses
allowed on a specific port."
DEFVAL { 20 }
::={ agentPortSecurityEntry 3 }
agentPortSecurityViolationTrapMode OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This variable is used to enable or disable the sending of new violation
traps designating when a packet with a disallowed MAC address is
received on a locked port."
::={agentPortSecurityEntry 4 }
agentPortSecurityStaticMACs OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This variable displays the statically locked MAC addresses for port.
The list displayed in a particular fashion :
2 a0:b1:c2:d1:e3:a1,11 a0:b1:c2:d3:e4:f5
(i.e., VLAN MAC pairs followed by a 1 or 0 to indicate a sticky entry, separated by commas)."
::={agentPortSecurityEntry 6 }
agentPortSecurityLastDiscardedMAC OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This variable displays the vlan-id and source MAC address of the last packet that was
discarded on a locked port."
::={agentPortSecurityEntry 7 }
agentPortSecurityMACAddressAdd OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This MIB variable accepts a VLAN id, MAC address and the sticky value to be added to the list
of statically locked MAC addresses on a port. The VLAN id, MAC address and sticky value combination
would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1 1(the vlan-id, MAC address
and sticky value separated by blank-spaces)."
::={ agentPortSecurityEntry 8 }
agentPortSecurityMACAddressRemove OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This MIB variable accepts a VLAN id and MAC address to be removed from the list
of statically locked MAC addresses on a port.. The VLAN id and MAC address combination
would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and
MAC address separated by a blank-space)."
::={ agentPortSecurityEntry 9 }
agentPortSecurityMACAddressMove OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When this object is enabled, all the dynamically locked MAC addresses will
be moved to statically locked addresses on a port. GET operation on this object will display
disable."
::={ agentPortSecurityEntry 10 }
agentPortSecurityStickyMode OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is used to configure port level security sticky mode in a port."
DEFVAL { disable }
::={ agentPortSecurityEntry 11 }
--**********************************************************************--
agentPortSecurityDynamicTable OBJECT-TYPE
SYNTAX SEQUENCE OF AgentPortSecurityDynamicEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "A table for Port Security Dynamic and associated functionality."
::= { agentPortSecurityGroup 3 }
agentPortSecurityDynamicEntry OBJECT-TYPE
SYNTAX AgentPortSecurityDynamicEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Represents entry for port MAC Locking table"
INDEX { ifIndex,agentPortSecurityDynamicVLANId,agentPortSecurityDynamicMACAddress }
::={ agentPortSecurityDynamicTable 1}
AgentPortSecurityDynamicEntry ::=
SEQUENCE {
agentPortSecurityDynamicVLANId
Unsigned32,
agentPortSecurityDynamicMACAddress
MacAddress
}
agentPortSecurityDynamicVLANId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Source VLAN id of the packet that is received on the dynamically locked port."
::={agentPortSecurityDynamicEntry 1 }
agentPortSecurityDynamicMACAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Source MAC address of the packet that is received on the dynamically locked port."
::={ agentPortSecurityDynamicEntry 2 }
agentGlobalPortSecurityStickyMode OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is used to apply the Sticky Mode to all ports.
This is write-only value. It always returns 'disable' on request"
DEFVAL { disable }
::={ agentPortSecurityGroup 4 }
agentGlobalPortSecurityViolationTrapMode OBJECT-TYPE
SYNTAX INTEGER {
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This variable is used to enable or disable the sending of new violation
traps designating when a packet with a disallowed MAC address is
received on a locked port. The configuration will be done on all ports.
This is write-only value. It always returns 'disable' on request"
DEFVAL { disable }
::={ agentPortSecurityGroup 5 }
--**************************************************************************************
-- agentPortSecurity Traps
--
--**************************************************************************************
agentPortSecurityTraps OBJECT IDENTIFIER ::= { fastPathPortSecurity 2 }
agentPortSecurityViolation NOTIFICATION-TYPE
OBJECTS {
ifIndex,
agentPortSecurityLastDiscardedMAC
}
STATUS current
DESCRIPTION
"Sent when a packet is received on a locked port with a source MAC address
that is not allowed."
::= { agentPortSecurityTraps 1 }
END
|
