1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
-- *********************************************************************
-- **
-- ** BATM Advanced Communications.
-- **
-- *********************************************************************
-- ** Filename: PRVT-MAC-SECURITY-MIB.mib
-- ** Project: T-Metro Switches.
-- ** Purpose: Private MIB
-- *********************************************************************
-- (c) Copyright, 2009, BATM Advanced Communications. All rights reserved.
-- WARNING:
--
-- BY UTILIZING THIS FILE, YOU AGREE TO THE FOLLOWING:
--
-- This file is the property of BATM Advanced Communications and contains
-- proprietary and confidential information. This file is made
-- available to authorized BATM customers on the express
-- condition that neither it, nor any of the information contained
-- therein, shall be disclosed to third parties or be used for any
-- purpose other than to replace, modify or upgrade firmware and/or
-- software components of BATM manufactured equipment within the
-- authorized customer's network, and that such transfer be
-- completed in accordance with the instructions provided by
-- BATM. Any other use is strictly prohibited.
--
-- EXCEPT AS RESTRICTED BY LAW, OR AS PROVIDED IN BATM'S LIMITED
-- WARRANTY, THE SOFTWARE PROGRAMS CONTAINED IN THIS FILE ARE
-- PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES
-- OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--
-- IN NO EVENT SHALL BATM BE LIABLE FOR ANY DAMAGES WHATSOEVER
-- INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS
-- PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION OR
-- OTHER CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE, OR INABILITY
-- TO USE, THE SOFTWARE CONTAINED IN THIS FILE.
--
-- ----------------------------------------------------------------------------
PRVT-MAC-SECURITY-MIB DEFINITIONS ::= BEGIN
IMPORTS
switch
FROM PRVT-SWITCH-MIB
MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32
FROM SNMPv2-SMI
DisplayString, RowStatus, TEXTUAL-CONVENTION, TruthValue
FROM SNMPv2-TC;
prvtMacSecurityMIB MODULE-IDENTITY
LAST-UPDATED "201003260000Z"
ORGANIZATION
"BATM Advanced Communication"
CONTACT-INFO
"BATM/Telco Systems Support team
Email:
For North America: techsupport@telco.com
For North Europe: support@batm.de, info@batm.de
For the rest of the world: techsupport@telco.com"
DESCRIPTION
"The MIB module for managing port MAC security."
REVISION "201003260000Z"
DESCRIPTION
"Initial version."
::= { switch 109 }
PrvtMacSecLrnProfileNameType ::= TEXTUAL-CONVENTION
DISPLAY-HINT "30t"
STATUS current
DESCRIPTION
"The name of a learning profile."
SYNTAX OCTET STRING (SIZE(1..30))
PrvtMacSecWatermarkActionType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Action to perform upon reaching the watermark MAC count value."
SYNTAX INTEGER { log(3), trap(4) }
PrvtMacSecSecurityActionType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Action to perform upon reaching the maximum MAC count value."
SYNTAX INTEGER { operationalShutdown(1), trap(2) }
PrvtMacSecPolicyType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Type of policy a MAC security profile may have."
SYNTAX INTEGER { portSecurity(1), portLimit(2) }
PrvtMacSecEntryStateType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The state of a port with regards to MAC count."
SYNTAX INTEGER { noViolation(1), watermarkReached(2),
maxMacCountReached(3), errorState(4) }
prvtMacSecNotifications OBJECT IDENTIFIER
::= { prvtMacSecurityMIB 0 }
prvtMacSecObjects OBJECT IDENTIFIER
::= { prvtMacSecurityMIB 1 }
prvtMacSecLrnProfTable OBJECT-TYPE
SYNTAX SEQUENCE OF PrvtMacSecLrnProfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table of learning profiles.
A learning profile specifies the thresholds, and actions to take with regards to the number of MAC addresses learned."
::= { prvtMacSecObjects 1 }
prvtMacSecLrnProfEntry OBJECT-TYPE
SYNTAX PrvtMacSecLrnProfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry belonging to prvtMacSecLrnProfTable."
INDEX { prvtMacSecLrnProfName }
::= { prvtMacSecLrnProfTable 1 }
PrvtMacSecLrnProfEntry ::= SEQUENCE {
prvtMacSecLrnProfName PrvtMacSecLrnProfileNameType,
prvtMacSecLrnProfRowStatus RowStatus,
prvtMacSecLrnProfPolicy PrvtMacSecPolicyType,
prvtMacSecLrnProfMaxMacCount Unsigned32,
prvtMacSecLrnProfIgnoreFiltered TruthValue,
prvtMacSecLrnProfAction PrvtMacSecSecurityActionType,
prvtMacSecLrnProfWatermarkAction PrvtMacSecWatermarkActionType,
prvtMacSecLrnProfWatermarkCount Unsigned32
}
prvtMacSecLrnProfName OBJECT-TYPE
SYNTAX PrvtMacSecLrnProfileNameType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name uniquely identifying the learning profile."
::= { prvtMacSecLrnProfEntry 1 }
prvtMacSecLrnProfRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The RowStatus for this instance."
::= { prvtMacSecLrnProfEntry 2 }
prvtMacSecLrnProfPolicy OBJECT-TYPE
SYNTAX PrvtMacSecPolicyType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of MAC security policy that this learning profile follows."
::= { prvtMacSecLrnProfEntry 3 }
prvtMacSecLrnProfMaxMacCount OBJECT-TYPE
SYNTAX Unsigned32 (1..4096)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Maximum allowed number of MAC addresses to be learned.
This value should be greater than or equal to the watermark MAC count, prvtMacSecLrnProfWatermarkCount."
::= { prvtMacSecLrnProfEntry 4 }
prvtMacSecLrnProfIgnoreFiltered OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"When the violation limit is reached, do not learn violating MACs as filtered, but simply ignore them."
::= { prvtMacSecLrnProfEntry 5 }
prvtMacSecLrnProfAction OBJECT-TYPE
SYNTAX PrvtMacSecSecurityActionType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The action to perform upon reaching the prvtMacSecLrnProfMaxMacCount value."
::= { prvtMacSecLrnProfEntry 6 }
prvtMacSecLrnProfWatermarkAction OBJECT-TYPE
SYNTAX PrvtMacSecWatermarkActionType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The action to perform upon reaching the prvtMacSecLrnProfWatermarkCount value."
::= { prvtMacSecLrnProfEntry 7 }
prvtMacSecLrnProfWatermarkCount OBJECT-TYPE
SYNTAX Unsigned32 (1..4096)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Sets the watermark at which the action specified in prvtMacSecLrnProfWatermarkAction will be taken.
This value should be less than the maximum MAC count, prvtMacSecLrnProfMaxMacCount."
::= { prvtMacSecLrnProfEntry 8 }
prvtMacSecIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF PrvtMacSecIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table of profiles that have been assigned to each interface."
::= { prvtMacSecObjects 2 }
prvtMacSecIfEntry OBJECT-TYPE
SYNTAX PrvtMacSecIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry belonging to prvtMacSecIfTable."
INDEX { prvtMacSecIfName }
::= { prvtMacSecIfTable 1 }
PrvtMacSecIfEntry ::= SEQUENCE {
prvtMacSecIfName OCTET STRING,
prvtMacSecIfRowStatus RowStatus,
prvtMacSecIfProfile PrvtMacSecLrnProfileNameType,
prvtMacSecIfCurrMacCount Unsigned32,
prvtMacSecIfState PrvtMacSecEntryStateType
}
prvtMacSecIfName OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Interface name."
::= { prvtMacSecIfEntry 1 }
prvtMacSecIfRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The RowStatus for this instance."
::= { prvtMacSecIfEntry 2 }
prvtMacSecIfProfile OBJECT-TYPE
SYNTAX PrvtMacSecLrnProfileNameType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The name of a learning profile from prvtMacSecLrnProfTable."
::= { prvtMacSecIfEntry 3 }
prvtMacSecIfCurrMacCount OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current MAC count for this entry."
::= { prvtMacSecIfEntry 4 }
prvtMacSecIfState OBJECT-TYPE
SYNTAX PrvtMacSecEntryStateType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current state of this entry."
::= { prvtMacSecIfEntry 5 }
portSecurityWmarkViolation NOTIFICATION-TYPE
OBJECTS { prvtMacSecIfName }
STATUS current
DESCRIPTION
""
::= { prvtMacSecNotifications 1 }
portSecurityViolation NOTIFICATION-TYPE
OBJECTS { prvtMacSecIfName }
STATUS current
DESCRIPTION
""
::= { prvtMacSecNotifications 2 }
END -- end of module PRVT-MAC-SECURITY-MIB.
|
