1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
|
-- *****************************************************************
-- TN-IP-SOURCE-GUARD-MIB
--
-- Copyright (c) 2012, Transition Networks Inc.
-- All rights reserved.
-- *****************************************************************
--
TN-IP-SOURCE-GUARD-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
NOTIFICATION-TYPE,
Integer32 FROM SNMPv2-SMI
NOTIFICATION-GROUP FROM SNMPv2-CONF
TEXTUAL-CONVENTION, TimeStamp,
RowStatus, TruthValue, MacAddress FROM SNMPv2-TC
InetAddressType, InetAddress, InetAddressPrefixLength FROM INET-ADDRESS-MIB
entPhysicalIndex FROM ENTITY-MIB
tnProducts FROM TRANSITION-SMI
ifIndex, InterfaceIndex FROM IF-MIB;
tnIPSourceGuardMIB MODULE-IDENTITY
LAST-UPDATED "201209100000Z"
ORGANIZATION "Transition Networks, Inc."
CONTACT-INFO
"Transition Networks
Technical Support
10900 Red Circle Drive
Minnetonka, MN 55343 USA
Tel: +1-800-526-9267
E-mail: techsupport@transition.com"
DESCRIPTION
"The mib module for IP Source Guard.
IP Source Guard is a secure feature used to restrict IP traffic
on DHCP snooping untrusted ports by filtering traffic based on
the DHCP Snooping Table or manually configured IP Source Bindings.
It helps prevent IP spoofing attacks when a host tries to spoof
and use the IP address of another host. "
REVISION "201209260000Z"
DESCRIPTION
"Initial Revision of this module"
::= { tnProducts 31 }
tnIPSourceGuardMIBObjects
OBJECT IDENTIFIER ::= { tnIPSourceGuardMIB 1 }
tnIPSourceGuardMIBNotifications
OBJECT IDENTIFIER ::= { tnIPSourceGuardMIB 2 }
--
-- Textual Conventions
--
--
-- MIB variables
--
tnIPSourceGuardMgmt
OBJECT IDENTIFIER ::= { tnIPSourceGuardMIBObjects 1 }
--
-- tnIPSourceGuardTable
--
tnIPSourceGuardTable OBJECT-TYPE
SYNTAX SEQUENCE OF TnIPSourceGuardEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is for user to configure the global settings of
IP Source Guard."
::= { tnIPSourceGuardMgmt 1 }
tnIPSourceGuardEntry OBJECT-TYPE
SYNTAX TnIPSourceGuardEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry represents a global configuration of IP Source Guard."
INDEX { entPhysicalIndex }
::= { tnIPSourceGuardTable 1 }
TnIPSourceGuardEntry ::= SEQUENCE {
tnIPSourceGuardGlobalMode TruthValue,
tnIPSourceGuardDynamicToStatic TruthValue
}
tnIPSourceGuardGlobalMode OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Set true(1) to enable or false(2) to disable the global IP Source
Guard function.
Only when both Global Mode and Port Mode on a given port are enabled,
IP Source Guard is enabled on this given port."
DEFVAL { false }
::= { tnIPSourceGuardEntry 1 }
tnIPSourceGuardDynamicToStatic OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Set true(1) to translate all dynamic entries to static entries.
It will be always returned the default value false(2) when queried."
DEFVAL { false }
::= { tnIPSourceGuardEntry 2 }
--
-- tnIPSourceGuardIfTable
--
tnIPSourceGuardIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF TnIPSourceGuardIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lets user to configure the IP Source Guard for each port."
::= { tnIPSourceGuardMgmt 2 }
tnIPSourceGuardIfEntry OBJECT-TYPE
SYNTAX TnIPSourceGuardIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry represents a IP Source Guard setting on a port."
INDEX { ifIndex }
::= { tnIPSourceGuardIfTable 1 }
TnIPSourceGuardIfEntry ::= SEQUENCE {
tnIPSourceGuardIfMode TruthValue,
tnIPSourceGuardIfMaxDynamicClients INTEGER
}
tnIPSourceGuardIfMode OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Set true(1) to enable or false(2) to disable the IP Source Guard
function on the given port.
Only when both Global Mode and Port Mode on a given port are enabled,
IP Source Guard is enabled on this given port. "
DEFVAL { false }
::= { tnIPSourceGuardIfEntry 1 }
tnIPSourceGuardIfMaxDynamicClients OBJECT-TYPE
SYNTAX INTEGER
{
zero (0), -- only allow the IP packets forwarding that are
-- matched in static entries on the specific port.
one (1), -- only one dynamic client that can be learned
-- on the given port.
two (2), -- only two dynamic clients that can be learned
-- on the given port.
unlimited (65535) -- no limitation for dynamic clients that can be
-- learned on the given port.
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specify the maximum number of dynamic clients that can be learned
on given port.
This value can be 0, 1, 2 or unlimited.
If the port mode is enabled and the value of max dynamic client is
equal to 0, it means only allow the IP packets forwarding that are
matched in static entries on the specific port."
DEFVAL { unlimited }
::= { tnIPSourceGuardIfEntry 2 }
--
-- tnIPSourceGuardStaticTable
--
tnIPSourceGuardStaticTable OBJECT-TYPE
SYNTAX SEQUENCE OF TnIPSourceGuardStaticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lets user to configure the static entries for IP Source Guard."
::= { tnIPSourceGuardMgmt 3 }
tnIPSourceGuardStaticEntry OBJECT-TYPE
SYNTAX TnIPSourceGuardStaticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry represents a static entry of IP Source Guard."
INDEX { tnIPSourceGuardStaticPort,
tnIPSourceGuardStaticVlanID,
tnIPSourceGuardStaticAddrType,
tnIPSourceGuardStaticAddr,
tnIPSourceGuardStaticMask }
::= { tnIPSourceGuardStaticTable 1 }
TnIPSourceGuardStaticEntry ::= SEQUENCE {
tnIPSourceGuardStaticPort InterfaceIndex,
tnIPSourceGuardStaticVlanID INTEGER,
tnIPSourceGuardStaticAddrType InetAddressType,
tnIPSourceGuardStaticAddr InetAddress,
tnIPSourceGuardStaticMask InetAddressPrefixLength,
tnIPSourceGuardStaticMacAddress MacAddress,
tnIPSourceGuardStaticRowStatus RowStatus
}
tnIPSourceGuardStaticPort OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The port number for the settings."
::= { tnIPSourceGuardStaticEntry 1 }
tnIPSourceGuardStaticVlanID OBJECT-TYPE
SYNTAX INTEGER (1..4094)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The vlan id for the settings."
::= { tnIPSourceGuardStaticEntry 2 }
tnIPSourceGuardStaticAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address type of Source IP.
For a detailed description of this type, please refer to INET-ADDRESS-MIB."
::= { tnIPSourceGuardStaticEntry 3 }
tnIPSourceGuardStaticAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address of Source IP.
For a detailed description of this type, please refer to INET-ADDRESS-MIB."
::= { tnIPSourceGuardStaticEntry 4 }
tnIPSourceGuardStaticMask OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Mask of Source IP.
For a detailed description of this type, please refer to INET-ADDRESS-MIB."
::= { tnIPSourceGuardStaticEntry 5 }
tnIPSourceGuardStaticMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Mac Address of Source IP."
::= { tnIPSourceGuardStaticEntry 6 }
tnIPSourceGuardStaticRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Row status of static IP Source Guard."
::= { tnIPSourceGuardStaticEntry 7}
--
-- tnIPSourceGuardDynamicTable
--
tnIPSourceGuardDynamicTable OBJECT-TYPE
SYNTAX SEQUENCE OF TnIPSourceGuardDynamicEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lets user to configure the dynamic entries for IP Source Guard."
::= { tnIPSourceGuardMgmt 4 }
tnIPSourceGuardDynamicEntry OBJECT-TYPE
SYNTAX TnIPSourceGuardDynamicEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry represents a dynamic entry of IP Source Guard."
INDEX { tnIPSourceGuardDynamicPort,
tnIPSourceGuardDynamicVlanID,
tnIPSourceGuardDynamicAddrType,
tnIPSourceGuardDynamicAddr,
tnIPSourceGuardDynamicMask }
::= { tnIPSourceGuardDynamicTable 1 }
TnIPSourceGuardDynamicEntry ::= SEQUENCE {
tnIPSourceGuardDynamicPort InterfaceIndex,
tnIPSourceGuardDynamicVlanID INTEGER,
tnIPSourceGuardDynamicAddrType InetAddressType,
tnIPSourceGuardDynamicAddr InetAddress,
tnIPSourceGuardDynamicMask InetAddressPrefixLength,
tnIPSourceGuardDynamicMacAddress MacAddress
}
tnIPSourceGuardDynamicPort OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The port number for the settings."
::= { tnIPSourceGuardDynamicEntry 1 }
tnIPSourceGuardDynamicVlanID OBJECT-TYPE
SYNTAX INTEGER (1..4094)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The vlan id for the settings. "
::= { tnIPSourceGuardDynamicEntry 2 }
tnIPSourceGuardDynamicAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address type of Source IP.
For a detailed description of this type, please refer to INET-ADDRESS-MIB."
::= { tnIPSourceGuardDynamicEntry 3 }
tnIPSourceGuardDynamicAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address of Source IP.
For a detailed description of this type, please refer to INET-ADDRESS-MIB."
::= { tnIPSourceGuardDynamicEntry 4 }
tnIPSourceGuardDynamicMask OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Mask of Source IP.
For a detailed description of this type, please refer to INET-ADDRESS-MIB."
::= { tnIPSourceGuardDynamicEntry 5 }
tnIPSourceGuardDynamicMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Mac Address of Source IP."
::= { tnIPSourceGuardDynamicEntry 6 }
--
-- Notifications
--
END
|
