[0b6c24]: d-link / portsecurity.mib Maximize Restore History

Download this file

portsecurity.mib    445 lines (394 with data), 15.8 kB

-- -----------------------------------------------------------------------------
-- MIB NAME : PORT-SECURITY-MIB
-- FILE NAME: PortSecurity.mib
-- DATE     : 2009/08/18
-- VERSION  : 1.01
-- PURPOSE  : To construct the MIB structure of port security function for
--            proprietary enterprise
-- -----------------------------------------------------------------------------
-- MODIFICTION HISTORY:
-- -----------------------------------------------------------------------------
-- Version, Date, Author
-- Description:
-- [New Object]
-- [Modification]
-- Notes: (Requested by who and which project)
--
-- Version 1.01, 2009/08/18, Oran Tang
-- Description: 
-- [New Object]
-- Add swPortSecLogState and swPortSecTrapState to isolate the control of trap
-- and log state.
-- Notes: Requested by Oran Tang for project DES3810.
--
-- Version 1.00, 2008/4/24, Kelvin Tao
-- This is the first formal version for universal MIB definition.
-- -----------------------------------------------------------------------------


PORT-SECURITY-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        MODULE-IDENTITY,OBJECT-TYPE,Unsigned32,Integer32
                                        FROM SNMPv2-SMI
        DisplayString,MacAddress        FROM SNMPv2-TC
        dlink-common-mgmt		FROM DLINK-ID-REC-MIB;
  	
    swPortSecMIB MODULE-IDENTITY
          LAST-UPDATED "0908181030Z"
          ORGANIZATION "D-Link Corp."
          CONTACT-INFO
                       "http://support.dlink.com"
          DESCRIPTION
		    "The structure of port security for the proprietary enterprise."
        ::= { dlink-common-mgmt 63 }


    swPortSecCtrl             OBJECT IDENTIFIER ::= { swPortSecMIB 1 }
    swPortSecInfo             OBJECT IDENTIFIER ::= { swPortSecMIB 2 }
    swPortSecMgmt             OBJECT IDENTIFIER ::= { swPortSecMIB 3 }

-- -----------------------------------------------------------------------------
-- swPortSecCtrl
-- -----------------------------------------------------------------------------

	swPortSecTrapLogState OBJECT-TYPE
        	SYNTAX  INTEGER {
                    enabled(1),
                    disabled(2)
                }
        	MAX-ACCESS  read-write
        	STATUS  current
        	DESCRIPTION
                "When enabled(1), whenever there's a new MAC address that violates
                 the pre-defined port security configuration, traps will be sent out
                 and the relevant information will be logged into the system."
            ::= { swPortSecCtrl 1 } 
            
 	swPortSecSysMaxLernAddr OBJECT-TYPE
		SYNTAX  INTEGER
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
		      "Indicates the maximum number of addresses to be authorized
                      by port security on the system.
                      The max entry range is (1..N). The value N means the max number and  is
	              determined by the project itself."
		::= { swPortSecCtrl 2 }

	swPortSecTrapState OBJECT-TYPE
        	SYNTAX  INTEGER {
                    enabled(1),
                    disabled(2)
                }
        	MAX-ACCESS  read-write
        	STATUS  current
        	DESCRIPTION
                "When enabled(1), whenever there's a new MAC address that violates
                 the pre-defined port security configuration, trap will be sent out."
            ::= { swPortSecCtrl 3 }
            
	swPortSecLogState OBJECT-TYPE
        	SYNTAX  INTEGER {
                    enabled(1),
                    disabled(2)
                }
        	MAX-ACCESS  read-write
        	STATUS  current
        	DESCRIPTION
                "When enabled(1), whenever there's a new MAC address that violates
                 the pre-defined port security configuration, the relevant information 
                 will be logged into the system."
            ::= { swPortSecCtrl 4 }
            
-- -----------------------------------------------------------------------------
-- swPortSecInfo
-- -----------------------------------------------------------------------------
    	     	
-- -----------------------------------------------------------------------------
-- swPortSecMgmt
-- -----------------------------------------------------------------------------
        swPortSecMgmtByPort             OBJECT IDENTIFIER ::= { swPortSecMgmt 1 }

	swPortSecPortTable OBJECT-TYPE
		SYNTAX  SEQUENCE OF SwPortSecPortEntry
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "A port security feature which controls the address learning capability and
		       traffic forwarding decisions. Each port can be enabled or disabled for this function.
		       When it is enabled and a number is given said N, which allows N addresses to be
		       learned on this port, the first N learned addresses are locked at this port as
		       static entries. When the learned addresses number reaches N, any incoming packet
		       without learned source addresses are discarded (e.g. dropped) and no more new
		       addresses can be learned on this port."
		::= { swPortSecMgmtByPort 1 }
	
	swPortSecPortEntry OBJECT-TYPE
		SYNTAX  SwPortSecPortEntry
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "A list of information contained in the swPortSecPortTable."
		INDEX   { swPortSecPortIndex }
		::= { swPortSecPortTable 1 }
	
	SwPortSecPortEntry ::=
		SEQUENCE {
		  swPortSecPortIndex
		      INTEGER,
		  swPortSecPortMaxLernAddr
		      INTEGER,
		  swPortSecPortLockAddrMode
		      INTEGER,
		  swPortSecPortAdmState
		      INTEGER,
		  swPortSecPortClearCtrl
		      INTEGER
		}
	
	swPortSecPortIndex OBJECT-TYPE
		SYNTAX  INTEGER
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "Indicates the secured port to lock address learning."
		::= { swPortSecPortEntry 1 }
	
	swPortSecPortMaxLernAddr OBJECT-TYPE
		SYNTAX  INTEGER
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
		      "Indicates the allowable number of addresses to be learned on this port.
                      The max entry range is (0..N). The value N means the max number and  is
	              determined by the project itself."
		::= { swPortSecPortEntry 2 }
	
	swPortSecPortLockAddrMode OBJECT-TYPE
		SYNTAX  INTEGER {
		           permanent(1),
                           deleteOnTimeout(2),
                           deleteOnReset(3)
                        }
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
		      "Indicates the mode of locking address.
		       In deleteOnTimeout(2) mode, the locked addresses can be aged out after
		       the aging timer expires. In this mode, when the locked address is aged
		       out, the number of addresses that can be learned has to be increased by one.
		       In deleteOnReset (3) mode, locked addresses never age out unless the system
		       restarts which will prevent port movement or intrusion."
		::= { swPortSecPortEntry 3 }
	
	swPortSecPortAdmState OBJECT-TYPE
		SYNTAX  INTEGER {
		          enabled(1),
		          disabled(2)
		      }
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
		      "Indicates the administration state of the locking address."
		::= { swPortSecPortEntry 4 }
		
	swPortSecPortClearCtrl  OBJECT-TYPE
		SYNTAX INTEGER  {
			other(1),
			start(2)
        		}
		MAX-ACCESS  read-write
		STATUS      current
		DESCRIPTION
			"Used to clear port security entries by port.
			 Setting this value to 'start' will execute the clear action.
			 Once cleared, the value returns to 'other'."
        	::= { swPortSecPortEntry 5 }

-- -----------------------------------------------------------------------------
        swPortSecMgmtByVLAN             OBJECT IDENTIFIER ::= { swPortSecMgmt 2 }
        
	swPortSecVLANTable OBJECT-TYPE
		SYNTAX  SEQUENCE OF SwPortSecVLANEntry
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "A port security feature which controls the address leaning capability.
		       When number is given said N, which allows N addresses to be learned on this VLAN,
                       the first N learned addresses are locked at this VLAN as static entries.
                       When the learned addresses number reaches N, any incoming packet
		       without learned source addresses are discarded (e.g. dropped) and no more new
		       addresses can be learned on this VLAN."
		::= { swPortSecMgmtByVLAN 1 }
	
	swPortSecVLANEntry OBJECT-TYPE
		SYNTAX  SwPortSecVLANEntry
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "A list of information contained in the swPortSecVLANTable."
		INDEX   { swPortSecVLANID }
		::= { swPortSecVLANTable 1 }
	
	SwPortSecVLANEntry ::=
		SEQUENCE {
		  swPortSecVLANID
		      INTEGER,
		  swPortSecVLANMaxLernAddr
		      INTEGER,
		  swPortSecVLANClearCtrl
		      INTEGER
		}
	
	swPortSecVLANID OBJECT-TYPE
		SYNTAX  INTEGER (1..4094)
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "Indicates the secured VLAN to lock address learning."
		::= { swPortSecVLANEntry 1 }
	
	swPortSecVLANMaxLernAddr OBJECT-TYPE
		SYNTAX  INTEGER
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
		      "Indicates allowable number of addresses to be learned on this VLAN.
                      A value of -1 means no-limit. The default value is no-limit.
                      
                      The max entry range is (0..N). The value N means the max number and is
	              determined by the project itself."
		::= { swPortSecVLANEntry 2 }
	
	swPortSecVLANClearCtrl  OBJECT-TYPE
		SYNTAX INTEGER  {
			other(1),	
			start(2)
        		}
		MAX-ACCESS  read-write
		STATUS      current
		DESCRIPTION
			"Used to clear port security entries by VLAN.
			 Setting this value to 'start' will execute the clear action. 
			 Once cleared, the value returns to 'other'.
                        "
        	::= { swPortSecVLANEntry 3 }

-- -----------------------------------------------------------------------------
        swPortSecMgmtByVLANOnPort             OBJECT IDENTIFIER ::= { swPortSecMgmt 3 }
        
	swPortSecVLANOnPortTable OBJECT-TYPE
		SYNTAX  SEQUENCE OF SwPortSecVLANOnPortEntry
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "A port security feature which controls the address learning capability.
		       When number is given said N, which allows N addresses to be learned
                       on this VLAN from the special port, the first N learned addresses are locked
                       at this VLAN from the special port as static entries.
                       When the learned addresses number reaches N, any incoming packet
		       without learned source addresses are discarded (e.g. dropped) and no more new
		       addresses can be learned on this VLAN from the special port."
		::= { swPortSecMgmtByVLANOnPort 1 }
	
	swPortSecVLANOnPortEntry OBJECT-TYPE
		SYNTAX  SwPortSecVLANOnPortEntry
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "A list of information contained in the swPortSecVLANOnPortTable."
		INDEX   { swPortSecPortIndex,swPortSecVLANID }
		::= { swPortSecVLANOnPortTable 1 }
	
	SwPortSecVLANOnPortEntry ::=
		SEQUENCE {
		  swPortSecVLANOnPortMaxLernAddr
		      INTEGER,
		  swPortSecVLANOnPortAddCtrl
		      INTEGER
		}
	
	swPortSecVLANOnPortMaxLernAddr OBJECT-TYPE
		SYNTAX  INTEGER
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
		      "Indicates allowable number of addresses to be learned on this VLAN
                      from the special port.
                      A value of -1 means no-limit. The default value is no-limit.
                      Only VLANs with limitations will be displayed in this table.
                      
                      The max entry range is (0..N). The value N means the max number and is
	              determined by the project itself."
		::= { swPortSecVLANOnPortEntry 1 }
	
	swPortSecVLANOnPortAddCtrl  OBJECT-TYPE
		SYNTAX INTEGER  {
			other(1),
		        add(2)
        		}
		MAX-ACCESS  read-create
		STATUS      current
		DESCRIPTION
			"other (1):
                            When user gets this object, it always returns other(1).
                         add (2):
			    Used to configure the VLAN limit from the special port.
			    
			    If 'add' is selected, swPortSecVLANOnPortMaxLernAddr must be set to a valid value except -1.
                        "
        	::= { swPortSecVLANOnPortEntry 2 }
-- -----------------------------------------------------------------------------
        swPortSecMgmtByVLANOnPortClearCtrl             OBJECT IDENTIFIER ::= { swPortSecMgmtByVLANOnPort 2 }
         
 	swPortSecMgmtByVLANOnPortClearPort  OBJECT-TYPE
		SYNTAX INTEGER
		MAX-ACCESS  read-write
		STATUS      current
		DESCRIPTION
			"Indicates the port."
        	::= { swPortSecMgmtByVLANOnPortClearCtrl 1 }

	swPortSecMgmtByVLANOnPortClearVID  OBJECT-TYPE
		SYNTAX INTEGER
		MAX-ACCESS  read-write
		STATUS      current
		DESCRIPTION
			"Indicates the VID."
        	::= { swPortSecMgmtByVLANOnPortClearCtrl 2 }

	swPortSecMgmtByVLANOnPortClearAction  OBJECT-TYPE
		SYNTAX INTEGER  {
			other(1),
		        start(2)
        		}
		MAX-ACCESS  read-write
		STATUS      current
		DESCRIPTION
			"other(1):
                            When user gets this object, it always returns other(1).
                         start(2):
			    Used to clear port security entries by VLAN on the special port."
        	::= { swPortSecMgmtByVLANOnPortClearCtrl 3 }       	
-- -----------------------------------------------------------------------------

	swPortSecEntriesTable OBJECT-TYPE
		SYNTAX  SEQUENCE OF SwPortSecEntriesEntry
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "This table is used to show port security entries."
		::= { swPortSecMgmt 4 }
	
	swPortSecEntriesEntry OBJECT-TYPE
		SYNTAX  SwPortSecEntriesEntry
		MAX-ACCESS  not-accessible
		STATUS  current
		DESCRIPTION
		      "A list of information contained in the swPortSecEntriesTable."
		INDEX   { swPortSecMac,swPortSecVID }
		::= { swPortSecEntriesTable 1 }
	
	SwPortSecEntriesEntry ::=
		SEQUENCE {
		  swPortSecMac
		      MacAddress,
		  swPortSecVID
		      INTEGER,
                  swPortSecPort
                      INTEGER,
                  swPortSecDelCtrl
                      INTEGER
		}	
	
        swPortSecMac OBJECT-TYPE
                SYNTAX  MacAddress
                MAX-ACCESS  read-only
                STATUS  current
                DESCRIPTION
                     "Specifies a MAC address."
                ::= { swPortSecEntriesEntry 1 }
                
	swPortSecVID OBJECT-TYPE
		SYNTAX	INTEGER (1..4094)
		MAX-ACCESS  read-only
		STATUS  current
		DESCRIPTION
		      "Indicates the VLAN ID."
		::= { swPortSecEntriesEntry 2 }	
	
         swPortSecPort OBJECT-TYPE
		SYNTAX  INTEGER
		MAX-ACCESS  read-only
		STATUS  current
		DESCRIPTION
		      "Indicates the port."
		::= { swPortSecEntriesEntry 3 }
 	

         swPortSecDelCtrl  OBJECT-TYPE
		SYNTAX INTEGER  {
			other(1),
			start(2)
                       }
		MAX-ACCESS  read-write
		STATUS      current
		DESCRIPTION
			"Used to delete this port security entry.
			 Setting this value to 'start' will execute the delete action.
			 Once deleted, the value returns to 'other'."
                ::= { swPortSecEntriesEntry 4 }    	
        	

END