--**MOD+*********************************************************************** --* Module: hpicfDipldv6.mib --* -- Copyright (C) 2017 Hewlett-Packard Development Company, L.P. --* All Rights Reserved. --* --* The contents of this software are proprietary and confidential --* to the Hewlett Packard Enterprise Development LP. No part of this --* program may be photocopied, reproduced, or translated into another --* programming language without prior written consent of the --* Hewlett Packard Enterprise Development LP. --* --* Purpose: This file contains MIB definition of HP-ICF-IPv6-DYNAMIC-LOCKDOWN-MIB --* --**MOD-*********************************************************************** HP-ICF-IPv6-DYNAMIC-LOCKDOWN-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE, Counter32 FROM SNMPv2-SMI MacAddress, TruthValue FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF ifIndex , InterfaceIndex FROM IF-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB VlanIndex FROM Q-BRIDGE-MIB hpSwitch FROM HP-ICF-OID hpicfSaviObjectsFilteringEntry FROM HPICF-SAVI-MIB; hpicfIpv6Lockdown MODULE-IDENTITY LAST-UPDATED "201711080000Z" -- Nov 08, 2017 ORGANIZATION "HP Networking" CONTACT-INFO "Hewlett-Packard Company 8000 Foothills Blvd. Roseville, CA 95747" DESCRIPTION "This MIB module contains HP proprietary objects for managing DHCPV6 Snooping." REVISION "201711080000Z" DESCRIPTION "Importing hpicfSaviObjectsFilteringEntry from HPICF-SAVI-MIB and augmenting it instead of saviObjectsFilteringEntry." REVISION "201310060000Z" DESCRIPTION "Initial Version." ::= { hpSwitch 103 } hpicfDIPLDv6SourceBindingNotifications OBJECT IDENTIFIER ::= { hpicfIpv6Lockdown 0 } hpicfDIPLDv6Objects OBJECT IDENTIFIER ::= { hpicfIpv6Lockdown 1 } hpicfIpv6LockConformance OBJECT IDENTIFIER ::= {hpicfIpv6Lockdown 2 } hpicfDIPDv6SourceBindingOutOfResources NOTIFICATION-TYPE OBJECTS { hpicfDIPLDv6SourceBindingAddrPort, hpicfDIPLDv6SourceBindingAddrMacAddress, hpicfDIPLDv6SourceBindingAddrIpAddressType, hpicfDIPLDv6SourceBindingAddrIpAddress, hpicfDIPLDv6SourceBindingAddrVlan } STATUS current DESCRIPTION "This trap is sent when hardware runs out of resource to program Dynamic IPv6 Lockdown rule. It is controlled by the state of hpicfcfDIPLDv6SourceBindingOutOfResourcesTrapCtrl object.Implementation of this trap is optional." ::= { hpicfDIPLDv6SourceBindingNotifications 1 } hpicfDIPLDv6SourceBindingOutOfResourcesObjects OBJECT IDENTIFIER ::= {hpicfDIPLDv6SourceBindingNotifications 2} hpicfDIPLDv6SourceBindingAddrPort OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The Interface Index of the port for which Dynamic IPv6 Lockdown rule cannot be programmed into hardware." ::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 1 } hpicfDIPLDv6SourceBindingAddrMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The source MAC address for which Dynamic IPv6 Lockdown rule cannot be programmed into hardware." ::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 2 } hpicfDIPLDv6SourceBindingAddrIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The Type of the IP Address of the source for which Dynamic IPv6 lockdown rule cannot be programmed into the hardware." ::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 3 } hpicfDIPLDv6SourceBindingAddrIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A source IP address for which Dynamic IPv6 Lockdown rule cannot be programmed into hardware." ::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 4 } hpicfDIPLDv6SourceBindingAddrVlan OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The VLAN for which Dynamic IPv6 Lockdown rule cannot be programmed into hardware." ::= {hpicfDIPLDv6SourceBindingOutOfResourcesObjects 5 } hpicfDIPLDv6SourceBindingVoilations NOTIFICATION-TYPE OBJECTS {hpicfDIPLDv6SourceBindingVoilationsCount, hpicfDIPLDv6SourceBindingVoilationsPort, hpicfDIPLDv6SourceBindingVoilationsSrcIpType, hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress, hpicfDIPLDv6SourceBindingVoilationsDstIpType, hpicfDIPLDv6SourceBindingVoilationsDstIpAddress, hpicfDIPLDv6SourceBindingVoilationsMacAddress, hpicfDIPLDv6SourceBindingVoilationsPktCount} STATUS current DESCRIPTION "This notification indicates a host was denied access to the switch based on Dynamic IPv6 lockdown protection rules. This trap is controlled by the state of the 'hpicfDIPLDv6SourceBindingViolationsTrapCtrl' object. Implementation of this trap is optional." ::= { hpicfDIPLDv6SourceBindingNotifications 3 } hpicfDIPLDv6SourceBindingVoilationsObjects OBJECT IDENTIFIER ::= { hpicfDIPLDv6SourceBindingNotifications 4 } hpicfDIPLDv6SourceBindingVoilationsCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The number of DIPLDv6 violations sent from a DIPLDv6 entity to the SNMP entity." ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 1 } hpicfDIPLDv6SourceBindingVoilationsPort OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The Interface Index of the port for which this 'hpicfDIPLDv6SourceBindingVoilations' applies." ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 2 } hpicfDIPLDv6SourceBindingVoilationsSrcIpType OBJECT-TYPE SYNTAX InetAddressType -- { ipv6(2), ipv6z (4) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The type of IP address contained in 'hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress'. The only values expected are ipv6 or ipv6z." ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 3 } hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The source IP address for which this 'hpicfDIPLDv6SourceBindingVoilations' applies." ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 4 } hpicfDIPLDv6SourceBindingVoilationsDstIpType OBJECT-TYPE SYNTAX InetAddressType -- { ipv6(2), ipv6z (4) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The type of IP address contained in 'hpicfIpLockSourceBindingVoilationsDstIpAddress'. The only values expected are ipv6 or ipv6z." ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 5 } hpicfDIPLDv6SourceBindingVoilationsDstIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The destination IP address for which this 'hpicfDIPLDv6SourceBindingVoilations' applies." ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 6 } hpicfDIPLDv6SourceBindingVoilationsMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The source MAC address for which this 'hpicfDIPLDv6SourceBindingVoilations' applies." ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 7 } hpicfDIPLDv6SourceBindingVoilationsPktCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates the number of packets received from this host which were dropped." ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 8 } -- Configuration Parameters hpicfDIPLDv6Config OBJECT IDENTIFIER ::= { hpicfDIPLDv6Objects 1 } hpicfDIPLDv6LockEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The administrative status of the Dynamic IPv6 Lockdown feature." ::= { hpicfDIPLDv6Config 1 } hpicfDIPLDv6PortTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfDIPLDv6PortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Per-interface configuration for Dynamic IPv6 Lockdown." ::= { hpicfDIPLDv6Config 2 } hpicfDIPLDv6PortEntry OBJECT-TYPE SYNTAX HpicfDIPLDv6PortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Dynamic IPv6 Lockdown configuration information for a single port." INDEX { ifIndex } ::= { hpicfDIPLDv6PortTable 1 } HpicfDIPLDv6PortEntry ::= SEQUENCE { hpicfDIPLDv6PortEnable TruthValue, hpicfDIPLDv6PortOperStatus BITS } hpicfDIPLDv6PortEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether this port is enabled for Dynamic IPv6 Lockdown." ::= { hpicfDIPLDv6PortEntry 1 } hpicfDIPLDv6PortOperStatus OBJECT-TYPE SYNTAX BITS{ active(0), noDsnoopv6(1), trustedPort(2), noSnoopingVlan(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the various states of the current operating mode of Dynamic IPv6 Lockdown on this port. The states are: active - Dynamic IPv6 Lockdown is active on this port. noDsnoop - Dynamic IPv6 Lockdown is enabled on this port, but DHCPv6 Snooping is not globally enabled. trustedPort - Dynamic IPv6 Lockdown is enabled on this port, but is not active because the port is a DHCPv6 Snooping trusted port. noSnoopingVlan - Dynamic IPv6 Lockdown is enabled on this port, but is not active because the port is not a member of any VLAN with DHCPv6 Snooping enabled." ::= { hpicfDIPLDv6PortEntry 2 } hpicfDIPLDv6SourceBindingOutOfResourcesTrapCtrl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Controls generation of SNMP notifications for traps defined in this MIB." DEFVAL { true } ::= { hpicfDIPLDv6Config 3 } hpicfDIPLDv6SourceBindingViolationsTrapCtrl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Controls generation of SNMP notifications for traps defined in this MIB." DEFVAL { true } ::= { hpicfDIPLDv6Config 4 } hpicfDIPLDv6Status OBJECT IDENTIFIER ::= { hpicfDIPLDv6Objects 2 } hpicfDIPLDv6AddrTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfDIPLDv6AddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of source address bindings on ports where Dynamic IPv6 Lockdown is active that are currently permitted." ::= { hpicfDIPLDv6Status 1 } hpicfDIPLDv6AddrEntry OBJECT-TYPE SYNTAX HpicfDIPLDv6AddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Extension to the hpicfSAVI filtering table." AUGMENTS { hpicfSaviObjectsFilteringEntry } ::= { hpicfDIPLDv6AddrTable 1 } HpicfDIPLDv6AddrEntry ::= SEQUENCE { hpicfDIPLDv6AddrVlan VlanIndex, hpicfDIPLDv6ResourceAvailable TruthValue } hpicfDIPLDv6AddrVlan OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The VLAN on which this binding entry is permitted." ::= { hpicfDIPLDv6AddrEntry 1 } hpicfDIPLDv6ResourceAvailable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This Object provides the availability of HW resources while adding a binding. TRUE indicates that hardware resources were available to add a binding. FALSE indicates that resources were not available." ::= { hpicfDIPLDv6AddrEntry 2 } -- Conformance groups hpicfIpv6LockGroups OBJECT IDENTIFIER ::= {hpicfIpv6LockConformance 1 } hpicfIpv6LockBaseGroup OBJECT-GROUP OBJECTS { hpicfDIPLDv6LockEnable, hpicfDIPLDv6PortEnable, hpicfDIPLDv6PortOperStatus, hpicfDIPLDv6AddrVlan, hpicfDIPLDv6ResourceAvailable } STATUS current DESCRIPTION "A collection of objects for configuring and monitoring the base Dynamic IPv6 Lockdown functionality." ::= { hpicfIpv6LockGroups 1 } hpicfSourceBindingTrapObjectsGroup OBJECT-GROUP OBJECTS { hpicfDIPLDv6SourceBindingAddrPort, hpicfDIPLDv6SourceBindingAddrMacAddress, hpicfDIPLDv6SourceBindingAddrIpAddressType, hpicfDIPLDv6SourceBindingAddrIpAddress, hpicfDIPLDv6SourceBindingAddrVlan, hpicfDIPLDv6SourceBindingVoilationsCount, hpicfDIPLDv6SourceBindingVoilationsPort, hpicfDIPLDv6SourceBindingVoilationsSrcIpType, hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress, hpicfDIPLDv6SourceBindingVoilationsDstIpType, hpicfDIPLDv6SourceBindingVoilationsDstIpAddress, hpicfDIPLDv6SourceBindingVoilationsMacAddress, hpicfDIPLDv6SourceBindingVoilationsPktCount, hpicfDIPLDv6SourceBindingOutOfResourcesTrapCtrl, hpicfDIPLDv6SourceBindingViolationsTrapCtrl } STATUS current DESCRIPTION "A collection of objects used in the Dynamic IPv6 Lockdown notification." ::= { hpicfIpv6LockGroups 2 } hpicfSourceBindingTrapsGroup NOTIFICATION-GROUP NOTIFICATIONS { hpicfDIPDv6SourceBindingOutOfResources , hpicfDIPLDv6SourceBindingVoilations } STATUS current DESCRIPTION "A collection of trap objects for Dynamic IP Lockdown feature." ::= {hpicfIpv6LockGroups 3 } hpicfIpv6LockCompliances OBJECT IDENTIFIER ::= { hpicfIpv6LockConformance 2 } hpicfDIPLDv6Compliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for HP switches that support Dynamic IPv6 Lockdown." MODULE MANDATORY-GROUPS { hpicfIpv6LockBaseGroup } ::= { hpicfIpv6LockCompliances 1 } hpicfIpv6SourceBindingTrapCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for HP switches that support Dynamic IP Lockdown Notify group ." MODULE --this module MANDATORY-GROUPS {hpicfSourceBindingTrapObjectsGroup,hpicfSourceBindingTrapsGroup} ::= { hpicfIpv6LockCompliances 2 } END