-- **************************************************************************** -- -- This module provides authoritative definitions for Dell Networking OS -- Port Security Mib. -- -- **************************************************************************** -- DELL-NETWORKING-PORT-SECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF InterfaceIndex, ifIndex, ifName FROM IF-MIB VlanIndex FROM Q-BRIDGE-MIB TruthValue, MacAddress, RowStatus, TEXTUAL-CONVENTION FROM SNMPv2-TC DisplayString FROM RFC1213-MIB dellNetMgmt FROM DELL-NETWORKING-SMI; -- **************************************************************************** -- * MODULE IDENTITY -- **************************************************************************** dellNetPortSecurityMib MODULE-IDENTITY LAST-UPDATED "201807160000Z" ORGANIZATION "Dell Inc" CONTACT-INFO "http://www.dell.com/support" DESCRIPTION "The Mib module for managing Dell Networking L2 Port Security feature." REVISION "201807160000Z" -- 16 July, 2018 DESCRIPTION "Initial version of this Mib module." ::= { dellNetMgmt 31 } dellNetPortSecurityMibObjects OBJECT IDENTIFIER ::= { dellNetPortSecurityMib 1 } dellNetPortSecGlobalObjects OBJECT IDENTIFIER ::= { dellNetPortSecurityMibObjects 1 } dellNetPortSecInterfaceObjects OBJECT IDENTIFIER ::= { dellNetPortSecurityMibObjects 2 } dellNetPortSecMacObjects OBJECT IDENTIFIER ::= { dellNetPortSecurityMibObjects 3 } -- -- textual conventions -- ClearSecureMacAddrType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is the type of secure mac addresses which user is allowed to delete globally or per interface. none(0) - Setting this value to this object has no effect.No mac address gets deleted. dynamic(1) - All secure MAC addresses which are learnt on the switch. sticky(2) - All secure MAC addresses (sticky MACs) which are learnt and retained across reboots." SYNTAX INTEGER { none(0), dynamic(1), sticky(2) } SecureMacViolationType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This is the type of violation staus which user is allowed to reset globally or per interface. none(0) - Setting this value to this object has no effect. macLimitViolation(1) - Secure Mac Limit violation stmvViolation(2) - Station move violation." SYNTAX INTEGER { none(0), macLimitViolation (1), stmvViolation(2) } -- -- Port Security Global Configuration Objects -- dellNetGlobalPortSecurityMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable or disable port security feature globally on the device. By default, this is set to enable to support backward compatibility." DEFVAL { enable } ::= { dellNetPortSecGlobalObjects 1 } dellNetGlobalTotalSecureAddress OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of MAC addresses secured in the device." ::= { dellNetPortSecGlobalObjects 2 } dellNetGlobalClearSecureMacAddresses OBJECT-TYPE SYNTAX ClearSecureMacAddrType MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to delete secure MAC addresses based on the specified type." ::= { dellNetPortSecGlobalObjects 3 } dellNetGlobalResetViolationStatus OBJECT-TYPE SYNTAX SecureMacViolationType MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to reseet the violation status of all violated interfaces based on the specified type." ::= { dellNetPortSecGlobalObjects 4 } -- -- Port Security Interface Configuration Table -- dellNetPortSecIfConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF DellNetPortSecIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for Port Security configuration entries. The number of entries is determined by the number of interfaces in the system that can support the port security feature." ::= { dellNetPortSecInterfaceObjects 1 } dellNetPortSecIfConfigEntry OBJECT-TYPE SYNTAX DellNetPortSecIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing port security information for a particular interface." INDEX { ifIndex } ::= { dellNetPortSecIfConfigTable 1 } DellNetPortSecIfConfigEntry ::= SEQUENCE { dellNetPortSecIfPortSecurityEnable TruthValue, dellNetPortSecIfPortSecurityStatus INTEGER, dellNetPortSecIfSecureMacLimit Integer32, dellNetPortSecIfCurrentMacCount Integer32, dellNetPortSecIfStationMoveEnable TruthValue, dellNetPortSecIfSecureMacViolationAction INTEGER, dellNetPortSecIfStmvViolationAction INTEGER, dellNetPortSecIfStickyEnable TruthValue, dellNetPortSecIfClearSecureMacAddresses ClearSecureMacAddrType, dellNetPortSecIfResetViolationStatus SecureMacViolationType, dellNetPortSecIfSecureMacAgeEnable TruthValue } dellNetPortSecIfPortSecurityEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This Mib object specifies if the port security feature is enaled or not on an interface. The value of this object returns 'disable' if the value of dellNetGlobalPortSecurityMode is set to 'disable' or dellNetPortSecIfSecureMacLimit is not configured." ::= { dellNetPortSecIfConfigEntry 1 } dellNetPortSecIfPortSecurityStatus OBJECT-TYPE SYNTAX INTEGER { normal(1), dynMacLimitErrDisable(2), stationMoveErrDisable(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object represents the port security status of an interface. normal(1) - This indicates port is operating normally without any violation. dynMacLimitErrDisable(2) - This indicates that the port is shutdown due to mac learn limit violation when the object dellNetPortSecIfSecureMacViolationAction is of type 'shutdown'. stationMoveErrDisable(3) - This indicates that the port is shutdown due to station move violation when the object dellNetPortSecIfStmvViolationAction is of type 'shutdownOrig' or 'shutdownOffending' or 'shutdownBoth'." ::= { dellNetPortSecIfConfigEntry 2 } dellNetPortSecIfSecureMacLimit OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number (N) of MAC addresses to be secured on the interface. The first N MAC addresses learnit or configured are made secured. Changing this object value from N to M is not allowed if M is smaller than N, and M is less than the value of dellNetPortSecIfCurrentMacCount on the interface. One way to change the number in this case is by deleting sufficient number of secure mac addresses present on the interface. The maximum limit that can be configured is 1000000." ::= { dellNetPortSecIfConfigEntry 3 } dellNetPortSecIfCurrentMacCount OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of MAC addresses learnt or configured on this interface." ::= { dellNetPortSecIfConfigEntry 4 } dellNetPortSecIfStationMoveEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable or disable station movement on the dynamically secured mac addresses learnt on the interface. By default, this is set to false." DEFVAL { false } ::= { dellNetPortSecIfConfigEntry 5 } dellNetPortSecIfSecureMacViolationAction OBJECT-TYPE SYNTAX INTEGER { none(1), notify(2), shutdown(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Determines the action to be taken when mac limit violation occurs in the system. none(1) - no action will be taken notify(2) - raise syslog to notify about port security violation. The log will contain MAC causing violation, vlanId and interface index. shutdown(3) - the interface will be shut down." DEFVAL { none } ::= { dellNetPortSecIfConfigEntry 6 } dellNetPortSecIfStmvViolationAction OBJECT-TYPE SYNTAX INTEGER { none(1), notify(2), shutdownOrigPort(3), shutDownOffendingPort(4), shutdownBoth(5) } MAX-ACCESS read-write STATUS current DESCRIPTION "Determines the action to be taken when either dynamic or static mac limit violation occurs in the system. This is applicable only for dynamically learnt MAC addresses. none(1) - no action will be taken. notify(2) - raise syslog to notify about station movement violation. The log will contain MAC causing violation, vlanId, old interface index and new interface index. shutdownOrigPort(3) - the old interface on which MAC is learnt will be shutdown. shutdownOffendigPort(4) - the new interface causing station move will be shutdown. shutdowBoth(5) - both the old and new interfaces will be shutdown." DEFVAL { none } ::= { dellNetPortSecIfConfigEntry 7 } dellNetPortSecIfStickyEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set to 'true' to enable and 'false' to disable Sticky port security feature on this interface. Enabling this feature allows the device to secure learnt MAC addresses on this interface permanently. In order to remove the sticky addresses on this interface, user has to manually delete the sticky MAC address(es) or disable the sticky feature itself. Manual deletion of all addresses can be accomplished by dellNetPortSecIfClearSecureMacAddresses object. At the maximum, only first 1000 macs can be marked as sticky." DEFVAL { false } ::= { dellNetPortSecIfConfigEntry 8 } dellNetPortSecIfClearSecureMacAddresses OBJECT-TYPE SYNTAX ClearSecureMacAddrType MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to delete secure MAC addresses based on the specified type." DEFVAL { none } ::= { dellNetPortSecIfConfigEntry 9 } dellNetPortSecIfResetViolationStatus OBJECT-TYPE SYNTAX SecureMacViolationType MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to reset the violation status of an interface based on the specified type." DEFVAL { none } ::= { dellNetPortSecIfConfigEntry 10 } dellNetPortSecIfSecureMacAgeEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to enable aging of the dynamically secured mac addresses learnt on the interface. Sticky and static macs will never age out. By default, this is set to false." DEFVAL { false } ::= { dellNetPortSecIfConfigEntry 11 } -- Port Security Static Mac Address Table. -- This table is used to configure secure MAC addresses(static) -- on an interface. dellNetPortSecSecureStaticMacAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF DellNetPortSecIfSecureStaticMacAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table used to configure secure static MAC addresses on an interface." ::= { dellNetPortSecInterfaceObjects 2 } dellNetPortSecIfSecureStaticMacAddrEntry OBJECT-TYPE SYNTAX DellNetPortSecIfSecureStaticMacAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry to configure static MAC address on a particular interface." INDEX { dellNetPortSecIfSecureStaticMacAddress, dellNetPortSecIfSecureStaticMacVlanId, dellNetPortSecIfSecureStaticMacIfIndex } ::= { dellNetPortSecSecureStaticMacAddrTable 1 } DellNetPortSecIfSecureStaticMacAddrEntry ::= SEQUENCE { dellNetPortSecIfSecureStaticMacAddress MacAddress, dellNetPortSecIfSecureStaticMacVlanId VlanIndex, dellNetPortSecIfSecureStaticMacIfIndex InterfaceIndex, dellNetPortSecIfSecureStaticMacRowStatus RowStatus } dellNetPortSecIfSecureStaticMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object is used to specify the static MAC address to be configured on an interface." ::= { dellNetPortSecIfSecureStaticMacAddrEntry 1 } dellNetPortSecIfSecureStaticMacVlanId OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is the vlan on which the dellNetPortSecIfSecureStaticMacAddress is to be configured." ::= { dellNetPortSecIfSecureStaticMacAddrEntry 2 } dellNetPortSecIfSecureStaticMacIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is the interface on which the dellNetSecureStaticMacAddress is configured." ::= { dellNetPortSecIfSecureStaticMacAddrEntry 3 } dellNetPortSecIfSecureStaticMacRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object is a conceptual row entry that allows adding or deleting entries to or from the dellNetPortSecSecureStaticMacAddrTable. 1. When creating an entry in this table the 'createAndGo' method is used and the value of this object is set to 'active'. Deactivation of an 'active' entry is not allowed. 2. When deleting an entry in this table 'destroy' method is used." ::= { dellNetPortSecIfSecureStaticMacAddrEntry 4 } -- Port Security Secure MAC Address Table dellNetPortSecSecureMacAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF DellNetSecureMacAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing the list of secure MAC addresses." ::= { dellNetPortSecMacObjects 1 } dellNetSecureMacAddrEntry OBJECT-TYPE SYNTAX DellNetSecureMacAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing secure MAC address information for a particular interface. security feature is disabled." INDEX { dellNetSecureMacAddress, dellNetSecureMacVlanId } ::= { dellNetPortSecSecureMacAddrTable 1 } DellNetSecureMacAddrEntry ::= SEQUENCE { dellNetSecureMacAddress MacAddress, dellNetSecureMacVlanId VlanIndex, dellNetSecureMacIfIndex InterfaceIndex, dellNetSecureMacAddrType INTEGER } dellNetSecureMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is a secure MAC address configured or learnt on an interface." ::= { dellNetSecureMacAddrEntry 1 } dellNetSecureMacVlanId OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This is the vlan on which the dellNetSecureMacAddress is configured or learnt." ::= { dellNetSecureMacAddrEntry 2 } dellNetSecureMacIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This is the interface on which the dellNetSecureMacAddress is configured or learnt." ::= { dellNetSecureMacAddrEntry 3 } dellNetSecureMacAddrType OBJECT-TYPE SYNTAX INTEGER { static(1), dynamic(2), sticky(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates if the secure MAC address is a configured 'static' or learnt 'dynamic' or learnt and retained across reboots 'sticky'." ::= { dellNetSecureMacAddrEntry 4 } -- **************************************************************************** -- Conformance Information -- **************************************************************************** dellNetPortSecurityMibConformance OBJECT IDENTIFIER ::= { dellNetPortSecurityMib 2 } dellNtPortSecurityCompliances OBJECT IDENTIFIER ::= { dellNetPortSecurityMibConformance 1 } dellNetPortSecurityGroups OBJECT IDENTIFIER ::= { dellNetPortSecurityMibConformance 2 } -- **************************************************************************** -- * Compliance Statements -- **************************************************************************** dellNetPortSecurityMibConform MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the Dell Networking OS Port Security Mib." MODULE MANDATORY-GROUPS { dellNetPortSecGlobalGroup, dellNetPortSecInterfaceGroup, dellNetPortSecIfSecureStaticMacAddrGroup, dellNetSecureMacAddrGroup } ::= { dellNtPortSecurityCompliances 1} -- **************************************************************************** -- Units of Conformance -- **************************************************************************** dellNetPortSecGlobalGroup OBJECT-GROUP OBJECTS { dellNetGlobalPortSecurityMode, dellNetGlobalTotalSecureAddress, dellNetGlobalClearSecureMacAddresses, dellNetPortSecIfResetViolationStatus } STATUS current DESCRIPTION "A set of global objects for use with the Port Security feature." ::= { dellNetPortSecurityGroups 1} dellNetPortSecInterfaceGroup OBJECT-GROUP OBJECTS { dellNetPortSecIfPortSecurityEnable, dellNetPortSecIfPortSecurityStatus, dellNetPortSecIfSecureMacLimit, dellNetPortSecIfCurrentMacCount, dellNetPortSecIfStationMoveEnable, dellNetPortSecIfSecureMacViolationAction, dellNetPortSecIfStmvViolationAction, dellNetPortSecIfStickyEnable, dellNetPortSecIfClearSecureMacAddresses, dellNetPortSecIfResetViolationStatus, dellNetPortSecIfSecureMacAgeEnable } STATUS current DESCRIPTION "A set of interface level objects for use with the Port Security feature." ::= { dellNetPortSecurityGroups 2} dellNetPortSecIfSecureStaticMacAddrGroup OBJECT-GROUP OBJECTS { dellNetPortSecIfSecureStaticMacRowStatus } STATUS current DESCRIPTION "Static secure MAC addresss configuration parameters on an interface." ::= { dellNetPortSecurityGroups 3} dellNetSecureMacAddrGroup OBJECT-GROUP OBJECTS { dellNetSecureMacVlanId, dellNetSecureMacIfIndex, dellNetSecureMacAddrType } STATUS current DESCRIPTION "Static secure MAC addresss configuration parameters on an interface." ::= { dellNetPortSecurityGroups 4 } END