-- ***************************************************************** -- FS-SECURITY-MIB.mib: FS Security MIB file -- -- March 2002, Wuzg -- -- Copyright (c) 2002 by FS.COM Inc.. -- All rights reserved. -- -- ***************************************************************** -- FS-SECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, IpAddress, Unsigned32 FROM SNMPv2-SMI TruthValue, RowStatus, MacAddress FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF ConfigStatus, IfIndex FROM FS-TC ifIndex FROM IF-MIB EnabledStatus FROM P-BRIDGE-MIB fsMgmt FROM FS-SMI; fsSecurityMIB MODULE-IDENTITY LAST-UPDATED "200203200000Z" ORGANIZATION "FS.COM Inc.." CONTACT-INFO " Tel: 400-865-2852 E-mail: https://www.fs.com/live_chat_service_mail.html" DESCRIPTION "This module defines fs security mibs." REVISION "200203200000Z" DESCRIPTION "Initial version of this MIB module." ::= { fsMgmt 6} fsSecurityMIBObjects OBJECT IDENTIFIER ::= { fsSecurityMIB 1 } fsUserManagementObjects OBJECT IDENTIFIER ::= { fsSecurityMIBObjects 1 } fsSecurityAddressObjects OBJECT IDENTIFIER ::= { fsSecurityMIBObjects 2 } fsPortSecrrityObjects OBJECT IDENTIFIER ::= { fsSecurityMIBObjects 3 } -- -- user management -- fsEnableSnmpAgent OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enabled indicate that user can manage switch by snmp agent, disabled indicate that user can't manage switch by snmp agent." ::= { fsUserManagementObjects 1 } fsEnableWeb OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enabled indicate that user can manage switch by web, disabled indicate that user can't manage switch by web." ::= { fsUserManagementObjects 2 } fsEnableTelnet OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enabled indicate that user can manage switch by telnet, disabled indicate that user can't manage switch by telnet." ::= { fsUserManagementObjects 3 } --TelnetHostIpTable fsTelnetHostIpTable OBJECT-TYPE SYNTAX SEQUENCE OF FSTelnetHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of telnet client's IP address, only these hostes can access the telnet server." ::= { fsUserManagementObjects 4 } fsTelnetHostIpEntry OBJECT-TYPE SYNTAX FSTelnetHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of telnet host IP address table." INDEX { fsTelnetHostIpAddress} ::= { fsTelnetHostIpTable 1 } FSTelnetHostIpEntry ::= SEQUENCE { fsTelnetHostIpAddress IpAddress, fsTelnetHostIpEnable INTEGER } fsTelnetHostIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The telnet client's IP address, Only these hostes can access the telnet server" ::= { fsTelnetHostIpEntry 1 } fsTelnetHostIpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The telnet client's IP address enable state" ::= { fsTelnetHostIpEntry 2 } --WebHostIpTable fsWebHostIpTable OBJECT-TYPE SYNTAX SEQUENCE OF FSWebHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of web client's IP address, only these hostes can access the web server." ::= { fsUserManagementObjects 5 } fsWebHostIpEntry OBJECT-TYPE SYNTAX FSWebHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of web host IP address table." INDEX { fsWebHostIpAddress} ::= { fsWebHostIpTable 1 } FSWebHostIpEntry ::= SEQUENCE { fsWebHostIpAddress IpAddress, fsWebHostIpEnable INTEGER } fsWebHostIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The web client's IP address, Only these hostes can access the web server" ::= { fsWebHostIpEntry 1 } fsWebHostIpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The web client's IP address enable state" ::= { fsWebHostIpEntry 2 } -- security address fsSecurityAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF FSSecurityAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of security address." ::= { fsSecurityAddressObjects 1 } fsSecurityAddressEntry OBJECT-TYPE SYNTAX FSSecurityAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of Security address table." INDEX { fsSecurityAddressFdbId, fsSecurityAddressAddress, fsSecurityAddressPort, fsSecurityAddressIpAddr} ::= { fsSecurityAddressTable 1 } FSSecurityAddressEntry ::= SEQUENCE { fsSecurityAddressFdbId Unsigned32, fsSecurityAddressAddress MacAddress, fsSecurityAddressPort IfIndex, fsSecurityAddressIpAddr IpAddress, fsSecurityAddressIfBindIp TruthValue, fsSecurityAddressRemainAge Integer32, fsSecurityAddressType INTEGER, fsSecurityAddressStatus RowStatus } fsSecurityAddressFdbId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The VID of vlan which the security address blongs to." ::= { fsSecurityAddressEntry 1 } fsSecurityAddressAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MAC address of the security address." ::= { fsSecurityAddressEntry 2 } fsSecurityAddressPort OBJECT-TYPE SYNTAX IfIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The interface which the security address blongs to." ::= { fsSecurityAddressEntry 3 } fsSecurityAddressIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address which the security address bind.It's meaning only when fsSecurityAddressIfBindIp is true." ::= { fsSecurityAddressEntry 4 } fsSecurityAddressIfBindIp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "this object offer the means whether security address will bind IP." ::= { fsSecurityAddressEntry 5 } fsSecurityAddressRemainAge OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The remain age of the security address, in units of minute." ::= { fsSecurityAddressEntry 6 } fsSecurityAddressType OBJECT-TYPE SYNTAX INTEGER{ secureConfigured(1), dynamicLearn(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the security address" ::= { fsSecurityAddressEntry 7 } fsSecurityAddressStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "entry status of this entry. and the means in this enviraments can reffer to the text-convention definition of the RowStatus." ::= { fsSecurityAddressEntry 8 } --Address Bind Table fsBindAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF FSBindAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "IP-MAC bind table. The source MAC address must be bound when the switch receives the frame with source IP address defined in this table. Otherwise, the frame will be discarded." ::= { fsSecurityAddressObjects 2 } fsBindAddressEntry OBJECT-TYPE SYNTAX FSBindAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of Bind address table." INDEX { fsBindAddressIpAddr} ::= { fsBindAddressTable 1 } FSBindAddressEntry ::= SEQUENCE { fsBindAddressIpAddr IpAddress, fsBindMacAddress MacAddress, fsBindAddressStatus ConfigStatus } fsBindAddressIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address which the security address bind.It's meaning only when fsBindAddressIfBindIp is true." ::= { fsBindAddressEntry 1 } fsBindMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The MAC address of the security address." ::= { fsBindAddressEntry 2 } fsBindAddressStatus OBJECT-TYPE SYNTAX ConfigStatus MAX-ACCESS read-create STATUS current DESCRIPTION "entry status. Setting this value to 'invalid' will remove this entry" ::= { fsBindAddressEntry 3 } -- port security fsPortSecurityTable OBJECT-TYPE SYNTAX SEQUENCE OF FSPortSecurityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "list of port security configuration objects." ::= { fsPortSecrrityObjects 1 } fsPortSecurityEntry OBJECT-TYPE SYNTAX FSPortSecurityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains port security configurations." INDEX { fsPortSecurityPortIndex } ::= { fsPortSecurityTable 1 } FSPortSecurityEntry ::= SEQUENCE { fsPortSecurityPortIndex IfIndex, fsPortSecurityStatus EnabledStatus, fsPortSecurViolationType INTEGER, fsPortSecurityAddrNum Integer32, fsPortSecurityAddrAge Integer32, fsPortStaticSecurAddrIfAge EnabledStatus, fsPortSecurityAddressCurrentNum Integer32, fsPortStaticSecurAddrCurrentNum Integer32, fsPortSecurityIpDistrMode INTEGER } fsPortSecurityPortIndex OBJECT-TYPE SYNTAX IfIndex MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { fsPortSecurityEntry 1 } fsPortSecurityStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "" DEFVAL { disabled } ::= { fsPortSecurityEntry 2 } fsPortSecurViolationType OBJECT-TYPE SYNTAX INTEGER { violation-protect(1), violation-restrict(2), violation-shutdown(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "this object define 3 grades of port security: violation-protect(1): normal security grade, indicate that when the a datagram received on a port with illegal MAC address will be discarded but not send trap, legal and illegal MAC to a port security is defined by per port's security below. violation-restrict(2): normal security grade, indicate that when the a datagram received on a port with illegal MAC address will be discarded and send trap, legal and illegal MAC to a port security is defined by per port's security below. violation-shutdown(3): strict security grade, indicate that when the a datagram received on a port with illegal MAC address, the port will be disabled for the violation of the port's security and send trap." DEFVAL { violation-protect } ::= { fsPortSecurityEntry 3 } fsPortSecurityAddrNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This value means the address number threshold of this port. A new address want to add to the port address will be refused when address num exceed this value. This value is valid when fsPortSecurityStatus is 'disabled'" ::= { fsPortSecurityEntry 4 } fsPortSecurityAddrAge OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Aging time in units of minute of security address of interface" ::= { fsPortSecurityEntry 5 } fsPortStaticSecurAddrIfAge OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object offer the means whether enable static configured security address aging." ::= { fsPortSecurityEntry 6 } fsPortSecurityAddressCurrentNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Current number of the security address of interface." ::= { fsPortSecurityEntry 7 } fsPortStaticSecurAddrCurrentNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Current number of the static configured security address of interface." ::= { fsPortSecurityEntry 8 } fsPortSecurityIpDistrMode OBJECT-TYPE SYNTAX INTEGER{ static(1), --only Static IP Distribute enabled dynamic(2), --only Dynamic IP Distribute enabled staticAndDynamic(3), --both Static and Dynamic IP Distribute enable unSpecified(4) --not specified } MAX-ACCESS read-only STATUS current DESCRIPTION "IP Distrute Mode (0:Static-only mode, 1:Dynamic-only mode, 2:Dynamic and Static mode, 3:Unspecified mode)" ::= { fsPortSecurityEntry 9 } fsSecurityTraps OBJECT IDENTIFIER ::= { fsSecurityMIB 2 } portSecurityViolate NOTIFICATION-TYPE OBJECTS {ifIndex} STATUS current DESCRIPTION "the mac lock violate trap indicates that if you have set the threshold number of learned addresses from a port, and their comes a new address from the port, but the addresses for the port is already full." ::= { fsSecurityTraps 1 } fsSecurityMIBConformance OBJECT IDENTIFIER ::= { fsSecurityMIB 3 } fsSecurityMIBCompliances OBJECT IDENTIFIER ::= { fsSecurityMIBConformance 1 } fsSecurityMIBGroups OBJECT IDENTIFIER ::= { fsSecurityMIBConformance 2 } -- compliance statements fsSecurityMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the FS Security MIB" MODULE -- this module MANDATORY-GROUPS { fsUserManageMIBGroup, fsSecurityAddressMIBGroup, fsPortSecurityMIBGroup } ::= { fsSecurityMIBCompliances 1 } -- units of conformance fsUserManageMIBGroup OBJECT-GROUP OBJECTS { fsEnableSnmpAgent, fsEnableWeb, fsEnableTelnet } STATUS current DESCRIPTION "A collection of objects providing status snmp and web and telnet management agent to a FS agent." ::= { fsSecurityMIBGroups 1 } fsSecurityAddressMIBGroup OBJECT-GROUP OBJECTS { -- fsSecurityAddressFdbId, -- fsSecurityAddressAddress, -- fsSecurityAddressPort, -- fsSecurityAddressIpAddr, fsSecurityAddressIfBindIp, fsSecurityAddressRemainAge, fsSecurityAddressType, fsSecurityAddressStatus, -- fsBindAddressIpAddr, fsBindMacAddress, fsBindAddressStatus } STATUS current DESCRIPTION "A collection of objects providing security address to a FS agent." ::= { fsSecurityMIBGroups 2 } fsPortSecurityMIBGroup OBJECT-GROUP OBJECTS { fsPortSecurityPortIndex, fsPortSecurityStatus, fsPortSecurViolationType, fsPortSecurityAddrNum, fsPortSecurityAddrAge, fsPortStaticSecurAddrIfAge, fsPortSecurityAddressCurrentNum, fsPortStaticSecurAddrCurrentNum, fsPortSecurityIpDistrMode } STATUS current DESCRIPTION "A collection of objects providing port security to a FS agent." ::= { fsSecurityMIBGroups 3 } END