-- ================================================================= -- Copyright (c) 2004-2015 Hangzhou H3C Tech. Co., Ltd. All rights reserved. -- -- Description: FC PSM(Fabric Port Security Management) MIB -- Reference: -- Version: V1.1 -- History: -- V1.0 Initial version 2013-10-17 -- V1.1 Modified by Chen Yajun 2014-06-20 -- 2014-06-20 1.All "learnt" descriptions changed into "learned". -- 2.Added the description of the value range for -- h3cFcPsmEnableVsanIndex. -- 3.Added the description of read value of h3cFcPsmClearIntf. -- 4.Changed the syntax of h3cFcPsmLoginTime from -- "TimeStamp" into "DateAndTime". --================================================================= H3C-FC-PSM-MIB DEFINITIONS ::= BEGIN IMPORTS Unsigned32, Counter32, MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE FROM SNMPv2-SMI TEXTUAL-CONVENTION, RowStatus, TruthValue, DateAndTime FROM SNMPv2-TC InterfaceIndexOrZero, InterfaceIndex, ifDescr FROM IF-MIB h3cSan FROM H3C-VSAN-MIB H3cFcNameIdOrZero FROM H3C-FC-TC-MIB ; -- ================================================================== -- -- ======================= Definition Begin ========================= -- -- ================================================================== h3cFcPsm MODULE-IDENTITY LAST-UPDATED "201310170000Z" ORGANIZATION "Hangzhou H3C Tech. Co., Ltd." CONTACT-INFO "Platform Team Hangzhou H3C Tech. Co., Ltd. Hai-Dian District Beijing P.R. China http://www.h3c.com Zip:100085" DESCRIPTION "This MIB contains the objects for FC port security." REVISION "201310170000Z" -- October 17, 2013 at 09:30 GMT DESCRIPTION "H3C-FC-PSM-MIB module is for managing the implementation of FC port security." ::= { h3cSan 8 } -- ================================================================= -- Subtrees in the FC PSM MIB -- ================================================================= h3cFcPsmNotifications OBJECT IDENTIFIER ::= { h3cFcPsm 0 } h3cFcPsmObjects OBJECT IDENTIFIER ::= { h3cFcPsm 1 } h3cFcPsmScalarObjects OBJECT IDENTIFIER ::= { h3cFcPsmObjects 1 } h3cFcPsmConfiguration OBJECT IDENTIFIER ::= { h3cFcPsmObjects 2 } h3cFcPsmStats OBJECT IDENTIFIER ::= { h3cFcPsmObjects 3 } -- ================================================================= -- Type definitions -- ================================================================= H3cFcPsmPortBindDevType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The types of the instance of h3cFcPsmLoginDev, including nWWN(Node World Wide Name), pWWN(Port World Wide Name), sWWN(Switch World Wide Name), and wildCard." SYNTAX INTEGER { nWWN(1), pWWN(2), sWWN(3), wildCard(4) } H3cFcPsmClearEntryType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This object when set to clearStatic, results in port bind static entries being cleared on this VSAN(Virtual Storage Area Networks). This object when set to clearAutoLearn, results in port bind auto-learned entries being cleared on this VSAN. This object when set to clearAll, results in all of the port bind entries being cleared on this VSAN. No action is taken if this object is set to noop. The value of this object when read is always noop." SYNTAX INTEGER { clearStatic(1), clearAutoLearn(2), clearAll(3), noop(4) } -- -- The h3cFcPsmScalarObjects subtree -- -- ================================================================= -- The FC Port Security Management Notification control object -- ================================================================= h3cFcPsmNotifyEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Whether to generate the notification or not depends on the object." DEFVAL { false } ::= { h3cFcPsmScalarObjects 1 } -- -- The h3cFcPsmConfiguration subtree -- -- Implementation of the h3cFcPsmConfiguration subtree is for -- the operation of FC port security. -- -- ================================================================= -- The FC Port Security Management Enable Table -- ================================================================= h3cFcPsmEnableTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cFcPsmEnableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Enable or disable the port security feature on a specified VSAN." ::= { h3cFcPsmConfiguration 1 } h3cFcPsmEnableEntry OBJECT-TYPE SYNTAX H3cFcPsmEnableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Detailed information about the port security." INDEX { h3cFcPsmEnableVsanIndex } ::= { h3cFcPsmEnableTable 1 } H3cFcPsmEnableEntry ::= SEQUENCE { h3cFcPsmEnableVsanIndex Unsigned32, h3cFcPsmEnable INTEGER, h3cFcPsmEnableState TruthValue } h3cFcPsmEnableVsanIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4095) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ID of VSAN on this entry." ::= { h3cFcPsmEnableEntry 1 } h3cFcPsmEnable OBJECT-TYPE SYNTAX INTEGER { enable(1), enableWithAutoLearn(2), disable(3), noop(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "When set to enable, the port security is on, the value of h3cFcPsmEnableState will be true. When set to enableWithAutoLearn, the port security is on with auto-learning, the value of h3cFcPsmEnableState will be true. When set to disable, the port security is off, the value of h3cFcPsmEnableState will be false. The noop means no action. The value of this object when read is always noop." DEFVAL { noop } ::= { h3cFcPsmEnableEntry 2 } h3cFcPsmEnableState OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the port security. When the value is true, it means the port security is on, while the false means the port security is off." DEFVAL { false } ::= { h3cFcPsmEnableEntry 3 } -- ================================================================= -- The FC Port Security Management Config Table -- ================================================================= h3cFcPsmConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cFcPsmConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains the configured entries." ::= { h3cFcPsmConfiguration 2 } h3cFcPsmConfigEntry OBJECT-TYPE SYNTAX H3cFcPsmConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Detailed information about each configuration." INDEX { h3cFcPsmEnableVsanIndex, h3cFcPsmIndex } ::= { h3cFcPsmConfigTable 1 } H3cFcPsmConfigEntry ::= SEQUENCE { h3cFcPsmIndex Unsigned32, h3cFcPsmLoginDevType H3cFcPsmPortBindDevType, h3cFcPsmLoginDev H3cFcNameIdOrZero, h3cFcPsmLoginPoint InterfaceIndexOrZero, h3cFcPsmRowStatus RowStatus } h3cFcPsmIndex OBJECT-TYPE SYNTAX Unsigned32 (1..32768) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of this entry." ::= { h3cFcPsmConfigEntry 1 } h3cFcPsmLoginDevType OBJECT-TYPE SYNTAX H3cFcPsmPortBindDevType MAX-ACCESS read-create STATUS current DESCRIPTION "This represents the type of the instance of h3cFcPsmLoginDev, which includes nWWN, pWWN, sWWN, and wildCard." ::= { h3cFcPsmConfigEntry 2 } h3cFcPsmLoginDev OBJECT-TYPE SYNTAX H3cFcNameIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The logging-in device name, which is decided by the h3cFcPsmLoginDevType object. It represents node WWN when the value of h3cFcPsmLoginDevType is nWWN. It represents port WWN when the value of h3cFcPsmLoginDevType is pWWN. It represents switch WWN when the value of h3cFcPsmLoginDevType is sWWN. It represents any device when the value of h3cFcPsmLoginDevType is wildCard, and the value of the instance of this object should be zero-length string. The value of this object should not be invalid when h3cFcPsmRowStatus is set to createAndGo or active." ::= { h3cFcPsmConfigEntry 3 } h3cFcPsmLoginPoint OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The address of the port on the local switch through which the instance of h3cFcPsmLoginDev can log in. It represents ifindex when the value is not zero. It represents any port when the value is zero." ::= { h3cFcPsmConfigEntry 4 } h3cFcPsmRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Entry status. When creating a new instance of this table, the following objects should be set simultaneously: h3cFcPsmLoginDevType, h3cFcPsmLoginDev, h3cFcPsmLoginPoint, h3cFcPsmRowStatus. If h3cFcPsmLoginDevType is set to wildCard, the value of the instance of h3cFcPsmLoginDev should be zero-length string. The value of h3cFcPsmLoginDevType and h3cFcPsmLoginPoint cannot be set to wildCard and zero at the same time." ::= { h3cFcPsmConfigEntry 5 } -- ================================================================= -- The FC Port Security Management Enforced Table -- ================================================================= h3cFcPsmEnfTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cFcPsmEnfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The FC port security enforced table. It contains not only the configured policies, but also the learning ones learned by the switch itself." ::= { h3cFcPsmConfiguration 3 } h3cFcPsmEnfEntry OBJECT-TYPE SYNTAX H3cFcPsmEnfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Detailed information about the FC port security enforced policy." INDEX { h3cFcPsmEnableVsanIndex, h3cFcPsmEnfIndex } ::= { h3cFcPsmEnfTable 1 } H3cFcPsmEnfEntry ::= SEQUENCE { h3cFcPsmEnfIndex Unsigned32, h3cFcPsmEnfLoginDevType H3cFcPsmPortBindDevType, h3cFcPsmEnfLoginDev H3cFcNameIdOrZero, h3cFcPsmEnfLoginPoint InterfaceIndexOrZero, h3cFcPsmEnfEntryType INTEGER } h3cFcPsmEnfIndex OBJECT-TYPE SYNTAX Unsigned32 (1..32768) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of this entry." ::= { h3cFcPsmEnfEntry 1 } h3cFcPsmEnfLoginDevType OBJECT-TYPE SYNTAX H3cFcPsmPortBindDevType MAX-ACCESS read-only STATUS current DESCRIPTION "This represents the type of the instance of h3cFcPsmEnfLoginDev, which includes nWWN, pWWN, sWWN, and wildCard." ::= { h3cFcPsmEnfEntry 2 } h3cFcPsmEnfLoginDev OBJECT-TYPE SYNTAX H3cFcNameIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The logging-in device name, which is decided by the h3cFcPsmEnfLoginDevType object. It represents node WWN when the value of h3cFcPsmEnfLoginDevType is nWWN. It represents port WWN when the value of h3cFcPsmEnfLoginDevType is pWWN. It represents switch WWN when the value of h3cFcPsmEnfLoginDevType is sWWN. It represents any device when the value of h3cFcPsmEnfLoginDevType is wildCard, and the value of the instance of this object should be zero-length string." ::= { h3cFcPsmEnfEntry 3 } h3cFcPsmEnfLoginPoint OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The address of the port on the local switch through which the instance of h3cFcPsmEnfLoginDev can log in. It represents ifindex when the value is not zero. It represents any port when the value is zero." ::= { h3cFcPsmEnfEntry 4 } h3cFcPsmEnfEntryType OBJECT-TYPE SYNTAX INTEGER { learning(1), learned(2), static(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "When the value is learning, it represents the entry is learned by the switch itself temporarily and will be deleted when the device log out. When the value is learned, it represents the entry is learned by the switch permanently. When the value is static, it represents the entry is configured." ::= { h3cFcPsmEnfEntry 5 } -- ================================================================= -- The FC Port Security Management Copy To Config Table -- ================================================================= h3cFcPsmCopyToConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cFcPsmCopyToConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies whether to copy the entries from enforced table to the ones on configured table." ::= { h3cFcPsmConfiguration 4 } h3cFcPsmCopyToConfigEntry OBJECT-TYPE SYNTAX H3cFcPsmCopyToConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Detailed information about the operation." INDEX { h3cFcPsmEnableVsanIndex } ::= { h3cFcPsmCopyToConfigTable 1 } H3cFcPsmCopyToConfigEntry ::= SEQUENCE { h3cFcPsmCopyToConfig INTEGER } h3cFcPsmCopyToConfig OBJECT-TYPE SYNTAX INTEGER { copy(1), noop(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "When the object is set to copy, the learned entries will be copied on to the configured table on this VSAN, while the noop means no operation. The value of this object when read is always noop." DEFVAL { noop } ::= { h3cFcPsmCopyToConfigEntry 1 } -- ================================================================= -- The FC Port Security Management Auto Learn Table -- ================================================================= h3cFcPsmAutoLearnTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cFcPsmAutoLearnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table shows whether the auto-learning is enabled or not on specific VSANs." ::= { h3cFcPsmConfiguration 5 } h3cFcPsmAutoLearnEntry OBJECT-TYPE SYNTAX H3cFcPsmAutoLearnEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Detailed information about the auto-learning." INDEX { h3cFcPsmEnableVsanIndex } ::= { h3cFcPsmAutoLearnTable 1 } H3cFcPsmAutoLearnEntry ::= SEQUENCE { h3cFcPsmAutoLearnEnable TruthValue } h3cFcPsmAutoLearnEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object is set to true to enable, or false to disable auto-learning on the local switch. When set to true, the switch can learn the devices that have already logged in as learning entries on the enforced table, while the false can stop the learning operation with the learning entries transformed to learned ones." DEFVAL { false } ::= { h3cFcPsmAutoLearnEntry 1 } -- ================================================================= -- The FC Port Security Management Clear Table -- ================================================================= h3cFcPsmClearTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cFcPsmClearEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used for cleaning specific entries in enforced table." ::= { h3cFcPsmConfiguration 6 } h3cFcPsmClearEntry OBJECT-TYPE SYNTAX H3cFcPsmClearEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Detailed information about the cleaning options." INDEX { h3cFcPsmEnableVsanIndex } ::= { h3cFcPsmClearTable 1 } H3cFcPsmClearEntry ::= SEQUENCE { h3cFcPsmClearType H3cFcPsmClearEntryType, h3cFcPsmClearIntf InterfaceIndexOrZero } h3cFcPsmClearType OBJECT-TYPE SYNTAX H3cFcPsmClearEntryType MAX-ACCESS read-write STATUS current DESCRIPTION "This object when set to clearStatic, results in port bind static entries being cleared on this VSAN. This object when set to clearAutoLearn, results in auto-learned entries being cleared on this VSAN. This object when set to clearAll, results in all of the port bind entries being cleared on this VSAN. No action is taken if this object is set to noop. The value of this object when read is always noop." DEFVAL { noop } ::= { h3cFcPsmClearEntry 1 } h3cFcPsmClearIntf OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-write STATUS current DESCRIPTION "The object specifies the interface on which the entries will be cleared. If the object is zero or not set, it means the specified entries on all interfaces will be cleared. The value of this object when read is always zero." ::= { h3cFcPsmClearEntry 2 } -- -- The h3cFcPsmStats subtree -- -- Implementation of the h3cFcPsmStats subtree is for -- the show of statistics about FC port security. -- -- ================================================================= -- The FC Port Security Management Stats Table -- ================================================================= h3cFcPsmStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cFcPsmStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains statistics of devices, which had been allowed or denied to log into the switch." ::= { h3cFcPsmStats 1 } h3cFcPsmStatsEntry OBJECT-TYPE SYNTAX H3cFcPsmStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Detailed information about the statistics." INDEX { h3cFcPsmEnableVsanIndex } ::= { h3cFcPsmStatsTable 1 } H3cFcPsmStatsEntry ::= SEQUENCE { h3cFcPsmAllowedLogins Counter32, h3cFcPsmDeniedLogins Counter32, h3cFcPsmStatsClear INTEGER } h3cFcPsmAllowedLogins OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of requests that have been allowed on the specified VSAN." ::= { h3cFcPsmStatsEntry 1 } h3cFcPsmDeniedLogins OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of requests that have been denied on the specified VSAN." ::= { h3cFcPsmStatsEntry 2 } h3cFcPsmStatsClear OBJECT-TYPE SYNTAX INTEGER { clear(1), noop(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The statistics on this VSAN will be cleared if this object is set to clear. No action is taken if this object is set to noop. The value of this object when read is always noop." DEFVAL { noop } ::= { h3cFcPsmStatsEntry 3 } -- ================================================================= -- The FC Port Security Management Violation Table -- ================================================================= h3cFcPsmViolationTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cFcPsmViolationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table maintains the information about the violations happened, containing at most 1024 items. When the number exceeds 1024, the earliest item will be over-written." ::= { h3cFcPsmStats 2 } h3cFcPsmViolationEntry OBJECT-TYPE SYNTAX H3cFcPsmViolationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Detailed information about the violation." INDEX { h3cFcPsmEnableVsanIndex, h3cFcPsmViolationIndex } ::= { h3cFcPsmViolationTable 1 } H3cFcPsmViolationEntry ::= SEQUENCE { h3cFcPsmViolationIndex Unsigned32, h3cFcPsmLoginPWWN H3cFcNameIdOrZero, h3cFcPsmLoginNWWN H3cFcNameIdOrZero, h3cFcPsmLoginSWWN H3cFcNameIdOrZero, h3cFcPsmLoginIntf InterfaceIndex, h3cFcPsmLoginTime DateAndTime, h3cFcPsmLoginCount Counter32 } h3cFcPsmViolationIndex OBJECT-TYPE SYNTAX Unsigned32 (1..1024) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of this entry. The entry is uniquely distinguished by WWN, WWN type and ifindex where the login was denied." ::= { h3cFcPsmViolationEntry 1 } h3cFcPsmLoginPWWN OBJECT-TYPE SYNTAX H3cFcNameIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The pWWN of the device whose FLOGI(Fabric Login) request had been denied. If the device is an n-node, the value of the instance of h3cFcPsmLoginSWWN should be zero-length string." ::= { h3cFcPsmViolationEntry 2 } h3cFcPsmLoginNWWN OBJECT-TYPE SYNTAX H3cFcNameIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The nWWN of the device whose FLOGI request had been denied. If the device is an n-node, the value of the instance of h3cFcPsmLoginSWWN should be zero-length string." ::= { h3cFcPsmViolationEntry 3 } h3cFcPsmLoginSWWN OBJECT-TYPE SYNTAX H3cFcNameIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The sWWN of the device whose FLOGI request had been denied. If the device is a switch, the values of the instance of h3cFcPsmLoginPWWN and h3cFcPsmLoginNWWN should be zero-length string." ::= { h3cFcPsmViolationEntry 4 } h3cFcPsmLoginIntf OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The ifindex of the port where the login was denied." ::= { h3cFcPsmViolationEntry 5 } h3cFcPsmLoginTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the date and time when the last denied login happened." ::= { h3cFcPsmViolationEntry 6 } h3cFcPsmLoginCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times for a certain nWWN/pWWN or sWWN had been denied to log into an interface of the local device." ::= { h3cFcPsmViolationEntry 7 } -- ================================================================= -- Notifications -- ================================================================= h3cFcPsmFPortDenyNotify NOTIFICATION-TYPE OBJECTS { ifDescr, h3cFcPsmLoginPWWN, h3cFcPsmLoginIntf, h3cFcPsmLoginTime } STATUS current DESCRIPTION "Notifies that a FLOGI is denied on an F port of the local device." ::= { h3cFcPsmNotifications 1 } h3cFcPsmEPortDenyNotify NOTIFICATION-TYPE OBJECTS { ifDescr, h3cFcPsmLoginSWWN, h3cFcPsmLoginIntf, h3cFcPsmLoginTime } STATUS current DESCRIPTION "Notifies that a switch is denied on an E port of the local device." ::= { h3cFcPsmNotifications 2 } END