HM2-PORTLOCKING-MIB DEFINITIONS ::= BEGIN -- -- ************************************************************* -- Emerson Port Locking MIB -- ************************************************************* -- IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress, Counter32, Unsigned32, Integer32 FROM SNMPv2-SMI RowStatus, MacAddress, StorageType FROM SNMPv2-TC ifIndex FROM IF-MIB DisplayString, TruthValue, PhysAddress FROM SNMPv2-TC hm2ConfigurationMibs FROM HM2-TC-MIB; hm2PortLocking MODULE-IDENTITY LAST-UPDATED "202307120000Z" -- July 12, 2023 ORGANIZATION "Hirschmann Automation and Control GmbH" CONTACT-INFO "Postal: Stuttgarter Str. 45-51 72654 Neckartenzlingen Germany Phone: +49 7127 140 E-mail: hac.support@belden.com" DESCRIPTION "The Hirschmann Private Platform2 MIB for Port Locking. Copyright (C) 2021. All Rights Reserved." REVISION "202104280000Z" -- April 28, 2021 DESCRIPTION "Initial version." ::= { hm2ConfigurationMibs 250 } -- -- ************************************************************* -- hm2PortLocking -- ************************************************************* -- hm2PortLockingMibNotifications OBJECT IDENTIFIER ::= { hm2PortLocking 0 } hm2PortLockingMibObjects OBJECT IDENTIFIER ::= { hm2PortLocking 1 } -- ************************************************************************************** -- hm2PortLockingGroup -> contains MIB objects displaying Port Locking -- and associated Functionality -- ************************************************************************************** -- hm2PortLockingGroup OBJECT IDENTIFIER ::= { hm2PortLockingMibObjects 1} hm2GlobalPortLockingMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables the global port locking mode. The locking method can be chosen via hm2GlobalPortLockingMethod. Setting this value to enable when hm2GlobalPortLockingMethod is set to lockMacAndDisableUnusedPorts performs the complete lockdown of the device, i.e. unused ports are disabled,the FDBs are freezed and only frames from known users are forwarded. Setting this value to enable when hm2GlobalPortLockingMethod is set to disableUnusedPortsOnly disables only the unused ports. Setting this value to enable when hm2GlobalPortLockingMethod is set to lockMacOnly freezes the FDB and only frames from known users are forwarded. Setting this value to disable reverses this security feature. All ports which were previously disabled are re-enabled and the switch performs the transparent learning and forwarding. If the hm2GlobalPortLockingFallbackTimer is not zero, the switch re-enters the locked state automatically after the configured amount of time" DEFVAL { disable } ::={ hm2PortLockingGroup 1 } hm2GlobalPortLockingOperMode OBJECT-TYPE SYNTAX INTEGER { locked(1), unlocked(2), lockpending(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Displays the current locking state of the device." ::={ hm2PortLockingGroup 2 } hm2GlobalPortLockingLockOnlyPorts OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS deprecated DESCRIPTION "If this variable is set to TRUE, only the ports are locked when hm2GlobalPortLockingMode is set to enable. " DEFVAL { false } ::={ hm2PortLockingGroup 3 } hm2GlobalPortLockingFallbackTimer OBJECT-TYPE SYNTAX Integer32 (0..86400) MAX-ACCESS read-write STATUS current DESCRIPTION "The amount of seconds after which the device automatically falls back into the locked state,after the unlockes state was set. A value of 0 has the special meaning of persistent unlock." DEFVAL { 0 } ::={ hm2PortLockingGroup 4 } hm2GlobalPortLockingFallbackTimeRemaining OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The remaining time in seconds until the device reenters the locked state automatically" ::={ hm2PortLockingGroup 5 } hm2GlobalPortLockingStatusMessage OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "A textual description of the status of the lockdown process." ::={ hm2PortLockingGroup 6 } hm2GlobalPortLockingNumDynamicEntries OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of dynamically learned MAC addresses on this device." ::={ hm2PortLockingGroup 7 } hm2GlobalPortLockingNumStaticEntries OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of statically locked MAC addresses on this device." ::={ hm2PortLockingGroup 8 } hm2GlobalPortLockingIgnoreUplinkPorts OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to TRUE, uplink ports are not locked." DEFVAL { true } ::={ hm2PortLockingGroup 9 } hm2GlobalPortLockingMethod OBJECT-TYPE SYNTAX INTEGER { lockMacAndDisableUnusedPorts(0), disableUnusedPortsOnly(1), lockMacOnly(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Selects the global locking method when locking is enabled via hm2GlobalPortLockingMode. The value lockMacAndDisableUnusedPorts locks the MAC addresses and disables all unused ports. The value disableUnusedPortsOnly disables only the unused ports and performs no MAC locking. The value lockMacOnly locks only the MAC addresses." DEFVAL { 0 } ::={ hm2PortLockingGroup 15 } hm2GlobalPortLockingResetMacViolation OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to zero, the variables hm2PortLockingLastDiscardedMAC and hm2PortLockingNumViolationEntries are cleared once for all ports. If this variable is set to specific ifIndex (1..xx), only the hm2PortLockingLastDiscardedMAC and hm2PortLockingNumViolationEntries for the specified interface is cleared once" DEFVAL { 0 } ::={ hm2PortLockingGroup 16 } hm2GlobalPortLockingUplinkDetectionMode OBJECT-TYPE SYNTAX INTEGER { numMac (0), pdu(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "" DEFVAL { 1 } ::={ hm2PortLockingGroup 17 } hm2GlobalPortLockingUplinkFreezeMacAddresses OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "" DEFVAL { true } ::={ hm2PortLockingGroup 18 } hm2GlobalPortLockingUplinkReportMacAddresses OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "" DEFVAL { true } ::={ hm2PortLockingGroup 19 } -- -- Port Locking Table -- hm2PortLockingTable OBJECT-TYPE SYNTAX SEQUENCE OF Hm2PortLockingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for Port Locking and associated functionality." ::= { hm2PortLockingGroup 10 } hm2PortLockingEntry OBJECT-TYPE SYNTAX Hm2PortLockingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents entry for port security table" INDEX { ifIndex } ::={ hm2PortLockingTable 1} Hm2PortLockingEntry ::= SEQUENCE { hm2PortLockingMode Integer32, hm2PortLockingDisabledByLocking TruthValue, hm2PortLockingStaticLimit Unsigned32, hm2PortLockingViolationTrapMode Integer32, hm2PortLockingLastDiscardedMAC DisplayString, hm2PortLockingNumDynamicEntries Unsigned32, hm2PortLockingNumStaticEntries Unsigned32, hm2PortLockingMACAddressAdd DisplayString, hm2PortLockingMACAddressRemove DisplayString, hm2PortLockingStatusMessage DisplayString, hm2PortLockingNumViolationEntries Unsigned32, hm2PortLockingIsUplinkPort TruthValue, hm2PortLockingIsMacLockedPort TruthValue } hm2PortLockingMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Mode showing whether a port is enabled for port locking." DEFVAL { enable } ::={ hm2PortLockingEntry 1 } hm2PortLockingDisabledByLocking OBJECT-TYPE SYNTAX TruthValue -- Could be written only by Cfg. Manager -- OEM mib will remain read-only MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates wheter a port was disabled by the locking or not." DEFVAL { false } ::={ hm2PortLockingEntry 2 } hm2PortLockingStaticLimit OBJECT-TYPE SYNTAX Unsigned32(0..1024) MAX-ACCESS read-write STATUS current DESCRIPTION "This variable signifies the limit of statically locked MAC addresses allowed on a specific port." DEFVAL { 1024 } ::={ hm2PortLockingEntry 3 } hm2PortLockingViolationTrapMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This variable is used to enable or disable the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port." DEFVAL { enable } ::={ hm2PortLockingEntry 4 } hm2PortLockingLastDiscardedMAC OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "This variable displays the vlan-id and source MAC address of the last packet that was discarded on a locked port." ::={ hm2PortLockingEntry 5 } hm2PortLockingNumDynamicEntries OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of dynamically learned MAC addresses on this port. All these MAC addresses will be locked when the devices enters the locking state" ::={ hm2PortLockingEntry 6 } hm2PortLockingNumStaticEntries OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of statically locked MAC addresses on this port." ::={ hm2PortLockingEntry 7 } hm2PortLockingMACAddressAdd OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB variable accepts a VLAN id and MAC address to be added to the list of statically locked MAC addresses on a port. The VLAN id and MAC address combination would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and MAC address separated by a blank-space)." ::={ hm2PortLockingEntry 8 } hm2PortLockingMACAddressRemove OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "This MIB variable accepts a VLAN id and MAC address to be removed from the list of statically locked MAC addresses on a port.. The VLAN id and MAC address combination would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and MAC address separated by a blank-space)." ::={ hm2PortLockingEntry 9 } hm2PortLockingStatusMessage OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "A textual description of the status of the lockdown process for this port." ::={ hm2PortLockingEntry 10 } hm2PortLockingNumViolationEntries OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of violating MAC addresses on this port." ::={ hm2PortLockingEntry 11 } hm2PortLockingIsUplinkPort OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Shows whether this port is treated as uplink port." ::={ hm2PortLockingEntry 12 } hm2PortLockingIsMacLockedPort OBJECT-TYPE SYNTAX TruthValue -- Could be written only by Cfg. Manager -- OEM mib will remain read-only MAX-ACCESS read-write STATUS current DESCRIPTION "Shows whether this port is MAC locked." DEFVAL { false } ::={ hm2PortLockingEntry 13 } -- -- Port Locking Dynamic Table -- hm2PortLockingDynamicTable OBJECT-TYPE SYNTAX SEQUENCE OF Hm2PortLockingDynamicEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table which contains all dynamically learned MAC addresses on a given port. These dynamic entries will be subject of static locking when the locking is enabled" ::= { hm2PortLockingGroup 11 } hm2PortLockingDynamicEntry OBJECT-TYPE SYNTAX Hm2PortLockingDynamicEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents entry for the dynamic port MAC Locking table" INDEX { ifIndex,hm2PortLockingDynamicVLANId,hm2PortLockingDynamicMACAddress } ::={ hm2PortLockingDynamicTable 1} Hm2PortLockingDynamicEntry ::= SEQUENCE { hm2PortLockingDynamicVLANId Unsigned32, hm2PortLockingDynamicMACAddress MacAddress } hm2PortLockingDynamicVLANId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Source VLAN id of the packet that is received on the port." ::={ hm2PortLockingDynamicEntry 1 } hm2PortLockingDynamicMACAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Source MAC address of the packet that is received on the port." ::={ hm2PortLockingDynamicEntry 2 } -- -- Port Locking Static Table -- hm2PortLockingStaticTable OBJECT-TYPE SYNTAX SEQUENCE OF Hm2PortLockingStaticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table which contains all statically locked MAC addresses on a given port." ::= { hm2PortLockingGroup 12 } hm2PortLockingStaticEntry OBJECT-TYPE SYNTAX Hm2PortLockingStaticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents entry for the static port MAC Locking table." INDEX { ifIndex,hm2PortLockingStaticVLANId,hm2PortLockingStaticMACAddress } ::={ hm2PortLockingStaticTable 1} Hm2PortLockingStaticEntry ::= SEQUENCE { hm2PortLockingStaticVLANId Unsigned32, hm2PortLockingStaticMACAddress MacAddress } hm2PortLockingStaticVLANId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Associating VLAN id of the MAC address which is locked on this port." ::={ hm2PortLockingStaticEntry 1 } hm2PortLockingStaticMACAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Source MAC address which is locked on this port." ::={ hm2PortLockingStaticEntry 2 } -- ************************************************************************************** -- hm2PortLockingArpGroup -> contains MIB objects for Port Locking Arp Inspection -- ************************************************************************************** hm2PortLockingArpGroup OBJECT IDENTIFIER ::= { hm2PortLockingMibObjects 5} hm2GlobalPortLockingArpInspectionMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables the global ARP inspection mode." DEFVAL { enable } ::={ hm2PortLockingArpGroup 1 } hm2GlobalPortLockingArpInspectionDropMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables the dropping/filtering of invalid ARP packets. An ARP packet is considered as invalid when it does not match with the entry in the database in locked state (DatabaseAlarm) or when a header check fails." DEFVAL { disable } ::={ hm2PortLockingArpGroup 2 } hm2GlobalPortLockingArpVerifySrcMac OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to TRUE, the Src MAC address of snooped ARP frames is checked." DEFVAL { true } ::={ hm2PortLockingArpGroup 3 } hm2GlobalPortLockingArpVerifyDstMac OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to TRUE, the Dst MAC address of snooped ARP frames is checked." DEFVAL { true } ::={ hm2PortLockingArpGroup 4 } hm2GlobalPortLockingArpVerifyIp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to TRUE, the IP address of snooped ARP frames is checked." DEFVAL { true } ::={ hm2PortLockingArpGroup 5 } hm2GlobalPortLockingArpVerifySubnet OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to TRUE, the subnet of snooped ARP frames is checked." DEFVAL { false } ::={ hm2PortLockingArpGroup 6 } hm2GlobalPortLockingSendVerificationTrap OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to TRUE, Traps are sent when an error is detected during header verification." DEFVAL { true } ::={ hm2PortLockingArpGroup 7 } hm2GlobalPortLockingSendDatabaseModificationTrap OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to TRUE, Traps are sent when an existing entry was modified in Learning Mode." DEFVAL { true } ::={ hm2PortLockingArpGroup 8 } hm2GlobalPortLockingSendDatabaseAlarmTrap OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to TRUE, Traps are sent when a new entry was created in Inspection Mode or when a modification was detected in Inspection Mode." DEFVAL { true } ::={ hm2PortLockingArpGroup 9 } hm2GlobalPortLockingArpResetCache OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this variable is set to true, all dynamic entries of the Switch ARP Database are flushed." DEFVAL { false } ::={ hm2PortLockingArpGroup 10 } hm2GlobalPortLockingArpInspectionTableEntries OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of entries in ARP inspection table." ::= { hm2PortLockingArpGroup 11 } -- ****************************************************************************************** -- hm2PortLockingArpDatabaseTable -> contains MIB objects for Port Locking Arp Database -- ****************************************************************************************** hm2PortLockingArpDatabaseTable OBJECT-TYPE SYNTAX SEQUENCE OF Hm2PortLockingArpDatabaseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for Port Locking ARP database entries." ::= { hm2PortLockingArpGroup 20 } hm2PortLockingArpDatabaseEntry OBJECT-TYPE SYNTAX Hm2PortLockingArpDatabaseEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents entry for ARP database table." INDEX { hm2PortLockingArpDatabaseIpAddr} ::={ hm2PortLockingArpDatabaseTable 1} Hm2PortLockingArpDatabaseEntry ::= SEQUENCE { hm2PortLockingArpDatabaseIpAddr IpAddress, hm2PortLockingArpDatabaseIfIndex Integer32, hm2PortLockingArpDatabaseVlanId Integer32, hm2PortLockingArpDatabaseMacAddr PhysAddress, hm2PortLockingArpDatabaseHitCounter Counter32, hm2PortLockingArpDatabaseIfAlarmCounter Counter32, hm2PortLockingArpDatabaseMacAlarmCounter Counter32, hm2PortLockingArpDatabaseDropCounter Counter32, hm2PortLockingArpDatabaseType Integer32, hm2PortLockingArpDatabaseStorageType StorageType, hm2PortLockingArpDatabaseRowStatus RowStatus } hm2PortLockingArpDatabaseIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "IP Address of ARP Entry." ::={ hm2PortLockingArpDatabaseEntry 1 } hm2PortLockingArpDatabaseIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Interface on which ARP entry was learned." ::={ hm2PortLockingArpDatabaseEntry 2 } hm2PortLockingArpDatabaseVlanId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "VLAN ID on which ARP entry was learned." ::={ hm2PortLockingArpDatabaseEntry 3 } hm2PortLockingArpDatabaseMacAddr OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-create STATUS current DESCRIPTION "MAC Address of ARP Entry." ::={ hm2PortLockingArpDatabaseEntry 4 } hm2PortLockingArpDatabaseHitCounter OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of times an ARP frame was received for this IP Address." ::={ hm2PortLockingArpDatabaseEntry 5 } hm2PortLockingArpDatabaseIfAlarmCounter OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of times the Interface was changed for this IP Address." ::={ hm2PortLockingArpDatabaseEntry 6 } hm2PortLockingArpDatabaseMacAlarmCounter OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of times the MAC Address was changed for this IP Address." ::={ hm2PortLockingArpDatabaseEntry 7 } hm2PortLockingArpDatabaseDropCounter OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of times the ARP packet was dropped for this IP address because it does not match with the current entry in locked state." ::={ hm2PortLockingArpDatabaseEntry 8 } hm2PortLockingArpDatabaseType OBJECT-TYPE SYNTAX INTEGER { dynamic(0), static(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "Entry Type." ::={ hm2PortLockingArpDatabaseEntry 9 } hm2PortLockingArpDatabaseStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "Entry Storage Type. Dynamic entries are of storage type volatile and Static entries are of storage type nonVolatile." DEFVAL { nonVolatile } ::={ hm2PortLockingArpDatabaseEntry 10 } hm2PortLockingArpDatabaseRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the status of a row in the table. Supports creation, deletion and activation of rows. A row will be of notReady(3) status, if all values of the row are not available yet. A row can be set to active(1) as soon as all values are available. A row must not be active(1) in order to be modified. A row, which is of type static, can be taken out of service by setting the value notInService(2)." ::= { hm2PortLockingArpDatabaseEntry 11 } -- ****************************************************************************************** -- hm2GlobalPortLockingArpStatistics -> contains MIB objects for Statistics -- ****************************************************************************************** hm2GlobalPortLockingArpStatistics OBJECT IDENTIFIER ::= { hm2PortLockingArpGroup 21 } hm2GlobalPortLockingArpStatisticsPacketsReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ARP packets received." ::= { hm2GlobalPortLockingArpStatistics 1 } hm2GlobalPortLockingArpStatisticsUcPacketsReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ARP Unicast packets received." ::= { hm2GlobalPortLockingArpStatistics 2 } hm2GlobalPortLockingArpStatisticsSrcMacFailure OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ARP packets with Src MAC failures." ::= { hm2GlobalPortLockingArpStatistics 3 } hm2GlobalPortLockingArpStatisticsDstMacFailure OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ARP packets with Dst MAC failures." ::= { hm2GlobalPortLockingArpStatistics 4 } hm2GlobalPortLockingArpStatisticsIpFailure OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ARP packets with IP Address failures." ::= { hm2GlobalPortLockingArpStatistics 5 } hm2GlobalPortLockingArpStatisticsSubnetFailure OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ARP packets with Subnet failures." ::= { hm2GlobalPortLockingArpStatistics 6 } hm2GlobalPortLockingArpStatisticsDropCounter OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of invalid ARP packets dropped in locked state." ::= { hm2GlobalPortLockingArpStatistics 7 } -- ****************************************************************************************** -- hm2PortLockingArpLastVerificationTable -> Information about Header Verification -- ****************************************************************************************** hm2PortLockingArpLastVerificationTable OBJECT-TYPE SYNTAX SEQUENCE OF Hm2PortLockingArpLastVerificationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for Port Locking ARP header failures." ::= { hm2PortLockingArpGroup 22 } hm2PortLockingArpLastVerificationEntry OBJECT-TYPE SYNTAX Hm2PortLockingArpLastVerificationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents entry for ARP header failure entry." INDEX { ifIndex } ::={ hm2PortLockingArpLastVerificationTable 1} Hm2PortLockingArpLastVerificationEntry ::= SEQUENCE { hm2PortLockingArpLastVerificationError Integer32, hm2PortLockingArpLastVerificationType Integer32, hm2PortLockingArpLastVerificationSA MacAddress, hm2PortLockingArpLastVerificationDA MacAddress, hm2PortLockingArpLastVerificationSHA MacAddress, hm2PortLockingArpLastVerificationTHA MacAddress, hm2PortLockingArpLastVerificationSPA IpAddress, hm2PortLockingArpLastVerificationTPA IpAddress } hm2PortLockingArpLastVerificationError OBJECT-TYPE SYNTAX INTEGER { none(0), da(1), sa(2), ip(3), subnet(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Shows type of last ARP inspection error on the given interface." ::={ hm2PortLockingArpLastVerificationEntry 1 } hm2PortLockingArpLastVerificationType OBJECT-TYPE SYNTAX INTEGER { none(0), arpRequest(1), arpReply(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Shows ARP type of last ARP inspection error for the given interface." ::={ hm2PortLockingArpLastVerificationEntry 2 } hm2PortLockingArpLastVerificationSA OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "SRC Address in MAC Header." ::={ hm2PortLockingArpLastVerificationEntry 3 } hm2PortLockingArpLastVerificationDA OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "DST Address in MAC Header." ::={ hm2PortLockingArpLastVerificationEntry 4 } hm2PortLockingArpLastVerificationSHA OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "SHA Field Header." ::={ hm2PortLockingArpLastVerificationEntry 5 } hm2PortLockingArpLastVerificationTHA OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "THA Field Header." ::={ hm2PortLockingArpLastVerificationEntry 6 } hm2PortLockingArpLastVerificationSPA OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "SPA Field Header." ::={ hm2PortLockingArpLastVerificationEntry 7 } hm2PortLockingArpLastVerificationTPA OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "SPA Field Header." ::={ hm2PortLockingArpLastVerificationEntry 8 } -- ****************************************************************************************** -- hm2PortLockingArpLastAlarmTable -> Information about ARP Table Alarms -- ****************************************************************************************** hm2PortLockingArpLastAlarmTable OBJECT-TYPE SYNTAX SEQUENCE OF Hm2PortLockingArpLastAlarmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for Port Locking ARP Alarms." ::= { hm2PortLockingArpGroup 23 } hm2PortLockingArpLastAlarmEntry OBJECT-TYPE SYNTAX Hm2PortLockingArpLastAlarmEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Represents entry for ARP inspection table." INDEX { ifIndex } ::={ hm2PortLockingArpLastAlarmTable 1} Hm2PortLockingArpLastAlarmEntry ::= SEQUENCE { hm2PortLockingArpLastAlarmError Integer32, hm2PortLockingArpLastAlarmIpAddress IpAddress, hm2PortLockingArpLastAlarmOldMacAddress MacAddress, hm2PortLockingArpLastAlarmNewMacAddress MacAddress } hm2PortLockingArpLastAlarmError OBJECT-TYPE SYNTAX INTEGER { none(0), newEntry(5), changedEntry(6), violation(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "Shows type of last ARP alarm." ::={ hm2PortLockingArpLastAlarmEntry 1 } hm2PortLockingArpLastAlarmIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "IP Address." ::={ hm2PortLockingArpLastAlarmEntry 2 } hm2PortLockingArpLastAlarmOldMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Old/original MAC Address in ARP table." ::={ hm2PortLockingArpLastAlarmEntry 3 } hm2PortLockingArpLastAlarmNewMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Old/original MAC Address in ARP table." ::={ hm2PortLockingArpLastAlarmEntry 4 } -- ************************************************************************************** -- PortLocking Traps -- -- ************************************************************************************** hm2PortLockingViolation NOTIFICATION-TYPE OBJECTS { ifIndex, hm2PortLockingLastDiscardedMAC } STATUS current DESCRIPTION "Sent when a packet is received on a locked port with a source MAC address that is not allowed." ::= { hm2PortLockingMibNotifications 1 } -- ************************************************************************************** -- PortLockingArp Traps -- -- ************************************************************************************** hm2PortLockingArpVerificationError NOTIFICATION-TYPE OBJECTS { ifIndex, hm2PortLockingArpLastVerificationType, hm2PortLockingArpLastVerificationError, hm2PortLockingArpLastVerificationSA, hm2PortLockingArpLastVerificationDA, hm2PortLockingArpLastVerificationSHA, hm2PortLockingArpLastVerificationTHA, hm2PortLockingArpLastVerificationTPA} STATUS current DESCRIPTION "Sent when the ARP Inspection detects an invalid ARP frame." ::= { hm2PortLockingMibNotifications 2 } hm2PortLockingArpAlarm NOTIFICATION-TYPE OBJECTS { ifIndex, hm2PortLockingArpLastAlarmError, hm2PortLockingArpLastAlarmIpAddress, hm2PortLockingArpLastAlarmOldMacAddress,hm2PortLockingArpLastAlarmNewMacAddress} STATUS current DESCRIPTION "Send in ARP-Learning Mode when the received ARP information (MAC-Address or Interface) does not match with the current entry in the ARP Database. Send in ARP-Inspection Mode when a new entry is created (new IP Address in network) or when the received ARP information (MAC-Address or Interface) does not match with the current entry in the ARP Database." ::= { hm2PortLockingMibNotifications 3 } END