-- HP-ICF-ARP-THROTTLE DEFINITIONS ::= BEGIN IMPORTS hpSwitch FROM HP-ICF-OID OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP FROM SNMPv2-CONF Integer32, Counter32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI TruthValue, MacAddress, RowStatus FROM SNMPv2-TC; -- 1.3.6.1.4.1.11.2.14.11.5.1.119 hpicfArpThrottle MODULE-IDENTITY LAST-UPDATED "202106100000Z" ORGANIZATION "HP Networking" CONTACT-INFO "Hewlett-Packard Company 8000 Foothills Blvd. Roseville, CA 95747" DESCRIPTION "This MIB module contains HP proprietary objects for managing ARP throttling." REVISION "202106100000Z" DESCRIPTION "Added hpicfArpThrottleStatsNumClientsInDenylist and hpicfArpThrottleDenylistAgingTime." REVISION "201505070000Z" DESCRIPTION "Initial revision." ::= { hpSwitch 119 } -- Top-level structure of this MIB -- 1.3.6.1.4.1.11.2.14.11.5.1.119.0 hpicfArpThrottleNotifications OBJECT IDENTIFIER ::= { hpicfArpThrottle 0 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1 hpicfArpThrottleObjects OBJECT IDENTIFIER ::= { hpicfArpThrottle 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.2 hpicfArpThrottleConformance OBJECT IDENTIFIER ::= { hpicfArpThrottle 2 } -- Notifications -- 1.3.6.1.4.1.11.2.14.11.5.1.119.0.1 hpicfArpThrottleExceedThresholdTrap NOTIFICATION-TYPE OBJECTS { hpicfArpThrottleClientOverThreshold } STATUS current DESCRIPTION "This notification indicates that a client sending large number of ARP packets over the configured threshold is detected. The MAC address of the client is included in the notification." ::= { hpicfArpThrottleNotifications 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.1 hpicfArpThrottleClientOverThreshold OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "MAC address of a client that just went over the ARP throttle Threshold. It is used in hpicfArpThrottle notification." ::= { hpicfArpThrottleObjects 1 } -- Configurations -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2 hpicfArpThrottleConfig OBJECT IDENTIFIER ::= { hpicfArpThrottleObjects 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2.1 hpicfArpThrottleEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The administrative status of the ARP Throttle feature. true(1) - enabled; false(2) - disabled." ::= { hpicfArpThrottleConfig 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2.2 hpicfArpThrottleRemediationMode OBJECT-TYPE SYNTAX INTEGER { monitor(0), filter(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "The remediation mode of the ARP Throttle. In monitor mode, the switch only logs alerts when a client exceeds the configured threshold; In filter mode, ARP packets over the threshold will be dropped in addition to alert logging." DEFVAL { 0 } ::= { hpicfArpThrottleConfig 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2.3 hpicfArpThrottleThreshold OBJECT-TYPE SYNTAX Integer32 (1..1024) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of ARP packets a client can send in 5 seconds. When a client goes over the threshold, it will be put into a denylist and subject to the configured remediation action." DEFVAL { 30 } ::= { hpicfArpThrottleConfig 3 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2.4 hpicfArpThrottleBlacklistAgingTime OBJECT-TYPE SYNTAX Integer32 (1..86400) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The time a client stays in the blacklist, in seconds." DEFVAL { 300 } ::= { hpicfArpThrottleConfig 4 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2.5 hpicfArpThrottleExcludedMacTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfArpThrottleExcludedMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "List of excluded MAC addresses that are not subject to throttling." ::= { hpicfArpThrottleConfig 5 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2.6 hpicfArpThrottleDenylistAgingTime OBJECT-TYPE SYNTAX Integer32 (1..86400) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The time a client stays in the denylist, in seconds." DEFVAL { 300 } ::= { hpicfArpThrottleConfig 6 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2.5.1 hpicfArpThrottleExcludedMacEntry OBJECT-TYPE SYNTAX HpicfArpThrottleExcludedMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information of an excluded MAC address that is not subject to throttling." INDEX { hpicfArpThrottleExcludedMac } ::= { hpicfArpThrottleExcludedMacTable 1 } HpicfArpThrottleExcludedMacEntry ::= SEQUENCE { hpicfArpThrottleExcludedMac MacAddress, hpicfArpThrottleExcludedMacStatus RowStatus } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2.5.1.1 hpicfArpThrottleExcludedMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "A MAC address to be included from ARP throttle." ::= { hpicfArpThrottleExcludedMacEntry 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.2.5.1.2 hpicfArpThrottleExcludedMacStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The row status of this entry instance. createAndGo - will create the entry for the excluded MAC and transition the status to active. active - indicate the entry instance is in effect. destroy - delete the entry instance. All other RowStatus values are NOT supported." ::= { hpicfArpThrottleExcludedMacEntry 2 } -- Statistics -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.3 hpicfArpThrottleStats OBJECT IDENTIFIER ::= { hpicfArpThrottleObjects 3 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.3.1 hpicfArpThrottleStatsNumClientsInBlacklist OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total number of clients in blacklist." ::= { hpicfArpThrottleStats 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.3.2 hpicfArpThrottleStatsNumClientsBeingTracked OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total number of clients being tracked for their ARP packets." ::= { hpicfArpThrottleStats 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.1.3.3 hpicfArpThrottleStatsNumClientsInDenylist OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total number of clients in denylist." ::= { hpicfArpThrottleStats 3 } -- Object Groups -- 1.3.6.1.4.1.11.2.14.11.5.1.119.2.1 hpicfArpThrottleGroups OBJECT IDENTIFIER ::= { hpicfArpThrottleConformance 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.2.1.1 hpicfArpThrottleBaseGroup OBJECT-GROUP OBJECTS { hpicfArpThrottleEnable, hpicfArpThrottleRemediationMode, hpicfArpThrottleThreshold, hpicfArpThrottleBlacklistAgingTime, hpicfArpThrottleExcludedMacStatus, hpicfArpThrottleStatsNumClientsInBlacklist, hpicfArpThrottleStatsNumClientsBeingTracked, hpicfArpThrottleClientOverThreshold } STATUS deprecated DESCRIPTION "A group of objects that provides ARP throttle configuration, Statistics, and traps." ::= { hpicfArpThrottleGroups 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.2.1.2 hpicfArpThrottleNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { hpicfArpThrottleExceedThresholdTrap } STATUS current DESCRIPTION "A group of notifications for ARP throttle." ::= { hpicfArpThrottleGroups 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.2.1.3 hpicfArpThrottleBaseGroup1 OBJECT-GROUP OBJECTS { hpicfArpThrottleEnable, hpicfArpThrottleRemediationMode, hpicfArpThrottleThreshold, hpicfArpThrottleBlacklistAgingTime, hpicfArpThrottleExcludedMacStatus, hpicfArpThrottleStatsNumClientsInBlacklist, hpicfArpThrottleStatsNumClientsBeingTracked, hpicfArpThrottleClientOverThreshold, hpicfArpThrottleDenylistAgingTime, hpicfArpThrottleStatsNumClientsInDenylist } STATUS current DESCRIPTION "A group of objects that provides ARP throttle configuration, Statistics, and traps." ::= { hpicfArpThrottleGroups 3 } -- Compliances -- 1.3.6.1.4.1.11.2.14.11.5.1.119.2.2 hpicfArpThrottleCompliances OBJECT IDENTIFIER ::= { hpicfArpThrottleConformance 2 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.2.2.1 hpicfArpThrottleCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for HP switches that support ARP Throttle." MODULE -- this module MANDATORY-GROUPS { hpicfArpThrottleBaseGroup, hpicfArpThrottleNotificationGroup } ::= { hpicfArpThrottleCompliances 1 } -- 1.3.6.1.4.1.11.2.14.11.5.1.119.2.2.2 hpicfArpThrottleCompliance1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for HP switches that support ARP Throttle." MODULE -- this module MANDATORY-GROUPS { hpicfArpThrottleBaseGroup1, hpicfArpThrottleNotificationGroup } ::= { hpicfArpThrottleCompliances 2 } END