HP-ICF-IP-LOCKDOWN-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE, Counter32 FROM SNMPv2-SMI MacAddress, TruthValue FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF InetAddressType, InetAddress FROM INET-ADDRESS-MIB ifIndex, InterfaceIndex FROM IF-MIB VlanIndex FROM Q-BRIDGE-MIB hpSwitch FROM HP-ICF-OID; hpicfIpLockdown MODULE-IDENTITY LAST-UPDATED "200803160524Z" -- March 16, 2008 ORGANIZATION "HP Networking" CONTACT-INFO "Hewlett-Packard Company 8000 Foothills Blvd. Roseville, CA 95747" DESCRIPTION "This MIB module contains HP proprietary objects for managing Dynamic IP Lockdown." REVISION "200803160524Z" -- March 16, 2008 DESCRIPTION "Added hpicfIpLockErrantNotify, it's objects and groups. Obsoleted hpicfIpLockTrapsCntl in favor of hpicfIpLockTrapsCtrl and added a hpicfIpLockObsoleteGroup." REVISION "200606082347Z" -- June 8, 2006 DESCRIPTION "Initial revision." ::= { hpSwitch 39 } -- ********************************************************** -- Trap Definitions -- ********************************************************** hpicfIpLockTraps OBJECT IDENTIFIER ::= { hpicfIpLockdown 0 } hpicfIpLockTrapsObjects OBJECT IDENTIFIER ::= { hpicfIpLockTraps 1 } hpicfIpLockOutOfResourceSource OBJECT-TYPE SYNTAX INTEGER { dhcpsnooping (1), iplockdown (2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The identifier of the reason for out of hardware resource condition" ::= { hpicfIpLockTrapsObjects 1 } hpicfIpLockOutOfResources NOTIFICATION-TYPE OBJECTS { hpicfIpLockAddrPort, hpicfIpLockAddrMacAddress, hpicfIpLockAddrIpAddress, hpicfIpLockAddrVlan, hpicfIpLockOutOfResourceSource } STATUS current DESCRIPTION "This trap indicates that unexpected running out of hardware resources to program a Dynamic IP Lockdown rule. This notification trap is controlled by the state of 'hpicfIpLockTrapCtrl' object. Implementation of this trap is optional." ::= { hpicfIpLockTrapsObjects 2 } hpicfIpLockErrantNotify NOTIFICATION-TYPE OBJECTS { hpicfIpLockNotifyCount, hpicfIpLockNotifyPort, hpicfIpLockNotifySrcIpType, hpicfIpLockNotifySrcIpAddress, hpicfIpLockNotifyDstIpType, hpicfIpLockNotifyDstIpAddress, hpicfIpLockNotifyMacAddress, hpicfIpLockNotifyPktCount } STATUS current DESCRIPTION "This notification indicates a host was denied access to the switch based on Dynamic Lockdown Protection rules. This notification trap is controlled by the state of the 'hpicfIpLockTrapCtrl' object. Implementation of this trap is optional." ::= { hpicfIpLockTrapsObjects 3 } hpicfIpLockErrantNotifyObjects OBJECT IDENTIFIER ::= { hpicfIpLockTrapsObjects 4 } hpicfIpLockNotifyCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "A count of 'hpicfIpLockErrantNotify' sent from the Dynamic Ip Lockdown Protection entity to the SNMP entity since boot." ::= { hpicfIpLockErrantNotifyObjects 1 } hpicfIpLockNotifyPort OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The port for which this 'hpicfIpLockErrantNotify' applies." ::= { hpicfIpLockErrantNotifyObjects 2 } hpicfIpLockNotifySrcIpType OBJECT-TYPE SYNTAX InetAddressType -- { ipv4(1), ipv6 (2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The type of IP address contained in 'hpicfIpLockNotifySrcIpAddress'. The only values expected are ipv4 or ipv6." ::= { hpicfIpLockErrantNotifyObjects 3 } hpicfIpLockNotifySrcIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The source IP address for which this 'hpicfIpLockErrantNotify' applies." ::= { hpicfIpLockErrantNotifyObjects 4 } hpicfIpLockNotifyDstIpType OBJECT-TYPE SYNTAX InetAddressType -- { ipv4(1), ipv6 (2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The type of IP address contained in 'hpicfIpLockNotifyDstIpAddress'. The only values expected are ipv4 or ipv6." ::= { hpicfIpLockErrantNotifyObjects 5 } hpicfIpLockNotifyDstIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The destination IP address for which this 'hpicfIpLockErrantNotify' applies." ::= { hpicfIpLockErrantNotifyObjects 6 } hpicfIpLockNotifyMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The source MAC address for which this 'hpicfIpLockErrantNotify' applies." ::= { hpicfIpLockErrantNotifyObjects 7 } hpicfIpLockNotifyPktCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This object indicates the number of packets received from this host which were dropped." ::= { hpicfIpLockErrantNotifyObjects 8 } hpicfIpLockObjects OBJECT IDENTIFIER ::= { hpicfIpLockdown 1 } hpicfIpLockConfig OBJECT IDENTIFIER ::= { hpicfIpLockObjects 1 } hpicfIpLockEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The administrative status of the Dynamic IP Lockdown feature." ::= { hpicfIpLockConfig 1 } hpicfIpLockPortTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfIpLockPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Per-interface configuration for Dynamic IP Lockdown." ::= { hpicfIpLockConfig 2 } hpicfIpLockTrapCntl OBJECT-TYPE SYNTAX BITS { outOfResource(0) } MAX-ACCESS read-write STATUS obsolete DESCRIPTION "********* THIS OBJECT IS OBSOLETED ********** This object has been obsoleted in favor of 'hpicfIpLockTrapCtrl'. Controls generation of SNMP traps for events defined in this MIB. The set bit means 'enabled'. - OutOfResource(0) The state of this bit specifies whether the notification trap is allowed to be send when one runs out of resources programming a dynamic IP Lockdown rule.." ::= { hpicfIpLockConfig 3 } hpicfIpLockTrapCtrl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Controls generation of SNMP notifications for traps defined in this MIB." DEFVAL { true } ::= { hpicfIpLockConfig 4 } hpicfIpLockPortEntry OBJECT-TYPE SYNTAX HpicfIpLockPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Dynamic IP Lockdown configuration information for a single port." INDEX { ifIndex } ::= { hpicfIpLockPortTable 1 } HpicfIpLockPortEntry ::= SEQUENCE { hpicfIpLockPortEnable INTEGER } hpicfIpLockPortEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether this port is enabled for Dynamic IP Lockdown." ::= { hpicfIpLockPortEntry 1 } hpicfIpLockStatus OBJECT IDENTIFIER ::= { hpicfIpLockObjects 2 } hpicfIpLockPortStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfIpLockPortStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Per-interface status for Dynamic IP Lockdown." ::= { hpicfIpLockStatus 1 } hpicfIpLockPortStatusEntry OBJECT-TYPE SYNTAX HpicfIpLockPortStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Dynamic IP Lockdown status information for a single port." INDEX { ifIndex } ::= { hpicfIpLockPortStatusTable 1 } HpicfIpLockPortStatusEntry ::= SEQUENCE { hpicfIpLockPortOperStatus BITS } hpicfIpLockPortOperStatus OBJECT-TYPE SYNTAX BITS { active(0), noDsnoop(1), trustedPort(2), noSnoopingVlan(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the various states of the current operating mode of Dynamic IP Lockdown on this port. When no bits are set, the status of this feature shall be 'disabled'. Each status is described below: active - Dynamic IP Lockdown is active on this port. noDsnoop - Dynamic IP Lockdown is enabled on this port, but DHCP Snooping is not globally enabled. trustedPort - Dynamic IP Lockdown is enabled on this port, but is not active because the port is a DHCP Snooping trusted port. noSnoopingVlan - Dynamic IP Lockdown is enabled on this port, but is not active because the port is not a member of any VLAN with DHCP Snooping enabled." ::= { hpicfIpLockPortStatusEntry 1 } hpicfIpLockAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF HpicfIpLockAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of source address bindings on ports where Dynamic IP Lockdown is active that are currently permitted." ::= { hpicfIpLockStatus 2 } hpicfIpLockAddrEntry OBJECT-TYPE SYNTAX HpicfIpLockAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table containing a single permitted source address binding." INDEX { hpicfIpLockAddrPort, hpicfIpLockAddrType, hpicfIpLockAddrIpAddress } ::= { hpicfIpLockAddrTable 1 } HpicfIpLockAddrEntry ::= SEQUENCE { hpicfIpLockAddrPort InterfaceIndex, hpicfIpLockAddrType InetAddressType, hpicfIpLockAddrIpAddress InetAddress, hpicfIpLockAddrVlan VlanIndex, hpicfIpLockAddrMacAddress MacAddress, hpicfIpLockResourceAvailable TruthValue } hpicfIpLockAddrPort OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The port that this address binding is permitted on." ::= { hpicfIpLockAddrEntry 1 } hpicfIpLockAddrType OBJECT-TYPE SYNTAX InetAddressType -- { ipv4(1), ipv6 (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of IP address contained in hpicfIpLockAddrIpAddress. The only values expected are ipv4 or ipv6." ::= { hpicfIpLockAddrEntry 2 } hpicfIpLockAddrIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "A source IP address permitted on this port. The type of address contained in this object is indicated by hpicfIpLockAddrType." ::= { hpicfIpLockAddrEntry 3 } hpicfIpLockAddrVlan OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS read-only STATUS current DESCRIPTION "The VLAN ID on which this source address is permitted on this port." ::= { hpicfIpLockAddrEntry 4 } hpicfIpLockAddrMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The source MAC address that is permitted for this source IP address on this port." ::= { hpicfIpLockAddrEntry 5 } hpicfIpLockResourceAvailable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "TRUE indicates that resources were available to add binding. FALSE indicates that resources were not available" ::= { hpicfIpLockAddrEntry 6 } hpicfIpLockConformance OBJECT IDENTIFIER ::= { hpicfIpLockdown 2 } hpicfIpLockGroups OBJECT IDENTIFIER ::= { hpicfIpLockConformance 1 } hpicfIpLockBaseGroup OBJECT-GROUP OBJECTS { hpicfIpLockEnable, hpicfIpLockPortEnable, hpicfIpLockPortOperStatus, hpicfIpLockAddrPort, hpicfIpLockAddrType, hpicfIpLockAddrIpAddress, hpicfIpLockAddrVlan, hpicfIpLockAddrMacAddress, hpicfIpLockResourceAvailable } STATUS current DESCRIPTION "A collection of objects for configuring and monitoring the base Dynamic IP Lockdown functionality." ::= { hpicfIpLockGroups 1 } hpicfIpLockTrapsGroup NOTIFICATION-GROUP NOTIFICATIONS { hpicfIpLockOutOfResources, hpicfIpLockErrantNotify } STATUS current DESCRIPTION "A collection of trap objects for Dynamic IP Lockdown." ::= { hpicfIpLockGroups 2 } hpicfIpLockTrapObjectsGroup OBJECT-GROUP OBJECTS { hpicfIpLockOutOfResourceSource, hpicfIpLockNotifyCount, hpicfIpLockNotifyPort, hpicfIpLockNotifySrcIpType, hpicfIpLockNotifySrcIpAddress, hpicfIpLockNotifyDstIpType, hpicfIpLockNotifyDstIpAddress, hpicfIpLockNotifyMacAddress, hpicfIpLockNotifyPktCount, hpicfIpLockTrapCtrl } STATUS current DESCRIPTION "A collection of objects for receiving notification information in regards to the Dynamic IP Lockdown functionality." ::= { hpicfIpLockGroups 3 } hpicfIpLockObsoleteGroup OBJECT-GROUP OBJECTS { hpicfIpLockTrapCntl } STATUS obsolete DESCRIPTION "These objects are obsolete and are no longer used." ::= { hpicfIpLockGroups 4 } hpicfIpLockCompliances OBJECT IDENTIFIER ::= { hpicfIpLockConformance 2 } hpicfIpLockCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for HP switches that support Dynamic IP Lockdown." MODULE MANDATORY-GROUPS { hpicfIpLockBaseGroup } ::= { hpicfIpLockCompliances 1 } hpicfIpLockTrapCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for HP switches that support Dynamic IP Lockdown Notify group ." MODULE --this module MANDATORY-GROUPS { hpicfIpLockTrapObjectsGroup, hpicfIpLockTrapsGroup } ::= { hpicfIpLockCompliances 2 } END