-- ================================================================== -- Copyright (C) 2004-2014 by H3C TECHNOLOGIES. All rights reserved. -- -- Description: DHCP Snooping MIB -- Reference: -- Version: V1.3 -- History: -- V1.0 The initial version, created by FuJiajia, 2004.12.29 -- V1.1 2006-03-08 updated by HeHangjun -- Added h3cDhcpSnoopVlanTable -- V1.2 2007-06-18 updated by qizhenglin -- Added h3cDhcpSnoopSpoofServerDetected -- h3cDhcpSnoopSpoofServerMac -- h3cDhcpSnoopSpoofServerIP -- V1.3 2013-10-16 updated by xuyufei -- Added h3cDhcpSnoopNewBinding -- h3cDhcpSnoopBindingIP -- h3cDhcpSnoopBindingMac -- ================================================================== -- ================================================================== -- -- Varibles and types be imported -- -- ================================================================== H3C-DHCPSNOOP-MIB DEFINITIONS ::= BEGIN IMPORTS MacAddress FROM SNMPv2-TC MODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,IpAddress,Integer32 FROM SNMPv2-SMI ifIndex FROM IF-MIB hwdot1qVlanIndex FROM HUAWEI-LswVLAN-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB h3cCommon FROM HUAWEI-3COM-OID-MIB TruthValue FROM SNMPv2-TC; -- ================================================================== -- -- ======================= definition begin ========================= -- -- ================================================================== h3cDhcpSnoop MODULE-IDENTITY LAST-UPDATED "200501140000Z" ORGANIZATION "Hangzhou H3C Tech. Co., Ltd." CONTACT-INFO "Platform Team Hangzhou H3C Tech. Co., Ltd. Hai-Dian District Beijing P.R. China http://www.h3c.com Zip:100085 " DESCRIPTION "The private MIB file includes the DHCP Snooping profile." ::= { h3cCommon 36 } h3cDhcpSnoopMibObject OBJECT IDENTIFIER ::= { h3cDhcpSnoop 1 } h3cDhcpSnoopEnable OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "DHCP Snooping status (enable or disable)." DEFVAL { disable } ::= { h3cDhcpSnoopMibObject 1 } h3cDhcpSnoopTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table containing information of DHCP clients listened by DHCP snooping and it's enabled or disabled by setting h3cDhcpSnoopEnable node." ::= { h3cDhcpSnoopMibObject 2 } h3cDhcpSnoopEntry OBJECT-TYPE SYNTAX H3cDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information of DHCP clients." INDEX { h3cDhcpSnoopClientIpAddressType, h3cDhcpSnoopClientIpAddress } ::= { h3cDhcpSnoopTable 1 } H3cDhcpSnoopEntry ::= SEQUENCE { h3cDhcpSnoopClientIpAddressType InetAddressType, h3cDhcpSnoopClientIpAddress InetAddress, h3cDhcpSnoopClientMacAddress MacAddress, h3cDhcpSnoopClientProperty INTEGER , h3cDhcpSnoopClientUnitNum Integer32 } h3cDhcpSnoopClientIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "DHCP clients' IP addresses type (IPv4 or IPv6)." DEFVAL { ipv4 } ::= { h3cDhcpSnoopEntry 1 } h3cDhcpSnoopClientIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "DHCP clients' IP addresses collected by DHCP snooping." ::= { h3cDhcpSnoopEntry 2 } h3cDhcpSnoopClientMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "DHCP clients' MAC addresses collected by DHCP snooping." ::= { h3cDhcpSnoopEntry 3 } h3cDhcpSnoopClientProperty OBJECT-TYPE SYNTAX INTEGER { static(1), dynamic(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Method of getting IP addresses collected by DHCP snooping." ::= { h3cDhcpSnoopEntry 4 } h3cDhcpSnoopClientUnitNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "IRF (Intelligent Resilient Fabric) unit number via whom the clients get their IP addresses. The value 0 means this device does not support IRF." ::= { h3cDhcpSnoopEntry 5 } h3cDhcpSnoopTrustTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDhcpSnoopTrustEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table is used to configure and monitor port trusted status." ::= { h3cDhcpSnoopMibObject 3 } h3cDhcpSnoopTrustEntry OBJECT-TYPE SYNTAX H3cDhcpSnoopTrustEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information about trusted status of ports." INDEX { ifIndex } ::= { h3cDhcpSnoopTrustTable 1 } H3cDhcpSnoopTrustEntry ::= SEQUENCE { h3cDhcpSnoopTrustStatus INTEGER } h3cDhcpSnoopTrustStatus OBJECT-TYPE SYNTAX INTEGER { untrusted(0), trusted(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Trusted status of current port which supports both get and set operation." DEFVAL { untrusted } ::= { h3cDhcpSnoopTrustEntry 1 } h3cDhcpSnoopVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDhcpSnoopVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table is used to configure and monitor DHCP Snooping status of VLANs." ::= { h3cDhcpSnoopMibObject 4 } h3cDhcpSnoopVlanEntry OBJECT-TYPE SYNTAX H3cDhcpSnoopVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry information about h3cDhcpSnoopVlanTable." INDEX { h3cDhcpSnoopVlanIndex } ::= { h3cDhcpSnoopVlanTable 1 } H3cDhcpSnoopVlanEntry ::= SEQUENCE { h3cDhcpSnoopVlanIndex Integer32, h3cDhcpSnoopVlanEnable TruthValue } h3cDhcpSnoopVlanIndex OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Current VLAN index." ::= { h3cDhcpSnoopVlanEntry 1 } h3cDhcpSnoopVlanEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "DHCP Snooping status of current VLAN." DEFVAL { false } ::= { h3cDhcpSnoopVlanEntry 2 } -- ================================================================== -- -- ======================= trap definition begin ==================== -- -- ================================================================== h3cDhcpSnoopTraps OBJECT IDENTIFIER ::= { h3cDhcpSnoop 2 } h3cDhcpSnoopTrapsPrefix OBJECT IDENTIFIER ::= { h3cDhcpSnoopTraps 0 } h3cDhcpSnoopTrapsObject OBJECT IDENTIFIER ::= { h3cDhcpSnoopTraps 1 } h3cDhcpSnoopSpoofServerMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "MAC address of the spoofing server and it is derived from link-layer header of offer packet. If the offer packet is relayed by dhcp relay entity, it may be the MAC address of relay entity. " ::= { h3cDhcpSnoopTrapsObject 1 } h3cDhcpSnoopSpoofServerIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IP address of the spoofing server and it is derived from IP header of offer packet. A tricksy host may send offer packet use other host's address, so this address can not always be trust. " ::= { h3cDhcpSnoopTrapsObject 2 } h3cDhcpSnoopBindingIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IP address of a new binding. " ::= { h3cDhcpSnoopTrapsObject 3 } h3cDhcpSnoopBindingMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "MAC address of a new binding. " ::= { h3cDhcpSnoopTrapsObject 4 } h3cDhcpSnoopSpoofServerDetected NOTIFICATION-TYPE OBJECTS { ifIndex, -- The interface from which an -- illegal dhcp server accessed hwdot1qVlanIndex, -- The vlan from which an illegal -- dhcp server accessed h3cDhcpSnoopSpoofServerMac, h3cDhcpSnoopSpoofServerIP } STATUS current DESCRIPTION "To detect unauthorized DHCP servers on a network, the DHCP snooping device sends DHCP-DISCOVER messages through its downstream port (which is connected to the DHCP clients). If any response (DHCP-OFFER message) is received from the downstream port, an unauthorized DHCP server is considered present, and then the device sends a trap. With unauthorized DHCP server detection enabled, the interface sends a DHCP-DISCOVER message to detect unauthorized DHCP servers on the network. If this interface receives a DHCP-OFFER message, the DHCP server which sent it is considered unauthorized. " ::= { h3cDhcpSnoopTrapsPrefix 1 } h3cDhcpSnoopNewBinding NOTIFICATION-TYPE OBJECTS { h3cDhcpSnoopBindingIP, h3cDhcpSnoopBindingMac } STATUS current DESCRIPTION "The device sends a trap when adding a new binding." ::= { h3cDhcpSnoopTrapsPrefix 2 } END