-- ***************************************************************** -- QTECH-SECURITY-MIB.mib: Qtech Security MIB file -- -- March 2002, Wuzg -- -- Copyright (c) 2002 by Qtech Networks Co.,Ltd. -- All rights reserved. -- -- ***************************************************************** -- QTECH-SECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, IpAddress, Unsigned32 FROM SNMPv2-SMI TruthValue, RowStatus, MacAddress FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF ConfigStatus, IfIndex FROM QTECH-TC ifIndex FROM IF-MIB EnabledStatus FROM P-BRIDGE-MIB qtechMgmt FROM QTECH-SMI; qtechSecurityMIB MODULE-IDENTITY LAST-UPDATED "200203200000Z" ORGANIZATION "Qtech Networks Co.,Ltd." CONTACT-INFO " Tel: 4008-111-000 E-mail: service@qtech.com.cn" DESCRIPTION "This module defines qtech security mibs." REVISION "200203200000Z" DESCRIPTION "Initial version of this MIB module." ::= { qtechMgmt 6} qtechSecurityMIBObjects OBJECT IDENTIFIER ::= { qtechSecurityMIB 1 } qtechUserManagementObjects OBJECT IDENTIFIER ::= { qtechSecurityMIBObjects 1 } qtechSecurityAddressObjects OBJECT IDENTIFIER ::= { qtechSecurityMIBObjects 2 } qtechPortSecrrityObjects OBJECT IDENTIFIER ::= { qtechSecurityMIBObjects 3 } -- -- user management -- qtechEnableSnmpAgent OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enabled indicate that user can manage switch by snmp agent, disabled indicate that user can't manage switch by snmp agent." ::= { qtechUserManagementObjects 1 } qtechEnableWeb OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enabled indicate that user can manage switch by web, disabled indicate that user can't manage switch by web." ::= { qtechUserManagementObjects 2 } qtechEnableTelnet OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enabled indicate that user can manage switch by telnet, disabled indicate that user can't manage switch by telnet." ::= { qtechUserManagementObjects 3 } --TelnetHostIpTable qtechTelnetHostIpTable OBJECT-TYPE SYNTAX SEQUENCE OF QtechTelnetHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of telnet client's IP address, only these hostes can access the telnet server." ::= { qtechUserManagementObjects 4 } qtechTelnetHostIpEntry OBJECT-TYPE SYNTAX QtechTelnetHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of telnet host IP address table." INDEX { qtechTelnetHostIpAddress} ::= { qtechTelnetHostIpTable 1 } QtechTelnetHostIpEntry ::= SEQUENCE { qtechTelnetHostIpAddress IpAddress, qtechTelnetHostIpEnable INTEGER } qtechTelnetHostIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The telnet client's IP address, Only these hostes can access the telnet server" ::= { qtechTelnetHostIpEntry 1 } qtechTelnetHostIpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The telnet client's IP address enable state" ::= { qtechTelnetHostIpEntry 2 } --WebHostIpTable qtechWebHostIpTable OBJECT-TYPE SYNTAX SEQUENCE OF QtechWebHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of web client's IP address, only these hostes can access the web server." ::= { qtechUserManagementObjects 5 } qtechWebHostIpEntry OBJECT-TYPE SYNTAX QtechWebHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of web host IP address table." INDEX { qtechWebHostIpAddress} ::= { qtechWebHostIpTable 1 } QtechWebHostIpEntry ::= SEQUENCE { qtechWebHostIpAddress IpAddress, qtechWebHostIpEnable INTEGER } qtechWebHostIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The web client's IP address, Only these hostes can access the web server" ::= { qtechWebHostIpEntry 1 } qtechWebHostIpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The web client's IP address enable state" ::= { qtechWebHostIpEntry 2 } -- security address qtechSecurityAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF QtechSecurityAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of security address." ::= { qtechSecurityAddressObjects 1 } qtechSecurityAddressEntry OBJECT-TYPE SYNTAX QtechSecurityAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of Security address table." INDEX { qtechSecurityAddressFdbId, qtechSecurityAddressAddress, qtechSecurityAddressPort, qtechSecurityAddressIpAddr} ::= { qtechSecurityAddressTable 1 } QtechSecurityAddressEntry ::= SEQUENCE { qtechSecurityAddressFdbId Unsigned32, qtechSecurityAddressAddress MacAddress, qtechSecurityAddressPort IfIndex, qtechSecurityAddressIpAddr IpAddress, qtechSecurityAddressIfBindIp TruthValue, qtechSecurityAddressRemainAge Integer32, qtechSecurityAddressType INTEGER, qtechSecurityAddressStatus RowStatus } qtechSecurityAddressFdbId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The VID of vlan which the security address blongs to." ::= { qtechSecurityAddressEntry 1 } qtechSecurityAddressAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MAC address of the security address." ::= { qtechSecurityAddressEntry 2 } qtechSecurityAddressPort OBJECT-TYPE SYNTAX IfIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The interface which the security address blongs to." ::= { qtechSecurityAddressEntry 3 } qtechSecurityAddressIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address which the security address bind.It's meaning only when qtechSecurityAddressIfBindIp is true." ::= { qtechSecurityAddressEntry 4 } qtechSecurityAddressIfBindIp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "this object offer the means whether security address will bind IP." ::= { qtechSecurityAddressEntry 5 } qtechSecurityAddressRemainAge OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The remain age of the security address, in units of minute." ::= { qtechSecurityAddressEntry 6 } qtechSecurityAddressType OBJECT-TYPE SYNTAX INTEGER{ secureConfigured(1), dynamicLearn(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the security address" ::= { qtechSecurityAddressEntry 7 } qtechSecurityAddressStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "entry status of this entry. and the means in this enviraments can reffer to the text-convention definition of the RowStatus." ::= { qtechSecurityAddressEntry 8 } --Address Bind Table qtechBindAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF QtechBindAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "IP-MAC bind table. The source MAC address must be bound when the switch receives the frame with source IP address defined in this table. Otherwise, the frame will be discarded." ::= { qtechSecurityAddressObjects 2 } qtechBindAddressEntry OBJECT-TYPE SYNTAX QtechBindAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of Bind address table." INDEX { qtechBindAddressIpAddr} ::= { qtechBindAddressTable 1 } QtechBindAddressEntry ::= SEQUENCE { qtechBindAddressIpAddr IpAddress, qtechBindMacAddress MacAddress, qtechBindAddressStatus ConfigStatus } qtechBindAddressIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address which the security address bind.It's meaning only when qtechBindAddressIfBindIp is true." ::= { qtechBindAddressEntry 1 } qtechBindMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The MAC address of the security address." ::= { qtechBindAddressEntry 2 } qtechBindAddressStatus OBJECT-TYPE SYNTAX ConfigStatus MAX-ACCESS read-create STATUS current DESCRIPTION "entry status. Setting this value to 'invalid' will remove this entry" ::= { qtechBindAddressEntry 3 } -- port security qtechPortSecurityTable OBJECT-TYPE SYNTAX SEQUENCE OF QtechPortSecurityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "list of port security configuration objects." ::= { qtechPortSecrrityObjects 1 } qtechPortSecurityEntry OBJECT-TYPE SYNTAX QtechPortSecurityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains port security configurations." INDEX { qtechPortSecurityPortIndex } ::= { qtechPortSecurityTable 1 } QtechPortSecurityEntry ::= SEQUENCE { qtechPortSecurityPortIndex IfIndex, qtechPortSecurityStatus EnabledStatus, qtechPortSecurViolationType INTEGER, qtechPortSecurityAddrNum Integer32, qtechPortSecurityAddrAge Integer32, qtechPortStaticSecurAddrIfAge EnabledStatus, qtechPortSecurityAddressCurrentNum Integer32, qtechPortStaticSecurAddrCurrentNum Integer32, qtechPortSecurityIpDistrMode INTEGER } qtechPortSecurityPortIndex OBJECT-TYPE SYNTAX IfIndex MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { qtechPortSecurityEntry 1 } qtechPortSecurityStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "" DEFVAL { disabled } ::= { qtechPortSecurityEntry 2 } qtechPortSecurViolationType OBJECT-TYPE SYNTAX INTEGER { violation-protect(1), violation-restrict(2), violation-shutdown(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "this object define 3 grades of port security: violation-protect(1): normal security grade, indicate that when the a datagram received on a port with illegal MAC address will be discarded but not send trap, legal and illegal MAC to a port security is defined by per port's security below. violation-restrict(2): normal security grade, indicate that when the a datagram received on a port with illegal MAC address will be discarded and send trap, legal and illegal MAC to a port security is defined by per port's security below. violation-shutdown(3): strict security grade, indicate that when the a datagram received on a port with illegal MAC address, the port will be disabled for the violation of the port's security and send trap." DEFVAL { violation-protect } ::= { qtechPortSecurityEntry 3 } qtechPortSecurityAddrNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This value means the address number threshold of this port. A new address want to add to the port address will be refused when address num exceed this value. This value is valid when qtechPortSecurityStatus is 'disabled'" ::= { qtechPortSecurityEntry 4 } qtechPortSecurityAddrAge OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Aging time in units of minute of security address of interface" ::= { qtechPortSecurityEntry 5 } qtechPortStaticSecurAddrIfAge OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object offer the means whether enable static configured security address aging." ::= { qtechPortSecurityEntry 6 } qtechPortSecurityAddressCurrentNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Current number of the security address of interface." ::= { qtechPortSecurityEntry 7 } qtechPortStaticSecurAddrCurrentNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Current number of the static configured security address of interface." ::= { qtechPortSecurityEntry 8 } qtechPortSecurityIpDistrMode OBJECT-TYPE SYNTAX INTEGER{ static(1), --only Static IP Distribute enabled dynamic(2), --only Dynamic IP Distribute enabled staticAndDynamic(3), --both Static and Dynamic IP Distribute enable unSpecified(4) --not specified } MAX-ACCESS read-only STATUS current DESCRIPTION "IP Distrute Mode (0:Static-only mode, 1:Dynamic-only mode, 2:Dynamic and Static mode, 3:Unspecified mode)" ::= { qtechPortSecurityEntry 9 } qtechSecurityTraps OBJECT IDENTIFIER ::= { qtechSecurityMIB 2 } portSecurityViolate NOTIFICATION-TYPE OBJECTS {ifIndex} STATUS current DESCRIPTION "the mac lock violate trap indicates that if you have set the threshold number of learned addresses from a port, and their comes a new address from the port, but the addresses for the port is already full." ::= { qtechSecurityTraps 1 } qtechSecurityMIBConformance OBJECT IDENTIFIER ::= { qtechSecurityMIB 3 } qtechSecurityMIBCompliances OBJECT IDENTIFIER ::= { qtechSecurityMIBConformance 1 } qtechSecurityMIBGroups OBJECT IDENTIFIER ::= { qtechSecurityMIBConformance 2 } -- compliance statements qtechSecurityMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the Qtech Security MIB" MODULE -- this module MANDATORY-GROUPS { qtechUserManageMIBGroup, qtechSecurityAddressMIBGroup, qtechPortSecurityMIBGroup } ::= { qtechSecurityMIBCompliances 1 } -- units of conformance qtechUserManageMIBGroup OBJECT-GROUP OBJECTS { qtechEnableSnmpAgent, qtechEnableWeb, qtechEnableTelnet } STATUS current DESCRIPTION "A collection of objects providing status snmp and web and telnet management agent to a Qtech agent." ::= { qtechSecurityMIBGroups 1 } qtechSecurityAddressMIBGroup OBJECT-GROUP OBJECTS { -- qtechSecurityAddressFdbId, -- qtechSecurityAddressAddress, -- qtechSecurityAddressPort, -- qtechSecurityAddressIpAddr, qtechSecurityAddressIfBindIp, qtechSecurityAddressRemainAge, qtechSecurityAddressType, qtechSecurityAddressStatus, -- qtechBindAddressIpAddr, qtechBindMacAddress, qtechBindAddressStatus } STATUS current DESCRIPTION "A collection of objects providing security address to a Qtech agent." ::= { qtechSecurityMIBGroups 2 } qtechPortSecurityMIBGroup OBJECT-GROUP OBJECTS { qtechPortSecurityPortIndex, qtechPortSecurityStatus, qtechPortSecurViolationType, qtechPortSecurityAddrNum, qtechPortSecurityAddrAge, qtechPortStaticSecurAddrIfAge, qtechPortSecurityAddressCurrentNum, qtechPortStaticSecurAddrCurrentNum, qtechPortSecurityIpDistrMode } STATUS current DESCRIPTION "A collection of objects providing port security to a Qtech agent." ::= { qtechSecurityMIBGroups 3 } END