492 lines
21 KiB
Plaintext
492 lines
21 KiB
Plaintext
--**MOD+************************************************************************
|
|
--* Module: ARUBAWIRED-PORTSECURITY-MIB : Port Security MIB file
|
|
--*
|
|
--* (c) Copyright 2021 Hewlett Packard Enterprise Development LP
|
|
--* All Rights Reserved.
|
|
--*
|
|
--* The contents of this software are proprietary and confidential
|
|
--* to the Hewlett-Packard Development Company, L.P. No part of this
|
|
--* program may be photocopied, reproduced, or translated into another
|
|
--* programming language without prior written consent of the
|
|
--* Hewlett-Packard Development Company, L.P.
|
|
--*
|
|
--* Purpose: This file contains MIB definition of ARUBAWIRED-PORTSECURITY-MIB
|
|
--*
|
|
--**MOD-************************************************************************
|
|
|
|
ARUBAWIRED-PORTSECURITY-MIB DEFINITIONS ::= BEGIN
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
|
|
Counter32, Unsigned32
|
|
FROM SNMPv2-SMI
|
|
DisplayString, TruthValue, MacAddress, RowStatus, TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE , OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
wndFeatures
|
|
FROM ARUBAWIRED-NETWORKING-OID;
|
|
|
|
arubaWiredPortSecurityMIB MODULE-IDENTITY
|
|
LAST-UPDATED "202110200000Z" -- October 20, 2021
|
|
ORGANIZATION "HPE/Aruba Networking Division"
|
|
CONTACT-INFO "Hewlett Packard Enterprise
|
|
3000 Hanover St.
|
|
Palo Alto, CA 94304-1112"
|
|
DESCRIPTION
|
|
"This MIB module for Port Security"
|
|
REVISION "202110200000Z" -- October 20, 2021
|
|
DESCRIPTION
|
|
"Initial version of this MIB module"
|
|
::= { wndFeatures 21 }
|
|
|
|
|
|
-- Top-level structure of MIB
|
|
arubaWiredPortSecurityNotifications OBJECT IDENTIFIER ::= { arubaWiredPortSecurityMIB 0}
|
|
arubaWiredPortSecurityObjects OBJECT IDENTIFIER ::= { arubaWiredPortSecurityMIB 1}
|
|
arubaWiredPortSecurityGlobalObjects OBJECT IDENTIFIER ::= { arubaWiredPortSecurityObjects 1}
|
|
arubaWiredPortSecurityPortObjects OBJECT IDENTIFIER ::= { arubaWiredPortSecurityObjects 2}
|
|
|
|
-- textual conventions
|
|
|
|
VidList ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "512x"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each octet within this value specifies a set of eight
|
|
VLAN index (VID), with the first octet specifying VIDs 1
|
|
through 8, the second octet specifying VIDs 9 through 16,
|
|
etc. Within each octet, the most significant bit represents
|
|
the lowest numbered VID, and the least significant bit
|
|
represents the highest numbered VID. Thus, each VID
|
|
is represented by a single bit within the value of this
|
|
object. If that bit has a value of 1 then that VID is
|
|
included in the set of VIDs; the VID is not included if its
|
|
bit has a value of 0. This list represents the entire
|
|
range of VLAN index values defined in the scope of IEEE
|
|
802.1Q."
|
|
SYNTAX OCTET STRING (SIZE (512))
|
|
|
|
ArubaWiredPortSecurityMacAddrType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"These are the different type of secure mac addresss.
|
|
|
|
dynamic(0) - A secure MAC address which is
|
|
learned on the switch.
|
|
static(1) - A secure MAC address which is
|
|
configured by user.
|
|
stickyDynamic(2) - A secure MAC address which is learned on
|
|
the switch and sticks to the port.
|
|
stickyStatic(3) - A secure MAC address which is configured
|
|
by user and sticks to the port."
|
|
SYNTAX INTEGER {
|
|
dynamic(0),
|
|
static(1),
|
|
stickyDynamic(2),
|
|
stickyStatic(3)
|
|
}
|
|
|
|
-- Port Security Global Configuration Objects
|
|
|
|
arubaWiredPortSecurityGlobalEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Indicates whether Port Security is enabled or
|
|
disabled. By default this object will have a
|
|
value of false."
|
|
DEFVAL { false }
|
|
::= { arubaWiredPortSecurityGlobalObjects 1 }
|
|
|
|
-- Port Security Port Configuration Table
|
|
|
|
arubaWiredPortSecurityPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ArubaWiredPortSecurityPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of port security configuration and status entries.
|
|
The number of entries is determined by the number of
|
|
ports in the system that can support the
|
|
port security feature. Ports that are not
|
|
port security capable will not be displayed
|
|
in this table. This table includes ports
|
|
on which port security parameters can be set even
|
|
if port security feature itself cannot be enabled
|
|
due to conflict with other features."
|
|
::= { arubaWiredPortSecurityPortObjects 1 }
|
|
|
|
arubaWiredPortSecurityPortEntry OBJECT-TYPE
|
|
SYNTAX ArubaWiredPortSecurityPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port Security configuration information for a single port."
|
|
INDEX { arubaWiredifIndex }
|
|
::= { arubaWiredPortSecurityPortTable 1 }
|
|
|
|
ArubaWiredPortSecurityPortEntry ::= SEQUENCE {
|
|
arubaWiredifIndex Unsigned32,
|
|
arubaWiredPortSecurityEnable TruthValue,
|
|
arubaWiredClientLimit Unsigned32,
|
|
arubaWiredCurrentSecureMacAddrCount Unsigned32,
|
|
arubaWiredViolationAction INTEGER,
|
|
arubaWiredClientViolationStatus TruthValue,
|
|
arubaWiredClientViolationReason INTEGER,
|
|
arubaWiredClientLimitViolationCount Counter32,
|
|
arubaWiredStickyClientMoveViolationCount Counter32,
|
|
arubaWiredRecoveryTimer Unsigned32,
|
|
arubaWiredShutdownRecovery TruthValue,
|
|
arubaWiredStickyEnable TruthValue
|
|
}
|
|
|
|
arubaWiredifIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967295)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Indicates the unique port index."
|
|
::= { arubaWiredPortSecurityPortEntry 1 }
|
|
|
|
arubaWiredPortSecurityEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "This object indicates whether port security
|
|
feature is enabled on a port. The default value
|
|
is false."
|
|
DEFVAL { false }
|
|
::= { arubaWiredPortSecurityPortEntry 2 }
|
|
|
|
arubaWiredClientLimit OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..64)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "The maximum number (N) of MAC addresss to be
|
|
secured on the interface. The first N MAC
|
|
addresss learned or configured are made secured."
|
|
DEFVAL { 1 }
|
|
::= { arubaWiredPortSecurityPortEntry 3 }
|
|
|
|
arubaWiredCurrentSecureMacAddrCount OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..64)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The current number of MAC addresss secured
|
|
on this interface."
|
|
::= { arubaWiredPortSecurityPortEntry 4 }
|
|
|
|
arubaWiredViolationAction OBJECT-TYPE
|
|
SYNTAX INTEGER { notify(1), shutdown(2)}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Determines the action that the device will
|
|
take if the traffic matches the port security
|
|
violation.
|
|
notify(1) - Send an SNMP trap and log an event when
|
|
a violation occurs.
|
|
shutdown(2) - Send an SNMP trap, log an event and
|
|
shutdown the port when a violation
|
|
occurs."
|
|
DEFVAL { 1 }
|
|
::= { arubaWiredPortSecurityPortEntry 5 }
|
|
|
|
arubaWiredClientViolationStatus OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Indicates whether this port is
|
|
currently in violation state or not."
|
|
::= { arubaWiredPortSecurityPortEntry 6 }
|
|
|
|
arubaWiredClientViolationReason OBJECT-TYPE
|
|
SYNTAX INTEGER { none(0), clientLimitExceeded(1),
|
|
stickyClientMove(2) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object represents the reason for violation.
|
|
|
|
none(0) - None of the violation is triggered.
|
|
clientLimitExceeded(1) - Indicates whether the
|
|
port is in a state where its client limit has been
|
|
violated. This will be reset when the client limit
|
|
reduces to below the threshold or the link goes
|
|
down.
|
|
stickyClientMove(2) - Indicates whether the port
|
|
is in a state where sticky mac client move has been
|
|
violated. This will be reset when the link goes
|
|
down."
|
|
DEFVAL { 0 }
|
|
::= { arubaWiredPortSecurityPortEntry 7 }
|
|
|
|
arubaWiredClientLimitViolationCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Number of client limit violations that have occurred
|
|
on this port since system boot."
|
|
::= { arubaWiredPortSecurityPortEntry 8 }
|
|
|
|
arubaWiredStickyClientMoveViolationCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Number of sticky mac client move violations that
|
|
have occurred on this port since system boot."
|
|
::= { arubaWiredPortSecurityPortEntry 9 }
|
|
|
|
arubaWiredRecoveryTimer OBJECT-TYPE
|
|
SYNTAX Unsigned32 (10..600)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Time in seconds after which the port will be
|
|
re-enabled if it was shutdown in response to a
|
|
violation event. This is only applicable if shutdown
|
|
recovery is enabled."
|
|
DEFVAL { 10 }
|
|
::= { arubaWiredPortSecurityPortEntry 10 }
|
|
|
|
arubaWiredShutdownRecovery OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Enable auto-recovery for the port. This is only
|
|
relevant when the violation action is set to
|
|
shutdown. The port is re-enabled after the recovery
|
|
timer has expired."
|
|
DEFVAL { false }
|
|
::= { arubaWiredPortSecurityPortEntry 11 }
|
|
|
|
arubaWiredStickyEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Indicates whether port security sticky MAC learning
|
|
is enabled on this port. This is only supported on
|
|
physical ports."
|
|
DEFVAL { false }
|
|
::= { arubaWiredPortSecurityPortEntry 12 }
|
|
|
|
-- Port Security Client Table.
|
|
-- This table is used to display port security MAC addresss
|
|
-- on a port.
|
|
|
|
arubaWiredPortSecurityClientTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ArubaWiredPortSecurityClientEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Information describing the port security
|
|
clients."
|
|
::= { arubaWiredPortSecurityPortObjects 2 }
|
|
|
|
arubaWiredPortSecurityClientEntry OBJECT-TYPE
|
|
SYNTAX ArubaWiredPortSecurityClientEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Information describing the port security client."
|
|
INDEX { arubaWiredClientPortName, arubaWiredClientMac }
|
|
::= { arubaWiredPortSecurityClientTable 1 }
|
|
|
|
ArubaWiredPortSecurityClientEntry ::= SEQUENCE {
|
|
arubaWiredClientPortName
|
|
DisplayString,
|
|
arubaWiredClientMac
|
|
MacAddress,
|
|
arubaWiredClientAuthorizationState
|
|
DisplayString,
|
|
arubaWiredClientMacType
|
|
ArubaWiredPortSecurityMacAddrType
|
|
}
|
|
|
|
arubaWiredClientPortName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..8))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "The port ifIndex of the client"
|
|
::= { arubaWiredPortSecurityClientEntry 1 }
|
|
|
|
arubaWiredClientMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "MAC address of the client"
|
|
::= { arubaWiredPortSecurityClientEntry 2 }
|
|
|
|
arubaWiredClientAuthorizationState OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "State of the port security client."
|
|
::= { arubaWiredPortSecurityClientEntry 3 }
|
|
|
|
arubaWiredClientMacType OBJECT-TYPE
|
|
SYNTAX ArubaWiredPortSecurityMacAddrType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The learnt type of the MAC address."
|
|
::= { arubaWiredPortSecurityClientEntry 4 }
|
|
|
|
-- Port Security Port Static MAC Configuration Table
|
|
|
|
arubaWiredPortSecurityMacCfgTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ArubaWiredPortSecurityMacCfgEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of port security static MAC configuration entries."
|
|
::= { arubaWiredPortSecurityPortObjects 3 }
|
|
|
|
arubaWiredPortSecurityMacCfgEntry OBJECT-TYPE
|
|
SYNTAX ArubaWiredPortSecurityMacCfgEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Information describing the port security static MAC
|
|
configuration entries."
|
|
INDEX { arubaWiredPortifIndex, arubaWiredStaticMacType,
|
|
arubaWiredStaticClientMac}
|
|
::= { arubaWiredPortSecurityMacCfgTable 1 }
|
|
|
|
ArubaWiredPortSecurityMacCfgEntry ::= SEQUENCE {
|
|
arubaWiredPortifIndex Unsigned32,
|
|
arubaWiredStaticMacType TruthValue,
|
|
arubaWiredStaticClientMac MacAddress,
|
|
arubaWiredClientMacVidList VidList,
|
|
arubaWiredMacAddrRowStatus RowStatus
|
|
}
|
|
|
|
arubaWiredPortifIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967295)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Indicates the unique port index."
|
|
::= { arubaWiredPortSecurityMacCfgEntry 1 }
|
|
|
|
arubaWiredStaticMacType OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Determines the type of MAC address.
|
|
0 - The non sticky MAC address.
|
|
1 - The sticky MAC address."
|
|
::= { arubaWiredPortSecurityMacCfgEntry 2 }
|
|
|
|
arubaWiredStaticClientMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "MAC address of the client."
|
|
::= { arubaWiredPortSecurityMacCfgEntry 3 }
|
|
|
|
arubaWiredClientMacVidList OBJECT-TYPE
|
|
SYNTAX VidList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION "List of VLANs on which this mac address
|
|
is configured."
|
|
::= { arubaWiredPortSecurityMacCfgEntry 4 }
|
|
|
|
arubaWiredMacAddrRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a conceptual row entry that allows adding
|
|
or deleting static port security mac entries on a port."
|
|
::= { arubaWiredPortSecurityMacCfgEntry 5 }
|
|
|
|
-- arubaWiredPortSecurity Notifications
|
|
arubaWiredPortSecurityViolationStatusChange NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
arubaWiredifIndex,
|
|
arubaWiredClientMac,
|
|
arubaWiredClientViolationStatus,
|
|
arubaWiredClientViolationReason
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated when a violation is triggered."
|
|
::= { arubaWiredPortSecurityNotifications 1 }
|
|
|
|
-- Conformance Information
|
|
|
|
arubaWiredPortSecurityConformance OBJECT IDENTIFIER ::= { arubaWiredPortSecurityMIB 2 }
|
|
arubaWiredPortSecurityGroups OBJECT IDENTIFIER ::= { arubaWiredPortSecurityConformance 1 }
|
|
|
|
arubaWiredPortSecurityPortGroup OBJECT-GROUP
|
|
OBJECTS { arubaWiredifIndex,
|
|
arubaWiredPortSecurityEnable,
|
|
arubaWiredClientLimit,
|
|
arubaWiredCurrentSecureMacAddrCount,
|
|
arubaWiredViolationAction,
|
|
arubaWiredClientViolationStatus,
|
|
arubaWiredClientViolationReason,
|
|
arubaWiredClientLimitViolationCount,
|
|
arubaWiredStickyClientMoveViolationCount,
|
|
arubaWiredRecoveryTimer,
|
|
arubaWiredShutdownRecovery,
|
|
arubaWiredStickyEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "These objects are used for describing
|
|
Port Security port parameters"
|
|
::= { arubaWiredPortSecurityGroups 1 }
|
|
|
|
arubaWiredPortSecurityClientGroup OBJECT-GROUP
|
|
OBJECTS { arubaWiredClientMac,
|
|
arubaWiredClientAuthorizationState,
|
|
arubaWiredClientMacType
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "These objects are used for describing
|
|
Port Security Client parameters"
|
|
::= { arubaWiredPortSecurityGroups 2 }
|
|
|
|
arubaWiredPortSecurityMacCfgGroup OBJECT-GROUP
|
|
OBJECTS { arubaWiredClientMacVidList,
|
|
arubaWiredMacAddrRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "These objects are used for describing
|
|
Port Security static mac parameters"
|
|
::= { arubaWiredPortSecurityGroups 3 }
|
|
|
|
arubaWiredPortSecurityGlobalCfgGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
arubaWiredPortSecurityGlobalEnable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "These objects are used for describing
|
|
port security global configuration parameters"
|
|
::= { arubaWiredPortSecurityGroups 4 }
|
|
|
|
arubaWiredPortSecurityNotificationsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
arubaWiredPortSecurityViolationStatusChange
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "A collection of Port security notification objects."
|
|
::= { arubaWiredPortSecurityGroups 5 }
|
|
|
|
-- Compliance Statements
|
|
|
|
arubaWiredPortSecurityCompliances OBJECT IDENTIFIER ::=
|
|
{arubaWiredPortSecurityConformance 2}
|
|
|
|
arubaWiredPortSecurityCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION "The compliance statement for devices
|
|
with support of Port Access Clients"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { arubaWiredPortSecurityPortGroup,
|
|
arubaWiredPortSecurityClientGroup,
|
|
arubaWiredPortSecurityMacCfgGroup,
|
|
arubaWiredPortSecurityGlobalCfgGroup,
|
|
arubaWiredPortSecurityNotificationsGroup
|
|
}
|
|
::= { arubaWiredPortSecurityCompliances 1 }
|
|
END
|
|
|