433 lines
16 KiB
Plaintext
433 lines
16 KiB
Plaintext
CT-FASTPATH-DYNAMIC-ARP-INSPECTION-MIB DEFINITIONS ::= BEGIN
|
|
|
|
-- LVL7 FASTPATH DHCP Server MIB
|
|
-- Copyright LVL7 Systems (2002-2008) All rights reserved.
|
|
|
|
-- This SNMP Management Information Specification
|
|
-- embodies LVL7 System's confidential and proprietary
|
|
-- intellectual property. LVL7 Systems retains all title
|
|
-- and ownership in the Specification including any revisions.
|
|
|
|
-- This Specification is supplied "AS IS", LVL7 Systems
|
|
-- makes no warranty, either expressed or implied,
|
|
-- as to the use, operation, condition, or performance of the
|
|
-- Specification.
|
|
|
|
-- This module provides authoritative definitions for Cabletron's
|
|
-- CT-FASTPATH-DYNAMIC-ARP-INSPECTION-MIB.
|
|
--
|
|
-- This module will be extended, as needed.
|
|
--
|
|
-- Enterasys Networks reserves the right to make changes in
|
|
-- specification and other information contained in this document
|
|
-- without prior notice. The reader should consult Enterasys Networks
|
|
-- to determine whether any such changes have been made.
|
|
--
|
|
-- In no event shall Enterasys Networks be liable for any incidental,
|
|
-- indirect, special, or consequential damages whatsoever (including
|
|
-- but not limited to lost profits) arising out of or related to this
|
|
-- document or the information contained in it, even if Enterasys
|
|
-- Networks has been advised of, known, or should have known, the
|
|
-- possibility of such damages.
|
|
--
|
|
-- Enterasys grants vendors, end-users, and other interested parties
|
|
-- a non-exclusive license to use this Specification in connection
|
|
-- with the management of Enterasys and Cabletron products.
|
|
--
|
|
-- Copyright July 2008 Enterasys Networks, Inc.
|
|
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress,
|
|
Integer32, Unsigned32, TimeTicks, Counter32
|
|
FROM SNMPv2-SMI
|
|
TEXTUAL-CONVENTION, RowStatus, RowPointer, MacAddress,
|
|
StorageType, TruthValue, DisplayString, PhysAddress
|
|
FROM SNMPv2-TC
|
|
VlanIndex
|
|
FROM Q-BRIDGE-MIB
|
|
ifIndex
|
|
FROM IF-MIB
|
|
ctDynamicArpInspectionExpMib
|
|
FROM CTRON-MIB-NAMES;
|
|
|
|
ctFastPathDynamicArpInspectionMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200807231519Z" -- Wed Jul 23 15:19 UTC 2008
|
|
ORGANIZATION "Enterasys Networks, Inc."
|
|
CONTACT-INFO
|
|
"Postal: Enterasys Networks
|
|
50 Minuteman Rd.
|
|
Andover, MA 01810-1008
|
|
USA
|
|
Phone: +1 978 684 1000
|
|
E-mail: support@enterasys.com
|
|
WWW: http://www.enterasys.com"
|
|
DESCRIPTION
|
|
"The Enterasys MIB for FASTPATH Dynamic ARP INspection"
|
|
::= { ctDynamicArpInspectionExpMib 1 }
|
|
|
|
|
|
--**************************************************************************************
|
|
-- ctAgentDaiConfigGroup ->contains MIB Objects for configuring Dynamic ARP Inpection
|
|
--**************************************************************************************
|
|
--************ The Dynamic ARP Inspection Global Config Table ********
|
|
|
|
ctAgentDaiConfigGroup OBJECT IDENTIFIER ::={ ctFastPathDynamicArpInspectionMIB 1}
|
|
|
|
ctAgentDaiSrcMacValidate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether Sender MAC validation in the ARP
|
|
packets is enabled.
|
|
|
|
If this object is set to 'true', validation
|
|
is enabled.
|
|
|
|
If this object is set to 'false', validation
|
|
is disabled."
|
|
DEFVAL { false }
|
|
::= { ctAgentDaiConfigGroup 1 }
|
|
|
|
ctAgentDaiDstMacValidate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether Target MAC validation in the ARP
|
|
Response packets is enabled.
|
|
|
|
If this object is set to 'true', validation
|
|
is enabled.
|
|
|
|
If this object is set to 'false', validation
|
|
is disabled."
|
|
DEFVAL { false }
|
|
::= { ctAgentDaiConfigGroup 2 }
|
|
|
|
ctAgentDaiIPValidate OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether IP address validation in the ARP
|
|
packets is enabled.
|
|
|
|
If this object is set to 'true', validation
|
|
is enabled.
|
|
|
|
If this object is set to 'false', validation
|
|
is disabled."
|
|
DEFVAL { false }
|
|
::= { ctAgentDaiConfigGroup 3 }
|
|
|
|
|
|
--************ The Dynamic ARP Inspection VLAN Config Table ********
|
|
|
|
ctAgentDaiVlanConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtAgentDaiVlanConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table provides the mechanism to control Dynamic ARP
|
|
Inspection per VLAN. When a VLAN is created in a device
|
|
supporting this table, a corresponding entry of this table
|
|
will be added."
|
|
::= { ctAgentDaiConfigGroup 4 }
|
|
|
|
ctAgentDaiVlanConfigEntry OBJECT-TYPE
|
|
SYNTAX CtAgentDaiVlanConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row instance contains the configuration for Dynamic
|
|
ARP Inspection at each existing VLAN."
|
|
INDEX { ctAgentDaiVlanIndex }
|
|
::= { ctAgentDaiVlanConfigTable 1 }
|
|
|
|
CtAgentDaiVlanConfigEntry ::= SEQUENCE {
|
|
ctAgentDaiVlanIndex VlanIndex,
|
|
ctAgentDaiVlanDynArpInspEnable TruthValue,
|
|
ctAgentDaiVlanLoggingEnable TruthValue,
|
|
ctAgentDaiVlanArpAclName DisplayString,
|
|
ctAgentDaiVlanArpAclStaticFlag TruthValue
|
|
}
|
|
|
|
ctAgentDaiVlanIndex OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the VLAN number on which Dynamic ARP
|
|
Inspection feature is configured."
|
|
::= { ctAgentDaiVlanConfigEntry 1 }
|
|
|
|
ctAgentDaiVlanDynArpInspEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether Dynamic ARP Inspection is
|
|
enabled in this VLAN.
|
|
|
|
If this object is set to 'true', Dynamic ARP Inspection
|
|
is enabled.
|
|
|
|
If this object is set to 'false', Dynamic ARP Inspection
|
|
is disabled."
|
|
DEFVAL { false }
|
|
::= { ctAgentDaiVlanConfigEntry 2 }
|
|
|
|
ctAgentDaiVlanLoggingEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the Dynamic ARP Inspection
|
|
logging is enabled on this VlAN.
|
|
If this object is set to 'true', Dynamic ARP Inspection
|
|
logging is enabled.
|
|
If this object is set to 'false', Dynamic ARP Inspection
|
|
loging is disabled."
|
|
DEFVAL { true }
|
|
::= { ctAgentDaiVlanConfigEntry 3 }
|
|
|
|
ctAgentDaiVlanArpAclName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..31))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the ARP ACL name set for this VLAN."
|
|
::= { ctAgentDaiVlanConfigEntry 4 }
|
|
|
|
ctAgentDaiVlanArpAclStaticFlag OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the ARP ACL set for this
|
|
VLAN has static flag set.
|
|
If this object is set to 'true', static flag is enabled.
|
|
If this object is set to 'false', static flag is disabled."
|
|
DEFVAL { false }
|
|
::= { ctAgentDaiVlanConfigEntry 5 }
|
|
|
|
--************ The Dynamic ARP Inspection Vlan Statistics Table ********
|
|
|
|
ctAagentDaiStatsReset OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(0),
|
|
reset(1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Clear the DAI statistics on all vlans. A value of reset(1)
|
|
is used to reset the statistics. A read on this object will
|
|
always return the value none(0). The value none(0) cannot
|
|
be forcibly set by the administrator."
|
|
::= { ctAgentDaiConfigGroup 5 }
|
|
|
|
ctAgentDaiVlanStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtAgentDaiVlanStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table provides the mechanism to control Dynamic ARP
|
|
Inspection per VLAN. When a VLAN is created in a device
|
|
supporting this table, a corresponding entry of this table
|
|
will be added."
|
|
::= { ctAgentDaiConfigGroup 6 }
|
|
|
|
ctAgentDaiVlanStatsEntry OBJECT-TYPE
|
|
SYNTAX CtAgentDaiVlanStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row instance contains the Dynamic ARP Inspection
|
|
statistics per VLAN."
|
|
INDEX { ctAgentDaiVlanStatsIndex }
|
|
::= { ctAgentDaiVlanStatsTable 1 }
|
|
|
|
CtAgentDaiVlanStatsEntry ::= SEQUENCE {
|
|
ctAgentDaiVlanStatsIndex VlanIndex,
|
|
ctAgentDaiVlanPktsForwarded Counter32,
|
|
ctAgentDaiVlanPktsDropped Counter32,
|
|
ctAgentDaiVlanDhcpDrops Counter32,
|
|
ctAgentDaiVlanDhcpPermits Counter32,
|
|
ctAgentDaiVlanAclDrops Counter32,
|
|
ctAgentDaiVlanAclPermits Counter32,
|
|
ctAgentDaiVlanSrcMacFailures Counter32,
|
|
ctAgentDaiVlanDstMacFailures Counter32,
|
|
ctAgentDaiVlanIpValidFailures Counter32
|
|
}
|
|
|
|
ctAgentDaiVlanStatsIndex OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the VLAN number on which Dynamic ARP
|
|
Inspection statistics are retrieved."
|
|
::= { ctAgentDaiVlanStatsEntry 1 }
|
|
|
|
ctAgentDaiVlanPktsForwarded OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of valid ARP packets forwarded by DAI."
|
|
::= { ctAgentDaiVlanStatsEntry 2 }
|
|
|
|
ctAgentDaiVlanPktsDropped OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of invalid ARP packets dropped by DAI."
|
|
::= { ctAgentDaiVlanStatsEntry 3 }
|
|
|
|
ctAgentDaiVlanDhcpDrops OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ARP packets that were dropped by DAI as
|
|
there is no matching DHCP Snooping binding entry found."
|
|
::= { ctAgentDaiVlanStatsEntry 4 }
|
|
|
|
ctAgentDaiVlanDhcpPermits OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ARP packets that were forwarded by DAI as
|
|
there is a matching DHCP Snooping binding entry found."
|
|
::= { ctAgentDaiVlanStatsEntry 5 }
|
|
|
|
ctAgentDaiVlanAclDrops OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ARP packets that were dropped by DAI as
|
|
there is no matching ARP ACL rule found for this Vlan and
|
|
the static flag is set on this vlan."
|
|
::= { ctAgentDaiVlanStatsEntry 6 }
|
|
|
|
ctAgentDaiVlanAclPermits OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ARP packets that were permitted by DAI as
|
|
there is a matching ARP ACL rule found for this Vlan."
|
|
::= { ctAgentDaiVlanStatsEntry 7 }
|
|
|
|
ctAgentDaiVlanSrcMacFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ARP packets that were dropped by DAI as the
|
|
sender mac address in ARP packet didn't match the source
|
|
mac in ethernet header."
|
|
::= { ctAgentDaiVlanStatsEntry 8 }
|
|
|
|
ctAgentDaiVlanDstMacFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ARP packets that were dropped by DAI as the
|
|
target mac address in ARP reply packet didn't match the
|
|
destination mac in ethernet header."
|
|
::= { ctAgentDaiVlanStatsEntry 9 }
|
|
|
|
ctAgentDaiVlanIpValidFailures OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of ARP packets that were dropped by DAI as the
|
|
sender IP address in ARP packet or target IP address in
|
|
ARP reply packet is invalid. Invalid addresses include
|
|
0.0.0.0, 255.255.255.255, IP multicast addresses,
|
|
class E addresses (240.0.0.0/4), loopback addresses (127.0.0.0/8)."
|
|
::= { ctAgentDaiVlanStatsEntry 10 }
|
|
|
|
--************ The Dynamic ARP Inspection Interface Config Table ********
|
|
|
|
ctAgentDaiIfConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CtAgentDaiIfConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table provides the mechanism to configure the trust
|
|
state for Dynamic ARP Inspection purpose at each physical
|
|
interface capable of this feature."
|
|
::= { ctAgentDaiConfigGroup 7 }
|
|
|
|
ctAgentDaiIfConfigEntry OBJECT-TYPE
|
|
SYNTAX CtAgentDaiIfConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A row instance contains the configuration for
|
|
Dynamic ARP Inspection at each physical
|
|
interface capable of this feature."
|
|
INDEX { ifIndex }
|
|
::= { ctAgentDaiIfConfigTable 1 }
|
|
|
|
CtAgentDaiIfConfigEntry ::= SEQUENCE {
|
|
ctAgentDaiIfTrustEnable TruthValue,
|
|
ctAgentDaiIfRateLimit Unsigned32,
|
|
ctAgentDaiIfBurstInterval Unsigned32
|
|
}
|
|
|
|
ctAgentDaiIfTrustEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether the interface is trusted for
|
|
Dynamic ARP Inspection purpose.
|
|
|
|
If this object is set to 'true', the interface is trusted.
|
|
ARP packets coming to this interface will be forwarded
|
|
without checking.
|
|
|
|
If this object is set to 'false', the interface is not
|
|
trusted. ARP packets coming to this interface will be
|
|
subjected to ARP inspection."
|
|
DEFVAL { false }
|
|
::= { ctAgentDaiIfConfigEntry 1 }
|
|
|
|
ctAgentDaiIfRateLimit OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..300)
|
|
UNITS "packets per second"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates rate limit value for Dynamic ARP
|
|
Inspection purpose. If the incoming rate of ARP packets
|
|
exceeds the value of this object for consecutively
|
|
burst interval seconds, ARP packets will be
|
|
dropped. "
|
|
DEFVAL { 15 }
|
|
::= { ctAgentDaiIfConfigEntry 2 }
|
|
|
|
ctAgentDaiIfBurstInterval OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..15)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the burst interval value
|
|
for rate limiting purpose on this interface."
|
|
DEFVAL { 1 }
|
|
::= { ctAgentDaiIfConfigEntry 3 }
|
|
|
|
|
|
END
|