565 lines
19 KiB
Plaintext
565 lines
19 KiB
Plaintext
-- *****************************************************************
|
|
-- MY-SECURITY-MIB.mib: My Security MIB file
|
|
--
|
|
-- $Copyright$
|
|
--
|
|
-- *****************************************************************
|
|
--
|
|
|
|
DES7200-SECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Integer32,
|
|
Counter32,
|
|
IpAddress,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
TruthValue,
|
|
DisplayString,
|
|
RowStatus,
|
|
MacAddress
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP,
|
|
NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
ConfigStatus,
|
|
IfIndex
|
|
FROM DES7200-TC
|
|
ifIndex
|
|
FROM IF-MIB
|
|
EnabledStatus
|
|
FROM P-BRIDGE-MIB
|
|
myMgmt
|
|
FROM DES7200-SMI;
|
|
|
|
mySecurityMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200203200000Z"
|
|
ORGANIZATION "D-Link Crop."
|
|
CONTACT-INFO
|
|
"
|
|
http://support.dlink.com"
|
|
DESCRIPTION
|
|
"This module defines my security mibs."
|
|
REVISION "200203200000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { myMgmt 6}
|
|
|
|
mySecurityMIBObjects OBJECT IDENTIFIER ::= { mySecurityMIB 1 }
|
|
|
|
myUserManagementObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 1 }
|
|
|
|
mySecurityAddressObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 2 }
|
|
|
|
myPortSecrrityObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 3 }
|
|
|
|
--
|
|
-- user management
|
|
--
|
|
|
|
myEnableSnmpAgent OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enabled indicate that user can manage switch by snmp agent,
|
|
disabled indicate that user can't manage switch by snmp agent."
|
|
::= { myUserManagementObjects 1 }
|
|
|
|
myEnableWeb OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enabled indicate that user can manage switch by web,
|
|
disabled indicate that user can't manage switch by web."
|
|
::= { myUserManagementObjects 2 }
|
|
|
|
myEnableTelnet OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enabled indicate that user can manage switch by telnet,
|
|
disabled indicate that user can't manage switch by telnet."
|
|
::= { myUserManagementObjects 3 }
|
|
|
|
--TelnetHostIpTable
|
|
myTelnetHostIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyTelnetHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of telnet client's IP address, only these hostes can access the telnet server."
|
|
::= { myUserManagementObjects 4 }
|
|
|
|
myTelnetHostIpEntry OBJECT-TYPE
|
|
SYNTAX MyTelnetHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of telnet host IP address table."
|
|
INDEX { myTelnetHostIpAddress}
|
|
::= { myTelnetHostIpTable 1 }
|
|
|
|
MyTelnetHostIpEntry ::=
|
|
SEQUENCE {
|
|
myTelnetHostIpAddress
|
|
IpAddress,
|
|
myTelnetHostIpEnable
|
|
INTEGER
|
|
}
|
|
|
|
myTelnetHostIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The telnet client's IP address, Only these hostes can access the telnet server"
|
|
::= { myTelnetHostIpEntry 1 }
|
|
|
|
myTelnetHostIpEnable OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The telnet client's IP address enable state"
|
|
::= { myTelnetHostIpEntry 2 }
|
|
|
|
--WebHostIpTable
|
|
myWebHostIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyWebHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of web client's IP address, only these hostes can access the web server."
|
|
::= { myUserManagementObjects 5 }
|
|
|
|
myWebHostIpEntry OBJECT-TYPE
|
|
SYNTAX MyWebHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of web host IP address table."
|
|
INDEX { myWebHostIpAddress}
|
|
::= { myWebHostIpTable 1 }
|
|
|
|
MyWebHostIpEntry ::=
|
|
SEQUENCE {
|
|
myWebHostIpAddress
|
|
IpAddress,
|
|
myWebHostIpEnable
|
|
INTEGER
|
|
}
|
|
|
|
myWebHostIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The web client's IP address, Only these hostes can access the web server"
|
|
::= { myWebHostIpEntry 1 }
|
|
|
|
myWebHostIpEnable OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The web client's IP address enable state"
|
|
::= { myWebHostIpEntry 2 }
|
|
|
|
-- security address
|
|
|
|
mySecurityAddressTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MySecurityAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of security address."
|
|
::= { mySecurityAddressObjects 1 }
|
|
|
|
mySecurityAddressEntry OBJECT-TYPE
|
|
SYNTAX MySecurityAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of Security address table."
|
|
INDEX { mySecurityAddressFdbId,
|
|
mySecurityAddressAddress,
|
|
mySecurityAddressPort,
|
|
mySecurityAddressIpAddr}
|
|
::= { mySecurityAddressTable 1 }
|
|
|
|
MySecurityAddressEntry ::=
|
|
SEQUENCE {
|
|
mySecurityAddressFdbId
|
|
Unsigned32,
|
|
mySecurityAddressAddress
|
|
MacAddress,
|
|
mySecurityAddressPort
|
|
IfIndex,
|
|
mySecurityAddressIpAddr
|
|
IpAddress,
|
|
mySecurityAddressIfBindIp
|
|
TruthValue,
|
|
mySecurityAddressRemainAge
|
|
Integer32,
|
|
mySecurityAddressType
|
|
INTEGER,
|
|
mySecurityAddressStatus
|
|
RowStatus
|
|
}
|
|
|
|
mySecurityAddressFdbId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VID of vlan which the security address blongs to."
|
|
::= { mySecurityAddressEntry 1 }
|
|
|
|
mySecurityAddressAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the security address."
|
|
::= { mySecurityAddressEntry 2 }
|
|
|
|
mySecurityAddressPort OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface which the security address blongs to."
|
|
::= { mySecurityAddressEntry 3 }
|
|
|
|
mySecurityAddressIpAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address which the security address bind.It's meaning only when
|
|
mySecurityAddressIfBindIp is true."
|
|
::= { mySecurityAddressEntry 4 }
|
|
|
|
mySecurityAddressIfBindIp OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"this object offer the means whether security address will bind IP."
|
|
::= { mySecurityAddressEntry 5 }
|
|
|
|
mySecurityAddressRemainAge OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remain age of the security address, in units of minute."
|
|
::= { mySecurityAddressEntry 6 }
|
|
|
|
mySecurityAddressType OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
secureConfigured(1),
|
|
dynamicLearn(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the security address"
|
|
::= { mySecurityAddressEntry 7 }
|
|
|
|
mySecurityAddressStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"entry status of this entry. and the means in this enviraments can
|
|
reffer to the text-convention definition of the RowStatus."
|
|
::= { mySecurityAddressEntry 8 }
|
|
|
|
|
|
--Address Bind Table
|
|
myBindAddressTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyBindAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP-MAC bind table. The source MAC address must be bound when the switch receives the frame with
|
|
source IP address defined in this table. Otherwise, the frame will be discarded."
|
|
::= { mySecurityAddressObjects 2 }
|
|
|
|
myBindAddressEntry OBJECT-TYPE
|
|
SYNTAX MyBindAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of Bind address table."
|
|
INDEX { myBindAddressIpAddr}
|
|
::= { myBindAddressTable 1 }
|
|
|
|
MyBindAddressEntry ::=
|
|
SEQUENCE {
|
|
myBindAddressIpAddr
|
|
IpAddress,
|
|
myBindMacAddress
|
|
MacAddress,
|
|
myBindAddressStatus
|
|
ConfigStatus
|
|
}
|
|
myBindAddressIpAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address which the security address bind.It's meaning only when
|
|
myBindAddressIfBindIp is true."
|
|
::= { myBindAddressEntry 1 }
|
|
|
|
myBindMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the security address."
|
|
::= { myBindAddressEntry 2 }
|
|
|
|
myBindAddressStatus OBJECT-TYPE
|
|
SYNTAX ConfigStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"entry status. Setting this value to 'invalid' will remove this entry"
|
|
::= { myBindAddressEntry 3 }
|
|
|
|
-- port security
|
|
myPortSecurityTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyPortSecurityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"list of port security configuration objects."
|
|
::= { myPortSecrrityObjects 1 }
|
|
|
|
myPortSecurityEntry OBJECT-TYPE
|
|
SYNTAX MyPortSecurityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains port security configurations."
|
|
INDEX { myPortSecurityPortIndex }
|
|
::= { myPortSecurityTable 1 }
|
|
|
|
MyPortSecurityEntry ::=
|
|
SEQUENCE {
|
|
myPortSecurityPortIndex IfIndex,
|
|
myPortSecurityStatus EnabledStatus,
|
|
myPortSecurViolationType INTEGER,
|
|
myPortSecurityAddrNum Integer32,
|
|
myPortSecurityAddrAge Integer32,
|
|
myPortStaticSecurAddrIfAge EnabledStatus,
|
|
myPortSecurityAddressCurrentNum Integer32,
|
|
myPortStaticSecurAddrCurrentNum Integer32,
|
|
myPortSecurityIpDistrMode INTEGER
|
|
}
|
|
|
|
myPortSecurityPortIndex OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { myPortSecurityEntry 1 }
|
|
|
|
myPortSecurityStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
DEFVAL { disabled }
|
|
::= { myPortSecurityEntry 2 }
|
|
|
|
myPortSecurViolationType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
violation-protect(1),
|
|
violation-restrict(2),
|
|
violation-shutdown(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"this object define 3 grades of port security:
|
|
violation-protect(1):
|
|
normal security grade, indicate that when the a datagram received on a
|
|
port with illegal MAC address will be discarded but not send trap,
|
|
legal and illegal MAC to a port security is
|
|
defined by per port's security below.
|
|
violation-restrict(2):
|
|
normal security grade, indicate that when the a datagram received on a
|
|
port with illegal MAC address will be discarded and send trap, legal and illegal MAC
|
|
to a port security is defined by per port's security below.
|
|
violation-shutdown(3):
|
|
strict security grade, indicate that when the a datagram received on a
|
|
port with illegal MAC address, the port will be disabled for the violation
|
|
of the port's security and send trap."
|
|
DEFVAL { violation-protect }
|
|
::= { myPortSecurityEntry 3 }
|
|
|
|
myPortSecurityAddrNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value means the address number threshold of this port. A new address want to
|
|
add to the port address will be refused when address num exceed this value.
|
|
This value is valid when myPortSecurityStatus is 'disabled'"
|
|
::= { myPortSecurityEntry 4 }
|
|
|
|
myPortSecurityAddrAge OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Aging time in units of minute of security address of interface"
|
|
::= { myPortSecurityEntry 5 }
|
|
|
|
myPortStaticSecurAddrIfAge OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object offer the means whether enable static configured security address
|
|
aging."
|
|
::= { myPortSecurityEntry 6 }
|
|
|
|
myPortSecurityAddressCurrentNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current number of the security address of interface."
|
|
::= { myPortSecurityEntry 7 }
|
|
|
|
myPortStaticSecurAddrCurrentNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current number of the static configured security address of interface."
|
|
::= { myPortSecurityEntry 8 }
|
|
|
|
myPortSecurityIpDistrMode OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
static(1), --only Static IP Distribute enabled
|
|
dynamic(2), --only Dynamic IP Distribute enabled
|
|
staticAndDynamic(3), --both Static and Dynamic IP Distribute enable
|
|
unSpecified(4) --not specified
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Distrute Mode
|
|
(0:Static-only mode,
|
|
1:Dynamic-only mode,
|
|
2:Dynamic and Static mode,
|
|
3:Unspecified mode)"
|
|
::= { myPortSecurityEntry 9 }
|
|
|
|
mySecurityTraps OBJECT IDENTIFIER ::= { mySecurityMIB 2 }
|
|
|
|
portSecurityViolate NOTIFICATION-TYPE
|
|
OBJECTS {ifIndex}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"the mac lock violate trap indicates that if you
|
|
have set the threshold number of learned addresses
|
|
from a port, and their comes a new address from the
|
|
port, but the addresses for the port is already
|
|
full."
|
|
::= { mySecurityTraps 1 }
|
|
|
|
mySecurityMIBConformance OBJECT IDENTIFIER ::= { mySecurityMIB 3 }
|
|
mySecurityMIBCompliances OBJECT IDENTIFIER ::= { mySecurityMIBConformance 1 }
|
|
mySecurityMIBGroups OBJECT IDENTIFIER ::= { mySecurityMIBConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
mySecurityMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the My Security MIB"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { myUserManageMIBGroup,
|
|
mySecurityAddressMIBGroup,
|
|
myPortSecurityMIBGroup
|
|
}
|
|
::= { mySecurityMIBCompliances 1 }
|
|
|
|
-- units of conformance
|
|
|
|
myUserManageMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
myEnableSnmpAgent,
|
|
myEnableWeb,
|
|
myEnableTelnet
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing status snmp and web and telnet
|
|
management agent to a My agent."
|
|
::= { mySecurityMIBGroups 1 }
|
|
|
|
mySecurityAddressMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
-- mySecurityAddressFdbId,
|
|
-- mySecurityAddressAddress,
|
|
-- mySecurityAddressPort,
|
|
-- mySecurityAddressIpAddr,
|
|
mySecurityAddressIfBindIp,
|
|
mySecurityAddressRemainAge,
|
|
mySecurityAddressType,
|
|
mySecurityAddressStatus,
|
|
-- myBindAddressIpAddr,
|
|
myBindMacAddress,
|
|
myBindAddressStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing security address to a
|
|
My agent."
|
|
::= { mySecurityMIBGroups 2 }
|
|
|
|
myPortSecurityMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
myPortSecurityPortIndex,
|
|
myPortSecurityStatus,
|
|
myPortSecurViolationType,
|
|
myPortSecurityAddrNum,
|
|
myPortSecurityAddrAge,
|
|
myPortStaticSecurAddrIfAge,
|
|
myPortSecurityAddressCurrentNum,
|
|
myPortStaticSecurAddrCurrentNum,
|
|
myPortSecurityIpDistrMode
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing port security to a
|
|
My agent."
|
|
::= { mySecurityMIBGroups 3 }
|
|
|
|
END
|