567 lines
19 KiB
Plaintext
567 lines
19 KiB
Plaintext
-- *****************************************************************
|
|
-- FS-SECURITY-MIB.mib: FS Security MIB file
|
|
--
|
|
-- March 2002, Wuzg
|
|
--
|
|
-- Copyright (c) 2002 by FS.COM Inc..
|
|
-- All rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
--
|
|
|
|
FS-SECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Integer32,
|
|
IpAddress,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
TruthValue,
|
|
RowStatus,
|
|
MacAddress
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
ConfigStatus,
|
|
IfIndex
|
|
FROM FS-TC
|
|
ifIndex
|
|
FROM IF-MIB
|
|
EnabledStatus
|
|
FROM P-BRIDGE-MIB
|
|
fsMgmt
|
|
FROM FS-SMI;
|
|
|
|
fsSecurityMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200203200000Z"
|
|
ORGANIZATION "FS.COM Inc.."
|
|
CONTACT-INFO
|
|
"
|
|
Tel: 400-865-2852
|
|
|
|
E-mail: https://www.fs.com/live_chat_service_mail.html"
|
|
DESCRIPTION
|
|
"This module defines fs security mibs."
|
|
REVISION "200203200000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { fsMgmt 6}
|
|
|
|
fsSecurityMIBObjects OBJECT IDENTIFIER ::= { fsSecurityMIB 1 }
|
|
|
|
fsUserManagementObjects OBJECT IDENTIFIER ::= { fsSecurityMIBObjects 1 }
|
|
|
|
fsSecurityAddressObjects OBJECT IDENTIFIER ::= { fsSecurityMIBObjects 2 }
|
|
|
|
fsPortSecrrityObjects OBJECT IDENTIFIER ::= { fsSecurityMIBObjects 3 }
|
|
|
|
--
|
|
-- user management
|
|
--
|
|
|
|
fsEnableSnmpAgent OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enabled indicate that user can manage switch by snmp agent,
|
|
disabled indicate that user can't manage switch by snmp agent."
|
|
::= { fsUserManagementObjects 1 }
|
|
|
|
fsEnableWeb OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enabled indicate that user can manage switch by web,
|
|
disabled indicate that user can't manage switch by web."
|
|
::= { fsUserManagementObjects 2 }
|
|
|
|
fsEnableTelnet OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enabled indicate that user can manage switch by telnet,
|
|
disabled indicate that user can't manage switch by telnet."
|
|
::= { fsUserManagementObjects 3 }
|
|
|
|
--TelnetHostIpTable
|
|
fsTelnetHostIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FSTelnetHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of telnet client's IP address, only these hostes can access the telnet server."
|
|
::= { fsUserManagementObjects 4 }
|
|
|
|
fsTelnetHostIpEntry OBJECT-TYPE
|
|
SYNTAX FSTelnetHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of telnet host IP address table."
|
|
INDEX { fsTelnetHostIpAddress}
|
|
::= { fsTelnetHostIpTable 1 }
|
|
|
|
FSTelnetHostIpEntry ::=
|
|
SEQUENCE {
|
|
fsTelnetHostIpAddress
|
|
IpAddress,
|
|
fsTelnetHostIpEnable
|
|
INTEGER
|
|
}
|
|
|
|
fsTelnetHostIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The telnet client's IP address, Only these hostes can access the telnet server"
|
|
::= { fsTelnetHostIpEntry 1 }
|
|
|
|
fsTelnetHostIpEnable OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The telnet client's IP address enable state"
|
|
::= { fsTelnetHostIpEntry 2 }
|
|
|
|
--WebHostIpTable
|
|
fsWebHostIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FSWebHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of web client's IP address, only these hostes can access the web server."
|
|
::= { fsUserManagementObjects 5 }
|
|
|
|
fsWebHostIpEntry OBJECT-TYPE
|
|
SYNTAX FSWebHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of web host IP address table."
|
|
INDEX { fsWebHostIpAddress}
|
|
::= { fsWebHostIpTable 1 }
|
|
|
|
FSWebHostIpEntry ::=
|
|
SEQUENCE {
|
|
fsWebHostIpAddress
|
|
IpAddress,
|
|
fsWebHostIpEnable
|
|
INTEGER
|
|
}
|
|
|
|
fsWebHostIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The web client's IP address, Only these hostes can access the web server"
|
|
::= { fsWebHostIpEntry 1 }
|
|
|
|
fsWebHostIpEnable OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The web client's IP address enable state"
|
|
::= { fsWebHostIpEntry 2 }
|
|
|
|
-- security address
|
|
|
|
fsSecurityAddressTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FSSecurityAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of security address."
|
|
::= { fsSecurityAddressObjects 1 }
|
|
|
|
fsSecurityAddressEntry OBJECT-TYPE
|
|
SYNTAX FSSecurityAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of Security address table."
|
|
INDEX { fsSecurityAddressFdbId,
|
|
fsSecurityAddressAddress,
|
|
fsSecurityAddressPort,
|
|
fsSecurityAddressIpAddr}
|
|
::= { fsSecurityAddressTable 1 }
|
|
|
|
FSSecurityAddressEntry ::=
|
|
SEQUENCE {
|
|
fsSecurityAddressFdbId
|
|
Unsigned32,
|
|
fsSecurityAddressAddress
|
|
MacAddress,
|
|
fsSecurityAddressPort
|
|
IfIndex,
|
|
fsSecurityAddressIpAddr
|
|
IpAddress,
|
|
fsSecurityAddressIfBindIp
|
|
TruthValue,
|
|
fsSecurityAddressRemainAge
|
|
Integer32,
|
|
fsSecurityAddressType
|
|
INTEGER,
|
|
fsSecurityAddressStatus
|
|
RowStatus
|
|
}
|
|
|
|
fsSecurityAddressFdbId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VID of vlan which the security address blongs to."
|
|
::= { fsSecurityAddressEntry 1 }
|
|
|
|
fsSecurityAddressAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the security address."
|
|
::= { fsSecurityAddressEntry 2 }
|
|
|
|
fsSecurityAddressPort OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface which the security address blongs to."
|
|
::= { fsSecurityAddressEntry 3 }
|
|
|
|
fsSecurityAddressIpAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address which the security address bind.It's meaning only when
|
|
fsSecurityAddressIfBindIp is true."
|
|
::= { fsSecurityAddressEntry 4 }
|
|
|
|
fsSecurityAddressIfBindIp OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"this object offer the means whether security address will bind IP."
|
|
::= { fsSecurityAddressEntry 5 }
|
|
|
|
fsSecurityAddressRemainAge OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remain age of the security address, in units of minute."
|
|
::= { fsSecurityAddressEntry 6 }
|
|
|
|
fsSecurityAddressType OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
secureConfigured(1),
|
|
dynamicLearn(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the security address"
|
|
::= { fsSecurityAddressEntry 7 }
|
|
|
|
fsSecurityAddressStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"entry status of this entry. and the means in this enviraments can
|
|
reffer to the text-convention definition of the RowStatus."
|
|
::= { fsSecurityAddressEntry 8 }
|
|
|
|
|
|
--Address Bind Table
|
|
fsBindAddressTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FSBindAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP-MAC bind table. The source MAC address must be bound when the switch receives the frame with
|
|
source IP address defined in this table. Otherwise, the frame will be discarded."
|
|
::= { fsSecurityAddressObjects 2 }
|
|
|
|
fsBindAddressEntry OBJECT-TYPE
|
|
SYNTAX FSBindAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of Bind address table."
|
|
INDEX { fsBindAddressIpAddr}
|
|
::= { fsBindAddressTable 1 }
|
|
|
|
FSBindAddressEntry ::=
|
|
SEQUENCE {
|
|
fsBindAddressIpAddr
|
|
IpAddress,
|
|
fsBindMacAddress
|
|
MacAddress,
|
|
fsBindAddressStatus
|
|
ConfigStatus
|
|
}
|
|
fsBindAddressIpAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address which the security address bind.It's meaning only when
|
|
fsBindAddressIfBindIp is true."
|
|
::= { fsBindAddressEntry 1 }
|
|
|
|
fsBindMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the security address."
|
|
::= { fsBindAddressEntry 2 }
|
|
|
|
fsBindAddressStatus OBJECT-TYPE
|
|
SYNTAX ConfigStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"entry status. Setting this value to 'invalid' will remove this entry"
|
|
::= { fsBindAddressEntry 3 }
|
|
|
|
-- port security
|
|
fsPortSecurityTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FSPortSecurityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"list of port security configuration objects."
|
|
::= { fsPortSecrrityObjects 1 }
|
|
|
|
fsPortSecurityEntry OBJECT-TYPE
|
|
SYNTAX FSPortSecurityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains port security configurations."
|
|
INDEX { fsPortSecurityPortIndex }
|
|
::= { fsPortSecurityTable 1 }
|
|
|
|
FSPortSecurityEntry ::=
|
|
SEQUENCE {
|
|
fsPortSecurityPortIndex IfIndex,
|
|
fsPortSecurityStatus EnabledStatus,
|
|
fsPortSecurViolationType INTEGER,
|
|
fsPortSecurityAddrNum Integer32,
|
|
fsPortSecurityAddrAge Integer32,
|
|
fsPortStaticSecurAddrIfAge EnabledStatus,
|
|
fsPortSecurityAddressCurrentNum Integer32,
|
|
fsPortStaticSecurAddrCurrentNum Integer32,
|
|
fsPortSecurityIpDistrMode INTEGER
|
|
}
|
|
|
|
fsPortSecurityPortIndex OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { fsPortSecurityEntry 1 }
|
|
|
|
fsPortSecurityStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
DEFVAL { disabled }
|
|
::= { fsPortSecurityEntry 2 }
|
|
|
|
fsPortSecurViolationType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
violation-protect(1),
|
|
violation-restrict(2),
|
|
violation-shutdown(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"this object define 3 grades of port security:
|
|
violation-protect(1):
|
|
normal security grade, indicate that when the a datagram received on a
|
|
port with illegal MAC address will be discarded but not send trap,
|
|
legal and illegal MAC to a port security is
|
|
defined by per port's security below.
|
|
violation-restrict(2):
|
|
normal security grade, indicate that when the a datagram received on a
|
|
port with illegal MAC address will be discarded and send trap, legal and illegal MAC
|
|
to a port security is defined by per port's security below.
|
|
violation-shutdown(3):
|
|
strict security grade, indicate that when the a datagram received on a
|
|
port with illegal MAC address, the port will be disabled for the violation
|
|
of the port's security and send trap."
|
|
DEFVAL { violation-protect }
|
|
::= { fsPortSecurityEntry 3 }
|
|
|
|
fsPortSecurityAddrNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value means the address number threshold of this port. A new address want to
|
|
add to the port address will be refused when address num exceed this value.
|
|
This value is valid when fsPortSecurityStatus is 'disabled'"
|
|
::= { fsPortSecurityEntry 4 }
|
|
|
|
fsPortSecurityAddrAge OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Aging time in units of minute of security address of interface"
|
|
::= { fsPortSecurityEntry 5 }
|
|
|
|
fsPortStaticSecurAddrIfAge OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object offer the means whether enable static configured security address
|
|
aging."
|
|
::= { fsPortSecurityEntry 6 }
|
|
|
|
fsPortSecurityAddressCurrentNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current number of the security address of interface."
|
|
::= { fsPortSecurityEntry 7 }
|
|
|
|
fsPortStaticSecurAddrCurrentNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current number of the static configured security address of interface."
|
|
::= { fsPortSecurityEntry 8 }
|
|
|
|
fsPortSecurityIpDistrMode OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
static(1), --only Static IP Distribute enabled
|
|
dynamic(2), --only Dynamic IP Distribute enabled
|
|
staticAndDynamic(3), --both Static and Dynamic IP Distribute enable
|
|
unSpecified(4) --not specified
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Distrute Mode
|
|
(0:Static-only mode,
|
|
1:Dynamic-only mode,
|
|
2:Dynamic and Static mode,
|
|
3:Unspecified mode)"
|
|
::= { fsPortSecurityEntry 9 }
|
|
|
|
fsSecurityTraps OBJECT IDENTIFIER ::= { fsSecurityMIB 2 }
|
|
|
|
portSecurityViolate NOTIFICATION-TYPE
|
|
OBJECTS {ifIndex}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"the mac lock violate trap indicates that if you
|
|
have set the threshold number of learned addresses
|
|
from a port, and their comes a new address from the
|
|
port, but the addresses for the port is already
|
|
full."
|
|
::= { fsSecurityTraps 1 }
|
|
|
|
fsSecurityMIBConformance OBJECT IDENTIFIER ::= { fsSecurityMIB 3 }
|
|
fsSecurityMIBCompliances OBJECT IDENTIFIER ::= { fsSecurityMIBConformance 1 }
|
|
fsSecurityMIBGroups OBJECT IDENTIFIER ::= { fsSecurityMIBConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
fsSecurityMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the FS Security MIB"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { fsUserManageMIBGroup,
|
|
fsSecurityAddressMIBGroup,
|
|
fsPortSecurityMIBGroup
|
|
}
|
|
::= { fsSecurityMIBCompliances 1 }
|
|
|
|
-- units of conformance
|
|
|
|
fsUserManageMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
fsEnableSnmpAgent,
|
|
fsEnableWeb,
|
|
fsEnableTelnet
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing status snmp and web and telnet
|
|
management agent to a FS agent."
|
|
::= { fsSecurityMIBGroups 1 }
|
|
|
|
fsSecurityAddressMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
-- fsSecurityAddressFdbId,
|
|
-- fsSecurityAddressAddress,
|
|
-- fsSecurityAddressPort,
|
|
-- fsSecurityAddressIpAddr,
|
|
fsSecurityAddressIfBindIp,
|
|
fsSecurityAddressRemainAge,
|
|
fsSecurityAddressType,
|
|
fsSecurityAddressStatus,
|
|
-- fsBindAddressIpAddr,
|
|
fsBindMacAddress,
|
|
fsBindAddressStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing security address to a
|
|
FS agent."
|
|
::= { fsSecurityMIBGroups 2 }
|
|
|
|
fsPortSecurityMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
fsPortSecurityPortIndex,
|
|
fsPortSecurityStatus,
|
|
fsPortSecurViolationType,
|
|
fsPortSecurityAddrNum,
|
|
fsPortSecurityAddrAge,
|
|
fsPortStaticSecurAddrIfAge,
|
|
fsPortSecurityAddressCurrentNum,
|
|
fsPortStaticSecurAddrCurrentNum,
|
|
fsPortSecurityIpDistrMode
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing port security to a
|
|
FS agent."
|
|
::= { fsSecurityMIBGroups 3 }
|
|
|
|
END
|