444 lines
16 KiB
Plaintext
444 lines
16 KiB
Plaintext
HM2-PLATFORM-PORTSECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
--
|
|
-- ***********************************************************
|
|
-- Hirschmann Platform Portsecurity MIB
|
|
-- ***********************************************************
|
|
--
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
|
|
Unsigned32 FROM SNMPv2-SMI
|
|
DisplayString,
|
|
MacAddress,
|
|
TruthValue FROM SNMPv2-TC
|
|
ifIndex FROM IF-MIB
|
|
hm2PlatformMibs, HmEnabledStatus FROM HM2-TC-MIB;
|
|
|
|
hm2PlatformPortSecurity MODULE-IDENTITY
|
|
LAST-UPDATED "201107120000Z" -- July 12, 2011
|
|
ORGANIZATION "Hirschmann Automation and Control GmbH"
|
|
CONTACT-INFO
|
|
"Postal: Stuttgarter Str. 45-51
|
|
72654 Neckartenzlingen
|
|
Germany
|
|
Phone: +49 7127 140
|
|
E-mail: hac.support@belden.com"
|
|
DESCRIPTION
|
|
"The Hirschmann Private Platform2 MIB for Port Security Feature.
|
|
Copyright (C) 2011. All Rights Reserved."
|
|
REVISION
|
|
"201107120000Z" -- 12 July 2011 12:00:00 GMT
|
|
DESCRIPTION
|
|
"Initial release."
|
|
::= { hm2PlatformMibs 20 }
|
|
|
|
--**************************************************************************************
|
|
-- hm2AgentPortSecurityGroup -> contains MIB objects displaying Port Security
|
|
--
|
|
--**************************************************************************************
|
|
|
|
hm2AgentPortSecurityGroup OBJECT IDENTIFIER ::= { hm2PlatformPortSecurity 1}
|
|
|
|
hm2AgentGlobalPortSecurityMode OBJECT-TYPE
|
|
SYNTAX HmEnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Mode showing whether at the global level, port security is enabled or not."
|
|
DEFVAL { disable }
|
|
::={ hm2AgentPortSecurityGroup 1 }
|
|
|
|
hm2AgentPortSecurityTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2AgentPortSecurityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A table for Port Security and associated functionality."
|
|
::= { hm2AgentPortSecurityGroup 2 }
|
|
|
|
hm2AgentPortSecurityEntry OBJECT-TYPE
|
|
SYNTAX Hm2AgentPortSecurityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Represents entry for port security table"
|
|
INDEX { ifIndex }
|
|
::={ hm2AgentPortSecurityTable 1}
|
|
|
|
Hm2AgentPortSecurityEntry ::=
|
|
SEQUENCE {
|
|
hm2AgentPortSecurityMode
|
|
HmEnabledStatus,
|
|
hm2AgentPortSecurityDynamicLimit
|
|
Unsigned32,
|
|
hm2AgentPortSecurityStaticLimit
|
|
Unsigned32,
|
|
hm2AgentPortSecurityViolationTrapMode
|
|
HmEnabledStatus,
|
|
hm2AgentPortSecurityStaticMACs
|
|
DisplayString,
|
|
hm2AgentPortSecurityLastDiscardedMAC
|
|
DisplayString,
|
|
hm2AgentPortSecurityMACAddressAdd
|
|
DisplayString,
|
|
hm2AgentPortSecurityMACAddressRemove
|
|
DisplayString,
|
|
hm2AgentPortSecurityMACAddressMove
|
|
HmEnabledStatus,
|
|
hm2AgentPortSecurityDynamicCount
|
|
Unsigned32,
|
|
hm2AgentPortSecurityStaticCount
|
|
Unsigned32,
|
|
hm2AgentPortSecurityViolationTrapCount
|
|
Unsigned32,
|
|
hm2AgentPortSecurityViolationTrapFrequency
|
|
Unsigned32,
|
|
hm2AgentPortSecurityAutoDisable
|
|
TruthValue,
|
|
hm2AgentPortSecurityStaticIpCount
|
|
Unsigned32,
|
|
hm2AgentPortSecurityStaticIPs
|
|
DisplayString,
|
|
hm2AgentPortSecurityIPAddressAdd
|
|
DisplayString,
|
|
hm2AgentPortSecurityIPAddressRemove
|
|
DisplayString
|
|
}
|
|
|
|
hm2AgentPortSecurityMode OBJECT-TYPE
|
|
SYNTAX HmEnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Mode showing whether at port level security is enabled or not."
|
|
DEFVAL { disable }
|
|
::={ hm2AgentPortSecurityEntry 1 }
|
|
|
|
hm2AgentPortSecurityDynamicLimit OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..600)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable signifies the limit of dynamically locked MAC addresses
|
|
allowed on a specific port."
|
|
DEFVAL { 600 }
|
|
::={ hm2AgentPortSecurityEntry 2 }
|
|
|
|
hm2AgentPortSecurityStaticLimit OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..64)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable signifies the limit of statically locked MAC addresses
|
|
allowed on a specific port."
|
|
DEFVAL { 64 }
|
|
::={ hm2AgentPortSecurityEntry 3 }
|
|
|
|
hm2AgentPortSecurityViolationTrapMode OBJECT-TYPE
|
|
SYNTAX HmEnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable is used to enable or disable the sending of new violation
|
|
traps designating when a packet with a disallowed MAC address is
|
|
received on a locked port."
|
|
DEFVAL { disable }
|
|
::={hm2AgentPortSecurityEntry 4 }
|
|
|
|
hm2AgentPortSecurityStaticMACs OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..1536))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable displays the statically locked MAC addresses for port.
|
|
The list displayed in a particular fashion :
|
|
2 a0:b1:c2:d1:e3:a1,11 a0:b1:c2:d3:e4:f5
|
|
(i.e., VLAN MAC pairs separated by commas)."
|
|
::={hm2AgentPortSecurityEntry 6 }
|
|
|
|
hm2AgentPortSecurityLastDiscardedMAC OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable displays the vlan-id and source MAC address of the last packet that was
|
|
discarded on a locked port."
|
|
::={hm2AgentPortSecurityEntry 7 }
|
|
|
|
|
|
hm2AgentPortSecurityMACAddressAdd OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This MIB variable accepts a VLAN id and MAC address to be added to the list
|
|
of statically locked MAC addresses on a port. The VLAN id and MAC address combination
|
|
would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and
|
|
MAC address separated by a blank-space)."
|
|
::={ hm2AgentPortSecurityEntry 8 }
|
|
|
|
hm2AgentPortSecurityMACAddressRemove OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This MIB variable accepts a VLAN id and MAC address to be removed from the list
|
|
of statically locked MAC addresses on a port.. The VLAN id and MAC address combination
|
|
would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and
|
|
MAC address separated by a blank-space)."
|
|
::={ hm2AgentPortSecurityEntry 9 }
|
|
|
|
hm2AgentPortSecurityMACAddressMove OBJECT-TYPE
|
|
SYNTAX HmEnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When this object is enabled, all the dynamically locked MAC addresses will
|
|
be moved to statically locked addresses on a port. GET operation on this object will display
|
|
disable."
|
|
::={ hm2AgentPortSecurityEntry 10 }
|
|
|
|
hm2AgentPortSecurityDynamicCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of dynamically locked MAC addresses on this port."
|
|
::={ hm2AgentPortSecurityEntry 20 }
|
|
|
|
hm2AgentPortSecurityStaticCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of statically locked MAC addresses on this port."
|
|
::={ hm2AgentPortSecurityEntry 21 }
|
|
|
|
hm2AgentPortSecurityViolationTrapCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of active violations for which a violation trap was sent on this port.
|
|
This counter is only valid when hm2AgentPortSecurityViolationTrapMode is enabled"
|
|
::={ hm2AgentPortSecurityEntry 22 }
|
|
|
|
hm2AgentPortSecurityViolationTrapFrequency OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..3600)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The minimum seconds between two successive violation traps on this port."
|
|
DEFVAL { 0 }
|
|
::={ hm2AgentPortSecurityEntry 23 }
|
|
|
|
hm2AgentPortSecurityAutoDisable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether a port is auto-disabled when the configured threshold is reached."
|
|
DEFVAL { true }
|
|
::={ hm2AgentPortSecurityEntry 248 }
|
|
|
|
hm2AgentPortSecurityStaticIpCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of statically locked IP addresses on this port."
|
|
::={ hm2AgentPortSecurityEntry 249 }
|
|
|
|
hm2AgentPortSecurityStaticIPs OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE(0..1536))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This variable displays the statically locked IP addresses for port.
|
|
The list displayed in a particular fashion :
|
|
2 100.1.1.200, 11 110.2.2.100."
|
|
::={ hm2AgentPortSecurityEntry 250 }
|
|
|
|
hm2AgentPortSecurityIPAddressAdd OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This MIB variable accepts a VLAN id and IP address to be added to the list
|
|
of statically locked IP addresses on a port. The VLAN id and IP address combination
|
|
would be entered in a particular fashion like :- 2 192.168.248.100 (the vlan-id and
|
|
IP address separated by a blank-space)."
|
|
::={ hm2AgentPortSecurityEntry 251 }
|
|
|
|
hm2AgentPortSecurityIPAddressRemove OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This MIB variable accepts a VLAN id and IP address to be removed from the list
|
|
of statically locked IP addresses on a port.. The VLAN id and IP address combination
|
|
would be entered in a particular fashion like :- 2 192.168.248.100 (the vlan-id and
|
|
IP address separated by a blank-space)."
|
|
::={ hm2AgentPortSecurityEntry 252 }
|
|
|
|
--**********************************************************************--
|
|
|
|
hm2AgentPortSecurityDynamicTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2AgentPortSecurityDynamicEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A table for Port Security Dynamic and associated functionality."
|
|
::= { hm2AgentPortSecurityGroup 3 }
|
|
|
|
hm2AgentPortSecurityDynamicEntry OBJECT-TYPE
|
|
SYNTAX Hm2AgentPortSecurityDynamicEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Represents entry for port MAC Locking table"
|
|
INDEX { ifIndex,hm2AgentPortSecurityDynamicVLANId,hm2AgentPortSecurityDynamicMACAddress }
|
|
::={ hm2AgentPortSecurityDynamicTable 1}
|
|
|
|
Hm2AgentPortSecurityDynamicEntry ::=
|
|
SEQUENCE {
|
|
hm2AgentPortSecurityDynamicVLANId
|
|
Unsigned32,
|
|
hm2AgentPortSecurityDynamicMACAddress
|
|
MacAddress
|
|
}
|
|
|
|
hm2AgentPortSecurityDynamicVLANId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source VLAN id of the packet that is received on the dynamically locked port."
|
|
::={hm2AgentPortSecurityDynamicEntry 1 }
|
|
|
|
hm2AgentPortSecurityDynamicMACAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC address of the packet that is received on the dynamically locked port."
|
|
::={ hm2AgentPortSecurityDynamicEntry 2 }
|
|
|
|
--**********************************************************************--
|
|
|
|
hm2AgentPortSecurityStaticTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2AgentPortSecurityStaticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A table for Port Security Static and associated functionality."
|
|
::= { hm2AgentPortSecurityGroup 10 }
|
|
|
|
hm2AgentPortSecurityStaticEntry OBJECT-TYPE
|
|
SYNTAX Hm2AgentPortSecurityStaticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Represents entry for port MAC Locking table"
|
|
INDEX { ifIndex,hm2AgentPortSecurityStaticVLANId,hm2AgentPortSecurityStaticMACAddress }
|
|
::={ hm2AgentPortSecurityStaticTable 1}
|
|
|
|
Hm2AgentPortSecurityStaticEntry ::=
|
|
SEQUENCE {
|
|
hm2AgentPortSecurityStaticVLANId
|
|
Unsigned32,
|
|
hm2AgentPortSecurityStaticMACAddress
|
|
MacAddress
|
|
}
|
|
|
|
hm2AgentPortSecurityStaticVLANId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VLAN id of the statically locked address ."
|
|
::={hm2AgentPortSecurityStaticEntry 1 }
|
|
|
|
hm2AgentPortSecurityStaticMACAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statically locked MAC address."
|
|
::={ hm2AgentPortSecurityStaticEntry 2 }
|
|
|
|
--**********************************************************************--
|
|
|
|
hm2AgentPortSecurityIpStaticTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hm2AgentPortSecurityIpStaticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A table for Port Security Static and associated functionality."
|
|
::= { hm2AgentPortSecurityGroup 11 }
|
|
|
|
hm2AgentPortSecurityIpStaticEntry OBJECT-TYPE
|
|
SYNTAX Hm2AgentPortSecurityIpStaticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Represents entry for port MAC Locking IP table"
|
|
INDEX { ifIndex,hm2AgentPortSecurityStaticIpVLANId,hm2AgentPortSecurityStaticIpAddress }
|
|
::={ hm2AgentPortSecurityIpStaticTable 1}
|
|
|
|
Hm2AgentPortSecurityIpStaticEntry ::=
|
|
SEQUENCE {
|
|
hm2AgentPortSecurityStaticIpVLANId
|
|
Unsigned32,
|
|
hm2AgentPortSecurityStaticIpAddress
|
|
IpAddress
|
|
}
|
|
|
|
hm2AgentPortSecurityStaticIpVLANId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VLAN id of the statically locked address ."
|
|
::={hm2AgentPortSecurityIpStaticEntry 1 }
|
|
|
|
hm2AgentPortSecurityStaticIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statically locked IP address."
|
|
::={ hm2AgentPortSecurityIpStaticEntry 2 }
|
|
|
|
--**************************************************************************************
|
|
|
|
hm2AgentPortSecurityOperationMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
macAddressBased(1),
|
|
ipAddressBased(2)
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Mode showing which operational mode is enabled for port security (MAC vs. IP).
|
|
In MAC mode, filtering is done based on MAC addresses added statically/dinamically.
|
|
In IP mode, filtering is done based on MAC addresses resolved via ARP requests
|
|
for the programmed IP address."
|
|
DEFVAL { macAddressBased }
|
|
::={ hm2AgentPortSecurityGroup 12 }
|
|
|
|
|
|
-- hm2AgentPortSecurity Traps
|
|
--
|
|
--**************************************************************************************
|
|
|
|
hm2AgentPortSecurityTraps OBJECT IDENTIFIER ::= { hm2PlatformPortSecurity 2 }
|
|
|
|
hm2AgentPortSecurityViolation NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
ifIndex,
|
|
hm2AgentPortSecurityLastDiscardedMAC
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Sent when a packet is received on a locked port with a source MAC address
|
|
that is not allowed."
|
|
::= { hm2AgentPortSecurityTraps 1 }
|
|
|
|
END
|
|
|