457 lines
17 KiB
Plaintext
457 lines
17 KiB
Plaintext
HP-ICF-IP-LOCKDOWN-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE, Counter32
|
|
FROM SNMPv2-SMI
|
|
MacAddress, TruthValue
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
InetAddressType, InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
ifIndex, InterfaceIndex
|
|
FROM IF-MIB
|
|
VlanIndex
|
|
FROM Q-BRIDGE-MIB
|
|
hpSwitch
|
|
FROM HP-ICF-OID;
|
|
|
|
hpicfIpLockdown MODULE-IDENTITY
|
|
LAST-UPDATED "200803160524Z" -- March 16, 2008
|
|
ORGANIZATION "HP Networking"
|
|
CONTACT-INFO
|
|
"Hewlett-Packard Company
|
|
8000 Foothills Blvd.
|
|
Roseville, CA 95747"
|
|
DESCRIPTION "This MIB module contains HP proprietary
|
|
objects for managing Dynamic IP Lockdown."
|
|
|
|
REVISION "200803160524Z" -- March 16, 2008
|
|
DESCRIPTION
|
|
"Added hpicfIpLockErrantNotify, it's objects
|
|
and groups. Obsoleted hpicfIpLockTrapsCntl
|
|
in favor of hpicfIpLockTrapsCtrl and added
|
|
a hpicfIpLockObsoleteGroup."
|
|
REVISION "200606082347Z" -- June 8, 2006
|
|
DESCRIPTION
|
|
"Initial revision."
|
|
|
|
::= { hpSwitch 39 }
|
|
|
|
-- **********************************************************
|
|
-- Trap Definitions
|
|
-- **********************************************************
|
|
|
|
hpicfIpLockTraps OBJECT IDENTIFIER ::= { hpicfIpLockdown 0 }
|
|
|
|
hpicfIpLockTrapsObjects
|
|
OBJECT IDENTIFIER ::= { hpicfIpLockTraps 1 }
|
|
|
|
hpicfIpLockOutOfResourceSource OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dhcpsnooping (1),
|
|
iplockdown (2)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The identifier of the reason for out of hardware
|
|
resource condition"
|
|
::= { hpicfIpLockTrapsObjects 1 }
|
|
|
|
hpicfIpLockOutOfResources NOTIFICATION-TYPE
|
|
OBJECTS { hpicfIpLockAddrPort,
|
|
hpicfIpLockAddrMacAddress,
|
|
hpicfIpLockAddrIpAddress,
|
|
hpicfIpLockAddrVlan,
|
|
hpicfIpLockOutOfResourceSource }
|
|
STATUS current
|
|
DESCRIPTION "This trap indicates that unexpected running out
|
|
of hardware resources to program a Dynamic IP
|
|
Lockdown rule.
|
|
|
|
This notification trap is controlled by the state
|
|
of 'hpicfIpLockTrapCtrl' object.
|
|
|
|
Implementation of this trap is optional."
|
|
::= { hpicfIpLockTrapsObjects 2 }
|
|
|
|
hpicfIpLockErrantNotify NOTIFICATION-TYPE
|
|
OBJECTS { hpicfIpLockNotifyCount,
|
|
hpicfIpLockNotifyPort,
|
|
hpicfIpLockNotifySrcIpType,
|
|
hpicfIpLockNotifySrcIpAddress,
|
|
hpicfIpLockNotifyDstIpType,
|
|
hpicfIpLockNotifyDstIpAddress,
|
|
hpicfIpLockNotifyMacAddress,
|
|
hpicfIpLockNotifyPktCount }
|
|
STATUS current
|
|
DESCRIPTION "This notification indicates a host was denied
|
|
access to the switch based on Dynamic Lockdown
|
|
Protection rules.
|
|
|
|
This notification trap is controlled by the
|
|
state of the 'hpicfIpLockTrapCtrl' object.
|
|
|
|
Implementation of this trap is optional."
|
|
::= { hpicfIpLockTrapsObjects 3 }
|
|
|
|
hpicfIpLockErrantNotifyObjects
|
|
OBJECT IDENTIFIER ::= { hpicfIpLockTrapsObjects 4 }
|
|
|
|
hpicfIpLockNotifyCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "A count of 'hpicfIpLockErrantNotify' sent from
|
|
the Dynamic Ip Lockdown Protection entity to the
|
|
SNMP entity since boot."
|
|
::= { hpicfIpLockErrantNotifyObjects 1 }
|
|
|
|
hpicfIpLockNotifyPort OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The port for which this 'hpicfIpLockErrantNotify'
|
|
applies."
|
|
::= { hpicfIpLockErrantNotifyObjects 2 }
|
|
|
|
hpicfIpLockNotifySrcIpType OBJECT-TYPE
|
|
SYNTAX InetAddressType -- { ipv4(1), ipv6 (2) }
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The type of IP address contained in
|
|
'hpicfIpLockNotifySrcIpAddress'.
|
|
|
|
The only values expected are ipv4 or ipv6."
|
|
::= { hpicfIpLockErrantNotifyObjects 3 }
|
|
|
|
hpicfIpLockNotifySrcIpAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The source IP address for which this
|
|
'hpicfIpLockErrantNotify' applies."
|
|
::= { hpicfIpLockErrantNotifyObjects 4 }
|
|
|
|
hpicfIpLockNotifyDstIpType OBJECT-TYPE
|
|
SYNTAX InetAddressType -- { ipv4(1), ipv6 (2) }
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The type of IP address contained in
|
|
'hpicfIpLockNotifyDstIpAddress'.
|
|
|
|
The only values expected are ipv4 or ipv6."
|
|
::= { hpicfIpLockErrantNotifyObjects 5 }
|
|
|
|
hpicfIpLockNotifyDstIpAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The destination IP address for which this
|
|
'hpicfIpLockErrantNotify' applies."
|
|
::= { hpicfIpLockErrantNotifyObjects 6 }
|
|
|
|
hpicfIpLockNotifyMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The source MAC address for which this
|
|
'hpicfIpLockErrantNotify' applies."
|
|
::= { hpicfIpLockErrantNotifyObjects 7 }
|
|
|
|
hpicfIpLockNotifyPktCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "This object indicates the number of packets
|
|
received from this host which were dropped."
|
|
::= { hpicfIpLockErrantNotifyObjects 8 }
|
|
|
|
hpicfIpLockObjects OBJECT IDENTIFIER ::= { hpicfIpLockdown 1 }
|
|
|
|
hpicfIpLockConfig OBJECT IDENTIFIER ::= { hpicfIpLockObjects 1 }
|
|
|
|
hpicfIpLockEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "The administrative status of the Dynamic IP
|
|
Lockdown feature."
|
|
::= { hpicfIpLockConfig 1 }
|
|
|
|
hpicfIpLockPortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfIpLockPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Per-interface configuration for Dynamic IP
|
|
Lockdown."
|
|
::= { hpicfIpLockConfig 2 }
|
|
|
|
hpicfIpLockTrapCntl OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
outOfResource(0)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS obsolete
|
|
DESCRIPTION "********* THIS OBJECT IS OBSOLETED **********
|
|
|
|
This object has been obsoleted in favor of
|
|
'hpicfIpLockTrapCtrl'.
|
|
|
|
Controls generation of SNMP traps
|
|
for events defined in this MIB.
|
|
The set bit means 'enabled'.
|
|
|
|
- OutOfResource(0)
|
|
The state of this bit specifies whether the
|
|
notification trap is allowed to be send when
|
|
one runs out of resources programming a dynamic
|
|
IP Lockdown rule.."
|
|
::= { hpicfIpLockConfig 3 }
|
|
|
|
hpicfIpLockTrapCtrl OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Controls generation of SNMP notifications for
|
|
traps defined in this MIB."
|
|
DEFVAL { true }
|
|
::= { hpicfIpLockConfig 4 }
|
|
|
|
hpicfIpLockPortEntry OBJECT-TYPE
|
|
SYNTAX HpicfIpLockPortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Dynamic IP Lockdown configuration information
|
|
for a single port."
|
|
INDEX { ifIndex }
|
|
::= { hpicfIpLockPortTable 1 }
|
|
|
|
HpicfIpLockPortEntry ::=
|
|
SEQUENCE {
|
|
hpicfIpLockPortEnable INTEGER
|
|
}
|
|
|
|
hpicfIpLockPortEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "This object indicates whether this port is
|
|
enabled for Dynamic IP Lockdown."
|
|
::= { hpicfIpLockPortEntry 1 }
|
|
|
|
hpicfIpLockStatus OBJECT IDENTIFIER ::= { hpicfIpLockObjects 2 }
|
|
|
|
hpicfIpLockPortStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfIpLockPortStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Per-interface status for Dynamic IP
|
|
Lockdown."
|
|
::= { hpicfIpLockStatus 1 }
|
|
|
|
hpicfIpLockPortStatusEntry OBJECT-TYPE
|
|
SYNTAX HpicfIpLockPortStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Dynamic IP Lockdown status information for
|
|
a single port."
|
|
INDEX { ifIndex }
|
|
::= { hpicfIpLockPortStatusTable 1 }
|
|
|
|
HpicfIpLockPortStatusEntry ::=
|
|
SEQUENCE {
|
|
hpicfIpLockPortOperStatus BITS
|
|
}
|
|
|
|
hpicfIpLockPortOperStatus OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
active(0),
|
|
noDsnoop(1),
|
|
trustedPort(2),
|
|
noSnoopingVlan(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object indicates the various states of the
|
|
current operating mode of Dynamic IP Lockdown on
|
|
this port. When no bits are set, the status of
|
|
this feature shall be 'disabled'. Each status is
|
|
described below:
|
|
active - Dynamic IP Lockdown is active
|
|
on this port.
|
|
noDsnoop - Dynamic IP Lockdown is enabled
|
|
on this port, but DHCP Snooping
|
|
is not globally enabled.
|
|
trustedPort - Dynamic IP Lockdown is enabled
|
|
on this port, but is not active
|
|
because the port is a DHCP
|
|
Snooping trusted port.
|
|
noSnoopingVlan - Dynamic IP Lockdown is enabled
|
|
on this port, but is not active
|
|
because the port is not a
|
|
member of any VLAN with DHCP
|
|
Snooping enabled."
|
|
::= { hpicfIpLockPortStatusEntry 1 }
|
|
|
|
hpicfIpLockAddrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfIpLockAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Table of source address bindings on ports
|
|
where Dynamic IP Lockdown is active that
|
|
are currently permitted."
|
|
::= { hpicfIpLockStatus 2 }
|
|
|
|
hpicfIpLockAddrEntry OBJECT-TYPE
|
|
SYNTAX HpicfIpLockAddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "An entry in the table containing a single
|
|
permitted source address binding."
|
|
INDEX { hpicfIpLockAddrPort,
|
|
hpicfIpLockAddrType,
|
|
hpicfIpLockAddrIpAddress
|
|
}
|
|
::= { hpicfIpLockAddrTable 1 }
|
|
|
|
HpicfIpLockAddrEntry ::=
|
|
SEQUENCE {
|
|
hpicfIpLockAddrPort InterfaceIndex,
|
|
hpicfIpLockAddrType InetAddressType,
|
|
hpicfIpLockAddrIpAddress InetAddress,
|
|
hpicfIpLockAddrVlan VlanIndex,
|
|
hpicfIpLockAddrMacAddress MacAddress,
|
|
hpicfIpLockResourceAvailable TruthValue
|
|
}
|
|
|
|
hpicfIpLockAddrPort OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The port that this address binding is
|
|
permitted on."
|
|
::= { hpicfIpLockAddrEntry 1 }
|
|
|
|
hpicfIpLockAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType -- { ipv4(1), ipv6 (2) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The type of IP address contained in
|
|
hpicfIpLockAddrIpAddress. The only
|
|
values expected are ipv4 or ipv6."
|
|
::= { hpicfIpLockAddrEntry 2 }
|
|
|
|
hpicfIpLockAddrIpAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "A source IP address permitted on this
|
|
port. The type of address contained in
|
|
this object is indicated by
|
|
hpicfIpLockAddrType."
|
|
::= { hpicfIpLockAddrEntry 3 }
|
|
|
|
hpicfIpLockAddrVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The VLAN ID on which this source address
|
|
is permitted on this port."
|
|
::= { hpicfIpLockAddrEntry 4 }
|
|
|
|
hpicfIpLockAddrMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The source MAC address that is permitted
|
|
for this source IP address on this port."
|
|
::= { hpicfIpLockAddrEntry 5 }
|
|
|
|
hpicfIpLockResourceAvailable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "TRUE indicates that resources were available
|
|
to add binding. FALSE indicates that resources
|
|
were not available"
|
|
::= { hpicfIpLockAddrEntry 6 }
|
|
|
|
hpicfIpLockConformance OBJECT IDENTIFIER ::=
|
|
{ hpicfIpLockdown 2 }
|
|
|
|
hpicfIpLockGroups OBJECT IDENTIFIER ::=
|
|
{ hpicfIpLockConformance 1 }
|
|
|
|
hpicfIpLockBaseGroup OBJECT-GROUP
|
|
OBJECTS { hpicfIpLockEnable,
|
|
hpicfIpLockPortEnable,
|
|
hpicfIpLockPortOperStatus,
|
|
hpicfIpLockAddrPort,
|
|
hpicfIpLockAddrType,
|
|
hpicfIpLockAddrIpAddress,
|
|
hpicfIpLockAddrVlan,
|
|
hpicfIpLockAddrMacAddress,
|
|
hpicfIpLockResourceAvailable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "A collection of objects for configuring and
|
|
monitoring the base Dynamic IP Lockdown
|
|
functionality."
|
|
::= { hpicfIpLockGroups 1 }
|
|
|
|
hpicfIpLockTrapsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { hpicfIpLockOutOfResources, hpicfIpLockErrantNotify }
|
|
STATUS current
|
|
DESCRIPTION "A collection of trap objects for Dynamic
|
|
IP Lockdown."
|
|
::= { hpicfIpLockGroups 2 }
|
|
|
|
hpicfIpLockTrapObjectsGroup OBJECT-GROUP
|
|
OBJECTS { hpicfIpLockOutOfResourceSource,
|
|
hpicfIpLockNotifyCount,
|
|
hpicfIpLockNotifyPort,
|
|
hpicfIpLockNotifySrcIpType,
|
|
hpicfIpLockNotifySrcIpAddress,
|
|
hpicfIpLockNotifyDstIpType,
|
|
hpicfIpLockNotifyDstIpAddress,
|
|
hpicfIpLockNotifyMacAddress,
|
|
hpicfIpLockNotifyPktCount,
|
|
hpicfIpLockTrapCtrl
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "A collection of objects for receiving notification
|
|
information in regards to the Dynamic IP Lockdown
|
|
functionality."
|
|
::= { hpicfIpLockGroups 3 }
|
|
|
|
hpicfIpLockObsoleteGroup OBJECT-GROUP
|
|
OBJECTS { hpicfIpLockTrapCntl
|
|
}
|
|
STATUS obsolete
|
|
DESCRIPTION "These objects are obsolete and are no longer used."
|
|
::= { hpicfIpLockGroups 4 }
|
|
|
|
hpicfIpLockCompliances OBJECT IDENTIFIER ::=
|
|
{ hpicfIpLockConformance 2 }
|
|
|
|
hpicfIpLockCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION "The compliance statement for HP
|
|
switches that support Dynamic IP Lockdown."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfIpLockBaseGroup }
|
|
::= { hpicfIpLockCompliances 1 }
|
|
|
|
hpicfIpLockTrapCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION "The compliance statement for HP
|
|
switches that support Dynamic IP Lockdown
|
|
Notify group ."
|
|
MODULE --this module
|
|
MANDATORY-GROUPS { hpicfIpLockTrapObjectsGroup,
|
|
hpicfIpLockTrapsGroup }
|
|
::= { hpicfIpLockCompliances 2 }
|
|
|
|
END
|