302 lines
11 KiB
Plaintext
302 lines
11 KiB
Plaintext
-- ==================================================================
|
|
-- Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P.
|
|
--
|
|
-- Description: DHCP Snooping MIB
|
|
-- Reference:
|
|
-- Version: V1.3
|
|
-- History:
|
|
-- V1.0 The initial version, created by FuJiajia, 2004.12.29
|
|
-- V1.1 2006-03-08 updated by HeHangjun
|
|
-- Added hpnicfDhcpSnoopVlanTable
|
|
-- V1.2 2007-06-18 updated by qizhenglin
|
|
-- Added hpnicfDhcpSnoopSpoofServerDetected
|
|
-- hpnicfDhcpSnoopSpoofServerMac
|
|
-- hpnicfDhcpSnoopSpoofServerIP
|
|
-- V1.3 2013-10-16 updated by xuyufei
|
|
-- Added hpnicfDhcpSnoopNewBinding
|
|
-- hpnicfDhcpSnoopBindingIP
|
|
-- hpnicfDhcpSnoopBindingMac
|
|
-- ==================================================================
|
|
-- ==================================================================
|
|
--
|
|
-- Varibles and types be imported
|
|
--
|
|
-- ==================================================================
|
|
HPN-ICF-DHCPSNOOP-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
|
|
MacAddress
|
|
FROM SNMPv2-TC
|
|
|
|
MODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,IpAddress,Integer32
|
|
FROM SNMPv2-SMI
|
|
|
|
ifIndex
|
|
FROM IF-MIB
|
|
|
|
hpnicfdot1qVlanIndex
|
|
FROM HPN-ICF-LswVLAN-MIB
|
|
|
|
InetAddressType, InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
|
|
hpnicfCommon
|
|
FROM HPN-ICF-OID-MIB
|
|
|
|
TruthValue
|
|
FROM SNMPv2-TC;
|
|
|
|
-- ==================================================================
|
|
--
|
|
-- ======================= definition begin =========================
|
|
--
|
|
-- ==================================================================
|
|
hpnicfDhcpSnoop MODULE-IDENTITY
|
|
LAST-UPDATED "200501140000Z"
|
|
ORGANIZATION
|
|
""
|
|
CONTACT-INFO
|
|
""
|
|
DESCRIPTION
|
|
"The private MIB file includes the DHCP Snooping profile."
|
|
::= { hpnicfCommon 36 }
|
|
|
|
hpnicfDhcpSnoopMibObject OBJECT IDENTIFIER ::= { hpnicfDhcpSnoop 1 }
|
|
|
|
hpnicfDhcpSnoopEnable OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "DHCP Snooping status (enable or disable)."
|
|
DEFVAL { disable }
|
|
::= { hpnicfDhcpSnoopMibObject 1 }
|
|
|
|
hpnicfDhcpSnoopTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpnicfDhcpSnoopEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "The table containing information of DHCP clients listened by
|
|
DHCP snooping and it's enabled or disabled by setting
|
|
hpnicfDhcpSnoopEnable node."
|
|
::= { hpnicfDhcpSnoopMibObject 2 }
|
|
|
|
|
|
hpnicfDhcpSnoopEntry OBJECT-TYPE
|
|
SYNTAX HpnicfDhcpSnoopEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "An entry containing information of DHCP clients."
|
|
INDEX { hpnicfDhcpSnoopClientIpAddressType, hpnicfDhcpSnoopClientIpAddress }
|
|
::= { hpnicfDhcpSnoopTable 1 }
|
|
|
|
HpnicfDhcpSnoopEntry ::=
|
|
SEQUENCE {
|
|
hpnicfDhcpSnoopClientIpAddressType InetAddressType,
|
|
hpnicfDhcpSnoopClientIpAddress InetAddress,
|
|
hpnicfDhcpSnoopClientMacAddress MacAddress,
|
|
hpnicfDhcpSnoopClientProperty INTEGER ,
|
|
hpnicfDhcpSnoopClientUnitNum Integer32
|
|
}
|
|
|
|
hpnicfDhcpSnoopClientIpAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "DHCP clients' IP addresses type (IPv4 or IPv6)."
|
|
DEFVAL { ipv4 }
|
|
::= { hpnicfDhcpSnoopEntry 1 }
|
|
|
|
hpnicfDhcpSnoopClientIpAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "DHCP clients' IP addresses collected by DHCP snooping."
|
|
::= { hpnicfDhcpSnoopEntry 2 }
|
|
|
|
hpnicfDhcpSnoopClientMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "DHCP clients' MAC addresses collected by DHCP snooping."
|
|
::= { hpnicfDhcpSnoopEntry 3 }
|
|
|
|
hpnicfDhcpSnoopClientProperty OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
static(1),
|
|
dynamic(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "Method of getting IP addresses collected by DHCP snooping."
|
|
::= { hpnicfDhcpSnoopEntry 4 }
|
|
|
|
hpnicfDhcpSnoopClientUnitNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "IRF (Intelligent Resilient Fabric) unit number via whom the clients
|
|
get their IP addresses. The value 0 means this device does not support IRF."
|
|
::= { hpnicfDhcpSnoopEntry 5 }
|
|
|
|
hpnicfDhcpSnoopTrustTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpnicfDhcpSnoopTrustEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A table is used to configure and monitor port trusted status."
|
|
::= { hpnicfDhcpSnoopMibObject 3 }
|
|
|
|
hpnicfDhcpSnoopTrustEntry OBJECT-TYPE
|
|
SYNTAX HpnicfDhcpSnoopTrustEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "An entry containing information about trusted status of ports."
|
|
INDEX { ifIndex }
|
|
::= { hpnicfDhcpSnoopTrustTable 1 }
|
|
|
|
HpnicfDhcpSnoopTrustEntry ::=
|
|
SEQUENCE {
|
|
hpnicfDhcpSnoopTrustStatus INTEGER
|
|
}
|
|
|
|
hpnicfDhcpSnoopTrustStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
untrusted(0),
|
|
trusted(1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Trusted status of current port which supports both get and
|
|
set operation."
|
|
DEFVAL { untrusted }
|
|
::= { hpnicfDhcpSnoopTrustEntry 1 }
|
|
|
|
hpnicfDhcpSnoopVlanTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpnicfDhcpSnoopVlanEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "A table is used to configure and monitor DHCP Snooping
|
|
status of VLANs."
|
|
::= { hpnicfDhcpSnoopMibObject 4 }
|
|
|
|
hpnicfDhcpSnoopVlanEntry OBJECT-TYPE
|
|
SYNTAX HpnicfDhcpSnoopVlanEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "The entry information about hpnicfDhcpSnoopVlanTable."
|
|
INDEX
|
|
{
|
|
hpnicfDhcpSnoopVlanIndex
|
|
}
|
|
::= { hpnicfDhcpSnoopVlanTable 1 }
|
|
|
|
HpnicfDhcpSnoopVlanEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hpnicfDhcpSnoopVlanIndex Integer32,
|
|
hpnicfDhcpSnoopVlanEnable TruthValue
|
|
}
|
|
|
|
hpnicfDhcpSnoopVlanIndex OBJECT-TYPE
|
|
SYNTAX Integer32(0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Current VLAN index."
|
|
::= { hpnicfDhcpSnoopVlanEntry 1 }
|
|
|
|
hpnicfDhcpSnoopVlanEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "DHCP Snooping status of current VLAN."
|
|
DEFVAL { false }
|
|
::= { hpnicfDhcpSnoopVlanEntry 2 }
|
|
|
|
-- ==================================================================
|
|
--
|
|
-- ======================= trap definition begin ====================
|
|
--
|
|
-- ==================================================================
|
|
hpnicfDhcpSnoopTraps OBJECT IDENTIFIER ::= { hpnicfDhcpSnoop 2 }
|
|
hpnicfDhcpSnoopTrapsPrefix OBJECT IDENTIFIER ::= { hpnicfDhcpSnoopTraps 0 }
|
|
hpnicfDhcpSnoopTrapsObject OBJECT IDENTIFIER ::= { hpnicfDhcpSnoopTraps 1 }
|
|
|
|
hpnicfDhcpSnoopSpoofServerMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "MAC address of the spoofing server and it is derived from
|
|
link-layer header of offer packet. If the offer packet is relayed
|
|
by dhcp relay entity, it may be the MAC address of relay entity.
|
|
"
|
|
::= { hpnicfDhcpSnoopTrapsObject 1 }
|
|
|
|
hpnicfDhcpSnoopSpoofServerIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "IP address of the spoofing server and it is derived from
|
|
IP header of offer packet. A tricksy host may send offer packet use
|
|
other host's address, so this address can not always be trust.
|
|
"
|
|
::= { hpnicfDhcpSnoopTrapsObject 2 }
|
|
|
|
hpnicfDhcpSnoopBindingIP OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "IP address of a new binding. "
|
|
::= { hpnicfDhcpSnoopTrapsObject 3 }
|
|
|
|
|
|
hpnicfDhcpSnoopBindingMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "MAC address of a new binding. "
|
|
::= { hpnicfDhcpSnoopTrapsObject 4 }
|
|
|
|
|
|
hpnicfDhcpSnoopSpoofServerDetected NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
ifIndex, -- The interface from which an
|
|
-- illegal dhcp server accessed
|
|
hpnicfdot1qVlanIndex, -- The vlan from which an illegal
|
|
-- dhcp server accessed
|
|
hpnicfDhcpSnoopSpoofServerMac,
|
|
hpnicfDhcpSnoopSpoofServerIP
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"To detect unauthorized DHCP servers on a network, the DHCP snooping
|
|
device sends DHCP-DISCOVER messages through its downstream port
|
|
(which is connected to the DHCP clients).
|
|
If any response (DHCP-OFFER message) is received from the downstream port,
|
|
an unauthorized DHCP server is considered present, and then the device
|
|
sends a trap.
|
|
With unauthorized DHCP server detection enabled, the interface sends a
|
|
DHCP-DISCOVER message to detect unauthorized DHCP servers on the network.
|
|
If this interface receives a DHCP-OFFER message, the DHCP server which
|
|
sent it is considered unauthorized. "
|
|
::= { hpnicfDhcpSnoopTrapsPrefix 1 }
|
|
|
|
hpnicfDhcpSnoopNewBinding NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hpnicfDhcpSnoopBindingIP,
|
|
hpnicfDhcpSnoopBindingMac
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The device sends a trap when adding a new binding."
|
|
::= { hpnicfDhcpSnoopTrapsPrefix 2 }
|
|
|
|
END
|