418 lines
17 KiB
Plaintext
418 lines
17 KiB
Plaintext
--**MOD+***********************************************************************
|
|
--* Module: hpicfDipldv6.mib
|
|
--*
|
|
-- Copyright (C) 2017 Hewlett-Packard Development Company, L.P.
|
|
--* All Rights Reserved.
|
|
--*
|
|
--* The contents of this software are proprietary and confidential
|
|
--* to the Hewlett Packard Enterprise Development LP. No part of this
|
|
--* program may be photocopied, reproduced, or translated into another
|
|
--* programming language without prior written consent of the
|
|
--* Hewlett Packard Enterprise Development LP.
|
|
--*
|
|
--* Purpose: This file contains MIB definition of HP-ICF-IPv6-DYNAMIC-LOCKDOWN-MIB
|
|
--*
|
|
--**MOD-***********************************************************************
|
|
|
|
HP-ICF-IPv6-DYNAMIC-LOCKDOWN-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE, Counter32
|
|
FROM SNMPv2-SMI
|
|
MacAddress, TruthValue
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
|
|
FROM SNMPv2-CONF
|
|
ifIndex , InterfaceIndex
|
|
FROM IF-MIB
|
|
InetAddressType, InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
VlanIndex
|
|
FROM Q-BRIDGE-MIB
|
|
hpSwitch
|
|
FROM HP-ICF-OID
|
|
hpicfSaviObjectsFilteringEntry
|
|
FROM HPICF-SAVI-MIB;
|
|
|
|
hpicfIpv6Lockdown MODULE-IDENTITY
|
|
LAST-UPDATED "201711080000Z" -- Nov 08, 2017
|
|
ORGANIZATION "HP Networking"
|
|
CONTACT-INFO
|
|
"Hewlett-Packard Company
|
|
8000 Foothills Blvd.
|
|
Roseville, CA 95747"
|
|
DESCRIPTION
|
|
"This MIB module contains HP proprietary
|
|
objects for managing DHCPV6 Snooping."
|
|
REVISION "201711080000Z"
|
|
DESCRIPTION
|
|
"Importing hpicfSaviObjectsFilteringEntry from HPICF-SAVI-MIB
|
|
and augmenting it instead of saviObjectsFilteringEntry."
|
|
REVISION "201310060000Z"
|
|
DESCRIPTION
|
|
"Initial Version."
|
|
::= { hpSwitch 103 }
|
|
|
|
|
|
hpicfDIPLDv6SourceBindingNotifications OBJECT IDENTIFIER ::= { hpicfIpv6Lockdown 0 }
|
|
|
|
hpicfDIPLDv6Objects OBJECT IDENTIFIER ::= { hpicfIpv6Lockdown 1 }
|
|
|
|
hpicfIpv6LockConformance OBJECT IDENTIFIER ::= {hpicfIpv6Lockdown 2 }
|
|
|
|
hpicfDIPDv6SourceBindingOutOfResources NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
hpicfDIPLDv6SourceBindingAddrPort,
|
|
hpicfDIPLDv6SourceBindingAddrMacAddress,
|
|
hpicfDIPLDv6SourceBindingAddrIpAddressType,
|
|
hpicfDIPLDv6SourceBindingAddrIpAddress,
|
|
hpicfDIPLDv6SourceBindingAddrVlan
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "This trap is sent when hardware runs out of resource
|
|
to program Dynamic IPv6 Lockdown rule. It is controlled
|
|
by the state of
|
|
hpicfcfDIPLDv6SourceBindingOutOfResourcesTrapCtrl
|
|
object.Implementation of this trap is optional."
|
|
::= { hpicfDIPLDv6SourceBindingNotifications 1 }
|
|
|
|
hpicfDIPLDv6SourceBindingOutOfResourcesObjects
|
|
OBJECT IDENTIFIER ::= {hpicfDIPLDv6SourceBindingNotifications 2}
|
|
|
|
hpicfDIPLDv6SourceBindingAddrPort OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The Interface Index of the port for which Dynamic
|
|
IPv6 Lockdown rule cannot be programmed into
|
|
hardware."
|
|
::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 1 }
|
|
|
|
hpicfDIPLDv6SourceBindingAddrMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The source MAC address for which Dynamic IPv6 Lockdown rule
|
|
cannot be programmed into hardware."
|
|
::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 2 }
|
|
|
|
hpicfDIPLDv6SourceBindingAddrIpAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The Type of the IP Address of the source for which
|
|
Dynamic IPv6 lockdown rule cannot be programmed
|
|
into the hardware."
|
|
::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 3 }
|
|
|
|
|
|
hpicfDIPLDv6SourceBindingAddrIpAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "A source IP address for which Dynamic IPv6 Lockdown rule
|
|
cannot be programmed into hardware."
|
|
::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 4 }
|
|
|
|
hpicfDIPLDv6SourceBindingAddrVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The VLAN for which Dynamic IPv6 Lockdown rule
|
|
cannot be programmed into hardware."
|
|
::= {hpicfDIPLDv6SourceBindingOutOfResourcesObjects 5 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilations NOTIFICATION-TYPE
|
|
OBJECTS {hpicfDIPLDv6SourceBindingVoilationsCount,
|
|
hpicfDIPLDv6SourceBindingVoilationsPort,
|
|
hpicfDIPLDv6SourceBindingVoilationsSrcIpType,
|
|
hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress,
|
|
hpicfDIPLDv6SourceBindingVoilationsDstIpType,
|
|
hpicfDIPLDv6SourceBindingVoilationsDstIpAddress,
|
|
hpicfDIPLDv6SourceBindingVoilationsMacAddress,
|
|
hpicfDIPLDv6SourceBindingVoilationsPktCount}
|
|
STATUS current
|
|
DESCRIPTION "This notification indicates a host was denied access to
|
|
the switch based on Dynamic IPv6 lockdown protection rules.
|
|
This trap is controlled by the state of the
|
|
'hpicfDIPLDv6SourceBindingViolationsTrapCtrl' object.
|
|
Implementation of this trap is optional."
|
|
::= { hpicfDIPLDv6SourceBindingNotifications 3 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilationsObjects
|
|
OBJECT IDENTIFIER ::= { hpicfDIPLDv6SourceBindingNotifications 4 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilationsCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The number of DIPLDv6 violations sent from a DIPLDv6
|
|
entity to the SNMP entity."
|
|
::= { hpicfDIPLDv6SourceBindingVoilationsObjects 1 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilationsPort OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The Interface Index of the port for which this
|
|
'hpicfDIPLDv6SourceBindingVoilations' applies."
|
|
::= { hpicfDIPLDv6SourceBindingVoilationsObjects 2 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilationsSrcIpType OBJECT-TYPE
|
|
SYNTAX InetAddressType -- { ipv6(2), ipv6z (4) }
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The type of IP address contained in
|
|
'hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress'.
|
|
The only values expected are ipv6 or ipv6z."
|
|
::= { hpicfDIPLDv6SourceBindingVoilationsObjects 3 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The source IP address for which this
|
|
'hpicfDIPLDv6SourceBindingVoilations' applies."
|
|
::= { hpicfDIPLDv6SourceBindingVoilationsObjects 4 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilationsDstIpType OBJECT-TYPE
|
|
SYNTAX InetAddressType -- { ipv6(2), ipv6z (4) }
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The type of IP address contained in
|
|
'hpicfIpLockSourceBindingVoilationsDstIpAddress'.
|
|
The only values expected are ipv6 or ipv6z."
|
|
::= { hpicfDIPLDv6SourceBindingVoilationsObjects 5 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilationsDstIpAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The destination IP address for which this
|
|
'hpicfDIPLDv6SourceBindingVoilations' applies."
|
|
::= { hpicfDIPLDv6SourceBindingVoilationsObjects 6 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilationsMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "The source MAC address for which this
|
|
'hpicfDIPLDv6SourceBindingVoilations' applies."
|
|
::= { hpicfDIPLDv6SourceBindingVoilationsObjects 7 }
|
|
|
|
hpicfDIPLDv6SourceBindingVoilationsPktCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION "This object indicates the number of packets
|
|
received from this host which were dropped."
|
|
::= { hpicfDIPLDv6SourceBindingVoilationsObjects 8 }
|
|
|
|
|
|
-- Configuration Parameters
|
|
hpicfDIPLDv6Config OBJECT IDENTIFIER ::= { hpicfDIPLDv6Objects 1 }
|
|
|
|
hpicfDIPLDv6LockEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "The administrative status of the Dynamic IPv6
|
|
Lockdown feature."
|
|
::= { hpicfDIPLDv6Config 1 }
|
|
|
|
hpicfDIPLDv6PortTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfDIPLDv6PortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Per-interface configuration for Dynamic IPv6
|
|
Lockdown."
|
|
::= { hpicfDIPLDv6Config 2 }
|
|
|
|
hpicfDIPLDv6PortEntry OBJECT-TYPE
|
|
SYNTAX HpicfDIPLDv6PortEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Dynamic IPv6 Lockdown configuration information
|
|
for a single port."
|
|
INDEX { ifIndex }
|
|
::= { hpicfDIPLDv6PortTable 1 }
|
|
|
|
HpicfDIPLDv6PortEntry ::=
|
|
SEQUENCE {
|
|
hpicfDIPLDv6PortEnable TruthValue,
|
|
hpicfDIPLDv6PortOperStatus BITS
|
|
}
|
|
|
|
hpicfDIPLDv6PortEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "This object indicates whether this port is
|
|
enabled for Dynamic IPv6 Lockdown."
|
|
::= { hpicfDIPLDv6PortEntry 1 }
|
|
|
|
hpicfDIPLDv6PortOperStatus OBJECT-TYPE
|
|
SYNTAX BITS{
|
|
active(0),
|
|
noDsnoopv6(1),
|
|
trustedPort(2),
|
|
noSnoopingVlan(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "This object indicates the various states of the
|
|
current operating mode of Dynamic IPv6 Lockdown on
|
|
this port. The states are:
|
|
active - Dynamic IPv6 Lockdown is active
|
|
on this port.
|
|
noDsnoop - Dynamic IPv6 Lockdown is enabled
|
|
on this port, but DHCPv6 Snooping
|
|
is not globally enabled.
|
|
trustedPort - Dynamic IPv6 Lockdown is enabled
|
|
on this port, but is not active
|
|
because the port is a DHCPv6
|
|
Snooping trusted port.
|
|
noSnoopingVlan - Dynamic IPv6 Lockdown is enabled
|
|
on this port, but is not active
|
|
because the port is not a
|
|
member of any VLAN with DHCPv6
|
|
Snooping enabled."
|
|
|
|
::= { hpicfDIPLDv6PortEntry 2 }
|
|
|
|
hpicfDIPLDv6SourceBindingOutOfResourcesTrapCtrl OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Controls generation of SNMP notifications for
|
|
traps defined in this MIB."
|
|
DEFVAL { true }
|
|
::= { hpicfDIPLDv6Config 3 }
|
|
|
|
hpicfDIPLDv6SourceBindingViolationsTrapCtrl OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION "Controls generation of SNMP notifications for
|
|
traps defined in this MIB."
|
|
DEFVAL { true }
|
|
::= { hpicfDIPLDv6Config 4 }
|
|
|
|
hpicfDIPLDv6Status OBJECT IDENTIFIER ::= { hpicfDIPLDv6Objects 2 }
|
|
|
|
|
|
hpicfDIPLDv6AddrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF HpicfDIPLDv6AddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Table of source address bindings on ports
|
|
where Dynamic IPv6 Lockdown is active that
|
|
are currently permitted."
|
|
::= { hpicfDIPLDv6Status 1 }
|
|
|
|
hpicfDIPLDv6AddrEntry OBJECT-TYPE
|
|
SYNTAX HpicfDIPLDv6AddrEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION "Extension to the hpicfSAVI filtering table."
|
|
AUGMENTS { hpicfSaviObjectsFilteringEntry }
|
|
|
|
::= { hpicfDIPLDv6AddrTable 1 }
|
|
|
|
HpicfDIPLDv6AddrEntry ::=
|
|
SEQUENCE {
|
|
hpicfDIPLDv6AddrVlan VlanIndex,
|
|
hpicfDIPLDv6ResourceAvailable TruthValue
|
|
}
|
|
|
|
hpicfDIPLDv6AddrVlan OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION "The VLAN on which this binding entry is permitted."
|
|
::= { hpicfDIPLDv6AddrEntry 1 }
|
|
|
|
|
|
hpicfDIPLDv6ResourceAvailable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Object provides the availability of HW resources
|
|
while adding a binding. TRUE indicates that hardware
|
|
resources were available to add a binding. FALSE indicates that
|
|
resources were not available."
|
|
::= { hpicfDIPLDv6AddrEntry 2 }
|
|
|
|
-- Conformance groups
|
|
hpicfIpv6LockGroups OBJECT IDENTIFIER ::=
|
|
{hpicfIpv6LockConformance 1 }
|
|
|
|
hpicfIpv6LockBaseGroup OBJECT-GROUP
|
|
OBJECTS { hpicfDIPLDv6LockEnable,
|
|
hpicfDIPLDv6PortEnable,
|
|
hpicfDIPLDv6PortOperStatus,
|
|
hpicfDIPLDv6AddrVlan,
|
|
hpicfDIPLDv6ResourceAvailable
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "A collection of objects for configuring and
|
|
monitoring the base Dynamic IPv6 Lockdown
|
|
functionality."
|
|
::= { hpicfIpv6LockGroups 1 }
|
|
|
|
hpicfSourceBindingTrapObjectsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
hpicfDIPLDv6SourceBindingAddrPort,
|
|
hpicfDIPLDv6SourceBindingAddrMacAddress,
|
|
hpicfDIPLDv6SourceBindingAddrIpAddressType,
|
|
hpicfDIPLDv6SourceBindingAddrIpAddress,
|
|
hpicfDIPLDv6SourceBindingAddrVlan,
|
|
hpicfDIPLDv6SourceBindingVoilationsCount,
|
|
hpicfDIPLDv6SourceBindingVoilationsPort,
|
|
hpicfDIPLDv6SourceBindingVoilationsSrcIpType,
|
|
hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress,
|
|
hpicfDIPLDv6SourceBindingVoilationsDstIpType,
|
|
hpicfDIPLDv6SourceBindingVoilationsDstIpAddress,
|
|
hpicfDIPLDv6SourceBindingVoilationsMacAddress,
|
|
hpicfDIPLDv6SourceBindingVoilationsPktCount,
|
|
hpicfDIPLDv6SourceBindingOutOfResourcesTrapCtrl,
|
|
hpicfDIPLDv6SourceBindingViolationsTrapCtrl
|
|
}
|
|
STATUS current
|
|
DESCRIPTION "A collection of objects used in the Dynamic IPv6 Lockdown
|
|
notification."
|
|
::= { hpicfIpv6LockGroups 2 }
|
|
|
|
hpicfSourceBindingTrapsGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS { hpicfDIPDv6SourceBindingOutOfResources ,
|
|
hpicfDIPLDv6SourceBindingVoilations }
|
|
STATUS current
|
|
DESCRIPTION "A collection of trap objects for Dynamic
|
|
IP Lockdown feature."
|
|
::= {hpicfIpv6LockGroups 3 }
|
|
|
|
|
|
hpicfIpv6LockCompliances OBJECT IDENTIFIER ::=
|
|
{ hpicfIpv6LockConformance 2 }
|
|
|
|
hpicfDIPLDv6Compliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION "The compliance statement for HP
|
|
switches that support Dynamic IPv6 Lockdown."
|
|
MODULE
|
|
MANDATORY-GROUPS { hpicfIpv6LockBaseGroup }
|
|
::= { hpicfIpv6LockCompliances 1 }
|
|
|
|
hpicfIpv6SourceBindingTrapCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION "The compliance statement for HP
|
|
switches that support Dynamic IP Lockdown
|
|
Notify group ."
|
|
MODULE --this module
|
|
MANDATORY-GROUPS
|
|
{hpicfSourceBindingTrapObjectsGroup,hpicfSourceBindingTrapsGroup}
|
|
::= { hpicfIpv6LockCompliances 2 }
|
|
END
|
|
|