567 lines
19 KiB
Plaintext
567 lines
19 KiB
Plaintext
-- *****************************************************************
|
|
-- QTECH-SECURITY-MIB.mib: Qtech Security MIB file
|
|
--
|
|
-- March 2002, Wuzg
|
|
--
|
|
-- Copyright (c) 2002 by Qtech Networks Co.,Ltd.
|
|
-- All rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
--
|
|
|
|
QTECH-SECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Integer32,
|
|
IpAddress,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
TruthValue,
|
|
RowStatus,
|
|
MacAddress
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
ConfigStatus,
|
|
IfIndex
|
|
FROM QTECH-TC
|
|
ifIndex
|
|
FROM IF-MIB
|
|
EnabledStatus
|
|
FROM P-BRIDGE-MIB
|
|
qtechMgmt
|
|
FROM QTECH-SMI;
|
|
|
|
qtechSecurityMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200203200000Z"
|
|
ORGANIZATION "Qtech Networks Co.,Ltd."
|
|
CONTACT-INFO
|
|
"
|
|
Tel: 4008-111-000
|
|
|
|
E-mail: service@qtech.com.cn"
|
|
DESCRIPTION
|
|
"This module defines qtech security mibs."
|
|
REVISION "200203200000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { qtechMgmt 6}
|
|
|
|
qtechSecurityMIBObjects OBJECT IDENTIFIER ::= { qtechSecurityMIB 1 }
|
|
|
|
qtechUserManagementObjects OBJECT IDENTIFIER ::= { qtechSecurityMIBObjects 1 }
|
|
|
|
qtechSecurityAddressObjects OBJECT IDENTIFIER ::= { qtechSecurityMIBObjects 2 }
|
|
|
|
qtechPortSecrrityObjects OBJECT IDENTIFIER ::= { qtechSecurityMIBObjects 3 }
|
|
|
|
--
|
|
-- user management
|
|
--
|
|
|
|
qtechEnableSnmpAgent OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enabled indicate that user can manage switch by snmp agent,
|
|
disabled indicate that user can't manage switch by snmp agent."
|
|
::= { qtechUserManagementObjects 1 }
|
|
|
|
qtechEnableWeb OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enabled indicate that user can manage switch by web,
|
|
disabled indicate that user can't manage switch by web."
|
|
::= { qtechUserManagementObjects 2 }
|
|
|
|
qtechEnableTelnet OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enabled indicate that user can manage switch by telnet,
|
|
disabled indicate that user can't manage switch by telnet."
|
|
::= { qtechUserManagementObjects 3 }
|
|
|
|
--TelnetHostIpTable
|
|
qtechTelnetHostIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF QtechTelnetHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of telnet client's IP address, only these hostes can access the telnet server."
|
|
::= { qtechUserManagementObjects 4 }
|
|
|
|
qtechTelnetHostIpEntry OBJECT-TYPE
|
|
SYNTAX QtechTelnetHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of telnet host IP address table."
|
|
INDEX { qtechTelnetHostIpAddress}
|
|
::= { qtechTelnetHostIpTable 1 }
|
|
|
|
QtechTelnetHostIpEntry ::=
|
|
SEQUENCE {
|
|
qtechTelnetHostIpAddress
|
|
IpAddress,
|
|
qtechTelnetHostIpEnable
|
|
INTEGER
|
|
}
|
|
|
|
qtechTelnetHostIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The telnet client's IP address, Only these hostes can access the telnet server"
|
|
::= { qtechTelnetHostIpEntry 1 }
|
|
|
|
qtechTelnetHostIpEnable OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The telnet client's IP address enable state"
|
|
::= { qtechTelnetHostIpEntry 2 }
|
|
|
|
--WebHostIpTable
|
|
qtechWebHostIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF QtechWebHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of web client's IP address, only these hostes can access the web server."
|
|
::= { qtechUserManagementObjects 5 }
|
|
|
|
qtechWebHostIpEntry OBJECT-TYPE
|
|
SYNTAX QtechWebHostIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of web host IP address table."
|
|
INDEX { qtechWebHostIpAddress}
|
|
::= { qtechWebHostIpTable 1 }
|
|
|
|
QtechWebHostIpEntry ::=
|
|
SEQUENCE {
|
|
qtechWebHostIpAddress
|
|
IpAddress,
|
|
qtechWebHostIpEnable
|
|
INTEGER
|
|
}
|
|
|
|
qtechWebHostIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The web client's IP address, Only these hostes can access the web server"
|
|
::= { qtechWebHostIpEntry 1 }
|
|
|
|
qtechWebHostIpEnable OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The web client's IP address enable state"
|
|
::= { qtechWebHostIpEntry 2 }
|
|
|
|
-- security address
|
|
|
|
qtechSecurityAddressTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF QtechSecurityAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table of security address."
|
|
::= { qtechSecurityAddressObjects 1 }
|
|
|
|
qtechSecurityAddressEntry OBJECT-TYPE
|
|
SYNTAX QtechSecurityAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of Security address table."
|
|
INDEX { qtechSecurityAddressFdbId,
|
|
qtechSecurityAddressAddress,
|
|
qtechSecurityAddressPort,
|
|
qtechSecurityAddressIpAddr}
|
|
::= { qtechSecurityAddressTable 1 }
|
|
|
|
QtechSecurityAddressEntry ::=
|
|
SEQUENCE {
|
|
qtechSecurityAddressFdbId
|
|
Unsigned32,
|
|
qtechSecurityAddressAddress
|
|
MacAddress,
|
|
qtechSecurityAddressPort
|
|
IfIndex,
|
|
qtechSecurityAddressIpAddr
|
|
IpAddress,
|
|
qtechSecurityAddressIfBindIp
|
|
TruthValue,
|
|
qtechSecurityAddressRemainAge
|
|
Integer32,
|
|
qtechSecurityAddressType
|
|
INTEGER,
|
|
qtechSecurityAddressStatus
|
|
RowStatus
|
|
}
|
|
|
|
qtechSecurityAddressFdbId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VID of vlan which the security address blongs to."
|
|
::= { qtechSecurityAddressEntry 1 }
|
|
|
|
qtechSecurityAddressAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the security address."
|
|
::= { qtechSecurityAddressEntry 2 }
|
|
|
|
qtechSecurityAddressPort OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface which the security address blongs to."
|
|
::= { qtechSecurityAddressEntry 3 }
|
|
|
|
qtechSecurityAddressIpAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address which the security address bind.It's meaning only when
|
|
qtechSecurityAddressIfBindIp is true."
|
|
::= { qtechSecurityAddressEntry 4 }
|
|
|
|
qtechSecurityAddressIfBindIp OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"this object offer the means whether security address will bind IP."
|
|
::= { qtechSecurityAddressEntry 5 }
|
|
|
|
qtechSecurityAddressRemainAge OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remain age of the security address, in units of minute."
|
|
::= { qtechSecurityAddressEntry 6 }
|
|
|
|
qtechSecurityAddressType OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
secureConfigured(1),
|
|
dynamicLearn(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of the security address"
|
|
::= { qtechSecurityAddressEntry 7 }
|
|
|
|
qtechSecurityAddressStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"entry status of this entry. and the means in this enviraments can
|
|
reffer to the text-convention definition of the RowStatus."
|
|
::= { qtechSecurityAddressEntry 8 }
|
|
|
|
|
|
--Address Bind Table
|
|
qtechBindAddressTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF QtechBindAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP-MAC bind table. The source MAC address must be bound when the switch receives the frame with
|
|
source IP address defined in this table. Otherwise, the frame will be discarded."
|
|
::= { qtechSecurityAddressObjects 2 }
|
|
|
|
qtechBindAddressEntry OBJECT-TYPE
|
|
SYNTAX QtechBindAddressEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of Bind address table."
|
|
INDEX { qtechBindAddressIpAddr}
|
|
::= { qtechBindAddressTable 1 }
|
|
|
|
QtechBindAddressEntry ::=
|
|
SEQUENCE {
|
|
qtechBindAddressIpAddr
|
|
IpAddress,
|
|
qtechBindMacAddress
|
|
MacAddress,
|
|
qtechBindAddressStatus
|
|
ConfigStatus
|
|
}
|
|
qtechBindAddressIpAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address which the security address bind.It's meaning only when
|
|
qtechBindAddressIfBindIp is true."
|
|
::= { qtechBindAddressEntry 1 }
|
|
|
|
qtechBindMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the security address."
|
|
::= { qtechBindAddressEntry 2 }
|
|
|
|
qtechBindAddressStatus OBJECT-TYPE
|
|
SYNTAX ConfigStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"entry status. Setting this value to 'invalid' will remove this entry"
|
|
::= { qtechBindAddressEntry 3 }
|
|
|
|
-- port security
|
|
qtechPortSecurityTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF QtechPortSecurityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"list of port security configuration objects."
|
|
::= { qtechPortSecrrityObjects 1 }
|
|
|
|
qtechPortSecurityEntry OBJECT-TYPE
|
|
SYNTAX QtechPortSecurityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains port security configurations."
|
|
INDEX { qtechPortSecurityPortIndex }
|
|
::= { qtechPortSecurityTable 1 }
|
|
|
|
QtechPortSecurityEntry ::=
|
|
SEQUENCE {
|
|
qtechPortSecurityPortIndex IfIndex,
|
|
qtechPortSecurityStatus EnabledStatus,
|
|
qtechPortSecurViolationType INTEGER,
|
|
qtechPortSecurityAddrNum Integer32,
|
|
qtechPortSecurityAddrAge Integer32,
|
|
qtechPortStaticSecurAddrIfAge EnabledStatus,
|
|
qtechPortSecurityAddressCurrentNum Integer32,
|
|
qtechPortStaticSecurAddrCurrentNum Integer32,
|
|
qtechPortSecurityIpDistrMode INTEGER
|
|
}
|
|
|
|
qtechPortSecurityPortIndex OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { qtechPortSecurityEntry 1 }
|
|
|
|
qtechPortSecurityStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
DEFVAL { disabled }
|
|
::= { qtechPortSecurityEntry 2 }
|
|
|
|
qtechPortSecurViolationType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
violation-protect(1),
|
|
violation-restrict(2),
|
|
violation-shutdown(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"this object define 3 grades of port security:
|
|
violation-protect(1):
|
|
normal security grade, indicate that when the a datagram received on a
|
|
port with illegal MAC address will be discarded but not send trap,
|
|
legal and illegal MAC to a port security is
|
|
defined by per port's security below.
|
|
violation-restrict(2):
|
|
normal security grade, indicate that when the a datagram received on a
|
|
port with illegal MAC address will be discarded and send trap, legal and illegal MAC
|
|
to a port security is defined by per port's security below.
|
|
violation-shutdown(3):
|
|
strict security grade, indicate that when the a datagram received on a
|
|
port with illegal MAC address, the port will be disabled for the violation
|
|
of the port's security and send trap."
|
|
DEFVAL { violation-protect }
|
|
::= { qtechPortSecurityEntry 3 }
|
|
|
|
qtechPortSecurityAddrNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This value means the address number threshold of this port. A new address want to
|
|
add to the port address will be refused when address num exceed this value.
|
|
This value is valid when qtechPortSecurityStatus is 'disabled'"
|
|
::= { qtechPortSecurityEntry 4 }
|
|
|
|
qtechPortSecurityAddrAge OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Aging time in units of minute of security address of interface"
|
|
::= { qtechPortSecurityEntry 5 }
|
|
|
|
qtechPortStaticSecurAddrIfAge OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object offer the means whether enable static configured security address
|
|
aging."
|
|
::= { qtechPortSecurityEntry 6 }
|
|
|
|
qtechPortSecurityAddressCurrentNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current number of the security address of interface."
|
|
::= { qtechPortSecurityEntry 7 }
|
|
|
|
qtechPortStaticSecurAddrCurrentNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Current number of the static configured security address of interface."
|
|
::= { qtechPortSecurityEntry 8 }
|
|
|
|
qtechPortSecurityIpDistrMode OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
static(1), --only Static IP Distribute enabled
|
|
dynamic(2), --only Dynamic IP Distribute enabled
|
|
staticAndDynamic(3), --both Static and Dynamic IP Distribute enable
|
|
unSpecified(4) --not specified
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Distrute Mode
|
|
(0:Static-only mode,
|
|
1:Dynamic-only mode,
|
|
2:Dynamic and Static mode,
|
|
3:Unspecified mode)"
|
|
::= { qtechPortSecurityEntry 9 }
|
|
|
|
qtechSecurityTraps OBJECT IDENTIFIER ::= { qtechSecurityMIB 2 }
|
|
|
|
portSecurityViolate NOTIFICATION-TYPE
|
|
OBJECTS {ifIndex}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"the mac lock violate trap indicates that if you
|
|
have set the threshold number of learned addresses
|
|
from a port, and their comes a new address from the
|
|
port, but the addresses for the port is already
|
|
full."
|
|
::= { qtechSecurityTraps 1 }
|
|
|
|
qtechSecurityMIBConformance OBJECT IDENTIFIER ::= { qtechSecurityMIB 3 }
|
|
qtechSecurityMIBCompliances OBJECT IDENTIFIER ::= { qtechSecurityMIBConformance 1 }
|
|
qtechSecurityMIBGroups OBJECT IDENTIFIER ::= { qtechSecurityMIBConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
qtechSecurityMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the Qtech Security MIB"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { qtechUserManageMIBGroup,
|
|
qtechSecurityAddressMIBGroup,
|
|
qtechPortSecurityMIBGroup
|
|
}
|
|
::= { qtechSecurityMIBCompliances 1 }
|
|
|
|
-- units of conformance
|
|
|
|
qtechUserManageMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
qtechEnableSnmpAgent,
|
|
qtechEnableWeb,
|
|
qtechEnableTelnet
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing status snmp and web and telnet
|
|
management agent to a Qtech agent."
|
|
::= { qtechSecurityMIBGroups 1 }
|
|
|
|
qtechSecurityAddressMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
-- qtechSecurityAddressFdbId,
|
|
-- qtechSecurityAddressAddress,
|
|
-- qtechSecurityAddressPort,
|
|
-- qtechSecurityAddressIpAddr,
|
|
qtechSecurityAddressIfBindIp,
|
|
qtechSecurityAddressRemainAge,
|
|
qtechSecurityAddressType,
|
|
qtechSecurityAddressStatus,
|
|
-- qtechBindAddressIpAddr,
|
|
qtechBindMacAddress,
|
|
qtechBindAddressStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing security address to a
|
|
Qtech agent."
|
|
::= { qtechSecurityMIBGroups 2 }
|
|
|
|
qtechPortSecurityMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
qtechPortSecurityPortIndex,
|
|
qtechPortSecurityStatus,
|
|
qtechPortSecurViolationType,
|
|
qtechPortSecurityAddrNum,
|
|
qtechPortSecurityAddrAge,
|
|
qtechPortStaticSecurAddrIfAge,
|
|
qtechPortSecurityAddressCurrentNum,
|
|
qtechPortStaticSecurAddrCurrentNum,
|
|
qtechPortSecurityIpDistrMode
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing port security to a
|
|
Qtech agent."
|
|
::= { qtechSecurityMIBGroups 3 }
|
|
|
|
END
|