1046 lines
34 KiB
Plaintext
1046 lines
34 KiB
Plaintext
|
|
S5-SWITCH-BAYSECURE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, IpAddress, Integer32
|
|
FROM SNMPv2-SMI
|
|
TEXTUAL-CONVENTION, MacAddress, TimeInterval, TruthValue
|
|
FROM SNMPv2-TC
|
|
s5Com
|
|
FROM S5-ROOT-MIB;
|
|
|
|
s5SbsAuth MODULE-IDENTITY
|
|
LAST-UPDATED "201605180000Z" -- 18 May 2016
|
|
ORGANIZATION "Avaya"
|
|
CONTACT-INFO "Avaya"
|
|
DESCRIPTION
|
|
"BaySecure MIB - MAC-based Security MIB
|
|
|
|
Copyright 1999-2012 Avaya
|
|
All rights reserved.
|
|
This Avaya SNMP Management Information Base Specification
|
|
(Specification) embodies Avaya's confidential and
|
|
proprietary intellectual property. Avaya retains all
|
|
title and ownership in the Specification, including any
|
|
revisions.
|
|
|
|
This Specification is supplied 'AS IS,' and Avaya makes
|
|
no warranty, either express or implied, as to the use,
|
|
operation, condition, or performance of the Specification."
|
|
|
|
REVISION "201605180000Z" -- 18 May 2016
|
|
DESCRIPTION "Version 115: Added s5SbsDaFilteringTable."
|
|
|
|
REVISION "201209130000Z" -- 13 September 2012
|
|
DESCRIPTION "Version 114: Changed s5SbsAutoLearningAgingTime."
|
|
|
|
REVISION "201101100000Z" -- 10 Jan 2011
|
|
DESCRIPTION "Version 113: Added s5SbsAuthCfgTrunk."
|
|
|
|
REVISION "200905280000Z" -- 28 May 2009
|
|
DESCRIPTION "Version 112: Added support for port lock-out feature."
|
|
|
|
REVISION "200902240000Z" -- 24 February 2009
|
|
DESCRIPTION "Version 111: Added support for 'sticky-mac' feature.
|
|
Made some SMIv2 compliance fixes."
|
|
|
|
REVISION "200609180000Z" -- 18 September 2006
|
|
DESCRIPTION "Version 110: Fix DESCRIPTIONS"
|
|
|
|
REVISION "200503090000Z" -- 9 Mar 2005
|
|
DESCRIPTION "Version 109: Expanded range of s5SbsAutoLearningConfigMaxMacs."
|
|
|
|
REVISION "200409030000Z" -- 3 Sept 2004
|
|
DESCRIPTION "Version 108: Added s5SbsAutoLearningPorts."
|
|
|
|
REVISION "200407220000Z" -- 22 July 2004
|
|
DESCRIPTION "Version 107: Added auto-learning enhancements."
|
|
|
|
REVISION "200407200000Z" -- 20 July 2004
|
|
DESCRIPTION "Version 106: Added version info"
|
|
|
|
REVISION "200302200000Z" -- 20 February 2003
|
|
DESCRIPTION
|
|
"v104: 1. Added s5SbsMacViolationTable
|
|
2. Converted to SMIv2"
|
|
|
|
::= { s5Com 3 }
|
|
|
|
PortSet ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "1x:"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The string is a variable length string which may vary from
|
|
0 to 256 octets long. The user must use the OCTET STRING
|
|
length field in order to convey/determine how many octets
|
|
are being used. Each bit corresponds to a port, as
|
|
represented by its ifIndex value . When a bit has the value
|
|
one(1), the corresponding port is a member of the set. When
|
|
a bit has the value zero(0), the corresponding port is not a
|
|
member of the set. The encoding is such that the most
|
|
significant bit of octet #1 corresponds to ifIndex 0, while
|
|
the least significant bit of the last octet corresponds to
|
|
ifIndex ((octet_string_length * 8) - 1). For example, the
|
|
least significant bit of octet #64 corresponds to ifIndex 511."
|
|
SYNTAX OCTET STRING (SIZE (0..256))
|
|
|
|
|
|
-- Switch BaySecure MIB Group
|
|
|
|
s5SbsAuthSecurityLock OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
locked(2),
|
|
notlocked(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If s5SbsAuthSecurityLock is locked(2), the agent will refuse
|
|
all requests to modify the 'security configuration'.
|
|
Objects in s5SbsAuth, the Switch BaySecure MIB Group
|
|
that are part of the 'security configuration', includes
|
|
s5SbsAuthCtlPartTime, objects in s5SbsAuthCfgTable,
|
|
Set requests for all read/write objects in s5SbsAuth group
|
|
excluding this object will result in a BadValue return value."
|
|
::= { s5SbsAuth 1 }
|
|
|
|
|
|
s5SbsAuthCtlPartTime OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the value of s5SbsAuthCfgActionMode is partitionPort or
|
|
partitionPortAndSendTrap, time partition will be done if this
|
|
value is greater than 0. The value indicates the duration of
|
|
the time for port partitioning in seconds. The default value is
|
|
zero. When this value is zero, port remians partitioned until
|
|
manually re-enabled."
|
|
DEFVAL {0}
|
|
::= { s5SbsAuth 2 }
|
|
|
|
|
|
s5SbsSecurityStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether the switch security feature is enabled or not."
|
|
::= { s5SbsAuth 3 }
|
|
|
|
|
|
s5SbsSecurityMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
singleMACperPort(1),
|
|
macList(2),
|
|
autoLearn(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mode of switch security. singleMACperPort(1) indicates
|
|
that the switch is in single-MAC-per-port mode which means it
|
|
allows to configure only one MAC address per port. macList(2)
|
|
indicates that the switch is in MAC-List mode, user can
|
|
configure more than one MAC address per port, the maximum numbers
|
|
of MAC address per port vary from switch to switch. autoLearn(3)
|
|
indicates that the switch will learn the first MAC address on each
|
|
port as an allowed address of that port. Change made between
|
|
singleMACperPort(1), macList(2) and autoLearn(3)
|
|
will erase all the data in s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 4 }
|
|
|
|
|
|
s5SbsSecurityAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noAction(1),
|
|
trap(2),
|
|
partitionPort(3),
|
|
partitionPortAndsendTrap(4),
|
|
daFiltering(5),
|
|
daFilteringAndsendTrap(6),
|
|
partitionPortAnddaFiltering(7),
|
|
partitionPortdaFilteringAndsendTrap(8)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action performed by software when a violation occurs (if
|
|
s5SbsSecurityStatus is enabled). The security action specified
|
|
here applies to all ports of the switch.
|
|
|
|
NOTE: da means destination address.
|
|
|
|
A blocked address will always cause the port to be partitioned
|
|
when unauthorized access is attempted. See
|
|
s5SbsAuthCfgAccessCtrlType for more information on allowed
|
|
and blocked addresses."
|
|
::= { s5SbsAuth 5 }
|
|
|
|
|
|
s5SbsCurrNodesAllowed OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries of the nodes allowed in the
|
|
s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 6 }
|
|
|
|
|
|
s5SbsMaxNodesAllowed OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries of the nodes allowed in the
|
|
s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 7 }
|
|
|
|
s5SbsCurrNodesBlocked OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries of the nodes blocked in the
|
|
s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 8 }
|
|
|
|
|
|
s5SbsMaxNodesBlocked OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries of the nodes blocked
|
|
in the s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 9 }
|
|
|
|
|
|
|
|
|
|
-- Authorized Board and Port Configuration Table
|
|
|
|
|
|
s5SbsAuthCfgTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsAuthCfgEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a list of boards and ports and MAC
|
|
addresses that constitute the security configuration."
|
|
::= { s5SbsAuth 10 }
|
|
|
|
|
|
s5SbsAuthCfgEntry OBJECT-TYPE
|
|
SYNTAX S5SbsAuthCfgEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table indicates the security
|
|
configuration for a specified MAC address and a specified
|
|
port and a specified board. A SNMP SET PDU for a row of the
|
|
s5SbsAuthCfgTable requires the entired sequence of the
|
|
MIB Objects in each s5SbsAuthCfgEntry stored in one PDU.
|
|
Otherwise, GENERR return-value will be returned."
|
|
INDEX {
|
|
s5SbsAuthCfgBrdIndx,
|
|
s5SbsAuthCfgPortIndx,
|
|
s5SbsAuthCfgMACIndx
|
|
}
|
|
::= { s5SbsAuthCfgTable 1 }
|
|
|
|
S5SbsAuthCfgEntry ::=
|
|
SEQUENCE {
|
|
s5SbsAuthCfgBrdIndx Integer32,
|
|
s5SbsAuthCfgPortIndx Integer32,
|
|
s5SbsAuthCfgMACIndx MacAddress,
|
|
s5SbsAuthCfgAccessCtrlType INTEGER,
|
|
s5SbsAuthCfgStatus INTEGER,
|
|
s5SbsAuthCfgSecureList Integer32,
|
|
s5SbsAuthCfgSource INTEGER,
|
|
s5SbsAuthCfgLifetime TimeInterval,
|
|
s5SbsAuthCfgTrunk Integer32
|
|
}
|
|
|
|
s5SbsAuthCfgBrdIndx OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the slot containing the board on which the
|
|
port is located. This value is meaningful --NEW
|
|
only if s5SbsAuthCfgSecureList value is zero. --NEW
|
|
For other SecureList values it should have the value of zero. "
|
|
::= { s5SbsAuthCfgEntry 1}
|
|
|
|
|
|
s5SbsAuthCfgPortIndx OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the port on the board. This value is meaningful
|
|
only if s5SbsAuthCfgSecureList value is zero. --NEW
|
|
For other SecureList values it should have the value of zero. "
|
|
::= { s5SbsAuthCfgEntry 2 }
|
|
|
|
|
|
s5SbsAuthCfgMACIndx OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of source MAC address of allowed station or
|
|
not-allowed station."
|
|
::= { s5SbsAuthCfgEntry 3 }
|
|
|
|
|
|
s5SbsAuthCfgAccessCtrlType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allowed(1),
|
|
blocked(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Node Access Control Type represents whether
|
|
the node entry is node allowed or node blocked type.
|
|
|
|
A MAC address may be allowed on multiple ports."
|
|
::= { s5SbsAuthCfgEntry 4 }
|
|
|
|
|
|
s5SbsAuthCfgStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
valid(1),
|
|
create(2),
|
|
delete(3),
|
|
modify(4),
|
|
createSticky(5)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of the AuthCfg entry. The primary use of
|
|
this object is for modifying the AuthCfg table. Values
|
|
that can be written create(2), delete(3), modify(4).
|
|
Values that can be read: valid(1). Setting this entry
|
|
to delete(3) causes the entry to be deleted from the
|
|
table. Setting a new entry with create(2) causes the
|
|
entry to be created in the table. Setting an entry with
|
|
modify(4) causes the entry to be modified. The response
|
|
to a get request or get-next request will always indicate
|
|
a status of valid (1), since invalid entries are removed
|
|
from the table.
|
|
|
|
This object cannot be modified for entries whose value of
|
|
s5SbsAuthCfgSource is autoLearn(2) if the value of
|
|
s5SbsAutoLearningSticky is false(2). Any such attempt
|
|
will generate an inconsistentValue error."
|
|
::= { s5SbsAuthCfgEntry 5 }
|
|
|
|
|
|
s5SbsAuthCfgSecureList OBJECT-TYPE
|
|
SYNTAX Integer32(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the security list. This value is meaningful
|
|
only if s5SbsAuthCfgBrdIndx and s5SbsAuthCfgPortIndx values
|
|
are zero. For other board and port index values
|
|
it should have the value of zero. This value is used
|
|
as an index into s5SbsSecurityListTable.
|
|
The corresponding MAC Address of this entry is allowed or blocked
|
|
on all the ports of that port list. Note that this value must
|
|
be 0 for entries where the value of s5SbsAuthCfgSource is either
|
|
autoLearn(2) or sticky(3)."
|
|
::= { s5SbsAuthCfgEntry 6 }
|
|
|
|
|
|
s5SbsAuthCfgSource OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
static(1),
|
|
autoLearn(2),
|
|
sticky(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the source of an entry. A value of static(1)
|
|
indicates that the entry was manually created by a user. A value
|
|
of autoLearn(2) indicates that the entry was auto-learned.
|
|
|
|
Note that if the value of s5SbsAutoLearningSticky is false(2), then
|
|
an auto-learned entry cannot be directly deleted, though disabling
|
|
auto-learning for a port will delete all auto-learned MAC addresses
|
|
for the port. However, if the value of s5SbsAutoLearningSticky is
|
|
true(1), then auto-learned addresses can be deleted normally."
|
|
::= { s5SbsAuthCfgEntry 7 }
|
|
|
|
|
|
s5SbsAuthCfgLifetime OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the lifetime of an auto-learned entry. This
|
|
is the time until the entry is automatically deleted by the system.
|
|
This object does not apply to entries whose value of
|
|
s5SbsAuthCfgSource is static(1), and for such entries, the value of
|
|
this object will always be 0."
|
|
::= { s5SbsAuthCfgEntry 8 }
|
|
|
|
s5SbsAuthCfgTrunk OBJECT-TYPE
|
|
SYNTAX Integer32 (0..1024)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The trunk on which a MAC address is allowed or disallowed. This value
|
|
must be 0 if the value of any of these objects is non-zero:
|
|
s5SbsAuthCfgBrdIndx
|
|
s5SbsAuthCfgPortIndx
|
|
s5SbsAuthCfgSecureList
|
|
The value of this object is only used if the above objects all have
|
|
zero values. The value of this object must also be 0 if the value
|
|
of s5SbsAuthCfgSource is either autoLearn(2) or sticky(3)."
|
|
::= { s5SbsAuthCfgEntry 9 }
|
|
|
|
|
|
-- Authorized Board and Port Status Table
|
|
|
|
|
|
|
|
s5SbsAuthStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsAuthStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a snapshot of the authorized boards
|
|
and ports status data collection. Port security
|
|
information consists of an action to be performed when
|
|
an unAuthorized station is detected and the current
|
|
security status of a port."
|
|
::= { s5SbsAuth 11}
|
|
|
|
|
|
s5SbsAuthStatusEntry OBJECT-TYPE
|
|
SYNTAX S5SbsAuthStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table may represent a single MAC address,
|
|
all MAC addresses on a single port, a single port,
|
|
all the ports on a single board, a particuler port on all
|
|
the boards, or all the ports on all the boards."
|
|
INDEX {
|
|
s5SbsAuthStatusBrdIndx,
|
|
s5SbsAuthStatusPortIndx,
|
|
s5SbsAuthStatusMACIndx
|
|
}
|
|
::= { s5SbsAuthStatusTable 1 }
|
|
|
|
|
|
S5SbsAuthStatusEntry ::=
|
|
SEQUENCE {
|
|
s5SbsAuthStatusBrdIndx
|
|
Integer32,
|
|
s5SbsAuthStatusPortIndx
|
|
Integer32,
|
|
s5SbsAuthStatusMACIndx
|
|
MacAddress,
|
|
s5SbsCurrentAccessCtrlType
|
|
INTEGER,
|
|
s5SbsCurrentActionMode
|
|
INTEGER,
|
|
s5SbsCurrentPortSecurStatus
|
|
INTEGER
|
|
}
|
|
|
|
|
|
|
|
s5SbsAuthStatusBrdIndx OBJECT-TYPE
|
|
SYNTAX Integer32(0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the board. This corresponds to the index of
|
|
the slot containing the board if the index is greater
|
|
than zero. A zero index is a wild card."
|
|
::= { s5SbsAuthStatusEntry 1 }
|
|
|
|
|
|
s5SbsAuthStatusPortIndx OBJECT-TYPE
|
|
SYNTAX Integer32(0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the port on the board. This corresponds to
|
|
the index of the last manageable port on the board if
|
|
the index is greater than zero. A zero index is a wild
|
|
card."
|
|
::= { s5SbsAuthStatusEntry 2 }
|
|
|
|
|
|
s5SbsAuthStatusMACIndx OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of MAC address on the port. This corresponds to
|
|
the index of the MAC address on the port if
|
|
the index is greater than zero. A zero index is a wild
|
|
card."
|
|
::= { s5SbsAuthStatusEntry 3 }
|
|
|
|
|
|
s5SbsCurrentAccessCtrlType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allow(1),
|
|
block(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Node Access Control Type represents whether
|
|
the node entry is node allowed or node blocked type."
|
|
::= { s5SbsAuthStatusEntry 4 }
|
|
|
|
|
|
s5SbsCurrentActionMode OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
noAction(1),
|
|
partitionPort(2),
|
|
partitionPortAndsendTrap(3),
|
|
daFiltering(4),
|
|
daFilteringAndsendTrap(5),
|
|
sendTrap(6),
|
|
partitionPortAnddaFiltering(7),
|
|
partitionPortdaFilteringAndsendTrap(8)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An integer value representing the type of information
|
|
contained in this s5SbsAuthStatusEntry.
|
|
noAction(1) represents that port does not have any security
|
|
assigned or the security is turned off.
|
|
|
|
partitionPort(2) represents port is partitioned.
|
|
|
|
partitionPortAndsendTrap(3) represents port is partitioned
|
|
and a trap will be sent to trap receive station(s).
|
|
|
|
daFiltering(4) represents port will filter out the frames with
|
|
the desitnation address field is the MAC address of unauthorized
|
|
station.
|
|
|
|
daFilteringAndsendTrap(5) represents port will filter out the
|
|
frames with the desitnation address field is the MAC address
|
|
of unauthorized station and a trap will be sent to trap receive
|
|
station(s).
|
|
|
|
sendtrap(6) represents a trap will be sent to trap receive station(s).
|
|
|
|
partitionPortAnddaFiltering(7) represents port is partitioned and
|
|
port will filter out the frames with the destination address field
|
|
is the MAC address of unauthorized station.
|
|
|
|
partitionPortdaFilteringAndsendTrap(8) represents port is partitioned,
|
|
port will filter out the frames with the destination address field
|
|
is the MAC address of unauthorized station and a trap will be sent to
|
|
trap receive station(s)."
|
|
::= { s5SbsAuthStatusEntry 5 }
|
|
|
|
|
|
s5SbsCurrentPortSecurStatus OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
notApplicable(1),
|
|
portSecure(2),
|
|
portPartition(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This represents the current port security status.
|
|
If s5SbsSecurityStatus is disable, notApplicable(1) will
|
|
be returned. The port in a normal situation returns the
|
|
status with portSecure(2). portPartition(3) will be returned
|
|
only if the port is partitioned."
|
|
::= { s5SbsAuthStatusEntry 6 }
|
|
|
|
|
|
-- Violation Board and Port Status Table
|
|
|
|
|
|
|
|
s5SbsViolationStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsViolationStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a list of boards, ports where
|
|
network access violations have occurred. Information
|
|
also contains the offending MAC addrersses."
|
|
::= { s5SbsAuth 12}
|
|
|
|
|
|
s5SbsViolationStatusEntry OBJECT-TYPE
|
|
SYNTAX S5SbsViolationStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table "
|
|
INDEX {
|
|
s5SbsViolationStatusBrdIndx,
|
|
s5SbsViolationStatusPortIndx
|
|
}
|
|
::= { s5SbsViolationStatusTable 1 }
|
|
|
|
S5SbsViolationStatusEntry ::=
|
|
SEQUENCE {
|
|
s5SbsViolationStatusBrdIndx
|
|
Integer32,
|
|
s5SbsViolationStatusPortIndx
|
|
Integer32,
|
|
s5SbsViolationStatusMACAddress
|
|
MacAddress
|
|
}
|
|
|
|
|
|
|
|
s5SbsViolationStatusBrdIndx OBJECT-TYPE
|
|
SYNTAX Integer32(1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the board. This corresponds to the
|
|
slot containing the board. This index will be 1 where
|
|
it is not applicable, e.g., ByaStack 303/304."
|
|
::= { s5SbsViolationStatusEntry 1 }
|
|
|
|
|
|
s5SbsViolationStatusPortIndx OBJECT-TYPE
|
|
SYNTAX Integer32(1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the port on the board. This corresponds to
|
|
the port on which a security violation was seen."
|
|
::= { s5SbsViolationStatusEntry 2 }
|
|
|
|
|
|
s5SbsViolationStatusMACAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the device attempting unauthorized
|
|
network access. (MAC addrees-based security)"
|
|
::= { s5SbsViolationStatusEntry 3 }
|
|
|
|
|
|
s5SbsMgmViolationType OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
snmp(1),
|
|
web(2),
|
|
telnet(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of management access attempted when the violation
|
|
occurred."
|
|
::= { s5SbsAuth 13 }
|
|
|
|
|
|
s5SbsMgmViolationIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Address of the station attempting unauthorized
|
|
management access."
|
|
::= { s5SbsAuth 14 }
|
|
|
|
|
|
s5SbsPortSecurityStatus OBJECT-TYPE
|
|
SYNTAX PortSet
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The set of ports for which security is enabled.
|
|
The bitwise AND of s5SbsPortSecurityStatus and
|
|
s5SbsPortLearnStatus must be the empty set."
|
|
::= { s5SbsAuth 15 }
|
|
|
|
|
|
s5SbsPortLearnStatus OBJECT-TYPE
|
|
SYNTAX PortSet
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The set of ports for which auto learning is enabled. Note that
|
|
a port's bit in this object may not be turned on if the port's
|
|
value of s5SbsAutoLearningConfigEnabled is true(1)."
|
|
::= { s5SbsAuth 16 }
|
|
|
|
|
|
s5SbsCurrSecurityLists OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries of the Security lists in the
|
|
s5SbsSecurityListTable."
|
|
::= { s5SbsAuth 17 }
|
|
|
|
|
|
s5SbsMaxSecurityLists OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries of the Security lists in the
|
|
s5SbsSecurityListTable."
|
|
::= { s5SbsAuth 18 }
|
|
|
|
|
|
-- Port Security Lists Table
|
|
|
|
|
|
|
|
s5SbsSecurityListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsSecurityListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a list of Security port lists."
|
|
::= { s5SbsAuth 19}
|
|
|
|
|
|
s5SbsSecurityListEntry OBJECT-TYPE
|
|
SYNTAX S5SbsSecurityListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table "
|
|
INDEX { s5SbsSecurityListIndx }
|
|
::= { s5SbsSecurityListTable 1 }
|
|
|
|
S5SbsSecurityListEntry ::=
|
|
SEQUENCE {
|
|
s5SbsSecurityListIndx Integer32,
|
|
s5SbsSecurityListMembers PortSet,
|
|
s5SbsSecurityListStatus INTEGER
|
|
}
|
|
|
|
s5SbsSecurityListIndx OBJECT-TYPE
|
|
SYNTAX Integer32(1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the security list. This corresponds to the
|
|
Security port list which can be used as index into
|
|
s5SbsAuthCfgTable. "
|
|
::= { s5SbsSecurityListEntry 1 }
|
|
|
|
|
|
s5SbsSecurityListMembers OBJECT-TYPE
|
|
SYNTAX PortSet
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The set of ports that are currently members in
|
|
this Port list."
|
|
::= { s5SbsSecurityListEntry 2 }
|
|
|
|
s5SbsSecurityListStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
valid(1),
|
|
create(2),
|
|
delete(3),
|
|
modify(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of the SecurityList entry. The primary use of
|
|
this object is for modifying the SecurityList table. Values
|
|
that can be written create(2), delete(3), modify(4).
|
|
Values that can be read: valid(1). Setting this entry
|
|
to delete(3) causes the entry to be deleted from the
|
|
table. Setting a new entry with create(2) causes the
|
|
entry to be created in the table. Setting an entry with
|
|
modify(4) causes the entry to be modified. The response
|
|
to a get request or get-next request will always indicate
|
|
a status of valid (1), since invalid entries are removed
|
|
from the table. "
|
|
::= { s5SbsSecurityListEntry 3 }
|
|
|
|
|
|
|
|
|
|
|
|
--
|
|
-- s5SbsMacViolation group, contains info about MAC addresses that have
|
|
-- caused access violations
|
|
--
|
|
|
|
s5SbsMacViolation OBJECT IDENTIFIER ::= { s5SbsAuth 20 }
|
|
|
|
s5SbsMacViolationClear OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
clear(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to clear all entries in the
|
|
s5SbsMacViolationTable. Setting it to clear(2) will clear all
|
|
entries in that table. Setting it to other(1) has no effect.
|
|
This object always returns a value of other(1)."
|
|
::= { s5SbsMacViolation 1 }
|
|
|
|
s5SbsMacViolationTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsMacViolationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a list of Security port lists."
|
|
::= { s5SbsMacViolation 2}
|
|
|
|
|
|
s5SbsMacViolationEntry OBJECT-TYPE
|
|
SYNTAX S5SbsMacViolationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table "
|
|
INDEX { s5SbsMacViolationAddress }
|
|
::= { s5SbsMacViolationTable 1 }
|
|
|
|
S5SbsMacViolationEntry ::=
|
|
SEQUENCE {
|
|
s5SbsMacViolationAddress MacAddress,
|
|
s5SbsMacViolationBrd Integer32,
|
|
s5SbsMacViolationPort Integer32
|
|
}
|
|
|
|
s5SbsMacViolationAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address that caused an access violation."
|
|
::= { s5SbsMacViolationEntry 1 }
|
|
|
|
|
|
s5SbsMacViolationBrd OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The last board/slot/unit number on which the MAC address caused
|
|
an access violation."
|
|
::= { s5SbsMacViolationEntry 2 }
|
|
|
|
s5SbsMacViolationPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The last port number on which the MAC address caused an access
|
|
violation."
|
|
::= { s5SbsMacViolationEntry 3 }
|
|
|
|
|
|
|
|
--
|
|
-- Additional objects for auto-learning support
|
|
--
|
|
|
|
|
|
s5SbsAutoLearningAgingTime OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
UNITS "Minutes"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The lifetime for MAC addresses which are auto-learned. This
|
|
is measured in minutes. A value of 0 means addresses are not
|
|
aged out."
|
|
DEFVAL { 60 }
|
|
::= { s5SbsAuth 21 }
|
|
|
|
s5SbsAutoLearningConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsAutoLearningConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing per-port configuration for auto-learning.
|
|
Entries exist in the table for each ethernet port in the system."
|
|
::= { s5SbsAuth 22 }
|
|
|
|
s5SbsAutoLearningConfigEntry OBJECT-TYPE
|
|
SYNTAX S5SbsAutoLearningConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table "
|
|
INDEX { s5SbsAutoLearningConfigBrd, s5SbsAutoLearningConfigPort }
|
|
::= { s5SbsAutoLearningConfigTable 1 }
|
|
|
|
S5SbsAutoLearningConfigEntry ::=
|
|
SEQUENCE {
|
|
s5SbsAutoLearningConfigBrd Integer32,
|
|
s5SbsAutoLearningConfigPort Integer32,
|
|
s5SbsAutoLearningConfigEnabled TruthValue,
|
|
s5SbsAutoLearningConfigMaxMacs Integer32
|
|
}
|
|
|
|
s5SbsAutoLearningConfigBrd OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The board/slot/unit number."
|
|
::= { s5SbsAutoLearningConfigEntry 1 }
|
|
|
|
s5SbsAutoLearningConfigPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number."
|
|
::= { s5SbsAutoLearningConfigEntry 2 }
|
|
|
|
s5SbsAutoLearningConfigEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether auto-learning is enabled on
|
|
the port. Note that this object may not be set to true(1)
|
|
for a port whose bit is turned on in s5SbsPortLearnStatus.
|
|
Likewise, a port's bit in s5SbsPortLearnStatus may not be
|
|
turned on if the port's value of s5SbsAutoLearningConfigEnabled
|
|
is true(1).
|
|
|
|
Note that if this object is changed from true(1) to false(2),
|
|
all auto-learned MAC addresses for the port will be removed."
|
|
DEFVAL { false }
|
|
::= { s5SbsAutoLearningConfigEntry 3 }
|
|
|
|
s5SbsAutoLearningConfigMaxMacs OBJECT-TYPE
|
|
SYNTAX Integer32 (1..25)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the maximum number of MAC addresses
|
|
that may be learned on the port."
|
|
DEFVAL { 2 }
|
|
::= { s5SbsAutoLearningConfigEntry 4 }
|
|
|
|
s5SbsAutoLearningPorts OBJECT-TYPE
|
|
SYNTAX PortSet
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the set of ports for which auto-
|
|
learning is enabled. It is an alternative to
|
|
s5SbsAutoLearningConfigEnabled."
|
|
::= { s5SbsAuth 23 }
|
|
|
|
s5SbsAutoLearningSticky OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls whether the 'sticky-mac' feature is enabled."
|
|
::= { s5SbsAuth 24 }
|
|
|
|
s5SbsSecurityLockoutPortList OBJECT-TYPE
|
|
SYNTAX PortSet
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object controls the set of ports that are locked such that they
|
|
cannot have mac-security enabled."
|
|
::= { s5SbsAuth 25 }
|
|
|
|
-- MAC Security MAC-DA-Filter Table
|
|
|
|
s5SbsDaFilteringTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsDaFilteringEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a list of destination MAC addresses
|
|
based on which MAC Security will filter the frames."
|
|
::= { s5SbsAuth 26}
|
|
|
|
s5SbsDaFilteringEntry OBJECT-TYPE
|
|
SYNTAX S5SbsDaFilteringEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the MAC Security MAC-DA-Filter table."
|
|
INDEX { s5SbsDaFilteringIndx }
|
|
::= { s5SbsDaFilteringTable 1 }
|
|
|
|
S5SbsDaFilteringEntry ::=
|
|
SEQUENCE {
|
|
s5SbsDaFilteringIndx Integer32,
|
|
s5SbsDaFilteringAddress MacAddress,
|
|
s5SbsDaFilteringStatus INTEGER
|
|
}
|
|
|
|
s5SbsDaFilteringIndx OBJECT-TYPE
|
|
SYNTAX Integer32(1..10)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the MAC Destination Address. This corresponds to the
|
|
destination MAC address table index which is an index into
|
|
s5sbsDaFilteringTable."
|
|
::= { s5SbsDaFilteringEntry 1 }
|
|
|
|
s5SbsDaFilteringAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination MAC address based on which the MAC Security will filter
|
|
the frames which will match any of the addresses in the MAC-DA-Filtering table.
|
|
This object must take the value of a unicast address."
|
|
::= { s5SbsDaFilteringEntry 2 }
|
|
|
|
s5SbsDaFilteringStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
valid(1),
|
|
add(2),
|
|
remove(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of the MAC-DA-Filtering entry. The primary use of
|
|
this object is for modifying the MAC-DA-Filtering table. Values
|
|
that can be written add(2), remove(3).
|
|
Values that can be read: valid(1). Setting this entry
|
|
to remove(3) causes the entry to be deleted from the
|
|
table. Setting a new entry with add(2) causes the
|
|
entry to be added in the table. The response
|
|
to a get request or get-next request will always indicate
|
|
a status of valid (1), since invalid entries are removed
|
|
from the table. "
|
|
::= { s5SbsDaFilteringEntry 3 }
|
|
|
|
END
|