396 lines
15 KiB
Plaintext
396 lines
15 KiB
Plaintext
--MibName=rcPortsecurity
|
|
-- *****************************************************************
|
|
-- switch-portsecurity-mib.smi: Raisecom port security MIB file
|
|
--
|
|
-- 3 2008, chenweiliang
|
|
--
|
|
-- Copyright (c) 1994-2000, 2001 by Raisecom, Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
SWITCH-PORTSECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
iscomSwitch
|
|
FROM RAISECOM-BASE-MIB
|
|
|
|
EnableVar
|
|
FROM SWITCH-TC
|
|
|
|
RowStatus,MacAddress
|
|
FROM SNMPv2-TC;
|
|
|
|
rcPortsecurity MODULE-IDENTITY
|
|
LAST-UPDATED "200412200000Z"
|
|
ORGANIZATION "Raisecom, Inc."
|
|
CONTACT-INFO
|
|
" Raise Systems
|
|
|
|
Postal: Beijing,
|
|
China
|
|
|
|
Tel: 86-010-82884499
|
|
|
|
E-mail: chenweiliang@raisecom.com"
|
|
DESCRIPTION
|
|
"description of port security mac manage object."
|
|
::= { iscomSwitch 49}
|
|
|
|
rcPortSecCfg OBJECT IDENTIFIER ::= { rcPortsecurity 1 }
|
|
rcPortSecTrapGroup OBJECT IDENTIFIER ::= { rcPortsecurity 4 }
|
|
-- -------------------------------------------------------------
|
|
-- groups in the rcPortsecurity MIB rcPortSecCfg
|
|
-- -------------------------------------------------------------
|
|
rcPortSecMacAgingTime OBJECT-TYPE
|
|
SYNTAX INTEGER(0..1440)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interval in which the interface is secured.
|
|
After the expiration of the time, the corresponding
|
|
SecureMacAddress will be removed. If the value of this object is 0,
|
|
the aging mechanism is disabled."
|
|
::= { rcPortSecCfg 1}
|
|
|
|
-- -------------------------------------------------------------
|
|
-- groups in the rcPortsecurity MIB rcPortSecTable
|
|
-- -------------------------------------------------------------
|
|
rcPortSecTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RcPortSecEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of security mac for port and associated properties."
|
|
::= { rcPortsecurity 2}
|
|
|
|
rcPortSecEntry OBJECT-TYPE
|
|
SYNTAX RcPortSecEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table entry for security of port and status information."
|
|
INDEX { rcPortSecIndx }
|
|
::= { rcPortSecTable 1 }
|
|
|
|
RcPortSecEntry ::= SEQUENCE {
|
|
rcPortSecIndx INTEGER,
|
|
rcPortSecEnable EnableVar,
|
|
rcPortSecMaxAllowedMac INTEGER,
|
|
rcPortSecMacViolationAction INTEGER,
|
|
rcPortSecShutUp INTEGER,
|
|
rcPortSecMacStickyEnable EnableVar,
|
|
rcPortSecTrapEnable EnableVar,
|
|
rcPortSecMacDel INTEGER,
|
|
rcPortSecCurMacNum INTEGER,
|
|
rcPortSecMaxMacs INTEGER,
|
|
rcPortSecMacViolations INTEGER,
|
|
rcPortSecViolationStatus INTEGER,
|
|
rcPortSecLastAccessMacAddress MacAddress,
|
|
rcPortSecLastAccessMacVlan INTEGER,
|
|
rcPortSecLastAgingMacAddress MacAddress,
|
|
rcPortSecLastAgingMacVlan INTEGER,
|
|
rcPortSecLastDelMacAddress MacAddress,
|
|
rcPortSecLastDelMacVlan INTEGER,
|
|
rcPortSecLastDelMacFlag INTEGER
|
|
}
|
|
|
|
rcPortSecIndx OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index port number."
|
|
::= { rcPortSecEntry 1 }
|
|
|
|
rcPortSecEnable OBJECT-TYPE
|
|
SYNTAX EnableVar
|
|
ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port security status."
|
|
::= { rcPortSecEntry 2 }
|
|
|
|
rcPortSecMaxAllowedMac OBJECT-TYPE
|
|
SYNTAX INTEGER (1..1024)
|
|
ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of MAC addresses to be secured on the interface.
|
|
when configuration value is larger than rcPortSecCurMacNum,
|
|
the result return wrong,so please check the rcPortSecCurMacNum firstly."
|
|
::= { rcPortSecEntry 3 }
|
|
|
|
rcPortSecMacViolationAction OBJECT-TYPE
|
|
SYNTAX INTEGER (1..3)
|
|
ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Determines the action that the device will take if the traffic matches
|
|
the port security violation."
|
|
::= { rcPortSecEntry 4 }
|
|
|
|
rcPortSecShutUp OBJECT-TYPE
|
|
SYNTAX INTEGER (0..1)
|
|
ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the shut up of security port.."
|
|
::= { rcPortSecEntry 5 }
|
|
|
|
rcPortSecMacStickyEnable OBJECT-TYPE
|
|
SYNTAX EnableVar
|
|
ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Set to 'true' to enable and 'false' to disable Sticky port security feature on this interface.
|
|
Enabling this feature allows the device to secure learned MAC addresses on this interface permanently.
|
|
In order to remove the sticky addresses on this interface,
|
|
user has to manually delete the sticky MAC address(es) or disable the sticky feature itself."
|
|
::= { rcPortSecEntry 6 }
|
|
|
|
rcPortSecTrapEnable OBJECT-TYPE
|
|
SYNTAX EnableVar
|
|
ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the VLAN where the last MAC address that is seen on this interface.
|
|
This object is also used as a variable in the cpsIfVlanSecureMacAddrViolation notification
|
|
to contain the value of the VLAN received the mac address which caused the violation."
|
|
::= { rcPortSecEntry 7 }
|
|
|
|
rcPortSecMacDel OBJECT-TYPE
|
|
SYNTAX INTEGER(1..4)
|
|
ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"It indicates that it can delete security mac address.
|
|
1 indicates configuration security mac,
|
|
2 indicates dynamic security mac,
|
|
3 indicates sticky security mac.
|
|
4 indicates all security mac,"
|
|
::= { rcPortSecEntry 8 }
|
|
|
|
rcPortSecCurMacNum OBJECT-TYPE
|
|
SYNTAX INTEGER (1..1024)
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of MAC addresses secured on this interface."
|
|
::= { rcPortSecEntry 9 }
|
|
|
|
rcPortSecMaxMacs OBJECT-TYPE
|
|
SYNTAX INTEGER (1..1024)
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The history mac max of MAC addresses secured on this interface."
|
|
::= { rcPortSecEntry 10 }
|
|
|
|
rcPortSecMacViolations OBJECT-TYPE
|
|
SYNTAX INTEGER (1..65535)
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the number of violations occurred on a secure interface.
|
|
The counter will be initialized to zero when the port security feature is enabled on an interface."
|
|
::= { rcPortSecEntry 11 }
|
|
|
|
rcPortSecViolationStatus OBJECT-TYPE
|
|
SYNTAX INTEGER (1..2)
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object represents the operational status of the port security feature on an interface.
|
|
secureup(1) - This indicates port security is operational.
|
|
shutdown(2) - This indicates that the port is shutdown due to port security violation
|
|
when the object rcPortSecMacViolationAction is of type 'shutdown'."
|
|
::= { rcPortSecEntry 12 }
|
|
|
|
rcPortSecLastAccessMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the last MAC address that is seen on this interface.
|
|
This object is also used as a variable to contain the value of the MAC address
|
|
which caused the violation."
|
|
::= { rcPortSecEntry 13 }
|
|
|
|
rcPortSecLastAccessMacVlan OBJECT-TYPE
|
|
SYNTAX INTEGER (1..4094)
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the VLAN where the last MAC address that is seen on this interface.
|
|
This object is also used as a variable in the cpsIfVlanSecureMacAddrViolation notification
|
|
to contain the value of the VLAN received the mac address which caused the violation."
|
|
::= { rcPortSecEntry 14 }
|
|
|
|
rcPortSecLastAgingMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the last aging MAC address that is seen on this interface.
|
|
This object is also used as a variable in the rcPortSecAgingTrap notification to
|
|
contain the value of the MAC address which caused the aging trap. "
|
|
::= { rcPortSecEntry 15 }
|
|
|
|
rcPortSecLastAgingMacVlan OBJECT-TYPE
|
|
SYNTAX INTEGER (1..4094)
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the VLAN where the last aging MAC address that is seen on this interface.
|
|
This object is also used as a variable in the rcPortSecAgingTrap notification to contain the
|
|
value of the VLAN related to the mac address which caused the aging."
|
|
::= { rcPortSecEntry 16 }
|
|
|
|
rcPortSecLastDelMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the last deleted MAC address that is seen on this interface.
|
|
This object is also used as a variable in the rcPortSecDelTrap notification to
|
|
contain the value of the MAC address which caused the deletion trap. "
|
|
::= { rcPortSecEntry 17 }
|
|
|
|
rcPortSecLastDelMacVlan OBJECT-TYPE
|
|
SYNTAX INTEGER (1..4094)
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the VLAN where the last deleted MAC address that is seen on this interface.
|
|
This object is also used as a variable in the rcPortSecDelTrap notification to contain the
|
|
value of the VLAN related to the mac address which caused the deletion."
|
|
::= { rcPortSecEntry 18 }
|
|
|
|
rcPortSecLastDelMacFlag OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
static(1),
|
|
dynamic(2),
|
|
sticky(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the last deleted secure MAC address is a configured 'static' or
|
|
learned 'dynamic' or learned and retained across reboots 'sticky'."
|
|
::= { rcPortSecEntry 19 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- groups in the rcPortsecurity MIB rcPortSecMacTable
|
|
-- -------------------------------------------------------------
|
|
rcPortSecMacTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RcPortSecMacEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of security mac for mac and vlan."
|
|
::= { rcPortsecurity 3}
|
|
|
|
rcPortSecMacEntry OBJECT-TYPE
|
|
SYNTAX RcPortSecMacEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table entry for security mac information."
|
|
INDEX {rcPortSecVlan , rcPortSecMac}
|
|
::= { rcPortSecMacTable 1 }
|
|
|
|
RcPortSecMacEntry ::= SEQUENCE {
|
|
rcPortSecVlan INTEGER,
|
|
rcPortSecMac MacAddress,
|
|
rcPortSecPort INTEGER,
|
|
rcPortSecFlag INTEGER,
|
|
rcPortSecAgingTm INTEGER,
|
|
rcPortSecRowStatus RowStatus
|
|
}
|
|
|
|
rcPortSecVlan OBJECT-TYPE
|
|
SYNTAX INTEGER (1..4094)
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the vlan configured on an interface."
|
|
::= { rcPortSecMacEntry 1 }
|
|
|
|
rcPortSecMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the mac configured on an interface."
|
|
::= { rcPortSecMacEntry 2 }
|
|
|
|
rcPortSecPort OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates on which port a secure MAC address configured or learned."
|
|
::= { rcPortSecMacEntry 3 }
|
|
|
|
rcPortSecFlag OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
static(1),
|
|
dynamic(2),
|
|
sticky(3)
|
|
}
|
|
ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the secure MAC address is a configured 'static' or
|
|
learned 'dynamic' or learned and retained across reboots 'sticky'."
|
|
::= { rcPortSecMacEntry 4 }
|
|
|
|
rcPortSecAgingTm OBJECT-TYPE
|
|
SYNTAX INTEGER (0..1440)
|
|
ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates that this MAC should be delate after 'rcPortSecAgingTm' vaule."
|
|
::= { rcPortSecMacEntry 5 }
|
|
|
|
rcPortSecRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this entry."
|
|
::= { rcPortSecMacEntry 6 }
|
|
|
|
-- -------------------------------------------------------------
|
|
-- groups in the rcPortsecurity MIB rcPortSecTrapGroup
|
|
-- -------------------------------------------------------------
|
|
rcPortSecLearningTrap NOTIFICATION-TYPE
|
|
OBJECTS { rcPortSecVlan,rcPortSecMac,rcPortSecPort,rcPortSecFlag }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port security learning trap."
|
|
::= { rcPortSecTrapGroup 1 }
|
|
|
|
rcPortSecViolationTrap NOTIFICATION-TYPE
|
|
OBJECTS { rcPortSecLastAccessMacAddress,rcPortSecLastAccessMacVlan }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Security mac violation trap."
|
|
::= { rcPortSecTrapGroup 2 }
|
|
|
|
rcPortSecAgingTrap NOTIFICATION-TYPE
|
|
OBJECTS { rcPortSecLastAgingMacAddress,rcPortSecLastAgingMacVlan }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Mac aging happens."
|
|
::= { rcPortSecTrapGroup 3 }
|
|
|
|
rcPortSecDelTrap NOTIFICATION-TYPE
|
|
OBJECTS { rcPortSecLastDelMacAddress,rcPortSecLastDelMacVlan,rcPortSecLastDelMacFlag }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Mac deletion happens."
|
|
::= { rcPortSecTrapGroup 4 }
|
|
|
|
END |