568 lines
19 KiB
Plaintext
568 lines
19 KiB
Plaintext
-- *****************************************************************
|
||
-- MY-SECURITY-MIB.mib: My Security MIB file
|
||
--
|
||
-- $Copyright$
|
||
--
|
||
-- *****************************************************************
|
||
--
|
||
|
||
MY-SECURITY-MIB DEFINITIONS ::= BEGIN
|
||
|
||
IMPORTS
|
||
MODULE-IDENTITY,
|
||
OBJECT-TYPE,
|
||
NOTIFICATION-TYPE,
|
||
Integer32,
|
||
Counter32,
|
||
IpAddress,
|
||
Unsigned32
|
||
FROM SNMPv2-SMI
|
||
TruthValue,
|
||
DisplayString,
|
||
RowStatus,
|
||
MacAddress
|
||
FROM SNMPv2-TC
|
||
MODULE-COMPLIANCE,
|
||
OBJECT-GROUP,
|
||
NOTIFICATION-GROUP
|
||
FROM SNMPv2-CONF
|
||
ConfigStatus,
|
||
IfIndex
|
||
FROM MY-TC
|
||
ifIndex
|
||
FROM IF-MIB
|
||
EnabledStatus
|
||
FROM P-BRIDGE-MIB
|
||
myMgmt
|
||
FROM MY-SMI;
|
||
|
||
mySecurityMIB MODULE-IDENTITY
|
||
LAST-UPDATED "200203200000Z"
|
||
ORGANIZATION "$Company$"
|
||
CONTACT-INFO
|
||
"
|
||
Tel: $Telephone$
|
||
|
||
E-mail: $E-mail$"
|
||
DESCRIPTION
|
||
"This module defines my security mibs."
|
||
REVISION "200203200000Z"
|
||
DESCRIPTION
|
||
"Initial version of this MIB module."
|
||
::= { myMgmt 6}
|
||
|
||
mySecurityMIBObjects OBJECT IDENTIFIER ::= { mySecurityMIB 1 }
|
||
|
||
myUserManagementObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 1 }
|
||
|
||
mySecurityAddressObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 2 }
|
||
|
||
myPortSecrrityObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 3 }
|
||
|
||
--
|
||
-- user management
|
||
--
|
||
|
||
myEnableSnmpAgent OBJECT-TYPE
|
||
SYNTAX EnabledStatus
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Enabled indicate that user can manage switch by snmp agent,
|
||
disabled indicate that user can't manage switch by snmp agent."
|
||
::= { myUserManagementObjects 1 }
|
||
|
||
myEnableWeb OBJECT-TYPE
|
||
SYNTAX EnabledStatus
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Enabled indicate that user can manage switch by web,
|
||
disabled indicate that user can't manage switch by web."
|
||
::= { myUserManagementObjects 2 }
|
||
|
||
myEnableTelnet OBJECT-TYPE
|
||
SYNTAX EnabledStatus
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Enabled indicate that user can manage switch by telnet,
|
||
disabled indicate that user can't manage switch by telnet."
|
||
::= { myUserManagementObjects 3 }
|
||
|
||
--TelnetHostIpTable
|
||
myTelnetHostIpTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF MyTelnetHostIpEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The table of telnet client's IP address, only these hostes can access the telnet server."
|
||
::= { myUserManagementObjects 4 }
|
||
|
||
myTelnetHostIpEntry OBJECT-TYPE
|
||
SYNTAX MyTelnetHostIpEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The entry of telnet host IP address table."
|
||
INDEX { myTelnetHostIpAddress}
|
||
::= { myTelnetHostIpTable 1 }
|
||
|
||
MyTelnetHostIpEntry ::=
|
||
SEQUENCE {
|
||
myTelnetHostIpAddress
|
||
IpAddress,
|
||
myTelnetHostIpEnable
|
||
INTEGER
|
||
}
|
||
|
||
myTelnetHostIpAddress OBJECT-TYPE
|
||
SYNTAX IpAddress
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The telnet client's IP address, Only these hostes can access the telnet server"
|
||
::= { myTelnetHostIpEntry 1 }
|
||
|
||
myTelnetHostIpEnable OBJECT-TYPE
|
||
SYNTAX INTEGER{
|
||
enable(1),
|
||
disable(2)
|
||
}
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The telnet client's IP address enable state"
|
||
::= { myTelnetHostIpEntry 2 }
|
||
|
||
--WebHostIpTable
|
||
myWebHostIpTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF MyWebHostIpEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The table of web client's IP address, only these hostes can access the web server."
|
||
::= { myUserManagementObjects 5 }
|
||
|
||
myWebHostIpEntry OBJECT-TYPE
|
||
SYNTAX MyWebHostIpEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The entry of web host IP address table."
|
||
INDEX { myWebHostIpAddress}
|
||
::= { myWebHostIpTable 1 }
|
||
|
||
MyWebHostIpEntry ::=
|
||
SEQUENCE {
|
||
myWebHostIpAddress
|
||
IpAddress,
|
||
myWebHostIpEnable
|
||
INTEGER
|
||
}
|
||
|
||
myWebHostIpAddress OBJECT-TYPE
|
||
SYNTAX IpAddress
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The web client's IP address, Only these hostes can access the web server"
|
||
::= { myWebHostIpEntry 1 }
|
||
|
||
myWebHostIpEnable OBJECT-TYPE
|
||
SYNTAX INTEGER{
|
||
enable(1),
|
||
disable(2)
|
||
}
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The web client's IP address enable state"
|
||
::= { myWebHostIpEntry 2 }
|
||
|
||
-- security address
|
||
|
||
mySecurityAddressTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF MySecurityAddressEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The table of security address."
|
||
::= { mySecurityAddressObjects 1 }
|
||
|
||
mySecurityAddressEntry OBJECT-TYPE
|
||
SYNTAX MySecurityAddressEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The entry of Security address table."
|
||
INDEX { mySecurityAddressFdbId,
|
||
mySecurityAddressAddress,
|
||
mySecurityAddressPort,
|
||
mySecurityAddressIpAddr}
|
||
::= { mySecurityAddressTable 1 }
|
||
|
||
MySecurityAddressEntry ::=
|
||
SEQUENCE {
|
||
mySecurityAddressFdbId
|
||
Unsigned32,
|
||
mySecurityAddressAddress
|
||
MacAddress,
|
||
mySecurityAddressPort
|
||
IfIndex,
|
||
mySecurityAddressIpAddr
|
||
IpAddress,
|
||
mySecurityAddressIfBindIp
|
||
TruthValue,
|
||
mySecurityAddressRemainAge
|
||
Integer32,
|
||
mySecurityAddressType
|
||
INTEGER,
|
||
mySecurityAddressStatus
|
||
RowStatus
|
||
}
|
||
|
||
mySecurityAddressFdbId OBJECT-TYPE
|
||
SYNTAX Unsigned32
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The VID of vlan which the security address blongs to."
|
||
::= { mySecurityAddressEntry 1 }
|
||
|
||
mySecurityAddressAddress OBJECT-TYPE
|
||
SYNTAX MacAddress
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The MAC address of the security address."
|
||
::= { mySecurityAddressEntry 2 }
|
||
|
||
mySecurityAddressPort OBJECT-TYPE
|
||
SYNTAX IfIndex
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The interface which the security address blongs to."
|
||
::= { mySecurityAddressEntry 3 }
|
||
|
||
mySecurityAddressIpAddr OBJECT-TYPE
|
||
SYNTAX IpAddress
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The IP address which the security address bind.It's meaning only when
|
||
mySecurityAddressIfBindIp is true."
|
||
::= { mySecurityAddressEntry 4 }
|
||
|
||
mySecurityAddressIfBindIp OBJECT-TYPE
|
||
SYNTAX TruthValue
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"this object offer the means whether security address will bind IP."
|
||
::= { mySecurityAddressEntry 5 }
|
||
|
||
mySecurityAddressRemainAge OBJECT-TYPE
|
||
SYNTAX Integer32
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The remain age of the security address, in units of minute."
|
||
::= { mySecurityAddressEntry 6 }
|
||
|
||
mySecurityAddressType OBJECT-TYPE
|
||
SYNTAX INTEGER{
|
||
secureConfigured(1),
|
||
dynamicLearn(2)
|
||
}
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The type of the security address"
|
||
::= { mySecurityAddressEntry 7 }
|
||
|
||
mySecurityAddressStatus OBJECT-TYPE
|
||
SYNTAX RowStatus
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"entry status of this entry. and the means in this enviraments can
|
||
reffer to the text-convention definition of the RowStatus."
|
||
::= { mySecurityAddressEntry 8 }
|
||
|
||
|
||
--Address Bind Table
|
||
myBindAddressTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF MyBindAddressEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"IP<49><50>ַ<EFBFBD><D6B7>MAC<41><43>ַ<EFBFBD><EFBFBD><F3B6A8B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>յ<EFBFBD>ԴIP<49><50>ַΪ
|
||
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ж<EFBFBD><D0B6><EFBFBD><EFBFBD><EFBFBD>IP<49><50>ַ<EFBFBD><D6B7>֡ʱ<D6A1><CAB1>֡<EFBFBD><D6A1>ԴMAC<41><43>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD>
|
||
Ϊ<><CEAA><EFBFBD><EFBFBD>MAC<41><43>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֡<EFBFBD><D6A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>."
|
||
::= { mySecurityAddressObjects 2 }
|
||
|
||
myBindAddressEntry OBJECT-TYPE
|
||
SYNTAX MyBindAddressEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The entry of Bind address table."
|
||
INDEX { myBindAddressIpAddr}
|
||
::= { myBindAddressTable 1 }
|
||
|
||
MyBindAddressEntry ::=
|
||
SEQUENCE {
|
||
myBindAddressIpAddr
|
||
IpAddress,
|
||
myBindMacAddress
|
||
MacAddress,
|
||
myBindAddressStatus
|
||
ConfigStatus
|
||
}
|
||
myBindAddressIpAddr OBJECT-TYPE
|
||
SYNTAX IpAddress
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The IP address which the security address bind.It's meaning only when
|
||
myBindAddressIfBindIp is true."
|
||
::= { myBindAddressEntry 1 }
|
||
|
||
myBindMacAddress OBJECT-TYPE
|
||
SYNTAX MacAddress
|
||
MAX-ACCESS read-create
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The MAC address of the security address."
|
||
::= { myBindAddressEntry 2 }
|
||
|
||
myBindAddressStatus OBJECT-TYPE
|
||
SYNTAX ConfigStatus
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"entry status. Setting this value to 'invalid' will remove this entry"
|
||
::= { myBindAddressEntry 3 }
|
||
|
||
-- port security
|
||
myPortSecurityTable OBJECT-TYPE
|
||
SYNTAX SEQUENCE OF MyPortSecurityEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"list of port security configuration objects."
|
||
::= { myPortSecrrityObjects 1 }
|
||
|
||
myPortSecurityEntry OBJECT-TYPE
|
||
SYNTAX MyPortSecurityEntry
|
||
MAX-ACCESS not-accessible
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Entry contains port security configurations."
|
||
INDEX { myPortSecurityPortIndex }
|
||
::= { myPortSecurityTable 1 }
|
||
|
||
MyPortSecurityEntry ::=
|
||
SEQUENCE {
|
||
myPortSecurityPortIndex IfIndex,
|
||
myPortSecurityStatus EnabledStatus,
|
||
myPortSecurViolationType INTEGER,
|
||
myPortSecurityAddrNum Integer32,
|
||
myPortSecurityAddrAge Integer32,
|
||
myPortStaticSecurAddrIfAge EnabledStatus,
|
||
myPortSecurityAddressCurrentNum Integer32,
|
||
myPortStaticSecurAddrCurrentNum Integer32,
|
||
myPortSecurityIpDistrMode INTEGER
|
||
}
|
||
|
||
myPortSecurityPortIndex OBJECT-TYPE
|
||
SYNTAX IfIndex
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
""
|
||
::= { myPortSecurityEntry 1 }
|
||
|
||
myPortSecurityStatus OBJECT-TYPE
|
||
SYNTAX EnabledStatus
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
""
|
||
DEFVAL { disabled }
|
||
::= { myPortSecurityEntry 2 }
|
||
|
||
myPortSecurViolationType OBJECT-TYPE
|
||
SYNTAX INTEGER {
|
||
violation-protect(1),
|
||
violation-restrict(2),
|
||
violation-shutdown(3)
|
||
}
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"this object define 3 grades of port security:
|
||
violation-protect(1):
|
||
normal security grade, indicate that when the a datagram received on a
|
||
port with illegal MAC address will be discarded but not send trap,
|
||
legal and illegal MAC to a port security is
|
||
defined by per port's security below.
|
||
violation-restrict(2):
|
||
normal security grade, indicate that when the a datagram received on a
|
||
port with illegal MAC address will be discarded and send trap, legal and illegal MAC
|
||
to a port security is defined by per port's security below.
|
||
violation-shutdown(3):
|
||
strict security grade, indicate that when the a datagram received on a
|
||
port with illegal MAC address, the port will be disabled for the violation
|
||
of the port's security and send trap."
|
||
DEFVAL { violation-protect }
|
||
::= { myPortSecurityEntry 3 }
|
||
|
||
myPortSecurityAddrNum OBJECT-TYPE
|
||
SYNTAX Integer32
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"This value means the address number threshold of this port. A new address want to
|
||
add to the port address will be refused when address num exceed this value.
|
||
This value is valid when myPortSecurityStatus is 'disabled'"
|
||
::= { myPortSecurityEntry 4 }
|
||
|
||
myPortSecurityAddrAge OBJECT-TYPE
|
||
SYNTAX Integer32
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Aging time in units of minute of security address of interface"
|
||
::= { myPortSecurityEntry 5 }
|
||
|
||
myPortStaticSecurAddrIfAge OBJECT-TYPE
|
||
SYNTAX EnabledStatus
|
||
MAX-ACCESS read-write
|
||
STATUS current
|
||
DESCRIPTION
|
||
"This object offer the means whether enable static configured security address
|
||
aging."
|
||
::= { myPortSecurityEntry 6 }
|
||
|
||
myPortSecurityAddressCurrentNum OBJECT-TYPE
|
||
SYNTAX Integer32
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Current number of the security address of interface."
|
||
::= { myPortSecurityEntry 7 }
|
||
|
||
myPortStaticSecurAddrCurrentNum OBJECT-TYPE
|
||
SYNTAX Integer32
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"Current number of the static configured security address of interface."
|
||
::= { myPortSecurityEntry 8 }
|
||
|
||
myPortSecurityIpDistrMode OBJECT-TYPE
|
||
SYNTAX INTEGER{
|
||
static(1), --only Static IP Distribute enabled
|
||
dynamic(2), --only Dynamic IP Distribute enabled
|
||
staticAndDynamic(3), --both Static and Dynamic IP Distribute enable
|
||
unSpecified(4) --not specified
|
||
}
|
||
MAX-ACCESS read-only
|
||
STATUS current
|
||
DESCRIPTION
|
||
"IP Distrute Mode
|
||
(0:Static-only mode,
|
||
1:Dynamic-only mode,
|
||
2:Dynamic and Static mode,
|
||
3:Unspecified mode)"
|
||
::= { myPortSecurityEntry 9 }
|
||
|
||
mySecurityTraps OBJECT IDENTIFIER ::= { mySecurityMIB 2 }
|
||
|
||
portSecurityViolate NOTIFICATION-TYPE
|
||
OBJECTS {ifIndex}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"the mac lock violate trap indicates that if you
|
||
have set the threshold number of learned addresses
|
||
from a port, and their comes a new address from the
|
||
port, but the addresses for the port is already
|
||
full."
|
||
::= { mySecurityTraps 1 }
|
||
|
||
mySecurityMIBConformance OBJECT IDENTIFIER ::= { mySecurityMIB 3 }
|
||
mySecurityMIBCompliances OBJECT IDENTIFIER ::= { mySecurityMIBConformance 1 }
|
||
mySecurityMIBGroups OBJECT IDENTIFIER ::= { mySecurityMIBConformance 2 }
|
||
|
||
|
||
-- compliance statements
|
||
|
||
mySecurityMIBCompliance MODULE-COMPLIANCE
|
||
STATUS current
|
||
DESCRIPTION
|
||
"The compliance statement for entities which implement
|
||
the My Security MIB"
|
||
MODULE -- this module
|
||
MANDATORY-GROUPS { myUserManageMIBGroup,
|
||
mySecurityAddressMIBGroup,
|
||
myPortSecurityMIBGroup
|
||
}
|
||
::= { mySecurityMIBCompliances 1 }
|
||
|
||
-- units of conformance
|
||
|
||
myUserManageMIBGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
myEnableSnmpAgent,
|
||
myEnableWeb,
|
||
myEnableTelnet
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing status snmp and web and telnet
|
||
management agent to a My agent."
|
||
::= { mySecurityMIBGroups 1 }
|
||
|
||
mySecurityAddressMIBGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
mySecurityAddressFdbId,
|
||
mySecurityAddressAddress,
|
||
mySecurityAddressPort,
|
||
mySecurityAddressIpAddr,
|
||
mySecurityAddressIfBindIp,
|
||
mySecurityAddressRemainAge,
|
||
mySecurityAddressType,
|
||
mySecurityAddressStatus,
|
||
myBindAddressIpAddr,
|
||
myBindMacAddress,
|
||
myBindAddressStatus
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing security address to a
|
||
My agent."
|
||
::= { mySecurityMIBGroups 2 }
|
||
|
||
myPortSecurityMIBGroup OBJECT-GROUP
|
||
OBJECTS {
|
||
myPortSecurityPortIndex,
|
||
myPortSecurityStatus,
|
||
myPortSecurViolationType,
|
||
myPortSecurityAddrNum,
|
||
myPortSecurityAddrAge,
|
||
myPortStaticSecurAddrIfAge,
|
||
myPortSecurityAddressCurrentNum,
|
||
myPortStaticSecurAddrCurrentNum,
|
||
myPortSecurityIpDistrMode
|
||
}
|
||
STATUS current
|
||
DESCRIPTION
|
||
"A collection of objects providing port security to a
|
||
My agent."
|
||
::= { mySecurityMIBGroups 3 }
|
||
|
||
END
|