776 lines
22 KiB
Plaintext
776 lines
22 KiB
Plaintext
G6-DHCP-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Counter32, enterprises,NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
DisplayString, MacAddress
|
|
FROM SNMPv2-TC
|
|
g6 FROM MICROSENS-G6-MIB
|
|
;
|
|
|
|
protocol MODULE-IDENTITY --Category
|
|
LAST-UPDATED "201802121619Z"
|
|
ORGANIZATION "MICROSENS GmbH & Co. KG"
|
|
CONTACT-INFO
|
|
"Kueferstrasse 16
|
|
D-59067 Hamm
|
|
Germany
|
|
support@microsens.de
|
|
http://www.microsens.de"
|
|
DESCRIPTION
|
|
"Microsens private MIB for Generation 6 Ethernet Switches"
|
|
|
|
REVISION "201802121619Z"
|
|
DESCRIPTION
|
|
"File creation"
|
|
::= { g6 2 }
|
|
|
|
dhcp OBJECT IDENTIFIER ::= { protocol 49 }
|
|
|
|
|
|
|
|
-- *************************** CONFIGURATION SECTION ********************************
|
|
|
|
|
|
dhcpEnableDhcpRelay OBJECT-TYPE -- enable_dhcp_relay
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"General enable of dhcp relay function."
|
|
::= { dhcp 1 }
|
|
|
|
|
|
dhcpEnableDhcpSnooping OBJECT-TYPE -- enable_dhcp_snooping
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"General enable of dhcp snooping function."
|
|
::= { dhcp 2 }
|
|
|
|
|
|
dhcpEnablePppoeSnooping OBJECT-TYPE -- enable_pppoe_snooping
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"General enable of PPPoE snooping also known as PPPoE Intermediate Agent function."
|
|
::= { dhcp 3 }
|
|
|
|
|
|
dhcpEnableArpInspection OBJECT-TYPE -- enable_arp_inspection
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"General enable of arp inspection function."
|
|
::= { dhcp 4 }
|
|
|
|
|
|
dhcpUnblockPort OBJECT-TYPE -- unblock_port
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This function may be used to unblock a port that has been set to blocking state due to DHCP flooding or due to ARP storm detection. The shorthand port format like 1 for 1/1 may be used. Syntax examples: dhcp.unblock_port = 1/2,1/5 or dhcp.unblock_port = 1/1-1/4. Also the syntax .. = 0-5 to unblock the first 6 ports is supported."
|
|
::= { dhcp 5 }
|
|
|
|
|
|
dhcpClearSnoopingTable OBJECT-TYPE -- clear_snooping_table
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This function may be used to clear the content of the DHCP snooping table."
|
|
::= { dhcp 6 }
|
|
|
|
|
|
-- ******************* Begin of relayConfigTable *************************
|
|
|
|
relayConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RelayConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This configures the DHCP relay option 82. It can be used to supply information from which port a DHCP request came in order to supply an IP based on the physical location of the requestor."
|
|
::= { dhcp 7 }
|
|
|
|
relayConfigEntry OBJECT-TYPE
|
|
SYNTAX RelayConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { relayConfigIndex }
|
|
::= { relayConfigTable 1 }
|
|
|
|
|
|
RelayConfigEntry ::= SEQUENCE {
|
|
relayConfigIndex INTEGER,
|
|
relayConfigDhcpServerAddress DisplayString,
|
|
relayConfigRemoteIdSource INTEGER ,
|
|
relayConfigCustomRemoteId DisplayString,
|
|
relayConfigCircuitIdSource INTEGER
|
|
}
|
|
|
|
relayConfigIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { relayConfigEntry 1 }
|
|
|
|
relayConfigDhcpServerAddress OBJECT-TYPE -- dhcp_server_address
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines host address or network address where the dhcp server(s) resides. Also known as ip_helper_address."
|
|
::= { relayConfigEntry 2 }
|
|
|
|
relayConfigRemoteIdSource OBJECT-TYPE -- remote_id_source
|
|
SYNTAX INTEGER
|
|
{
|
|
hostname (0),
|
|
macAddress (1),
|
|
sysName (2),
|
|
userDefined (3),
|
|
portAlias (4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines how the switch is identified when DHCP option 82 is used. (Suboption2)"
|
|
::= { relayConfigEntry 3 }
|
|
|
|
relayConfigCustomRemoteId OBJECT-TYPE -- custom_remote_id
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This remote id is used for option 82 when 'remote_id_source' is set to USER_DEFINED."
|
|
::= { relayConfigEntry 4 }
|
|
|
|
relayConfigCircuitIdSource OBJECT-TYPE -- circuit_id_source
|
|
SYNTAX INTEGER
|
|
{
|
|
snmpPortId (0),
|
|
slotPortId (1),
|
|
portAlias (2),
|
|
ipSlotPortVlan (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines how the ports are identified when option 82 is used. (Suboption1)"
|
|
::= { relayConfigEntry 5 }
|
|
|
|
|
|
-- ********************* End of relayConfigTable ***********************
|
|
|
|
|
|
-- ******************* Begin of relayPortConfigTable *************************
|
|
|
|
relayPortConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RelayPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This configures the DHCP relay option 82. It can be used to supply information from which port a DHCP request came in order to supply an IP based on the physical location of the requestor."
|
|
::= { dhcp 8 }
|
|
|
|
relayPortConfigEntry OBJECT-TYPE
|
|
SYNTAX RelayPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { relayPortConfigPortIndex }
|
|
::= { relayPortConfigTable 1 }
|
|
|
|
|
|
RelayPortConfigEntry ::= SEQUENCE {
|
|
relayPortConfigPortIndex INTEGER,
|
|
relayPortConfigEnableDhcpRelay INTEGER ,
|
|
relayPortConfigEnableOption82 INTEGER
|
|
}
|
|
|
|
relayPortConfigPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { relayPortConfigEntry 1 }
|
|
|
|
relayPortConfigEnableDhcpRelay OBJECT-TYPE -- enable_dhcp_relay
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When enabled incoming DHCP requests are redirected to the dhcp server or network specified in 'dhcp.relay_config'"
|
|
::= { relayPortConfigEntry 2 }
|
|
|
|
relayPortConfigEnableOption82 OBJECT-TYPE -- enable_option_82
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When enabled incoming DHCP requests are modified in 'dhcp.relay_config'"
|
|
::= { relayPortConfigEntry 3 }
|
|
|
|
|
|
-- ********************* End of relayPortConfigTable ***********************
|
|
|
|
|
|
-- ******************* Begin of snoopingPortConfigTable *************************
|
|
|
|
snoopingPortConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SnoopingPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This configures the DHCP snooping function. DHCP snooping acts like a DHCP firewall between access and link ports. When enabled it ensures that for untrusted ports only DHCP requests are accepted. This prevents malicious users from injecting fake DHCP frames and thus invalid IP addresses."
|
|
::= { dhcp 9 }
|
|
|
|
snoopingPortConfigEntry OBJECT-TYPE
|
|
SYNTAX SnoopingPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { snoopingPortConfigPortIndex }
|
|
::= { snoopingPortConfigTable 1 }
|
|
|
|
|
|
SnoopingPortConfigEntry ::= SEQUENCE {
|
|
snoopingPortConfigPortIndex INTEGER,
|
|
snoopingPortConfigEnableDhcpSnooping INTEGER ,
|
|
snoopingPortConfigDhcpFiltering INTEGER ,
|
|
snoopingPortConfigSnoopingTrust INTEGER ,
|
|
snoopingPortConfigAcceptIngressOption82 INTEGER ,
|
|
snoopingPortConfigMacAddressVerification INTEGER ,
|
|
snoopingPortConfigDhcpRateLimiting Integer32 ,
|
|
snoopingPortConfigClearSnoopingStatistics DisplayString
|
|
}
|
|
|
|
snoopingPortConfigPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { snoopingPortConfigEntry 1 }
|
|
|
|
snoopingPortConfigEnableDhcpSnooping OBJECT-TYPE -- enable_dhcp_snooping
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This enables the DHCP snooping function per port."
|
|
::= { snoopingPortConfigEntry 2 }
|
|
|
|
snoopingPortConfigDhcpFiltering OBJECT-TYPE -- dhcp_filtering
|
|
SYNTAX INTEGER
|
|
{
|
|
disabled (0),
|
|
dropAndEvent (1),
|
|
blockAndEvent (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DHCP filtering prevents DHCP responses being injected from a local access port. It acts like a DHCP firewall between access and link ports."
|
|
::= { snoopingPortConfigEntry 3 }
|
|
|
|
snoopingPortConfigSnoopingTrust OBJECT-TYPE -- snooping_trust
|
|
SYNTAX INTEGER
|
|
{
|
|
auto (0),
|
|
untrusted (1),
|
|
trusted (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DHCP responses are only accepted when they ingress on a trusted port. Typically these are the link ports. AUTO uses the port role and declares all up or downlink ports as trusted."
|
|
::= { snoopingPortConfigEntry 4 }
|
|
|
|
snoopingPortConfigAcceptIngressOption82 OBJECT-TYPE -- accept_ingress_option82
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Normally incoming DHCP request incoming with Option 82 set will be discarded. When enabled then this check is ignored."
|
|
::= { snoopingPortConfigEntry 5 }
|
|
|
|
snoopingPortConfigMacAddressVerification OBJECT-TYPE -- mac_address_verification
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When a packet is received on an untrusted interface, and the source MAC address and the DHCP client MAC address do not match and this feature is enabled, the packet is dropped."
|
|
::= { snoopingPortConfigEntry 6 }
|
|
|
|
snoopingPortConfigDhcpRateLimiting OBJECT-TYPE -- dhcp_rate_limiting
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines how many DHCP request are accepted per second. When the limit is reached, DHCP flooding is assumed and the port is blocked. The value 0 disables the rate limit check."
|
|
::= { snoopingPortConfigEntry 7 }
|
|
|
|
snoopingPortConfigClearSnoopingStatistics OBJECT-TYPE -- clear_snooping_statistics
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset all DHCP related statistics and reason. The snooping binding table is not affected."
|
|
::= { snoopingPortConfigEntry 8 }
|
|
|
|
|
|
-- ********************* End of snoopingPortConfigTable ***********************
|
|
|
|
|
|
-- ******************* Begin of pppoeConfigTable *************************
|
|
|
|
pppoeConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PppoeConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines the general parameter for PPPoE Intermediate Agent feature."
|
|
::= { dhcp 10 }
|
|
|
|
pppoeConfigEntry OBJECT-TYPE
|
|
SYNTAX PppoeConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { pppoeConfigIndex }
|
|
::= { pppoeConfigTable 1 }
|
|
|
|
|
|
PppoeConfigEntry ::= SEQUENCE {
|
|
pppoeConfigIndex INTEGER,
|
|
pppoeConfigVendorId Unsigned32,
|
|
pppoeConfigRemoteIdSource INTEGER ,
|
|
pppoeConfigCustomRemoteId DisplayString,
|
|
pppoeConfigCircuitIdSource INTEGER
|
|
}
|
|
|
|
pppoeConfigIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { pppoeConfigEntry 1 }
|
|
|
|
pppoeConfigVendorId OBJECT-TYPE -- vendor_id
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vendor identification that this device adds to a PPPoE request before forwarding it to the server."
|
|
::= { pppoeConfigEntry 2 }
|
|
|
|
pppoeConfigRemoteIdSource OBJECT-TYPE -- remote_id_source
|
|
SYNTAX INTEGER
|
|
{
|
|
hostname (0),
|
|
macAddress (1),
|
|
sysName (2),
|
|
userDefined (3),
|
|
portAlias (4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The remote id identifies the client that requests a PPPoE connection."
|
|
::= { pppoeConfigEntry 3 }
|
|
|
|
pppoeConfigCustomRemoteId OBJECT-TYPE -- custom_remote_id
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This field is only used in a PPPoE request when the remote_id_source is set to USER_DEFINED."
|
|
::= { pppoeConfigEntry 4 }
|
|
|
|
pppoeConfigCircuitIdSource OBJECT-TYPE -- circuit_id_source
|
|
SYNTAX INTEGER
|
|
{
|
|
snmpPortId (0),
|
|
slotPortId (1),
|
|
portAlias (2),
|
|
ipSlotPortVlan (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This field defines how the port on which a PPPoE request comes in is identified."
|
|
::= { pppoeConfigEntry 5 }
|
|
|
|
|
|
-- ********************* End of pppoeConfigTable ***********************
|
|
|
|
|
|
-- ******************* Begin of pppoePortConfigTable *************************
|
|
|
|
pppoePortConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF PppoePortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table permits port specific enable of the PPPoE Intermediate Agent feature."
|
|
::= { dhcp 11 }
|
|
|
|
pppoePortConfigEntry OBJECT-TYPE
|
|
SYNTAX PppoePortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { pppoePortConfigPortIndex }
|
|
::= { pppoePortConfigTable 1 }
|
|
|
|
|
|
PppoePortConfigEntry ::= SEQUENCE {
|
|
pppoePortConfigPortIndex INTEGER,
|
|
pppoePortConfigEnablePppoeSnooping INTEGER
|
|
}
|
|
|
|
pppoePortConfigPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { pppoePortConfigEntry 1 }
|
|
|
|
pppoePortConfigEnablePppoeSnooping OBJECT-TYPE -- enable_pppoe_snooping
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enables PPPoE intermediate agent function also known as PPPoE Snooping for this port. Also observe the general enable parameter for PPPoE."
|
|
::= { pppoePortConfigEntry 2 }
|
|
|
|
|
|
-- ********************* End of pppoePortConfigTable ***********************
|
|
|
|
|
|
-- ******************* Begin of arpInspectionPortConfigTable *************************
|
|
|
|
arpInspectionPortConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ArpInspectionPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines the parameter for Dynamic ARP Inspection per port. These features should generally be used with untrusted ports."
|
|
::= { dhcp 12 }
|
|
|
|
arpInspectionPortConfigEntry OBJECT-TYPE
|
|
SYNTAX ArpInspectionPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { arpInspectionPortConfigPortIndex }
|
|
::= { arpInspectionPortConfigTable 1 }
|
|
|
|
|
|
ArpInspectionPortConfigEntry ::= SEQUENCE {
|
|
arpInspectionPortConfigPortIndex INTEGER,
|
|
arpInspectionPortConfigEnableArpInspection INTEGER ,
|
|
arpInspectionPortConfigArpRateLimiting Integer32 ,
|
|
arpInspectionPortConfigInspectionDatabase INTEGER ,
|
|
arpInspectionPortConfigArpAclName DisplayString,
|
|
arpInspectionPortConfigAclDefaultLogic INTEGER ,
|
|
arpInspectionPortConfigSourceMacValidation INTEGER ,
|
|
arpInspectionPortConfigDestMacValidation INTEGER ,
|
|
arpInspectionPortConfigIpRangeValidation INTEGER
|
|
}
|
|
|
|
arpInspectionPortConfigPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { arpInspectionPortConfigEntry 1 }
|
|
|
|
arpInspectionPortConfigEnableArpInspection OBJECT-TYPE -- enable_arp_inspection
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Generally enables Dynamic ARP Inspection. The details need to be configured per VLAN in separate table. This feature helps preventing from man-in-the-middle attacks to the network."
|
|
::= { arpInspectionPortConfigEntry 2 }
|
|
|
|
arpInspectionPortConfigArpRateLimiting OBJECT-TYPE -- arp_rate_limiting
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines how many ARP request are accepted per second. When the limit is reached, a DOS attack is assumed and the port is shut down. The value 0 disables the rate limit check."
|
|
::= { arpInspectionPortConfigEntry 3 }
|
|
|
|
arpInspectionPortConfigInspectionDatabase OBJECT-TYPE -- inspection_database
|
|
SYNTAX INTEGER
|
|
{
|
|
none (0),
|
|
dhcp (1),
|
|
arpAcl (2),
|
|
both (3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"When set to another value than NONE, the MAC-IP relationship of the incoming ARPs is verified against the selected table. This ensures that only valid MACs enter the network."
|
|
::= { arpInspectionPortConfigEntry 4 }
|
|
|
|
arpInspectionPortConfigArpAclName OBJECT-TYPE -- arp_acl_name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the ACL (access control list) which declares which IP/MAC relations are acceptible. Note: ACLs are configured under Management.ACL. Several ACL may be specified with a comma separated list. Example acl1, otherlist"
|
|
::= { arpInspectionPortConfigEntry 5 }
|
|
|
|
arpInspectionPortConfigAclDefaultLogic OBJECT-TYPE -- acl_default_logic
|
|
SYNTAX INTEGER
|
|
{
|
|
deny (0),
|
|
permit (1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines which action is taken when none of the ACL records matches. Default is deny which blocks the ARP."
|
|
::= { arpInspectionPortConfigEntry 6 }
|
|
|
|
arpInspectionPortConfigSourceMacValidation OBJECT-TYPE -- source_mac_validation
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body. This check is performed on both ARP requests and responses. Packets with different MAC addresses are dropped."
|
|
::= { arpInspectionPortConfigEntry 7 }
|
|
|
|
arpInspectionPortConfigDestMacValidation OBJECT-TYPE -- dest_mac_validation
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Checks the destination MAC address in the Ethernet header against the target MAC address in ARP body. This check is performed for ARP responses. Packets with different MAC addresses are dropped."
|
|
::= { arpInspectionPortConfigEntry 8 }
|
|
|
|
arpInspectionPortConfigIpRangeValidation OBJECT-TYPE -- ip_range_validation
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Checks ARP for invalid addresses. Invalid addresses include 0.0.0.0, 255.255.255.255, and all IP multicast and loopback addresses. Sender IP addresses are checked in all ARP requests and responses, and target IP addresses are checked only in ARP responses."
|
|
::= { arpInspectionPortConfigEntry 9 }
|
|
|
|
|
|
-- ********************* End of arpInspectionPortConfigTable ***********************
|
|
|
|
|
|
|
|
-- ****************************** STATUS SECTION ********************************
|
|
|
|
|
|
-- ******************* Begin of snoopingStatisticsTable *************************
|
|
|
|
snoopingStatisticsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SnoopingStatisticsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics indicating activity of DHCP snooping."
|
|
::= { dhcp 100 }
|
|
|
|
snoopingStatisticsEntry OBJECT-TYPE
|
|
SYNTAX SnoopingStatisticsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { snoopingStatisticsPortIndex }
|
|
::= { snoopingStatisticsTable 1 }
|
|
|
|
|
|
SnoopingStatisticsEntry ::= SEQUENCE {
|
|
snoopingStatisticsPortIndex INTEGER,
|
|
snoopingStatisticsTrustMode INTEGER ,
|
|
snoopingStatisticsNumberOfDhcpProcessed Unsigned32,
|
|
snoopingStatisticsNumberOfDhcpDropped Unsigned32,
|
|
snoopingStatisticsLastDropReason INTEGER
|
|
}
|
|
|
|
snoopingStatisticsPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { snoopingStatisticsEntry 1 }
|
|
|
|
snoopingStatisticsTrustMode OBJECT-TYPE -- trust_mode
|
|
SYNTAX INTEGER
|
|
{
|
|
undecided (0),
|
|
untrusted (1),
|
|
trusted (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reflects the determined trust mode."
|
|
::= { snoopingStatisticsEntry 2 }
|
|
|
|
snoopingStatisticsNumberOfDhcpProcessed OBJECT-TYPE -- number_of_dhcp_processed
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the number of dhcp messages processed."
|
|
::= { snoopingStatisticsEntry 3 }
|
|
|
|
snoopingStatisticsNumberOfDhcpDropped OBJECT-TYPE -- number_of_dhcp_dropped
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the number of dhcp messages dropped."
|
|
::= { snoopingStatisticsEntry 4 }
|
|
|
|
snoopingStatisticsLastDropReason OBJECT-TYPE -- last_drop_reason
|
|
SYNTAX INTEGER
|
|
{
|
|
ok (0),
|
|
illegalDhcpServer (1),
|
|
dhcpServerSpoofed (2),
|
|
illegalRelayAgent (3),
|
|
bindingMismatch (4),
|
|
flooding (5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { snoopingStatisticsEntry 5 }
|
|
|
|
|
|
-- ********************* End of snoopingStatisticsTable ***********************
|
|
|
|
|
|
-- ******************* Begin of snoopingTableTable *************************
|
|
|
|
snoopingTableTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SnoopingTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists the MAC-IP bindings of the untrusted ports (only) as discovered through DHCP snooping."
|
|
::= { dhcp 101 }
|
|
|
|
snoopingTableEntry OBJECT-TYPE
|
|
SYNTAX SnoopingTableEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { snoopingTableIndex }
|
|
::= { snoopingTableTable 1 }
|
|
|
|
|
|
SnoopingTableEntry ::= SEQUENCE {
|
|
snoopingTableIndex INTEGER,
|
|
snoopingTableMac MacAddress,
|
|
snoopingTableIp OCTET STRING ,
|
|
snoopingTablePort Integer32 ,
|
|
snoopingTableVlan Integer32 ,
|
|
snoopingTableLastUpdated DisplayString,
|
|
snoopingTableLastUpdatedEpoch Unsigned32,
|
|
snoopingTableLeaseTime Counter32
|
|
}
|
|
|
|
snoopingTableIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..255)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { snoopingTableEntry 1 }
|
|
|
|
snoopingTableMac OBJECT-TYPE -- mac
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC address entry"
|
|
::= { snoopingTableEntry 2 }
|
|
|
|
snoopingTableIp OBJECT-TYPE -- ip
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address associated with this MAC."
|
|
::= { snoopingTableEntry 3 }
|
|
|
|
snoopingTablePort OBJECT-TYPE -- port
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Port number for MAC address"
|
|
::= { snoopingTableEntry 4 }
|
|
|
|
snoopingTableVlan OBJECT-TYPE -- vlan
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"if non zero this MAC is part of this VLAN."
|
|
::= { snoopingTableEntry 5 }
|
|
|
|
snoopingTableLastUpdated OBJECT-TYPE -- last_updated
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time stamp when this record was written"
|
|
::= { snoopingTableEntry 6 }
|
|
|
|
snoopingTableLastUpdatedEpoch OBJECT-TYPE -- last_updated_epoch
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Time stamp in alternate format"
|
|
::= { snoopingTableEntry 7 }
|
|
|
|
snoopingTableLeaseTime OBJECT-TYPE -- lease_time
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Lease time as reported by DHCP server"
|
|
::= { snoopingTableEntry 8 }
|
|
|
|
|
|
-- ********************* End of snoopingTableTable ***********************
|
|
|
|
|
|
|
|
END
|
|
|