diff options
| author | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
|---|---|---|
| committer | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
| commit | 98a672123c7872f6b9b75a9a2b6bb3aea504de6a (patch) | |
| tree | 9b13bd7f563c3198047bd359195327cf28b3caf0 /MIBS/cisco/CISCOSB-BRIDGE-SECURITY | |
| download | mibs-main.tar.gz mibs-main.zip | |
Diffstat (limited to 'MIBS/cisco/CISCOSB-BRIDGE-SECURITY')
| -rw-r--r-- | MIBS/cisco/CISCOSB-BRIDGE-SECURITY | 1177 |
1 files changed, 1177 insertions, 0 deletions
diff --git a/MIBS/cisco/CISCOSB-BRIDGE-SECURITY b/MIBS/cisco/CISCOSB-BRIDGE-SECURITY new file mode 100644 index 0000000..de5e7e1 --- /dev/null +++ b/MIBS/cisco/CISCOSB-BRIDGE-SECURITY @@ -0,0 +1,1177 @@ +CISCOSB-BRIDGE-SECURITY DEFINITIONS ::= BEGIN + +-- Version: 7.43 +-- Date: 02-Apr-2006 + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, + Unsigned32, IpAddress, Counter32 FROM SNMPv2-SMI + InterfaceIndex, ifIndex FROM IF-MIB + RowStatus, TEXTUAL-CONVENTION, MacAddress, + DisplayString, TruthValue FROM SNMPv2-TC + VlanId FROM Q-BRIDGE-MIB + switch001 FROM CISCOSB-MIB; + +rlBridgeSecurity MODULE-IDENTITY + LAST-UPDATED "200604020001Z" + ORGANIZATION "Cisco Systems, Inc." + + CONTACT-INFO + "Postal: 170 West Tasman Drive + San Jose , CA 95134-1706 + USA + + + Website: Cisco Small Business Support Community <http://www.cisco.com/go/smallbizsupport>" + + DESCRIPTION + "The private MIB module definition for DHCP Snoop, ARP Inspection + and Ip source Guard features." + ::= { switch001 112} + +rlIpDhcpSnoop OBJECT IDENTIFIER ::= { rlBridgeSecurity 1} + +rlIpSourceGuard OBJECT IDENTIFIER ::= { rlBridgeSecurity 2} + +rlIpArpInspect OBJECT IDENTIFIER ::= { rlBridgeSecurity 3} + +rlProtocolFiltering OBJECT IDENTIFIER ::= { rlBridgeSecurity 4} + +rlIpDhcpOpt82 OBJECT IDENTIFIER ::= { rlBridgeSecurity 5} + + +-- +-- DHCP Snoop +-- +rlIpDhcpSnoopMibVersion OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "MIB's version, the current version is 1." + ::= { rlIpDhcpSnoop 1 } + +rlIpDhcpSnoopEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a system DHCP Snoop enable state." + ::= { rlIpDhcpSnoop 2 } + +rlIpDhcpSnoopFileEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a system DHCP Snoop file enable state." + ::= { rlIpDhcpSnoop 3 } + +rlIpDhcpSnoopClearAction OBJECT-TYPE + SYNTAX INTEGER { + noAction(1), -- for get only + clearNow(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Used to clear DHCP Snoop Table." + ::= { rlIpDhcpSnoop 4 } + +rlIpDhcpSnoopFileUpdateTime OBJECT-TYPE + SYNTAX INTEGER(600..86400) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Configures in seconds the period of time between file updates. + The valid range is 600 - 86400." + ::= { rlIpDhcpSnoop 5 } + +rlIpDhcpSnoopVerifyMacAddress OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Configures on an un-trusted port whether the source MAC address in a DHCP packet matches + the client hardware address." + ::= { rlIpDhcpSnoop 6 } + +rlIpDhcpSnoopCurrentEntiresNumber OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Contain the current number of DHCP snooping entries for all types." + ::= { rlIpDhcpSnoop 7 } + +rlIpDhcpOpt82InsertionEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a DHCP option 82 insertion enable state." + ::= { rlIpDhcpSnoop 8 } + +rlIpDhcpOpt82RxOnUntrustedEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a DHCP option 82 receive on untrusted port enable state." + ::= { rlIpDhcpSnoop 9 } + +-- +-- Dhcp Snoop Static table +-- +rlIpDhcpSnoopStaticTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpSnoopStaticEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table specifies all DHCP Snoop Static (configured by user) entries. + The entry contains a local IP address of the DHCP client, a Port interface to which a DHCP client is connected to the switch." + ::= { rlIpDhcpSnoop 10 } + +rlIpDhcpSnoopStaticEntry OBJECT-TYPE + SYNTAX RlIpDhcpSnoopStaticEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {rlIpDhcpSnoopStaticVLANTag, + rlIpDhcpSnoopStaticMACAddress} +::= { rlIpDhcpSnoopStaticTable 1 } + +RlIpDhcpSnoopStaticEntry ::= SEQUENCE { + rlIpDhcpSnoopStaticVLANTag VlanId, + rlIpDhcpSnoopStaticMACAddress MacAddress, + rlIpDhcpSnoopStaticIPAddress IpAddress, + rlIpDhcpSnoopStaticPortInterface InterfaceIndex, + rlIpDhcpSnoopStaticRowStatus RowStatus +} +rlIpDhcpSnoopStaticVLANTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop Static entry vlan tag." + ::= { rlIpDhcpSnoopStaticEntry 1 } + +rlIpDhcpSnoopStaticMACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop Static entry mac address" + ::= { rlIpDhcpSnoopStaticEntry 2 } + +rlIpDhcpSnoopStaticIPAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A DHCP Snoop Static entry IP address." + ::= { rlIpDhcpSnoopStaticEntry 3 } + +rlIpDhcpSnoopStaticPortInterface OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A DHCP Snoop Static entry Port interface." + ::= { rlIpDhcpSnoopStaticEntry 4 } + +rlIpDhcpSnoopStaticRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A status can be destroy, active or createAndGo" + ::= { rlIpDhcpSnoopStaticEntry 5 } + +-- +-- Dhcp Snoop table +-- + +RlIpDhcpSnoopType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip Dhcp Snoop entry type." + SYNTAX INTEGER { + learnedByProtocol(1), + deletedByTimeout(2), + static(3) +} + +rlIpDhcpSnoopTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpSnoopEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "DHCP Snoop entry. Use to add/delete a dynamic entries and to view all entries (dynamic and static)" + ::= { rlIpDhcpSnoop 11 } + +rlIpDhcpSnoopEntry OBJECT-TYPE + SYNTAX RlIpDhcpSnoopEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {rlIpDhcpSnoopVLANTag, + rlIpDhcpSnoopMACAddress} +::= { rlIpDhcpSnoopTable 1 } + +RlIpDhcpSnoopEntry ::= SEQUENCE { + rlIpDhcpSnoopVLANTag VlanId, + rlIpDhcpSnoopMACAddress MacAddress, + rlIpDhcpSnoopType RlIpDhcpSnoopType, + rlIpDhcpSnoopLeaseTime Unsigned32, + rlIpDhcpSnoopIPAddress IpAddress, + rlIpDhcpSnoopPortInterface InterfaceIndex, + rlIpDhcpSnoopRowStatus RowStatus +} +rlIpDhcpSnoopVLANTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop entry vlan tag." + ::= { rlIpDhcpSnoopEntry 1 } + +rlIpDhcpSnoopMACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop entry mac address" + ::= { rlIpDhcpSnoopEntry 2 } + +rlIpDhcpSnoopType OBJECT-TYPE + SYNTAX RlIpDhcpSnoopType + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A DHCP Snoop entry type: static or dynamic." + ::= { rlIpDhcpSnoopEntry 3 } + +rlIpDhcpSnoopLeaseTime OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A DHCP Snoop lease time. For static entry the lease time is 0xFFFFFFFF" + ::= { rlIpDhcpSnoopEntry 4 } + +rlIpDhcpSnoopIPAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The IP address of the DHCP client referred to in this table entry." + ::= { rlIpDhcpSnoopEntry 5 } + +rlIpDhcpSnoopPortInterface OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Identifies the port Interface ifindex, which connected to DHCP client identified with the entry." + ::= { rlIpDhcpSnoopEntry 6 } + +rlIpDhcpSnoopRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo or Delete." + ::= { rlIpDhcpSnoopEntry 7 } + +-- +-- Dhcp Snoop Enable VLAN Table +-- +rlIpDhcpSnoopEnableVlanTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpSnoopEnableVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An Ip Dhcp Snooping enabled VLAN table." + ::= { rlIpDhcpSnoop 12 } + +rlIpDhcpSnoopEnableVlanEntry OBJECT-TYPE + SYNTAX RlIpDhcpSnoopEnableVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An Ip Dhcp Snooping enabled VLAN entry." + INDEX {rlIpDhcpSnoopEnableVlanTag} +::= { rlIpDhcpSnoopEnableVlanTable 1 } + +RlIpDhcpSnoopEnableVlanEntry ::= SEQUENCE { + rlIpDhcpSnoopEnableVlanTag VlanId, + rlIpDhcpSnoopEnableVlanRowStatus RowStatus +} +rlIpDhcpSnoopEnableVlanTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A DHCP Snoop entry vlan tag." + ::= { rlIpDhcpSnoopEnableVlanEntry 1 } + +rlIpDhcpSnoopEnableVlanRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo and Delete." + ::= { rlIpDhcpSnoopEnableVlanEntry 2 } + +-- +-- Dhcp Snoop Trusted ports Table +-- +rlIpDhcpSnoopTrustedPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpSnoopTrustedPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "DHCP Snoop Trusted ports entry. The entry created when port is configured as trusted." + ::= { rlIpDhcpSnoop 13 } + +rlIpDhcpSnoopTrustedPortEntry OBJECT-TYPE + SYNTAX RlIpDhcpSnoopTrustedPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex} +::= { rlIpDhcpSnoopTrustedPortTable 1 } + +RlIpDhcpSnoopTrustedPortEntry ::= SEQUENCE { + rlIpDhcpSnoopTrustedPortRowStatus RowStatus +} + +rlIpDhcpSnoopTrustedPortRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo or Delete." + ::= { rlIpDhcpSnoopTrustedPortEntry 2 } + +-- +-- IP Source Guard +-- + +rlIpSourceGuardMibVersion OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "MIB's version, the current version is 1." + ::= { rlIpSourceGuard 1 } + +rlIpSourceGuardEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "FALSE - There is no Ip Source Guard in the system. + TRUE - Ip Source Guard is enabled on system." + ::= { rlIpSourceGuard 2 } + +rlIpSourceGuardRetryToInsert OBJECT-TYPE + SYNTAX INTEGER { + noAction(0), -- for get only + retryToInsertNow(1) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When setted to retryToInsertNow all IP Source Guard inactive entries + due to resource problem reinserted in the Policy. + On get always return noAction." + ::= { rlIpSourceGuard 3 } + +rlIpSourceGuardRetryTime OBJECT-TYPE + SYNTAX INTEGER (0..600) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Configures in seconds the period of time the application retries to + insert inactive by resource problem rules. The actual range is 10-600. + 0 used to sign that the timer is not active." + ::= { rlIpSourceGuard 4 } + +-- +-- IP Source Guard Ports table +-- + +rlIpSourceGuardPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpSourceGuardPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "IP Source Guard ports entry. The entry created when IP Source Guard + enabled on port." + ::= { rlIpSourceGuard 5 } + +rlIpSourceGuardPortEntry OBJECT-TYPE + SYNTAX RlIpSourceGuardPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex} +::= { rlIpSourceGuardPortTable 1 } + +RlIpSourceGuardPortEntry ::= SEQUENCE { + rlIpSourceGuardPortRowStatus RowStatus +} +rlIpSourceGuardPortRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateAndGo or Delete." + ::= { rlIpSourceGuardPortEntry 2 } + +-- +-- IP Source Guard table +-- + +RlIpSourceGuardType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip IP Source Guard entry type." + SYNTAX INTEGER { + dynamic(1), + static(2) +} +RlIpSourceGuardStatus ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip IP Source Guard entry status." + SYNTAX INTEGER { + active(1), + inactive(2) +} +RlIpSourceGuardFailReason ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip IP Source Guard entry reason." + SYNTAX INTEGER { + noProblem(1), + noResource(2), + noSnoopVlan(3), + trustPort(4) +} + +rlIpSourceGuardTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpSourceGuardEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "IP Source Guard entry. Use to view all entries (dynamic and static)" + ::= { rlIpSourceGuard 6 } + +rlIpSourceGuardEntry OBJECT-TYPE + SYNTAX RlIpSourceGuardEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex, + rlIpSourceGuardIPAddress, + rlIpSourceGuardVLANTag} +::= { rlIpSourceGuardTable 1 } + +RlIpSourceGuardEntry ::= SEQUENCE { + rlIpSourceGuardIPAddress IpAddress, + rlIpSourceGuardVLANTag VlanId, + rlIpSourceGuardMACAddress MacAddress, + rlIpSourceGuardType RlIpSourceGuardType, + rlIpSourceGuardStatus RlIpSourceGuardStatus, + rlIpSourceGuardFailReason RlIpSourceGuardFailReason +} + +rlIpSourceGuardIPAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The IP address of the Ip Source Guard entry." + ::= { rlIpSourceGuardEntry 1 } + +rlIpSourceGuardVLANTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A Ip Source Guard entry vlan tag." + ::= { rlIpSourceGuardEntry 2 } + +rlIpSourceGuardMACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A Ip Source Guard entry mac address" + ::= { rlIpSourceGuardEntry 3 } + +rlIpSourceGuardType OBJECT-TYPE + SYNTAX RlIpSourceGuardType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A Ip Source Guard entry type: static or dynamic." + ::= { rlIpSourceGuardEntry 4 } + +rlIpSourceGuardStatus OBJECT-TYPE + SYNTAX RlIpSourceGuardStatus + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the status of Ip Source Guard entry." + ::= { rlIpSourceGuardEntry 5 } + +rlIpSourceGuardFailReason OBJECT-TYPE + SYNTAX RlIpSourceGuardFailReason + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the reason for in-activity of Ip Source Guard entry." + ::= { rlIpSourceGuardEntry 6 } + +-- +-- IP Source Guard Permitted rules counter table +-- + +rlIpSourceGuardPermittedRuleCounterTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpSourceGuardPermittedRuleCounterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The table includes, per vlan, the IP Source Guard permitted rules counters." + ::= { rlIpSourceGuard 7 } + +rlIpSourceGuardPermittedRuleCounterEntry OBJECT-TYPE + SYNTAX RlIpSourceGuardPermittedRuleCounterEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {rlIpSourceGuardPermittedRuleCounterVLANTag} +::= { rlIpSourceGuardPermittedRuleCounterTable 1 } + +RlIpSourceGuardPermittedRuleCounterEntry ::= SEQUENCE { + rlIpSourceGuardPermittedRuleCounterVLANTag VlanId, + rlIpSourceGuardPermittedRuleCounterNumOfStaticRules Counter32, + rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules Counter32 +} +rlIpSourceGuardPermittedRuleCounterVLANTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Ip Source Guard permitted rules counters entry Vlan tag." + ::= { rlIpSourceGuardPermittedRuleCounterEntry 1 } + +rlIpSourceGuardPermittedRuleCounterNumOfStaticRules OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of static rules added by IP Source Guard for the permitted Hosts" + ::= { rlIpSourceGuardPermittedRuleCounterEntry 2 } + +rlIpSourceGuardPermittedRuleCounterNumOfDhcpRules OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of rules added by IP Source Guard for the permitted Hosts, + as a result of DHCP Snooping dynamic information." + ::= { rlIpSourceGuardPermittedRuleCounterEntry 3 } + +-- +-- ARP Inspection +-- +RlIpArpInspectListNameType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION "Ip arp inspection list name type." + SYNTAX DisplayString(SIZE(1..32)) + +rlIpArpInspectMibVersion OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "MIB's version, the current version is 1." + ::= { rlIpArpInspect 1 } + +rlIpArpInspectEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION "Specifies a system ARP Inspection enable state." + ::= { rlIpArpInspect 2 } + +rlIpArpInspectLogInterval OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Specify the minimal interval between successive ARP SYSLOG messages. + 0 - message is immediately generated. + 0xFFFFFFFF - messages would not be generated. A legal range is 0-86400." + ::= { rlIpArpInspect 3 } + +rlIpArpInspectValidation OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Defined a specific check on incoming ARP packets: + Source MAC: Compare the source MAC address in the Ethernet header against + the sender MAC address in the ARP body. This check is performed on both ARP requests and responses. + Destination MAC: Compare the destination MAC address in the Ethernet header against + the target MAC address in ARP body. This check is performed for ARP responses. + IP addresses: Compare the ARP body for invalid and unexpected IP addresses. + Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast addresses." + ::= { rlIpArpInspect 4 } + +-- +-- ARP Inspection List table +-- +rlIpArpInspectListTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpArpInspectListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table specifies all ARP Inspection List entries. + The entry contains a list name, list IP address, a list Mac address." + ::= { rlIpArpInspect 5 } + +rlIpArpInspectListEntry OBJECT-TYPE + SYNTAX RlIpArpInspectListEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {rlIpArpInspectListName, + rlIpArpInspectListIPAddress} +::= { rlIpArpInspectListTable 1 } + +RlIpArpInspectListEntry ::= SEQUENCE { + rlIpArpInspectListName RlIpArpInspectListNameType, + rlIpArpInspectListIPAddress IpAddress, + rlIpArpInspectListMACAddress MacAddress, + rlIpArpInspectListRowStatus RowStatus +} + +rlIpArpInspectListName OBJECT-TYPE + SYNTAX RlIpArpInspectListNameType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The Name of the Access List." + ::= { rlIpArpInspectListEntry 1} + +rlIpArpInspectListIPAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "ARP Inspection List IP address." + ::= { rlIpArpInspectListEntry 2 } + +rlIpArpInspectListMACAddress OBJECT-TYPE + SYNTAX MacAddress + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "ARP Inspection List mac address" + ::= { rlIpArpInspectListEntry 3 } + +rlIpArpInspectListRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A status can be destroy, active or createAndGo" + ::= { rlIpArpInspectListEntry 4 } + +-- +-- Arp Inspection Enable VLAN Table +-- +rlIpArpInspectEnableVlanTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpArpInspectEnableVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An Ip ARP Inspection enabled VLAN table." + ::= { rlIpArpInspect 6 } + +rlIpArpInspectEnableVlanEntry OBJECT-TYPE + SYNTAX RlIpArpInspectEnableVlanEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An Ip ARP Inspection enabled VLAN entry." + INDEX {rlIpArpInspectEnableVlanTag} +::= { rlIpArpInspectEnableVlanTable 1 } + +RlIpArpInspectEnableVlanEntry ::= SEQUENCE { + rlIpArpInspectEnableVlanTag VlanId, + rlIpArpInspectAssignedListName RlIpArpInspectListNameType, + rlIpArpInspectEnableVlanRowStatus RowStatus, + rlIpArpInspectVlanNumOfArpForwarded Counter32, + rlIpArpInspectVlanNumOfArpDropped Counter32, + rlIpArpInspectVlanNumOfArpMismatched Counter32, + rlIpArpInspectVlanClearCountersAction TruthValue +} + +rlIpArpInspectEnableVlanTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An Ip ARP Inspection entry vlan tag." + ::= { rlIpArpInspectEnableVlanEntry 1 } + +rlIpArpInspectAssignedListName OBJECT-TYPE + SYNTAX RlIpArpInspectListNameType + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "An Ip ARP Inspection assigned ACL name." + ::= { rlIpArpInspectEnableVlanEntry 2 } + +rlIpArpInspectEnableVlanRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo and Delete." + ::= { rlIpArpInspectEnableVlanEntry 3 } + +rlIpArpInspectVlanNumOfArpForwarded OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Total number of forwarded ARP packets, packets which were validated by ARP inspection " + ::= { rlIpArpInspectEnableVlanEntry 4 } + +rlIpArpInspectVlanNumOfArpDropped OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of dropped ARP packets, which were validated by ARP inspection + (mismatch , not-found and dropped for any reason)" + ::= { rlIpArpInspectEnableVlanEntry 5 } + +rlIpArpInspectVlanNumOfArpMismatched OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of dropped ARP packets, which were validated by ARP inspection + and inconsistency was found for IP and MAC (mismatch)" + ::= { rlIpArpInspectEnableVlanEntry 6 } + +rlIpArpInspectVlanClearCountersAction OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "If true, clear (set to zero) all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded , + rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched" + DEFVAL{ false } + ::= { rlIpArpInspectEnableVlanEntry 7 } + + +-- +-- ARP Inspection Trusted ports Table +-- +rlIpArpInspectTrustedPortTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpArpInspectTrustedPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "ARP Inspection Trusted ports entry. The entry created when port is configured as trusted." + ::= { rlIpArpInspect 7 } + +rlIpArpInspectTrustedPortEntry OBJECT-TYPE + SYNTAX RlIpArpInspectTrustedPortEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex} +::= { rlIpArpInspectTrustedPortTable 1 } + +RlIpArpInspectTrustedPortEntry ::= SEQUENCE { + rlIpArpInspectTrustedPortRowStatus RowStatus +} +rlIpArpInspectTrustedPortRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Entry status. A valid status is CreateandGo or Delete." + ::= { rlIpArpInspectTrustedPortEntry 2 } + + +rlIpArpInspectClearCountersAction OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "If true, clear (set to zero) on all vlans: all Arp Inspection counters: rlIpArpInspectVlanNumOfArpForwarded , + rlIpArpInspectVlanNumOfArpDropped and rlIpArpInspectVlanNumOfArpMismatched" + DEFVAL{ false } + ::= { rlIpArpInspect 8 } + +-- +-- Protocol Filtering +-- +ProtocolFilteringMap ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This TC describes the list of protocol to be filtered. + The bit 'all(0)' indicates all Cisco protocols in range 0100.0ccc.ccc0 - 0100.0ccc.cccf + The bit 'cdp(1)' indicates Cisco CDP protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2000. + + The bit 'vtp(2)' indicates Cisco VTP protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2003. + + The bit 'dtp(3)' indicates Cisco DTP protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x2004. + + The bit 'udld (4)' indicates Cisco UDLD protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type:0x0111. + + The bit 'pagp(5)' indicates Cisco PAGP protocol. + Identified by destination mac address: 0100.0ccc.cccc and protocol type: 0x0104. + + The bit 'sstp(6)' indicates Cisco SSTP protocol. + Identified by destination mac address: 0100.0ccc.cccd. + + " + SYNTAX BITS { + all(0), + cdp(1), + vtp(2), + dtp(3), + udld(4), + pagp(5), + sstp(6) + } + +rlProtocolFilteringTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlProtocolFilteringEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Protocol filter configuration entry" + ::= { rlProtocolFiltering 1 } + +rlProtocolFilteringEntry OBJECT-TYPE + SYNTAX RlProtocolFilteringEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {ifIndex} +::= { rlProtocolFilteringTable 1 } + +RlProtocolFilteringEntry::= SEQUENCE { + rlProtocolFilteringList ProtocolFilteringMap, + rlProtocolFilteringRowStatus RowStatus +} + +rlProtocolFilteringList OBJECT-TYPE + SYNTAX ProtocolFilteringMap + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The list of protocol to be filtered." + ::= { rlProtocolFilteringEntry 1 } +rlProtocolFilteringRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A status can be destroy, active or createAndGo" + ::= { rlProtocolFilteringEntry 2 } + + +-- +-- DHCP Option82 +-- +rlIpDhcpOpt82ConfigEnable OBJECT-TYPE + SYNTAX INTEGER{ + enable(1), + disable(2) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION "Specifies a DHCP option 82 configurable state." + ::= { rlIpDhcpOpt82 1 } + + +rlIpDhcpOpt82SuboptionConfigTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpOpt82SuboptionConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Protocol filter configuration entry" + ::= { rlIpDhcpOpt82 2 } + +rlIpDhcpOpt82SuboptionConfigEntry OBJECT-TYPE + SYNTAX RlIpDhcpOpt82SuboptionConfigEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX {rlIpDhcpOpt82SuboptionConfigIndex} +::= { rlIpDhcpOpt82SuboptionConfigTable 1 } + +RlIpDhcpOpt82SuboptionConfigEntry::= SEQUENCE { + rlIpDhcpOpt82SuboptionConfigIndex INTEGER, + rlIpDhcpOpt82SuboptionConfigCircuitIdPayloadLength INTEGER, + rlIpDhcpOpt82SuboptionConfigCircuitIdFormat DisplayString, + rlIpDhcpOpt82SuboptionConfigRemoteIdPayloadLength INTEGER, + rlIpDhcpOpt82SuboptionConfigRemoteIdFormat DisplayString, + rlIpDhcpOpt82SuboptionConfigNumericTokenFormat INTEGER, + rlIpDhcpOpt82SuboptionConfigCircuitIdAuxFailFlag TruthValue +} + +rlIpDhcpOpt82SuboptionConfigIndex OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Entry index. Must be 1" + ::= { rlIpDhcpOpt82SuboptionConfigEntry 1 } + +rlIpDhcpOpt82SuboptionConfigCircuitIdPayloadLength OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Returns CircuitId payload length." + ::= { rlIpDhcpOpt82SuboptionConfigEntry 2 } + +rlIpDhcpOpt82SuboptionConfigCircuitIdFormat OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..160)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Defines the CircuitId format. Default is an empty string. Empty string means that CircuitId is added in a default format. + Non-empty string AND true value of rlIpDhcpOpt82SuboptionConfigCircuitIdSupported Scalar means that CircuitId is added in configured format" + ::= { rlIpDhcpOpt82SuboptionConfigEntry 3 } + + rlIpDhcpOpt82SuboptionConfigRemoteIdPayloadLength OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Returns RemoteId payload length." + ::= { rlIpDhcpOpt82SuboptionConfigEntry 4 } + +rlIpDhcpOpt82SuboptionConfigRemoteIdFormat OBJECT-TYPE + SYNTAX DisplayString (SIZE (0..160)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Defines the RemoteId format. Default is an empty string. Empty string means that RemoteId is added in a default format. + Non-empty string AND true value of rlIpDhcpOpt82SuboptionConfigRemoteIdSupported Scalar means that RemoteId is added in configured format" + ::= { rlIpDhcpOpt82SuboptionConfigEntry 5 } + +rlIpDhcpOpt82SuboptionConfigNumericTokenFormat OBJECT-TYPE + SYNTAX INTEGER{ + hex(1), + ascii(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Defines the format of numeric tokens included in the Circuit-id and Remote-ID sub-options string." + ::= { rlIpDhcpOpt82SuboptionConfigEntry 6 } + +rlIpDhcpOpt82SuboptionConfigCircuitIdAuxFailFlag OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Defines whatever to fail the CircuitId Suboption configuration" + ::= { rlIpDhcpOpt82SuboptionConfigEntry 7 } + + + -------------------------------------------------------------- + -- rlIpDhcpOpt82SuboptionContentTable (Read Only) + -------------------------------------------------------------- + + rlIpDhcpOpt82SuboptionContentTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpOpt82SuboptionContentEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table specifies option 82 content." + ::= { rlIpDhcpOpt82 3 } + + rlIpDhcpOpt82SuboptionContentEntry OBJECT-TYPE + SYNTAX RlIpDhcpOpt82SuboptionContentEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX { rlIpDhcpOpt82SuboptionContentIfIndex, + rlIpDhcpOpt82SuboptionContentVlanTag } + ::= { rlIpDhcpOpt82SuboptionContentTable 1 } + + RlIpDhcpOpt82SuboptionContentEntry ::= SEQUENCE { + rlIpDhcpOpt82SuboptionContentIfIndex InterfaceIndex, + rlIpDhcpOpt82SuboptionContentVlanTag VlanId, + rlIpDhcpOpt82SuboptionContentCircuitIdHeader OCTET STRING, + rlIpDhcpOpt82SuboptionContentCircuitIdPayload160 OCTET STRING, + rlIpDhcpOpt82SuboptionContentCircuitIdPayload320 OCTET STRING, + rlIpDhcpOpt82SuboptionContentRemoteIdHeader OCTET STRING, + rlIpDhcpOpt82SuboptionContentRemoteIdPayload160 OCTET STRING, + rlIpDhcpOpt82SuboptionContentRemoteIdPayload320 OCTET STRING + } + + rlIpDhcpOpt82SuboptionContentIfIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The port's interface index." + ::= { rlIpDhcpOpt82SuboptionContentEntry 1 } + + rlIpDhcpOpt82SuboptionContentVlanTag OBJECT-TYPE + SYNTAX VlanId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The VLAN identifier." + ::= { rlIpDhcpOpt82SuboptionContentEntry 2 } + + rlIpDhcpOpt82SuboptionContentCircuitIdHeader OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(4)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Specifies option 82 CircuitId suboption header content per interface/port" + ::= { rlIpDhcpOpt82SuboptionContentEntry 3 } + + rlIpDhcpOpt82SuboptionContentCircuitIdPayload160 OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Specifies option 82 CircuitId suboption payload first 160 bytes content per interface/port" + ::= { rlIpDhcpOpt82SuboptionContentEntry 4 } + + rlIpDhcpOpt82SuboptionContentCircuitIdPayload320 OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Specifies option 82 CircuitId suboption payload second 160 bytes content per interface/port" + ::= { rlIpDhcpOpt82SuboptionContentEntry 5 } + + rlIpDhcpOpt82SuboptionContentRemoteIdHeader OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(4)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Specifies option 82 RemoteId suboption header content per interface/port" + ::= { rlIpDhcpOpt82SuboptionContentEntry 6 } + + rlIpDhcpOpt82SuboptionContentRemoteIdPayload160 OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Specifies option 82 RemoteId suboption payload first 160 bytes content per interface/port" + ::= { rlIpDhcpOpt82SuboptionContentEntry 7 } + + rlIpDhcpOpt82SuboptionContentRemoteIdPayload320 OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Specifies option 82 RemoteId suboption payload second 160 bytes content per interface/port" + ::= { rlIpDhcpOpt82SuboptionContentEntry 8 } + + + -------------------------------------------------------------- + -- rlIpDhcpOpt82SuboptionTokenTable (Read Only) + -------------------------------------------------------------- + + rlIpDhcpOpt82SuboptionTokenTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlIpDhcpOpt82SuboptionTokenEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table specifies option 82 content." + ::= { rlIpDhcpOpt82 4 } + + rlIpDhcpOpt82SuboptionTokenEntry OBJECT-TYPE + SYNTAX RlIpDhcpOpt82SuboptionTokenEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX { rlIpDhcpOpt82SuboptionTokenName} + ::= { rlIpDhcpOpt82SuboptionTokenTable 1 } + + RlIpDhcpOpt82SuboptionTokenEntry ::= SEQUENCE { + rlIpDhcpOpt82SuboptionTokenName DisplayString, + rlIpDhcpOpt82SuboptionTokenValue DisplayString, + rlIpDhcpOpt82SuboptionTokenFormat INTEGER, + rlIpDhcpOpt82SuboptionTokenReservedLength INTEGER, + rlIpDhcpOpt82SuboptionTokenHexaLength INTEGER + } + + rlIpDhcpOpt82SuboptionTokenName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Token have meaningful and pre-determined names based on the information they represent. A $ symbol is placed before and after the Token name ($token-name$)." + ::= { rlIpDhcpOpt82SuboptionTokenEntry 1 } + + rlIpDhcpOpt82SuboptionTokenValue OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Token description." + ::= { rlIpDhcpOpt82SuboptionTokenEntry 2 } + + rlIpDhcpOpt82SuboptionTokenFormat OBJECT-TYPE + SYNTAX INTEGER{ + hex(1), + ascii(2), + config(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Token format." + ::= { rlIpDhcpOpt82SuboptionTokenEntry 3 } + + rlIpDhcpOpt82SuboptionTokenReservedLength OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Token reserved length." + ::= { rlIpDhcpOpt82SuboptionTokenEntry 4 } + + rlIpDhcpOpt82SuboptionTokenHexaLength OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "If format is config, the hexa length is returned. Otherwise 0." + ::= { rlIpDhcpOpt82SuboptionTokenEntry 5 } + +END + |