diff options
| author | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
|---|---|---|
| committer | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
| commit | 98a672123c7872f6b9b75a9a2b6bb3aea504de6a (patch) | |
| tree | 9b13bd7f563c3198047bd359195327cf28b3caf0 /MIBS/dlink/DLINKSW-IP-SOURCE-GUARD-MIB | |
| download | mibs-main.tar.gz mibs-main.zip | |
Diffstat (limited to 'MIBS/dlink/DLINKSW-IP-SOURCE-GUARD-MIB')
| -rw-r--r-- | MIBS/dlink/DLINKSW-IP-SOURCE-GUARD-MIB | 464 |
1 files changed, 464 insertions, 0 deletions
diff --git a/MIBS/dlink/DLINKSW-IP-SOURCE-GUARD-MIB b/MIBS/dlink/DLINKSW-IP-SOURCE-GUARD-MIB new file mode 100644 index 0000000..3b0d296 --- /dev/null +++ b/MIBS/dlink/DLINKSW-IP-SOURCE-GUARD-MIB @@ -0,0 +1,464 @@ +-- *****************************************************************
+-- DLINKSW-IP-SOURCE-GUARD-MIB.mib : IP Source Guard MIB
+--
+-- Copyright (c) 2013 D-Link Corporation, all rights reserved.
+--
+-- *****************************************************************
+
+DLINKSW-IP-SOURCE-GUARD-MIB DEFINITIONS ::= BEGIN
+
+IMPORTS
+ MODULE-IDENTITY,
+ OBJECT-TYPE,
+ Unsigned32
+ FROM SNMPv2-SMI
+ MODULE-COMPLIANCE,
+ OBJECT-GROUP
+ FROM SNMPv2-CONF
+ MacAddress,
+ RowStatus
+ FROM SNMPv2-TC
+ ifIndex,
+ InterfaceIndex
+ FROM IF-MIB
+ InetAddressIPv4
+ FROM INET-ADDRESS-MIB
+ VlanId
+ FROM Q-BRIDGE-MIB
+ Dlink2kVlanList
+ FROM DLINKSW-TC-MIB
+ dlinkIndustrialCommon
+ FROM DLINK-ID-REC-MIB;
+
+
+dlinkSwIpSourceGuardMIB MODULE-IDENTITY
+ LAST-UPDATED "201307180000Z"
+ ORGANIZATION "D-Link Corp."
+ CONTACT-INFO
+ " D-Link Corporation
+
+ Postal: No. 289, Sinhu 3rd Rd., Neihu District,
+ Taipei City 114, Taiwan, R.O.C
+ Tel: +886-2-66000123
+ E-mail: tsd@dlink.com.tw
+ "
+ DESCRIPTION
+ "The MIB module is for configuration of IP Source Guard feature."
+
+ REVISION "201307180000Z"
+ DESCRIPTION
+ "Initial revision of this MIB module."
+ ::= { dlinkIndustrialCommon 132 }
+
+
+ dIpSourceGuardMIBNotifs OBJECT IDENTIFIER ::= { dlinkSwIpSourceGuardMIB 0 }
+ dIpSourceGuardMIBObjects OBJECT IDENTIFIER ::= { dlinkSwIpSourceGuardMIB 1 }
+ dIpSourceGuardMIBConformance OBJECT IDENTIFIER ::= { dlinkSwIpSourceGuardMIB 2 }
+
+-- -----------------------------------------------------------------------------
+ dIpsgBindings OBJECT IDENTIFIER ::= { dIpSourceGuardMIBObjects 1 }
+ dIpsgSrcGuard OBJECT IDENTIFIER ::= { dIpSourceGuardMIBObjects 2 }
+
+-- -----------------------------------------------------------------------------
+ dIpsgStaticBindingsTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF DigStaticBindingsEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table provides the manual bindings information.
+ e.g.
+ VLAN MAC Address IP Address Interface
+ ---- ----------------- ---------- ---------
+ 2000 00.01.02.03.04.05 172.18.1.1 8
+ 3000 00.05.06.07.08.09 10.1.1.1 3
+ 4094 00.10.20.30.40.55 1.1.1.1 5
+ 4094 00.10.20.30.40.55 1.1.1.1 6
+ 4094 00.10.20.30.40.55 1.1.1.1 8
+ "
+ ::= { dIpsgBindings 1 }
+
+ dIpsgStaticBindingsEntry OBJECT-TYPE
+ SYNTAX DigStaticBindingsEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry defines a manual binding.
+ "
+ INDEX {
+ dIpsgStaticBindingsVlan,
+ dIpsgStaticBindingsMacAddress,
+ dIpsgStaticBindingsIpAddress,
+ dIpsgStaticBindingsInterface
+ }
+ ::= { dIpsgStaticBindingsTable 1 }
+
+ DigStaticBindingsEntry ::= SEQUENCE {
+ dIpsgStaticBindingsVlan VlanId,
+ dIpsgStaticBindingsMacAddress MacAddress,
+ dIpsgStaticBindingsIpAddress InetAddressIPv4,
+ dIpsgStaticBindingsInterface InterfaceIndex,
+ dIpsgStaticBindingsRowStatus RowStatus
+ }
+
+ dIpsgStaticBindingsVlan OBJECT-TYPE
+ SYNTAX VlanId
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This object indicates the VLAN to which a host belongs."
+ ::= { dIpsgStaticBindingsEntry 1 }
+
+ dIpsgStaticBindingsMacAddress OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This object indicates the MAC address of a host."
+ ::= { dIpsgStaticBindingsEntry 2 }
+
+ dIpsgStaticBindingsIpAddress OBJECT-TYPE
+ SYNTAX InetAddressIPv4
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This object indicates the allocated IP address of host."
+ ::= { dIpsgStaticBindingsEntry 3 }
+
+ dIpsgStaticBindingsInterface OBJECT-TYPE
+ SYNTAX InterfaceIndex
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This object indicates the ifIndex value of the interface
+ where a host connects to."
+ ::= { dIpsgStaticBindingsEntry 4 }
+
+ dIpsgStaticBindingsRowStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION
+ "This object is used to manage the creation and deletion
+ of rows in this table.
+ "
+ ::= { dIpsgStaticBindingsEntry 99 }
+
+-- -----------------------------------------------------------------------------
+ dIpsgIfSrcGuardConfigTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF DigIfSrcGuardConfigEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table provides the mechanism to enable or disable
+ IP Source Guard at every interface capable of
+ this feature.
+
+ When DHCP Snooping is enabled at an interface, a list of
+ IP addresses is obtained through DHCP Snooping for this
+ particular interface. If IP Source Guard is enabled, only
+ traffic from these IP addresses is allowed to pass through
+ the interface."
+ ::= { dIpsgSrcGuard 1 }
+
+ dIpsgIfSrcGuardConfigEntry OBJECT-TYPE
+ SYNTAX DigIfSrcGuardConfigEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A row instance contains the configuration to enable
+ or disable IP Source Guard as well as the configuration
+ of the filter type at each interface capable
+ of IP Source Guard feature."
+ INDEX { ifIndex }
+ ::= { dIpsgIfSrcGuardConfigTable 1 }
+
+ DigIfSrcGuardConfigEntry ::= SEQUENCE {
+ dIpsgIfSrcGuardFilterType INTEGER
+ }
+
+ dIpsgIfSrcGuardFilterType OBJECT-TYPE
+ SYNTAX INTEGER {
+ disable(1),
+ ip(2),
+ ipMac(3)
+ }
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION
+ "This object indicates the traffic filter type applied
+ at this interface.
+
+ 'disable' - indicates that IP Source Guard feature is disabled.
+
+ 'ip' - the validation is based on source IP address and VLAN only.
+
+ 'ipMac' - the validation is based on the source MAC address, VLAN and IP address.
+ "
+ ::= { dIpsgIfSrcGuardConfigEntry 1 }
+
+
+-- -----------------------------------------------------------------------------
+ dIpsgIfSrcGuardAddrTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF DigIfSrcGuardAddrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "A table provides the information on IP addresses used
+ for IP Source Guard purpose at every interface capable of this
+ feature."
+ ::= { dIpsgSrcGuard 2 }
+
+ dIpsgIfSrcGuardAddrEntry OBJECT-TYPE
+ SYNTAX DigIfSrcGuardAddrEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "An entry defines a binding information that is used to guard the
+ IP traffic.
+ The binding entry may be either manually configured or
+ automatically learned via DHCP snooping.
+ "
+ INDEX {
+ ifIndex,
+ dIpsgIfSrcGuardIndex
+ }
+ ::= { dIpsgIfSrcGuardAddrTable 1 }
+
+ DigIfSrcGuardAddrEntry ::= SEQUENCE {
+ dIpsgIfSrcGuardIndex Unsigned32,
+ dIpsgIfSrcGuardFilterMode INTEGER,
+ dIpsgIfSrcGuardIpAddress InetAddressIPv4,
+ dIpsgIfSrcGuardIpFilterAction INTEGER,
+ dIpsgIfSrcGuardMacAddress MacAddress,
+ dIpsgIfSrcGuardMacFilterAction INTEGER,
+ dIpsgIfSrcGuardVlansFirst2K Dlink2kVlanList,
+ dIpsgIfSrcGuardVlansSecond2K Dlink2kVlanList
+ }
+
+ dIpsgIfSrcGuardIndex OBJECT-TYPE
+ SYNTAX Unsigned32 ( 1 ..65535 )
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION
+ "This object is used to index the dIpsgIfSrcGuardAddrTable.
+ This index is for SNMP purposes only, and has no intrinsic meaning."
+ ::= { dIpsgIfSrcGuardAddrEntry 1 }
+
+ dIpsgIfSrcGuardFilterMode OBJECT-TYPE
+ SYNTAX INTEGER {
+ active(1),
+ inactiveTrustPort(2),
+ inactiveNoSnoopingVlan(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object indicates the Source Guard filter mode at
+ this interface.
+
+ active(1) indicates that the Source Guard feature is
+ active at this interface.
+
+ inactiveTrustPort(2) indicates that the Source Guard
+ feature is inactive because this interface is a DHCP
+ Snooping trust interface and all IP traffic is permitted.
+ In this case, dIpsgIfSrcGuardIpFilterAction is 'permitAllIpAdress'.
+
+ inactiveNoSnoopingVlan(3) indicates that the Source
+ Guard feature is inactive because this interface
+ does not have a VLAN which has DHCP Snooping enabled and
+ no IP source verify entry is active. In this case, all IP traffic
+ is denied and dIpsgIfSrcGuardIpFilterAction is 'denyAllIpAddress'.
+
+ If this object is not 'active', the entry is a special entry:
+ traffic from any VLANs on the interface has the same behavior
+ indicated by dIpsgIfSrcGuardIpFilterAction and both
+ dIpsgIfSrcGuardVlansFirst2K and dIpsgIfSrcGuardVlansSecond2K
+ are empty.
+ "
+ ::= { dIpsgIfSrcGuardAddrEntry 2 }
+
+ dIpsgIfSrcGuardIpAddress OBJECT-TYPE
+ SYNTAX InetAddressIPv4
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object indicates the IP address of the entry.
+ A special value of '0.0.0.0' indicates this object is meaningless.
+ "
+ ::= { dIpsgIfSrcGuardAddrEntry 3 }
+
+ dIpsgIfSrcGuardIpFilterAction OBJECT-TYPE
+ SYNTAX INTEGER {
+ permitIpAddress(1),
+ permitAllIpAdress(2),
+ denyAllIpAddress(3)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object indicates the IP Source Guard action
+ applied at this interface with respect to IP traffic.
+
+ permitIpAddress(1) - indicates that matching IP traffic will be allowed
+ to go through. What is matching traffic depends on the value of
+ dIpsgIfSrcGuardMacFilterAction.
+
+ permitAllIpAdress(2) indicates that all IP traffic coming to this
+ interface will be allowed. In this case, dIpsgIfSrcGuardIpAddress
+ is 0.0.0.0.
+
+ denyAllIpAdress(3) indicates that all IP traffic coming to this
+ interface will be dropped. In this case, dIpsgIfSrcGuardIpAddress
+ is 0.0.0.0.
+
+ When this object is not 'permitIpAddress', the value of
+ dIpsgIfSrcGuardMacFilterAction is meaningless.
+ "
+ ::= { dIpsgIfSrcGuardAddrEntry 4 }
+
+ dIpsgIfSrcGuardMacAddress OBJECT-TYPE
+ SYNTAX MacAddress
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object indicates the MAC address of the entry.
+ A special value of '000000000000'H indicates this object is
+ meaningless.
+ "
+ ::= { dIpsgIfSrcGuardAddrEntry 5 }
+
+ dIpsgIfSrcGuardMacFilterAction OBJECT-TYPE
+ SYNTAX INTEGER {
+ allowMacAddress(1),
+ permitAllMacAddresses(2)
+ }
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object indicates the Source Guard action
+ applied when the traffic matching the entry:
+
+ allowMacAddress(1) - indicates that the IP traffic (compared
+ source IP and source MAC with dIpsgIfSrcGuardIpAddress and
+ dIpsgIfSrcGuardMacAddress respectively) will be allowed
+ to go through.
+
+ permitAllMacAddresses(2) - If dIpsgIfSrcGuardIpFilterAction is
+ 'permitIpAddress', this value indicates that all the IP matching
+ traffic (compared source IP with dIpsgIfSrcGuardIpAddress only)
+ will be allowed to go through.
+
+ When dIpsgIfSrcGuardIpFilterAction is 'permitAllIpAdress' or
+ 'denyAllIpAdress', this object is meaningless.
+
+ When dIpsgIfSrcGuardMacFilterAction is 'permitAllMacAddresses',
+ dIpsgIfSrcGuardMacAddress is meaningless and
+ '000000000000'H is used to indicate it.
+ "
+ ::= { dIpsgIfSrcGuardAddrEntry 6 }
+
+ dIpsgIfSrcGuardVlansFirst2K OBJECT-TYPE
+ SYNTAX Dlink2kVlanList
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object specifies the VLANs the entry is applied to in a
+ string of octets containing one bit per VLAN for VLANs 1 to 2048.
+ If the bit is set to '1', then the IP Source Guard is enabled on
+ the VLAN.
+ "
+ ::= { dIpsgIfSrcGuardAddrEntry 7 }
+
+ dIpsgIfSrcGuardVlansSecond2K OBJECT-TYPE
+ SYNTAX Dlink2kVlanList
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "This object specifies the VLANs the entry is applied to in a
+ string of octets containing one bit per VLAN for VLANs 2049 to 4094.
+ If the bit is set to '1', then the IP Source Guard is enabled on
+ the VLAN.
+ "
+ ::= { dIpsgIfSrcGuardAddrEntry 8 }
+
+
+-- Conformance
+
+ dIpsgMIBCompliances OBJECT IDENTIFIER ::= { dIpSourceGuardMIBConformance 1 }
+ dIpsgMIBGroups OBJECT IDENTIFIER ::= { dIpSourceGuardMIBConformance 2 }
+
+
+ dIpsgMIBCompliance MODULE-COMPLIANCE
+ STATUS current
+ DESCRIPTION
+ "The compliance statement for the DLINKSW-IP-SOURCE-GUARD-MIB."
+ MODULE -- this module
+ MANDATORY-GROUPS {
+ dIpsgIfSrcGuardTrafficFilterGroup,
+ dIpsgVerifySrcInfoGroup
+ }
+
+ GROUP dIpsgStaticBindingsGroup
+ DESCRIPTION
+ "This group is mandatory only for platforms which support
+ the DHCP bindings data statically configured by (local
+ or network) management."
+
+
+ GROUP dIpsgVerifySrcInfoExtGroup
+ DESCRIPTION
+ "This group is mandatory only for platforms which support
+ interface IP and MAC source guard feature."
+
+ ::= { dIpsgMIBCompliances 1 }
+
+-- Units of Conformance
+
+ dIpsgStaticBindingsGroup OBJECT-GROUP
+ OBJECTS {
+ dIpsgStaticBindingsRowStatus
+ }
+ STATUS current
+ DESCRIPTION
+ "A collection of objects which are used to configure
+ as well as show information regarding the static binding data
+ for IP Source Guard."
+ ::= { dIpsgMIBGroups 1 }
+
+ dIpsgVerifySrcInfoGroup OBJECT-GROUP
+ OBJECTS {
+ dIpsgIfSrcGuardIpAddress,
+ dIpsgIfSrcGuardIpFilterAction,
+ dIpsgIfSrcGuardFilterMode
+ }
+ STATUS current
+ DESCRIPTION
+ "A collection of objects which are used to show information
+ regarding interface IP source guard purpose."
+ ::= { dIpsgMIBGroups 2 }
+
+ dIpsgVerifySrcInfoExtGroup OBJECT-GROUP
+ OBJECTS {
+ dIpsgIfSrcGuardMacAddress,
+ dIpsgIfSrcGuardMacFilterAction,
+ dIpsgIfSrcGuardVlansFirst2K,
+ dIpsgIfSrcGuardVlansSecond2K
+ }
+ STATUS current
+ DESCRIPTION
+ "A collection of objects which are used to indicate additional
+ information regarding the IP source guard feature."
+ ::= { dIpsgMIBGroups 3 }
+
+ dIpsgIfSrcGuardTrafficFilterGroup OBJECT-GROUP
+ OBJECTS { dIpsgIfSrcGuardFilterType }
+ STATUS current
+ DESCRIPTION
+ "A collection of objects which are used to configure the
+ type of traffic to be filtered by IP source guard feature."
+ ::= { dIpsgMIBGroups 4 }
+
+END
+
+
|