-- -- WS-SW-FIREWALL-MIB.my -- MIB generated by MG-SOFT Visual MIB Builder Version 6.0 Build 88 -- Friday, January 16, 2009 at 11:06:13 -- WS-SW-FIREWALL-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF TimeTicks, IpAddress, Integer32, Unsigned32, Counter32, BITS, OBJECT-TYPE, MODULE-IDENTITY FROM SNMPv2-SMI TruthValue, PhysAddress FROM SNMPv2-TC wsSw FROM WS-SMI AbbrevRowStatus, DoActionNow FROM WS-TYPE-MIB; -- 1.3.6.1.4.1.388.14.2.16.1 wsSwFirewallMibModule MODULE-IDENTITY LAST-UPDATED "200901160057Z" -- January 16, 2009 at 00:57 GMT ORGANIZATION "Symbol Technologies, Inc." CONTACT-INFO "Symbol Technologies, Inc. Customer Service Postal: One Symbol Plaza Holtsville, NY 11742-1300 USA Tel: +1. 631.738.6213 E-mail: support@symbol.com Web: http://www.symbol.com/support" DESCRIPTION "MIB for DoS Attacks configuration and L2/L3 firewall configurations and firewall config for WLAN implemented for bridge level attack detection/mitigation feature and statistics related to it." REVISION "200901151333Z" -- January 15, 2009 at 13:33 GMT DESCRIPTION "Changed dos enumeration values. Made dhcp ingress port a string" REVISION "200901061115Z" -- January 06, 2009 at 11:15 GMT DESCRIPTION "Made Dhcp Snoop Type a bit pattern." REVISION "200901051907Z" -- January 05, 2009 at 19:07 GMT DESCRIPTION "Added BcastMcastIcmp dos as a part of Dos Stats.Extended enumeration for snoop entry type to reflect switch svi and redundant router types. " REVISION "200806201142Z" -- June 20, 2008 at 11:42 GMT DESCRIPTION "Added more attack types to wsSwFirewallDosStatsTable and modified the name of OID 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1.1 to wsSwFirewallDosStatsAttackType from wsSwFirewallDosStatsCheckType " REVISION "200802211257Z" -- February 21, 2008 at 12:57 GMT DESCRIPTION "01a01" ::= { wsSwFirewall 1 } -- -- Node definitions -- -- 1.3.6.1.4.1.388.14.2.16 wsSwFirewall OBJECT IDENTIFIER ::= { wsSw 16 } -- 1.3.6.1.4.1.388.14.2.16.1.1 wsSwFirewallMIB OBJECT IDENTIFIER ::= { wsSwFirewallMibModule 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1 wsSwFirewallDos OBJECT IDENTIFIER ::= { wsSwFirewallMIB 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.1 wsSwFirewallDosScalars OBJECT IDENTIFIER ::= { wsSwFirewallDos 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.1 wsSwFirewallDosTcpMaxIncompleteCnHigh OBJECT-TYPE SYNTAX Integer32 (1..1000) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of half-open TCP connections in the system after which firewall will start intercepting TCP connections. The configured value will be used by TCP Intercept DoS Attack check to handle SYN Flood Attack." ::= { wsSwFirewallDosScalars 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.2 wsSwFirewallDosTcpMaxIncompleteCnLow OBJECT-TYPE SYNTAX Integer32 (1..1000) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of half-open TCP connections in the system after which firewall will stop intercepting TCP connections. The configured value will be used by TCP Intercept DoS Attack check to handle SYN Flood Attack. " ::= { wsSwFirewallDosScalars 2 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.3 wsSwFirewallDosCheckEnableAll OBJECT-TYPE SYNTAX DoActionNow MAX-ACCESS read-write STATUS current DESCRIPTION "Enable all DOS checks." ::= { wsSwFirewallDosScalars 3 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.4 wsSwFirewallDosCheckDisableAll OBJECT-TYPE SYNTAX DoActionNow MAX-ACCESS read-write STATUS current DESCRIPTION "Disable all DOS checks." ::= { wsSwFirewallDosScalars 4 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.5 wsSwFirewallDosClearStats OBJECT-TYPE SYNTAX DoActionNow MAX-ACCESS read-write STATUS current DESCRIPTION "Re-set all the DOS stats in the wsSwFirewallDosStatsTable. " ::= { wsSwFirewallDosScalars 5 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.2 wsSwFirewallDosChecksTable OBJECT-TYPE SYNTAX SEQUENCE OF WsSwFirewallDosChecksEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Currently wsSwFirewallDoSChecksTable is handling the following configurable DoS Attacks: 1. Smurf DoS Attack: Enable this check in the firewall to drop ICMP echo packets destined to a broadcast IP address. Attackers use this type of packet to bring down a target host by spoofing its IP address and flooding it with ICMP echo responses. 2. Twinge DoS Attack: Enable this check in the firewall to drop false ICMP control packets going through the wirless switch. 3. Invalid IP Protocol DoS Attack: Enable this check in firewall to deny packets with invalid IP protocol value in the IP header. Some applications can use non-assigned IP protocol numbers to send malicious packets. 4. Ascend DoS Attack: Protocol is UDP, destination port is 9, UDP packet is mal-formed. 5. Chargen DoS Attack: The attack consists of a flood of UDP datagram’s sent to the subnet broadcast address with the destination port set to 19 (chargen) and a spoofed source IP address. 6. Fraggle DoS Attack: When a perpetrator sends a large number of UDP echo (ping) traffic at IP broadcast addresses, all of it having a fake source address 7. ICMP Router Solicit DoS Attack: If the packet received from the network is an ICMP packet type 10 then it’s an ICMP router discovery messages called Router Solicitations. 8. ICMP Router Advertisement DoS Attack: Enable this check in firewall to drop route advertisement packets. Route advertisements are used by neighboring hosts to configure their route table. These messages can be used by attackers to configure routes on hosts to re-direct traffic. 9. IP Source Route Option DoS Attack: Enable this check in firewall to drop packets with source route option set in IP header. 10. Snork DoS Attack: Enable this check in firewall to deny UDP or TCP packets with destination port set to 135 and source port set to either 7,19 or 135. This can cause packets to be exchanged indefinitely between the two hosts causing them to slow down. 11. FTP Bounce DoS Attack: Enable this check in firewall to drop FTP packets if the IP address encoded in the PORT command does not match the IP address of the FTP client. 12.TCP Intercept DoS Attack: Enable / disable TCP packet interception. This should be enabled for protection against TCP SYN flood attacks. 13. Bcast/Mcast Icmp DoS: By default we consider bcast-mcast ICMP as DoS and drop the packets." ::= { wsSwFirewallDos 2 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.2.1 wsSwFirewallDosChecksEntry OBJECT-TYPE SYNTAX WsSwFirewallDosChecksEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the wsSwFirewallDoSChecksTable." INDEX { wsSwFirewallDosCheckType } ::= { wsSwFirewallDosChecksTable 1 } WsSwFirewallDosChecksEntry ::= SEQUENCE { wsSwFirewallDosCheckType INTEGER, wsSwFirewallDosCheckEnable TruthValue, wsSwFirewallDosCheckLogLevel INTEGER } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.2.1.1 wsSwFirewallDosCheckType OBJECT-TYPE SYNTAX INTEGER { smurf(1), twinge(2), invalidIPProtocol(3), ascend(4), chargen(5), fraggle(6), icmpRouterSolicit(7), icmpRouterAdvt(8), ipSourceRoute(9), snork(10), ftpBounce(11), tcpIntercept(12), bcastMcastIcmp(13) } MAX-ACCESS read-only STATUS current DESCRIPTION "The Check type for handling the respective DoS Attack." ::= { wsSwFirewallDosChecksEntry 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.2.1.2 wsSwFirewallDosCheckEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Status of respective DoS Attack check, True for being enabled and False for being disabled." ::= { wsSwFirewallDosChecksEntry 2 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.2.1.3 wsSwFirewallDosCheckLogLevel OBJECT-TYPE SYNTAX INTEGER { emerg(1), alert(2), crit(3), err(4), warning(5), notice(6), info(7), debug(8), none(9) } MAX-ACCESS read-write STATUS current DESCRIPTION "The Current log level for the respective DoS Attack check. The Default is warning(5) and user can modify as per his requirement. Changing the log level will allow the user to enable logging for the respective DoS check to happen at desried level of system logging. Note: setting log level to none(9) will disable the logging even though the check is enabled." ::= { wsSwFirewallDosChecksEntry 3 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.3 wsSwFirewallDosStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF WsSwFirewallDosStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Table shows the stats related to each kind of DoS attacks supported by the switch, few of them can be configured in the wsSwFirewallDoSChecksTable. 1. Smurf DoS Attack: ICMP echo packets destined to a broadcast IP address. Attackers use this type of packet to bring down a target host by spoofing its IP address and flooding it with ICMP echo responses. 2. Twinge DoS Attack: False ICMP control packets going through the wireless switch. 3. Invalid IP Protocol DoS Attack: Packets with invalid IP protocol value in the IP header. Some applications can use non-assigned IP protocol numbers to send malicious packets. 4. Ascend DoS Attack: Protocol is UDP, destination port is 9, UDP packet is mal-formed. 5. Chargen DoS Attack: The attack consists of a flood of UDP datagram’s sent to the subnet broadcast address with the destination port set to 19 (chargen) and a spoofed source IP address. 6. Fraggle DoS Attack: When a perpetrator sends a large number of UDP echo (ping) traffic at IP broadcast addresses, all of it having a fake source address 7. ICMP Router Solicit DoS Attack: If the packet received from the network is an ICMP packet type 10 then it’s an ICMP router discovery messages called Router Solicitations. 8. ICMP Router Advertisement DoS Attack: Route advertisements are used by neighboring hosts to configure their route table. These messages can be used by attackers to configure routes on hosts to re-direct traffic. 9. IP Source Route Option DoS Attack: Packets with source route option set in IP header. 10. Snork DoS Attack: UDP or TCP packets with destination port set to 135 and source port set to either 7,19 or 135. This can cause packets to be exchanged indefinitely between the two hosts causing them to slow down. 11. FTP Bounce DoS Attack: FTP packets if the IP address encoded in the PORT command does not match the IP address of the FTP client. 12. TCP Intercept DoS Attack: TCP SYN flood attacks. 13. Bcast/Mcast Icmp DoS: By default we consider bcast-mcast ICMP as DoS and drop the packets. 14. TCP Header Fragmented DoS Attack: TCP packets if the TCP header spans across IP fragments. 15. WINNUKE DoS Attack: Out of band data to the target computer on TCP port 139 (NetBIOS), 16. LAND DoS Attack: The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address and an open port as both source and destination. 17. UDP Short Header DoS Attack: A UDP header is a minimum of 8-bytes long. However, some systems (like BeOS) will crash when they receive UDP traffic with header length less than eight 18. TCP Bad Sequence DoS Attack: These types of attack are usually man-in-the-middle attacks where the attacker injects a packet with invalid sequence number to terminate the connection. 19. TCP FIN Scan DoS Attack: It attempts to close a non-existent connection on the server. Either way, it is an error, but systems sometimes give back different error results depending upon whether the desired service is available or not. As a result, the attacker doesn't trigger the normal logging of the system. However, this type of scan does result in weird network traffic. 20. TCP NULL Scan DoS Attack: A TCP frame with a sequence number of zero and all control bits are set to zero. 21. TCP XMAS Scan DoS Attack: A TCP frame with a sequence number of zero and the FIN, URG, and PUSH bits are all set. 22. TCP Post SYN Scan DoS Attack: This attack is caused when an attacker tries to send TCP packet with SYN flag set after the connection is established. 23. IP TTL zero DoS Attack: An IP packet set with ttl zero leading the packet to be dropped before reaching it’s destination. 24. IP Spoof DoS Attack: IP datagram is treated as spoofed if the source IP address does not belong to the subnet from where the packet arrived. Most of the DoS attacks use spoofed IP addresses so that it is difficult to trace the origin of the attack." ::= { wsSwFirewallDos 3 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1 wsSwFirewallDosStatsEntry OBJECT-TYPE SYNTAX WsSwFirewallDosStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the wsSwFirewallDoSStatsTable." INDEX { wsSwFirewallDosStatsAttackType } ::= { wsSwFirewallDosStatsTable 1 } WsSwFirewallDosStatsEntry ::= SEQUENCE { wsSwFirewallDosStatsAttackType INTEGER, wsSwFirewallDosStatsAttackCount Counter32, wsSwFirewallDosStatsLastOccurrence TimeTicks } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1.1 wsSwFirewallDosStatsAttackType OBJECT-TYPE SYNTAX INTEGER { smurf(1), twinge(2), invalidIPProtocol(3), ascend(4), chargen(5), fraggle(6), icmpRouterSolicit(7), icmpRouterAdvt(8), ipSourceRoute(9), snork(10), ftpBounce(11), tcpIntercept(12), bcastMcastIcmp(13), tcpHeaderFragment(14), winnuke(15), land(16), udpShortHdr(17), tcpBadSequence(18), tcpFinScan(19), tcpNullScan(20), tcpXmasScan(21), tcpPostSynScan(22), ipTtlZero(23), ipSpoof(24) } MAX-ACCESS read-only STATUS current DESCRIPTION "The Check type for handling the respective DoS Attack." ::= { wsSwFirewallDosStatsEntry 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1.2 wsSwFirewallDosStatsAttackCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of the number of attacks seen." ::= { wsSwFirewallDosStatsEntry 2 } -- 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1.3 wsSwFirewallDosStatsLastOccurrence OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The last occurrence of the attack." ::= { wsSwFirewallDosStatsEntry 3 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2 wsSwFirewallL2If OBJECT IDENTIFIER ::= { wsSwFirewallMIB 2 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1 wsSwFirewallL2Table OBJECT-TYPE SYNTAX SEQUENCE OF WsSwFirewallL2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Physical/aggregate port interface configuration for ARP rate-limiting/ARP Spoof Detection and bcast/mcast/ucast storm suppression. Maximum permissible rate of ARP packets per interface is configured in terms of ARP packets/s. When the configured threshold is crossed, a warning is posted to the console through syslog. Interfaces are configured to be DHCP trusted or ARP trusted. DHCP responses coming from DHCP trusted interfaces are used for building the trusted IP-MAC binding table. ARP messages coming through ARP trusted interfaces are not subjected to ARP spoof checking. " ::= { wsSwFirewallL2If 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1 wsSwFirewallL2Entry OBJECT-TYPE SYNTAX WsSwFirewallL2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "L2 Fw interface level configuration table for ARP spoof detection and ARP rate limiting" INDEX { wsSwFirewallIfName } ::= { wsSwFirewallL2Table 1 } WsSwFirewallL2Entry ::= SEQUENCE { wsSwFirewallIfName OCTET STRING, wsSwFirewallARPRate Unsigned32, wsSwFirewallDHCPTrustEnable TruthValue, wsSwFirewallARPTrustEnable TruthValue, wsSwFirewallBcastStormCtrlInRate Unsigned32, wsSwFirewallMcastStormCtrlInRate Unsigned32, wsSwFirewallUcastStormCtrlInRate Unsigned32, wsSwFirewallL2RowStatus AbbrevRowStatus } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.1 wsSwFirewallIfName OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "layer2 interface name on which ARP Limit/DHCP trust/ARP trust is configured. For eg names like ge1-ge4 and sa1-sa4" ::= { wsSwFirewallL2Entry 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.2 wsSwFirewallARPRate OBJECT-TYPE SYNTAX Unsigned32 (0..1000000) MAX-ACCESS read-create STATUS current DESCRIPTION "ARP Rate Limit set in packets/second through this interface. Interface refers to physical/aggregate port interfaces." ::= { wsSwFirewallL2Entry 2 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.3 wsSwFirewallDHCPTrustEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "State of DHCP trust on this interface." ::= { wsSwFirewallL2Entry 3 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.4 wsSwFirewallARPTrustEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "State of ARP trust on this interface." ::= { wsSwFirewallL2Entry 4 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.5 wsSwFirewallBcastStormCtrlInRate OBJECT-TYPE SYNTAX Unsigned32 (0..1000000) MAX-ACCESS read-create STATUS current DESCRIPTION "High threshold for broadcast packets coming in from this physical/aggregate interface" ::= { wsSwFirewallL2Entry 5 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.6 wsSwFirewallMcastStormCtrlInRate OBJECT-TYPE SYNTAX Unsigned32 (0..1000000) MAX-ACCESS read-create STATUS current DESCRIPTION "High threshold for multicast packets coming in from this physical/aggregate interface" ::= { wsSwFirewallL2Entry 6 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.7 wsSwFirewallUcastStormCtrlInRate OBJECT-TYPE SYNTAX Unsigned32 (0..1000000) MAX-ACCESS read-create STATUS current DESCRIPTION "High threshold for unicast packets coming in from this physical/aggregate interface" ::= { wsSwFirewallL2Entry 7 } -- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.8 wsSwFirewallL2RowStatus OBJECT-TYPE SYNTAX AbbrevRowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Description." ::= { wsSwFirewallL2Entry 8 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3 wsSwFirewallWlan OBJECT IDENTIFIER ::= { wsSwFirewallMIB 3 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1 wsSwFirewallWlanTable OBJECT-TYPE SYNTAX SEQUENCE OF WsSwFirewallWlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Per wlan configuration table for b/m/u cast storm suppression,ARP spoof detection and rogue MU detection Bcast/Mcast/Ucast Storm Suppression. A high threshold and a low threshold is configured per wlan, in IN direction.When the rate of b/m/u cast packets exceeds the high threshold configured for a wlan, all packets are throttled till the rate falls below the configured rate. When the rate of b/m/u cast packets exceeds the configured threshold, a warning is posted to the console if logging is enabled. Thresholds are configured in terms of packets/second. ARP spoof Detection Marking DHCP and ARP trust on wlan indices for ARP spoof detection Rogue MU Detection MUs pumping denied traffic are either de-authentiacted or a warning posted through syslog based on a user configurable per wlan threshold of allowed MU denies per second. It's not necessary that the MU hit the same deny rule for triggering the action. It's the cumulative number of denials within the specified period that leads to the action. Logging of the event is a must, though deauthentication is optional. " ::= { wsSwFirewallWlan 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1 wsSwFirewallWlanEntry OBJECT-TYPE SYNTAX WsSwFirewallWlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Wlan level configuration table for ARP spoof detection,ARP rate limiting Bcast storm suppression and Rogue MU traffic detection" INDEX { wsSwFirewallWlanIndex } ::= { wsSwFirewallWlanTable 1 } WsSwFirewallWlanEntry ::= SEQUENCE { wsSwFirewallWlanIndex INTEGER, wsSwFirewallWlanBcastStormCtrlInRate Unsigned32, wsSwFirewallWlanMcastStormCtrlInRate Unsigned32, wsSwFirewallWlanUcastStormCtrlInRate Unsigned32, wsSwFirewallWlanAllowedMUDeniesPerSecond Unsigned32, wsSwFirewallWlanMUDeauthenticate TruthValue, wsSwFirewallWlanDHCPTrustEnable TruthValue, wsSwFirewallWlanARPTrustEnable TruthValue, wsSwFirewallWlanARPRate Unsigned32, wsSwFirewallWlanRowStatus AbbrevRowStatus } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.1 wsSwFirewallWlanIndex OBJECT-TYPE SYNTAX INTEGER (1..256) MAX-ACCESS read-only STATUS current DESCRIPTION "Wlan index on which to set l2fw configurations." ::= { wsSwFirewallWlanEntry 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.2 wsSwFirewallWlanBcastStormCtrlInRate OBJECT-TYPE SYNTAX Unsigned32 (0..1000000) MAX-ACCESS read-create STATUS current DESCRIPTION "High Level threshold for broadcast packets coming from a WLAN" ::= { wsSwFirewallWlanEntry 2 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.3 wsSwFirewallWlanMcastStormCtrlInRate OBJECT-TYPE SYNTAX Unsigned32 (0..1000000) MAX-ACCESS read-create STATUS current DESCRIPTION "High Level threshold for multicast packets coming from a WLAN" ::= { wsSwFirewallWlanEntry 3 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.4 wsSwFirewallWlanUcastStormCtrlInRate OBJECT-TYPE SYNTAX Unsigned32 (0..1000000) MAX-ACCESS read-create STATUS current DESCRIPTION "High Level threshold for packets having unknown unicast address as destination coming from a WLAN" ::= { wsSwFirewallWlanEntry 4 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.5 wsSwFirewallWlanAllowedMUDeniesPerSecond OBJECT-TYPE SYNTAX Unsigned32 (0..1000000) MAX-ACCESS read-create STATUS current DESCRIPTION "Permissble rate of denies for a mobile-unit in the wlan This is counted in terms of denied/packets/second from that MU" ::= { wsSwFirewallWlanEntry 5 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.6 wsSwFirewallWlanMUDeauthenticate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Option to de-authenthenticate the MU on hitting the threshold value configured." ::= { wsSwFirewallWlanEntry 6 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.7 wsSwFirewallWlanDHCPTrustEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "DHCP trust state on this wlan." ::= { wsSwFirewallWlanEntry 7 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.8 wsSwFirewallWlanARPTrustEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "ARP trust state on this wlan." ::= { wsSwFirewallWlanEntry 8 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.9 wsSwFirewallWlanARPRate OBJECT-TYPE SYNTAX Unsigned32 (0..1000000) MAX-ACCESS read-create STATUS current DESCRIPTION "ARP rate-limit threshold specified in ARPpackets/second unit." ::= { wsSwFirewallWlanEntry 9 } -- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.10 wsSwFirewallWlanRowStatus OBJECT-TYPE SYNTAX AbbrevRowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Description." ::= { wsSwFirewallWlanEntry 10 } -- 1.3.6.1.4.1.388.14.2.16.1.1.4 wsSwFirewallDhcpSnoop OBJECT IDENTIFIER ::= { wsSwFirewallMIB 4 } -- 1.3.6.1.4.1.388.14.2.16.1.1.4.1 wsSwFirewallDhcpSnoopTable OBJECT-TYPE SYNTAX SEQUENCE OF WsSwFirewallDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Dynamic IP-MAC binding table built up on the basis of DHCP Server responses" ::= { wsSwFirewallDhcpSnoop 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1 wsSwFirewallDhcpSnoopEntry OBJECT-TYPE SYNTAX WsSwFirewallDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "IP-MAC Binding Table Entry" INDEX { wsSwFirewallDhcpSnoopIndex } ::= { wsSwFirewallDhcpSnoopTable 1 } WsSwFirewallDhcpSnoopEntry ::= SEQUENCE { wsSwFirewallDhcpSnoopIndex Integer32, wsSwFirewallDhcpSnoopIpAddr IpAddress, wsSwFirewallDhcpSnoopVlanId INTEGER, wsSwFirewallDhcpSnoopMACAddr PhysAddress, wsSwFirewallDhcpSnoopType BITS, wsSwFirewallDhcpSnoopLeaseTime Integer32, wsSwFirewallDhcpSnoopIngressPort OCTET STRING } -- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.1 wsSwFirewallDhcpSnoopIndex OBJECT-TYPE SYNTAX Integer32 (1..16000) MAX-ACCESS read-only STATUS current DESCRIPTION "Simple index number of snoop entries " ::= { wsSwFirewallDhcpSnoopEntry 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.2 wsSwFirewallDhcpSnoopIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Description. IP address of the client" ::= { wsSwFirewallDhcpSnoopEntry 2 } -- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.3 wsSwFirewallDhcpSnoopVlanId OBJECT-TYPE SYNTAX INTEGER (1..4096) MAX-ACCESS read-only STATUS current DESCRIPTION "Vlan id of the client" ::= { wsSwFirewallDhcpSnoopEntry 3 } -- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.4 wsSwFirewallDhcpSnoopMACAddr OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-only STATUS current DESCRIPTION "MAC address of the client" ::= { wsSwFirewallDhcpSnoopEntry 4 } -- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.5 wsSwFirewallDhcpSnoopType OBJECT-TYPE SYNTAX BITS { router(0), dhcpclient(1), dhcpserver(2), vrrp(3), hsrp(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The snoop entry can be a combination of the following bits.Valid combinations are client-router, server-router, client-router-vrrp, client-router-hsrp, server-router-vrrp, server-router-hsrp, client, router, server, vrrp-router, hsrp-router. If none of the bits are set, it's the switch svi " ::= { wsSwFirewallDhcpSnoopEntry 5 } -- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.6 wsSwFirewallDhcpSnoopLeaseTime OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Lease time for the binding entry" ::= { wsSwFirewallDhcpSnoopEntry 6 } -- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.7 wsSwFirewallDhcpSnoopIngressPort OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..10)) MAX-ACCESS read-only STATUS current DESCRIPTION "Name of Port/Wlan through which packet from this entity ingresses.(eg: ge1, wlan1) " ::= { wsSwFirewallDhcpSnoopEntry 7 } -- 1.3.6.1.4.1.388.14.2.16.1.1.5 wsSwFirewallLogging OBJECT IDENTIFIER ::= { wsSwFirewallMIB 5 } -- 1.3.6.1.4.1.388.14.2.16.1.1.5.1 wsSwFirewallArpLogLvl OBJECT-TYPE SYNTAX INTEGER (0..8) MAX-ACCESS read-write STATUS current DESCRIPTION "Enable Logging when ARP ratelimit is exceeded" ::= { wsSwFirewallLogging 1 } -- Enable logging when ARP rate limit is exceeded -- 1.3.6.1.4.1.388.14.2.16.1.1.5.2 wsSwFirewallBcastLogLvl OBJECT-TYPE SYNTAX INTEGER (0..8) MAX-ACCESS read-write STATUS current DESCRIPTION "Enable logging when broadcast rate-limit is exceeded" ::= { wsSwFirewallLogging 2 } -- Enable logging when broadcast rate limit is exceeded -- 1.3.6.1.4.1.388.14.2.16.1.1.5.3 wsSwFirewallMcastLogLvl OBJECT-TYPE SYNTAX INTEGER (0..8) MAX-ACCESS read-write STATUS current DESCRIPTION "Enable logging when multicast ratelimit is exceeded" ::= { wsSwFirewallLogging 3 } -- Enable logging when multicast ratelimit is exceeded -- 1.3.6.1.4.1.388.14.2.16.1.1.5.4 wsSwFirewallUcastLogLvl OBJECT-TYPE SYNTAX INTEGER (0..8) MAX-ACCESS read-write STATUS current DESCRIPTION "Enable logging when unicast ratelimit is exceeded" ::= { wsSwFirewallLogging 4 } -- Enable logging when unicast rate limit is exceeded -- 1.3.6.1.4.1.388.14.2.16.1.1.100 wsSwFirewallConf OBJECT IDENTIFIER ::= { wsSwFirewallMIB 100 } -- 1.3.6.1.4.1.388.14.2.16.1.1.100.1 wsSwFirewallCompliances OBJECT IDENTIFIER ::= { wsSwFirewallConf 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.100.1.1 wsSwFirewallCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Description." MODULE -- this module MANDATORY-GROUPS { wsSwFirewallObjectGroup } ::= { wsSwFirewallCompliances 1 } -- 1.3.6.1.4.1.388.14.2.16.1.1.100.2 wsSwFirewallGroups OBJECT IDENTIFIER ::= { wsSwFirewallConf 2 } -- 1.3.6.1.4.1.388.14.2.16.1.1.100.2.1 wsSwFirewallObjectGroup OBJECT-GROUP OBJECTS { wsSwFirewallIfName, wsSwFirewallARPRate, wsSwFirewallWlanIndex, wsSwFirewallWlanAllowedMUDeniesPerSecond, wsSwFirewallWlanARPRate, wsSwFirewallDosCheckLogLevel, wsSwFirewallDosCheckType, wsSwFirewallDosStatsAttackCount, wsSwFirewallDosStatsLastOccurrence, wsSwFirewallWlanMUDeauthenticate, wsSwFirewallDosCheckEnableAll, wsSwFirewallDosStatsAttackType, wsSwFirewallDosCheckEnable, wsSwFirewallDhcpSnoopIndex, wsSwFirewallDosClearStats, wsSwFirewallDosCheckDisableAll, wsSwFirewallWlanUcastStormCtrlInRate, wsSwFirewallWlanBcastStormCtrlInRate, wsSwFirewallWlanMcastStormCtrlInRate, wsSwFirewallUcastLogLvl, wsSwFirewallMcastLogLvl, wsSwFirewallBcastLogLvl, wsSwFirewallArpLogLvl, wsSwFirewallDhcpSnoopIngressPort, wsSwFirewallDhcpSnoopLeaseTime, wsSwFirewallDhcpSnoopType, wsSwFirewallDhcpSnoopMACAddr, wsSwFirewallDhcpSnoopVlanId, wsSwFirewallDhcpSnoopIpAddr, wsSwFirewallUcastStormCtrlInRate, wsSwFirewallMcastStormCtrlInRate, wsSwFirewallBcastStormCtrlInRate, wsSwFirewallWlanARPTrustEnable, wsSwFirewallWlanDHCPTrustEnable, wsSwFirewallARPTrustEnable, wsSwFirewallDHCPTrustEnable, wsSwFirewallWlanRowStatus, wsSwFirewallL2RowStatus, wsSwFirewallDosTcpMaxIncompleteCnLow, wsSwFirewallDosTcpMaxIncompleteCnHigh } STATUS current DESCRIPTION "Description." ::= { wsSwFirewallGroups 1 } END -- -- WS-SW-FIREWALL-MIB.my --