-- SECTION 1: Top Level Definitions S5-SWITCH-BAYSECURE-MIB DEFINITIONS ::= BEGIN -- 5000 Switch BaySecure MIB Release 1.0.2 -- Revision 4/19/2000 -- Copyright 1999 Bay Networks, Inc. -- All rights reserved. -- This Bay Networks SNMP Management Information Base Specification -- (Specification) embodies Bay Networks' confidential and -- proprietary intellectual property. Bay Networks retains all -- title and ownership in the Specification, including any -- revisions. -- This Specification is supplied "AS IS," and Bay Networks makes -- no warranty, either express or implied, as to the use, -- operation, condition, or performance of the Specification. -- Imports IMPORTS IpAddress FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212 s5Com FROM S5-ROOT-MIB; -- MacAddress -- FROM S5-TCS-MIB; MacAddress ::= OCTET STRING (SIZE (6)) -- -- The string is 32 octets long, for a total of 256 bits. Each bit -- corresponds to a port, as represented by its ifIndex value . When a -- bit has the value one(1), the corresponding port is a member of the -- set. When a bit has the value zero(0), the corresponding port is not -- a member of the set. The encoding is such that the most significant -- bit of octet #1 corresponds to ifIndex 0, while the least significant -- bit of octet #32 corresponds to ifIndex 255." -- PortSet ::= OCTET STRING (SIZE (32)) -- Groups s5SbsAuth OBJECT IDENTIFIER ::= { s5Com 3 } -- SECTION 2: MIB Objects -- Switch BaySecure MIB Group s5SbsAuthSecurityLock OBJECT-TYPE SYNTAX INTEGER { other(1), locked(2), notlocked(3) } ACCESS read-only STATUS mandatory DESCRIPTION "If s5SbsAuthSecurityLock is locked(2), the agent will refuse all requests to modify the 'security configuration'. Objects in s5SbsAuth, the Switch BaySecure MIB Group that are part of the 'security configuration', includes s5SbsAuthCtlPartTime, objects in s5SbsAuthCfgTable, Set requests for all read/write objects in s5SbsAuth group excluding this object will result in a BadValue return value." ::= { s5SbsAuth 1 } s5SbsAuthCtlPartTime OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "If the value of s5SbsAuthCfgActionMode is partitionPort or partitionPortAndSendTrap, time partition will be done if this value is greater than 0. The value indicates the duration of the time for port partitioning in seconds. The default value is zero. When this value is zero, port remians partitioned until manually re-enabled." DEFVAL {0} ::= { s5SbsAuth 2 } s5SbsSecurityStatus OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Indicates whether the switch security feature is enabled or not." ::= { s5SbsAuth 3 } s5SbsSecurityMode OBJECT-TYPE SYNTAX INTEGER { singleMACperPort(1), macList(2), autoLearn(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The mode of switch security. singleMACperPort(1) indicates that the switch is in single-MAC-per-port mode which means it allows to configure only one MAC address per port. macList(2) indicates that the switch is in MAC-List mode, user can configure more than one MAC address per port, the maximum numbers of MAC address per port vary from switch to switch. autoLearn(3) indicates that the switch will learn the first MAC address on each port as an allowed address of that port. Change made between singleMACperPort(1), macList(2) and autoLearn(3) will erase all the data in s5SbsAuthCfgTable." ::= { s5SbsAuth 4 } s5SbsSecurityAction OBJECT-TYPE SYNTAX INTEGER{ noAction(1), trap(2), partitionPort(3), partitionPortAndsendTrap(4), daFiltering(5), daFilteringAndsendTrap(6), partitionPortAnddaFiltering(7), partitionPortdaFilteringAndsendTrap(8) } ACCESS read-write STATUS mandatory DESCRIPTION "Action performed by software when a violation occurs (if s5SbsSecurityStatus is enabled). The security action specified here applies to all ports of the switch. NOTE: da means destination address. A blocked address will always cause the port to be partitioned when unauthorized access is attempted. See s5SbsAuthCfgAccessCtrlType for more information on allowed and blocked addresses." ::= { s5SbsAuth 5 } s5SbsCurrNodesAllowed OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS read-only STATUS mandatory DESCRIPTION "The current number of entries of the nodes allowed in the s5SbsAuthCfgTable." ::= { s5SbsAuth 6 } s5SbsMaxNodesAllowed OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS read-only STATUS mandatory DESCRIPTION "The maximum number of entries of the nodes allowed in the s5SbsAuthCfgTable." ::= { s5SbsAuth 7 } s5SbsCurrNodesBlocked OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS read-only STATUS mandatory DESCRIPTION "The current number of entries of the nodes blocked in the s5SbsAuthCfgTable." ::= { s5SbsAuth 8 } s5SbsMaxNodesBlocked OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS read-only STATUS mandatory DESCRIPTION "The maximum number of entries of the nodes blocked in the s5SbsAuthCfgTable." ::= { s5SbsAuth 9 } -- Authorized Board and Port Configuration Table s5SbsAuthCfgTable OBJECT-TYPE SYNTAX SEQUENCE OF S5SbsAuthCfgEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table containing a list of boards and ports and MAC addresses that constitute the security configuration." ::= { s5SbsAuth 10 } s5SbsAuthCfgEntry OBJECT-TYPE SYNTAX S5SbsAuthCfgEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in this table indicates the security configuration for a specified MAC address and a specified port and a specified board. A SNMP SET PDU for a row of the s5SbsAuthCfgTable requires the entired sequence of the MIB Objects in each s5SbsAuthCfgEntry stored in one PDU. Otherwise, GENERR return-value will be returned." INDEX { s5SbsAuthCfgBrdIndx, s5SbsAuthCfgPortIndx, s5SbsAuthCfgMACIndx } ::= { s5SbsAuthCfgTable 1 } S5SbsAuthCfgEntry ::= SEQUENCE{ s5SbsAuthCfgBrdIndx INTEGER, s5SbsAuthCfgPortIndx INTEGER, s5SbsAuthCfgMACIndx MacAddress, s5SbsAuthCfgAccessCtrlType INTEGER, s5SbsAuthCfgStatus INTEGER, s5SbsAuthCfgSecureList INTEGER } s5SbsAuthCfgBrdIndx OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "The index of the slot containing the board on which the port is located. This value is meaningful --NEW only if s5SbsAuthCfgSecureList value is zero. --NEW For other SecureList values it should have the value of zero. " ::= { s5SbsAuthCfgEntry 1} s5SbsAuthCfgPortIndx OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "The index of the port on the board. This value is meaningful only if s5SbsAuthCfgSecureList value is zero. --NEW For other SecureList values it should have the value of zero. " ::= { s5SbsAuthCfgEntry 2 } s5SbsAuthCfgMACIndx OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "The index of source MAC address of allowed station or not-allowed station." ::= { s5SbsAuthCfgEntry 3 } s5SbsAuthCfgAccessCtrlType OBJECT-TYPE SYNTAX INTEGER { allowed(1), blocked(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This Node Access Control Type represents whether the node entry is node allowed or node blocked type. A MAC address may be allowed on multiple ports." ::= { s5SbsAuthCfgEntry 4 } s5SbsAuthCfgStatus OBJECT-TYPE SYNTAX INTEGER { valid(1), create(2), delete(3), modify(4) } ACCESS read-write STATUS mandatory DESCRIPTION "The status of the AuthCfg entry. The primary use of this object is for modifying the AuthCfg table. Values that can be written create(2), delete(3), modify(4). Values that can be read: valid(1). Setting this entry to delete(3) causes the entry to be deleted from the table. Setting a new entry with create(2) causes the entry to be created in the table. Setting an entry with modify(4) causes the entry to be modified. The response to a get request or get-next request will always indicate a status of valid (1), since invalid entries are removed from the table. " ::= { s5SbsAuthCfgEntry 5 } s5SbsAuthCfgSecureList OBJECT-TYPE SYNTAX INTEGER(0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "The index of the security list. This value is meaningful only if s5SbsAuthCfgBrdIndx and s5SbsAuthCfgPortIndx values are zero. For other board and port index values it should have the value of zero. This value is used as an index into s5SbsSecurityListTable. The corresponding MAC Address of this entry is allowed or blocked on all the ports of that port list. " ::= { s5SbsAuthCfgEntry 6 } -- Authorized Board and Port Status Table s5SbsAuthStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF S5SbsAuthStatusEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table containing a snapshot of the authorized boards and ports status data collection. Port security information consists of an action to be performed when an unAuthorized station is detected and the current security status of a port." ::= { s5SbsAuth 11} s5SbsAuthStatusEntry OBJECT-TYPE SYNTAX S5SbsAuthStatusEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in this table may represent a single MAC address, all MAC addresses on a single port, a single port, all the ports on a single board, a particuler port on all the boards, or all the ports on all the boards." INDEX { s5SbsAuthStatusBrdIndx, s5SbsAuthStatusPortIndx, s5SbsAuthStatusMACIndx } ::= { s5SbsAuthStatusTable 1 } S5SbsAuthStatusEntry ::= SEQUENCE { s5SbsAuthStatusBrdIndx INTEGER, s5SbsAuthStatusPortIndx INTEGER, s5SbsAuthStatusMACIndx MacAddress, s5SbsCurrentAccessCtrlType INTEGER, s5SbsCurrentActionMode INTEGER, s5SbsCurrentPortSecurStatus INTEGER } s5SbsAuthStatusBrdIndx OBJECT-TYPE SYNTAX INTEGER(0..255) ACCESS read-only STATUS mandatory DESCRIPTION "The index of the board. This corresponds to the index of the slot containing the board if the index is greater than zero. A zero index is a wild card." ::= { s5SbsAuthStatusEntry 1 } s5SbsAuthStatusPortIndx OBJECT-TYPE SYNTAX INTEGER(0..255) ACCESS read-only STATUS mandatory DESCRIPTION "The index of the port on the board. This corresponds to the index of the last manageable port on the board if the index is greater than zero. A zero index is a wild card." ::= { s5SbsAuthStatusEntry 2 } s5SbsAuthStatusMACIndx OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "The index of MAC address on the port. This corresponds to the index of the MAC address on the port if the index is greater than zero. A zero index is a wild card." ::= { s5SbsAuthStatusEntry 3 } s5SbsCurrentAccessCtrlType OBJECT-TYPE SYNTAX INTEGER { allow(1), block(2) } ACCESS read-only STATUS mandatory DESCRIPTION "This Node Access Control Type represents whether the node entry is node allowed or node blocked type." ::= { s5SbsAuthStatusEntry 4 } s5SbsCurrentActionMode OBJECT-TYPE SYNTAX INTEGER{ noAction(1), partitionPort(2), partitionPortAndsendTrap(3), daFiltering(4), daFilteringAndsendTrap(5), sendTrap(6), partitionPortAnddaFiltering(7), partitionPortdaFilteringAndsendTrap(8) } ACCESS read-only STATUS mandatory DESCRIPTION "An integer value representing the type of information contained in this s5SbsAuthStatusEntry. noAction(1) represents that port does not have any security assigned or the security is turned off. partitionPort(2) represents port is partitioned. partitionPortAndsendTrap(3) represents port is partitioned and a trap will be sent to trap receive station(s). daFiltering(4) represents port will filter out the frames with the desitnation address field is the MAC address of unauthorized station. daFilteringAndsendTrap(5) represents port will filter out the frames with the desitnation address field is the MAC address of unauthorized station and a trap will be sent to trap receive station(s). sendtrap(6) represents a trap will be sent to trap receive station(s). partitionPortAnddaFiltering(7) represents port is partitioned and port will filter out the frames with the destination address field is the MAC address of unauthorized station. partitionPortdaFilteringAndsendTrap(8) represents port is partitioned, port will filter out the frames with the destination address field is the MAC address of unauthorized station and a trap will be sent to trap receive station(s)." ::= { s5SbsAuthStatusEntry 5 } s5SbsCurrentPortSecurStatus OBJECT-TYPE SYNTAX INTEGER{ notApplicable(1), portSecure(2), portPartition(3) } ACCESS read-only STATUS mandatory DESCRIPTION "This represents the current port security status. If s5SbsSecurityStatus is disable, notApplicable(1) will be returned. The port in a normal situation returns the status with portSecure(2). portPartition(3) will be returned only if the port is partitioned." ::= { s5SbsAuthStatusEntry 6 } -- Violation Board and Port Status Table s5SbsViolationStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF S5SbsViolationStatusEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table containing a list of boards, ports where network access violations have occurred. Information also contains the offending MAC addrersses." ::= { s5SbsAuth 12} s5SbsViolationStatusEntry OBJECT-TYPE SYNTAX S5SbsViolationStatusEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in this table " INDEX { s5SbsViolationStatusBrdIndx, s5SbsViolationStatusPortIndx } ::= { s5SbsViolationStatusTable 1 } S5SbsViolationStatusEntry ::= SEQUENCE { s5SbsViolationStatusBrdIndx INTEGER, s5SbsViolationStatusPortIndx INTEGER, s5SbsViolationStatusMACAddress MacAddress } s5SbsViolationStatusBrdIndx OBJECT-TYPE SYNTAX INTEGER(1..255) ACCESS read-only STATUS mandatory DESCRIPTION "The index of the board. This corresponds to the slot containing the board. This index will be 1 where it is not applicable, e.g., ByaStack 303/304." ::= { s5SbsViolationStatusEntry 1 } s5SbsViolationStatusPortIndx OBJECT-TYPE SYNTAX INTEGER(1..255) ACCESS read-only STATUS mandatory DESCRIPTION "The index of the port on the board. This corresponds to the port on which a security violation was seen." ::= { s5SbsViolationStatusEntry 2 } s5SbsViolationStatusMACAddress OBJECT-TYPE SYNTAX MacAddress ACCESS read-only STATUS mandatory DESCRIPTION "The MAC address of the device attempting unauthorized network access. (MAC addrees-based security)" ::= { s5SbsViolationStatusEntry 3 } s5SbsMgmViolationType OBJECT-TYPE SYNTAX INTEGER{ snmp(1), web(2), telnet(3) } ACCESS read-only STATUS mandatory DESCRIPTION "Type of management access attempted when the violation occurred." ::= { s5SbsAuth 13 } s5SbsMgmViolationIpAddress OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "IP Address of the station attempting unauthorized management access." ::= { s5SbsAuth 14 } s5SbsPortSecurityStatus OBJECT-TYPE SYNTAX PortSet ACCESS read-write STATUS mandatory DESCRIPTION "The set of ports for which security is enabled. The bitwise AND of s5SbsPortSecurityStatus and s5SbsPortLearnStatus must be the empty set." ::= { s5SbsAuth 15 } s5SbsPortLearnStatus OBJECT-TYPE SYNTAX PortSet ACCESS read-write STATUS mandatory DESCRIPTION "The set of ports for which auto learning is enabled." ::= { s5SbsAuth 16 } s5SbsCurrSecurityLists OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "The current number of entries of the Security lists in the s5SbsSecurityListTable." ::= { s5SbsAuth 17 } s5SbsMaxSecurityLists OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "The maximum number of entries of the Security lists in the s5SbsSecurityListTable." ::= { s5SbsAuth 18 } -- Port Security Lists Table s5SbsSecurityListTable OBJECT-TYPE SYNTAX SEQUENCE OF S5SbsSecurityListEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table containing a list of Security port lists." ::= { s5SbsAuth 19} s5SbsSecurityListEntry OBJECT-TYPE SYNTAX S5SbsSecurityListEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in this table " INDEX { s5SbsSecurityListIndx } ::= { s5SbsSecurityListTable 1 } S5SbsSecurityListEntry ::= SEQUENCE { s5SbsSecurityListIndx INTEGER, s5SbsSecurityListMembers PortSet, s5SbsSecurityListStatus INTEGER } s5SbsSecurityListIndx OBJECT-TYPE SYNTAX INTEGER(1..255) ACCESS read-only STATUS mandatory DESCRIPTION "The index of the security list. This corresponds to the Security port list which can be used as index into s5SbsAuthCfgTable. " ::= { s5SbsSecurityListEntry 1 } s5SbsSecurityListMembers OBJECT-TYPE SYNTAX PortSet ACCESS read-write STATUS mandatory DESCRIPTION "The set of ports that are currently members in this Port list." ::= { s5SbsSecurityListEntry 2 } s5SbsSecurityListStatus OBJECT-TYPE SYNTAX INTEGER { valid(1), create(2), delete(3), modify(4) } ACCESS read-write STATUS mandatory DESCRIPTION "The status of the SecurityList entry. The primary use of this object is for modifying the SecurityList table. Values that can be written create(2), delete(3), modify(4). Values that can be read: valid(1). Setting this entry to delete(3) causes the entry to be deleted from the table. Setting a new entry with create(2) causes the entry to be created in the table. Setting an entry with modify(4) causes the entry to be modified. The response to a get request or get-next request will always indicate a status of valid (1), since invalid entries are removed from the table. " ::= { s5SbsSecurityListEntry 3 } END