-- ***************************************************************** -- MY-SECURITY-MIB.mib: My Security MIB file -- -- $Copyright$ -- -- ***************************************************************** -- MY-SECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, Counter32, IpAddress, Unsigned32 FROM SNMPv2-SMI TruthValue, DisplayString, RowStatus, MacAddress FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF ConfigStatus, IfIndex FROM MY-TC ifIndex FROM IF-MIB EnabledStatus FROM P-BRIDGE-MIB myMgmt FROM MY-SMI; mySecurityMIB MODULE-IDENTITY LAST-UPDATED "200203200000Z" ORGANIZATION "$Company$" CONTACT-INFO " Tel: $Telephone$ E-mail: $E-mail$" DESCRIPTION "This module defines my security mibs." REVISION "200203200000Z" DESCRIPTION "Initial version of this MIB module." ::= { myMgmt 6} mySecurityMIBObjects OBJECT IDENTIFIER ::= { mySecurityMIB 1 } myUserManagementObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 1 } mySecurityAddressObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 2 } myPortSecrrityObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 3 } -- -- user management -- myEnableSnmpAgent OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enabled indicate that user can manage switch by snmp agent, disabled indicate that user can't manage switch by snmp agent." ::= { myUserManagementObjects 1 } myEnableWeb OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enabled indicate that user can manage switch by web, disabled indicate that user can't manage switch by web." ::= { myUserManagementObjects 2 } myEnableTelnet OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Enabled indicate that user can manage switch by telnet, disabled indicate that user can't manage switch by telnet." ::= { myUserManagementObjects 3 } --TelnetHostIpTable myTelnetHostIpTable OBJECT-TYPE SYNTAX SEQUENCE OF MyTelnetHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of telnet client's IP address, only these hostes can access the telnet server." ::= { myUserManagementObjects 4 } myTelnetHostIpEntry OBJECT-TYPE SYNTAX MyTelnetHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of telnet host IP address table." INDEX { myTelnetHostIpAddress} ::= { myTelnetHostIpTable 1 } MyTelnetHostIpEntry ::= SEQUENCE { myTelnetHostIpAddress IpAddress, myTelnetHostIpEnable INTEGER } myTelnetHostIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The telnet client's IP address, Only these hostes can access the telnet server" ::= { myTelnetHostIpEntry 1 } myTelnetHostIpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The telnet client's IP address enable state" ::= { myTelnetHostIpEntry 2 } --WebHostIpTable myWebHostIpTable OBJECT-TYPE SYNTAX SEQUENCE OF MyWebHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of web client's IP address, only these hostes can access the web server." ::= { myUserManagementObjects 5 } myWebHostIpEntry OBJECT-TYPE SYNTAX MyWebHostIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of web host IP address table." INDEX { myWebHostIpAddress} ::= { myWebHostIpTable 1 } MyWebHostIpEntry ::= SEQUENCE { myWebHostIpAddress IpAddress, myWebHostIpEnable INTEGER } myWebHostIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The web client's IP address, Only these hostes can access the web server" ::= { myWebHostIpEntry 1 } myWebHostIpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The web client's IP address enable state" ::= { myWebHostIpEntry 2 } -- security address mySecurityAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF MySecurityAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of security address." ::= { mySecurityAddressObjects 1 } mySecurityAddressEntry OBJECT-TYPE SYNTAX MySecurityAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of Security address table." INDEX { mySecurityAddressFdbId, mySecurityAddressAddress, mySecurityAddressPort, mySecurityAddressIpAddr} ::= { mySecurityAddressTable 1 } MySecurityAddressEntry ::= SEQUENCE { mySecurityAddressFdbId Unsigned32, mySecurityAddressAddress MacAddress, mySecurityAddressPort IfIndex, mySecurityAddressIpAddr IpAddress, mySecurityAddressIfBindIp TruthValue, mySecurityAddressRemainAge Integer32, mySecurityAddressType INTEGER, mySecurityAddressStatus RowStatus } mySecurityAddressFdbId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The VID of vlan which the security address blongs to." ::= { mySecurityAddressEntry 1 } mySecurityAddressAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MAC address of the security address." ::= { mySecurityAddressEntry 2 } mySecurityAddressPort OBJECT-TYPE SYNTAX IfIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The interface which the security address blongs to." ::= { mySecurityAddressEntry 3 } mySecurityAddressIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address which the security address bind.It's meaning only when mySecurityAddressIfBindIp is true." ::= { mySecurityAddressEntry 4 } mySecurityAddressIfBindIp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "this object offer the means whether security address will bind IP." ::= { mySecurityAddressEntry 5 } mySecurityAddressRemainAge OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The remain age of the security address, in units of minute." ::= { mySecurityAddressEntry 6 } mySecurityAddressType OBJECT-TYPE SYNTAX INTEGER{ secureConfigured(1), dynamicLearn(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of the security address" ::= { mySecurityAddressEntry 7 } mySecurityAddressStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "entry status of this entry. and the means in this enviraments can reffer to the text-convention definition of the RowStatus." ::= { mySecurityAddressEntry 8 } --Address Bind Table myBindAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF MyBindAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { mySecurityAddressObjects 2 } myBindAddressEntry OBJECT-TYPE SYNTAX MyBindAddressEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of Bind address table." INDEX { myBindAddressIpAddr} ::= { myBindAddressTable 1 } MyBindAddressEntry ::= SEQUENCE { myBindAddressIpAddr IpAddress, myBindMacAddress MacAddress, myBindAddressStatus ConfigStatus } myBindAddressIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address which the security address bind.It's meaning only when myBindAddressIfBindIp is true." ::= { myBindAddressEntry 1 } myBindMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The MAC address of the security address." ::= { myBindAddressEntry 2 } myBindAddressStatus OBJECT-TYPE SYNTAX ConfigStatus MAX-ACCESS read-write STATUS current DESCRIPTION "entry status. Setting this value to 'invalid' will remove this entry" ::= { myBindAddressEntry 3 } -- port security myPortSecurityTable OBJECT-TYPE SYNTAX SEQUENCE OF MyPortSecurityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "list of port security configuration objects." ::= { myPortSecrrityObjects 1 } myPortSecurityEntry OBJECT-TYPE SYNTAX MyPortSecurityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry contains port security configurations." INDEX { myPortSecurityPortIndex } ::= { myPortSecurityTable 1 } MyPortSecurityEntry ::= SEQUENCE { myPortSecurityPortIndex IfIndex, myPortSecurityStatus EnabledStatus, myPortSecurViolationType INTEGER, myPortSecurityAddrNum Integer32, myPortSecurityAddrAge Integer32, myPortStaticSecurAddrIfAge EnabledStatus, myPortSecurityAddressCurrentNum Integer32, myPortStaticSecurAddrCurrentNum Integer32, myPortSecurityIpDistrMode INTEGER } myPortSecurityPortIndex OBJECT-TYPE SYNTAX IfIndex MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { myPortSecurityEntry 1 } myPortSecurityStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "" DEFVAL { disabled } ::= { myPortSecurityEntry 2 } myPortSecurViolationType OBJECT-TYPE SYNTAX INTEGER { violation-protect(1), violation-restrict(2), violation-shutdown(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "this object define 3 grades of port security: violation-protect(1): normal security grade, indicate that when the a datagram received on a port with illegal MAC address will be discarded but not send trap, legal and illegal MAC to a port security is defined by per port's security below. violation-restrict(2): normal security grade, indicate that when the a datagram received on a port with illegal MAC address will be discarded and send trap, legal and illegal MAC to a port security is defined by per port's security below. violation-shutdown(3): strict security grade, indicate that when the a datagram received on a port with illegal MAC address, the port will be disabled for the violation of the port's security and send trap." DEFVAL { violation-protect } ::= { myPortSecurityEntry 3 } myPortSecurityAddrNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This value means the address number threshold of this port. A new address want to add to the port address will be refused when address num exceed this value. This value is valid when myPortSecurityStatus is 'disabled'" ::= { myPortSecurityEntry 4 } myPortSecurityAddrAge OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Aging time in units of minute of security address of interface" ::= { myPortSecurityEntry 5 } myPortStaticSecurAddrIfAge OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object offer the means whether enable static configured security address aging." ::= { myPortSecurityEntry 6 } myPortSecurityAddressCurrentNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Current number of the security address of interface." ::= { myPortSecurityEntry 7 } myPortStaticSecurAddrCurrentNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Current number of the static configured security address of interface." ::= { myPortSecurityEntry 8 } myPortSecurityIpDistrMode OBJECT-TYPE SYNTAX INTEGER{ static(1), --only Static IP Distribute enabled dynamic(2), --only Dynamic IP Distribute enabled staticAndDynamic(3), --both Static and Dynamic IP Distribute enable unSpecified(4) --not specified } MAX-ACCESS read-only STATUS current DESCRIPTION "IP Distrute Mode (0:Static-only mode, 1:Dynamic-only mode, 2:Dynamic and Static mode, 3:Unspecified mode)" ::= { myPortSecurityEntry 9 } mySecurityTraps OBJECT IDENTIFIER ::= { mySecurityMIB 2 } portSecurityViolate NOTIFICATION-TYPE OBJECTS {ifIndex} STATUS current DESCRIPTION "the mac lock violate trap indicates that if you have set the threshold number of learned addresses from a port, and their comes a new address from the port, but the addresses for the port is already full." ::= { mySecurityTraps 1 } mySecurityMIBConformance OBJECT IDENTIFIER ::= { mySecurityMIB 3 } mySecurityMIBCompliances OBJECT IDENTIFIER ::= { mySecurityMIBConformance 1 } mySecurityMIBGroups OBJECT IDENTIFIER ::= { mySecurityMIBConformance 2 } -- compliance statements mySecurityMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the My Security MIB" MODULE -- this module MANDATORY-GROUPS { myUserManageMIBGroup, mySecurityAddressMIBGroup, myPortSecurityMIBGroup } ::= { mySecurityMIBCompliances 1 } -- units of conformance myUserManageMIBGroup OBJECT-GROUP OBJECTS { myEnableSnmpAgent, myEnableWeb, myEnableTelnet } STATUS current DESCRIPTION "A collection of objects providing status snmp and web and telnet management agent to a My agent." ::= { mySecurityMIBGroups 1 } mySecurityAddressMIBGroup OBJECT-GROUP OBJECTS { mySecurityAddressFdbId, mySecurityAddressAddress, mySecurityAddressPort, mySecurityAddressIpAddr, mySecurityAddressIfBindIp, mySecurityAddressRemainAge, mySecurityAddressType, mySecurityAddressStatus, myBindAddressIpAddr, myBindMacAddress, myBindAddressStatus } STATUS current DESCRIPTION "A collection of objects providing security address to a My agent." ::= { mySecurityMIBGroups 2 } myPortSecurityMIBGroup OBJECT-GROUP OBJECTS { myPortSecurityPortIndex, myPortSecurityStatus, myPortSecurViolationType, myPortSecurityAddrNum, myPortSecurityAddrAge, myPortStaticSecurAddrIfAge, myPortSecurityAddressCurrentNum, myPortStaticSecurAddrCurrentNum, myPortSecurityIpDistrMode } STATUS current DESCRIPTION "A collection of objects providing port security to a My agent." ::= { mySecurityMIBGroups 3 } END