mirror of
https://github.com/librenms/librenms.git
synced 2024-09-22 02:48:37 +00:00
7445a736a6
git-svn-id: http://www.observium.org/svn/observer/trunk@1576 61d68cd4-352d-0410-923a-c4978735b2b8
930 lines
29 KiB
Plaintext
930 lines
29 KiB
Plaintext
|
|
S5-SWITCH-BAYSECURE-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
IpAddress,
|
|
Integer32
|
|
FROM SNMPv2-SMI
|
|
TEXTUAL-CONVENTION,
|
|
MacAddress,
|
|
TimeInterval,
|
|
TruthValue
|
|
FROM SNMPv2-TC
|
|
s5Com
|
|
FROM S5-ROOT-MIB;
|
|
|
|
s5SbsAuth MODULE-IDENTITY
|
|
LAST-UPDATED "200609180000Z" -- 18 September 2006
|
|
ORGANIZATION "Nortel Networks"
|
|
CONTACT-INFO "Global Optical Customer Service
|
|
Tel: 1-800 (ASK-TRAN) or
|
|
1-800 (ASK-ETAS)"
|
|
DESCRIPTION
|
|
"5000 Switch BaySecure MIB Release 1.0.3
|
|
|
|
Copyright 1999 Bay Networks, Inc.
|
|
All rights reserved.
|
|
This Bay Networks SNMP Management Information Base Specification
|
|
(Specification) embodies Bay Networks' confidential and
|
|
proprietary intellectual property. Bay Networks retains all
|
|
title and ownership in the Specification, including any
|
|
revisions.
|
|
|
|
This Specification is supplied 'AS IS,' and Bay Networks makes
|
|
no warranty, either express or implied, as to the use,
|
|
operation, condition, or performance of the Specification."
|
|
|
|
REVISION "200609180000Z" -- 18 September 2006
|
|
DESCRIPTION "Version 110: Fix DESCRIPTIONS"
|
|
|
|
REVISION "200503090000Z" -- 9 Mar 2005
|
|
DESCRIPTION "Version 109: Expanded range of s5SbsAutoLearningConfigMaxMacs."
|
|
|
|
REVISION "200409030000Z" -- 3 Sept 2004
|
|
DESCRIPTION "Version 108: Added s5SbsAutoLearningPorts."
|
|
|
|
REVISION "200407220000Z" -- 22 July 2004
|
|
DESCRIPTION "Version 107: Added auto-learning enhancements."
|
|
|
|
REVISION "200407200000Z" -- 20 July 2004
|
|
DESCRIPTION "Version 106: Added version info"
|
|
|
|
REVISION "200302200000Z" -- 20 February 2003
|
|
DESCRIPTION
|
|
"v104: 1. Added s5SbsMacViolationTable
|
|
2. Converted to SMIv2"
|
|
|
|
::= { s5Com 3 }
|
|
|
|
PortSet ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The string is a variable length string which may vary from
|
|
0 to 256 octets long. The user must use the OCTET STRING
|
|
length field in order to convey/determine how many octets
|
|
are being used. Each bit corresponds to a port, as
|
|
represented by its ifIndex value . When a bit has the value
|
|
one(1), the corresponding port is a member of the set. When
|
|
a bit has the value zero(0), the corresponding port is not a
|
|
member of the set. The encoding is such that the most
|
|
significant bit of octet #1 corresponds to ifIndex 0, while
|
|
the least significant bit of the last octet corresponds to
|
|
ifIndex ((octet_string_length * 8) - 1). For example, the
|
|
least significant bit of octet #64 corresponds to ifIndex 511."
|
|
SYNTAX OCTET STRING (SIZE (0..256))
|
|
|
|
|
|
-- Switch BaySecure MIB Group
|
|
|
|
s5SbsAuthSecurityLock OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
locked(2),
|
|
notlocked(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If s5SbsAuthSecurityLock is locked(2), the agent will refuse
|
|
all requests to modify the 'security configuration'.
|
|
Objects in s5SbsAuth, the Switch BaySecure MIB Group
|
|
that are part of the 'security configuration', includes
|
|
s5SbsAuthCtlPartTime, objects in s5SbsAuthCfgTable,
|
|
Set requests for all read/write objects in s5SbsAuth group
|
|
excluding this object will result in a BadValue return value."
|
|
::= { s5SbsAuth 1 }
|
|
|
|
|
|
s5SbsAuthCtlPartTime OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"If the value of s5SbsAuthCfgActionMode is partitionPort or
|
|
partitionPortAndSendTrap, time partition will be done if this
|
|
value is greater than 0. The value indicates the duration of
|
|
the time for port partitioning in seconds. The default value is
|
|
zero. When this value is zero, port remians partitioned until
|
|
manually re-enabled."
|
|
DEFVAL {0}
|
|
::= { s5SbsAuth 2 }
|
|
|
|
|
|
s5SbsSecurityStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether the switch security feature is enabled or not."
|
|
::= { s5SbsAuth 3 }
|
|
|
|
|
|
s5SbsSecurityMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
singleMACperPort(1),
|
|
macList(2),
|
|
autoLearn(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mode of switch security. singleMACperPort(1) indicates
|
|
that the switch is in single-MAC-per-port mode which means it
|
|
allows to configure only one MAC address per port. macList(2)
|
|
indicates that the switch is in MAC-List mode, user can
|
|
configure more than one MAC address per port, the maximum numbers
|
|
of MAC address per port vary from switch to switch. autoLearn(3)
|
|
indicates that the switch will learn the first MAC address on each
|
|
port as an allowed address of that port. Change made between
|
|
singleMACperPort(1), macList(2) and autoLearn(3)
|
|
will erase all the data in s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 4 }
|
|
|
|
|
|
s5SbsSecurityAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
noAction(1),
|
|
trap(2),
|
|
partitionPort(3),
|
|
partitionPortAndsendTrap(4),
|
|
daFiltering(5),
|
|
daFilteringAndsendTrap(6),
|
|
partitionPortAnddaFiltering(7),
|
|
partitionPortdaFilteringAndsendTrap(8)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action performed by software when a violation occurs (if
|
|
s5SbsSecurityStatus is enabled). The security action specified
|
|
here applies to all ports of the switch.
|
|
|
|
NOTE: da means destination address.
|
|
|
|
A blocked address will always cause the port to be partitioned
|
|
when unauthorized access is attempted. See
|
|
s5SbsAuthCfgAccessCtrlType for more information on allowed
|
|
and blocked addresses."
|
|
::= { s5SbsAuth 5 }
|
|
|
|
|
|
s5SbsCurrNodesAllowed OBJECT-TYPE
|
|
SYNTAX INTEGER (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries of the nodes allowed in the
|
|
s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 6 }
|
|
|
|
|
|
s5SbsMaxNodesAllowed OBJECT-TYPE
|
|
SYNTAX INTEGER (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries of the nodes allowed in the
|
|
s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 7 }
|
|
|
|
s5SbsCurrNodesBlocked OBJECT-TYPE
|
|
SYNTAX INTEGER (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries of the nodes blocked in the
|
|
s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 8 }
|
|
|
|
|
|
s5SbsMaxNodesBlocked OBJECT-TYPE
|
|
SYNTAX INTEGER (0..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries of the nodes blocked
|
|
in the s5SbsAuthCfgTable."
|
|
::= { s5SbsAuth 9 }
|
|
|
|
|
|
|
|
|
|
-- Authorized Board and Port Configuration Table
|
|
|
|
|
|
s5SbsAuthCfgTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsAuthCfgEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a list of boards and ports and MAC
|
|
addresses that constitute the security configuration."
|
|
::= { s5SbsAuth 10 }
|
|
|
|
|
|
s5SbsAuthCfgEntry OBJECT-TYPE
|
|
SYNTAX S5SbsAuthCfgEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table indicates the security
|
|
configuration for a specified MAC address and a specified
|
|
port and a specified board. A SNMP SET PDU for a row of the
|
|
s5SbsAuthCfgTable requires the entired sequence of the
|
|
MIB Objects in each s5SbsAuthCfgEntry stored in one PDU.
|
|
Otherwise, GENERR return-value will be returned."
|
|
INDEX {
|
|
s5SbsAuthCfgBrdIndx,
|
|
s5SbsAuthCfgPortIndx,
|
|
s5SbsAuthCfgMACIndx
|
|
}
|
|
::= { s5SbsAuthCfgTable 1 }
|
|
|
|
S5SbsAuthCfgEntry ::=
|
|
SEQUENCE {
|
|
s5SbsAuthCfgBrdIndx INTEGER,
|
|
s5SbsAuthCfgPortIndx INTEGER,
|
|
s5SbsAuthCfgMACIndx MacAddress,
|
|
s5SbsAuthCfgAccessCtrlType INTEGER,
|
|
s5SbsAuthCfgStatus INTEGER,
|
|
s5SbsAuthCfgSecureList INTEGER,
|
|
s5SbsAuthCfgSource INTEGER,
|
|
s5SbsAuthCfgLifetime TimeInterval
|
|
}
|
|
|
|
|
|
|
|
s5SbsAuthCfgBrdIndx OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the slot containing the board on which the
|
|
port is located. This value is meaningful --NEW
|
|
only if s5SbsAuthCfgSecureList value is zero. --NEW
|
|
For other SecureList values it should have the value of zero. "
|
|
::= { s5SbsAuthCfgEntry 1}
|
|
|
|
|
|
s5SbsAuthCfgPortIndx OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the port on the board. This value is meaningful
|
|
only if s5SbsAuthCfgSecureList value is zero. --NEW
|
|
For other SecureList values it should have the value of zero. "
|
|
::= { s5SbsAuthCfgEntry 2 }
|
|
|
|
|
|
s5SbsAuthCfgMACIndx OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of source MAC address of allowed station or
|
|
not-allowed station."
|
|
::= { s5SbsAuthCfgEntry 3 }
|
|
|
|
|
|
s5SbsAuthCfgAccessCtrlType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allowed(1),
|
|
blocked(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Node Access Control Type represents whether
|
|
the node entry is node allowed or node blocked type.
|
|
|
|
A MAC address may be allowed on multiple ports."
|
|
::= { s5SbsAuthCfgEntry 4 }
|
|
|
|
|
|
s5SbsAuthCfgStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
valid(1),
|
|
create(2),
|
|
delete(3),
|
|
modify(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of the AuthCfg entry. The primary use of
|
|
this object is for modifying the AuthCfg table. Values
|
|
that can be written create(2), delete(3), modify(4).
|
|
Values that can be read: valid(1). Setting this entry
|
|
to delete(3) causes the entry to be deleted from the
|
|
table. Setting a new entry with create(2) causes the
|
|
entry to be created in the table. Setting an entry with
|
|
modify(4) causes the entry to be modified. The response
|
|
to a get request or get-next request will always indicate
|
|
a status of valid (1), since invalid entries are removed
|
|
from the table.
|
|
|
|
This object cannot be modified for entries whose value of
|
|
s5SbsAuthCfgSource is autoLearn(2). Any such attempt
|
|
will generate an inconsistentValue error."
|
|
::= { s5SbsAuthCfgEntry 5 }
|
|
|
|
|
|
s5SbsAuthCfgSecureList OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the security list. This value is meaningful
|
|
only if s5SbsAuthCfgBrdIndx and s5SbsAuthCfgPortIndx values
|
|
are zero. For other board and port index values
|
|
it should have the value of zero. This value is used
|
|
as an index into s5SbsSecurityListTable.
|
|
The corresponding MAC Address of this entry is allowed or blocked
|
|
on all the ports of that port list. "
|
|
::= { s5SbsAuthCfgEntry 6 }
|
|
|
|
|
|
s5SbsAuthCfgSource OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
static(1),
|
|
autoLearn(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the source of an entry. A value of static(1)
|
|
indicates that the entry was manually created by a user. A value
|
|
of autoLearn(2) indicates that the entry was auto-learned. Note
|
|
that an auto-learned entry cannot be directly deleted, though disabling
|
|
auto-learning for a port will delete all auto-learned MAC addresses
|
|
for the port."
|
|
::= { s5SbsAuthCfgEntry 7 }
|
|
|
|
|
|
s5SbsAuthCfgLifetime OBJECT-TYPE
|
|
SYNTAX TimeInterval
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the lifetime of an auto-learned entry. This
|
|
is the time until the entry is automatically deleted by the system.
|
|
This object does not apply to entries whose value of
|
|
s5SbsAuthCfgSource is static(1), and for such entries, the value of
|
|
this object will always be 0."
|
|
::= { s5SbsAuthCfgEntry 8 }
|
|
|
|
|
|
-- Authorized Board and Port Status Table
|
|
|
|
|
|
|
|
s5SbsAuthStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsAuthStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a snapshot of the authorized boards
|
|
and ports status data collection. Port security
|
|
information consists of an action to be performed when
|
|
an unAuthorized station is detected and the current
|
|
security status of a port."
|
|
::= { s5SbsAuth 11}
|
|
|
|
|
|
s5SbsAuthStatusEntry OBJECT-TYPE
|
|
SYNTAX S5SbsAuthStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table may represent a single MAC address,
|
|
all MAC addresses on a single port, a single port,
|
|
all the ports on a single board, a particuler port on all
|
|
the boards, or all the ports on all the boards."
|
|
INDEX {
|
|
s5SbsAuthStatusBrdIndx,
|
|
s5SbsAuthStatusPortIndx,
|
|
s5SbsAuthStatusMACIndx
|
|
}
|
|
::= { s5SbsAuthStatusTable 1 }
|
|
|
|
|
|
S5SbsAuthStatusEntry ::=
|
|
SEQUENCE {
|
|
s5SbsAuthStatusBrdIndx
|
|
INTEGER,
|
|
s5SbsAuthStatusPortIndx
|
|
INTEGER,
|
|
s5SbsAuthStatusMACIndx
|
|
MacAddress,
|
|
s5SbsCurrentAccessCtrlType
|
|
INTEGER,
|
|
s5SbsCurrentActionMode
|
|
INTEGER,
|
|
s5SbsCurrentPortSecurStatus
|
|
INTEGER
|
|
}
|
|
|
|
|
|
|
|
s5SbsAuthStatusBrdIndx OBJECT-TYPE
|
|
SYNTAX INTEGER(0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the board. This corresponds to the index of
|
|
the slot containing the board if the index is greater
|
|
than zero. A zero index is a wild card."
|
|
::= { s5SbsAuthStatusEntry 1 }
|
|
|
|
|
|
s5SbsAuthStatusPortIndx OBJECT-TYPE
|
|
SYNTAX INTEGER(0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the port on the board. This corresponds to
|
|
the index of the last manageable port on the board if
|
|
the index is greater than zero. A zero index is a wild
|
|
card."
|
|
::= { s5SbsAuthStatusEntry 2 }
|
|
|
|
|
|
s5SbsAuthStatusMACIndx OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of MAC address on the port. This corresponds to
|
|
the index of the MAC address on the port if
|
|
the index is greater than zero. A zero index is a wild
|
|
card."
|
|
::= { s5SbsAuthStatusEntry 3 }
|
|
|
|
|
|
s5SbsCurrentAccessCtrlType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allow(1),
|
|
block(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Node Access Control Type represents whether
|
|
the node entry is node allowed or node blocked type."
|
|
::= { s5SbsAuthStatusEntry 4 }
|
|
|
|
|
|
s5SbsCurrentActionMode OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
noAction(1),
|
|
partitionPort(2),
|
|
partitionPortAndsendTrap(3),
|
|
daFiltering(4),
|
|
daFilteringAndsendTrap(5),
|
|
sendTrap(6),
|
|
partitionPortAnddaFiltering(7),
|
|
partitionPortdaFilteringAndsendTrap(8)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An integer value representing the type of information
|
|
contained in this s5SbsAuthStatusEntry.
|
|
noAction(1) represents that port does not have any security
|
|
assigned or the security is turned off.
|
|
|
|
partitionPort(2) represents port is partitioned.
|
|
|
|
partitionPortAndsendTrap(3) represents port is partitioned
|
|
and a trap will be sent to trap receive station(s).
|
|
|
|
daFiltering(4) represents port will filter out the frames with
|
|
the desitnation address field is the MAC address of unauthorized
|
|
station.
|
|
|
|
daFilteringAndsendTrap(5) represents port will filter out the
|
|
frames with the desitnation address field is the MAC address
|
|
of unauthorized station and a trap will be sent to trap receive
|
|
station(s).
|
|
|
|
sendtrap(6) represents a trap will be sent to trap receive station(s).
|
|
|
|
partitionPortAnddaFiltering(7) represents port is partitioned and
|
|
port will filter out the frames with the destination address field
|
|
is the MAC address of unauthorized station.
|
|
|
|
partitionPortdaFilteringAndsendTrap(8) represents port is partitioned,
|
|
port will filter out the frames with the destination address field
|
|
is the MAC address of unauthorized station and a trap will be sent to
|
|
trap receive station(s)."
|
|
::= { s5SbsAuthStatusEntry 5 }
|
|
|
|
|
|
s5SbsCurrentPortSecurStatus OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
notApplicable(1),
|
|
portSecure(2),
|
|
portPartition(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This represents the current port security status.
|
|
If s5SbsSecurityStatus is disable, notApplicable(1) will
|
|
be returned. The port in a normal situation returns the
|
|
status with portSecure(2). portPartition(3) will be returned
|
|
only if the port is partitioned."
|
|
::= { s5SbsAuthStatusEntry 6 }
|
|
|
|
|
|
-- Violation Board and Port Status Table
|
|
|
|
|
|
|
|
s5SbsViolationStatusTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsViolationStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a list of boards, ports where
|
|
network access violations have occurred. Information
|
|
also contains the offending MAC addrersses."
|
|
::= { s5SbsAuth 12}
|
|
|
|
|
|
s5SbsViolationStatusEntry OBJECT-TYPE
|
|
SYNTAX S5SbsViolationStatusEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table "
|
|
INDEX {
|
|
s5SbsViolationStatusBrdIndx,
|
|
s5SbsViolationStatusPortIndx
|
|
}
|
|
::= { s5SbsViolationStatusTable 1 }
|
|
|
|
S5SbsViolationStatusEntry ::=
|
|
SEQUENCE {
|
|
s5SbsViolationStatusBrdIndx
|
|
INTEGER,
|
|
s5SbsViolationStatusPortIndx
|
|
INTEGER,
|
|
s5SbsViolationStatusMACAddress
|
|
MacAddress
|
|
}
|
|
|
|
|
|
|
|
s5SbsViolationStatusBrdIndx OBJECT-TYPE
|
|
SYNTAX INTEGER(1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the board. This corresponds to the
|
|
slot containing the board. This index will be 1 where
|
|
it is not applicable, e.g., ByaStack 303/304."
|
|
::= { s5SbsViolationStatusEntry 1 }
|
|
|
|
|
|
s5SbsViolationStatusPortIndx OBJECT-TYPE
|
|
SYNTAX INTEGER(1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the port on the board. This corresponds to
|
|
the port on which a security violation was seen."
|
|
::= { s5SbsViolationStatusEntry 2 }
|
|
|
|
|
|
s5SbsViolationStatusMACAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address of the device attempting unauthorized
|
|
network access. (MAC addrees-based security)"
|
|
::= { s5SbsViolationStatusEntry 3 }
|
|
|
|
|
|
s5SbsMgmViolationType OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
snmp(1),
|
|
web(2),
|
|
telnet(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of management access attempted when the violation
|
|
occurred."
|
|
::= { s5SbsAuth 13 }
|
|
|
|
|
|
s5SbsMgmViolationIpAddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Address of the station attempting unauthorized
|
|
management access."
|
|
::= { s5SbsAuth 14 }
|
|
|
|
|
|
s5SbsPortSecurityStatus OBJECT-TYPE
|
|
SYNTAX PortSet
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The set of ports for which security is enabled.
|
|
The bitwise AND of s5SbsPortSecurityStatus and
|
|
s5SbsPortLearnStatus must be the empty set."
|
|
::= { s5SbsAuth 15 }
|
|
|
|
|
|
s5SbsPortLearnStatus OBJECT-TYPE
|
|
SYNTAX PortSet
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The set of ports for which auto learning is enabled. Note that
|
|
a port's bit in this object may not be turned on if the port's
|
|
value of s5SbsAutoLearningConfigEnabled is true(1)."
|
|
::= { s5SbsAuth 16 }
|
|
|
|
|
|
s5SbsCurrSecurityLists OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current number of entries of the Security lists in the
|
|
s5SbsSecurityListTable."
|
|
::= { s5SbsAuth 17 }
|
|
|
|
|
|
s5SbsMaxSecurityLists OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of entries of the Security lists in the
|
|
s5SbsSecurityListTable."
|
|
::= { s5SbsAuth 18 }
|
|
|
|
|
|
-- Port Security Lists Table
|
|
|
|
|
|
|
|
s5SbsSecurityListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsSecurityListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a list of Security port lists."
|
|
::= { s5SbsAuth 19}
|
|
|
|
|
|
s5SbsSecurityListEntry OBJECT-TYPE
|
|
SYNTAX S5SbsSecurityListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table "
|
|
INDEX { s5SbsSecurityListIndx }
|
|
::= { s5SbsSecurityListTable 1 }
|
|
|
|
S5SbsSecurityListEntry ::=
|
|
SEQUENCE {
|
|
s5SbsSecurityListIndx INTEGER,
|
|
s5SbsSecurityListMembers PortSet,
|
|
s5SbsSecurityListStatus INTEGER
|
|
}
|
|
|
|
s5SbsSecurityListIndx OBJECT-TYPE
|
|
SYNTAX INTEGER(1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of the security list. This corresponds to the
|
|
Security port list which can be used as index into
|
|
s5SbsAuthCfgTable. "
|
|
::= { s5SbsSecurityListEntry 1 }
|
|
|
|
|
|
s5SbsSecurityListMembers OBJECT-TYPE
|
|
SYNTAX PortSet
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The set of ports that are currently members in
|
|
this Port list."
|
|
::= { s5SbsSecurityListEntry 2 }
|
|
|
|
s5SbsSecurityListStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
valid(1),
|
|
create(2),
|
|
delete(3),
|
|
modify(4)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of the SecurityList entry. The primary use of
|
|
this object is for modifying the SecurityList table. Values
|
|
that can be written create(2), delete(3), modify(4).
|
|
Values that can be read: valid(1). Setting this entry
|
|
to delete(3) causes the entry to be deleted from the
|
|
table. Setting a new entry with create(2) causes the
|
|
entry to be created in the table. Setting an entry with
|
|
modify(4) causes the entry to be modified. The response
|
|
to a get request or get-next request will always indicate
|
|
a status of valid (1), since invalid entries are removed
|
|
from the table. "
|
|
::= { s5SbsSecurityListEntry 3 }
|
|
|
|
|
|
|
|
|
|
|
|
--
|
|
-- s5SbsMacViolation group, contains info about MAC addresses that have
|
|
-- caused access violations
|
|
--
|
|
|
|
s5SbsMacViolation OBJECT IDENTIFIER ::= { s5SbsAuth 20 }
|
|
|
|
s5SbsMacViolationClear OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
clear(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to clear all entries in the
|
|
s5SbsMacViolationTable. Setting it to clear(2) will clear all
|
|
entries in that table. Setting it to other(1) has no effect.
|
|
This object always returns a value of other(1)."
|
|
::= { s5SbsMacViolation 1 }
|
|
|
|
s5SbsMacViolationTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsMacViolationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing a list of Security port lists."
|
|
::= { s5SbsMacViolation 2}
|
|
|
|
|
|
s5SbsMacViolationEntry OBJECT-TYPE
|
|
SYNTAX S5SbsMacViolationEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table "
|
|
INDEX { s5SbsMacViolationAddress }
|
|
::= { s5SbsMacViolationTable 1 }
|
|
|
|
S5SbsMacViolationEntry ::=
|
|
SEQUENCE {
|
|
s5SbsMacViolationAddress MacAddress,
|
|
s5SbsMacViolationBrd INTEGER,
|
|
s5SbsMacViolationPort INTEGER
|
|
}
|
|
|
|
s5SbsMacViolationAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MAC address that caused an access violation."
|
|
::= { s5SbsMacViolationEntry 1 }
|
|
|
|
|
|
s5SbsMacViolationBrd OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The last board/slot/unit number on which the MAC address caused
|
|
an access violation."
|
|
::= { s5SbsMacViolationEntry 2 }
|
|
|
|
s5SbsMacViolationPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The last port number on which the MAC address caused an access
|
|
violation."
|
|
::= { s5SbsMacViolationEntry 3 }
|
|
|
|
|
|
|
|
--
|
|
-- Additional objects for auto-learning support
|
|
--
|
|
|
|
|
|
s5SbsAutoLearningAgingTime OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
UNITS "Hours"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The lifetime for MAC addresses that are auto-learned. This
|
|
is measure in hours. A value of 0 means addresses are not
|
|
aged out."
|
|
DEFVAL { 60 }
|
|
::= { s5SbsAuth 21 }
|
|
|
|
s5SbsAutoLearningConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF S5SbsAutoLearningConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table containing per-port configuration for auto-learning.
|
|
Entries exist in the table for each ethernet port in the system."
|
|
::= { s5SbsAuth 22 }
|
|
|
|
s5SbsAutoLearningConfigEntry OBJECT-TYPE
|
|
SYNTAX S5SbsAutoLearningConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in this table "
|
|
INDEX { s5SbsAutoLearningConfigBrd, s5SbsAutoLearningConfigPort }
|
|
::= { s5SbsAutoLearningConfigTable 1 }
|
|
|
|
S5SbsAutoLearningConfigEntry ::=
|
|
SEQUENCE {
|
|
s5SbsAutoLearningConfigBrd INTEGER,
|
|
s5SbsAutoLearningConfigPort INTEGER,
|
|
s5SbsAutoLearningConfigEnabled TruthValue,
|
|
s5SbsAutoLearningConfigMaxMacs Integer32
|
|
}
|
|
|
|
s5SbsAutoLearningConfigBrd OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The board/slot/unit number."
|
|
::= { s5SbsAutoLearningConfigEntry 1 }
|
|
|
|
s5SbsAutoLearningConfigPort OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port number."
|
|
::= { s5SbsAutoLearningConfigEntry 2 }
|
|
|
|
s5SbsAutoLearningConfigEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates whether auto-learning is enabled on
|
|
the port. Note that this object may not be set to true(1)
|
|
for a port whose bit is turned on in s5SbsPortLearnStatus.
|
|
Likewise, a port's bit in s5SbsPortLearnStatus may not be
|
|
turned on if the port's value of s5SbsAutoLearningConfigEnabled
|
|
is true(1).
|
|
|
|
Note that if this object is changed from true(1) to false(2),
|
|
all auto-learned MAC addresses for the port will be removed."
|
|
DEFVAL { false }
|
|
::= { s5SbsAutoLearningConfigEntry 3 }
|
|
|
|
s5SbsAutoLearningConfigMaxMacs OBJECT-TYPE
|
|
SYNTAX Integer32 (1..25)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the maximum number of MAC addresses
|
|
that may be learned on the port."
|
|
DEFVAL { 2 }
|
|
::= { s5SbsAutoLearningConfigEntry 4 }
|
|
|
|
s5SbsAutoLearningPorts OBJECT-TYPE
|
|
SYNTAX PortSet
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the set of ports for which auto-
|
|
learning is enabled. It is an alternative to
|
|
s5SbsAutoLearningConfigEnabled."
|
|
::= { s5SbsAuth 23 }
|
|
|
|
END
|