mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-16 07:34:58 +00:00
874 lines
23 KiB
INI
874 lines
23 KiB
INI
#-MIBFILE: cisco-port-security-mib.mib
|
|
|
|
CISCO-PORT-SECURITY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
|
|
OwnerString ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
InterfaceIndex ::=
|
|
INTEGER (1..2147483647)
|
|
|
|
InterfaceIndexOrZero ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
mib-2 OBJECT IDENTIFIER ::= { mgmt 1 }
|
|
interfaces OBJECT IDENTIFIER ::= { mib-2 2 }
|
|
ifTable OBJECT IDENTIFIER ::= { interfaces 2 }
|
|
ifEntry OBJECT IDENTIFIER ::= { ifTable 1 }
|
|
ifIndex OBJECT IDENTIFIER ::= { ifEntry 1 }
|
|
ifMIB OBJECT IDENTIFIER ::= { mib-2 31 }
|
|
ifMIBObjects OBJECT IDENTIFIER ::= { ifMIB 1 }
|
|
ifXTable OBJECT IDENTIFIER ::= { ifMIBObjects 1 }
|
|
ifXEntry OBJECT IDENTIFIER ::= { ifXTable 1 }
|
|
ifName OBJECT IDENTIFIER ::= { ifXEntry 1 }
|
|
interfaces OBJECT IDENTIFIER ::= { mib-2 2 }
|
|
DisplayString ::=
|
|
OCTET STRING (SIZE(0..255))
|
|
|
|
PhysAddress ::=
|
|
OCTET STRING
|
|
|
|
MacAddress ::=
|
|
OCTET STRING (SIZE(6))
|
|
|
|
TruthValue ::=
|
|
INTEGER {
|
|
true(1),
|
|
false(2)
|
|
}
|
|
|
|
TestAndIncr ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
AutonomousType ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
InstancePointer ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
VariablePointer ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
RowPointer ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
RowStatus ::=
|
|
INTEGER {
|
|
active(1),
|
|
notInService(2),
|
|
notReady(3),
|
|
createAndGo(4),
|
|
createAndWait(5),
|
|
destroy(6)
|
|
}
|
|
|
|
TimeStamp ::=
|
|
TimeTicks
|
|
|
|
TimeInterval ::=
|
|
INTEGER (0..2147483647)
|
|
|
|
DateAndTime ::=
|
|
OCTET STRING (SIZE(8|11))
|
|
|
|
StorageType ::=
|
|
INTEGER {
|
|
other(1),
|
|
volatile(2),
|
|
nonVolatile(3),
|
|
permanent(4),
|
|
readOnly(5)
|
|
}
|
|
|
|
TDomain ::=
|
|
OBJECT IDENTIFIER
|
|
|
|
TAddress ::=
|
|
OCTET STRING (SIZE(1..255))
|
|
|
|
cisco OBJECT IDENTIFIER ::= { enterprises 9 }
|
|
ciscoMgmt OBJECT IDENTIFIER ::= { cisco 9 }
|
|
VlanIndex ::=
|
|
INTEGER (0..4095)
|
|
|
|
ManagementDomainIndex ::=
|
|
INTEGER (1..255)
|
|
|
|
VlanType ::=
|
|
INTEGER {
|
|
ethernet(1),
|
|
fddi(2),
|
|
tokenRing(3),
|
|
fddiNet(4),
|
|
trNet(5),
|
|
deprecated(6)
|
|
}
|
|
|
|
VlanTypeExt ::=
|
|
OCTET STRING {
|
|
vtpmanageable(0),
|
|
internal(1),
|
|
reserved(2),
|
|
rspan(3)
|
|
}
|
|
|
|
ciscoVtpMIB OBJECT IDENTIFIER ::= { ciscoMgmt 46 }
|
|
vtpMIBObjects OBJECT IDENTIFIER ::= { ciscoVtpMIB 1 }
|
|
vlanInfo OBJECT IDENTIFIER ::= { vtpMIBObjects 3 }
|
|
vtpVlanTable OBJECT IDENTIFIER ::= { vlanInfo 1 }
|
|
vtpVlanEntry OBJECT IDENTIFIER ::= { vtpVlanTable 1 }
|
|
vtpVlanName OBJECT IDENTIFIER ::= { vtpVlanEntry 4 }
|
|
PortList ::=
|
|
OCTET STRING
|
|
|
|
VlanId ::=
|
|
INTEGER (1..4094)
|
|
|
|
ClearSecureMacAddrType ::=
|
|
INTEGER {
|
|
done(0),
|
|
dynamic(1),
|
|
static(2),
|
|
sticky(3),
|
|
all(4)
|
|
}
|
|
|
|
ciscoPortSecurityMIB OBJECT IDENTIFIER ::= { ciscoMgmt 315 }
|
|
|
|
ciscoPortSecurityMIBNotifs OBJECT IDENTIFIER ::= { ciscoPortSecurityMIB 0 }
|
|
|
|
ciscoPortSecurityMIBObjects OBJECT IDENTIFIER ::= { ciscoPortSecurityMIB 1 }
|
|
|
|
ciscoPortSecurityMIBConform OBJECT IDENTIFIER ::= { ciscoPortSecurityMIB 2 }
|
|
|
|
cpsGlobalObjects OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBObjects 1 }
|
|
|
|
cpsInterfaceObjects OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBObjects 2 }
|
|
|
|
cpsGlobalMaxSecureAddress OBJECT-TYPE
|
|
SYNTAX INTEGER (1..2147483647)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The maximum number of secure MAC addresses
|
|
allowed in the device."
|
|
::= { cpsGlobalObjects 1 }
|
|
|
|
|
|
cpsGlobalTotalSecureAddress OBJECT-TYPE
|
|
SYNTAX INTEGER (0..2147483647)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The total number of MAC addresses secured
|
|
in the device."
|
|
::= { cpsGlobalObjects 2 }
|
|
|
|
|
|
cpsGlobalPortSecurityEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The global control to enable or disable
|
|
port security feature on the device."
|
|
::= { cpsGlobalObjects 3 }
|
|
|
|
|
|
cpsGlobalSNMPNotifRate OBJECT-TYPE
|
|
SYNTAX INTEGER (0..1000)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The global control to set the SNMP Notification
|
|
rate for port security feature. This object
|
|
specifies the rate at which SNMP Notifications
|
|
are generated when cpsIfViolationAction
|
|
selected is of the type 'dropNotify'.
|
|
A value of 0 indicates that an SNMP Notification
|
|
is generated for every security violation."
|
|
::= { cpsGlobalObjects 4 }
|
|
|
|
|
|
cpsGlobalSNMPNotifControl OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Set to 'true' to enable global SNMP Notification
|
|
for port security feature. Setting the object to
|
|
'false' will disable SNMP notifications even if
|
|
the cpsIfViolationAction is set to 'dropNotify'
|
|
on an interface. The default value is 'false'."
|
|
::= { cpsGlobalObjects 5 }
|
|
|
|
|
|
cpsGlobalClearSecureMacAddresses OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
done(0),
|
|
dynamic(1),
|
|
static(2),
|
|
sticky(3),
|
|
all(4)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This objects allows the user to delete
|
|
secure MAC addresses based on the specified
|
|
type."
|
|
::= { cpsGlobalObjects 6 }
|
|
|
|
|
|
cpsIfConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpsIfConfigEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A list of port security configuration entries.
|
|
The number of entries is determined by the number of
|
|
interfaces in the system that can support the
|
|
port security feature. Interfaces that are not
|
|
port security capable will not be displayed
|
|
in this Table. This table includes interfaces
|
|
on which port security parameters can be set even
|
|
if port security feature itself cannot be enabled
|
|
due to conflict with other features."
|
|
::= { cpsInterfaceObjects 1 }
|
|
|
|
|
|
cpsIfConfigEntry OBJECT-TYPE
|
|
SYNTAX CpsIfConfigEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Entry containing port security information for a
|
|
particular interface."
|
|
INDEX { ifIndex }
|
|
|
|
::= { cpsIfConfigTable 1 }
|
|
|
|
cpsIfConfigEntry ::=
|
|
SEQUENCE {
|
|
cpsIfPortSecurityEnable TruthValue,
|
|
cpsIfPortSecurityStatus INTEGER,
|
|
cpsIfMaxSecureMacAddr Integer32,
|
|
cpsIfCurrentSecureMacAddrCount Integer32,
|
|
cpsIfSecureMacAddrAgingTime Integer32,
|
|
cpsIfSecureMacAddrAgingType INTEGER,
|
|
cpsIfStaticMacAddrAgingEnable TruthValue,
|
|
cpsIfViolationAction INTEGER,
|
|
cpsIfViolationCount Counter32,
|
|
cpsIfSecureLastMacAddress MacAddress,
|
|
cpsIfClearSecureAddresses TruthValue,
|
|
cpsIfUnicastFloodingEnable TruthValue,
|
|
cpsIfShutdownTimeout Unsigned32,
|
|
cpsIfClearSecureMacAddresses ClearSecureMacAddrType,
|
|
cpsIfStickyEnable TruthValue,
|
|
cpsIfInvalidSrcRateLimitEnable TruthValue,
|
|
cpsIfInvalidSrcRateLimitValue Integer32
|
|
}
|
|
|
|
cpsIfPortSecurityEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates whether the port security feature
|
|
is enabled on an interface. Upon setting this
|
|
object to 'true', the source MAC address that
|
|
does not match any cpsSecureMacAddress for the
|
|
given interface in cpsSecureMacAddressTable and
|
|
the value of cpsIfCurrentSecureMacAddrCount is
|
|
equal to cpsIfMaxSecureMacAddr, is considered
|
|
as port security violation and an action as
|
|
specified in cpsIfViolationAction is taken on
|
|
the interface. The value of this object has no
|
|
effect when the value of
|
|
cpsGlobalPortSecurityEnable is set to 'false'."
|
|
::= { cpsIfConfigEntry 1 }
|
|
|
|
|
|
cpsIfPortSecurityStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
secureup(1),
|
|
securedown(2),
|
|
shutdown(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object represents the operational status
|
|
of the port security feature on an interface.
|
|
|
|
secureup(1) - This indicates port security
|
|
is operational.
|
|
securedown(2) - This indicates port security is
|
|
not operational. This happens
|
|
when port security is configured
|
|
to be enabled but could not be
|
|
enabled due to certain reasons
|
|
such as conflict with other
|
|
features.
|
|
shutdown(3) - This indicates that the port is
|
|
shutdown due to port security
|
|
violation when the object
|
|
cpsIfViolationAction is of type
|
|
'shutdown'."
|
|
::= { cpsIfConfigEntry 2 }
|
|
|
|
|
|
cpsIfMaxSecureMacAddr OBJECT-TYPE
|
|
SYNTAX INTEGER (1..2147483647)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The maximum number (N) of MAC addresses to be
|
|
secured on the interface. The first N MAC
|
|
addresses learned or configured are made secured.
|
|
Changing this object value from N to M is not
|
|
allowed if M is smaller than N, and M is less
|
|
than the value of cpsIfCurrentSecureMacAddrCount
|
|
on the interface. One way to change the number in
|
|
this case is by deleting sufficient number of
|
|
secure mac addresses configured or learned on the
|
|
device. Also, sum of this object value for all the
|
|
interfaces is less than or equal to
|
|
cpsGlobalMaxSecureAddress."
|
|
::= { cpsIfConfigEntry 3 }
|
|
|
|
|
|
cpsIfCurrentSecureMacAddrCount OBJECT-TYPE
|
|
SYNTAX INTEGER (0..2147483647)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The current number of MAC addresses secured
|
|
on this interface."
|
|
::= { cpsIfConfigEntry 4 }
|
|
|
|
|
|
cpsIfSecureMacAddrAgingTime OBJECT-TYPE
|
|
SYNTAX INTEGER (0..1440)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The interval in which the interface is
|
|
secured. After the expiration of the
|
|
time, the corresponding cpsSecureMacAddressEntry
|
|
from the cpsSecureMacAddressTable will be
|
|
removed. If the value of this object is 0,
|
|
the aging mechanism is disabled."
|
|
::= { cpsIfConfigEntry 5 }
|
|
|
|
|
|
cpsIfSecureMacAddrAgingType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
absolute(1),
|
|
inactivity(2)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The aging type determines the way the
|
|
secure MAC addresses are aged out.
|
|
absolute(1) - all the secure MAC addresses
|
|
will be aged out after
|
|
cpsIfSecureMacAddrAgingTime
|
|
minutes since the time the
|
|
secure MAC address is learned
|
|
or configured.
|
|
inactivity(2) - all the secure MAC addresses
|
|
will age out and will be removed
|
|
from the cpsSecureMacAddressTable
|
|
only if there is no data traffic
|
|
from the secure source MAC address
|
|
for the specified time period."
|
|
::= { cpsIfConfigEntry 6 }
|
|
|
|
|
|
cpsIfStaticMacAddrAgingEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Indicates whether the secure MAC address aging
|
|
mechanism is enabled on static MAC address entries
|
|
in cpsSecureMacAddressTable.
|
|
Setting this object value to 'false' will cause
|
|
the static MAC addresses to remain in the
|
|
cpsSecureMacAddressTable regardless of the aging
|
|
time and type configured on the interface.
|
|
Setting this object value to 'true' will cause
|
|
the static MAC addresses to be aged out from
|
|
cpsSecureMacAddressTable according to the aging
|
|
time and type specified on the interface."
|
|
::= { cpsIfConfigEntry 7 }
|
|
|
|
|
|
cpsIfViolationAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
shutdown(1),
|
|
dropNotify(2),
|
|
drop(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Determines the action that the device will
|
|
take if the traffic matches the port security
|
|
violation.
|
|
|
|
shutdown(1) - the interface will be forced to
|
|
shut down.
|
|
|
|
dropNotify(2) - the matched traffic will be
|
|
dropped and
|
|
cpsSecureMacAddrViolation
|
|
notification will be generated.
|
|
|
|
drop(3) - the matched traffic will be
|
|
dropped."
|
|
::= { cpsIfConfigEntry 8 }
|
|
|
|
|
|
cpsIfViolationCount OBJECT-TYPE
|
|
SYNTAX Counter
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object indicates the number of violations
|
|
occurred on a secure interface. The counter will
|
|
be initialized to zero when the port security
|
|
feature is enabled on an interface. This MIB
|
|
object is only instantiated if the device can
|
|
provide this violation statistics on the
|
|
interface."
|
|
::= { cpsIfConfigEntry 9 }
|
|
|
|
|
|
cpsIfSecureLastMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object indicates the last secure MAC
|
|
address that is learned or configured on
|
|
this interface."
|
|
::= { cpsIfConfigEntry 10 }
|
|
|
|
|
|
cpsIfClearSecureAddresses OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "Set to 'true' to delete all secure addresses on
|
|
this interface. Setting this object to 'false'
|
|
has no effect. This object always returns 'false'
|
|
when read."
|
|
::= { cpsIfConfigEntry 11 }
|
|
|
|
|
|
cpsIfUnicastFloodingEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Setting this object to true(1) will configure
|
|
the interface not to block unicast flooded
|
|
traffic when the secure address count reaches the
|
|
threshold.
|
|
Setting this object to false(2) will configure
|
|
the interface to block unicast flooded traffic
|
|
when the secure address count reaches the
|
|
threshold."
|
|
::= { cpsIfConfigEntry 12 }
|
|
|
|
|
|
cpsIfShutdownTimeout OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The interval in which the cpsIfPortSecurityStatus
|
|
may remain in shutdown(3). After the expiration of
|
|
the time, all the security configuration of this
|
|
port is re-installed and the port is enabled. If
|
|
the value of this object is 0, the port is shut
|
|
down permanently."
|
|
::= { cpsIfConfigEntry 13 }
|
|
|
|
|
|
cpsIfClearSecureMacAddresses OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
done(0),
|
|
dynamic(1),
|
|
static(2),
|
|
sticky(3),
|
|
all(4)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This objects allows the user to delete
|
|
secure MAC addresses based on the type specified."
|
|
::= { cpsIfConfigEntry 14 }
|
|
|
|
|
|
cpsIfStickyEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Set to 'true' to enable and 'false' to
|
|
disable Sticky port security feature on this
|
|
interface. Enabling this feature allows the
|
|
device to secure learned MAC addresses on this
|
|
interface permanently. In order to remove the
|
|
sticky addresses on this interface, user has to
|
|
manually delete the sticky MAC address(es) or
|
|
disable the sticky feature itself. Manual deletion
|
|
of all addresses can be accomplished by
|
|
cpsIfClearSecureMacAddresses object. Manual
|
|
of single address can be accomplished by
|
|
cpsIfVlanSecureMacAddrRowStatus object."
|
|
::= { cpsIfConfigEntry 15 }
|
|
|
|
|
|
cpsIfInvalidSrcRateLimitEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Set to 'true' to enable and 'false' to disable
|
|
rate limiting for invalid source MAC addresses
|
|
received on this interface. Enabling this feature
|
|
will help to rate limit packets which comes with
|
|
invalid src MAC address on this interface."
|
|
::= { cpsIfConfigEntry 16 }
|
|
|
|
|
|
cpsIfInvalidSrcRateLimitValue OBJECT-TYPE
|
|
SYNTAX INTEGER (-1..1000)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "If cpsIfInvalidSrcRateLimitEnable is set to
|
|
'true' then this value is used to limit the
|
|
rate at which packets with invalid source MAC
|
|
addresses are processed on this interface. Upon
|
|
exceeding the rate, the port is shutdown. If
|
|
cpsIfInvalidSrcRateLimitEnable is set to 'false'
|
|
then this value will be -1."
|
|
::= { cpsIfConfigEntry 17 }
|
|
|
|
|
|
cpsSecureMacAddressTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpsSecureMacAddressEntry
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "A list of port security entries containing
|
|
the secure MAC address information."
|
|
::= { cpsInterfaceObjects 2 }
|
|
|
|
|
|
cpsSecureMacAddressEntry OBJECT-TYPE
|
|
SYNTAX CpsSecureMacAddressEntry
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "Entry containing secure MAC address
|
|
information for a particular interface.
|
|
A secure MAC address can be configured
|
|
by the user and can be added by the agent
|
|
when the device learns a new secured
|
|
MAC address.
|
|
Note that the secure MAC addresses can be
|
|
configured on an interface even if port
|
|
security feature is disabled."
|
|
INDEX { ifIndex , cpsSecureMacAddress }
|
|
|
|
::= { cpsSecureMacAddressTable 1 }
|
|
|
|
cpsSecureMacAddressEntry ::=
|
|
SEQUENCE {
|
|
cpsSecureMacAddress MacAddress,
|
|
cpsSecureMacAddrType INTEGER,
|
|
cpsSecureMacAddrRemainingAge Integer32,
|
|
cpsSecureMacAddrRowStatus RowStatus
|
|
}
|
|
|
|
cpsSecureMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "This object indicates a secure MAC
|
|
address configured or learned on an
|
|
interface."
|
|
::= { cpsSecureMacAddressEntry 1 }
|
|
|
|
|
|
cpsSecureMacAddrType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
static(1),
|
|
dynamic(2)
|
|
}
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "This object indicates if the secure MAC address
|
|
is a configured (static) or learned (dynamic)
|
|
address on this interface."
|
|
::= { cpsSecureMacAddressEntry 2 }
|
|
|
|
|
|
cpsSecureMacAddrRemainingAge OBJECT-TYPE
|
|
SYNTAX INTEGER (0..1440)
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "This object indicates the remaining age
|
|
of the secure MAC address if aging is
|
|
enabled on that port. A value of 0 indicates
|
|
that aging is disabled for this MAC address
|
|
entry."
|
|
::= { cpsSecureMacAddressEntry 3 }
|
|
|
|
|
|
cpsSecureMacAddrRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
ACCESS read-only
|
|
STATUS optional
|
|
DESCRIPTION "This object is a conceptual row entry that allows to add
|
|
or delete entries to or from the cpsSecureMacAddressTable.
|
|
|
|
1. When creating an entry in this table 'createAndGo'
|
|
method is used and the value of this object is set to
|
|
'active'. Deactivation of an 'active' entry is not
|
|
allowed.
|
|
|
|
2. When deleting an entry in this table 'destroy' method
|
|
is used."
|
|
::= { cpsSecureMacAddressEntry 4 }
|
|
|
|
|
|
cpsIfVlanSecureMacAddrTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpsIfVlanSecureMacAddrEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "A list of port security entries containing
|
|
the secure MAC address information.
|
|
|
|
This table is simular to cpsSecureMacAddressTable
|
|
except that cpsIfVlanSecureVlanIndex is part of
|
|
the INDEX clause.
|
|
|
|
This table is used to configure a secure MAC
|
|
address on either an access interface or trunking
|
|
interface which support port security feature."
|
|
::= { cpsInterfaceObjects 3 }
|
|
|
|
|
|
cpsIfVlanSecureMacAddrEntry OBJECT-TYPE
|
|
SYNTAX CpsIfVlanSecureMacAddrEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Entry containing secure MAC address
|
|
information for a particular interface.
|
|
A secure MAC address can be configured
|
|
by the user and can be added by the agent
|
|
when the device learns a new secure MAC address.
|
|
Note that the secure MAC addresses can be
|
|
configured on an interface even if the port
|
|
security feature is disabled."
|
|
INDEX { ifIndex , cpsIfVlanSecureMacAddress, cpsIfVlanSecureVlanIndex }
|
|
|
|
::= { cpsIfVlanSecureMacAddrTable 1 }
|
|
|
|
cpsIfVlanSecureMacAddrEntry ::=
|
|
SEQUENCE {
|
|
cpsIfVlanSecureMacAddress MacAddress,
|
|
cpsIfVlanSecureVlanIndex VlanIndex,
|
|
cpsIfVlanSecureMacAddrType INTEGER,
|
|
cpsIfVlanSecureMacAddrRemainAge Unsigned32,
|
|
cpsIfVlanSecureMacAddrRowStatus RowStatus
|
|
}
|
|
|
|
cpsIfVlanSecureMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object indicates a secure MAC
|
|
address configured or learned on an
|
|
interface."
|
|
::= { cpsIfVlanSecureMacAddrEntry 1 }
|
|
|
|
|
|
cpsIfVlanSecureVlanIndex OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object indicates the vlan
|
|
configured on an interface."
|
|
::= { cpsIfVlanSecureMacAddrEntry 2 }
|
|
|
|
|
|
cpsIfVlanSecureMacAddrType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
static(1),
|
|
dynamic(2),
|
|
sticky(3)
|
|
}
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object indicates if the secure MAC address
|
|
is a configured 'static' or learned 'dynamic' or
|
|
learned and retained across reboots 'sticky'."
|
|
::= { cpsIfVlanSecureMacAddrEntry 3 }
|
|
|
|
|
|
cpsIfVlanSecureMacAddrRemainAge OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object indicates the remaining age
|
|
of the secure MAC address if aging is
|
|
enabled on that port. A value of 0 indicates
|
|
that aging is disabled for this MAC address
|
|
entry."
|
|
::= { cpsIfVlanSecureMacAddrEntry 4 }
|
|
|
|
|
|
cpsIfVlanSecureMacAddrRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "This object is a conceptual row entry that allows adding
|
|
or deleting entries to or from the
|
|
cpsIfVlanSecureMacAddressTable.
|
|
|
|
1. When creating an entry in this table the 'createAndGo'
|
|
method is used and the value of this object is set to
|
|
'active'. Deactivation of an 'active' entry is not
|
|
allowed.
|
|
|
|
2. When deleting an entry in this table 'destroy' method
|
|
is used."
|
|
::= { cpsIfVlanSecureMacAddrEntry 5 }
|
|
|
|
|
|
cpsIfVlanTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CpsIfVlanEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Each entry in this table represents
|
|
port-security information for each vlan
|
|
that is allowed on trunk interface.
|
|
|
|
The number of entries is determined by
|
|
the number of allowed VLANs on trunk
|
|
interface in the system .
|
|
|
|
An Entry in the table gets created when
|
|
a vlan becomes allowed and gets deleted
|
|
when a vlan becomes disallowed on a trunk
|
|
port.
|
|
|
|
User cannot create new entries in this
|
|
table, but can only read and modify
|
|
existing entries."
|
|
::= { cpsInterfaceObjects 4 }
|
|
|
|
|
|
cpsIfVlanEntry OBJECT-TYPE
|
|
SYNTAX CpsIfVlanEntry
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "Entry containing port security information for
|
|
a particular VLAN within a trunk port."
|
|
INDEX { ifIndex , cpsIfVlanIndex }
|
|
|
|
::= { cpsIfVlanTable 1 }
|
|
|
|
cpsIfVlanEntry ::=
|
|
SEQUENCE {
|
|
cpsIfVlanIndex VlanIndex,
|
|
cpsIfVlanMaxSecureMacAddr Unsigned32,
|
|
cpsIfVlanCurSecureMacAddrCount Unsigned32
|
|
}
|
|
|
|
cpsIfVlanIndex OBJECT-TYPE
|
|
SYNTAX VlanIndex
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The ID of a VLAN within this trunk port."
|
|
::= { cpsIfVlanEntry 1 }
|
|
|
|
|
|
cpsIfVlanMaxSecureMacAddr OBJECT-TYPE
|
|
SYNTAX INTEGER (1..2147483647)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The maximum number of MAC addresses to
|
|
be secured in the VLAN indicated by
|
|
cpsIfVlanIndex on this interface.
|
|
|
|
If cpsIfVlanMaxSecureMacAddr is not set,
|
|
its value is 1.
|
|
|
|
If cpsIfVlanMaxSecureMacAddr is not set, then
|
|
the cpsIfMaxSecureMacAddr applies to this
|
|
VLAN.
|
|
|
|
If cpsIfVlanMaxSecureMacAddr is set
|
|
and is less than cpsIfMaxSecureMacAddr, then
|
|
the cpsIfVlanMaxSecureMacAddr applies to this
|
|
VLAN.
|
|
|
|
If cpsIfVlanMaxSecureMacAddr is set
|
|
and is greater than cpsIfMaxSecureMacAddr, then
|
|
the cpsIfMaxSecureMacAddr applies to this
|
|
VLAN."
|
|
::= { cpsIfVlanEntry 2 }
|
|
|
|
|
|
cpsIfVlanCurSecureMacAddrCount OBJECT-TYPE
|
|
SYNTAX INTEGER (0..2147483647)
|
|
ACCESS read-only
|
|
STATUS mandatory
|
|
DESCRIPTION "The current number of MAC addresses secured
|
|
in the VLAN indicated by cpsIfVlanIndex on this
|
|
interface."
|
|
::= { cpsIfVlanEntry 3 }
|
|
|
|
|
|
cpsInterfaceNotifs OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBNotifs 0 }
|
|
|
|
ciscoPortSecurityMIBCompliances OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBConform 1 }
|
|
|
|
ciscoPortSecurityMIBGroups OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBConform 2 }
|
|
|
|
cpsGlobalGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 1 }
|
|
|
|
cpsInterfaceGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 2 }
|
|
|
|
cpsExtInterfaceGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 3 }
|
|
|
|
cpsNotificationGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 4 }
|
|
|
|
cpsUnicastFloodingInterfaceGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 5 }
|
|
|
|
cpsShutdownTimeoutInterfaceGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 6 }
|
|
|
|
cpsIfVlanSecureMacAddrGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 8 }
|
|
|
|
cpsInterfaceGroup1 OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 9 }
|
|
|
|
cpsExtConfigInterfaceGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 10 }
|
|
|
|
cpsIfVlanGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 11 }
|
|
|
|
cpsGlobalClearAddressGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 12 }
|
|
|
|
cpsInterfaceGroup2 OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 13 }
|
|
|
|
cpsTrunkSecureNotificationGroup OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBGroups 14 }
|
|
|
|
cpsSecureMacAddrViolation TRAP-TYPE
|
|
ENTERPRISE ciscoPortSecurityMIBNotifs
|
|
VARIABLES { ifIndex, ifName, cpsIfSecureLastMacAddress }
|
|
DESCRIPTION "The address violation notification is generated
|
|
when port security address violation is detected
|
|
on a secure non-trunk, access interface (that carries
|
|
a single vlan) and the cpsIfViolationAction is set to
|
|
'dropNotify'."
|
|
::= 1
|
|
|
|
|
|
cpsTrunkSecureMacAddrViolation TRAP-TYPE
|
|
ENTERPRISE ciscoPortSecurityMIBNotifs
|
|
VARIABLES { ifName, vtpVlanName, cpsIfSecureLastMacAddress }
|
|
DESCRIPTION "The address violation notification is generated when port
|
|
security address violation is detected on a secure trunk
|
|
or a multi-vlan interface and the cpsIfViolationAction is
|
|
set to 'dropNotify'."
|
|
::= 2
|
|
|
|
|
|
END
|
|
|