MrMeeb/snmp_mib_archive
1
0
Fork 0
mirror of https://github.com/hsnodgrass/snmp_mib_archive.git synced 2025-04-18 00:13:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
snmp_mib_archive/WS-SW-FIREWALL-MIB.mib
Heston Snodgrass 89bf4b016e initial commit
2016-12-15 15:03:18 -07:00

1052 lines
32 KiB
Plaintext
Raw Blame History

--
-- WS-SW-FIREWALL-MIB.my
-- MIB generated by MG-SOFT Visual MIB Builder Version 6.0 Build 88
-- Friday, January 16, 2009 at 11:06:13
--
WS-SW-FIREWALL-MIB DEFINITIONS ::= BEGIN
IMPORTS
OBJECT-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF
TimeTicks, IpAddress, Integer32, Unsigned32, Counter32,
BITS, OBJECT-TYPE, MODULE-IDENTITY
FROM SNMPv2-SMI
TruthValue, PhysAddress
FROM SNMPv2-TC
wsSw
FROM WS-SMI
AbbrevRowStatus, DoActionNow
FROM WS-TYPE-MIB;
-- 1.3.6.1.4.1.388.14.2.16.1
wsSwFirewallMibModule MODULE-IDENTITY
LAST-UPDATED "200901160057Z" -- January 16, 2009 at 00:57 GMT
ORGANIZATION
"Symbol Technologies, Inc."
CONTACT-INFO
"Symbol Technologies, Inc.
Customer Service
Postal:
One Symbol Plaza
Holtsville, NY 11742-1300
USA
Tel: +1. 631.738.6213
E-mail: support@symbol.com
Web: http://www.symbol.com/support"
DESCRIPTION
"MIB for DoS Attacks configuration and L2/L3 firewall configurations
and firewall config for WLAN implemented for bridge level attack
detection/mitigation feature and statistics related to it."
REVISION "200901151333Z" -- January 15, 2009 at 13:33 GMT
DESCRIPTION
"Changed dos enumeration values. Made dhcp ingress port a string"
REVISION "200901061115Z" -- January 06, 2009 at 11:15 GMT
DESCRIPTION
"Made Dhcp Snoop Type a bit pattern."
REVISION "200901051907Z" -- January 05, 2009 at 19:07 GMT
DESCRIPTION
"Added BcastMcastIcmp dos as a part of Dos Stats.Extended enumeration
for snoop entry type to reflect switch svi and redundant router types.
"
REVISION "200806201142Z" -- June 20, 2008 at 11:42 GMT
DESCRIPTION
"Added more attack types to wsSwFirewallDosStatsTable
and modified the name of OID 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1.1
to wsSwFirewallDosStatsAttackType from wsSwFirewallDosStatsCheckType
"
REVISION "200802211257Z" -- February 21, 2008 at 12:57 GMT
DESCRIPTION
"01a01"
::= { wsSwFirewall 1 }
--
-- Node definitions
--
-- 1.3.6.1.4.1.388.14.2.16
wsSwFirewall OBJECT IDENTIFIER ::= { wsSw 16 }
-- 1.3.6.1.4.1.388.14.2.16.1.1
wsSwFirewallMIB OBJECT IDENTIFIER ::= { wsSwFirewallMibModule 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1
wsSwFirewallDos OBJECT IDENTIFIER ::= { wsSwFirewallMIB 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.1
wsSwFirewallDosScalars OBJECT IDENTIFIER ::= { wsSwFirewallDos 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.1
wsSwFirewallDosTcpMaxIncompleteCnHigh OBJECT-TYPE
SYNTAX Integer32 (1..1000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Maximum number of half-open TCP connections in the
system after which firewall will start
intercepting TCP connections.
The configured value will be used by TCP Intercept
DoS Attack check to handle SYN Flood Attack."
::= { wsSwFirewallDosScalars 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.2
wsSwFirewallDosTcpMaxIncompleteCnLow OBJECT-TYPE
SYNTAX Integer32 (1..1000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Maximum number of half-open TCP connections in the
system after which firewall will stop
intercepting TCP connections.
The configured value will be used by TCP Intercept
DoS Attack check to handle SYN Flood Attack.
"
::= { wsSwFirewallDosScalars 2 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.3
wsSwFirewallDosCheckEnableAll OBJECT-TYPE
SYNTAX DoActionNow
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable all DOS checks."
::= { wsSwFirewallDosScalars 3 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.4
wsSwFirewallDosCheckDisableAll OBJECT-TYPE
SYNTAX DoActionNow
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Disable all DOS checks."
::= { wsSwFirewallDosScalars 4 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.1.5
wsSwFirewallDosClearStats OBJECT-TYPE
SYNTAX DoActionNow
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Re-set all the DOS stats in the wsSwFirewallDosStatsTable.
"
::= { wsSwFirewallDosScalars 5 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.2
wsSwFirewallDosChecksTable OBJECT-TYPE
SYNTAX SEQUENCE OF WsSwFirewallDosChecksEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Currently wsSwFirewallDoSChecksTable is handling the following configurable
DoS Attacks:
1. Smurf DoS Attack:
Enable this check in the firewall to drop ICMP
echo packets destined to a broadcast IP address.
Attackers use this type of packet to bring down a
target host by spoofing its IP address and flooding
it with ICMP echo responses.
2. Twinge DoS Attack:
Enable this check in the firewall to drop false ICMP
control packets going through the wirless switch.
3. Invalid IP Protocol DoS Attack:
Enable this check in firewall to deny packets with
invalid IP protocol value in the IP header. Some
applications can use non-assigned IP protocol
numbers to send malicious packets.
4. Ascend DoS Attack:
Protocol is UDP, destination port is 9, UDP packet is
mal-formed.
5. Chargen DoS Attack:
The attack consists of a flood of UDP datagram<61>s sent to the
subnet broadcast address with the destination port set to
19 (chargen) and a spoofed source IP address.
6. Fraggle DoS Attack:
When a perpetrator sends a large number of UDP echo (ping)
traffic at IP broadcast addresses, all of it having a fake
source address
7. ICMP Router Solicit DoS Attack:
If the packet received from the network is an ICMP packet
type 10 then it<69>s an ICMP router discovery messages called
Router Solicitations.
8. ICMP Router Advertisement DoS Attack:
Enable this check in firewall to drop route
advertisement packets. Route advertisements are
used by neighboring hosts to configure their route
table. These messages can be used by attackers to
configure routes on hosts to re-direct traffic.
9. IP Source Route Option DoS Attack:
Enable this check in firewall to drop packets with
source route option set in IP header.
10. Snork DoS Attack:
Enable this check in firewall to deny UDP or TCP
packets with destination port set to 135 and source
port set to either 7,19 or 135. This can cause
packets to be exchanged indefinitely between the
two hosts causing them to slow down.
11. FTP Bounce DoS Attack:
Enable this check in firewall to drop FTP packets
if the IP address encoded in the PORT command does
not match the IP address of the FTP client.
12.TCP Intercept DoS Attack:
Enable / disable TCP packet interception. This
should be enabled for protection against TCP SYN
flood attacks.
13. Bcast/Mcast Icmp DoS:
By default we consider bcast-mcast ICMP as DoS and drop
the packets."
::= { wsSwFirewallDos 2 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.2.1
wsSwFirewallDosChecksEntry OBJECT-TYPE
SYNTAX WsSwFirewallDosChecksEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in the wsSwFirewallDoSChecksTable."
INDEX { wsSwFirewallDosCheckType }
::= { wsSwFirewallDosChecksTable 1 }
WsSwFirewallDosChecksEntry ::=
SEQUENCE {
wsSwFirewallDosCheckType
INTEGER,
wsSwFirewallDosCheckEnable
TruthValue,
wsSwFirewallDosCheckLogLevel
INTEGER
}
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.2.1.1
wsSwFirewallDosCheckType OBJECT-TYPE
SYNTAX INTEGER
{
smurf(1),
twinge(2),
invalidIPProtocol(3),
ascend(4),
chargen(5),
fraggle(6),
icmpRouterSolicit(7),
icmpRouterAdvt(8),
ipSourceRoute(9),
snork(10),
ftpBounce(11),
tcpIntercept(12),
bcastMcastIcmp(13)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Check type for handling the respective DoS Attack."
::= { wsSwFirewallDosChecksEntry 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.2.1.2
wsSwFirewallDosCheckEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Status of respective DoS Attack check,
True for being enabled and False for being disabled."
::= { wsSwFirewallDosChecksEntry 2 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.2.1.3
wsSwFirewallDosCheckLogLevel OBJECT-TYPE
SYNTAX INTEGER
{
emerg(1),
alert(2),
crit(3),
err(4),
warning(5),
notice(6),
info(7),
debug(8),
none(9)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The Current log level for the respective DoS Attack check.
The Default is warning(5) and user can modify as per
his requirement.
Changing the log level will allow the user to enable
logging for the respective DoS check to happen at desried
level of system logging.
Note: setting log level to none(9) will disable the logging even though
the check is enabled."
::= { wsSwFirewallDosChecksEntry 3 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.3
wsSwFirewallDosStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF WsSwFirewallDosStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This Table shows the stats related to each kind of DoS attacks
supported by the switch, few of them can be configured in the
wsSwFirewallDoSChecksTable.
1. Smurf DoS Attack:
ICMP echo packets destined to a broadcast IP address.
Attackers use this type of packet to bring down a
target host by spoofing its IP address and flooding
it with ICMP echo responses.
2. Twinge DoS Attack:
False ICMP control packets going through the wireless
switch.
3. Invalid IP Protocol DoS Attack:
Packets with invalid IP protocol value in the IP header.
Some applications can use non-assigned IP protocol
numbers to send malicious packets.
4. Ascend DoS Attack:
Protocol is UDP, destination port is 9, UDP packet is
mal-formed.
5. Chargen DoS Attack:
The attack consists of a flood of UDP datagram<61>s sent to the
subnet broadcast address with the destination port set to
19 (chargen) and a spoofed source IP address.
6. Fraggle DoS Attack:
When a perpetrator sends a large number of UDP echo (ping)
traffic at IP broadcast addresses, all of it having a fake
source address
7. ICMP Router Solicit DoS Attack:
If the packet received from the network is an ICMP packet
type 10 then it<69>s an ICMP router discovery messages called
Router Solicitations.
8. ICMP Router Advertisement DoS Attack:
Route advertisements are used by neighboring hosts
to configure their route table. These messages can
be used by attackers to configure routes on hosts
to re-direct traffic.
9. IP Source Route Option DoS Attack:
Packets with source route option set in IP header.
10. Snork DoS Attack:
UDP or TCP packets with destination port set to 135
and source port set to either 7,19 or 135. This can
cause packets to be exchanged indefinitely between the
two hosts causing them to slow down.
11. FTP Bounce DoS Attack:
FTP packets if the IP address encoded in the PORT command does
not match the IP address of the FTP client.
12. TCP Intercept DoS Attack:
TCP SYN flood attacks.
13. Bcast/Mcast Icmp DoS:
By default we consider bcast-mcast ICMP as DoS and drop
the packets.
14. TCP Header Fragmented DoS Attack:
TCP packets if the TCP header spans across IP fragments.
15. WINNUKE DoS Attack:
Out of band data to the target computer on TCP port 139
(NetBIOS),
16. LAND DoS Attack:
The attack involves sending a spoofed TCP SYN packet
(connection initiation) with the target host's IP address
and an open port as both source and destination.
17. UDP Short Header DoS Attack:
A UDP header is a minimum of 8-bytes long. However, some
systems (like BeOS) will crash when they receive UDP traffic
with header length less than eight
18. TCP Bad Sequence DoS Attack:
These types of attack are usually man-in-the-middle attacks
where the attacker injects a packet with invalid sequence
number to terminate the connection.
19. TCP FIN Scan DoS Attack:
It attempts to close a non-existent connection on the server.
Either way, it is an error, but systems sometimes give back
different error results depending upon whether the desired
service is available or not. As a result, the attacker doesn't
trigger the normal logging of the system. However, this type of
scan does result in weird network traffic.
20. TCP NULL Scan DoS Attack:
A TCP frame with a sequence number of zero and all control bits
are set to zero.
21. TCP XMAS Scan DoS Attack:
A TCP frame with a sequence number of zero and the FIN, URG, and
PUSH bits are all set.
22. TCP Post SYN Scan DoS Attack:
This attack is caused when an attacker tries to send TCP packet
with SYN flag set after the connection is established.
23. IP TTL zero DoS Attack:
An IP packet set with ttl zero leading the packet to
be dropped before reaching it<69>s destination.
24. IP Spoof DoS Attack:
IP datagram is treated as spoofed if the source
IP address does not belong to the subnet from where
the packet arrived. Most of the DoS attacks use
spoofed IP addresses so that it is difficult to
trace the origin of the attack."
::= { wsSwFirewallDos 3 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1
wsSwFirewallDosStatsEntry OBJECT-TYPE
SYNTAX WsSwFirewallDosStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in the wsSwFirewallDoSStatsTable."
INDEX { wsSwFirewallDosStatsAttackType }
::= { wsSwFirewallDosStatsTable 1 }
WsSwFirewallDosStatsEntry ::=
SEQUENCE {
wsSwFirewallDosStatsAttackType
INTEGER,
wsSwFirewallDosStatsAttackCount
Counter32,
wsSwFirewallDosStatsLastOccurrence
TimeTicks
}
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1.1
wsSwFirewallDosStatsAttackType OBJECT-TYPE
SYNTAX INTEGER
{
smurf(1),
twinge(2),
invalidIPProtocol(3),
ascend(4),
chargen(5),
fraggle(6),
icmpRouterSolicit(7),
icmpRouterAdvt(8),
ipSourceRoute(9),
snork(10),
ftpBounce(11),
tcpIntercept(12),
bcastMcastIcmp(13),
tcpHeaderFragment(14),
winnuke(15),
land(16),
udpShortHdr(17),
tcpBadSequence(18),
tcpFinScan(19),
tcpNullScan(20),
tcpXmasScan(21),
tcpPostSynScan(22),
ipTtlZero(23),
ipSpoof(24)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Check type for handling the respective DoS Attack."
::= { wsSwFirewallDosStatsEntry 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1.2
wsSwFirewallDosStatsAttackCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The count of the number of attacks seen."
::= { wsSwFirewallDosStatsEntry 2 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.1.3.1.3
wsSwFirewallDosStatsLastOccurrence OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The last occurrence of the attack."
::= { wsSwFirewallDosStatsEntry 3 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2
wsSwFirewallL2If OBJECT IDENTIFIER ::= { wsSwFirewallMIB 2 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1
wsSwFirewallL2Table OBJECT-TYPE
SYNTAX SEQUENCE OF WsSwFirewallL2Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Physical/aggregate port interface configuration for
ARP rate-limiting/ARP Spoof Detection and bcast/mcast/ucast
storm suppression. Maximum permissible rate of ARP packets per
interface is configured in terms of ARP packets/s.
When the configured threshold is crossed, a warning
is posted to the console through syslog.
Interfaces are configured to be DHCP trusted or ARP trusted.
DHCP responses coming from DHCP trusted interfaces
are used for building the trusted IP-MAC binding table.
ARP messages coming through ARP trusted interfaces
are not subjected to ARP spoof checking.
"
::= { wsSwFirewallL2If 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1
wsSwFirewallL2Entry OBJECT-TYPE
SYNTAX WsSwFirewallL2Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"L2 Fw interface level configuration table for
ARP spoof detection and ARP rate limiting"
INDEX { wsSwFirewallIfName }
::= { wsSwFirewallL2Table 1 }
WsSwFirewallL2Entry ::=
SEQUENCE {
wsSwFirewallIfName
OCTET STRING,
wsSwFirewallARPRate
Unsigned32,
wsSwFirewallDHCPTrustEnable
TruthValue,
wsSwFirewallARPTrustEnable
TruthValue,
wsSwFirewallBcastStormCtrlInRate
Unsigned32,
wsSwFirewallMcastStormCtrlInRate
Unsigned32,
wsSwFirewallUcastStormCtrlInRate
Unsigned32,
wsSwFirewallL2RowStatus
AbbrevRowStatus
}
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.1
wsSwFirewallIfName OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"layer2 interface name on which ARP Limit/DHCP trust/ARP trust is configured.
For eg names like ge1-ge4 and sa1-sa4"
::= { wsSwFirewallL2Entry 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.2
wsSwFirewallARPRate OBJECT-TYPE
SYNTAX Unsigned32 (0..1000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"ARP Rate Limit set in packets/second through this interface. Interface refers to
physical/aggregate port interfaces."
::= { wsSwFirewallL2Entry 2 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.3
wsSwFirewallDHCPTrustEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"State of DHCP trust on this interface."
::= { wsSwFirewallL2Entry 3 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.4
wsSwFirewallARPTrustEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"State of ARP trust on this interface."
::= { wsSwFirewallL2Entry 4 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.5
wsSwFirewallBcastStormCtrlInRate OBJECT-TYPE
SYNTAX Unsigned32 (0..1000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"High threshold for broadcast packets coming in from this physical/aggregate interface"
::= { wsSwFirewallL2Entry 5 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.6
wsSwFirewallMcastStormCtrlInRate OBJECT-TYPE
SYNTAX Unsigned32 (0..1000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"High threshold for multicast packets coming in from this physical/aggregate interface"
::= { wsSwFirewallL2Entry 6 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.7
wsSwFirewallUcastStormCtrlInRate OBJECT-TYPE
SYNTAX Unsigned32 (0..1000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"High threshold for unicast packets coming in from this physical/aggregate interface"
::= { wsSwFirewallL2Entry 7 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.2.1.1.8
wsSwFirewallL2RowStatus OBJECT-TYPE
SYNTAX AbbrevRowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Description."
::= { wsSwFirewallL2Entry 8 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3
wsSwFirewallWlan OBJECT IDENTIFIER ::= { wsSwFirewallMIB 3 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1
wsSwFirewallWlanTable OBJECT-TYPE
SYNTAX SEQUENCE OF WsSwFirewallWlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" Per wlan configuration table for b/m/u cast storm suppression,ARP spoof detection
and rogue MU detection
Bcast/Mcast/Ucast Storm Suppression.
A high threshold and a low threshold is configured per wlan,
in IN direction.When the rate of b/m/u cast packets
exceeds the high threshold configured for a wlan, all
packets are throttled till the rate falls below the configured
rate. When the rate of b/m/u cast packets exceeds the configured threshold,
a warning is posted to the console if logging is enabled.
Thresholds are configured in terms of packets/second.
ARP spoof Detection
Marking DHCP and ARP trust on wlan indices for ARP spoof detection
Rogue MU Detection
MUs pumping denied traffic are either de-authentiacted or a warning posted
through syslog based on a user configurable per wlan threshold of
allowed MU denies per second. It's not necessary that the MU hit the same deny
rule for triggering the action. It's the cumulative number of denials within the
specified period that leads to the action. Logging of the event is a must, though
deauthentication is optional.
"
::= { wsSwFirewallWlan 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1
wsSwFirewallWlanEntry OBJECT-TYPE
SYNTAX WsSwFirewallWlanEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Wlan level configuration table for
ARP spoof detection,ARP rate limiting
Bcast storm suppression and Rogue MU traffic
detection"
INDEX { wsSwFirewallWlanIndex }
::= { wsSwFirewallWlanTable 1 }
WsSwFirewallWlanEntry ::=
SEQUENCE {
wsSwFirewallWlanIndex
INTEGER,
wsSwFirewallWlanBcastStormCtrlInRate
Unsigned32,
wsSwFirewallWlanMcastStormCtrlInRate
Unsigned32,
wsSwFirewallWlanUcastStormCtrlInRate
Unsigned32,
wsSwFirewallWlanAllowedMUDeniesPerSecond
Unsigned32,
wsSwFirewallWlanMUDeauthenticate
TruthValue,
wsSwFirewallWlanDHCPTrustEnable
TruthValue,
wsSwFirewallWlanARPTrustEnable
TruthValue,
wsSwFirewallWlanARPRate
Unsigned32,
wsSwFirewallWlanRowStatus
AbbrevRowStatus
}
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.1
wsSwFirewallWlanIndex OBJECT-TYPE
SYNTAX INTEGER (1..256)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Wlan index on which to set l2fw configurations."
::= { wsSwFirewallWlanEntry 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.2
wsSwFirewallWlanBcastStormCtrlInRate OBJECT-TYPE
SYNTAX Unsigned32 (0..1000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"High Level threshold for broadcast packets coming from a WLAN"
::= { wsSwFirewallWlanEntry 2 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.3
wsSwFirewallWlanMcastStormCtrlInRate OBJECT-TYPE
SYNTAX Unsigned32 (0..1000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"High Level threshold for multicast packets coming from a WLAN"
::= { wsSwFirewallWlanEntry 3 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.4
wsSwFirewallWlanUcastStormCtrlInRate OBJECT-TYPE
SYNTAX Unsigned32 (0..1000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"High Level threshold for packets having unknown unicast address as destination coming from a WLAN"
::= { wsSwFirewallWlanEntry 4 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.5
wsSwFirewallWlanAllowedMUDeniesPerSecond OBJECT-TYPE
SYNTAX Unsigned32 (0..1000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Permissble rate of denies for a mobile-unit in the wlan
This is counted in terms of denied/packets/second from that MU"
::= { wsSwFirewallWlanEntry 5 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.6
wsSwFirewallWlanMUDeauthenticate OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Option to de-authenthenticate the MU on hitting the threshold value configured."
::= { wsSwFirewallWlanEntry 6 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.7
wsSwFirewallWlanDHCPTrustEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"DHCP trust state on this wlan."
::= { wsSwFirewallWlanEntry 7 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.8
wsSwFirewallWlanARPTrustEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"ARP trust state on this wlan."
::= { wsSwFirewallWlanEntry 8 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.9
wsSwFirewallWlanARPRate OBJECT-TYPE
SYNTAX Unsigned32 (0..1000000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"ARP rate-limit threshold specified in ARPpackets/second unit."
::= { wsSwFirewallWlanEntry 9 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.3.1.1.10
wsSwFirewallWlanRowStatus OBJECT-TYPE
SYNTAX AbbrevRowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Description."
::= { wsSwFirewallWlanEntry 10 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.4
wsSwFirewallDhcpSnoop OBJECT IDENTIFIER ::= { wsSwFirewallMIB 4 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.4.1
wsSwFirewallDhcpSnoopTable OBJECT-TYPE
SYNTAX SEQUENCE OF WsSwFirewallDhcpSnoopEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" Dynamic IP-MAC binding table built up on the basis of DHCP Server responses"
::= { wsSwFirewallDhcpSnoop 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1
wsSwFirewallDhcpSnoopEntry OBJECT-TYPE
SYNTAX WsSwFirewallDhcpSnoopEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"IP-MAC Binding Table Entry"
INDEX { wsSwFirewallDhcpSnoopIndex }
::= { wsSwFirewallDhcpSnoopTable 1 }
WsSwFirewallDhcpSnoopEntry ::=
SEQUENCE {
wsSwFirewallDhcpSnoopIndex
Integer32,
wsSwFirewallDhcpSnoopIpAddr
IpAddress,
wsSwFirewallDhcpSnoopVlanId
INTEGER,
wsSwFirewallDhcpSnoopMACAddr
PhysAddress,
wsSwFirewallDhcpSnoopType
BITS,
wsSwFirewallDhcpSnoopLeaseTime
Integer32,
wsSwFirewallDhcpSnoopIngressPort
OCTET STRING
}
-- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.1
wsSwFirewallDhcpSnoopIndex OBJECT-TYPE
SYNTAX Integer32 (1..16000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Simple index number of snoop entries "
::= { wsSwFirewallDhcpSnoopEntry 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.2
wsSwFirewallDhcpSnoopIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Description.
IP address of the client"
::= { wsSwFirewallDhcpSnoopEntry 2 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.3
wsSwFirewallDhcpSnoopVlanId OBJECT-TYPE
SYNTAX INTEGER (1..4096)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Vlan id of the client"
::= { wsSwFirewallDhcpSnoopEntry 3 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.4
wsSwFirewallDhcpSnoopMACAddr OBJECT-TYPE
SYNTAX PhysAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"MAC address of the client"
::= { wsSwFirewallDhcpSnoopEntry 4 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.5
wsSwFirewallDhcpSnoopType OBJECT-TYPE
SYNTAX BITS
{
router(0),
dhcpclient(1),
dhcpserver(2),
vrrp(3),
hsrp(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The snoop entry can be a combination of the following bits.Valid combinations are
client-router, server-router, client-router-vrrp, client-router-hsrp, server-router-vrrp,
server-router-hsrp, client, router, server, vrrp-router, hsrp-router. If none of the bits
are set, it's the switch svi
"
::= { wsSwFirewallDhcpSnoopEntry 5 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.6
wsSwFirewallDhcpSnoopLeaseTime OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Lease time for the binding entry"
::= { wsSwFirewallDhcpSnoopEntry 6 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.4.1.1.7
wsSwFirewallDhcpSnoopIngressPort OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..10))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Name of Port/Wlan through which packet from this entity ingresses.(eg: ge1, wlan1)
"
::= { wsSwFirewallDhcpSnoopEntry 7 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.5
wsSwFirewallLogging OBJECT IDENTIFIER ::= { wsSwFirewallMIB 5 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.5.1
wsSwFirewallArpLogLvl OBJECT-TYPE
SYNTAX INTEGER (0..8)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable Logging when ARP ratelimit is exceeded"
::= { wsSwFirewallLogging 1 }
-- Enable logging when ARP rate limit is exceeded
-- 1.3.6.1.4.1.388.14.2.16.1.1.5.2
wsSwFirewallBcastLogLvl OBJECT-TYPE
SYNTAX INTEGER (0..8)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable logging when broadcast rate-limit is exceeded"
::= { wsSwFirewallLogging 2 }
-- Enable logging when broadcast rate limit is exceeded
-- 1.3.6.1.4.1.388.14.2.16.1.1.5.3
wsSwFirewallMcastLogLvl OBJECT-TYPE
SYNTAX INTEGER (0..8)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable logging when multicast ratelimit is exceeded"
::= { wsSwFirewallLogging 3 }
-- Enable logging when multicast ratelimit is exceeded
-- 1.3.6.1.4.1.388.14.2.16.1.1.5.4
wsSwFirewallUcastLogLvl OBJECT-TYPE
SYNTAX INTEGER (0..8)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable logging when unicast ratelimit is exceeded"
::= { wsSwFirewallLogging 4 }
-- Enable logging when unicast rate limit is exceeded
-- 1.3.6.1.4.1.388.14.2.16.1.1.100
wsSwFirewallConf OBJECT IDENTIFIER ::= { wsSwFirewallMIB 100 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.100.1
wsSwFirewallCompliances OBJECT IDENTIFIER ::= { wsSwFirewallConf 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.100.1.1
wsSwFirewallCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Description."
MODULE -- this module
MANDATORY-GROUPS { wsSwFirewallObjectGroup }
::= { wsSwFirewallCompliances 1 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.100.2
wsSwFirewallGroups OBJECT IDENTIFIER ::= { wsSwFirewallConf 2 }
-- 1.3.6.1.4.1.388.14.2.16.1.1.100.2.1
wsSwFirewallObjectGroup OBJECT-GROUP
OBJECTS { wsSwFirewallIfName, wsSwFirewallARPRate, wsSwFirewallWlanIndex, wsSwFirewallWlanAllowedMUDeniesPerSecond, wsSwFirewallWlanARPRate,
wsSwFirewallDosCheckLogLevel, wsSwFirewallDosCheckType, wsSwFirewallDosStatsAttackCount, wsSwFirewallDosStatsLastOccurrence, wsSwFirewallWlanMUDeauthenticate,
wsSwFirewallDosCheckEnableAll, wsSwFirewallDosStatsAttackType, wsSwFirewallDosCheckEnable, wsSwFirewallDhcpSnoopIndex, wsSwFirewallDosClearStats,
wsSwFirewallDosCheckDisableAll, wsSwFirewallWlanUcastStormCtrlInRate, wsSwFirewallWlanBcastStormCtrlInRate, wsSwFirewallWlanMcastStormCtrlInRate, wsSwFirewallUcastLogLvl,
wsSwFirewallMcastLogLvl, wsSwFirewallBcastLogLvl, wsSwFirewallArpLogLvl, wsSwFirewallDhcpSnoopIngressPort, wsSwFirewallDhcpSnoopLeaseTime,
wsSwFirewallDhcpSnoopType, wsSwFirewallDhcpSnoopMACAddr, wsSwFirewallDhcpSnoopVlanId, wsSwFirewallDhcpSnoopIpAddr, wsSwFirewallUcastStormCtrlInRate,
wsSwFirewallMcastStormCtrlInRate, wsSwFirewallBcastStormCtrlInRate, wsSwFirewallWlanARPTrustEnable, wsSwFirewallWlanDHCPTrustEnable, wsSwFirewallARPTrustEnable,
wsSwFirewallDHCPTrustEnable, wsSwFirewallWlanRowStatus, wsSwFirewallL2RowStatus, wsSwFirewallDosTcpMaxIncompleteCnLow, wsSwFirewallDosTcpMaxIncompleteCnHigh
}
STATUS current
DESCRIPTION
"Description."
::= { wsSwFirewallGroups 1 }
END
--
-- WS-SW-FIREWALL-MIB.my
--
Reference in New Issue View Git Blame Copy Permalink