A3COM0021-PORT-SECURITY

File: A3COM0021-PORT-SECURITY.mib (10717 bytes)

Imported modules

A3COM0004-GENERIC RFC-1212 RFC-1215
SNMP-REPEATER-MIB

Imported symbols

securePort OBJECT-TYPE TRAP-TYPE
rptrPortAdminStatus

Defined Types

SecurePortEntry  
SEQUENCE    
  secureSlotIndex INTEGER
  securePortIndex INTEGER
  securePortMode INTEGER
  secureNeedToKnowMode INTEGER
  secureIntrusionAction INTEGER
  secureNumberAddresses INTEGER
  secureNumberAddressesStored INTEGER
  secureMaximumAddresses INTEGER

SecureAddressEntry  
SEQUENCE    
  secureAddrSlotIndex INTEGER
  secureAddrPortIndex INTEGER
  secureAddrMAC STRING
  secureAddrRowStatus INTEGER

Defined Values

securePortTable 1.3.6.1.4.1.43.10.22.1
This table defines the security status of each secure port. Each port can have a number of authorised MAC addresses, and these are stored in the secureAddressTable.
OBJECT-TYPE    
  SEQUENCE OF  
    SecurePortEntry

securePortEntry 1.3.6.1.4.1.43.10.22.1.1
There is a row in this table for each secure port, and allows repeater ports to be configured for security on a per port basis. It is indexed using the objects secureSlotIndex and securePortIndex.
OBJECT-TYPE    
  SecurePortEntry  

secureSlotIndex 1.3.6.1.4.1.43.10.22.1.1.1
The slot or unit number of the secure port. This is the first index into the securePortTable.
OBJECT-TYPE    
  INTEGER 1..1024  

securePortIndex 1.3.6.1.4.1.43.10.22.1.1.2
The port number of the secure port. This is the second index into the securePortTable.
OBJECT-TYPE    
  INTEGER 1..1024  

securePortMode 1.3.6.1.4.1.43.10.22.1.1.3
Determines the learning and security modes of the port. See secureNeedToKnowMode and secureIntrusionAction to configure Need To Know and Intrusion Action on each port. (When in a learning mode, secureNumberAddresses determines the maximum number of addresses that can be learned on the port. This is set by the user.) noRestrictions(1) All learning and security are disabled. continuousLearning(2) Addresses are learned continually. If more addresses are learned than are permitted on the port, then one of the older entries will be aged out. Need To Know and Intrusion Action depends on secureNeedToKnowMode and secureIntrusionAction respectively. autoLearn(3) All addresses for this port are deleted, and then addresses are learned up to the number permitted. securePortMode is then set to secure. Need To Know and Intrusion Action depends on secureNeedToKnowMode and secureIntrusionAction respectively. secure(4) Learning is disabled. Need To Know and Intrusion Action depends on secureNeedToKnowMode and secureIntrusionAction respectively. The secureAddressLearned trap is sent whenever a station has been learned. The secureViolation trap is sent whenever a packet is received from an unauthorised station.
OBJECT-TYPE    
  INTEGER noRestrictions(1), continuousLearning(2), autoLearn(3), secure(4)  

secureNeedToKnowMode 1.3.6.1.4.1.43.10.22.1.1.4
Attribute to determine which frames are to be forwarded to this port intact. 1 - Need To Know is not available. 2 - All frames. 3 - Frames addressed to the authorised devices only. 4 - Frames addressed to the authorised devices, plus all broadcast frames. 5 - Frames addressed to the authorised devices, plus all broadcast and multicast frames. 6 - As 3 and cannot be changed. 7 - As 4 and cannot be changed. 8 - As 5 and cannot be changed. If this object returns 1,6,7 or 8, it means that the Need To Know configuration cannot be changed, and any attempt to write to this object will cause an error.
OBJECT-TYPE    
  INTEGER notAvailable(1), disabled(2), needToKnowOnly(3), needToKnowWithBroadcastsAllowed(4), needToKnowWithMulticastsAllowed(5), permanentNeedToKnowOnly(6), permanentNeedToKnowWithBroadcastsAllowed(7), permanentNeedToKnowWithMulticastsAllowed(8)  

secureIntrusionAction 1.3.6.1.4.1.43.10.22.1.1.5
Attribute to determine the action if an unauthorised device tranmsits on this port.
OBJECT-TYPE    
  INTEGER notAvailable(1), noAction(2), disablePort(3), disablePortTemporarily(4)  

secureNumberAddresses 1.3.6.1.4.1.43.10.22.1.1.6
The maximum number of addresses that the port can learn or store. Reducing this number may cause some addresses to be deleted. This value is set by the user and cannot be automatically changed by the agent. The following relationship must be preserved. secureNumberAddressesStored <= secureNumberAddresses <= secureMaximumAddresses
OBJECT-TYPE    
  INTEGER  

secureNumberAddressesStored 1.3.6.1.4.1.43.10.22.1.1.7
The number of addresses that are currently in the AddressTable for this port. If this object has the same value as secureNumberAddresses, then no more addresses can be authorised on this port. The following relationship must allows be preserved. secureNumberAddressesStored <= secureNumberAddresses <= secureMaximumAddresses
OBJECT-TYPE    
  INTEGER  

secureMaximumAddresses 1.3.6.1.4.1.43.10.22.1.1.8
This indicates the maximum value that secureNumberAddresses can be set to. It is dependent on the resources available so may change, eg. if resources are shared between ports, then this value can both increase and decrease. This object must be read before setting secureNumberAddresses. The following relationship must allows be preserved. secureNumberAddressesStored <= secureNumberAddresses <= secureMaximumAddresses
OBJECT-TYPE    
  INTEGER  

secureAddressTable 1.3.6.1.4.1.43.10.22.2
This table which stores the MAC addresses assigned to each port. Addresses will normally defined as authorised, and describe the devices which are permitted to transmit and receive on the corresponding port. This table can be written to by the agent as well as the management station.
OBJECT-TYPE    
  SEQUENCE OF  
    SecureAddressEntry

secureAddressEntry 1.3.6.1.4.1.43.10.22.2.1
This table allows multiple addresses to be assigned to each secure port. It is indexed using the objects secureAddrSlotIndex, secureAddrPortIndex and secureAddrMAC.
OBJECT-TYPE    
  SecureAddressEntry  

secureAddrSlotIndex 1.3.6.1.4.1.43.10.22.2.1.1
The slot or unit number of the secure port. This is the first index into the secureAddressTable.
OBJECT-TYPE    
  INTEGER 1..1024  

secureAddrPortIndex 1.3.6.1.4.1.43.10.22.2.1.2
The port number of the secure port. This is the second index into the secureAddressTable.
OBJECT-TYPE    
  INTEGER 1..1024  

secureAddrMAC 1.3.6.1.4.1.43.10.22.2.1.3
The MAC address of a station assigned to this port. This is the third index into the secureAddressTable.
OBJECT-TYPE    
  STRING Size(6)  

secureAddrRowStatus 1.3.6.1.4.1.43.10.22.2.1.4
This manages the creation and deletion or rows, and shows the current status of the indexed MAC address. This object has the following values. 1 - The indexed MAC address is authorised on this port. 2 - The indexed MAC address is not authorised on this port. 3 - Not applicable. (This value indicates an incomplete row.) 4 - Assign a new MAC address to the port and authorise immediately. 5 - Assign a new MAC address to the port, but do not authorise until active(1) is written to this object. 6 - Delete this entry. When creating a new entry, index a new row and use createAndGo(4) or createAndWait(5). Some hardware will not allow the address to be unauthorised, and will automatically switch the row to active(1). When reading this object, only active(1) and notInService(2) will be returned. Only the values active(1) and destroy(6) will be allowed for an existing row, or createAndGo(4) and createAndWait(5) for a new row.
OBJECT-TYPE    
  INTEGER active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6)  

secureStop 1.3.6.1.4.1.43.10.22.3
A MIB object to speed up access to the security tables. When performing a get-next through the table, this object is accessed as soon as the table is passed and allows the management to quickly determine the end of the table.
OBJECT-TYPE    
  INTEGER