CISCO-DYNAMIC-ARP-INSPECTION-MIB

File: CISCO-DYNAMIC-ARP-INSPECTION-MIB.mib (38464 bytes)

Imported modules

SNMPv2-SMI SNMPv2-CONF SNMPv2-TC
IF-MIB INET-ADDRESS-MIB Q-BRIDGE-MIB
CISCO-PRIVATE-VLAN-MIB SNMP-FRAMEWORK-MIB CISCO-SMI

Imported symbols

MODULE-IDENTITY Gauge32 Unsigned32
Counter32 OBJECT-TYPE MODULE-COMPLIANCE
OBJECT-GROUP TruthValue MacAddress
DateAndTime StorageType RowStatus
ifIndex InterfaceIndexOrZero InetAddressType
InetAddress VlanIndex VlanIndexOrZero
SnmpAdminString ciscoMgmt

Defined Types

CdaiLogBufferEntry  
SEQUENCE    
  cdaiLogBufferIndex Unsigned32
  cdaiLogBufferInterface InterfaceIndexOrZero
  cdaiLogBufferVlan VlanIndexOrZero
  cdaiLogBufferSenderMacAddress MacAddress
  cdaiLogBufferSenderAddressType InetAddressType
  cdaiLogBufferSenderIpAddress InetAddress
  cdaiLogBufferReason INTEGER
  cdaiLogBufferLastUpdate DateAndTime
  cdaiLogBufferPacketsCount Gauge32

CdaiVlanConfigEntry  
SEQUENCE    
  cdaiVlanIndex VlanIndex
  cdaiVlanDynArpInspEnable TruthValue

CdaiVlanCfgEntry  
SEQUENCE    
  cdaiVlanId VlanIndex
  cdaiVlanDynArpInspAdmin INTEGER
  cdaiVlanDynArpInspOper INTEGER
  cdaiVlanFilterArpAclName SnmpAdminString
  cdaiVlanFilterArpAclStatic TruthValue
  cdaiVlanAclLogging INTEGER
  cdaiVlanDhcpBindingLogging INTEGER
  cdaiVlanArpProbeLogging TruthValue
  cdaiVlanCfgStorageType StorageType
  cdaiVlanCfgRowStatus RowStatus

CdaiIfConfigEntry  
SEQUENCE    
  cdaiIfTrustEnable TruthValue

CdaiIfRateLimitEntry  
SEQUENCE    
  cdaiIfRateLimit Unsigned32

CdaiVlanStatsEntry  
SEQUENCE    
  cdaiVlanStatsIndex VlanIndex
  cdaiVlanForwarded Counter32
  cdaiVlanDropped Counter32
  cdaiVlanAclPermitted Counter32
  cdaiVlanDhcpBindingsPermitted Counter32
  cdaiVlanAclDenied Counter32
  cdaiVlanDhcpBindingDenied Counter32
  cdaiVlanSrcMacValidationFailures Counter32
  cdaiVlanDestMacValidationFailures Counter32
  cdaiVlanIpValidationFailures Counter32
  cdaiVlanArpProbePermitted Counter32
  cdaiVlanInvalidProtocolData Counter32

Defined Values

ciscoDynamicArpInspectionMIB 1.3.6.1.4.1.9.9.374
The MIB module is for configuration of Dynamic ARP Inspection feature. Dynamic ARP Inspection is a security mechanism which validate ARP packets seen on access ports.
MODULE-IDENTITY    

cdaiMIBNotifs 1.3.6.1.4.1.9.9.374.0
OBJECT IDENTIFIER    

cdaiMIBObjects 1.3.6.1.4.1.9.9.374.1
OBJECT IDENTIFIER    

cdaiMIBConformance 1.3.6.1.4.1.9.9.374.2
OBJECT IDENTIFIER    

cdaiGlobal 1.3.6.1.4.1.9.9.374.1.1
OBJECT IDENTIFIER    

cdaiVlan 1.3.6.1.4.1.9.9.374.1.2
OBJECT IDENTIFIER    

cdaiInterface 1.3.6.1.4.1.9.9.374.1.3
OBJECT IDENTIFIER    

cdaiStatistics 1.3.6.1.4.1.9.9.374.1.4
OBJECT IDENTIFIER    

cdaiLoggingEnable 1.3.6.1.4.1.9.9.374.1.1.1
This object indicates whether the Dynamic ARP Inspection logging is enabled on the device. If this object is set to 'true', Dynamic ARP Inspection logging is enabled. If this object is set to 'false', Dynamic ARP Inspection logging is disabled.
OBJECT-TYPE    
  TruthValue  

cdaiAddressValidate 1.3.6.1.4.1.9.9.374.1.1.2
This object specifies address validation criteria used by Dynamic ARP Inspection feature. 'srcMacAddress' indicates that source MAC address in ethernet header is checked against the sender MAC address in ARP packet. When this bit is on, packets with different MAC addresses are classified as invalid packets and are dropped. This checking is done for both ARP request and ARP response packet. 'dstMacAddress' indicates that the destination MAC address in ethernet header is checked against the target MAC address in ARP packet. When this bit is on, packets with different addresses are classified as invalid packets and are dropped. This checking is done for ARP response packet only. 'ip' indicates that the IP addresses in ARP packet are checked for invalid or unexpected IP addresses. Addresses such as 0.0.0.0, 255.255.255.255 and all IP multicast addresses are considered invalid. When this bit is on, both the sender and target IP addresses in the ARP packet are checked. This checking is done for both ARP request and response packet. 'ipAllowZeros' works the same as 'ip' but address 0.0.0.0 is allowed. 'ip' and 'ipAllowZeros' are mutually exclusive.
OBJECT-TYPE    
  BITS srcMacAddress(0), dstMacAddress(1), ip(2), ipAllowZeros(3)  

cdaiLogBufferSize 1.3.6.1.4.1.9.9.374.1.1.3
This object specifies the size of the logging buffer.
OBJECT-TYPE    
  Unsigned32  

cdaiLoggingRate 1.3.6.1.4.1.9.9.374.1.1.4
This object specifies the maximum number of logging entries will be logged during the time period denoted by cdaiLoggingInterval object for system message generation purpose. Zero value indicates that entry is placed in the log buffer, but a system message is not generated.
OBJECT-TYPE    
  Unsigned32  

cdaiLoggingInterval 1.3.6.1.4.1.9.9.374.1.1.5
This object specifies the logging interval for system message generation purpose. Zero value indicates that system message is immediately generated (and the log buffer is always empty). Value of this object and value of cdaiLoggingRate object cannot be zero at the same time.
OBJECT-TYPE    
  Unsigned32  

cdaiLogBufferAction 1.3.6.1.4.1.9.9.374.1.1.6
This objects specifies the action can be taken with respect to logging buffer. 'none' indicates that no operation is performed. This object always return value 'none' when read. 'clear' indicates that all entries in cdaiLoggingBufferTable will be cleared.
OBJECT-TYPE    
  INTEGER none(1), clear(2)  

cdaiLogBufferTable 1.3.6.1.4.1.9.9.374.1.1.7
A table provides the information of logged ARP flows for system message generation.
OBJECT-TYPE    
  SEQUENCE OF  
    CdaiLogBufferEntry

cdaiLogBufferEntry 1.3.6.1.4.1.9.9.374.1.1.7.1
A row instance contains logged ARP flow data for system message generation. Entries in the log are cleared once system messages are generated on their behalf. A special entry will be populated for accounting drops of all flows that result in exceeding the number of entries of the log buffer. Special entry only contains packets counter and timestamps information. The rest of its fields are irrelevant.
OBJECT-TYPE    
  CdaiLogBufferEntry  

cdaiLogBufferIndex 1.3.6.1.4.1.9.9.374.1.1.7.1.1
This object uniquely identifies a logged ARP flow in the buffer.
OBJECT-TYPE    
  Unsigned32 1..65535  

cdaiLogBufferInterface 1.3.6.1.4.1.9.9.374.1.1.7.1.2
This object indicates the interface which sent the logged ARP flow. Zero value indicates the special entry.
OBJECT-TYPE    
  InterfaceIndexOrZero  

cdaiLogBufferVlan 1.3.6.1.4.1.9.9.374.1.1.7.1.3
This object indicates the VLAN number which the logged ARP flow belongs to. Zero value indicates the special entry.
OBJECT-TYPE    
  VlanIndexOrZero  

cdaiLogBufferSenderMacAddress 1.3.6.1.4.1.9.9.374.1.1.7.1.4
This object indicates the sender MAC address of the logged ARP flow. All zeros MAC address value indicates the special entry.
OBJECT-TYPE    
  MacAddress  

cdaiLogBufferSenderAddressType 1.3.6.1.4.1.9.9.374.1.1.7.1.5
This object indicates the sender Internet address type of the logged ARP flow.
OBJECT-TYPE    
  InetAddressType  

cdaiLogBufferSenderIpAddress 1.3.6.1.4.1.9.9.374.1.1.7.1.6
This object indicates the sender Internet address of the logged ARP flow. The type of this address is determined by the value of cdaiLogBufferSenderAddressType object. All zeros IP address value indicates the special entry.
OBJECT-TYPE    
  InetAddress  

cdaiLogBufferReason 1.3.6.1.4.1.9.9.374.1.1.7.1.7
This object indicates the reason for logging this ARP flow. 'unknown' indicates unknown reason. 'deny' indicates that this ARP flow is logged because it is denied by Dynamic ARP Inspection feature. 'aclDeny' indicates that this ARP flow is logged because it is denied by a configured ARP ACL. 'aclPermit' indicates that this ARP flow is logged because it is permitted by a configured ARP ACL. 'dhcpDeny' indicates that this ARP flow is logged because it is denied when comparing with DHCP bindings information. 'dhcpPermit' indicates that this ARP flow is logged because it is permitted when comparing with DHCP binding information. 'probePermit' indicates that this ARP flow is logged because it is a permitted ARP-Probe flow.
OBJECT-TYPE    
  INTEGER unknown(1), deny(2), aclDeny(3), aclPermit(4), dhcpDeny(5), dhcpPermit(6), probePermit(7)  

cdaiLogBufferLastUpdate 1.3.6.1.4.1.9.9.374.1.1.7.1.8
This object indicates the timestamp when the last packet of this flow was accounted by the system.
OBJECT-TYPE    
  DateAndTime  

cdaiLogBufferPacketsCount 1.3.6.1.4.1.9.9.374.1.1.7.1.9
This object indicates the number of packets of this ARP flow was accounted by the system.
OBJECT-TYPE    
  Gauge32  

cdaiVlanConfigTable 1.3.6.1.4.1.9.9.374.1.2.1
A table provides the mechanism to control Dynamic ARP Inspection per VLAN. When a VLAN is created in a device supporting this table, a corresponding entry of this table will be added.
OBJECT-TYPE    
  SEQUENCE OF  
    CdaiVlanConfigEntry

cdaiVlanConfigEntry 1.3.6.1.4.1.9.9.374.1.2.1.1
A row instance contains the configuration to enable or disable Dynamic ARP Inspection at each existing VLAN.
OBJECT-TYPE    
  CdaiVlanConfigEntry  

cdaiVlanIndex 1.3.6.1.4.1.9.9.374.1.2.1.1.1
This object indicates the VLAN number on which Dynamic ARP Inspection feature is configured.
OBJECT-TYPE    
  VlanIndex  

cdaiVlanDynArpInspEnable 1.3.6.1.4.1.9.9.374.1.2.1.1.2
This object indicates whether Dynamic ARP Inspection is enabled in this VLAN. If this object is set to 'true', Dynamic ARP Inspection is enabled. If this object is set to 'false', Dynamic ARP Inspection is disabled.
OBJECT-TYPE    
  TruthValue  

cdaiVlanCfgTable 1.3.6.1.4.1.9.9.374.1.2.2
A table provides the mechanism to control Dynamic ARP Inspection per VLAN. This table is populated for each existing VLAN in the device as well as non-existing VLANs which contains the Dynamic ARP Inspection configuration.
OBJECT-TYPE    
  SEQUENCE OF  
    CdaiVlanCfgEntry

cdaiVlanCfgEntry 1.3.6.1.4.1.9.9.374.1.2.2.1
A row instance contains the Dynamic ARP inspection configuration for a specific VLAN in the device.
OBJECT-TYPE    
  CdaiVlanCfgEntry  

cdaiVlanId 1.3.6.1.4.1.9.9.374.1.2.2.1.1
This object indicates the VLAN number.
OBJECT-TYPE    
  VlanIndex  

cdaiVlanDynArpInspAdmin 1.3.6.1.4.1.9.9.374.1.2.2.1.2
This object specifies the administrative status of Dynamic ARP Inspection feature in this VLAN. If this object value is 'enable', Dynamic ARP Inspection is enabled. If this object value is 'disable', Dynamic ARP Inspection is disabled.
OBJECT-TYPE    
  INTEGER enable(1), disable(2)  

cdaiVlanDynArpInspOper 1.3.6.1.4.1.9.9.374.1.2.2.1.3
This object indicates the operational status of Dynamic ARP Inspection feature in this VLAN. If this object is 'active', Dynamic ARP Inspection is operationally active. If this object is 'inactive', Dynamic ARP Inspection is operationally inactive.
OBJECT-TYPE    
  INTEGER active(1), inactive(2)  

cdaiVlanFilterArpAclName 1.3.6.1.4.1.9.9.374.1.2.2.1.4
This object specifies an ARP ACL name that Dynamic ARP Inspection feature uses to check the validity of the bindings information in ARP body. An emptry string indicates that no such ARP ACL is configured for this purpose.
OBJECT-TYPE    
  SnmpAdminString  

cdaiVlanFilterArpAclStatic 1.3.6.1.4.1.9.9.374.1.2.2.1.5
This object specifies whether the ARP ACL denoted by cdaiVlanFilterArpAclName is statically applied by Dynamic ARP Inspection feature. This object does not take effect if value of cdaiVlanFilterArpAclName on the row is an empty string. 'true' indicates that ARP ACL is applied statically. The action (denied or permitted) results from applying the ARP ACL is final and ARP packet is not compared against DHCP bindings information. 'false' indicates ARP ACL is not applied statically. If ARP packet is not explicitly classified by ARP ACL, it will be compared against DHCP bindings information.
OBJECT-TYPE    
  TruthValue  

cdaiVlanAclLogging 1.3.6.1.4.1.9.9.374.1.2.2.1.6
This object specifies the logging configuration that Dynamic ARP Inspection feature applies to ARP packets when they are classified by the configured ACL. 'none' indicates that no logging is performed when packets are classified by the configured ACL. 'aclMatch' indicates that logging is performed when packets are classified by the configured ACL and the matched ACE specified a logging action. 'deny' indicates that logging is performed when packets is denied by the configured ACL.
OBJECT-TYPE    
  INTEGER none(1), aclMatch(2), deny(3)  

cdaiVlanDhcpBindingLogging 1.3.6.1.4.1.9.9.374.1.2.2.1.7
This object specifies packet logging configuration performed by Dynamic ARP Inspection feature when ARP packets is compared against DHCP bindings information. 'none' indicates that no packet logging is performed. 'permit' indicates that packet logging is performed only for packets that are permitted as a result of comparing with DHCP bindings information. 'deny' indicates that packet logging is performed only for packets that are denied as a result of comparing with DHCP bindings information. 'all' indicates that packet logging is performed for all packets that are permitted or denied as a result of comparing with DHCP bindings information.
OBJECT-TYPE    
  INTEGER none(1), permit(2), deny(3), all(4)  

cdaiVlanArpProbeLogging 1.3.6.1.4.1.9.9.374.1.2.2.1.8
The objects specifies if ARP-Probe packets will be logged by Dynamic ARP Inspection feature. 'true' indicates ARP-Probe packets will be logged. 'false' indicates ARP-Probe packets will not be logged.
OBJECT-TYPE    
  TruthValue  

cdaiVlanCfgStorageType 1.3.6.1.4.1.9.9.374.1.2.2.1.9
The objects specifies the storage type for this conceptual row.
OBJECT-TYPE    
  StorageType  

cdaiVlanCfgRowStatus 1.3.6.1.4.1.9.9.374.1.2.2.1.10
The status of this conceptual row entry. This object is used to manage creation and deletion of rows in this table. Deletion of an entry in this table is only allowed if the VLAN indicated by its row index object does not exist in the device. Writable objects can be modified at any time even while the row is active.
OBJECT-TYPE    
  RowStatus  

cdaiIfConfigTable 1.3.6.1.4.1.9.9.374.1.3.1
A table provides the mechanism to configure the trust state for Dynamic ARP Inspection purpose at each physical interface capable of this feature. Some of the interfaces (but not limited to) for which this feature might be applicable are: ifType = ethernetCsmacd(6).
OBJECT-TYPE    
  SEQUENCE OF  
    CdaiIfConfigEntry

cdaiIfConfigEntry 1.3.6.1.4.1.9.9.374.1.3.1.1
A row instance contains the configuration to enable or disable trust state for Dynamic ARP Inspection at each physical interface capable of this feature.
OBJECT-TYPE    
  CdaiIfConfigEntry  

cdaiIfTrustEnable 1.3.6.1.4.1.9.9.374.1.3.1.1.1
This object indicates whether the interface is trusted for Dynamic ARP Inspection purpose. If this object is set to 'true', the interface is trusted. ARP packets coming to this interface will be forwarded without checking. If this object is set to 'false', the interface is not trusted. ARP packets coming to this interface will be subjected to ARP inspection.
OBJECT-TYPE    
  TruthValue  

cdaiIfRateLimitTable 1.3.6.1.4.1.9.9.374.1.3.2
A table provides the mechanism to configure the rate limit for Dynamic ARP Inspection purpose at each physical interface capable of this feature.
OBJECT-TYPE    
  SEQUENCE OF  
    CdaiIfRateLimitEntry

cdaiIfRateLimitEntry 1.3.6.1.4.1.9.9.374.1.3.2.1
A row instance contains the configuration of rate limit Dynamic ARP Inspection at each physical interface capable of this feature.
OBJECT-TYPE    
  CdaiIfRateLimitEntry  

cdaiIfRateLimit 1.3.6.1.4.1.9.9.374.1.3.2.1.1
This object indicates rate limit value for Dynamic ARP Inspection purpose. If the incoming rate of ARP packets exceeds the value of this object, ARP packets will be dropped.
OBJECT-TYPE    
  Unsigned32  

cdaiVlanStatsTable 1.3.6.1.4.1.9.9.374.1.4.1
A table lists the Dynamic Arp Inspection statistics per VLAN.
OBJECT-TYPE    
  SEQUENCE OF  
    CdaiVlanStatsEntry

cdaiVlanStatsEntry 1.3.6.1.4.1.9.9.374.1.4.1.1
A row instance contains Dynamic ARP Inspection statistics information for each VLAN.
OBJECT-TYPE    
  CdaiVlanStatsEntry  

cdaiVlanStatsIndex 1.3.6.1.4.1.9.9.374.1.4.1.1.1
This object indicates the VLAN number.
OBJECT-TYPE    
  VlanIndex  

cdaiVlanForwarded 1.3.6.1.4.1.9.9.374.1.4.1.1.2
This object indicates the number of ARP packets forwarded by Dynamic Arp Inspection feature.
OBJECT-TYPE    
  Counter32  

cdaiVlanDropped 1.3.6.1.4.1.9.9.374.1.4.1.1.3
This object indicates the number of ARP packets dropped by Dynamic ARP Inspection feature.
OBJECT-TYPE    
  Counter32  

cdaiVlanAclPermitted 1.3.6.1.4.1.9.9.374.1.4.1.1.4
This object indicates the number of ARP packets permitted by the configured ACL.
OBJECT-TYPE    
  Counter32  

cdaiVlanDhcpBindingsPermitted 1.3.6.1.4.1.9.9.374.1.4.1.1.5
This object indicates the number of DHCP-binding permitted ARP packets.
OBJECT-TYPE    
  Counter32  

cdaiVlanAclDenied 1.3.6.1.4.1.9.9.374.1.4.1.1.6
This object indicates the number of ARP packets denied by the configured ACL.
OBJECT-TYPE    
  Counter32  

cdaiVlanDhcpBindingDenied 1.3.6.1.4.1.9.9.374.1.4.1.1.7
This object indicates the number of DHCP-binding denied ARP packets.
OBJECT-TYPE    
  Counter32  

cdaiVlanSrcMacValidationFailures 1.3.6.1.4.1.9.9.374.1.4.1.1.8
This object indicates the number of ARP packets that fail source MAC address validation.
OBJECT-TYPE    
  Counter32  

cdaiVlanDestMacValidationFailures 1.3.6.1.4.1.9.9.374.1.4.1.1.9
This object indicates the number of ARP packets that fail destination MAC address validation.
OBJECT-TYPE    
  Counter32  

cdaiVlanIpValidationFailures 1.3.6.1.4.1.9.9.374.1.4.1.1.10
This object indicates the number of ARP packets that fail IP validation.
OBJECT-TYPE    
  Counter32  

cdaiVlanArpProbePermitted 1.3.6.1.4.1.9.9.374.1.4.1.1.11
This object indicates the number of ARP Probe packets that are permitted.
OBJECT-TYPE    
  Counter32  

cdaiVlanInvalidProtocolData 1.3.6.1.4.1.9.9.374.1.4.1.1.12
This object indicates the number of ARP packets that contain invalid protocol data.
OBJECT-TYPE    
  Counter32  

cdaiMIBCompliances 1.3.6.1.4.1.9.9.374.2.1
OBJECT IDENTIFIER    

cdaiMIBGroups 1.3.6.1.4.1.9.9.374.2.2
OBJECT IDENTIFIER    

cdaiMIBCompliance 1.3.6.1.4.1.9.9.374.2.1.1
The compliance statement for CISCO-DYNAMIC-ARP-INSPECTION-MIB. This compliance is superceded by cdaiMIBCompliance1.
MODULE-COMPLIANCE    

cdaiMIBCompliance1 1.3.6.1.4.1.9.9.374.2.1.2
The compliance statement for CISCO-DYNAMIC-ARP-INSPECTION-MIB
MODULE-COMPLIANCE    

cdaiGlobalLoggingGroup 1.3.6.1.4.1.9.9.374.2.2.1
A collection of object which is used to configure Dynamic ARP Inspection logging.
OBJECT-GROUP    

cdaiVlanConfigGroup 1.3.6.1.4.1.9.9.374.2.2.2
A collection of object which are used to configure as well as show information regarding the Dynamic ARP Inspection feature per VLAN.
OBJECT-GROUP    

cdaiIfConfigGroup 1.3.6.1.4.1.9.9.374.2.2.3
A collection of object which are used to configure as well as show information regarding the interface trust state for Dynamic ARP Inspection purpose.
OBJECT-GROUP    

cdaiIfRateLimitGroup 1.3.6.1.4.1.9.9.374.2.2.4
A collection of object which are used to configure as well as show information regarding the rate limit per interface for Dynamic ARP Inspection purpose.
OBJECT-GROUP    

cdaiLoggingConfigGroup 1.3.6.1.4.1.9.9.374.2.2.5
A collection of object which provides logging configuration for Dynamic ARP Inspection feature.
OBJECT-GROUP    

cdaiAddressValidationGroup 1.3.6.1.4.1.9.9.374.2.2.6
A collection of object which provides address validation configuration for Dynamic ARP Inspection feature.
OBJECT-GROUP    

cdaiVlanCfgGroup 1.3.6.1.4.1.9.9.374.2.2.7
A collection of object which provides additional VLAN configuration for Dynamic ARP Inspection feature.
OBJECT-GROUP    

cdaiVlanStatisticsGroup 1.3.6.1.4.1.9.9.374.2.2.8
A collection of object which provides Dynamic ARP Inspection statistics per VLAN.
OBJECT-GROUP    

cdaiLogBufferGroup 1.3.6.1.4.1.9.9.374.2.2.9
A collection of object which provides logging information for Dynamic ARP Inspection feature.
OBJECT-GROUP    

cdaiVlanExtStatisticsGroup 1.3.6.1.4.1.9.9.374.2.2.10
A collection of object which provides additional Dynamic ARP Inspection statistics per VLAN.
OBJECT-GROUP    

cdaiVlanArpProbeGroup 1.3.6.1.4.1.9.9.374.2.2.11
A collection of object which provides additional VLAN configuration for ARP Probe packets.
OBJECT-GROUP    

cdaiLogBufferActionGroup 1.3.6.1.4.1.9.9.374.2.2.12
A collection of object which provides log buffer action.
OBJECT-GROUP