EXTREME-IP-SECURITY-MIB

File: EXTREME-IP-SECURITY-MIB.mib (18018 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC INET-ADDRESS-MIB
EXTREME-BASE-MIB

Imported symbols

MODULE-IDENTITY OBJECT-TYPE IpAddress
Counter64 Integer32 TEXTUAL-CONVENTION
DisplayString MacAddress RowStatus
InetAddressType InetAddress InetPortNumber
extremeAgent

Defined Types

HexOctet  
TEXTUAL-CONVENTION    
  current STRING Size(2)

VlanTag  
TEXTUAL-CONVENTION    
  current INTEGER 0..4095

IpProtocol  
TEXTUAL-CONVENTION    
  current INTEGER unknown(0), icmp(1), tcp(6), udp(17)

TcpFlagAnomalyReason  
TEXTUAL-CONVENTION    
  current INTEGER unknown(0), flagSynAndSrcPort(1), flagAndSeq(2), flagFinAndUrgAandPshandSeq(3), flagSynAndFin(4)

IcmpAnomalyReason  
TEXTUAL-CONVENTION    
  current INTEGER unknown(0), icmpOverSize(1), icmpFragmented(2)

TcpFragmentAnomalyReason  
TEXTUAL-CONVENTION    
  current INTEGER unknown(0), tcpHdrLessSize(1), tcpFragmented(2)

Defined Values

extremeIpSecurity 1.3.6.1.4.1.1916.1.34
Extreme IP Security MIB
MODULE-IDENTITY    

extremeIpSecurityTraps 1.3.6.1.4.1.1916.1.34.1
OBJECT IDENTIFIER    

extremeIpSecurityTrapsPrefix 1.3.6.1.4.1.1916.1.34.1.0
OBJECT IDENTIFIER    

extremeIpSecurityViolation 1.3.6.1.4.1.1916.1.34.1.0.1
For vlans/ports on which one or more of the IP Security features have been enabled, this trap will be generated when a packet received on that vlan/port is in violation of the configured IP Security protections
NOTIFICATION-TYPE    

extremeIpSecurityVlanIfIndex 1.3.6.1.4.1.1916.1.34.1.1
The ifIndex of the VLAN on which the violating packet was received.
OBJECT-TYPE    
  Integer32  

extremeIpSecurityVlanDescr 1.3.6.1.4.1.1916.1.34.1.2
The description(name) of the VLAN on which the violating packet was received.
OBJECT-TYPE    
  DisplayString Size(0..32)  

extremeIpSecurityPortIfIndex 1.3.6.1.4.1.1916.1.34.1.3
The ifIndex of the port on which the violating packet was received.
OBJECT-TYPE    
  Integer32  

extremeIpSecurityIpAddr 1.3.6.1.4.1.1916.1.34.1.4
Source IP address of the violating packet
OBJECT-TYPE    
  IpAddress  

extremeIpSecurityMacAddress 1.3.6.1.4.1.1916.1.34.1.5
Source MAC address in the violating packet
OBJECT-TYPE    
  MacAddress  

extremeIpSecurityViolationType 1.3.6.1.4.1.1916.1.34.1.6
The type of IP Security violation that occurred - rogueDhcpServerPacket(1) A rogue DHCP server packet was received. - badIpMacBindingInArpPacket(2) The IP-MAC binding received in the ARP packet does not exist in the DHCP Bindings table. - badIpInArpPacket(3) The Source IP address in the ARP payload is invalid. - badMacInArpPacket(4) One of the MAC addresses in the ARP payload does not match with its counterpart in the ethernet header.
OBJECT-TYPE    
  INTEGER rogueDhcpServerPacket(1), badIpMacBindingInArpPacket(2), badIpInArpPacket(3), badMacInArpPacket(4)  

extremeIpSecurityAnomalyTraps 1.3.6.1.4.1.1916.1.34.2
OBJECT IDENTIFIER    

extremeIpSecurityAnomalyTrapsPrefix 1.3.6.1.4.1.1916.1.34.2.0
OBJECT IDENTIFIER    

extremeIpSecurityAnomalyIpViolation 1.3.6.1.4.1.1916.1.34.2.0.1
For ports on which the protocol anomaly protection IP features has been enabled, this trap will be generated when a packet received on that port if the packet's source IP == destination IP
NOTIFICATION-TYPE    

extremeIpSecurityAnomalyL4PortViolation 1.3.6.1.4.1.1916.1.34.2.0.2
For ports on which the protocol anomaly protection L4port features has been enabled, this trap will be generated when a packet received on that port if 1) the packet is a TCP or UDP packetr. AND 2) its source L4 port == destination port
NOTIFICATION-TYPE    

extremeIpSecurityAnomalyTcpFlagViolation 1.3.6.1.4.1.1916.1.34.2.0.3
For ports on which the protocol anomaly protection TCP flags features has been enabled, this trap will be generated when a TCP packet received on that port if 1) (TCP flag SYN is set) and (its TCP source port < 1024). OR 2) (TCP flag == 0) and (TCP seq # == 0). OR 3) (TCP flag FIN/URG/PSH bits sre set) and (TCP seq # == 0). OR 4) Both TCP iflag SYN and FIN are set
NOTIFICATION-TYPE    

extremeIpSecurityAnomalyTcpFragmentViolation 1.3.6.1.4.1.1916.1.34.2.0.4
For ports on which the protocol anomaly protection TCP fragment features has been enabled, this trap will be generated when a packet received on that port if 1) the packet is a TCP, and its size of the TCP header is less than pre-configured value; or 2) the packet is a TCP and it is a IP fragmented packet (IP offset != 0)
NOTIFICATION-TYPE    

extremeIpSecurityAnomalyIcmpViolation 1.3.6.1.4.1.1916.1.34.2.0.5
For ports on which the protocol anomaly protection ICMP features has been enabled, this trap will be generated when an ICMP packet received on that port if 1) the size of ICMP (IP payload) is large thant pre-configured value; or 2) it is a fragmented IP/ICMP packet (IP offset != 0)
NOTIFICATION-TYPE    

esAnomalyPortIfIndex 1.3.6.1.4.1.1916.1.34.2.1
The ifIndex of the port on which the violating packet was received.
OBJECT-TYPE    
  Integer32  

esAnomalyVlanIfIndex 1.3.6.1.4.1.1916.1.34.2.2
The ifIndex of the VLAN on which the violating packet was received.
OBJECT-TYPE    
  Integer32  

esAnomalyVlanDescr 1.3.6.1.4.1.1916.1.34.2.3
The description(name) of the VLAN on which the violating packet was received.
OBJECT-TYPE    
  DisplayString Size(0..32)  

esAnomalySrcMacAddress 1.3.6.1.4.1.1916.1.34.2.4
Source MAC address in the violating packet
OBJECT-TYPE    
  MacAddress  

esAnomalyDestMacAddress 1.3.6.1.4.1.1916.1.34.2.5
Destination MAC address in the violating packet
OBJECT-TYPE    
  MacAddress  

esAnomalySrcIpAddrType 1.3.6.1.4.1.1916.1.34.2.6
source IP address type: ipv4 or ipv6
OBJECT-TYPE    
  InetAddressType  

esAnomalySrcIpAddr 1.3.6.1.4.1.1916.1.34.2.7
source IP address in the violating packet
OBJECT-TYPE    
  InetAddress  

esAnomalyDestIpAddrType 1.3.6.1.4.1.1916.1.34.2.8
destination IP address type: ipv4 or ipv6
OBJECT-TYPE    
  InetAddressType  

esAnomalyDestIpAddr 1.3.6.1.4.1.1916.1.34.2.9
destination IP address in the violating packet
OBJECT-TYPE    
  InetAddress  

esAnomalyIpProto 1.3.6.1.4.1.1916.1.34.2.10
IP protocol in the violating packet
OBJECT-TYPE    
  IpProtocol  

esAnomalySrcL4Port 1.3.6.1.4.1.1916.1.34.2.11
tcp/udp source port number in the violating packet
OBJECT-TYPE    
  InetPortNumber  

esAnomalyDestL4Port 1.3.6.1.4.1.1916.1.34.2.12
tcp/udp destination port in the violating packet
OBJECT-TYPE    
  InetPortNumber  

esAnomalyTcpFlag 1.3.6.1.4.1.1916.1.34.2.13
TCP flags in the violating packet
OBJECT-TYPE    
  HexOctet  

esAnomalyTcpSeq 1.3.6.1.4.1.1916.1.34.2.14
TCP sequence number in the violating packet
OBJECT-TYPE    
  Integer32  

esAnomalyTcpHdrSize 1.3.6.1.4.1.1916.1.34.2.15
TCP Header size in the violating packet
OBJECT-TYPE    
  Integer32  

esAnomalyTcpFlagReason 1.3.6.1.4.1.1916.1.34.2.16
TCP flag anomaly reason code
OBJECT-TYPE    
  TcpFlagAnomalyReason  

esAnomalyIcmpReason 1.3.6.1.4.1.1916.1.34.2.17
ICMP anomaly reason code
OBJECT-TYPE    
  IcmpAnomalyReason  

esAnomalyVlanTag 1.3.6.1.4.1.1916.1.34.2.18
the vlan tag in the violating packet
OBJECT-TYPE    
  VlanTag  

esAnomalyTcpFragmentReason 1.3.6.1.4.1.1916.1.34.2.19
TCP fragment anomaly reason code
OBJECT-TYPE    
  TcpFragmentAnomalyReason