-- ================================================================== -- Copyright (C) 2004 by HUAWEI 3COM TECHNOLOGIES. All rights reserved. -- -- Description: HUAWEI-3COM Lan Switch DHCP Snooping MIB -- Reference: -- Version: V1.2 -- History: -- V1.0 The initial version, created by FuJiajia, 2004.12.29 -- V1.1 2006-03-08 updated by HeHangjun -- Added h3cDhcpSnoopVlanTable -- V1.2 2007-06-18 updated by qizhenglin -- Added h3cDhcpSnoopSpoofServerDetected -- h3cDhcpSnoopSpoofServerMac -- h3cDhcpSnoopSpoofServerIP -- ================================================================== -- ================================================================== -- -- Varibles and types be imported -- -- ================================================================== A3COM-HUAWEI-DHCPSNOOP-MIB DEFINITIONS ::= BEGIN IMPORTS RowStatus, MacAddress FROM SNMPv2-TC MODULE-IDENTITY,OBJECT-TYPE,IpAddress,Integer32, Counter64 FROM SNMPv2-SMI ifIndex FROM RFC1213-MIB hwdot1qVlanIndex FROM A3COM-HUAWEI-LswVLAN-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB h3cCommon FROM A3COM-HUAWEI-OID-MIB TruthValue FROM SNMPv2-TC; -- ================================================================== -- -- ======================= definition begin ========================= -- -- ================================================================== h3cDhcpSnoop MODULE-IDENTITY LAST-UPDATED "200501140000Z" ORGANIZATION "Huawei-3com Technologies Co.,Ltd." CONTACT-INFO "Platform Team Beijing Institute Huawei-3com Tech, Inc. Http:\\www.huawei-3com.com E-mail:support@huawei-3com.com" DESCRIPTION "The private mib file includes the DHCP Snooping profile." ::= { h3cCommon 36 } h3cDhcpSnoopMibObject OBJECT IDENTIFIER ::= { h3cDhcpSnoop 1 } h3cDhcpSnoopEnable OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "DHCP Snooping status (enable or disable)." DEFVAL { disable } ::= { h3cDhcpSnoopMibObject 1 } h3cDhcpSnoopTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table containing information of DHCP clients listened by DHCP snooping and it's enabled or disabled by setting h3cDhcpSnoopEnable node." ::= { h3cDhcpSnoopMibObject 2 } h3cDhcpSnoopEntry OBJECT-TYPE SYNTAX H3cDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information of DHCP clients." INDEX { h3cDhcpSnoopClientIpAddressType, h3cDhcpSnoopClientIpAddress } ::= { h3cDhcpSnoopTable 1} H3cDhcpSnoopEntry ::= SEQUENCE { h3cDhcpSnoopClientIpAddressType InetAddressType, h3cDhcpSnoopClientIpAddress InetAddress, h3cDhcpSnoopClientMacAddress MacAddress, h3cDhcpSnoopClientProperty INTEGER , h3cDhcpSnoopClientUnitNum INTEGER } h3cDhcpSnoopClientIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "DHCP clients' IP addresses type (IPv4 or IPv6)." DEFVAL { ipv4 } ::= { h3cDhcpSnoopEntry 1 } h3cDhcpSnoopClientIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "DHCP clients' IP addresses collected by DHCP snooping." ::= { h3cDhcpSnoopEntry 2 } h3cDhcpSnoopClientMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "DHCP clients' MAC addresses collected by DHCP snooping." ::= { h3cDhcpSnoopEntry 3 } h3cDhcpSnoopClientProperty OBJECT-TYPE SYNTAX INTEGER { static(1), dynamic(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Method of getting IP addresses collected by DHCP snooping." ::= { h3cDhcpSnoopEntry 4 } h3cDhcpSnoopClientUnitNum OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "IRF (Intelligent Resilient Fabric) unit number via whom the clients get their IP addresses. The value 0 means this device does not support IRF." ::= { h3cDhcpSnoopEntry 5 } h3cDhcpSnoopTrustTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDhcpSnoopTrustEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table is used to configure and monitor port trusted status." ::= { h3cDhcpSnoopMibObject 3 } h3cDhcpSnoopTrustEntry OBJECT-TYPE SYNTAX H3cDhcpSnoopTrustEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information about trusted status of ports." INDEX { ifIndex } ::= { h3cDhcpSnoopTrustTable 1} H3cDhcpSnoopTrustEntry ::= SEQUENCE { h3cDhcpSnoopTrustStatus INTEGER } h3cDhcpSnoopTrustStatus OBJECT-TYPE SYNTAX INTEGER { untrusted(0), trusted(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Trusted status of current port which supports both get and set operation." DEFVAL { untrusted } ::= { h3cDhcpSnoopTrustEntry 1 } h3cDhcpSnoopVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cDhcpSnoopVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table is used to configure and monitor DHCP Snooping status of VLANs." ::= { h3cDhcpSnoopMibObject 4 } h3cDhcpSnoopVlanEntry OBJECT-TYPE SYNTAX H3cDhcpSnoopVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry information about h3cDhcpSnoopVlanTable." INDEX { h3cDhcpSnoopVlanIndex } ::= { h3cDhcpSnoopVlanTable 1 } H3cDhcpSnoopVlanEntry ::= SEQUENCE { h3cDhcpSnoopVlanIndex Integer32, h3cDhcpSnoopVlanEnable TruthValue } h3cDhcpSnoopVlanIndex OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Current VLAN index." ::= { h3cDhcpSnoopVlanEntry 1 } h3cDhcpSnoopVlanEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "DHCP Snooping status of current VLAN." DEFVAL { false } ::= { h3cDhcpSnoopVlanEntry 2 } -- ================================================================== -- -- ======================= trap definition begin ==================== -- -- ================================================================== h3cDhcpSnoopTraps OBJECT IDENTIFIER ::= { h3cDhcpSnoop 2 } h3cDhcpSnoopTrapsPrefix OBJECT IDENTIFIER ::= { h3cDhcpSnoopTraps 0 } h3cDhcpSnoopTrapsObject OBJECT IDENTIFIER ::= { h3cDhcpSnoopTraps 1 } h3cDhcpSnoopSpoofServerMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "MAC address of the spoofing server and it is derived from link-layer header of offer packet. If the offer packet is relayed by dhcp relay entity, it may be the MAC address of relay entity. " ::= { h3cDhcpSnoopTrapsObject 1 } h3cDhcpSnoopSpoofServerIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IP address of the spoofing server and it is derived from IP header of offer packet. A tricksy host may send offer packet use other host's address, so this address can not always be trust. " ::= { h3cDhcpSnoopTrapsObject 2 } h3cDhcpSnoopSpoofServerDetected NOTIFICATION-TYPE OBJECTS { ifIndex, -- The interface from which an -- illegal dhcp server accessed hwdot1qVlanIndex, -- The vlan from which an illegal -- dhcp server accessed h3cDhcpSnoopSpoofServerMac, h3cDhcpSnoopSpoofServerIP } STATUS current DESCRIPTION "To detect unauthorized DHCP servers on a network, the DHCP snooping device sends DHCP-DISCOVER messages through its downstream port (which is connected to the DHCP clients). If any response (DHCP-OFFER message) is received from the downstream port, an unauthorized DHCP server is considered present, and then the device sends a trap. With unauthorized DHCP server detection enabled, the interface sends a DHCP-DISCOVER message to detect unauthorized DHCP servers on the network. If this interface receives a DHCP-OFFER message, the DHCP server which sent it is considered unauthorized. " ::= { h3cDhcpSnoopTrapsPrefix 1 } END