-- ***************************************************************** -- PSEC-MIB: Cisco private MIB -- **************************************************************** CIE1000-PSEC-MIB DEFINITIONS ::= BEGIN IMPORTS NOTIFICATION-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF NOTIFICATION-TYPE, MODULE-IDENTITY, OBJECT-TYPE FROM SNMPv2-SMI TEXTUAL-CONVENTION FROM SNMPv2-TC cie1000SwitchMgmt FROM CISCO-IE1000-MIB CIE1000DisplayString FROM CIE1000-TC CIE1000InterfaceIndex FROM CIE1000-TC CIE1000Unsigned16 FROM CIE1000-TC Unsigned32 FROM SNMPv2-SMI MacAddress FROM SNMPv2-TC TruthValue FROM SNMPv2-TC ; cie1000PsecMib MODULE-IDENTITY LAST-UPDATED "201606020000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-snmp@cisco.com" DESCRIPTION "This is a private version of the Port Security MIB" REVISION "201606020000Z" DESCRIPTION "Support SNMP trap" REVISION "201412100000Z" DESCRIPTION "Remove user of DHCP snooping" REVISION "201412080000Z" DESCRIPTION "Add users in status port table" REVISION "201410130000Z" DESCRIPTION "Initial version" ::= { cie1000SwitchMgmt 66 } CIE1000PsecLimitActionType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This enumeration defines the Action type in psec function." SYNTAX INTEGER { none(0), trap(1), shutdown(2), trapShutdown(3) } CIE1000PsecStateType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This enumeration defines the state of Psec config." SYNTAX INTEGER { forwarding(0), blocked(1) } cie1000PsecMibObjects OBJECT IDENTIFIER ::= { cie1000PsecMib 1 } cie1000PsecConfig OBJECT IDENTIFIER ::= { cie1000PsecMibObjects 2 } cie1000PsecConfigGlobals OBJECT IDENTIFIER ::= { cie1000PsecConfig 1 } cie1000PsecConfigGlobalsEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Globally enable/disable aging of secured entries. This doesn't affect aging of addresses secured by other modules." ::= { cie1000PsecConfigGlobals 1 } cie1000PsecConfigGlobalsEnableAging OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If aging is globally enabled, this is the aging period in seconds. Valid range is [10; 10000000] seconds(max is around 115 days)." ::= { cie1000PsecConfigGlobals 2 } cie1000PsecConfigGlobalsAgingPeriodSecs OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "If aging is globally enabled, this is the aging period in seconds. Valid range is [10; 10000000] seconds(max is around 115 days)." ::= { cie1000PsecConfigGlobals 3 } cie1000PsecConfigPortTable OBJECT-TYPE SYNTAX SEQUENCE OF CIE1000PsecConfigPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is a table of port configuration per session" ::= { cie1000PsecConfig 2 } cie1000PsecConfigPortEntry OBJECT-TYPE SYNTAX CIE1000PsecConfigPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each session has a set of parameters" INDEX { cie1000PsecConfigPortIfIndex } ::= { cie1000PsecConfigPortTable 1 } CIE1000PsecConfigPortEntry ::= SEQUENCE { cie1000PsecConfigPortIfIndex CIE1000InterfaceIndex, cie1000PsecConfigPortEnabled TruthValue, cie1000PsecConfigPortLimit Unsigned32, cie1000PsecConfigPortAction CIE1000PsecLimitActionType } cie1000PsecConfigPortIfIndex OBJECT-TYPE SYNTAX CIE1000InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Logical interface number of the physical port." ::= { cie1000PsecConfigPortEntry 1 } cie1000PsecConfigPortEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Controls whether Port Security Limit Control is enabled for this port." ::= { cie1000PsecConfigPortEntry 2 } cie1000PsecConfigPortLimit OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum number of MAC addresses allowed on this port.Valid values = [PSEC_LIMIT_MIN; PSEC_LIMIT_MAX]." ::= { cie1000PsecConfigPortEntry 3 } cie1000PsecConfigPortAction OBJECT-TYPE SYNTAX CIE1000PsecLimitActionType MAX-ACCESS read-write STATUS current DESCRIPTION "Action to take if number of MAC addresses exceeds the limit. NONE(0) Do nothing, except disallowing further clients. TRAP(1) Send an SNMP trap notification. SHUTDOWN(2) Shut-down the port. TRAP_AND_SHUTDOWN(3) Send an SNMP trap notification and shut-down the port." ::= { cie1000PsecConfigPortEntry 4 } cie1000PsecStatus OBJECT IDENTIFIER ::= { cie1000PsecMibObjects 3 } cie1000PsecStatusPortTable OBJECT-TYPE SYNTAX SEQUENCE OF CIE1000PsecStatusPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is a table of port configuration per session" ::= { cie1000PsecStatus 1 } cie1000PsecStatusPortEntry OBJECT-TYPE SYNTAX CIE1000PsecStatusPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each session has a set of parameters" INDEX { cie1000PsecStatusPortIfIndex } ::= { cie1000PsecStatusPortTable 1 } CIE1000PsecStatusPortEntry ::= SEQUENCE { cie1000PsecStatusPortIfIndex CIE1000InterfaceIndex, cie1000PsecStatusPortUsers Unsigned32, cie1000PsecStatusPortLimitReached TruthValue, cie1000PsecStatusPortShutdown TruthValue, cie1000PsecStatusPortMacCount Unsigned32 } cie1000PsecStatusPortIfIndex OBJECT-TYPE SYNTAX CIE1000InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Logical interface number of the physical port." ::= { cie1000PsecStatusPortEntry 1 } cie1000PsecStatusPortUsers OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Bit masks to indicate what users currently use port security on this port. Where bit 0 - port security limit, bit 1 - 802.1x, bit 2 - voice VLAN." ::= { cie1000PsecStatusPortEntry 2 } cie1000PsecStatusPortLimitReached OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "TRUE if the limit is reached on the port, FALSE otherwise." ::= { cie1000PsecStatusPortEntry 3 } cie1000PsecStatusPortShutdown OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "TRUE if the port is shut down, FALSE otherwise." ::= { cie1000PsecStatusPortEntry 4 } cie1000PsecStatusPortMacCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of MAC addresses currently assigned to this port. The number does NOT include the number of entries that are held due to a H/W failure or S/W failure." ::= { cie1000PsecStatusPortEntry 5 } cie1000PsecStatusPortTrapsTable OBJECT-TYPE SYNTAX SEQUENCE OF CIE1000PsecStatusPortTrapsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is a table of port configuration per session" ::= { cie1000PsecStatus 2 } cie1000PsecStatusPortTrapsEntry OBJECT-TYPE SYNTAX CIE1000PsecStatusPortTrapsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each session has a set of parameters" INDEX { cie1000PsecStatusPortTrapsIfIndex } ::= { cie1000PsecStatusPortTrapsTable 1 } CIE1000PsecStatusPortTrapsEntry ::= SEQUENCE { cie1000PsecStatusPortTrapsIfIndex CIE1000InterfaceIndex, cie1000PsecStatusPortTrapsUsers Unsigned32, cie1000PsecStatusPortTrapsLimitReached TruthValue, cie1000PsecStatusPortTrapsShutdown TruthValue, cie1000PsecStatusPortTrapsMacCount Unsigned32 } cie1000PsecStatusPortTrapsIfIndex OBJECT-TYPE SYNTAX CIE1000InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Logical interface number of the physical port." ::= { cie1000PsecStatusPortTrapsEntry 1 } cie1000PsecStatusPortTrapsUsers OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Bit masks to indicate what users currently use port security on this port. Where bit 0 - port security limit, bit 1 - 802.1x, bit 2 - voice VLAN." ::= { cie1000PsecStatusPortTrapsEntry 2 } cie1000PsecStatusPortTrapsLimitReached OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "TRUE if the limit is reached on the port, FALSE otherwise." ::= { cie1000PsecStatusPortTrapsEntry 3 } cie1000PsecStatusPortTrapsShutdown OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "TRUE if the port is shut down, FALSE otherwise." ::= { cie1000PsecStatusPortTrapsEntry 4 } cie1000PsecStatusPortTrapsMacCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of MAC addresses currently assigned to this port. The number does NOT include the number of entries that are held due to a H/W failure or S/W failure." ::= { cie1000PsecStatusPortTrapsEntry 5 } cie1000PsecControl OBJECT IDENTIFIER ::= { cie1000PsecMibObjects 4 } cie1000PsecControlPortReopenTable OBJECT-TYPE SYNTAX SEQUENCE OF CIE1000PsecControlPortReopenEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is a table to re-open port and move it to ready state, if it was being disabled after limit was reached." ::= { cie1000PsecControl 1 } cie1000PsecControlPortReopenEntry OBJECT-TYPE SYNTAX CIE1000PsecControlPortReopenEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each session has a set of parameters" INDEX { cie1000PsecControlPortReopenIfIndex } ::= { cie1000PsecControlPortReopenTable 1 } CIE1000PsecControlPortReopenEntry ::= SEQUENCE { cie1000PsecControlPortReopenIfIndex CIE1000InterfaceIndex, cie1000PsecControlPortReopenPortReOpen TruthValue } cie1000PsecControlPortReopenIfIndex OBJECT-TYPE SYNTAX CIE1000InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Logical interface number of the physical port." ::= { cie1000PsecControlPortReopenEntry 1 } cie1000PsecControlPortReopenPortReOpen OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set to true to reopen after it is shutdown" ::= { cie1000PsecControlPortReopenEntry 2 } cie1000PsecStatistics OBJECT IDENTIFIER ::= { cie1000PsecMibObjects 5 } cie1000PsecStatisticsPortTable OBJECT-TYPE SYNTAX SEQUENCE OF CIE1000PsecStatisticsPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is a table of port statistics per session" ::= { cie1000PsecStatistics 1 } cie1000PsecStatisticsPortEntry OBJECT-TYPE SYNTAX CIE1000PsecStatisticsPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each session has a set of parameters" INDEX { cie1000PsecStatisticsPortIfIndex } ::= { cie1000PsecStatisticsPortTable 1 } CIE1000PsecStatisticsPortEntry ::= SEQUENCE { cie1000PsecStatisticsPortIfIndex CIE1000InterfaceIndex, cie1000PsecStatisticsPortAgeOrHold CIE1000DisplayString, cie1000PsecStatisticsPortCreationTime CIE1000DisplayString, cie1000PsecStatisticsPortState CIE1000PsecStateType, cie1000PsecStatisticsPortMacId MacAddress, cie1000PsecStatisticsPortVlanId CIE1000Unsigned16 } cie1000PsecStatisticsPortIfIndex OBJECT-TYPE SYNTAX CIE1000InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Logical interface number of the physical port." ::= { cie1000PsecStatisticsPortEntry 1 } cie1000PsecStatisticsPortAgeOrHold OBJECT-TYPE SYNTAX CIE1000DisplayString (SIZE(0..14)) MAX-ACCESS read-only STATUS current DESCRIPTION "Down-counter used in block and ageing process." ::= { cie1000PsecStatisticsPortEntry 5 } cie1000PsecStatisticsPortCreationTime OBJECT-TYPE SYNTAX CIE1000DisplayString (SIZE(0..24)) MAX-ACCESS read-only STATUS current DESCRIPTION "Time when this entry was orignally added." ::= { cie1000PsecStatisticsPortEntry 6 } cie1000PsecStatisticsPortState OBJECT-TYPE SYNTAX CIE1000PsecStateType MAX-ACCESS read-only STATUS current DESCRIPTION "Current State of a entry, expected state can be either FORWARDING or BLOCKED." ::= { cie1000PsecStatisticsPortEntry 7 } cie1000PsecStatisticsPortMacId OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The MAC address that this is all about." ::= { cie1000PsecStatisticsPortEntry 8 } cie1000PsecStatisticsPortVlanId OBJECT-TYPE SYNTAX CIE1000Unsigned16 MAX-ACCESS read-only STATUS current DESCRIPTION "The VID that this is all about." ::= { cie1000PsecStatisticsPortEntry 9 } cie1000PsecTrap OBJECT IDENTIFIER ::= { cie1000PsecMibObjects 6 } cie1000PsecTrapLimitExceeded NOTIFICATION-TYPE OBJECTS { cie1000PsecStatusPortTrapsIfIndex, cie1000PsecStatusPortTrapsUsers, cie1000PsecStatusPortTrapsLimitReached, cie1000PsecStatusPortTrapsShutdown, cie1000PsecStatusPortTrapsMacCount } STATUS current DESCRIPTION "This trap signals that a row has been added. The index(es) and value(s) of the row is included in the trap." ::= { cie1000PsecTrap 1 } cie1000PsecTrapMod NOTIFICATION-TYPE OBJECTS { cie1000PsecStatusPortTrapsIfIndex, cie1000PsecStatusPortTrapsUsers, cie1000PsecStatusPortTrapsLimitReached, cie1000PsecStatusPortTrapsShutdown, cie1000PsecStatusPortTrapsMacCount } STATUS current DESCRIPTION "This trap signals that one or more of the objects included in the trap has been updated." ::= { cie1000PsecTrap 2 } cie1000PsecTrapLimitRecovered NOTIFICATION-TYPE OBJECTS { cie1000PsecStatusPortTrapsIfIndex } STATUS current DESCRIPTION "This trap signals that a row has been deleted. The index(es) of the row is included in the trap." ::= { cie1000PsecTrap 3 } cie1000PsecMibConformance OBJECT IDENTIFIER ::= { cie1000PsecMib 2 } cie1000PsecMibCompliances OBJECT IDENTIFIER ::= { cie1000PsecMibConformance 1 } cie1000PsecMibGroups OBJECT IDENTIFIER ::= { cie1000PsecMibConformance 2 } cie1000PsecConfigGlobalsInfoGroup OBJECT-GROUP OBJECTS { cie1000PsecConfigGlobalsEnabled, cie1000PsecConfigGlobalsEnableAging, cie1000PsecConfigGlobalsAgingPeriodSecs } STATUS current DESCRIPTION "A collection of objects." ::= { cie1000PsecMibGroups 1 } cie1000PsecConfigPortTableInfoGroup OBJECT-GROUP OBJECTS { cie1000PsecConfigPortIfIndex, cie1000PsecConfigPortEnabled, cie1000PsecConfigPortLimit, cie1000PsecConfigPortAction } STATUS current DESCRIPTION "A collection of objects." ::= { cie1000PsecMibGroups 2 } cie1000PsecStatusPortTableInfoGroup OBJECT-GROUP OBJECTS { cie1000PsecStatusPortIfIndex, cie1000PsecStatusPortUsers, cie1000PsecStatusPortLimitReached, cie1000PsecStatusPortShutdown, cie1000PsecStatusPortMacCount } STATUS current DESCRIPTION "A collection of objects." ::= { cie1000PsecMibGroups 3 } cie1000PsecStatusPortTrapsInfoGroup OBJECT-GROUP OBJECTS { cie1000PsecStatusPortTrapsIfIndex, cie1000PsecStatusPortTrapsUsers, cie1000PsecStatusPortTrapsLimitReached, cie1000PsecStatusPortTrapsShutdown, cie1000PsecStatusPortTrapsMacCount } STATUS current DESCRIPTION "A collection of objects." ::= { cie1000PsecMibGroups 4 } cie1000PsecControlPortReopenTableInfoGroup OBJECT-GROUP OBJECTS { cie1000PsecControlPortReopenIfIndex, cie1000PsecControlPortReopenPortReOpen } STATUS current DESCRIPTION "A collection of objects." ::= { cie1000PsecMibGroups 5 } cie1000PsecStatisticsPortTableInfoGroup OBJECT-GROUP OBJECTS { cie1000PsecStatisticsPortIfIndex, cie1000PsecStatisticsPortAgeOrHold, cie1000PsecStatisticsPortCreationTime, cie1000PsecStatisticsPortState, cie1000PsecStatisticsPortMacId, cie1000PsecStatisticsPortVlanId } STATUS current DESCRIPTION "A collection of objects." ::= { cie1000PsecMibGroups 6 } cie1000PsecTrapLimitExceededInfoGroup NOTIFICATION-GROUP NOTIFICATIONS { cie1000PsecTrapLimitExceeded } STATUS current DESCRIPTION "Information group containing a trap." ::= { cie1000PsecMibGroups 7 } cie1000PsecTrapModInfoGroup NOTIFICATION-GROUP NOTIFICATIONS { cie1000PsecTrapMod } STATUS current DESCRIPTION "Information group containing a trap." ::= { cie1000PsecMibGroups 8 } cie1000PsecTrapLimitRecoveredInfoGroup NOTIFICATION-GROUP NOTIFICATIONS { cie1000PsecTrapLimitRecovered } STATUS current DESCRIPTION "Information group containing a trap." ::= { cie1000PsecMibGroups 9 } cie1000PsecMibCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the implementation." MODULE -- this module MANDATORY-GROUPS { cie1000PsecConfigGlobalsInfoGroup, cie1000PsecConfigPortTableInfoGroup, cie1000PsecStatusPortTableInfoGroup, cie1000PsecStatusPortTrapsInfoGroup, cie1000PsecControlPortReopenTableInfoGroup, cie1000PsecStatisticsPortTableInfoGroup, cie1000PsecTrapLimitExceededInfoGroup, cie1000PsecTrapModInfoGroup, cie1000PsecTrapLimitRecoveredInfoGroup } ::= { cie1000PsecMibCompliances 1 } END