CT-FASTPATH-DYNAMIC-ARP-INSPECTION-MIB DEFINITIONS ::= BEGIN -- LVL7 FASTPATH DHCP Server MIB -- Copyright LVL7 Systems (2002-2008) All rights reserved. -- This SNMP Management Information Specification -- embodies LVL7 System's confidential and proprietary -- intellectual property. LVL7 Systems retains all title -- and ownership in the Specification including any revisions. -- This Specification is supplied "AS IS", LVL7 Systems -- makes no warranty, either expressed or implied, -- as to the use, operation, condition, or performance of the -- Specification. -- This module provides authoritative definitions for Cabletron's -- CT-FASTPATH-DYNAMIC-ARP-INSPECTION-MIB. -- -- This module will be extended, as needed. -- -- Enterasys Networks reserves the right to make changes in -- specification and other information contained in this document -- without prior notice. The reader should consult Enterasys Networks -- to determine whether any such changes have been made. -- -- In no event shall Enterasys Networks be liable for any incidental, -- indirect, special, or consequential damages whatsoever (including -- but not limited to lost profits) arising out of or related to this -- document or the information contained in it, even if Enterasys -- Networks has been advised of, known, or should have known, the -- possibility of such damages. -- -- Enterasys grants vendors, end-users, and other interested parties -- a non-exclusive license to use this Specification in connection -- with the management of Enterasys and Cabletron products. -- -- Copyright July 2008 Enterasys Networks, Inc. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress, Integer32, Unsigned32, TimeTicks, Counter32 FROM SNMPv2-SMI TEXTUAL-CONVENTION, RowStatus, RowPointer, MacAddress, StorageType, TruthValue, DisplayString, PhysAddress FROM SNMPv2-TC VlanIndex FROM Q-BRIDGE-MIB ifIndex FROM IF-MIB ctDynamicArpInspectionExpMib FROM CTRON-MIB-NAMES; ctFastPathDynamicArpInspectionMIB MODULE-IDENTITY LAST-UPDATED "200807231519Z" -- Wed Jul 23 15:19 UTC 2008 ORGANIZATION "Enterasys Networks, Inc." CONTACT-INFO "Postal: Enterasys Networks 50 Minuteman Rd. Andover, MA 01810-1008 USA Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com" DESCRIPTION "The Enterasys MIB for FASTPATH Dynamic ARP INspection" ::= { ctDynamicArpInspectionExpMib 1 } --************************************************************************************** -- ctAgentDaiConfigGroup ->contains MIB Objects for configuring Dynamic ARP Inpection --************************************************************************************** --************ The Dynamic ARP Inspection Global Config Table ******** ctAgentDaiConfigGroup OBJECT IDENTIFIER ::={ ctFastPathDynamicArpInspectionMIB 1} ctAgentDaiSrcMacValidate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether Sender MAC validation in the ARP packets is enabled. If this object is set to 'true', validation is enabled. If this object is set to 'false', validation is disabled." DEFVAL { false } ::= { ctAgentDaiConfigGroup 1 } ctAgentDaiDstMacValidate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether Target MAC validation in the ARP Response packets is enabled. If this object is set to 'true', validation is enabled. If this object is set to 'false', validation is disabled." DEFVAL { false } ::= { ctAgentDaiConfigGroup 2 } ctAgentDaiIPValidate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether IP address validation in the ARP packets is enabled. If this object is set to 'true', validation is enabled. If this object is set to 'false', validation is disabled." DEFVAL { false } ::= { ctAgentDaiConfigGroup 3 } --************ The Dynamic ARP Inspection VLAN Config Table ******** ctAgentDaiVlanConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CtAgentDaiVlanConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the mechanism to control Dynamic ARP Inspection per VLAN. When a VLAN is created in a device supporting this table, a corresponding entry of this table will be added." ::= { ctAgentDaiConfigGroup 4 } ctAgentDaiVlanConfigEntry OBJECT-TYPE SYNTAX CtAgentDaiVlanConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the configuration for Dynamic ARP Inspection at each existing VLAN." INDEX { ctAgentDaiVlanIndex } ::= { ctAgentDaiVlanConfigTable 1 } CtAgentDaiVlanConfigEntry ::= SEQUENCE { ctAgentDaiVlanIndex VlanIndex, ctAgentDaiVlanDynArpInspEnable TruthValue, ctAgentDaiVlanLoggingEnable TruthValue, ctAgentDaiVlanArpAclName DisplayString, ctAgentDaiVlanArpAclStaticFlag TruthValue } ctAgentDaiVlanIndex OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the VLAN number on which Dynamic ARP Inspection feature is configured." ::= { ctAgentDaiVlanConfigEntry 1 } ctAgentDaiVlanDynArpInspEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether Dynamic ARP Inspection is enabled in this VLAN. If this object is set to 'true', Dynamic ARP Inspection is enabled. If this object is set to 'false', Dynamic ARP Inspection is disabled." DEFVAL { false } ::= { ctAgentDaiVlanConfigEntry 2 } ctAgentDaiVlanLoggingEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether the Dynamic ARP Inspection logging is enabled on this VlAN. If this object is set to 'true', Dynamic ARP Inspection logging is enabled. If this object is set to 'false', Dynamic ARP Inspection loging is disabled." DEFVAL { true } ::= { ctAgentDaiVlanConfigEntry 3 } ctAgentDaiVlanArpAclName OBJECT-TYPE SYNTAX DisplayString (SIZE(0..31)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the ARP ACL name set for this VLAN." ::= { ctAgentDaiVlanConfigEntry 4 } ctAgentDaiVlanArpAclStaticFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether the ARP ACL set for this VLAN has static flag set. If this object is set to 'true', static flag is enabled. If this object is set to 'false', static flag is disabled." DEFVAL { false } ::= { ctAgentDaiVlanConfigEntry 5 } --************ The Dynamic ARP Inspection Vlan Statistics Table ******** ctAagentDaiStatsReset OBJECT-TYPE SYNTAX INTEGER { none(0), reset(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Clear the DAI statistics on all vlans. A value of reset(1) is used to reset the statistics. A read on this object will always return the value none(0). The value none(0) cannot be forcibly set by the administrator." ::= { ctAgentDaiConfigGroup 5 } ctAgentDaiVlanStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF CtAgentDaiVlanStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the mechanism to control Dynamic ARP Inspection per VLAN. When a VLAN is created in a device supporting this table, a corresponding entry of this table will be added." ::= { ctAgentDaiConfigGroup 6 } ctAgentDaiVlanStatsEntry OBJECT-TYPE SYNTAX CtAgentDaiVlanStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the Dynamic ARP Inspection statistics per VLAN." INDEX { ctAgentDaiVlanStatsIndex } ::= { ctAgentDaiVlanStatsTable 1 } CtAgentDaiVlanStatsEntry ::= SEQUENCE { ctAgentDaiVlanStatsIndex VlanIndex, ctAgentDaiVlanPktsForwarded Counter32, ctAgentDaiVlanPktsDropped Counter32, ctAgentDaiVlanDhcpDrops Counter32, ctAgentDaiVlanDhcpPermits Counter32, ctAgentDaiVlanAclDrops Counter32, ctAgentDaiVlanAclPermits Counter32, ctAgentDaiVlanSrcMacFailures Counter32, ctAgentDaiVlanDstMacFailures Counter32, ctAgentDaiVlanIpValidFailures Counter32 } ctAgentDaiVlanStatsIndex OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the VLAN number on which Dynamic ARP Inspection statistics are retrieved." ::= { ctAgentDaiVlanStatsEntry 1 } ctAgentDaiVlanPktsForwarded OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of valid ARP packets forwarded by DAI." ::= { ctAgentDaiVlanStatsEntry 2 } ctAgentDaiVlanPktsDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of invalid ARP packets dropped by DAI." ::= { ctAgentDaiVlanStatsEntry 3 } ctAgentDaiVlanDhcpDrops OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ARP packets that were dropped by DAI as there is no matching DHCP Snooping binding entry found." ::= { ctAgentDaiVlanStatsEntry 4 } ctAgentDaiVlanDhcpPermits OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ARP packets that were forwarded by DAI as there is a matching DHCP Snooping binding entry found." ::= { ctAgentDaiVlanStatsEntry 5 } ctAgentDaiVlanAclDrops OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ARP packets that were dropped by DAI as there is no matching ARP ACL rule found for this Vlan and the static flag is set on this vlan." ::= { ctAgentDaiVlanStatsEntry 6 } ctAgentDaiVlanAclPermits OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ARP packets that were permitted by DAI as there is a matching ARP ACL rule found for this Vlan." ::= { ctAgentDaiVlanStatsEntry 7 } ctAgentDaiVlanSrcMacFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ARP packets that were dropped by DAI as the sender mac address in ARP packet didn't match the source mac in ethernet header." ::= { ctAgentDaiVlanStatsEntry 8 } ctAgentDaiVlanDstMacFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ARP packets that were dropped by DAI as the target mac address in ARP reply packet didn't match the destination mac in ethernet header." ::= { ctAgentDaiVlanStatsEntry 9 } ctAgentDaiVlanIpValidFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of ARP packets that were dropped by DAI as the sender IP address in ARP packet or target IP address in ARP reply packet is invalid. Invalid addresses include 0.0.0.0, 255.255.255.255, IP multicast addresses, class E addresses (240.0.0.0/4), loopback addresses (127.0.0.0/8)." ::= { ctAgentDaiVlanStatsEntry 10 } --************ The Dynamic ARP Inspection Interface Config Table ******** ctAgentDaiIfConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CtAgentDaiIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the mechanism to configure the trust state for Dynamic ARP Inspection purpose at each physical interface capable of this feature." ::= { ctAgentDaiConfigGroup 7 } ctAgentDaiIfConfigEntry OBJECT-TYPE SYNTAX CtAgentDaiIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the configuration for Dynamic ARP Inspection at each physical interface capable of this feature." INDEX { ifIndex } ::= { ctAgentDaiIfConfigTable 1 } CtAgentDaiIfConfigEntry ::= SEQUENCE { ctAgentDaiIfTrustEnable TruthValue, ctAgentDaiIfRateLimit Unsigned32, ctAgentDaiIfBurstInterval Unsigned32 } ctAgentDaiIfTrustEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether the interface is trusted for Dynamic ARP Inspection purpose. If this object is set to 'true', the interface is trusted. ARP packets coming to this interface will be forwarded without checking. If this object is set to 'false', the interface is not trusted. ARP packets coming to this interface will be subjected to ARP inspection." DEFVAL { false } ::= { ctAgentDaiIfConfigEntry 1 } ctAgentDaiIfRateLimit OBJECT-TYPE SYNTAX Unsigned32 (0..300) UNITS "packets per second" MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates rate limit value for Dynamic ARP Inspection purpose. If the incoming rate of ARP packets exceeds the value of this object for consecutively burst interval seconds, ARP packets will be dropped. " DEFVAL { 15 } ::= { ctAgentDaiIfConfigEntry 2 } ctAgentDaiIfBurstInterval OBJECT-TYPE SYNTAX Unsigned32 (1..15) MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the burst interval value for rate limiting purpose on this interface." DEFVAL { 1 } ::= { ctAgentDaiIfConfigEntry 3 } END