-- ================================================================== -- Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P. -- -- Description: DHCP Snooping MIB -- Reference: -- Version: V1.3 -- History: -- V1.0 The initial version, created by FuJiajia, 2004.12.29 -- V1.1 2006-03-08 updated by HeHangjun -- Added hpnicfDhcpSnoopVlanTable -- V1.2 2007-06-18 updated by qizhenglin -- Added hpnicfDhcpSnoopSpoofServerDetected -- hpnicfDhcpSnoopSpoofServerMac -- hpnicfDhcpSnoopSpoofServerIP -- V1.3 2013-10-16 updated by xuyufei -- Added hpnicfDhcpSnoopNewBinding -- hpnicfDhcpSnoopBindingIP -- hpnicfDhcpSnoopBindingMac -- ================================================================== -- ================================================================== -- -- Varibles and types be imported -- -- ================================================================== HPN-ICF-DHCPSNOOP-MIB DEFINITIONS ::= BEGIN IMPORTS MacAddress FROM SNMPv2-TC MODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,IpAddress,Integer32 FROM SNMPv2-SMI ifIndex FROM IF-MIB hpnicfdot1qVlanIndex FROM HPN-ICF-LswVLAN-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB hpnicfCommon FROM HPN-ICF-OID-MIB TruthValue FROM SNMPv2-TC; -- ================================================================== -- -- ======================= definition begin ========================= -- -- ================================================================== hpnicfDhcpSnoop MODULE-IDENTITY LAST-UPDATED "200501140000Z" ORGANIZATION "" CONTACT-INFO "" DESCRIPTION "The private MIB file includes the DHCP Snooping profile." ::= { hpnicfCommon 36 } hpnicfDhcpSnoopMibObject OBJECT IDENTIFIER ::= { hpnicfDhcpSnoop 1 } hpnicfDhcpSnoopEnable OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "DHCP Snooping status (enable or disable)." DEFVAL { disable } ::= { hpnicfDhcpSnoopMibObject 1 } hpnicfDhcpSnoopTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table containing information of DHCP clients listened by DHCP snooping and it's enabled or disabled by setting hpnicfDhcpSnoopEnable node." ::= { hpnicfDhcpSnoopMibObject 2 } hpnicfDhcpSnoopEntry OBJECT-TYPE SYNTAX HpnicfDhcpSnoopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information of DHCP clients." INDEX { hpnicfDhcpSnoopClientIpAddressType, hpnicfDhcpSnoopClientIpAddress } ::= { hpnicfDhcpSnoopTable 1 } HpnicfDhcpSnoopEntry ::= SEQUENCE { hpnicfDhcpSnoopClientIpAddressType InetAddressType, hpnicfDhcpSnoopClientIpAddress InetAddress, hpnicfDhcpSnoopClientMacAddress MacAddress, hpnicfDhcpSnoopClientProperty INTEGER , hpnicfDhcpSnoopClientUnitNum Integer32 } hpnicfDhcpSnoopClientIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "DHCP clients' IP addresses type (IPv4 or IPv6)." DEFVAL { ipv4 } ::= { hpnicfDhcpSnoopEntry 1 } hpnicfDhcpSnoopClientIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "DHCP clients' IP addresses collected by DHCP snooping." ::= { hpnicfDhcpSnoopEntry 2 } hpnicfDhcpSnoopClientMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "DHCP clients' MAC addresses collected by DHCP snooping." ::= { hpnicfDhcpSnoopEntry 3 } hpnicfDhcpSnoopClientProperty OBJECT-TYPE SYNTAX INTEGER { static(1), dynamic(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Method of getting IP addresses collected by DHCP snooping." ::= { hpnicfDhcpSnoopEntry 4 } hpnicfDhcpSnoopClientUnitNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "IRF (Intelligent Resilient Fabric) unit number via whom the clients get their IP addresses. The value 0 means this device does not support IRF." ::= { hpnicfDhcpSnoopEntry 5 } hpnicfDhcpSnoopTrustTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDhcpSnoopTrustEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table is used to configure and monitor port trusted status." ::= { hpnicfDhcpSnoopMibObject 3 } hpnicfDhcpSnoopTrustEntry OBJECT-TYPE SYNTAX HpnicfDhcpSnoopTrustEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information about trusted status of ports." INDEX { ifIndex } ::= { hpnicfDhcpSnoopTrustTable 1 } HpnicfDhcpSnoopTrustEntry ::= SEQUENCE { hpnicfDhcpSnoopTrustStatus INTEGER } hpnicfDhcpSnoopTrustStatus OBJECT-TYPE SYNTAX INTEGER { untrusted(0), trusted(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Trusted status of current port which supports both get and set operation." DEFVAL { untrusted } ::= { hpnicfDhcpSnoopTrustEntry 1 } hpnicfDhcpSnoopVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfDhcpSnoopVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table is used to configure and monitor DHCP Snooping status of VLANs." ::= { hpnicfDhcpSnoopMibObject 4 } hpnicfDhcpSnoopVlanEntry OBJECT-TYPE SYNTAX HpnicfDhcpSnoopVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry information about hpnicfDhcpSnoopVlanTable." INDEX { hpnicfDhcpSnoopVlanIndex } ::= { hpnicfDhcpSnoopVlanTable 1 } HpnicfDhcpSnoopVlanEntry ::= SEQUENCE { hpnicfDhcpSnoopVlanIndex Integer32, hpnicfDhcpSnoopVlanEnable TruthValue } hpnicfDhcpSnoopVlanIndex OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Current VLAN index." ::= { hpnicfDhcpSnoopVlanEntry 1 } hpnicfDhcpSnoopVlanEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "DHCP Snooping status of current VLAN." DEFVAL { false } ::= { hpnicfDhcpSnoopVlanEntry 2 } -- ================================================================== -- -- ======================= trap definition begin ==================== -- -- ================================================================== hpnicfDhcpSnoopTraps OBJECT IDENTIFIER ::= { hpnicfDhcpSnoop 2 } hpnicfDhcpSnoopTrapsPrefix OBJECT IDENTIFIER ::= { hpnicfDhcpSnoopTraps 0 } hpnicfDhcpSnoopTrapsObject OBJECT IDENTIFIER ::= { hpnicfDhcpSnoopTraps 1 } hpnicfDhcpSnoopSpoofServerMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "MAC address of the spoofing server and it is derived from link-layer header of offer packet. If the offer packet is relayed by dhcp relay entity, it may be the MAC address of relay entity. " ::= { hpnicfDhcpSnoopTrapsObject 1 } hpnicfDhcpSnoopSpoofServerIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IP address of the spoofing server and it is derived from IP header of offer packet. A tricksy host may send offer packet use other host's address, so this address can not always be trust. " ::= { hpnicfDhcpSnoopTrapsObject 2 } hpnicfDhcpSnoopBindingIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IP address of a new binding. " ::= { hpnicfDhcpSnoopTrapsObject 3 } hpnicfDhcpSnoopBindingMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "MAC address of a new binding. " ::= { hpnicfDhcpSnoopTrapsObject 4 } hpnicfDhcpSnoopSpoofServerDetected NOTIFICATION-TYPE OBJECTS { ifIndex, -- The interface from which an -- illegal dhcp server accessed hpnicfdot1qVlanIndex, -- The vlan from which an illegal -- dhcp server accessed hpnicfDhcpSnoopSpoofServerMac, hpnicfDhcpSnoopSpoofServerIP } STATUS current DESCRIPTION "To detect unauthorized DHCP servers on a network, the DHCP snooping device sends DHCP-DISCOVER messages through its downstream port (which is connected to the DHCP clients). If any response (DHCP-OFFER message) is received from the downstream port, an unauthorized DHCP server is considered present, and then the device sends a trap. With unauthorized DHCP server detection enabled, the interface sends a DHCP-DISCOVER message to detect unauthorized DHCP servers on the network. If this interface receives a DHCP-OFFER message, the DHCP server which sent it is considered unauthorized. " ::= { hpnicfDhcpSnoopTrapsPrefix 1 } hpnicfDhcpSnoopNewBinding NOTIFICATION-TYPE OBJECTS { hpnicfDhcpSnoopBindingIP, hpnicfDhcpSnoopBindingMac } STATUS current DESCRIPTION "The device sends a trap when adding a new binding." ::= { hpnicfDhcpSnoopTrapsPrefix 2 } END