DLINKSW-IP-SOURCE-GUARD-MIB
File:
DLINKSW-IP-SOURCE-GUARD-MIB.mib (17734 bytes)
Imported modules
Imported symbols
Defined Types
DigStaticBindingsEntry |
|
SEQUENCE |
|
|
|
|
dIpsgStaticBindingsVlan |
VlanId |
|
|
dIpsgStaticBindingsMacAddress |
MacAddress |
|
|
dIpsgStaticBindingsIpAddress |
InetAddressIPv4 |
|
|
dIpsgStaticBindingsInterface |
InterfaceIndex |
|
|
dIpsgStaticBindingsRowStatus |
RowStatus |
|
DigIfSrcGuardConfigEntry |
|
SEQUENCE |
|
|
|
|
dIpsgIfSrcGuardFilterType |
INTEGER |
|
DigIfSrcGuardAddrEntry |
|
SEQUENCE |
|
|
|
|
dIpsgIfSrcGuardIndex |
Unsigned32 |
|
|
dIpsgIfSrcGuardFilterMode |
INTEGER |
|
|
dIpsgIfSrcGuardIpAddress |
InetAddressIPv4 |
|
|
dIpsgIfSrcGuardIpFilterAction |
INTEGER |
|
|
dIpsgIfSrcGuardMacAddress |
MacAddress |
|
|
dIpsgIfSrcGuardMacFilterAction |
INTEGER |
|
|
dIpsgIfSrcGuardVlansFirst2K |
Dlink2kVlanList |
|
|
dIpsgIfSrcGuardVlansSecond2K |
Dlink2kVlanList |
|
Defined Values
dlinkSwIpSourceGuardMIB |
1.3.6.1.4.1.171.14.132 |
The MIB module is for configuration of IP Source Guard feature. |
MODULE-IDENTITY |
|
|
|
dIpsgStaticBindingsTable |
1.3.6.1.4.1.171.14.132.1.1.1 |
A table provides the manual bindings information.
e.g.
VLAN MAC Address IP Address Interface
---- ----------------- ---------- ---------
2000 00.01.02.03.04.05 172.18.1.1 8
3000 00.05.06.07.08.09 10.1.1.1 3
4094 00.10.20.30.40.55 1.1.1.1 5
4094 00.10.20.30.40.55 1.1.1.1 6
4094 00.10.20.30.40.55 1.1.1.1 8
|
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
DigStaticBindingsEntry |
|
dIpsgStaticBindingsEntry |
1.3.6.1.4.1.171.14.132.1.1.1.1 |
An entry defines a manual binding.
|
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
DigStaticBindingsEntry |
|
|
dIpsgStaticBindingsVlan |
1.3.6.1.4.1.171.14.132.1.1.1.1.1 |
This object indicates the VLAN to which a host belongs. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
VlanId |
|
|
dIpsgStaticBindingsInterface |
1.3.6.1.4.1.171.14.132.1.1.1.1.4 |
This object indicates the ifIndex value of the interface
where a host connects to. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
InterfaceIndex |
|
|
dIpsgStaticBindingsRowStatus |
1.3.6.1.4.1.171.14.132.1.1.1.1.99 |
This object is used to manage the creation and deletion
of rows in this table.
|
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
dIpsgIfSrcGuardConfigTable |
1.3.6.1.4.1.171.14.132.1.2.1 |
A table provides the mechanism to enable or disable
IP Source Guard at every interface capable of
this feature.
When DHCP Snooping is enabled at an interface, a list of
IP addresses is obtained through DHCP Snooping for this
particular interface. If IP Source Guard is enabled, only
traffic from these IP addresses is allowed to pass through
the interface. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
DigIfSrcGuardConfigEntry |
|
dIpsgIfSrcGuardConfigEntry |
1.3.6.1.4.1.171.14.132.1.2.1.1 |
A row instance contains the configuration to enable
or disable IP Source Guard as well as the configuration
of the filter type at each interface capable
of IP Source Guard feature. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
DigIfSrcGuardConfigEntry |
|
|
dIpsgIfSrcGuardFilterType |
1.3.6.1.4.1.171.14.132.1.2.1.1.1 |
This object indicates the traffic filter type applied
at this interface.
'disable' - indicates that IP Source Guard feature is disabled.
'ip' - the validation is based on source IP address and VLAN only.
'ipMac' - the validation is based on the source MAC address, VLAN and IP address.
|
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
disable(1), ip(2), ipMac(3) |
|
dIpsgIfSrcGuardAddrTable |
1.3.6.1.4.1.171.14.132.1.2.2 |
A table provides the information on IP addresses used
for IP Source Guard purpose at every interface capable of this
feature. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
DigIfSrcGuardAddrEntry |
|
dIpsgIfSrcGuardAddrEntry |
1.3.6.1.4.1.171.14.132.1.2.2.1 |
An entry defines a binding information that is used to guard the
IP traffic.
The binding entry may be either manually configured or
automatically learned via DHCP snooping.
|
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
DigIfSrcGuardAddrEntry |
|
|
dIpsgIfSrcGuardIndex |
1.3.6.1.4.1.171.14.132.1.2.2.1.1 |
This object is used to index the dIpsgIfSrcGuardAddrTable.
This index is for SNMP purposes only, and has no intrinsic meaning. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
1..65535 |
|
dIpsgIfSrcGuardFilterMode |
1.3.6.1.4.1.171.14.132.1.2.2.1.2 |
This object indicates the Source Guard filter mode at
this interface.
active(1) indicates that the Source Guard feature is
active at this interface.
inactiveTrustPort(2) indicates that the Source Guard
feature is inactive because this interface is a DHCP
Snooping trust interface and all IP traffic is permitted.
In this case, dIpsgIfSrcGuardIpFilterAction is 'permitAllIpAdress'.
inactiveNoSnoopingVlan(3) indicates that the Source
Guard feature is inactive because this interface
does not have a VLAN which has DHCP Snooping enabled and
no IP source verify entry is active. In this case, all IP traffic
is denied and dIpsgIfSrcGuardIpFilterAction is 'denyAllIpAddress'.
If this object is not 'active', the entry is a special entry:
traffic from any VLANs on the interface has the same behavior
indicated by dIpsgIfSrcGuardIpFilterAction and both
dIpsgIfSrcGuardVlansFirst2K and dIpsgIfSrcGuardVlansSecond2K
are empty.
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
active(1), inactiveTrustPort(2), inactiveNoSnoopingVlan(3) |
|
dIpsgIfSrcGuardIpAddress |
1.3.6.1.4.1.171.14.132.1.2.2.1.3 |
This object indicates the IP address of the entry.
A special value of '0.0.0.0' indicates this object is meaningless.
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
InetAddressIPv4 |
|
|
dIpsgIfSrcGuardIpFilterAction |
1.3.6.1.4.1.171.14.132.1.2.2.1.4 |
This object indicates the IP Source Guard action
applied at this interface with respect to IP traffic.
permitIpAddress(1) - indicates that matching IP traffic will be allowed
to go through. What is matching traffic depends on the value of
dIpsgIfSrcGuardMacFilterAction.
permitAllIpAdress(2) indicates that all IP traffic coming to this
interface will be allowed. In this case, dIpsgIfSrcGuardIpAddress
is 0.0.0.0.
denyAllIpAdress(3) indicates that all IP traffic coming to this
interface will be dropped. In this case, dIpsgIfSrcGuardIpAddress
is 0.0.0.0.
When this object is not 'permitIpAddress', the value of
dIpsgIfSrcGuardMacFilterAction is meaningless.
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
permitIpAddress(1), permitAllIpAdress(2), denyAllIpAddress(3) |
|
dIpsgIfSrcGuardMacAddress |
1.3.6.1.4.1.171.14.132.1.2.2.1.5 |
This object indicates the MAC address of the entry.
A special value of '000000000000'H indicates this object is
meaningless.
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
MacAddress |
|
|
dIpsgIfSrcGuardMacFilterAction |
1.3.6.1.4.1.171.14.132.1.2.2.1.6 |
This object indicates the Source Guard action
applied when the traffic matching the entry:
allowMacAddress(1) - indicates that the IP traffic (compared
source IP and source MAC with dIpsgIfSrcGuardIpAddress and
dIpsgIfSrcGuardMacAddress respectively) will be allowed
to go through.
permitAllMacAddresses(2) - If dIpsgIfSrcGuardIpFilterAction is
'permitIpAddress', this value indicates that all the IP matching
traffic (compared source IP with dIpsgIfSrcGuardIpAddress only)
will be allowed to go through.
When dIpsgIfSrcGuardIpFilterAction is 'permitAllIpAdress' or
'denyAllIpAdress', this object is meaningless.
When dIpsgIfSrcGuardMacFilterAction is 'permitAllMacAddresses',
dIpsgIfSrcGuardMacAddress is meaningless and
'000000000000'H is used to indicate it.
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
allowMacAddress(1), permitAllMacAddresses(2) |
|
dIpsgIfSrcGuardVlansFirst2K |
1.3.6.1.4.1.171.14.132.1.2.2.1.7 |
This object specifies the VLANs the entry is applied to in a
string of octets containing one bit per VLAN for VLANs 1 to 2048.
If the bit is set to '1', then the IP Source Guard is enabled on
the VLAN.
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Dlink2kVlanList |
|
|
dIpsgIfSrcGuardVlansSecond2K |
1.3.6.1.4.1.171.14.132.1.2.2.1.8 |
This object specifies the VLANs the entry is applied to in a
string of octets containing one bit per VLAN for VLANs 2049 to 4094.
If the bit is set to '1', then the IP Source Guard is enabled on
the VLAN.
|
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Dlink2kVlanList |
|
|
dIpsgMIBCompliance |
1.3.6.1.4.1.171.14.132.2.1.1 |
The compliance statement for the DLINKSW-IP-SOURCE-GUARD-MIB. |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
dIpsgStaticBindingsGroup |
1.3.6.1.4.1.171.14.132.2.2.1 |
A collection of objects which are used to configure
as well as show information regarding the static binding data
for IP Source Guard. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
dIpsgVerifySrcInfoGroup |
1.3.6.1.4.1.171.14.132.2.2.2 |
A collection of objects which are used to show information
regarding interface IP source guard purpose. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
dIpsgVerifySrcInfoExtGroup |
1.3.6.1.4.1.171.14.132.2.2.3 |
A collection of objects which are used to indicate additional
information regarding the IP source guard feature. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
dIpsgIfSrcGuardTrafficFilterGroup |
1.3.6.1.4.1.171.14.132.2.2.4 |
A collection of objects which are used to configure the
type of traffic to be filtered by IP source guard feature. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|