EXTREME-IP-SECURITY-MIB

File: EXTREME-IP-SECURITY-MIB.mib (18018 bytes)

Imported modules

SNMPv2-SMI SNMPv2-TC INET-ADDRESS-MIB
EXTREME-BASE-MIB

Imported symbols

MODULE-IDENTITY OBJECT-TYPE IpAddress
Counter64 Integer32 TEXTUAL-CONVENTION
DisplayString MacAddress RowStatus
InetAddressType InetAddress InetPortNumber
extremeAgent

Defined Types

HexOctet  
A single hexidecimal octet used to specify TCP flags
TEXTUAL-CONVENTION    
  OCTET STRING Size(2)  

VlanTag  
The tag used when encapsulating packets transmitted
TEXTUAL-CONVENTION    
  INTEGER 0..4095  

IpProtocol  
The value of the IP Protocol field of an IP Datagram Header. This identifies the protocol layer above IP. For example, the value 6 is used for TCP and the value 17 is used for UDP. The values of this field are defined in the Assigned Numbers RFC.
TEXTUAL-CONVENTION    
  INTEGER unknown(0), icmp(1), tcp(6), udp(17)  

TcpFlagAnomalyReason  
1) (TCP flag SYN is set) and (its TCP source port < 1024). OR 2) (TCP flag == 0) and (TCP seq # == 0). OR 3) (TCP flag FIN/URG/PSH bits sre set) and (TCP seq # == 0). OR 4) Both TCP iflag SYN and FIN are set
TEXTUAL-CONVENTION    
  INTEGER unknown(0), flagSynAndSrcPort(1), flagAndSeq(2), flagFinAndUrgAandPshandSeq(3), flagSynAndFin(4)  

IcmpAnomalyReason  
1) the size of ICMP is large than pre-configured allowed size 2) Fragmented ICMP packet
TEXTUAL-CONVENTION    
  INTEGER unknown(0), icmpOverSize(1), icmpFragmented(2)  

TcpFragmentAnomalyReason  
1) TCP packet and incompleted TCP header (IP payload less tahn MIN_TCP_HDR_SIZE) 2) Fragmented TCP packet (IP fragment offset = 1)
TEXTUAL-CONVENTION    
  INTEGER unknown(0), tcpHdrLessSize(1), tcpFragmented(2)  

Defined Values

extremeIpSecurity 1.3.6.1.4.1.1916.1.34
Extreme IP Security MIB
MODULE-IDENTITY    

extremeIpSecurityTraps 1.3.6.1.4.1.1916.1.34.1
OBJECT IDENTIFIER    

extremeIpSecurityTrapsPrefix 1.3.6.1.4.1.1916.1.34.1.0
OBJECT IDENTIFIER    

extremeIpSecurityViolation 1.3.6.1.4.1.1916.1.34.1.0.1
For vlans/ports on which one or more of the IP Security features have been enabled, this trap will be generated when a packet received on that vlan/port is in violation of the configured IP Security protections
Status: current Access: accessible-for-notify
NOTIFICATION-TYPE    

extremeIpSecurityVlanIfIndex 1.3.6.1.4.1.1916.1.34.1.1
The ifIndex of the VLAN on which the violating packet was received.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Integer32  

extremeIpSecurityVlanDescr 1.3.6.1.4.1.1916.1.34.1.2
The description(name) of the VLAN on which the violating packet was received.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  DisplayString Size(0..32)  

extremeIpSecurityPortIfIndex 1.3.6.1.4.1.1916.1.34.1.3
The ifIndex of the port on which the violating packet was received.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Integer32  

extremeIpSecurityIpAddr 1.3.6.1.4.1.1916.1.34.1.4
Source IP address of the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  IpAddress  

extremeIpSecurityMacAddress 1.3.6.1.4.1.1916.1.34.1.5
Source MAC address in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  MacAddress  

extremeIpSecurityViolationType 1.3.6.1.4.1.1916.1.34.1.6
The type of IP Security violation that occurred - rogueDhcpServerPacket(1) A rogue DHCP server packet was received. - badIpMacBindingInArpPacket(2) The IP-MAC binding received in the ARP packet does not exist in the DHCP Bindings table. - badIpInArpPacket(3) The Source IP address in the ARP payload is invalid. - badMacInArpPacket(4) One of the MAC addresses in the ARP payload does not match with its counterpart in the ethernet header.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  INTEGER rogueDhcpServerPacket(1), badIpMacBindingInArpPacket(2), badIpInArpPacket(3), badMacInArpPacket(4)  

extremeIpSecurityAnomalyTraps 1.3.6.1.4.1.1916.1.34.2
OBJECT IDENTIFIER    

extremeIpSecurityAnomalyTrapsPrefix 1.3.6.1.4.1.1916.1.34.2.0
OBJECT IDENTIFIER    

extremeIpSecurityAnomalyIpViolation 1.3.6.1.4.1.1916.1.34.2.0.1
For ports on which the protocol anomaly protection IP features has been enabled, this trap will be generated when a packet received on that port if the packet's source IP == destination IP
Status: current Access: accessible-for-notify
NOTIFICATION-TYPE    

extremeIpSecurityAnomalyL4PortViolation 1.3.6.1.4.1.1916.1.34.2.0.2
For ports on which the protocol anomaly protection L4port features has been enabled, this trap will be generated when a packet received on that port if 1) the packet is a TCP or UDP packetr. AND 2) its source L4 port == destination port
Status: current Access: accessible-for-notify
NOTIFICATION-TYPE    

extremeIpSecurityAnomalyTcpFlagViolation 1.3.6.1.4.1.1916.1.34.2.0.3
For ports on which the protocol anomaly protection TCP flags features has been enabled, this trap will be generated when a TCP packet received on that port if 1) (TCP flag SYN is set) and (its TCP source port < 1024). OR 2) (TCP flag == 0) and (TCP seq # == 0). OR 3) (TCP flag FIN/URG/PSH bits sre set) and (TCP seq # == 0). OR 4) Both TCP iflag SYN and FIN are set
Status: current Access: accessible-for-notify
NOTIFICATION-TYPE    

extremeIpSecurityAnomalyTcpFragmentViolation 1.3.6.1.4.1.1916.1.34.2.0.4
For ports on which the protocol anomaly protection TCP fragment features has been enabled, this trap will be generated when a packet received on that port if 1) the packet is a TCP, and its size of the TCP header is less than pre-configured value; or 2) the packet is a TCP and it is a IP fragmented packet (IP offset != 0)
Status: current Access: accessible-for-notify
NOTIFICATION-TYPE    

extremeIpSecurityAnomalyIcmpViolation 1.3.6.1.4.1.1916.1.34.2.0.5
For ports on which the protocol anomaly protection ICMP features has been enabled, this trap will be generated when an ICMP packet received on that port if 1) the size of ICMP (IP payload) is large thant pre-configured value; or 2) it is a fragmented IP/ICMP packet (IP offset != 0)
Status: current Access: accessible-for-notify
NOTIFICATION-TYPE    

esAnomalyPortIfIndex 1.3.6.1.4.1.1916.1.34.2.1
The ifIndex of the port on which the violating packet was received.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Integer32  

esAnomalyVlanIfIndex 1.3.6.1.4.1.1916.1.34.2.2
The ifIndex of the VLAN on which the violating packet was received.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Integer32  

esAnomalyVlanDescr 1.3.6.1.4.1.1916.1.34.2.3
The description(name) of the VLAN on which the violating packet was received.
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  DisplayString Size(0..32)  

esAnomalySrcMacAddress 1.3.6.1.4.1.1916.1.34.2.4
Source MAC address in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  MacAddress  

esAnomalyDestMacAddress 1.3.6.1.4.1.1916.1.34.2.5
Destination MAC address in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  MacAddress  

esAnomalySrcIpAddrType 1.3.6.1.4.1.1916.1.34.2.6
source IP address type: ipv4 or ipv6
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddressType  

esAnomalySrcIpAddr 1.3.6.1.4.1.1916.1.34.2.7
source IP address in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddress  

esAnomalyDestIpAddrType 1.3.6.1.4.1.1916.1.34.2.8
destination IP address type: ipv4 or ipv6
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddressType  

esAnomalyDestIpAddr 1.3.6.1.4.1.1916.1.34.2.9
destination IP address in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetAddress  

esAnomalyIpProto 1.3.6.1.4.1.1916.1.34.2.10
IP protocol in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  IpProtocol  

esAnomalySrcL4Port 1.3.6.1.4.1.1916.1.34.2.11
tcp/udp source port number in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetPortNumber  

esAnomalyDestL4Port 1.3.6.1.4.1.1916.1.34.2.12
tcp/udp destination port in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  InetPortNumber  

esAnomalyTcpFlag 1.3.6.1.4.1.1916.1.34.2.13
TCP flags in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  HexOctet  

esAnomalyTcpSeq 1.3.6.1.4.1.1916.1.34.2.14
TCP sequence number in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Integer32  

esAnomalyTcpHdrSize 1.3.6.1.4.1.1916.1.34.2.15
TCP Header size in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  Integer32  

esAnomalyTcpFlagReason 1.3.6.1.4.1.1916.1.34.2.16
TCP flag anomaly reason code
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TcpFlagAnomalyReason  

esAnomalyIcmpReason 1.3.6.1.4.1.1916.1.34.2.17
ICMP anomaly reason code
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  IcmpAnomalyReason  

esAnomalyVlanTag 1.3.6.1.4.1.1916.1.34.2.18
the vlan tag in the violating packet
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  VlanTag  

esAnomalyTcpFragmentReason 1.3.6.1.4.1.1916.1.34.2.19
TCP fragment anomaly reason code
Status: current Access: accessible-for-notify
OBJECT-TYPE    
  TcpFragmentAnomalyReason