HP-ICF-ARP-PROTECT
File:
HP-ICF-ARP-PROTECT.mib (18250 bytes)
Imported modules
Imported symbols
Defined Types
HpicfArpProtectPortEntry |
|
SEQUENCE |
|
|
|
|
hpicfArpProtectPortTrust |
TruthValue |
|
HpicfArpProtectVlanStatEntry |
|
SEQUENCE |
|
|
|
|
hpicfArpProtectVlanStatIndex |
VlanIndex |
|
|
hpicfArpProtectVlanStatForwards |
Counter32 |
|
|
hpicfArpProtectVlanStatBadPkts |
Counter32 |
|
|
hpicfArpProtectVlanStatBadBindings |
Counter32 |
|
|
hpicfArpProtectVlanStatBadSrcMacs |
Counter32 |
|
|
hpicfArpProtectVlanStatBadDstMacs |
Counter32 |
|
|
hpicfArpProtectVlanStatBadIpAddrs |
Counter32 |
|
Defined Values
hpicfArpProtect |
1.3.6.1.4.1.11.2.14.11.5.1.37 |
This MIB module contains HP proprietary
objects for managing Dynamic ARP
Protection. |
MODULE-IDENTITY |
|
|
|
hpicfArpProtectErrantReply |
1.3.6.1.4.1.11.2.14.11.5.1.37.0.1 |
An hpicfArpProtectErrantReply notification signifies that
the ARP protection entity is enabled and has detected
an errant ARP reply packet. The source and
destination addresses from the packet header are included
in the notification. |
Status: current |
Access: read-only |
NOTIFICATION-TYPE |
|
|
|
hpicfArpProtectEnable |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.1 |
The administrative status of the ARP Protection
feature. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
hpicfArpProtectVlanEnable |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.2 |
The administrative status for Dynamic ARP Protection
on each VLAN. There will be one bit in this string
for each possible VLAN ID. Each octet within this
value specifies a set of eight VLANs, with the first
octet specifying VLAN IDs 1 through 8, the second
octet specifying VLAN IDs 9 through 16, etc. Within
each octet, the most significant bit represents the
lowest numbered VLAN ID, and the least significant
bit represents the highest numbered VLAN ID. Thus,
each possible VLAN ID of the bridge is represented by
a single bit within the value of this object. If
that bit has a value of '1', then Dynamic ARP
Protection is enabled on that VLAN; Dynamic ARP
Protection is not enabled on the VLAN its bit has a
value of '0'. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(512) |
|
hpicfArpProtectValidation |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.3 |
Additional validation checks to perform on ARP
packets during Dynamic ARP Protection.
srcMac - Drop any ARP request or response
packet where the source MAC address in
the Ethernet header does not match the
sender MAC address in the body of the
ARP packet.
dstMac - Drop any unicast ARP response packet
where the destination MAC address in the
Ethernet header does not match the target
MAC address in the body of the ARP packet.
ip - Drop any ARP packet where the sender IP
address is invalid. Drop any ARP response
packet where the target IP address is
invalid. Invalid addresses include
0.0.0.0, 255.255.255.255, all IP multicast
addresses, and all class E IP addresses.
These checks are only performed for ARP packets
received on untrusted ports in VLANs that are enabled
for Dynamic ARP Protection. ARP packets received on
trusted ports, and ARP packets in VLANs for which
Dynamic ARP Protection is disabled, are forwarded
without validation. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
BITS |
srcMac(0), dstMac(1), ip(2) |
|
hpicfArpProtectErrantNotifyEnable |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.4 |
Provides operational control of hpicfArpProtectErrantReply. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
enabled(1), disabled(2) |
|
hpicfArpProtectPortEntry |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2.1 |
Dynamic ARP Protection configuration information for
a single port. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
HpicfArpProtectPortEntry |
|
|
hpicfArpProtectPortTrust |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2.1.1 |
This object indicates whether this port is
trusted for Dynamic ARP Protection. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
hpicfArpProtectVlanStatEntry |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1 |
Dynamic ARP Protection statistics for a single VLAN. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
HpicfArpProtectVlanStatEntry |
|
|
hpicfArpProtectVlanStatIndex |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.1 |
This variable uniquely identifies the VLAN that
the counters in this entry apply to. The VLAN
identified by this object is the same VLAN as
identified by the identical value in the
dot1qVlanIndex object. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
VlanIndex |
|
|
hpicfArpProtectVlanStatForwards |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.2 |
The number of ARP packets received on untrusted
ports in this VLAN that were successfully validated
and forwarded. This count does not increment for
VLANs for which Dynamic ARP Protection is not
enabled. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
hpicfArpProtectVlanStatBadPkts |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.3 |
The number of ARP packets received on untrusted
ports that were dropped because they were malformed
in some way. This may include an unrecognized
opcode, an unrecognized protocol type, an
unrecognized hardware type, an invalid protocol
address length, or an invalid hardware address
length. This count does not increment for VLANs
for which Dynamic ARP Protection is not enabled. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
hpicfArpProtectVlanStatBadBindings |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.4 |
The number of ARP packets received on untrusted
ports that were dropped because they advertized
a source IP-to-MAC binding that did not match a
known, valid binding. This count does not increment
for VLANs for which Dynamic ARP Protection is not
enabled. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
hpicfArpProtectVlanStatBadSrcMacs |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.5 |
The number of ARP packets received on untrusted
ports that were dropped because the source MAC
address in the Ethernet header did not match the
sender MAC address in the body of the ARP packet.
This count does not increment when source MAC
validation is not enabled. This count does not
increment for VLANs for which Dynamic ARP Protection
is not enabled. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
hpicfArpProtectVlanStatBadDstMacs |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.6 |
The number of unicast ARP response packets received
on untrusted ports that were dropped because the
destination MAC address in the Ethernet header did
not match the target MAC address in the body of the
ARP packet. This count does not increment when
destination address validation is not enabled.
This count does not increment for VLANs for which
Dynamic ARP Protection is not enabled. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
hpicfArpProtectVlanStatBadIpAddrs |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.7 |
The number of ARP packets received on untrusted
ports that were dropped because they contained
an invalid sender IP address, or they contained
an invalid target IP address in an ARP response.
This count does not increment when IP address
validation is not enabled. This count does not
increment for VLANs for which Dynamic ARP Protection
is not enabled. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
hpicfArpProtectErrantCnt |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.3 |
A count of hpicfArpProtectErrantReply sent
from the ARP Protection entity to the SNMP
entity. This count may differ from the count
of notifications transmitted due to rate
limiting or configuration. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
Counter32 |
|
|
hpicfArpProtectErrantSrcMac |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.4 |
Errant source MAC address included in a
hpicfArpProtectNotification. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
MacAddress |
|
|
hpicfArpProtectErrantSrcIp |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.6 |
Errant source IP address included in a
hpicfArpProtectNotification. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
hpicfArpProtectErrantDestMac |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.7 |
Errant destination MAC address included in a
hpicfArpProtectNotification. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
MacAddress |
|
|
hpicfArpProtectErrantDestIp |
1.3.6.1.4.1.11.2.14.11.5.1.37.1.9 |
Errant destination IP address included in a
hpicfArpProtectNotification. |
Status: current |
Access: accessible-for-notify |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
hpicfArpProtectBaseGroup |
1.3.6.1.4.1.11.2.14.11.5.1.37.2.1.1 |
A collection of objects for configuring and
monitoring the base Dynamic ARP Protection
functionality. |
Status: current |
Access: accessible-for-notify |
OBJECT-GROUP |
|
|
|
hpicfArpProtectionNotifications |
1.3.6.1.4.1.11.2.14.11.5.1.37.2.1.2 |
A group of Notifications whose implementation is
mandatory when HP-ICF-ARP-PROTECTION is
implemented. |
Status: current |
Access: accessible-for-notify |
NOTIFICATION-GROUP |
|
|
|
hpicfArpProtectCompliance |
1.3.6.1.4.1.11.2.14.11.5.1.37.2.2.1 |
The compliance statement for HP switches
that support Dynamic ARP Protection. |
Status: current |
Access: accessible-for-notify |
MODULE-COMPLIANCE |
|
|
|