-
Notifications
You must be signed in to change notification settings - Fork 0
/
hpicfArpProtect.mib
493 lines (413 loc) · 17.3 KB
/
hpicfArpProtect.mib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
--
HP-ICF-ARP-PROTECT DEFINITIONS ::= BEGIN
IMPORTS
hpSwitch
FROM HP-ICF-OID
ifIndex
FROM IF-MIB
InetAddressType
FROM INET-ADDRESS-MIB
InetAddress
FROM INET-ADDRESS-MIB
VlanIndex
FROM Q-BRIDGE-MIB
OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP
FROM SNMPv2-CONF
Counter32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
FROM SNMPv2-SMI
TruthValue, MacAddress
FROM SNMPv2-TC;
-- 1.3.6.1.4.1.11.2.14.11.5.1.37
hpicfArpProtect MODULE-IDENTITY
LAST-UPDATED "200708290000Z" -- August 29, 2007 at 00:00 GMT
ORGANIZATION "HP Networking"
CONTACT-INFO
"Hewlett-Packard Company
8000 Foothills Blvd.
Roseville, CA 95747"
DESCRIPTION
"This MIB module contains HP proprietary
objects for managing Dynamic ARP
Protection."
REVISION "200708290000Z" -- August 29, 2007 at 00:00 GMT
DESCRIPTION
"Added hpicfArpProtectNotification and associated objects."
REVISION "200605030027Z" -- May 03, 2006 at 00:27 GMT
DESCRIPTION
"Initial revision."
::= { hpSwitch 37 }
--
-- Node definitions
--
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.0
hpicfArpProtectNotifications OBJECT IDENTIFIER ::= { hpicfArpProtect 0 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.0.1
hpicfArpProtectErrantReply NOTIFICATION-TYPE
OBJECTS { hpicfArpProtectErrantCnt, hpicfArpProtectErrantSrcMac,
hpicfArpProtectErrantSrcIpType, hpicfArpProtectErrantSrcIp,
hpicfArpProtectErrantDestMac, hpicfArpProtectErrantDestIpType,
hpicfArpProtectErrantDestIp }
STATUS current
DESCRIPTION
"An hpicfArpProtectErrantReply notification signifies that
the ARP protection entity is enabled and has detected
an errant ARP reply packet. The source and
destination addresses from the packet header are included
in the notification."
::= { hpicfArpProtectNotifications 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1
hpicfArpProtectObjects OBJECT IDENTIFIER ::= { hpicfArpProtect 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1
hpicfArpProtectConfig OBJECT IDENTIFIER ::= { hpicfArpProtectObjects 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1
hpicfArpProtectGlobalCfg OBJECT IDENTIFIER ::= { hpicfArpProtectConfig 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.1
hpicfArpProtectEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The administrative status of the ARP Protection
feature."
::= { hpicfArpProtectGlobalCfg 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.2
hpicfArpProtectVlanEnable OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (512))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The administrative status for Dynamic ARP Protection
on each VLAN. There will be one bit in this string
for each possible VLAN ID. Each octet within this
value specifies a set of eight VLANs, with the first
octet specifying VLAN IDs 1 through 8, the second
octet specifying VLAN IDs 9 through 16, etc. Within
each octet, the most significant bit represents the
lowest numbered VLAN ID, and the least significant
bit represents the highest numbered VLAN ID. Thus,
each possible VLAN ID of the bridge is represented by
a single bit within the value of this object. If
that bit has a value of '1', then Dynamic ARP
Protection is enabled on that VLAN; Dynamic ARP
Protection is not enabled on the VLAN its bit has a
value of '0'."
::= { hpicfArpProtectGlobalCfg 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.3
hpicfArpProtectValidation OBJECT-TYPE
SYNTAX BITS
{
srcMac(0),
dstMac(1),
ip(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Additional validation checks to perform on ARP
packets during Dynamic ARP Protection.
srcMac - Drop any ARP request or response
packet where the source MAC address in
the Ethernet header does not match the
sender MAC address in the body of the
ARP packet.
dstMac - Drop any unicast ARP response packet
where the destination MAC address in the
Ethernet header does not match the target
MAC address in the body of the ARP packet.
ip - Drop any ARP packet where the sender IP
address is invalid. Drop any ARP response
packet where the target IP address is
invalid. Invalid addresses include
0.0.0.0, 255.255.255.255, all IP multicast
addresses, and all class E IP addresses.
These checks are only performed for ARP packets
received on untrusted ports in VLANs that are enabled
for Dynamic ARP Protection. ARP packets received on
trusted ports, and ARP packets in VLANs for which
Dynamic ARP Protection is disabled, are forwarded
without validation."
::= { hpicfArpProtectGlobalCfg 3 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.1.4
hpicfArpProtectErrantNotifyEnable OBJECT-TYPE
SYNTAX INTEGER
{
enabled(1),
disabled(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Provides operational control of hpicfArpProtectErrantReply."
::= { hpicfArpProtectGlobalCfg 4 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2
hpicfArpProtectPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF HpicfArpProtectPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Per-interface configuration for Dynamic ARP
Protection."
::= { hpicfArpProtectConfig 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2.1
hpicfArpProtectPortEntry OBJECT-TYPE
SYNTAX HpicfArpProtectPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Dynamic ARP Protection configuration information for
a single port."
INDEX { ifIndex }
::= { hpicfArpProtectPortTable 1 }
HpicfArpProtectPortEntry ::=
SEQUENCE {
hpicfArpProtectPortTrust
TruthValue
}
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.1.2.1.1
hpicfArpProtectPortTrust OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates whether this port is
trusted for Dynamic ARP Protection."
::= { hpicfArpProtectPortEntry 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2
hpicfArpProtectStatus OBJECT IDENTIFIER ::= { hpicfArpProtectObjects 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1
hpicfArpProtectVlanStatTable OBJECT-TYPE
SYNTAX SEQUENCE OF HpicfArpProtectVlanStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Per-VLAN statistics for Dynamic ARP Protection."
::= { hpicfArpProtectStatus 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1
hpicfArpProtectVlanStatEntry OBJECT-TYPE
SYNTAX HpicfArpProtectVlanStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Dynamic ARP Protection statistics for a single VLAN."
INDEX { hpicfArpProtectVlanStatIndex }
::= { hpicfArpProtectVlanStatTable 1 }
HpicfArpProtectVlanStatEntry ::=
SEQUENCE {
hpicfArpProtectVlanStatIndex
VlanIndex,
hpicfArpProtectVlanStatForwards
Counter32,
hpicfArpProtectVlanStatBadPkts
Counter32,
hpicfArpProtectVlanStatBadBindings
Counter32,
hpicfArpProtectVlanStatBadSrcMacs
Counter32,
hpicfArpProtectVlanStatBadDstMacs
Counter32,
hpicfArpProtectVlanStatBadIpAddrs
Counter32
}
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.1
hpicfArpProtectVlanStatIndex OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This variable uniquely identifies the VLAN that
the counters in this entry apply to. The VLAN
identified by this object is the same VLAN as
identified by the identical value in the
dot1qVlanIndex object."
::= { hpicfArpProtectVlanStatEntry 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.2
hpicfArpProtectVlanStatForwards OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports in this VLAN that were successfully validated
and forwarded. This count does not increment for
VLANs for which Dynamic ARP Protection is not
enabled."
::= { hpicfArpProtectVlanStatEntry 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.3
hpicfArpProtectVlanStatBadPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports that were dropped because they were malformed
in some way. This may include an unrecognized
opcode, an unrecognized protocol type, an
unrecognized hardware type, an invalid protocol
address length, or an invalid hardware address
length. This count does not increment for VLANs
for which Dynamic ARP Protection is not enabled."
::= { hpicfArpProtectVlanStatEntry 3 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.4
hpicfArpProtectVlanStatBadBindings OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports that were dropped because they advertized
a source IP-to-MAC binding that did not match a
known, valid binding. This count does not increment
for VLANs for which Dynamic ARP Protection is not
enabled."
::= { hpicfArpProtectVlanStatEntry 4 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.5
hpicfArpProtectVlanStatBadSrcMacs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports that were dropped because the source MAC
address in the Ethernet header did not match the
sender MAC address in the body of the ARP packet.
This count does not increment when source MAC
validation is not enabled. This count does not
increment for VLANs for which Dynamic ARP Protection
is not enabled."
::= { hpicfArpProtectVlanStatEntry 5 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.6
hpicfArpProtectVlanStatBadDstMacs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of unicast ARP response packets received
on untrusted ports that were dropped because the
destination MAC address in the Ethernet header did
not match the target MAC address in the body of the
ARP packet. This count does not increment when
destination address validation is not enabled.
This count does not increment for VLANs for which
Dynamic ARP Protection is not enabled."
::= { hpicfArpProtectVlanStatEntry 6 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.2.1.1.7
hpicfArpProtectVlanStatBadIpAddrs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ARP packets received on untrusted
ports that were dropped because they contained
an invalid sender IP address, or they contained
an invalid target IP address in an ARP response.
This count does not increment when IP address
validation is not enabled. This count does not
increment for VLANs for which Dynamic ARP Protection
is not enabled."
::= { hpicfArpProtectVlanStatEntry 7 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.3
hpicfArpProtectErrantCnt OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"A count of hpicfArpProtectErrantReply sent
from the ARP Protection entity to the SNMP
entity. This count may differ from the count
of notifications transmitted due to rate
limiting or configuration."
::= { hpicfArpProtectObjects 3 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.4
hpicfArpProtectErrantSrcMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Errant source MAC address included in a
hpicfArpProtectNotification."
::= { hpicfArpProtectObjects 4 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.5
hpicfArpProtectErrantSrcIpType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IP Address type reported in hpicfArpProtectErrantSrcIp."
::= { hpicfArpProtectObjects 5 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.6
hpicfArpProtectErrantSrcIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Errant source IP address included in a
hpicfArpProtectNotification."
::= { hpicfArpProtectObjects 6 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.7
hpicfArpProtectErrantDestMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Errant destination MAC address included in a
hpicfArpProtectNotification."
::= { hpicfArpProtectObjects 7 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.8
hpicfArpProtectErrantDestIpType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IP Address type reported in hpicfArpProtectErrantDestIp."
::= { hpicfArpProtectObjects 8 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.1.9
hpicfArpProtectErrantDestIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Errant destination IP address included in a
hpicfArpProtectNotification."
::= { hpicfArpProtectObjects 9 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2
hpicfArpProtectConformance OBJECT IDENTIFIER ::= { hpicfArpProtect 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.1
hpicfArpProtectGroups OBJECT IDENTIFIER ::= { hpicfArpProtectConformance 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.1.1
hpicfArpProtectBaseGroup OBJECT-GROUP
OBJECTS { hpicfArpProtectEnable, hpicfArpProtectVlanEnable,
hpicfArpProtectValidation, hpicfArpProtectPortTrust,
hpicfArpProtectVlanStatForwards, hpicfArpProtectVlanStatBadPkts,
hpicfArpProtectVlanStatBadBindings, hpicfArpProtectVlanStatBadSrcMacs,
hpicfArpProtectVlanStatBadDstMacs, hpicfArpProtectVlanStatBadIpAddrs,
hpicfArpProtectErrantSrcMac, hpicfArpProtectErrantSrcIp,
hpicfArpProtectErrantDestMac, hpicfArpProtectErrantSrcIpType,
hpicfArpProtectErrantDestIpType, hpicfArpProtectErrantDestIp,
hpicfArpProtectErrantCnt, hpicfArpProtectErrantNotifyEnable }
STATUS current
DESCRIPTION
"A collection of objects for configuring and
monitoring the base Dynamic ARP Protection
functionality."
::= { hpicfArpProtectGroups 1 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.1.2
hpicfArpProtectionNotifications NOTIFICATION-GROUP
NOTIFICATIONS { hpicfArpProtectErrantReply }
STATUS current
DESCRIPTION
"A group of Notifications whose implementation is
mandatory when HP-ICF-ARP-PROTECTION is
implemented."
::= { hpicfArpProtectGroups 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.2
hpicfArpProtectCompliances OBJECT IDENTIFIER ::= { hpicfArpProtectConformance 2 }
-- 1.3.6.1.4.1.11.2.14.11.5.1.37.2.2.1
hpicfArpProtectCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for HP switches
that support Dynamic ARP Protection."
MODULE -- this module
MANDATORY-GROUPS { hpicfArpProtectBaseGroup, hpicfArpProtectionNotifications }
::= { hpicfArpProtectCompliances 1 }
END