ALCATEL-IND1-IP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, IpAddress FROM SNMPv2-SMI PhysAddress FROM SNMPv2-TC ipNetToMediaIfIndex, ipNetToMediaNetAddress, ipNetToMediaEntry FROM IP-MIB ipCidrRouteEntry FROM IP-FORWARD-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF softentIND1Ip FROM ALCATEL-IND1-BASE; alcatelIND1IPMIB MODULE-IDENTITY LAST-UPDATED "200106080000Z" ORGANIZATION "Alcatel - Architects Of An Internet World" CONTACT-INFO "Please consult with Customer Service to insure the most appropriate version of this document is used with the products in question: Alcatel Internetworking, Incorporated (Division 1, Formerly XYLAN Corporation) 26801 West Agoura Road Agoura Hills, CA 91301-5122 United States Of America Telephone: North America +1 800 995 2696 Latin America +1 877 919 9526 Europe +31 23 556 0100 Asia +65 394 7933 All Other +1 818 878 4507 Electronic Mail: support@ind.alcatel.com World Wide Web: http://www.ind.alcatel.com File Transfer Protocol: ftp://ftp.ind.alcatel.com/pub/products/mibs" DESCRIPTION "This module describes an authoritative enterprise-specific Simple Network Management Protocol (SNMP) Management Information Base (MIB): Propietary IP MIB definitions The right to make changes in specification and other information contained in this document without prior notice is reserved. No liability shall be assumed for any incidental, indirect, special, or consequential damages whatsoever arising from or related to this document or the information contained herein. Vendors, end-users, and other interested parties are granted non-exclusive license to use this specification in connection with management of the products for which it is intended to be used. Copyright (C) 1995-2002 Alcatel Internetworking, Incorporated ALL RIGHTS RESERVED WORLDWIDE" REVISION "200106080000Z" DESCRIPTION "The latest version of this MIB Module." ::= { softentIND1Ip 1 } alcatelIND1IPMIBObjects OBJECT IDENTIFIER ::= { alcatelIND1IPMIB 1 } -- -- Alcatel IP stack configuration -- alaIpConfig OBJECT IDENTIFIER ::= { alcatelIND1IPMIBObjects 1 } alaIpClearArpCache OBJECT-TYPE SYNTAX INTEGER { clear(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Clear dynamic ARP entries from ARP cache." DEFVAL { clear } ::= { alaIpConfig 1 } alaIpArpTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The dynamic ARP entry time-out in seconds." DEFVAL { 300 } ::= { alaIpConfig 2 } alaIpDirectedBroadcast OBJECT-TYPE SYNTAX INTEGER { on(1), -- Forward IP directed broadcasts off(0) -- NOT forward IP directed broadcasts } MAX-ACCESS read-write STATUS current DESCRIPTION "The indication of whether this router is forwarding IP directed broadcasts" DEFVAL { off } ::= { alaIpConfig 3 } -- -- proprietary alcatel ipNetToMediaTable, only ARP entries -- with special flag (e.g. proxy, vrrp, avlan) appears in this MIB. -- since proxy and vrrp can coexist, each flag is a columnar object. -- alaIpNetToMediaTable OBJECT-TYPE SYNTAX SEQUENCE OF AlaIpNetToMediaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of ARP flags, expansion to ipNetToMediaTable." ::= { alcatelIND1IPMIBObjects 2 } alaIpNetToMediaEntry OBJECT-TYPE SYNTAX AlaIpNetToMediaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in alaIpToMediaTable." INDEX { ipNetToMediaIfIndex, ipNetToMediaNetAddress } ::= { alaIpNetToMediaTable 1 } AlaIpNetToMediaEntry ::= SEQUENCE { alaIpNetToMediaPhysAddress PhysAddress, alaIpNetToMediaProxy INTEGER, alaIpNetToMediaVrrp INTEGER, alaIpNetToMediaAuth INTEGER } alaIpNetToMediaPhysAddress OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The media-dependent `physical' address." ::= { alaIpNetToMediaEntry 1 } alaIpNetToMediaProxy OBJECT-TYPE SYNTAX INTEGER { no(0), -- not proxy ARP yes(1) -- proxy ARP } MAX-ACCESS read-write STATUS current DESCRIPTION "Proxy ARP flag" ::= { alaIpNetToMediaEntry 2 } alaIpNetToMediaVrrp OBJECT-TYPE SYNTAX INTEGER { no(0), -- not VRRP ARP yes(1) -- VRRP ARP } MAX-ACCESS read-only STATUS current DESCRIPTION "VRRP ARP flag" ::= { alaIpNetToMediaEntry 3 } alaIpNetToMediaAuth OBJECT-TYPE SYNTAX INTEGER { no(0), -- not AVLAN ARP yes(1) -- AVLAN ARP } MAX-ACCESS read-only STATUS current DESCRIPTION "Authentication VLAN ARP flags" ::= { alaIpNetToMediaEntry 4 } -- -- DoS stuff -- alaDoSConfig OBJECT IDENTIFIER ::= { alcatelIND1IPMIBObjects 3 } alaDoSTable OBJECT-TYPE SYNTAX SEQUENCE OF AlaDoSEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of DoS (denial of service) attacks detected" ::= { alaDoSConfig 1 } alaDoSEntry OBJECT-TYPE SYNTAX AlaDoSEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the alaDoStable" INDEX { alaDoSType } ::= { alaDoSTable 1 } AlaDoSEntry ::= SEQUENCE { alaDoSType INTEGER, alaDoSDetected Counter32 } alaDoSType OBJECT-TYPE SYNTAX INTEGER { portscan(0), tcpsyn(1), pingofdeath(2), smurf(3), pepsi(4), land(5), teardropBonkBoink(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "index field for the alaDoSTable" ::= { alaDoSEntry 1 } alaDoSDetected OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of attacks detected" ::= { alaDoSEntry 2 } -- -- Port scan parameters -- alaDoSPortScanClosePortPenalty OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Penalty points added to the total port scan penalty value when a TCP/UDP packet destinated to a closed port is received." DEFVAL { 10 } ::= { alaDoSConfig 2 } alaDoSPortScanTcpOpenPortPenalty OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Penalty points added to the total port scan penalty value when a TCP SYN/FIN packet destinated to a open TCP port is received. No difference between legal TCP packet and port scan packet." DEFVAL { 0 } ::= { alaDoSConfig 3 } alaDoSPortScanUdpOpenPortPenalty OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Penalty points added to the total port scan penalty value when a UDP packet destinated to a open UDP port is received. No difference between legal UDP packet and port scan packet." DEFVAL { 0 } ::= { alaDoSConfig 4 } alaDoSPortScanTotalPenalty OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total port scan penalty value accumulated at present time" ::= { alaDoSConfig 5 } alaDoSPortScanThreshold OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Threshold port scan penalty value. If the total port scan penalty value exceeds this value, a port scan attack is recorded" DEFVAL { 1000 } ::= { alaDoSConfig 6 } alaDoSPortScanDecay OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Decay speed for the total port scan penalty value. The penalty value is reduced by a factor of the decay value every minute" DEFVAL { 2 } ::= { alaDoSConfig 7 } alaDoSTrapCntl OBJECT-TYPE SYNTAX INTEGER { enabled (1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the switch will generate SNMP traps for alaDoSTraps. 'Enabled' results in SNMP traps; 'disabled', no traps are sent." DEFVAL { enabled } ::= { alaDoSConfig 8 } -- -- Expansion of ipNetToMedia table -- ipNetToMediaAugTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNetToMediaAugEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " slot/port expansion to ipNetToMediaTable." ::= { alcatelIND1IPMIBObjects 4 } ipNetToMediaAugEntry OBJECT-TYPE SYNTAX IpNetToMediaAugEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in ipNetToMediaAugTable." AUGMENTS { ipNetToMediaEntry } ::= { ipNetToMediaAugTable 1 } IpNetToMediaAugEntry ::= SEQUENCE { ipNetToMediaSlot Integer32, ipNetToMediaPort Integer32 } ipNetToMediaSlot OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Slot associated with address translation. An address translation not associated with a slot/port pair will have ipNetToMediaSlot equal to zero and ipNetToMediaPort equal to zero. An address associated with an Ethernet Management Port (EMP) will have ipNetToMediaSlot equal to zero and ipNetToMediaPort equal to -1." ::= { ipNetToMediaAugEntry 1 } ipNetToMediaPort OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Port associated with address translation. An address translation not associated with a slot/port pair will have ipNetToMediaSlot equal to zero and ipNetToMediaPort equal to zero. An address associated with an Ethernet Management Port(EMP) will have ipNetToMediaSlot equal to zero and ipNetToMediaPort equal to -1." ::= { ipNetToMediaAugEntry 2 } -- -- DoS traps -- alaDoSTraps OBJECT IDENTIFIER ::= { alcatelIND1IPMIBObjects 5 } alaDoSTrap NOTIFICATION-TYPE OBJECTS { alaDoSType, alaDoSDetected } STATUS current DESCRIPTION "The DoS trap indicates that the sending agent has received DoS attack" ::= { alaDoSTraps 1 } -- -- Expansion to ipCidrRouteTable, add flag to show NI route -- or EMP route -- ipCidrRouteAugTable OBJECT-TYPE SYNTAX SEQUENCE OF IpCidrRouteAugEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "NI/EMP flag expansion to ipCidrRouteTable." ::= { alcatelIND1IPMIBObjects 6 } ipCidrRouteAugEntry OBJECT-TYPE SYNTAX IpCidrRouteAugEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in ipCidrRouteAugTable." AUGMENTS { ipCidrRouteEntry } ::= { ipCidrRouteAugTable 1 } IpCidrRouteAugEntry ::= SEQUENCE { ipCidrRouteScope INTEGER } ipCidrRouteScope OBJECT-TYPE SYNTAX INTEGER { niroute(1), -- routes on NI emproute(2) -- routes on EMP } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicate the route is NI route or EMP route" ::= { ipCidrRouteAugEntry 1 } -- -- ICMP control -- alaIcmpCtrlTable OBJECT-TYPE SYNTAX SEQUENCE OF AlaIcmpCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to control ICMP message generation from the switch." ::= { alcatelIND1IPMIBObjects 7 } alaIcmpCtrlEntry OBJECT-TYPE SYNTAX AlaIcmpCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the alaIcmpCtrlTable" INDEX { alaIcmpCtrlType, alaIcmpCtrlCode } ::= { alaIcmpCtrlTable 1 } AlaIcmpCtrlEntry ::= SEQUENCE { alaIcmpCtrlType INTEGER, alaIcmpCtrlCode INTEGER, alaIcmpCtrlStatus INTEGER, alaIcmpCtrlPktGap Integer32 } alaIcmpCtrlType OBJECT-TYPE SYNTAX INTEGER (0..18) MAX-ACCESS read-only STATUS current DESCRIPTION "ICMP message type" ::= { alaIcmpCtrlEntry 1 } alaIcmpCtrlCode OBJECT-TYPE SYNTAX INTEGER (0..15) MAX-ACCESS read-only STATUS current DESCRIPTION "ICMP message code" ::= { alaIcmpCtrlEntry 2 } alaIcmpCtrlStatus OBJECT-TYPE SYNTAX INTEGER { enabled (1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enable/disable ICMP message generation" DEFVAL { enabled } ::= { alaIcmpCtrlEntry 3 } alaIcmpCtrlPktGap OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "Minimum packet gap in microseconds between the two successive ICMP messages with the same type and code" DEFVAL { 0 } ::= { alaIcmpCtrlEntry 4 } -- -- conformance information -- alcatelIND1IPMIBConformance OBJECT IDENTIFIER ::= { alcatelIND1IPMIB 2 } alcatelIND1IPMIBCompliances OBJECT IDENTIFIER ::= { alcatelIND1IPMIBConformance 1 } alcatelIND1IPMIBGroups OBJECT IDENTIFIER ::= { alcatelIND1IPMIBConformance 2 } alaIpCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for switches with Alcatel IP stack and implementing ALCATEL-IND1-IP-MIB." MODULE MANDATORY-GROUPS { alaIpConfig, alaIpNetToMediaTable } ::= { alcatelIND1IPMIBCompliances 1 } -- -- units of conformance -- alaIpConfigGroup OBJECT-GROUP OBJECTS { alaIpClearArpCache, alaIpArpTimeout, alaIpDirectedBroadcast } STATUS current DESCRIPTION "A collection of objects to support management of configuration parameters of Alcatel IP stack." ::= { alcatelIND1IPMIBGroups 1 } END