-- ***************************************************************** -- CISCO-DYNAMIC-ARP-INSPECTION-MIB -- -- October 2003, Edward Pham -- -- Copyright (c) 2003, 2009, 2011 by cisco Systems, Inc. -- All rights reserved. -- ***************************************************************** CISCO-DYNAMIC-ARP-INSPECTION-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, Gauge32, Unsigned32, Counter32, OBJECT-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF TruthValue, MacAddress, DateAndTime, StorageType, RowStatus FROM SNMPv2-TC ifIndex, InterfaceIndexOrZero FROM IF-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB VlanIndex FROM Q-BRIDGE-MIB VlanIndexOrZero FROM CISCO-PRIVATE-VLAN-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB ciscoMgmt FROM CISCO-SMI; ciscoDynamicArpInspectionMIB MODULE-IDENTITY LAST-UPDATED "201103210000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-lan-switch-snmp@cisco.com" DESCRIPTION "The MIB module is for configuration of Dynamic ARP Inspection feature. Dynamic ARP Inspection is a security mechanism which validate ARP packets seen on access ports." REVISION "201103210000Z" DESCRIPTION "Add the following groups: - cdaiLoggingConfigGroup. - cdaiLogBufferGroup. - cdaiLogBufferActionGroup. - cdaiAddressValidationGroup. - cdaiVlanCfgGroup. - cdaiVlanArpProbeGroup. - cdaiVlanStatisticsGroup. - cdaiVlanExtStatisticsGroup." REVISION "200310291500Z" DESCRIPTION "Initial revision of this MIB module." ::= { ciscoMgmt 374 } cdaiMIBNotifs OBJECT IDENTIFIER ::= { ciscoDynamicArpInspectionMIB 0 } cdaiMIBObjects OBJECT IDENTIFIER ::= { ciscoDynamicArpInspectionMIB 1 } cdaiMIBConformance OBJECT IDENTIFIER ::= { ciscoDynamicArpInspectionMIB 2 } cdaiGlobal OBJECT IDENTIFIER ::= { cdaiMIBObjects 1 } cdaiVlan OBJECT IDENTIFIER ::= { cdaiMIBObjects 2 } cdaiInterface OBJECT IDENTIFIER ::= { cdaiMIBObjects 3 } cdaiStatistics OBJECT IDENTIFIER ::= { cdaiMIBObjects 4 } -- -- The Global group -- cdaiLoggingEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether the Dynamic ARP Inspection logging is enabled on the device. If this object is set to 'true', Dynamic ARP Inspection logging is enabled. If this object is set to 'false', Dynamic ARP Inspection logging is disabled." ::= { cdaiGlobal 1 } cdaiAddressValidate OBJECT-TYPE SYNTAX BITS { srcMacAddress(0), dstMacAddress(1), ip(2), ipAllowZeros(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies address validation criteria used by Dynamic ARP Inspection feature. 'srcMacAddress' indicates that source MAC address in ethernet header is checked against the sender MAC address in ARP packet. When this bit is on, packets with different MAC addresses are classified as invalid packets and are dropped. This checking is done for both ARP request and ARP response packet. 'dstMacAddress' indicates that the destination MAC address in ethernet header is checked against the target MAC address in ARP packet. When this bit is on, packets with different addresses are classified as invalid packets and are dropped. This checking is done for ARP response packet only. 'ip' indicates that the IP addresses in ARP packet are checked for invalid or unexpected IP addresses. Addresses such as 0.0.0.0, 255.255.255.255 and all IP multicast addresses are considered invalid. When this bit is on, both the sender and target IP addresses in the ARP packet are checked. This checking is done for both ARP request and response packet. 'ipAllowZeros' works the same as 'ip' but address 0.0.0.0 is allowed. 'ip' and 'ipAllowZeros' are mutually exclusive." ::= { cdaiGlobal 2 } cdaiLogBufferSize OBJECT-TYPE SYNTAX Unsigned32 UNITS "entries" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the size of the logging buffer." ::= { cdaiGlobal 3 } cdaiLoggingRate OBJECT-TYPE SYNTAX Unsigned32 UNITS "entries" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the maximum number of logging entries will be logged during the time period denoted by cdaiLoggingInterval object for system message generation purpose. Zero value indicates that entry is placed in the log buffer, but a system message is not generated." ::= { cdaiGlobal 4 } cdaiLoggingInterval OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the logging interval for system message generation purpose. Zero value indicates that system message is immediately generated (and the log buffer is always empty). Value of this object and value of cdaiLoggingRate object cannot be zero at the same time." ::= { cdaiGlobal 5 } cdaiLogBufferAction OBJECT-TYPE SYNTAX INTEGER { none(1), clear(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This objects specifies the action can be taken with respect to logging buffer. 'none' indicates that no operation is performed. This object always return value 'none' when read. 'clear' indicates that all entries in cdaiLoggingBufferTable will be cleared." ::= { cdaiGlobal 6 } -- -- The Dynamic ARP Inspection Logging Buffer Table -- cdaiLogBufferTable OBJECT-TYPE SYNTAX SEQUENCE OF CdaiLogBufferEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the information of logged ARP flows for system message generation." ::= { cdaiGlobal 7 } cdaiLogBufferEntry OBJECT-TYPE SYNTAX CdaiLogBufferEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains logged ARP flow data for system message generation. Entries in the log are cleared once system messages are generated on their behalf. A special entry will be populated for accounting drops of all flows that result in exceeding the number of entries of the log buffer. Special entry only contains packets counter and timestamps information. The rest of its fields are irrelevant." INDEX { cdaiLogBufferIndex } ::= { cdaiLogBufferTable 1 } CdaiLogBufferEntry ::= SEQUENCE { cdaiLogBufferIndex Unsigned32, cdaiLogBufferInterface InterfaceIndexOrZero, cdaiLogBufferVlan VlanIndexOrZero, cdaiLogBufferSenderMacAddress MacAddress, cdaiLogBufferSenderAddressType InetAddressType, cdaiLogBufferSenderIpAddress InetAddress, cdaiLogBufferReason INTEGER, cdaiLogBufferLastUpdate DateAndTime, cdaiLogBufferPacketsCount Gauge32 } cdaiLogBufferIndex OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object uniquely identifies a logged ARP flow in the buffer." ::= { cdaiLogBufferEntry 1 } cdaiLogBufferInterface OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the interface which sent the logged ARP flow. Zero value indicates the special entry." ::= { cdaiLogBufferEntry 2 } cdaiLogBufferVlan OBJECT-TYPE SYNTAX VlanIndexOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the VLAN number which the logged ARP flow belongs to. Zero value indicates the special entry." ::= { cdaiLogBufferEntry 3 } cdaiLogBufferSenderMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the sender MAC address of the logged ARP flow. All zeros MAC address value indicates the special entry." ::= { cdaiLogBufferEntry 4 } cdaiLogBufferSenderAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the sender Internet address type of the logged ARP flow." ::= { cdaiLogBufferEntry 5 } cdaiLogBufferSenderIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the sender Internet address of the logged ARP flow. The type of this address is determined by the value of cdaiLogBufferSenderAddressType object. All zeros IP address value indicates the special entry." ::= { cdaiLogBufferEntry 6 } cdaiLogBufferReason OBJECT-TYPE SYNTAX INTEGER { unknown(1), deny(2), aclDeny(3), aclPermit(4), dhcpDeny(5), dhcpPermit(6), probePermit(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the reason for logging this ARP flow. 'unknown' indicates unknown reason. 'deny' indicates that this ARP flow is logged because it is denied by Dynamic ARP Inspection feature. 'aclDeny' indicates that this ARP flow is logged because it is denied by a configured ARP ACL. 'aclPermit' indicates that this ARP flow is logged because it is permitted by a configured ARP ACL. 'dhcpDeny' indicates that this ARP flow is logged because it is denied when comparing with DHCP bindings information. 'dhcpPermit' indicates that this ARP flow is logged because it is permitted when comparing with DHCP binding information. 'probePermit' indicates that this ARP flow is logged because it is a permitted ARP-Probe flow." ::= { cdaiLogBufferEntry 7 } cdaiLogBufferLastUpdate OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the timestamp when the last packet of this flow was accounted by the system." ::= { cdaiLogBufferEntry 8 } cdaiLogBufferPacketsCount OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of packets of this ARP flow was accounted by the system." ::= { cdaiLogBufferEntry 9 } -- -- The Dynamic ARP Inspection VLAN Config Table -- cdaiVlanConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CdaiVlanConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the mechanism to control Dynamic ARP Inspection per VLAN. When a VLAN is created in a device supporting this table, a corresponding entry of this table will be added." ::= { cdaiVlan 1 } cdaiVlanConfigEntry OBJECT-TYPE SYNTAX CdaiVlanConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the configuration to enable or disable Dynamic ARP Inspection at each existing VLAN." INDEX { cdaiVlanIndex } ::= { cdaiVlanConfigTable 1 } CdaiVlanConfigEntry ::= SEQUENCE { cdaiVlanIndex VlanIndex, cdaiVlanDynArpInspEnable TruthValue } cdaiVlanIndex OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the VLAN number on which Dynamic ARP Inspection feature is configured." ::= { cdaiVlanConfigEntry 1 } cdaiVlanDynArpInspEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether Dynamic ARP Inspection is enabled in this VLAN. If this object is set to 'true', Dynamic ARP Inspection is enabled. If this object is set to 'false', Dynamic ARP Inspection is disabled." ::= { cdaiVlanConfigEntry 2 } -- -- cdaiVlanCfgTable -- cdaiVlanCfgTable OBJECT-TYPE SYNTAX SEQUENCE OF CdaiVlanCfgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the mechanism to control Dynamic ARP Inspection per VLAN. This table is populated for each existing VLAN in the device as well as non-existing VLANs which contains the Dynamic ARP Inspection configuration." ::= { cdaiVlan 2 } cdaiVlanCfgEntry OBJECT-TYPE SYNTAX CdaiVlanCfgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the Dynamic ARP inspection configuration for a specific VLAN in the device." INDEX { cdaiVlanId } ::= { cdaiVlanCfgTable 1 } CdaiVlanCfgEntry ::= SEQUENCE { cdaiVlanId VlanIndex, cdaiVlanDynArpInspAdmin INTEGER, cdaiVlanDynArpInspOper INTEGER, cdaiVlanFilterArpAclName SnmpAdminString, cdaiVlanFilterArpAclStatic TruthValue, cdaiVlanAclLogging INTEGER, cdaiVlanDhcpBindingLogging INTEGER, cdaiVlanArpProbeLogging TruthValue, cdaiVlanCfgStorageType StorageType, cdaiVlanCfgRowStatus RowStatus } cdaiVlanId OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the VLAN number." ::= { cdaiVlanCfgEntry 1 } cdaiVlanDynArpInspAdmin OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the administrative status of Dynamic ARP Inspection feature in this VLAN. If this object value is 'enable', Dynamic ARP Inspection is enabled. If this object value is 'disable', Dynamic ARP Inspection is disabled." DEFVAL { enable } ::= { cdaiVlanCfgEntry 2 } cdaiVlanDynArpInspOper OBJECT-TYPE SYNTAX INTEGER { active(1), inactive(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the operational status of Dynamic ARP Inspection feature in this VLAN. If this object is 'active', Dynamic ARP Inspection is operationally active. If this object is 'inactive', Dynamic ARP Inspection is operationally inactive." ::= { cdaiVlanCfgEntry 3 } cdaiVlanFilterArpAclName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies an ARP ACL name that Dynamic ARP Inspection feature uses to check the validity of the bindings information in ARP body. An emptry string indicates that no such ARP ACL is configured for this purpose." DEFVAL { "" } ::= { cdaiVlanCfgEntry 4 } cdaiVlanFilterArpAclStatic OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies whether the ARP ACL denoted by cdaiVlanFilterArpAclName is statically applied by Dynamic ARP Inspection feature. This object does not take effect if value of cdaiVlanFilterArpAclName on the row is an empty string. 'true' indicates that ARP ACL is applied statically. The action (denied or permitted) results from applying the ARP ACL is final and ARP packet is not compared against DHCP bindings information. 'false' indicates ARP ACL is not applied statically. If ARP packet is not explicitly classified by ARP ACL, it will be compared against DHCP bindings information." DEFVAL { false } ::= { cdaiVlanCfgEntry 5 } cdaiVlanAclLogging OBJECT-TYPE SYNTAX INTEGER { none(1), aclMatch(2), deny(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the logging configuration that Dynamic ARP Inspection feature applies to ARP packets when they are classified by the configured ACL. 'none' indicates that no logging is performed when packets are classified by the configured ACL. 'aclMatch' indicates that logging is performed when packets are classified by the configured ACL and the matched ACE specified a logging action. 'deny' indicates that logging is performed when packets is denied by the configured ACL." DEFVAL { deny } ::= { cdaiVlanCfgEntry 6 } cdaiVlanDhcpBindingLogging OBJECT-TYPE SYNTAX INTEGER { none(1), permit(2), deny(3), all(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies packet logging configuration performed by Dynamic ARP Inspection feature when ARP packets is compared against DHCP bindings information. 'none' indicates that no packet logging is performed. 'permit' indicates that packet logging is performed only for packets that are permitted as a result of comparing with DHCP bindings information. 'deny' indicates that packet logging is performed only for packets that are denied as a result of comparing with DHCP bindings information. 'all' indicates that packet logging is performed for all packets that are permitted or denied as a result of comparing with DHCP bindings information." DEFVAL { deny } ::= { cdaiVlanCfgEntry 7 } cdaiVlanArpProbeLogging OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The objects specifies if ARP-Probe packets will be logged by Dynamic ARP Inspection feature. 'true' indicates ARP-Probe packets will be logged. 'false' indicates ARP-Probe packets will not be logged." DEFVAL { false } ::= { cdaiVlanCfgEntry 8 } cdaiVlanCfgStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The objects specifies the storage type for this conceptual row." DEFVAL { volatile } ::= { cdaiVlanCfgEntry 9 } cdaiVlanCfgRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row entry. This object is used to manage creation and deletion of rows in this table. Deletion of an entry in this table is only allowed if the VLAN indicated by its row index object does not exist in the device. Writable objects can be modified at any time even while the row is active." ::= { cdaiVlanCfgEntry 10 } -- -- The Dynamic ARP Inspection Interface Config Table -- cdaiIfConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CdaiIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the mechanism to configure the trust state for Dynamic ARP Inspection purpose at each physical interface capable of this feature. Some of the interfaces (but not limited to) for which this feature might be applicable are: ifType = ethernetCsmacd(6)." ::= { cdaiInterface 1 } cdaiIfConfigEntry OBJECT-TYPE SYNTAX CdaiIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the configuration to enable or disable trust state for Dynamic ARP Inspection at each physical interface capable of this feature." INDEX { ifIndex } ::= { cdaiIfConfigTable 1 } CdaiIfConfigEntry ::= SEQUENCE { cdaiIfTrustEnable TruthValue } cdaiIfTrustEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether the interface is trusted for Dynamic ARP Inspection purpose. If this object is set to 'true', the interface is trusted. ARP packets coming to this interface will be forwarded without checking. If this object is set to 'false', the interface is not trusted. ARP packets coming to this interface will be subjected to ARP inspection." ::= { cdaiIfConfigEntry 1 } -- -- The Dynamic ARP Inspection Rate Limit Interface Config Table -- cdaiIfRateLimitTable OBJECT-TYPE SYNTAX SEQUENCE OF CdaiIfRateLimitEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the mechanism to configure the rate limit for Dynamic ARP Inspection purpose at each physical interface capable of this feature." ::= { cdaiInterface 2 } cdaiIfRateLimitEntry OBJECT-TYPE SYNTAX CdaiIfRateLimitEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the configuration of rate limit Dynamic ARP Inspection at each physical interface capable of this feature." INDEX { ifIndex } ::= { cdaiIfRateLimitTable 1 } CdaiIfRateLimitEntry ::= SEQUENCE { cdaiIfRateLimit Unsigned32 } cdaiIfRateLimit OBJECT-TYPE SYNTAX Unsigned32 UNITS "packet per second" MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates rate limit value for Dynamic ARP Inspection purpose. If the incoming rate of ARP packets exceeds the value of this object, ARP packets will be dropped. " ::= { cdaiIfRateLimitEntry 1 } -- -- cdaiVlanStatsTable -- cdaiVlanStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF CdaiVlanStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table lists the Dynamic Arp Inspection statistics per VLAN." ::= { cdaiStatistics 1 } cdaiVlanStatsEntry OBJECT-TYPE SYNTAX CdaiVlanStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains Dynamic ARP Inspection statistics information for each VLAN." INDEX { cdaiVlanStatsIndex } ::= { cdaiVlanStatsTable 1 } CdaiVlanStatsEntry ::= SEQUENCE { cdaiVlanStatsIndex VlanIndex, cdaiVlanForwarded Counter32, cdaiVlanDropped Counter32, cdaiVlanAclPermitted Counter32, cdaiVlanDhcpBindingsPermitted Counter32, cdaiVlanAclDenied Counter32, cdaiVlanDhcpBindingDenied Counter32, cdaiVlanSrcMacValidationFailures Counter32, cdaiVlanDestMacValidationFailures Counter32, cdaiVlanIpValidationFailures Counter32, cdaiVlanArpProbePermitted Counter32, cdaiVlanInvalidProtocolData Counter32 } cdaiVlanStatsIndex OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the VLAN number." ::= { cdaiVlanStatsEntry 1 } cdaiVlanForwarded OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of ARP packets forwarded by Dynamic Arp Inspection feature." ::= { cdaiVlanStatsEntry 2 } cdaiVlanDropped OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of ARP packets dropped by Dynamic ARP Inspection feature." ::= { cdaiVlanStatsEntry 3 } cdaiVlanAclPermitted OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of ARP packets permitted by the configured ACL." ::= { cdaiVlanStatsEntry 4 } cdaiVlanDhcpBindingsPermitted OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of DHCP-binding permitted ARP packets." ::= { cdaiVlanStatsEntry 5 } cdaiVlanAclDenied OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of ARP packets denied by the configured ACL." ::= { cdaiVlanStatsEntry 6 } cdaiVlanDhcpBindingDenied OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of DHCP-binding denied ARP packets." ::= { cdaiVlanStatsEntry 7 } cdaiVlanSrcMacValidationFailures OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of ARP packets that fail source MAC address validation." ::= { cdaiVlanStatsEntry 8 } cdaiVlanDestMacValidationFailures OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of ARP packets that fail destination MAC address validation." ::= { cdaiVlanStatsEntry 9 } cdaiVlanIpValidationFailures OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of ARP packets that fail IP validation." ::= { cdaiVlanStatsEntry 10 } cdaiVlanArpProbePermitted OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of ARP Probe packets that are permitted." ::= { cdaiVlanStatsEntry 11 } cdaiVlanInvalidProtocolData OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of ARP packets that contain invalid protocol data." ::= { cdaiVlanStatsEntry 12 } -- Conformance cdaiMIBCompliances OBJECT IDENTIFIER ::= { cdaiMIBConformance 1 } cdaiMIBGroups OBJECT IDENTIFIER ::= { cdaiMIBConformance 2 } cdaiMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for CISCO-DYNAMIC-ARP-INSPECTION-MIB. This compliance is superceded by cdaiMIBCompliance1." MODULE MANDATORY-GROUPS { cdaiVlanConfigGroup, cdaiIfConfigGroup } GROUP cdaiGlobalLoggingGroup DESCRIPTION "This group is mandatory only for the platform which supports enabling Dynamic ARP Inspection logging at the device level." GROUP cdaiIfRateLimitGroup DESCRIPTION "This group is mandatory only for the platform which supports Dynamic ARP Inspection rate limit per interface." ::= { cdaiMIBCompliances 1 } cdaiMIBCompliance1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for CISCO-DYNAMIC-ARP-INSPECTION-MIB" MODULE MANDATORY-GROUPS { cdaiVlanCfgGroup, cdaiIfConfigGroup } GROUP cdaiVlanConfigGroup DESCRIPTION "This group is mandatory only for the platform which supports enabling Dynamic ARP Inspection per VLAN." GROUP cdaiGlobalLoggingGroup DESCRIPTION "This group is mandatory only for the platform which supports enabling Dynamic ARP Inspection logging at the device level." GROUP cdaiIfRateLimitGroup DESCRIPTION "This group is mandatory only for the platform which supports Dynamic ARP Inspection rate limit per interface." GROUP cdaiLoggingConfigGroup DESCRIPTION "This group is mandatory only for the platform which supports Dynamic ARP Inspection logging configuration." GROUP cdaiAddressValidationGroup DESCRIPTION "This group is mandatory only for the platform which supports address validation configuration." GROUP cdaiLogBufferGroup DESCRIPTION "This group is mandatory only for the platform which supports log buffer information for Dynamic ARP Inspection feature." GROUP cdaiVlanStatisticsGroup DESCRIPTION "This group is mandatory only for the platform which supports Dynamic ARP Inspection statistics per VLAN." GROUP cdaiVlanExtStatisticsGroup DESCRIPTION "This group is mandatory only for the platform which supports additional Dynamic ARP Inspection statistics per VLAN." GROUP cdaiVlanArpProbeGroup DESCRIPTION "This group is mandatory only for the platform which supports VLAN configuration for ARP Probe packets." GROUP cdaiLogBufferActionGroup DESCRIPTION "This group is mandatory only for the platform which supports log buffer action." OBJECT cdaiVlanDynArpInspEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiVlanDynArpInspAdmin MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiVlanFilterArpAclName MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiVlanFilterArpAclStatic MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiVlanAclLogging MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiVlanDhcpBindingLogging MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiVlanCfgStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiVlanCfgRowStatus SYNTAX INTEGER { active(1) } WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "Read-create access is not required." OBJECT cdaiIfTrustEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiLoggingEnable MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiIfRateLimit MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiLogBufferSize MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiLoggingRate MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiLoggingInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiAddressValidate MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiVlanArpProbeLogging MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cdaiLogBufferAction MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { cdaiMIBCompliances 2 } -- Units of Conformance -- cdaiGlobalGroup cdaiGlobalLoggingGroup OBJECT-GROUP OBJECTS { cdaiLoggingEnable } STATUS current DESCRIPTION "A collection of object which is used to configure Dynamic ARP Inspection logging." ::= { cdaiMIBGroups 1 } cdaiVlanConfigGroup OBJECT-GROUP OBJECTS { cdaiVlanDynArpInspEnable } STATUS current DESCRIPTION "A collection of object which are used to configure as well as show information regarding the Dynamic ARP Inspection feature per VLAN." ::= { cdaiMIBGroups 2 } cdaiIfConfigGroup OBJECT-GROUP OBJECTS { cdaiIfTrustEnable } STATUS current DESCRIPTION "A collection of object which are used to configure as well as show information regarding the interface trust state for Dynamic ARP Inspection purpose." ::= { cdaiMIBGroups 3 } cdaiIfRateLimitGroup OBJECT-GROUP OBJECTS { cdaiIfRateLimit } STATUS current DESCRIPTION "A collection of object which are used to configure as well as show information regarding the rate limit per interface for Dynamic ARP Inspection purpose." ::= { cdaiMIBGroups 4 } cdaiLoggingConfigGroup OBJECT-GROUP OBJECTS { cdaiLogBufferSize, cdaiLoggingRate, cdaiLoggingInterval } STATUS current DESCRIPTION "A collection of object which provides logging configuration for Dynamic ARP Inspection feature." ::= { cdaiMIBGroups 5 } cdaiAddressValidationGroup OBJECT-GROUP OBJECTS { cdaiAddressValidate } STATUS current DESCRIPTION "A collection of object which provides address validation configuration for Dynamic ARP Inspection feature." ::= { cdaiMIBGroups 6 } cdaiVlanCfgGroup OBJECT-GROUP OBJECTS { cdaiVlanDynArpInspAdmin, cdaiVlanDynArpInspOper, cdaiVlanFilterArpAclName, cdaiVlanFilterArpAclStatic, cdaiVlanAclLogging, cdaiVlanDhcpBindingLogging, cdaiVlanCfgStorageType, cdaiVlanCfgRowStatus } STATUS current DESCRIPTION "A collection of object which provides additional VLAN configuration for Dynamic ARP Inspection feature." ::= { cdaiMIBGroups 7 } cdaiVlanStatisticsGroup OBJECT-GROUP OBJECTS { cdaiVlanForwarded, cdaiVlanDropped, cdaiVlanAclPermitted, cdaiVlanDhcpBindingsPermitted, cdaiVlanAclDenied, cdaiVlanDhcpBindingDenied, cdaiVlanSrcMacValidationFailures, cdaiVlanDestMacValidationFailures, cdaiVlanIpValidationFailures } STATUS current DESCRIPTION "A collection of object which provides Dynamic ARP Inspection statistics per VLAN." ::= { cdaiMIBGroups 8 } cdaiLogBufferGroup OBJECT-GROUP OBJECTS { cdaiLogBufferInterface, cdaiLogBufferVlan, cdaiLogBufferSenderMacAddress, cdaiLogBufferSenderAddressType, cdaiLogBufferSenderIpAddress, cdaiLogBufferReason, cdaiLogBufferLastUpdate, cdaiLogBufferPacketsCount } STATUS current DESCRIPTION "A collection of object which provides logging information for Dynamic ARP Inspection feature." ::= { cdaiMIBGroups 9 } cdaiVlanExtStatisticsGroup OBJECT-GROUP OBJECTS { cdaiVlanArpProbePermitted, cdaiVlanInvalidProtocolData } STATUS current DESCRIPTION "A collection of object which provides additional Dynamic ARP Inspection statistics per VLAN." ::= { cdaiMIBGroups 10 } cdaiVlanArpProbeGroup OBJECT-GROUP OBJECTS { cdaiVlanArpProbeLogging } STATUS current DESCRIPTION "A collection of object which provides additional VLAN configuration for ARP Probe packets." ::= { cdaiMIBGroups 11 } cdaiLogBufferActionGroup OBJECT-GROUP OBJECTS { cdaiLogBufferAction } STATUS current DESCRIPTION "A collection of object which provides log buffer action." ::= { cdaiMIBGroups 12 } END