-- Title: Fibronics' MIB -- MIB Module : Private MIB for NM349 Security -- Version : V1.0 -- Date : Jan 1, 1995 -- By : Gadi K. -- Contact : Edna Ganon -- Email: : edna@fibronics.co.il -- -- Copyright (c) 1991 Fibronics International Hub-rptr-prvt-sec DEFINITIONS ::= BEGIN private OBJECT IDENTIFIER ::= { internet 4 } enterprises OBJECT IDENTIFIER ::= { private 1 } fibronics OBJECT IDENTIFIER ::= { enterprises 22 } mibs OBJECT IDENTIFIER ::= { fibronics 101 } mibseth-rptrs OBJECT IDENTIFIER ::= { mibs 8 } rptrSecurityInfo OBJECT IDENTIFIER ::= { mibseth-rptrs 5 } rptrSecurityPortInfo OBJECT IDENTIFIER ::= { mibseth-rptrs 6 } rptrSecurityMACInfo OBJECT IDENTIFIER ::= { mibseth-rptrs 7 } --------------------------------------------------- -- repeater Security MIB --------------------------------------------------- ---------------------------------------------------------------------- -- The permanent repeater security Group Table ---------------------------------------------------------------------- prptrSecurityGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF PrptrSecurityGroupEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of descriptive and status information about the global security as represented in the non-volatile memory." ::= { rptrSecurityInfo 1 } prptrSecurityGroupEntry OBJECT-TYPE SYNTAX PrptrSecurityGroupEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the table, containing information about the security of a single group." INDEX { prptrSecurityGroupIndex } ::= { prptrSecurityGroupTable 1 } PrptrSecurityGroupEntry ::= SEQUENCE { prptrSecurityGroupIndex INTEGER , prptrSecurityGroupAdminState INTEGER , prptrSecurityGroupAutoLearnMode INTEGER , prptrSecurityGroupBroadcastMode INTEGER , prptrSecurityGroupMulticastMode INTEGER , prptrSecurityGroupDisPortMode INTEGER , prptrSecurityGroupRandomMode INTEGER , prptrSecurityGroupDAMismatch INTEGER , prptrSecurityGroupSAMismatch INTEGER , prptrSecurityAutoRplaceMode INTEGER , prptrSecurityAllPortsAdmin INTEGER } prptrSecurityGroupIndex OBJECT-TYPE SYNTAX INTEGER (1..1024) ACCESS read-only STATUS mandatory DESCRIPTION "This object uniquely identifies the group for which this entry contains information. The group index is directly related to the repeater ID within the said system." ::= { prptrSecurityGroupEntry 1 } prptrSecurityGroupAdminState OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this object is set to enable(2) the repeater will allow the implementation of the security features according to port specific objects. When this object is set to disable(3) the repeater will disable the implementation of the security feature. The value other(1) is returned whenever the admin state is unknown. This value may not be written into the agent. Whenever this object is set to disable(3) the repeater will act as if the following objects have the following values: rptrSecurityAutoLearnMode = disable(3), rptrSecurityBroadcastMode = accept(2), rptrSecurityMulticastMode = accept(2), rptrSecurityRandomMode = disable(3). Whenever this object has the value of enable(2) the repeater security will function according to the object's specific values. (i.e it's a global 'switch')." ::= { prptrSecurityGroupEntry 2 } prptrSecurityGroupAutoLearnMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this variable is set to enable(2) the repeater will enable auto learn mode for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. When this variable is set to disable(3) the repeater will disable auto learn mode for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. The value other(1) is returned whenever the auto learn mode is unknown. This value may not be written into the agent." ::= { prptrSecurityGroupEntry 3 } prptrSecurityGroupBroadcastMode OBJECT-TYPE SYNTAX INTEGER { other(1), accept(2), reject(3) } ACCESS read-write STATUS mandatory DESCRIPTION " Setting this variable to accept(2) will change the value of the object prptrSecurityPortBroadcastMode to accept(2) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. Setting this variable to reject(3) will change the value of the object prptrSecurityPortBroadcastMode to reject(3) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. The value other(1) is returned whenever the broadcast mode is unknown. This value should not be written into the agent." ::= { prptrSecurityGroupEntry 4 } prptrSecurityGroupMulticastMode OBJECT-TYPE SYNTAX INTEGER { other(1), accept(2), reject(3) } ACCESS read-write STATUS mandatory DESCRIPTION " Setting this variable to accept(2) will change the value of the object prptrSecurityPortMulticastMode to accept(2) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. Setting this variable to reject(3) will change the value of the object prptrSecurityPortMulticastMode to reject(3) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. The value other(1) is returned whenever the broadcast mode is unknown. This value should not be written into the agent." ::= { prptrSecurityGroupEntry 5 } prptrSecurityGroupDisPortMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this variable is set to disable(3) the repeater will NOT disable the port on a source address mismatch. When this variable is set to enable(2) the repeater will disable the port on which a source address mismatch is detected. The value other(1) is returned whenever the rptrSecurityDisPortMode is unknown. This value should not be written into the agent." ::= { prptrSecurityGroupEntry 6 } prptrSecurityGroupRandomMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this variable is set to enable(2) the repeater will generate the random pattern on a source address mismatch. When this variable is set to disable(3) The repeater will NOT generate the random pattern on a source address mismatch. The value other(1) is returned whenever the rptrSecurityRandomMode is unknown. This value should not be written into the agent." ::= { prptrSecurityGroupEntry 7 } prptrSecurityGroupDAMismatch OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION " Setting this variable to enable(2) will change the value of the object prptrSecurityPortDAMismatch to enable(2) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. Setting this variable to disable(3) will change the value of the object prptrSecurityPortDAMismatch to disable(3) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. The value other(1) is returned whenever the broadcast mode is unknown. This value should not be written into the agent." ::= { prptrSecurityGroupEntry 8 } prptrSecurityGroupSAMismatch OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION " Setting this variable to enable(2) will change the value of the object prptrSecurityPortSAMismatch to enable(2) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. Setting this variable to disable(3) will change the value of the object prptrSecurityPortSAMismatch to disable(3) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. The value other(1) is returned whenever the broadcast mode is unknown. This value should not be written into the agent." ::= { prptrSecurityGroupEntry 9 } prptrSecurityAutoRplaceMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION " Setting this variable to enable(2) will change the value of the object prptrSecurityPortAutoRplceMode to enable(2) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. Setting this variable to disable(3) will change the value of the object prptrSecurityPortAutoRplceMode to disable(3) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. The value other(1) is returned whenever the broadcast mode is unknown. This value should not be written into the agent." ::= { prptrSecurityGroupEntry 10 } prptrSecurityAllPortsAdmin OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION " Setting this variable to enable(2) will change the value of the object prptrSecurityPortAdminState to enable(2) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. Setting this variable to disable(3) will change the value of the object prptrSecurityPortAdminState to disable(3) for all 10BASET ports in LC342S card, and for ports 1-8 in LC348S card. The value other(1) is returned whenever the broadcast mode is unknown. This value should not be written into the agent." ::= { prptrSecurityGroupEntry 11 } ----------------------------------------------------------------------- -- Repeater operational security group info ----------------------------------------------------------------------- rptrSecurityGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF RptrSecurityGroupEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of the operational status information of the global security as represented in the security hardware." ::= { rptrSecurityInfo 2 } rptrSecurityGroupEntry OBJECT-TYPE SYNTAX RptrSecurityGroupEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the table, containing information about the global security status of a single group." INDEX { rptrSecurityGroupIndex } ::= { rptrSecurityGroupTable 1 } RptrSecurityGroupEntry ::= SEQUENCE { rptrSecurityGroupIndex INTEGER , rptrSecurityGroupOperState INTEGER , rptrSecurityGroupAutoLearnMode INTEGER , rptrSecurityGroupDisPortMode INTEGER , rptrSecurityGroupRandomMode INTEGER } rptrSecurityGroupIndex OBJECT-TYPE SYNTAX INTEGER (1..1024) ACCESS read-only STATUS mandatory DESCRIPTION "This object uniquely identifies the group for which this entry contains information. The group index is directly related to the repeater ID within the said system." ::= { rptrSecurityGroupEntry 1 } rptrSecurityGroupOperState OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-only STATUS mandatory DESCRIPTION "This object reflects the operational state of the security feature within the repeater. the operational state is set by specifying a value for prptrSecurityGroupAdminState. The value other(1) is returned whenever the operational state is unknown." ::= { rptrSecurityGroupEntry 2 } rptrSecurityGroupAutoLearnMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-only STATUS mandatory DESCRIPTION "When variable value is enable(2) the repeater enables auto learn mode for all 10BASET ports on LC342 cards, and for ports 1-8 in LC348S card. When value is disable(3) the repeater will disable auto learn mode for all 10BASET ports in LC342S cards, and for ports 1-8 in LC348S card. The value other(1) is returned whenever the auto learn mode is unknown." ::= { rptrSecurityGroupEntry 3 } rptrSecurityGroupDisPortMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-only STATUS mandatory DESCRIPTION "When variable value is disable(3) the repeater does NOT disable the port on a source address mismatch. When variable value is enable(3) the repeater will disable the port on which a source address mismatch is detected. The value other(1) is returned whenever the rptrSecurityDisPortMode is unknown." ::= { rptrSecurityGroupEntry 4 } rptrSecurityGroupRandomMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-only STATUS mandatory DESCRIPTION "When variable value is enable(2) the repeater generates the random pattern on a source address mismatch. When value is disable(3) the repeater does NOT generate the random pattern on a source address mismatch. The value other(1) is returned whenever the rptrSecurityRandomMode is unknown." ::= { rptrSecurityGroupEntry 5 } ---------------------------------------------------------------------- -- The permanent repeater security port Table ---------------------------------------------------------------------- prptrSecurityPortTable OBJECT-TYPE SYNTAX SEQUENCE OF PrptrSecurityPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of descriptive and status information about the security of ports as represented in the non-volatile memory." ::= { rptrSecurityPortInfo 1 } prptrSecurityPortEntry OBJECT-TYPE SYNTAX PrptrSecurityPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the table, containing information about the security of a single port." INDEX { prptrSecurityPortGroupIndex , prptrSecurityPortIndex } ::= { prptrSecurityPortTable 1 } PrptrSecurityPortEntry ::= SEQUENCE { prptrSecurityPortGroupIndex INTEGER , prptrSecurityPortIndex INTEGER , prptrSecurityPortAdminState INTEGER , prptrSecurityPortAutoLearnMode INTEGER , prptrSecurityPortBroadcastMode INTEGER , prptrSecurityPortMulticastMode INTEGER , prptrSecurityPortSAMismatch INTEGER , prptrSecurityPortDAMismatch INTEGER , prptrSecurityPortMAC1state INTEGER , prptrSecurityPortMAC1Address PhysAddress , prptrSecurityPortMAC2state INTEGER , prptrSecurityPortMAC2Address PhysAddress, prptrSecurityPortAutoRplaceMode INTEGER } prptrSecurityPortGroupIndex OBJECT-TYPE SYNTAX INTEGER (1..1024) ACCESS read-only STATUS mandatory DESCRIPTION "This object uniquely identifies the group for which this entry contains information. The group index is directly related to the repeater ID within the said system." ::= { prptrSecurityPortEntry 1 } prptrSecurityPortIndex OBJECT-TYPE SYNTAX INTEGER (1..1024) ACCESS read-only STATUS mandatory DESCRIPTION "This object identifies the port within the repeater for which this entry contains information." ::= { prptrSecurityPortEntry 2 } prptrSecurityPortAdminState OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this object is set to enable(2) the port allows the employment of security according to the specific objects. When this object is set to disable(3) the port stops employing security. The value other(1) is returned whenever the admin state is unknown. This value may not be written into the agent. Whenever this object is set to disable(3) the repeater port acts as if the following objects have the following values: prptrSecurityPortAutoLearnMode = disable(3), prptrSecurityPortBroadcastMode = accept(2), prptrSecurityPortMulticastMode = accept(2), prptrSecurityPortSAMismatch = disable(3), prptrSecurityPortDAMismatch = disable(3). Whenever this object has the value of enable(2) the repeater port security functions according to the object's specific values." ::= { prptrSecurityPortEntry 3 } prptrSecurityPortAutoLearnMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this variable is set to enable(2) the port functions in auto learn mode. When this variable is set to disable(3) the port does NOT function in auto learn mode. The value other(1) is returned whenever the learn mode is unknown. This value may not be written into the agent." ::= { prptrSecurityPortEntry 4 } prptrSecurityPortBroadcastMode OBJECT-TYPE SYNTAX INTEGER { other(1), accept(2), reject(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this variable is set to accept(2) the port accepts broadcast frames and repeats them to all ports. When the following objects have the values: prptrSecurityPortBroadcastMode = reject(3) prptrSecurityPortMulticastMode = reject(3) prptrSecurityPortDAMismatch = enable(2) the destination port will replace broadcast frames with random packets. The value other(1) is returned whenever the broadcast mode is unknown. This value should not be written into the agent." ::= { prptrSecurityPortEntry 5 } prptrSecurityPortMulticastMode OBJECT-TYPE SYNTAX INTEGER { other(1), accept(2), reject(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this variable is set to accept(2) the port accepts multicast frames and repeats them to all ports. When the following objects have the values: prptrSecurityPortMulticastMode = reject(3) prptrSecurityPortDAMismatch = enable(2) the destination port will replace broadcast frames with random packets. The value other(1) is returned whenever the multicast mode is unknown. This value should not be written into the agent." ::= { prptrSecurityPortEntry 6 } prptrSecurityPortSAMismatch OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this variable is set to enable(2) the port employs source address comparison to implement security, meaning that whenever a packet is received on the port, the source address is compared to the security addresses, and if it does not match one of the MAC entries then SA mismatch will be reported. When this variable is set to disable(3) the port does NOT employ source address comparison to implement security, meaning that whenever a packet is received on the port, NO source address comparison is performed and therefore no mismatches are reported. The value other(1) is returned whenever the SA mismatch mode is unknown. This value should not be written into the agent." ::= { prptrSecurityPortEntry 7 } prptrSecurityPortDAMismatch OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION "When this variable is set to enable(2) the port employs destination address comparison to implement security, meaning that whenever a packet needs to be send to the port, the destination address of the packet is compared and if it does not match one of the MAC entries then DA mismatch is detected. If a DA mismatch is detected, and the object prptrSecurityGroupRandomMode is set to enable(2) then a random sequence is sent to that port. if the destination address matches one of the port MAC entries then the packet is transmitted to the port without modification. When this variable is set to disable(3) the port does NOT employ destination address comparison to implement security. The value other(1) is returned whenever the DA mode is unknown. This value should not be written into the agent." ::= { prptrSecurityPortEntry 8 } prptrSecurityPortMAC1state OBJECT-TYPE SYNTAX INTEGER { other(1), valid(2), not-valid(3) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines whether the first MAC entry for this port is valid or not. whenever this entry is set to valid(2) the prptrSecurityPortMAC1address cannot be changed. The value other(1) should be returned whenever the value of this object is unknown. This value should not be written to the agent." ::= { prptrSecurityPortEntry 9 } prptrSecurityPortMAC1Address OBJECT-TYPE SYNTAX PhysAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object holds the Ethernet physical address associated with MAC1 of this port." ::= { prptrSecurityPortEntry 10 } prptrSecurityPortMAC2state OBJECT-TYPE SYNTAX INTEGER { other(1), valid(2), not-valid(3) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines whether the second MAC entry for this port is valid or not. whenever this entry is set to valid(2) the prptrSecurityPortMAC2address cannot be changed. The value other(1) should be returned whenever the value of this object is unknown. This value should not be written to the agent." ::= { prptrSecurityPortEntry 11 } prptrSecurityPortMAC2Address OBJECT-TYPE SYNTAX PhysAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object holds the Ethernet physical address associated with MAC2 of this port." ::= { prptrSecurityPortEntry 12 } prptrSecurityPortAutoRplaceMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-write STATUS mandatory DESCRIPTION "Whenever this object is set to enable(2) the cam address entry for the port is automatically replaced by addresses received at that port which cause address mismatch. The replacement is effective only when both cam entries are valid. Whenever this object is set to disable(3), once the cam entries become valid they are never replaced. The value other(1) is returned whenever the auto replace mode is unknown. This value should not be written into the agent." ::= { prptrSecurityPortEntry 13 } ---------------------------------------------------------------------- -- The repeater operational security port Table ---------------------------------------------------------------------- rptrSecurityPortTable OBJECT-TYPE SYNTAX SEQUENCE OF RptrSecurityPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of the operational information of the ports' security status as represented in the security hardware." ::= { rptrSecurityPortInfo 2 } rptrSecurityPortEntry OBJECT-TYPE SYNTAX RptrSecurityPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the table, containing information about the security of a single port." INDEX { rptrSecurityPortGroupIndex , rptrSecurityPortIndex } ::= { rptrSecurityPortTable 1 } RptrSecurityPortEntry ::= SEQUENCE { rptrSecurityPortGroupIndex INTEGER , rptrSecurityPortIndex INTEGER , rptrSecurityPortOperState INTEGER , rptrSecurityPortAutoLearnMode INTEGER , rptrSecurityPortBroadcastMode INTEGER , rptrSecurityPortMulticastMode INTEGER , rptrSecurityPortSAMismatch INTEGER , rptrSecurityPortDAMismatch INTEGER , rptrSecurityPortSAMismatches Counter , rptrSecurityPortLastSAMismatch PhysAddress , rptrSecurityPortMAC1state INTEGER , rptrSecurityPortMAC1Address PhysAddress , rptrSecurityPortMAC2state INTEGER , rptrSecurityPortMAC2Address PhysAddress } rptrSecurityPortGroupIndex OBJECT-TYPE SYNTAX INTEGER (1..1024) ACCESS read-only STATUS mandatory DESCRIPTION "This object uniquely identifies the group for which this entry contains information. The group index is directly related to the repeater ID within the said system." ::= { rptrSecurityPortEntry 1 } rptrSecurityPortIndex OBJECT-TYPE SYNTAX INTEGER (1..1024) ACCESS read-only STATUS mandatory DESCRIPTION "This object identifies the port within the repeater for which this entry contains information." ::= { rptrSecurityPortEntry 2 } rptrSecurityPortOperState OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-only STATUS mandatory DESCRIPTION "This object reflects the operational state of the security feature of the port. The value other(1) is returned whenever the operational state is unknown." ::= { rptrSecurityPortEntry 3 } rptrSecurityPortAutoLearnMode OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-only STATUS mandatory DESCRIPTION "When this variable value is enable(2) the port functions in auto learn mode. When disable(3) the port does not function in auto learn mode. The value other(1) will be returned whenever the learn mode is unknown." ::= { rptrSecurityPortEntry 4 } rptrSecurityPortBroadcastMode OBJECT-TYPE SYNTAX INTEGER { other(1), accept(2), reject(3) } ACCESS read-only STATUS mandatory DESCRIPTION " When variable value is accept(2) the port accepts broadcast frames and repeats them to all ports. When value is reject(3), and the following objects have the values: prptrSecurityPortMulticastMode = reject(3) prptrSecurityPortDAMismatch = enable(2) the port replaces broadcast frames with random packets. The value other(1) is returned whenever the broadcast mode is unknown." ::= { rptrSecurityPortEntry 5 } rptrSecurityPortMulticastMode OBJECT-TYPE SYNTAX INTEGER { other(1), accept(2), reject(3) } ACCESS read-only STATUS mandatory DESCRIPTION "When variable value is accept(2) the port accepts multicast frames and repeats them to all ports. When value is reject(3) and the value of the object prptrSecurityPortDAMismatch is enabled(2), the port replaces multicast frames with random packets. The value other(1) is returned whenever the multicast mode is unknown." ::= { rptrSecurityPortEntry 6 } rptrSecurityPortSAMismatch OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-only STATUS mandatory DESCRIPTION "When variable value is enable(2) the port employs source address comparison to implement security, meaning that whenever a packet is received on the port, the source address is compared and if it does not match one of the MAC entries then SA mismatch is reported. When value is disable(3) the port does not employ source address comparison to implement security, meaning that whenever a packet is received on the port, NO source address comparison is made and therefore no mismatches are reported. The value other(1) is returned whenever the SA mismatch mode is unknown." ::= { rptrSecurityPortEntry 7 } rptrSecurityPortDAMismatch OBJECT-TYPE SYNTAX INTEGER { other(1), enable(2), disable(3) } ACCESS read-only STATUS mandatory DESCRIPTION "When variable value is enable(2) the port employs destination address comparison to implement security, meaning that whenever a packet needs to be send to the port, the destination address of the packet is compared to the security addresses, and if it does not match one of the security MAC entries then DA mismatch is detected. If a DA mismatch is detected, and the object prptrSecurityGroupRandomMode is set to enable(2) then a random sequence is sent to that port. If the destination address matches one of the port MAC entries then the packet is transmitted to the port without modification. When value is disable(3) the port does not employ destination address to implement security. The value other(1) is returned whenever the DA mode is unknown." ::= { rptrSecurityPortEntry 8 } rptrSecurityPortSAMismatches OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "This object counts the number of times that the source address mismatch event occurred for that port." ::= { rptrSecurityPortEntry 9 } rptrSecurityPortLastSAMismatch OBJECT-TYPE SYNTAX PhysAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object holds the last source address received on the port which caused a source address mismatch." ::= { rptrSecurityPortEntry 10 } rptrSecurityPortMAC1state OBJECT-TYPE SYNTAX INTEGER { other(1), valid(2), not-valid(3) } ACCESS read-only STATUS mandatory DESCRIPTION "This object defines whether the first MAC entry for this port is valid or not. The value other(1) should be returned whenever the value of this object is unknown." ::= { rptrSecurityPortEntry 11 } rptrSecurityPortMAC1Address OBJECT-TYPE SYNTAX PhysAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object holds the Ethernet physical address associated with MAC1 of this port." ::= { rptrSecurityPortEntry 12 } rptrSecurityPortMAC2state OBJECT-TYPE SYNTAX INTEGER { other(1), valid(2), not-valid(3) } ACCESS read-only STATUS mandatory DESCRIPTION "This object defines whether the second MAC entry for this port is valid or not. The value other(1) should be returned whenever the value of this object is unknown." ::= { rptrSecurityPortEntry 13 } rptrSecurityPortMAC2Address OBJECT-TYPE SYNTAX PhysAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object holds the Ethernet physical address associated with MAC2 of this port." ::= { rptrSecurityPortEntry 14 } ---------------------------------------------------------------------- -- The permanent repeater security MAC Table ---------------------------------------------------------------------- prptrSecurityMACTable OBJECT-TYPE SYNTAX SEQUENCE OF PrptrSecurityMACEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of descriptive and status information about the security shared MAC table as stored in the non-volatile memory. Maximum number of entries in this table is 32. This table represents the values in the non-volatile memory" ::= { rptrSecurityMACInfo 1 } prptrSecurityMACEntry OBJECT-TYPE SYNTAX PrptrSecurityMACEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the table, containing information about a single MAC entry." INDEX { prptrSecurityMACGroupIndex , prptrSecurityMACEntryIndex } ::= { prptrSecurityMACTable 1 } PrptrSecurityMACEntry ::= SEQUENCE { prptrSecurityMACGroupIndex INTEGER , prptrSecurityMACEntryIndex INTEGER , prptrSecurityMACPhysicalAddress PhysAddress, prptrSecurityMACState INTEGER , prptrSecurityMACPortMap INTEGER } prptrSecurityMACGroupIndex OBJECT-TYPE SYNTAX INTEGER (1..1024) ACCESS read-only STATUS mandatory DESCRIPTION "This object uniquely identifies the group for which this entry contains information. The group index is directly related to the repeater ID within the said system." ::= { prptrSecurityMACEntry 1 } prptrSecurityMACEntryIndex OBJECT-TYPE SYNTAX INTEGER (1..32) ACCESS read-only STATUS mandatory DESCRIPTION "This object identifies the entry containing the information." ::= { prptrSecurityMACEntry 2 } prptrSecurityMACPhysicalAddress OBJECT-TYPE SYNTAX PhysAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object holds the Ethernet physical address associated with this MAC entry." ::= { prptrSecurityMACEntry 3 } prptrSecurityMACState OBJECT-TYPE SYNTAX INTEGER { other(1), valid(2), not-valid(3) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines whether this MAC entry is valid or not. whenever this entry is set to valid(2) other objects for this entry cannot be changed. The value other(1) should be returned whenever the value of this object is unknown. This value should not be written to the agent." ::= { prptrSecurityMACEntry 4 } prptrSecurityMACPortMap OBJECT-TYPE SYNTAX INTEGER (1..8192) ACCESS read-write STATUS mandatory DESCRIPTION "This object identifies the ports with which this MAC entry is associated. This object is a bit map where setting a given bit indicates that this MAC entry is associated with the port corresponding to that bit. The LSB of the bitmap corresponds to port 1. BIT- 12 11 ..... n-1 ........ 1 0 ---------------------------------------------- Port | 13 | 12 | | n | | 2 | 1 | | | | | | | | | ---------------------------------------------- | | | ----> 0 - MAC entry is NOT associated with port n. 1 - MAC entry is associated with port n. " ::= { prptrSecurityMACEntry 5 } ---------------------------------------------------------------------- -- The operational repeater security MAC Table ---------------------------------------------------------------------- rptrSecurityMACTable OBJECT-TYPE SYNTAX SEQUENCE OF RptrSecurityMACEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table of descriptive and status information about the security shared CAM table as presented in the security hardware. This table should reflect the values of the permanent table. Maximum number of entries in this table is 32." ::= { rptrSecurityMACInfo 2 } rptrSecurityMACEntry OBJECT-TYPE SYNTAX RptrSecurityMACEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the table, containing information about a single MAC entry." INDEX { rptrSecurityMACGroupIndex , rptrSecurityMACEntryIndex } ::= { rptrSecurityMACTable 1 } RptrSecurityMACEntry ::= SEQUENCE { rptrSecurityMACGroupIndex INTEGER , rptrSecurityMACEntryIndex INTEGER , rptrSecurityMACPhysicalAddress PhysAddress, rptrSecurityMACState INTEGER , rptrSecurityMACPortMap INTEGER } rptrSecurityMACGroupIndex OBJECT-TYPE SYNTAX INTEGER (1..1024) ACCESS read-only STATUS mandatory DESCRIPTION "This object uniquely identifies the group for which this entry contains information. The group index is directly related to the repeater ID within the said system." ::= { rptrSecurityMACEntry 1 } rptrSecurityMACEntryIndex OBJECT-TYPE SYNTAX INTEGER (1..32) ACCESS read-only STATUS mandatory DESCRIPTION "This object identifies the entry containing the information." ::= { rptrSecurityMACEntry 2 } rptrSecurityMACPhysicalAddress OBJECT-TYPE SYNTAX PhysAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object holds the Ethernet physical address associated with this MAC entry." ::= { rptrSecurityMACEntry 3 } rptrSecurityMACState OBJECT-TYPE SYNTAX INTEGER { other(1), valid(2), not-valid(3) } ACCESS read-only STATUS mandatory DESCRIPTION "This object defines whether this MAC entry is valid or not. The value other(1) should be returned whenever the value of this object is unknown." ::= { rptrSecurityMACEntry 4 } rptrSecurityMACPortMap OBJECT-TYPE SYNTAX INTEGER (1..8192) ACCESS read-only STATUS mandatory DESCRIPTION "This object identifies the ports with which this MAC entry is associated. This object is a bit map where setting a given bit indicates that this MAC entry is associated with the port corresponding to that bit. The LSB of the bitmap corresponds to port 1. BIT- 12 11 ..... n-1 ........ 1 0 ---------------------------------------------- Port | 13 | 12 | | n | | 2 | 1 | | | | | | | | | ---------------------------------------------- | | | ----> 0 - MAC entry is NOT associated with port n. 1 - MAC entry is associated with port n. " ::= { rptrSecurityMACEntry 5 } ---------------------------------------------------------------------- -- Security Traps -- -- Traps are defined using the conventions in RFC 1215 [8]. ---------------------------------------------------------------------- rptrSecuritySAMismatch TRAP-TYPE ENTERPRISE mibseth-rptrs VARIABLES { rptrSecurityPortGroupIndex , rptrSecurityPortIndex , rptrSecurityPortSAMismatches , rptrSecurityPortLastSAMismatch } DESCRIPTION "The rptrSecuritySAMismatch trap is sent to the network manager station whenever the repeater detects a source address mismatch on one of the ports for which security is enabled." ::= 15 END