SECURITY-MIB
File:
SECURITY-MIB.mib (10771 bytes)
Imported modules
Imported symbols
Defined Types
SecurePortEntry |
|
SEQUENCE |
|
|
|
|
secureSlotIndex |
INTEGER |
|
|
securePortIndex |
INTEGER |
|
|
securePortMode |
INTEGER |
|
|
secureNeedToKnowMode |
INTEGER |
|
|
secureIntrusionAction |
INTEGER |
|
|
secureNumberAddresses |
INTEGER |
|
|
secureNumberAddressesStored |
INTEGER |
|
|
secureMaximumAddresses |
INTEGER |
|
SecureAddressEntry |
|
SEQUENCE |
|
|
|
|
secureAddrSlotIndex |
INTEGER |
|
|
secureAddrPortIndex |
INTEGER |
|
|
secureAddrMAC |
OCTET STRING |
|
|
secureAddrRowStatus |
INTEGER |
|
Defined Values
a3Com |
2.4.1.43 |
OBJECT IDENTIFIER |
|
|
|
generic |
2.4.1.43.10 |
OBJECT IDENTIFIER |
|
|
|
securePortTable |
2.4.1.43.10.22.1 |
This table defines the security status of each secure port.
Each port can have a number of authorised MAC addresses, and these are stored in
the secureAddressTable. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
SecurePortEntry |
|
securePortEntry |
2.4.1.43.10.22.1.1 |
There is a row in this table for each secure port, and
allows repeater ports to be configured for security on a per port basis. It is
indexed using the objects secureSlotIndex and securePortIndex. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SecurePortEntry |
|
|
secureSlotIndex |
2.4.1.43.10.22.1.1.1 |
The slot or unit number of the secure port. This is the
first index into the securePortTable. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..1024 |
|
securePortIndex |
2.4.1.43.10.22.1.1.2 |
The port number of the secure port. This is the second index
into the securePortTable. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..1024 |
|
securePortMode |
2.4.1.43.10.22.1.1.3 |
Determines the learning and security modes of the port. See
secureNeedToKnowMode and secureIntrusionAction to configure Need To Know and Intrusion Action
on each port.
(When in a learning mode, secureNumberAddresses determines the maximum number of
addresses that can be learned on the port. This is set by the user.)
noRestrictions(1) All learning and security are disabled.
continuousLearning(2) Addresses are learned continually. If more addresses are
learned than are permitted on the port, then one of the older entries will
be aged out. Need To Know and Intrusion Action depends
on secureNeedToKnowMode and secureIntrusionAction respectively.
autoLearn(3) All addresses for this port are deleted, and then addresses are
learned up to the number permitted. securePortMode is then set
to secure. Need To Know and Intrusion Action depends
on secureNeedToKnowMode and secureIntrusionAction respectively.
secure(4) Learning is disabled. Need To Know and Intrusion Action depends
on secureNeedToKnowMode and secureIntrusionAction respectively.
The secureAddressLearned trap is sent whenever a station has been learned.
The secureViolation trap is sent whenever a packet is received from an unauthorised station.
|
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
noRestrictions(1), continuousLearning(2), autoLearn(3), secure(4) |
|
secureNeedToKnowMode |
2.4.1.43.10.22.1.1.4 |
Attribute to determine which frames are to be forwarded to
this port intact.
1 - Need To Know is not available.
2 - All frames.
3 - Frames addressed to the authorised devices only.
4 - Frames addressed to the authorised devices, plus all broadcast frames.
5 - Frames addressed to the authorised devices, plus all broadcast and multicast frames.
6 - As 3 and cannot be changed.
7 - As 4 and cannot be changed.
8 - As 5 and cannot be changed.
If this object returns 1,6,7 or 8, it means that the Need To Know configuration
cannot be changed, and any attempt to write to this object will cause an error. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
notAvailable(1), disabled(2), needToKnowOnly(3), needToKnowWithBroadcastsAllowed(4), needToKnowWithMulticastsAllowed(5), permanentNeedToKnowOnly(6), permanentNeedToKnowWithBroadcastsAllowed(7), permanentNeedToKnowWithMulticastsAllowed(8) |
|
secureIntrusionAction |
2.4.1.43.10.22.1.1.5 |
Attribute to determine the action if an unauthorised device tranmsits
on this port. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
notAvailable(1), noAction(2), disablePort(3) |
|
secureNumberAddresses |
2.4.1.43.10.22.1.1.6 |
The maximum number of addresses that the port can learn or store.
Reducing this number may cause some addresses to be deleted. This value is set by the user
and cannot be automatically changed by the agent.
The following relationship must allows be preserved.
secureNumberAddressesStored <= secureNumberAddresses <= secureMaximumAddresses
|
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
|
|
secureNumberAddressesStored |
2.4.1.43.10.22.1.1.7 |
The number of addresses that are currently in the AddressTable for this port. If this
object has the same value as secureNumberAddresses, then no more addresses can be
authorised on this port.
The following relationship must allows be preserved.
secureNumberAddressesStored <= secureNumberAddresses <= secureMaximumAddresses
|
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
|
|
secureMaximumAddresses |
2.4.1.43.10.22.1.1.8 |
This indicates the maximum value that secureNumberAddresses
can be set to. It is dependent on the resources available so may change, eg. if resources are
shared between ports, then this value can both increase and decrease. This object must be
read before setting secureNumberAddresses.
The following relationship must allows be preserved.
secureNumberAddressesStored <= secureNumberAddresses <= secureMaximumAddresses
|
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
|
|
secureAddressTable |
2.4.1.43.10.22.2 |
This table which stores the MAC addresses assigned to each
port. Addresses will normally defined as authorised, and describe the devices
which are permitted to transmit and receive on the corresponding port. This
table can be written to by the agent as well as the management station. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
SecureAddressEntry |
|
secureAddressEntry |
2.4.1.43.10.22.2.1 |
This table allows multiple addresses to be assigned to each
secure port. It is indexed using the objects secureAddrSlotIndex,
secureAddrPortIndex and secureAddrMACAddress. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SecureAddressEntry |
|
|
secureAddrSlotIndex |
2.4.1.43.10.22.2.1.1 |
The slot or unit number of the secure port. This is the
first index into the secureAddressTable. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..1024 |
|
secureAddrPortIndex |
2.4.1.43.10.22.2.1.2 |
The port number of the secure port. This is the second
index into the secureAddressTable. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..1024 |
|
secureAddrMAC |
2.4.1.43.10.22.2.1.3 |
The MAC address of a station assigned to this port. This is
the third index into the secureAddressTable. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(6) |
|
secureAddrRowStatus |
2.4.1.43.10.22.2.1.4 |
This manages the creation and deletion or rows, and shows
the current status of the indexed MAC address. This object has the following
values.
1 - The indexed MAC address is authorised on this port.
2 - The indexed MAC address is not authorised on this port.
3 - Not applicable. (This value indicates an incomplete row.)
4 - Assign a new MAC address to the port and authorise immediately.
5 - Assign a new MAC address to the port, but do not authorise until active(1) is written to this object.
6 - Delete this entry.
When creating a new entry, index a new row and use createAndGo(4) or createAndWait(5). Some hardware will not
allow the address to be unauthorised, and will automatically switch the row to active(1). When reading this object,
only active(1) and notInService(2) will be returned.
Only the values active(1) and destroy(6) will be allowed for an existing row, or createAndGo(4) and
createAndWait(5) for a new row. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) |
|
secureAddressLearned |
71 |
This trap is sent when a new station has been learned. The slot and port on which the address was
received are in the first and second index of secureAddrRowStatus, and the MAC address of the learned station is in the third index. |
TRAP-TYPE |
|
|
|
secureViolation |
72 |
This trap is sent whenever a security violation has occured. The slot and port on which the
violation occured are in the first and second index of secureAddrRowStatus, and the MAC address of the offending
station is in the third index. mrmPortAdminStatus indicates if the port has been disabled because of the violation.
The implementation may not send violation traps from the same port at intervals of less than 5 seconds |
TRAP-TYPE |
|
|
|