ESWITCH-MIB-V3-0 DEFINITIONS ::= BEGIN -- -- -- -- Definitions of Managed Objects for -- Digital Equipment Corporation's -- Switch -- Family of Products -- -- -- Author: K. Arvind -- Version: 3.0 -- Date: April, 1997 -- -- 1. ABSTRACT -- -- This memo defines a portion of the Management Information Base (MIB) -- for use with network management protocols in TCP/IP-based internets -- In particular, it defines objects for managing Digital Equipment -- Corporation's Switch family of products. -- -- -- 2. NOTICE -- -- This Digital Equipment Corporation SNMP Management Information Base -- Specification embodies Digital Equipment Corporation's confidential and -- proprietary intellectual property. Digital Equipment Corporation -- retains all title and ownership in the Specification, including any -- revisions. -- -- It is Digital Equipment Corporation's intent to encourage the widespread -- use of this Specification in connection with the management of Digital -- Equipment Corporation products. -- -- Digital Equipment Corporation grants vendors, end-users, and other -- interested parties a non-exclusive license to use this Specification in -- connection with the management of Digital Equipment Corporation -- products. -- -- Digital Equipment Corporation reserves the right to make changes in this -- specification and other information contained in this document without -- prior notice. -- -- Digital Equipment Corporation makes no warranty, either expressed or -- implied, as to the use, operation, condition, or performance of the -- Specification. In no event shall Digital Equipment Corporation be -- liable for any incidental, indirect, special, or consequential damages -- whatsoever (including but not limited to loss of profits) arising out of -- or related to this document or the information contained in it. -- -- -- 3. THE NETWORK MANAGEMENT FRAMEWORK -- -- The Internet-standard Network Management Framework consists of three -- components. They are: -- -- STD 16/RFC 1155 which defines the SMI, the mechanisms used for -- describing and naming objects for the purpose of management. STD -- 16/RFC 1212 defines a more concise description mechanism, -- which is wholly consistent with the SMI. -- -- RFC 1156 which defines MIB-I, the core set of managed objects -- for the Internet suite of protocols. STD 17/RFC 1213 defines -- MIB-II, an evolution of MIB-I based on implementation experience -- and new operational requirements. -- -- STD 15/RFC 1157 which defines the SNMP, the protocol used for -- network access to managed objects. -- -- The Framework permits new objects to be defined for the purpose of -- experimentation and evaluation. -- -- 4. OBJECTS -- -- Managed objects are accessed via a virtual information store, termed -- the Management Information Base or MIB. Objects in the MIB are -- defined using the subset of Abstract Syntax Notation One (ASN.1) -- defined in the SMI. In particular, each object has a name, a syntax, -- and an encoding. The name is an object identifier, an -- administratively assigned name, which specifies an object type. The -- object type together with an object instance serves to uniquely -- identify a specific instantiation of the object. For human -- convenience, we often use a textual string, termed the OBJECT -- DESCRIPTOR, to also refer to the object type. -- -- The syntax of an object type defines the abstract data structure -- corresponding to that object type. The ASN.1 language is used for -- this purpose. However, the SMI purposely restricts the ASN.1 -- constructs which may be used. These restrictions are explicitly made -- for simplicity. -- -- The encoding of an object type is simply how that object type is -- represented using the object type's syntax. Implicitly tied to the -- notion of an object type's syntax and encoding is how the object type -- is represented when being transmitted on the network. -- -- The SMI specifies the use of the basic encoding rules of ASN.1 -- subject to the additional requirements imposed by the SNMP. -- -- 4.1 FORMAT OF DEFINITIONS -- -- Section 4 contains contains the specification of all object types -- contained in this MIB module. The object types are defined using the -- conventions defined in the SMI, as amended by the extensions -- specified in STD 16/RFC 1212. -- -- 5. RELATIONSHIP TO OTHER MIBS -- -- This document defines objects that may be used to manage Digital's -- Switch family of products. The objects defined in this MIB are -- located under the private.enterprises subtree as shown below: -- -- iso(1).org(3).dod(6).internet(1) -- | -- private(4) -- | -- enterprises(1) -- | -- dec(36) -- | -- ema(2) -- | -- decMIBextension(18) -- | -- decHub900(11) -- | -- .___________._______________.___________// ...etc... -- | | | -- | . ._____________. -- mgmtAgent(1) . | eSwitch(7) | -- | . |_____________| -- | | | -- ..etc.. ..etc.. ..etc.. -- -- -- -- 6. OBJECT SYNOPSIS -- -- All objects within this MIB are prefixed with the OBJECT IDENTIFIER "p", -- where "p" is: -- -- iso(1).org(3).dod(6).internet(1).private(4).enterprises(1). -- dec(36).ema(2).decMIBextension(18).decHub900(11).eSwitch(7) -- -- or, 1.3.6.1.4.1.36.2.18.11.7. -- -- -- Object Name Object Id Non-vol -- ================================== ================ ======= -- -- eSwitch p -- eSwitchIf p.1 -- eSwitchIfTable p.1.1 -- eSwitchIfTableEntry p.1.1.1 -- eSwitchIfIndex p.1.1.1.1 -- eSwitchIfPresent p.1.1.1.2 -- eSwitchPort p.2 -- eSwitchPortTable p.2.1 -- eSwitchPortEntry p.2.1.1 -- eSwitchPortIndex p.2.1.1.1.n -- eSwitchPortFailed p.2.1.1.2.n -- eSwitchPortStatus p.2.1.1.3.n -- eSwitchPortShutDownReason p.2.1.1.4.n Y -- eSwitchPortSwitchingMode p.2.1.1.5.n Y -- eSwitchFdb p.3 -- eSwitchAddrFdb p.3.1 -- eSwitchAddrFdbMaxEntries p.3.1.1.0 -- eSwitchAddrFdbMaxStaticEntries p.3.1.2.0 -- eSwitchAddrFdbMaxNVStaticEntries p.3.1.3.0 -- eSwitchAddrFdbDynamicEntries p.3.1.4.0 -- eSwitchAddrFdbStaticEntries p.3.1.5.0 -- eSwitchAddrFdbNVStaticEntries p.3.1.6.0 -- eSwitchAddrFdbPurgeStaticEntries p.3.1.7.0 -- eSwitchStorm p.4 -- eSwitchFrameTypeRegulated p.4.1.0 Y -- eSwitchStormPollingInterval p.4.2.0 Y -- eSwitchStormRateLimit p.4.3.0 Y -- eSwitchStormControlAction p.4.4.0 Y -- eSwitchStormResumptionPolicy p.4.5.0 Y -- eSwitchStormAutoInterval p.4.6.0 -- eSwitchStormFramesLost p.4.7.0 -- eSwitchStormActionsInitiated p.4.8.0 -- eSwitchStormPortTable p.4.9 -- eSwitchStormPortEntry p.4.9.1 -- eSwitchStormPortIndex p.4.9.1.1.n -- eSwitchStormPortControlStatus p.4.9.1.2.n -- eSwitchStormPortFramesLost p.4.9.1.3.n -- eSwitchStormPortActionsInitiated p.4.9.1.4.n -- eSwitchSecurity p.5 -- eSwitchSecurityViolationsDetected p.5.1.0 -- eSwitchSecurityPortTable p.5.2 -- eSwitchSecurityPortEntry p.5.2.1 -- eSwitchSecurityPortIndex p.5.2.1.1.n -- eSwitchSecurityPortMode p.5.2.1.2.n Y -- eSwitchSecurityPortViolationsDetected p.5.2.1.3.n -- eSwitchSecurityPortViolationResponse p.5.2.1.4.n Y -- eSwitchSecurityPortMaxAuthAddr p.5.2.1.5.n -- eSwitchSecurityPortMaxAutoAuthAddr p.5.2.1.6.n Y -- eSwitchSecurityPortMaxCurrAuthAddr p.5.2.1.7.n -- eSwitchSecurityPortPurgeAuthAddr p.5.2.1.8.n -- eSwitchSecurityAuthTable p.5.3 -- eSwitchSecurityAuthEntry p.5.3.1 -- eSwitchSecurityAuthPort p.5.3.1.1.n Y -- eSwitchSecurityAuthAddress p.5.3.1.2.n Y -- eSwitchSecurityAuthStatus p.5.3.1.3.n Y -- eSwitchSecurityLog p.5.4 -- eSwitchSecurityLogMaxEntries p.5.4.1.0 -- eSwitchSecurityLogTable p.5.4.2 -- eSwitchSecurityLogEntry p.5.4.2.1 -- eSwitchSecurityLogIndex p.5.4.2.1.1.n Y -- eSwitchSecurityLogPort p.5.4.2.1.2.n Y -- eSwitchSecurityLogAddress p.5.4.2.1.3.n Y -- eSwitchSecurityLogResetNumber p.5.4.2.1.4.n Y -- eSwitchSecurityLogTime p.5.4.2.1.5.n Y -- -- 7. DEFINITIONS -- IMPORTS Counter, TimeTicks, enterprises FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212; -- Path to the decHub900 node dec OBJECT IDENTIFIER ::= { enterprises 36 } ema OBJECT IDENTIFIER ::= { dec 2 } decMIBextension OBJECT IDENTIFIER ::= { ema 18 } decHub900 OBJECT IDENTIFIER ::= { decMIBextension 11 } -- Extended Switch MIB definitions, authorized to be defined by this MIB only eSwitch OBJECT IDENTIFIER ::= { decHub900 7 } eSwitchIf OBJECT IDENTIFIER ::= { eSwitch 1 } -- Proprietary ifTable eSwitchIfTable OBJECT-TYPE SYNTAX SEQUENCE OF ESwitchIfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table that contains information about various characteristics associated with each interface on the switch." ::= { eSwitchIf 1 } eSwitchIfEntry OBJECT-TYPE SYNTAX ESwitchIfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list that contains the interface number and various characteristics associated with the interface." INDEX { eSwitchIfIndex } ::= { eSwitchIfTable 1 } ESwitchIfEntry ::= SEQUENCE { eSwitchIfIndex INTEGER, eSwitchIfPresent INTEGER } eSwitchIfIndex OBJECT-TYPE SYNTAX INTEGER (0..4294967295) ACCESS read-only STATUS mandatory DESCRIPTION "An index value that identifies the interface for which this entry defines various characteristics. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex." ::= { eSwitchIfEntry 1 } eSwitchIfPresent OBJECT-TYPE SYNTAX INTEGER { present(1), not-present(2) } ACCESS read-only STATUS mandatory DESCRIPTION "This object assumes the value present(1), if the corresponding interface is present; it assumes a value of not-present(2), otherwise. An interface may not be present, for instance, if it is modular and not installed." ::= { eSwitchIfEntry 2 } -- Objects involved in port configuration eSwitchPort OBJECT IDENTIFIER ::= { eSwitch 2 } eSwitchPortTable OBJECT-TYPE SYNTAX SEQUENCE OF ESwitchPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table that contains information about and that may be used to configure various characteristics associated with each port on the switch." ::= { eSwitchPort 1 } eSwitchPortEntry OBJECT-TYPE SYNTAX ESwitchPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list that contains the port number and various characteristics associated with the port." INDEX { eSwitchPortIndex } ::= { eSwitchPortTable 1 } ESwitchPortEntry ::= SEQUENCE { eSwitchPortIndex INTEGER, eSwitchPortFailed INTEGER, eSwitchPortStatus INTEGER, eSwitchPortShutDownReason INTEGER, eSwitchPortSwitchingMode INTEGER } eSwitchPortIndex OBJECT-TYPE SYNTAX INTEGER (0..4294967295) ACCESS read-only STATUS mandatory DESCRIPTION "The port number of the switch port for which this entry defines various characteristics." ::= { eSwitchPortEntry 1 } eSwitchPortFailed OBJECT-TYPE SYNTAX INTEGER { unknown(1), failed(2), not-failed(3) } ACCESS read-only STATUS mandatory DESCRIPTION "This object assumes the value failed(2), if the corresponding port is present, but has been determined to be faulty and has been declared failed; otherwise, the value not-failed(3) is returned, if the port is present. A value of unknown(1) is returned if the port is not present." ::= { eSwitchPortEntry 2 } eSwitchPortStatus OBJECT-TYPE SYNTAX INTEGER { undefined(1), -- unknown state connected(2), -- up and connected disconnected(3), -- up but no network connection shutdown(4), -- shut down by management isolated(5) -- isolated for storm control } ACCESS read-write STATUS mandatory DESCRIPTION "When read, this object returns the current status of this port. This object may also be used to shut down a port that is currently connected(2), disconnected(3), or isolated(5), by setting this object to the value shut-down(4). A port that has been shut down due to security violations, or by management, may be brought back up by setting this object to connected(2). Any other values for this object are rejected for a set operation. All traffic (including in-band management traffic addressed to the switch, if any) on a port that has been shut down is filtered, no counters are incremented, and no frames are transmitted or forwarded on such a port." ::= { eSwitchPortEntry 3 } eSwitchPortShutDownReason OBJECT-TYPE -- non-volatile SYNTAX INTEGER { none(1), -- not shut down other(2), -- not for any of the following mgmt(3), -- shut down by management security(4), -- shut down due to security viol. internal(5) -- Internal reasons } ACCESS read-only STATUS mandatory DESCRIPTION "The reason why this port is currently shut down. A value of none(1) is returned, if the port is not currently shutdown. A value of mgmt(3) is returned, if the port has been shut down due to a request from network management. A value of security(3) is returned if the port has been shut down due to a detected security violation. A value of internal(5) is returned, when the firmware determines that the port should be shut down at this time for proper operation of the device. For example, if the port has been configured to point to the hub or stack backplane, but has been shut down in order to wait for a backplane connection to be established by management, this value is returned." ::= { eSwitchPortEntry 4 } eSwitchPortSwitchingMode OBJECT-TYPE -- non-volatile SYNTAX INTEGER { standard(1), workgroup(2), backbone(3), manual(4) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the switching mode in which this port operates. The switching mode of a port determines whether or not it learns station location information from source addresses of packets received on the port; the switching mode also determines whether or not packets with unknown destination addresses received on other ports are flooded out this port. The following notation is used in the switching mode definitions that follow: LRN: station location information is learned from source addresses of packets received on port. !LRN: station location information is NOT learned from source addresses of packets received on port. FUD: packets with unknown destination addresses received on other ports are flooded out this port. !FUD: packets with unknown destination addresses received on other ports are NOT flooded out this port. A port may be configured to operate in one of the following switching modes: standard(1): LRN & FUD This is the mode in which all ports of a 802.1D-compliant standard switch operates. workgroup(2): LRN & !FUD This is the mode in which workgroup side ports of a workgroup switch operates. backbone(3): !LRN & FUD This is the mode in which the backbone port of a workgroup switch operates. manual(4): !LRN & !FUD In this mode, forwarding out this port is fully determined by management-specified filters. When learning is disabled on a port (i.e., mode is changed to backbone(3) or manual(4)), whether addresses previously learned on the port are purged immediately or allowed to age out naturally is implementation dependent. Note that all ports may be configured to operate in the manual(4) switching mode with a single operation, viz. by enabling(2) the manual mode switch defined by the following object: eSwitchAddrFdbManualMode." ::= { eSwitchPortEntry 5 } -- Switch filtering database objects eSwitchFdb OBJECT IDENTIFIER ::= { eSwitch 3 } eSwitchAddrFdb OBJECT IDENTIFIER ::= { eSwitchFdb 1 } eSwitchAddrFdbMaxEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The maximum number of address entries that can be accommodated in the filtering database of the switch. This number includes learned entries, static entries (entries in the RFC 1493 dot1dStaticTable), and entries that may be used by the switch for other purposes (e.g., security)." ::= { eSwitchAddrFdb 1 } eSwitchAddrFdbMaxStaticEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The maximum number of static address entries that may be installed by management in the filtering database of the switch. This number is identical to the maximum number of entries supported in the dot1dStaticTable (RFC 1493)." ::= { eSwitchAddrFdb 2 } eSwitchAddrFdbMaxNVStaticEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The maximum number of static address entries in the filtering database of the switch, that can be accommodated in non-volatile memory. Entries stored in non-volatile memory will be restored after a power cycle. This number is identical to the maximum number of entries that may have a status of 'permanent' in the dot1dStaticTable (RFC1493)." ::= { eSwitchAddrFdb 3 } eSwitchAddrFdbDynamicEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The current number of dynamic address entries (i.e., entries that were learnt) in the filtering database of the switch." ::= { eSwitchAddrFdb 4 } eSwitchAddrFdbStaticEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The current number of static entries in the filtering database of the switch. This number is identical to the current number of entries in the dot1dStaticTable (RFC 1493)." ::= { eSwitchAddrFdb 5 } eSwitchAddrFdbNVStaticEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The number of static address entries in the filtering database of the switch, that are currently stored in non-volatile memory. Entries stored in non-volatile memory will be restored after a power cycle. This number is identical to the current number of entries in the dot1dStaticTable (RFC 1493) that have a status of 'permanent'." ::= { eSwitchAddrFdb 6 } eSwitchAddrFdbPurgeStaticEntries OBJECT-TYPE SYNTAX INTEGER { purge(1) } ACCESS read-write STATUS mandatory DESCRIPTION "This object when set to purge(1) causes all static address entries in the filtering database to be deleted both from volatile and non-volatile memory. The 'purge' action deletes only those entries in the address filtering database that are also in the dot1dStaticTable (RFC 1493)." ::= { eSwitchAddrFdb 7 } -- Objects involved in storm control eSwitchStorm OBJECT IDENTIFIER ::= { eSwitch 4 } eSwitchStormFrameTypeRegulated OBJECT-TYPE -- Non-volatile SYNTAX INTEGER { none(1), broadcast(2), multicast(3), broadcastAndMulticast(4) } ACCESS read-write STATUS mandatory DESCRIPTION "Specifies what types of frames with group destination addresses are currently being regulated. Only the specified class of traffic is considered in detecting the presence of storms, and only this class of traffic is regulated when a storm is detected. The value none(1) specifies that storm control is disabled. The value broadcast(2) specifies that only broadcast storms are regulated. The value multicast(3) specifies that only multicast storms are regulated. The value broadcastAndMulticast specifies that storms involving a mixture of broadcast and multicast traffic are regulated." ::= { eSwitchStorm 1 } eSwitchStormPollingInterval OBJECT-TYPE -- Non-volatile SYNTAX INTEGER (10..360000) ACCESS read-write STATUS mandatory DESCRIPTION "The length of the interval in 10 millisecond units between successive instants when the storm control process examines the broadcast/multicast received frame counters to detect the presence or end of a storm. " ::= { eSwitchStorm 2 } eSwitchStormRateLimit OBJECT-TYPE -- Non-volatile SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The maximum number of regulated group address frames (broadcast, multicast, or a mixture of both - see eSwitchStormFrameTypeRegulated) that may be received on a port during a polling interval before the storm control process decides that storm conditions exist on the port. This object may not be set to a value below 1 packet per polling interval." ::= { eSwitchStorm 3 } eSwitchStormControlAction OBJECT-TYPE -- Non-volatile SYNTAX INTEGER { frame-suppression(1), port-isolation(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The action that the storm control process should take when storm conditions are detected on a port. Frame suppression consists of suspending the forwarding of regulated frames (broadcast, multicast, or both, depending on the value of the MIB object eSwitchStormFrameTypeRegulated) received on the port on which the storm is detected. Port isolation consists of disabling an offending port in a manner that will cause all frames received on that port to be discarded, while allowing receive packet counters to be maintained. " ::= { eSwitchStorm 4 } eSwitchStormResumptionPolicy OBJECT-TYPE -- Non-volatile SYNTAX INTEGER { continue-control(1), auto-interval(2), rate-limit(3), responsive-rate-limit(4) } ACCESS read-write STATUS mandatory DESCRIPTION "The policy used by the storm control process to resume normal operation, once storm control action has been initiated. If continue-control(1) is specified, the storm control action continues to be in effect, until the user modifies one of the following storm control parameters: eSwitchStormFrameTypeRegulated, eSwitchStormControlAction, eSwitchStormResumptionPolicy. If auto-interval(2) is specified, normal operation is automatically resumed on the offending port after a time interval specified by the MIB object eSwitchStormAutoInterval. If rate-limit(3) is specified, the storm control action continues for the next p polling intervals, where p is the number of polling intervals that the control has to remain in effect in order to ensure that the long term average of the regulated traffic is less than the user specified rate limit. For example, if the user-specified rate limit is 500 packets/polling interval, and 5000 multicast packets were received during the last polling interval, the storm control action continues to be in effect for the next 9 polling intervals. This ensures that no more than 5000 multicast packets are forwarded out of the offending port in 10 polling intervals. Thus the long term multicast traffic average is maintained at 500 packets/polling interval. The responsive-rate-limit(4) resumption policy is identical to the rate-limit(3) policy, except for the following difference. Once storm control action has been initiated, if the switch determines that the storm has subsided (for example, less than 500 packets were received during the last polling interval), normal operation is immediately resumed, instead of waiting for 'p' polling intervals to complete." ::= { eSwitchStorm 5 } eSwitchStormAutoInterval OBJECT-TYPE -- Non-volatile SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This parameter is used when the eSwitchStormResumptionPolicy specified is auto -interval(2). Normal operation is automatically resumed on the offending port after a length of time (in seconds) specified by this object. The minimum value allowed for this object is 1 second." ::= { eSwitchStorm 6 } eSwitchStormFramesLost OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of regulated frames (broadcast, multicast or both, depending on the value of the object: eSwitchStormFrameTypeRegulated) received on any port that were dropped by the switch as a result of storm control action." ::= { eSwitchStorm 7 } eSwitchStormActionsInitiated OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of times that storm control action was initiated on any port on the switch." ::= { eSwitchStorm 8 } -- The Storm Per-Port Status Table eSwitchStormPortTable OBJECT-TYPE SYNTAX SEQUENCE OF ESwitchStormPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table that contains storm status information for every port on the switch." ::= { eSwitchStorm 9 } eSwitchStormPortEntry OBJECT-TYPE SYNTAX ESwitchStormPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of storm control related information items for every port on the switch." INDEX { eSwitchStormPortIndex } ::= { eSwitchStormPortTable 1 } ESwitchStormPortEntry ::= SEQUENCE { eSwitchStormPortIndex INTEGER, eSwitchStormPortControlStatus INTEGER, eSwitchStormPortFramesLost Counter, eSwitchStormPortActionsInitiated Counter } eSwitchStormPortIndex OBJECT-TYPE SYNTAX INTEGER (0..4294967295) ACCESS read-only STATUS mandatory DESCRIPTION "The port number of the switch port for which this entry contains storm control related information." ::= { eSwitchStormPortEntry 1 } eSwitchStormPortControlStatus OBJECT-TYPE SYNTAX INTEGER { inactive(1), active(2) } ACCESS read-only STATUS mandatory DESCRIPTION "The current status of storm control on the port. The value inactive(1) indicates that no storm control action is currently in effect on the port. The value active(2) indicates that some storm control action is in effect on the port." ::= { eSwitchStormPortEntry 2 } eSwitchStormPortFramesLost OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of regulated frames (broadcast, multicast or both, depending on the value of the object: eSwitchStormFrameTypeRegulated) received on this port that were dropped by the switch as a result of storm control action." ::= { eSwitchStormPortEntry 3 } eSwitchStormPortActionsInitiated OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of times that storm control action was initiated on this port on the switch." ::= { eSwitchStormPortEntry 4 } -- Objects involved in security configuration eSwitchSecurity OBJECT IDENTIFIER ::= { eSwitch 5 } eSwitchSecurityViolationsDetected OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The total number of security violations detected on all the ports on this switch, since the switch was last reset. Depending on the implementation, a switch may not be able to count every security violation. This number therefore represents only a lower limit on the actual number of security violations that occured." ::= { eSwitchSecurity 1 } -- The port secure mode table: defines the current mode of security -- in use on each port. eSwitchSecurityPortTable OBJECT-TYPE SYNTAX SEQUENCE OF ESwitchSecurityPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table that contains information about the type of secure mode currently in effect on each port of the switch." ::= { eSwitchSecurity 2 } eSwitchSecurityPortEntry OBJECT-TYPE SYNTAX ESwitchSecurityPortEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list that contains the port number and the type of security mode currently in effect on the port for a switch port." INDEX { eSwitchSecurityPortIndex } ::= { eSwitchSecurityPortTable 1 } ESwitchSecurityPortEntry ::= SEQUENCE { eSwitchSecurityPortIndex INTEGER, eSwitchSecurityPortMode INTEGER, eSwitchSecurityPortViolationsDetected INTEGER, eSwitchSecurityPortViolationResponse INTEGER, eSwitchSecurityPortMaxAuthAddr INTEGER, eSwitchSecurityPortMaxAutoAuthAddr INTEGER, eSwitchSecurityPortCurrAuthAddr INTEGER, eSwitchSecurityPortPurgeAuthAddr INTEGER } eSwitchSecurityPortIndex OBJECT-TYPE SYNTAX INTEGER (0..4294967295) ACCESS read-only STATUS mandatory DESCRIPTION "The port number of the switch port for which this entry defines the type of secure mode." ::= { eSwitchSecurityPortEntry 1 } eSwitchSecurityPortMode OBJECT-TYPE SYNTAX INTEGER { none(1), manual-authorize(2), auto-authorize(3) } ACCESS read-write -- non-volatile STATUS mandatory DESCRIPTION "The type of security currently in effect on the switch port. A value of none(1) indicates that the port is not currently in the secure mode of operation. A value of manual-authorize(2) indicates that any packet, whose source addresse does not match one of the addresses authorized on the port by management via the eSwitchSecurityPortAuthTable, is discarded upon receipt. A value of auto-authorize(3) indicates that upto a maximum of N addresses will be added by the switch to the eSwitchSecurityPortAuthTable automatically, when a packet with a source address corresponding to one of these addresses is seen on the port. 'N' is a user-settable value that may be configured through the following object: eSwitchSecurityPortMaxAutoAuthAddr Further, any packet with a source address that does not match one of the addresses in the eSwitchSecurityAuthTable is discared upon receipt. Depending on the implementation, a station may have to send 1 or more frames before its address gets 'auto-authorized' on the port. The policy used to select stations for authorization (e.g., FCFS, random, etc.) is left to individual implementations. The N authorized addresses may be read by management from the following object: eSwitchSecurityPortAuthorizedAddressTable. All authorized addresses on the port are purged whenever the value of this object is modified." ::= { eSwitchSecurityPortEntry 2 } eSwitchSecurityPortViolationsDetected OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The number of security violations detected on this port, since the port entered its current mode of security. Depending on the implementation, a switch may not be able to count every security violation. This number therefore represents only a lower limit on the actual number of security violations that occured." ::= { eSwitchSecurityPortEntry 3 } eSwitchSecurityPortViolationResponse OBJECT-TYPE SYNTAX INTEGER { filter(1), filter-and-log(2), shutdown-and-log(3) } ACCESS read-write -- non-volatile STATUS mandatory DESCRIPTION "The policy for dealing with security violations on this switch port. A security violation is deemed to have occured, when a frame with an unauthorized source address is received on a port. A value of filter(1) indicates that frame with source addresses that are not authorized on the port will be silently filtered. If this object is set to the filter-and-log(2), frames with unauthorized source addresses will be filtered, and the security violation logged in the following table: eSwitchSecurityLogTable. If this object is set to the value shutdown-and-log(3), the port is entirely shut down when a frame with an unauthorized source address is received on the port. The port remains shut down until management brings up the port by setting the following MIB object to the value connected(1): eSwitchPortStatus." ::= { eSwitchSecurityPortEntry 4 } eSwitchSecurityPortMaxAuthAddr OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The maximum number of addresses that may be authorized on this port, when the port is in the manual-authorize(2) secure mode. When the port is in the auto-authorize(3) secure mode, the maximum number of addresses that may be authorized on this port is the smaller of the values of this and the following object: eSwitchSecurityPortMaxAutoAuthAddr." ::= { eSwitchSecurityPortEntry 5 } eSwitchSecurityPortMaxAutoAuthAddr OBJECT-TYPE SYNTAX INTEGER ACCESS read-write -- non-volatile STATUS mandatory DESCRIPTION "The maximum number of addresses that may be authorized on this port, when the port is in the auto-authorize(3) secure mode. The value of this object may not exceed the value of the following object: eSwitchSecurityPortMaxAuthAddr If the port is currently in the auto-authorize secure mode, any addresses already authorized on this port are purged whenever the value of this object is decreased from its current value." ::= { eSwitchSecurityPortEntry 6 } eSwitchSecurityPortCurrAuthAddr OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The number of addresses currently authorized on this port. If the current type of secure mode on this port as given by the corresponding instance of eSwitchSecurityPortType is none(1), this has a value of 0; otherwise this object may have any INTEGER value smaller than the value of the following object: eSwitchSecurityPortMaxAuthAddr." ::= { eSwitchSecurityPortEntry 7 } eSwitchSecurityPortPurgeAuthAddr OBJECT-TYPE SYNTAX INTEGER { trigger(1) } ACCESS read-write STATUS mandatory DESCRIPTION "This object when set to the value trigger(1) causes all the currently authorized addresses on the port to be purged." ::= { eSwitchSecurityPortEntry 8 } -- The port allowed address table: defines the set of authorized -- addresses eSwitchSecurityAuthTable OBJECT-TYPE SYNTAX SEQUENCE OF ESwitchSecurityAuthEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table that lists the set of addresses that are authorized on a port for each port of the switch." ::= { eSwitchSecurity 3 } eSwitchSecurityAuthEntry OBJECT-TYPE SYNTAX ESwitchSecurityAuthEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An address authorization entry that consists of a port and an address authorized on the port." INDEX { eSwitchSecurityAuthPort, eSwitchSecurityAuthAddress } ::= { eSwitchSecurityAuthTable 1 } ESwitchSecurityAuthEntry ::= SEQUENCE { eSwitchSecurityAuthPort INTEGER, eSwitchSecurityAuthAddress OCTET STRING, eSwitchSecurityAuthStatus INTEGER } eSwitchSecurityAuthPort OBJECT-TYPE SYNTAX INTEGER (0..4294967295) ACCESS read-write -- non-volatile STATUS mandatory DESCRIPTION "The port number of the switch port for which this entry defines an authorized address." ::= { eSwitchSecurityAuthEntry 1 } eSwitchSecurityAuthAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE(6)) ACCESS read-write -- non-volatile STATUS mandatory DESCRIPTION "The address that this entry authorizes on the port specified by the corresponding instance of the object eSwitchSecurityAuthPort." ::= { eSwitchSecurityAuthEntry 2 } eSwitchSecurityAuthStatus OBJECT-TYPE SYNTAX INTEGER { invalid(1), active(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object when set to the value invalid(1) deletes the corresponding authorized address entry, i.e., the address is no longer authorized on the port associated with the entry. When read, this object returns active(2) for any entry that is currently in the authorized address table. It is upto individual implementations to allow or disallow the same address from being authorized on more than one port at the same time." ::= { eSwitchSecurityAuthEntry 3 } -- The security log group: maintains a log of recent security -- violations eSwitchSecurityLog OBJECT IDENTIFIER ::= { eSwitchSecurity 4 } eSwitchSecurityLogMaxEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The maximum number of security violation entries that will be retained in the security log table: eSwitchSecurityLogTable. If more security violations than this number occur, then later entries will overwrite earlier entries, the earliest recorded entries being replaced first." ::= { eSwitchSecurityLog 1 } eSwitchSecurityLogTable OBJECT-TYPE SYNTAX SEQUENCE OF ESwitchSecurityLogEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A table that contains a log of security violations indexed by violating address and violated port." ::= { eSwitchSecurityLog 2 } eSwitchSecurityLogEntry OBJECT-TYPE SYNTAX ESwitchSecurityLogEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A security log entry that consists of a violating address, the port on which this address was seen, and the sysUpTime at the time the violation was detected." INDEX { eSwitchSecurityLogIndex } ::= { eSwitchSecurityLogTable 1 } ESwitchSecurityLogEntry ::= SEQUENCE { eSwitchSecurityLogIndex INTEGER, eSwitchSecurityLogPort INTEGER, eSwitchSecurityLogAddress OCTET STRING, eSwitchSecurityLogResetNumber INTEGER, eSwitchSecurityLogTime TimeTicks } eSwitchSecurityLogIndex OBJECT-TYPE SYNTAX INTEGER (0..4294967295) ACCESS read-only STATUS mandatory DESCRIPTION "The index corresponding to this log entry. The earliest recorded entry has the smallest value. This object ranges in value from 1 to the value of the following object: eSwitchSecurityLogMaxEntries." ::= { eSwitchSecurityLogEntry 1 } eSwitchSecurityLogPort OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The port number of the switch port on which this violation occured." ::= { eSwitchSecurityLogEntry 2 } eSwitchSecurityLogAddress OBJECT-TYPE SYNTAX OCTET STRING (SIZE(6)) ACCESS read-only STATUS mandatory DESCRIPTION "The violating address that caused this entry to be logged." ::= { eSwitchSecurityLogEntry 3 } eSwitchSecurityLogResetNumber OBJECT-TYPE SYNTAX INTEGER (1..4294967295) ACCESS read-only STATUS mandatory DESCRIPTION "The value of pcomErrLogResetNumber at the time this entry was logged." ::= { eSwitchSecurityLogEntry 4 } eSwitchSecurityLogTime OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "The time in 10 millisecond clock ticks since the switch was last reset, at which the violation recorded by this entry occured." ::= { eSwitchSecurityLogEntry 5 } END