-- *****************************************************************
-- CISCO-DYNAMIC-ARP-INSPECTION-MIB
--
-- October 2003, Edward Pham
--
-- Copyright (c) 2003 by cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************CISCO-DYNAMIC-ARP-INSPECTION-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,Unsigned32,OBJECT-TYPEFROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUPFROM SNMPv2-CONF
TruthValueFROM SNMPv2-TC
ifIndex
FROM IF-MIB
VlanIndexFROM Q-BRIDGE-MIB
ciscoMgmt
FROM CISCO-SMI;
ciscoDynamicArpInspectionMIB MODULE-IDENTITYLAST-UPDATED"200310291500Z"ORGANIZATION"Cisco Systems, Inc."CONTACT-INFO" Cisco Systems
Customer Service
Postal: 170 W Tasman Drive
San Jose, CA 95134
USA
Tel: +1 800 553-NETS
E-mail: cs-lan-switch-snmp@cisco.com"DESCRIPTION"The MIB module is for configuration of Dynamic ARP Inspection
feature. Dynamic ARP Inspection is a security mechanism which
validate ARP packets seen on access ports."REVISION"200310291500Z"DESCRIPTION"Initial revision of this MIB module."::={ ciscoMgmt 374}cdaiMIBNotifs
OBJECTIDENTIFIER::={ ciscoDynamicArpInspectionMIB 0}cdaiMIBObjects
OBJECTIDENTIFIER::={ ciscoDynamicArpInspectionMIB 1}cdaiMIBConformance
OBJECTIDENTIFIER::={ ciscoDynamicArpInspectionMIB 2}cdaiGlobal
OBJECTIDENTIFIER::={ cdaiMIBObjects 1}cdaiVlan
OBJECTIDENTIFIER::={ cdaiMIBObjects 2}cdaiInterface
OBJECTIDENTIFIER::={ cdaiMIBObjects 3}
--
-- The Global group
--cdaiLoggingEnable OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object indicates whether the Dynamic ARP Inspection
logging is enabled on the device.
If this object is set to 'true', Dynamic ARP Inspection
logging is enabled.
If this object is set to 'false', Dynamic ARP Inspection
loging is disabled."::={ cdaiGlobal 1}--
-- The Dynamic ARP Inspection VLAN Config Table
--cdaiVlanConfigTable OBJECT-TYPESYNTAXSEQUENCEOF CdaiVlanConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A table provides the mechanism to control Dynamic ARP
Inspection per VLAN. When a VLAN is created in a device
supporting this table, a corresponding entry of this table
will be added."::={ cdaiVlan 1}cdaiVlanConfigEntry OBJECT-TYPESYNTAX CdaiVlanConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A row instance contains the configuration to enable
or disable Dynamic ARP Inspection at each existing VLAN."INDEX{ cdaiVlanIndex }::={ cdaiVlanConfigTable 1}
CdaiVlanConfigEntry ::=SEQUENCE{
cdaiVlanIndex VlanIndex,
cdaiVlanDynArpInspEnable TruthValue}cdaiVlanIndex OBJECT-TYPESYNTAXVlanIndexMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This object indicates the VLAN number on which Dynamic ARP
Inspection feature is configured."::={ cdaiVlanConfigEntry 1}cdaiVlanDynArpInspEnable OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object indicates whether Dynamic ARP Inspection is
enabled in this VLAN.
If this object is set to 'true', Dynamic ARP Inspection
is enabled.
If this object is set to 'false', Dynamic ARP Inspection
is disabled."::={ cdaiVlanConfigEntry 2}--
-- The Dynamic ARP Inspection Interface Config Table
--cdaiIfConfigTable OBJECT-TYPESYNTAXSEQUENCEOF CdaiIfConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A table provides the mechanism to configure the trust
state for Dynamic ARP Inspection purpose at each physical
interface capable of this feature. Some of the interfaces
(but not limited to) for which this feature might be
applicable are: ifType = ethernetCsmacd(6)."::={ cdaiInterface 1}cdaiIfConfigEntry OBJECT-TYPESYNTAX CdaiIfConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A row instance contains the configuration to enable or
disable trust state for Dynamic ARP Inspection at each
physical interface capable of this feature."INDEX{ ifIndex }::={ cdaiIfConfigTable 1}
CdaiIfConfigEntry ::=SEQUENCE{
cdaiIfTrustEnable TruthValue}cdaiIfTrustEnable OBJECT-TYPESYNTAXTruthValueMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object indicates whether the interface is trusted for
Dynamic ARP Inspection purpose.
If this object is set to 'true', the interface is trusted.
ARP packets coming to this interface will be forwarded
without checking.
If this object is set to 'false', the interface is not
trusted. ARP packets coming to this interface will be
subjected to ARP inspection."::={ cdaiIfConfigEntry 1}--
-- The Dynamic ARP Inspection Rate Limit Interface Config Table
--cdaiIfRateLimitTable OBJECT-TYPESYNTAXSEQUENCEOF CdaiIfRateLimitEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION
"A table provides the mechanism to configure the rate limit
for Dynamic ARP Inspection purpose at each physical interface
capable of this feature."::={ cdaiInterface 2}cdaiIfRateLimitEntry OBJECT-TYPESYNTAX CdaiIfRateLimitEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A row instance contains the configuration of rate limit
Dynamic ARP Inspection at each physical interface capable
of this feature."INDEX{ ifIndex }::={ cdaiIfRateLimitTable 1}
CdaiIfRateLimitEntry ::=SEQUENCE{
cdaiIfRateLimit Unsigned32}cdaiIfRateLimit OBJECT-TYPESYNTAXUnsigned32UNITS"packet per second"MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"This object indicates rate limit value for Dynamic ARP
Inspection purpose. If the incoming rate of ARP packets
exceeds the value of this object, ARP packets will be
dropped. "::={ cdaiIfRateLimitEntry 1}-- ConformancecdaiMIBCompliances
OBJECTIDENTIFIER::={ cdaiMIBConformance 1}cdaiMIBGroups
OBJECTIDENTIFIER::={ cdaiMIBConformance 2}
cdaiMIBCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for CISCO-DYNAMIC-ARP-INSPECTION-MIB"MODULEMANDATORY-GROUPS{
cdaiVlanConfigGroup,
cdaiIfConfigGroup
}GROUP cdaiGlobalLoggingGroup
DESCRIPTION"This group is mandatory only for the platform which supports
enabling Dynamic ARP Inspection logging at the device level."GROUP cdaiIfRateLimitGroup
DESCRIPTION"This group is mandatory only for the platform which supports
Dynamic ARP Inspection rate limit per interface."::={ cdaiMIBCompliances 1}-- Units of Conformance-- cdaiGlobalGroupcdaiGlobalLoggingGroup OBJECT-GROUPOBJECTS{
cdaiLoggingEnable
}STATUScurrentDESCRIPTION"A collection of object which is used to configure Dynamic
ARP Inspection logging."::={ cdaiMIBGroups 1}cdaiVlanConfigGroup OBJECT-GROUPOBJECTS{
cdaiVlanDynArpInspEnable
}STATUScurrentDESCRIPTION"A collection of object which are used to configure as
well as show information regarding the Dynamic ARP
Inspection feature per VLAN."::={ cdaiMIBGroups 2}
cdaiIfConfigGroup OBJECT-GROUPOBJECTS{
cdaiIfTrustEnable
}STATUScurrentDESCRIPTION"A collection of object which are used to configure as
well as show information regarding the interface trust
state for Dynamic ARP Inspection purpose."::={ cdaiMIBGroups 3}cdaiIfRateLimitGroup OBJECT-GROUPOBJECTS{
cdaiIfRateLimit
}STATUScurrentDESCRIPTION"A collection of object which are used to configure as
well as show information regarding the rate limit per
interface for Dynamic ARP Inspection purpose."::={ cdaiMIBGroups 4}END