-- *****************************************************************
-- TN-IP-SOURCE-GUARD-MIB
--
-- Copyright (c) 2012, Transition Networks Inc.
-- All rights reserved.
-- *****************************************************************
--
TN-IP-SOURCE-GUARD-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    NOTIFICATION-TYPE,
    Integer32   FROM SNMPv2-SMI
    NOTIFICATION-GROUP  FROM SNMPv2-CONF
    TEXTUAL-CONVENTION, TimeStamp,
    RowStatus, TruthValue, MacAddress FROM SNMPv2-TC
    InetAddressType, InetAddress, InetAddressPrefixLength FROM INET-ADDRESS-MIB
    entPhysicalIndex  FROM ENTITY-MIB
    tnProducts FROM TRANSITION-SMI
    ifIndex, InterfaceIndex FROM IF-MIB;

tnIPSourceGuardMIB MODULE-IDENTITY
        LAST-UPDATED "201209100000Z"
    ORGANIZATION "Transition Networks, Inc."
    CONTACT-INFO
        "Transition Networks
        Technical Support

        10900 Red Circle Drive
        Minnetonka, MN 55343 USA
        Tel: +1-800-526-9267

            E-mail: techsupport@transition.com"
    DESCRIPTION
        "The mib module for IP Source Guard.
         IP Source Guard is a secure feature used to restrict IP traffic
         on DHCP snooping untrusted ports by filtering traffic based on
         the DHCP Snooping Table or manually configured IP Source Bindings.
         It helps prevent IP spoofing attacks when a host tries to spoof
         and use the IP address of another host. "

        REVISION "201209260000Z"
        DESCRIPTION
        "Initial Revision of this module"

    ::= { tnProducts 31 }

tnIPSourceGuardMIBObjects
        OBJECT IDENTIFIER ::= { tnIPSourceGuardMIB 1 }

tnIPSourceGuardMIBNotifications
        OBJECT IDENTIFIER ::= { tnIPSourceGuardMIB 2 }

--
-- Textual Conventions
--


--
-- MIB variables
--

tnIPSourceGuardMgmt
    OBJECT IDENTIFIER ::= { tnIPSourceGuardMIBObjects 1 }


--
-- tnIPSourceGuardTable
--

tnIPSourceGuardTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF TnIPSourceGuardEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table is for user to configure the global settings of
        IP Source Guard."
    ::= { tnIPSourceGuardMgmt 1 }

tnIPSourceGuardEntry OBJECT-TYPE
    SYNTAX        TnIPSourceGuardEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each entry represents a global configuration of IP Source Guard."
    INDEX { entPhysicalIndex  }
    ::= { tnIPSourceGuardTable 1 }

TnIPSourceGuardEntry ::= SEQUENCE {
    tnIPSourceGuardGlobalMode             TruthValue,
    tnIPSourceGuardDynamicToStatic        TruthValue
    }

tnIPSourceGuardGlobalMode OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Set true(1) to enable or false(2) to disable the global IP Source
        Guard function.
        Only when both Global Mode and Port Mode on a given port are enabled,
        IP Source Guard is enabled on this given port."
    DEFVAL { false }
    ::= { tnIPSourceGuardEntry 1 }

tnIPSourceGuardDynamicToStatic OBJECT-TYPE
    SYNTAX TruthValue
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "Set true(1) to translate all dynamic entries to static entries.
        It will be always returned the default value false(2) when queried."
    DEFVAL { false }
    ::= { tnIPSourceGuardEntry 2 }



--
-- tnIPSourceGuardIfTable
--

tnIPSourceGuardIfTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF TnIPSourceGuardIfEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table lets user to configure the IP Source Guard for each port."
    ::= { tnIPSourceGuardMgmt 2 }

tnIPSourceGuardIfEntry OBJECT-TYPE
    SYNTAX        TnIPSourceGuardIfEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each entry represents a IP Source Guard setting on a port."
    INDEX { ifIndex }
    ::= { tnIPSourceGuardIfTable 1 }

TnIPSourceGuardIfEntry ::= SEQUENCE {
    tnIPSourceGuardIfMode                 TruthValue,
    tnIPSourceGuardIfMaxDynamicClients    INTEGER
    }

tnIPSourceGuardIfMode OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Set true(1) to enable or false(2) to disable the IP Source Guard
        function on the given port.
        Only when both Global Mode and Port Mode on a given port are enabled,
        IP Source Guard is enabled on this given port. "
    DEFVAL { false }
    ::= { tnIPSourceGuardIfEntry 1 }

tnIPSourceGuardIfMaxDynamicClients OBJECT-TYPE
    SYNTAX     INTEGER
        {
            zero      (0),    -- only allow the IP packets forwarding that are
                              -- matched in static entries on the specific port.
            one       (1),    -- only one dynamic client that can be learned
                              -- on the given port.
            two       (2),    -- only two dynamic clients that can be learned
                              -- on the given port.
            unlimited (65535) -- no limitation for dynamic clients that can be
                              -- learned on the given port.
        }
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
        "Specify the maximum number of dynamic clients that can be learned
        on given port.
        This value can be 0, 1, 2 or unlimited.
        If the port mode is enabled and the value of max dynamic client is
        equal to 0, it means only allow the IP packets forwarding that are
        matched in static entries on the specific port."
    DEFVAL { unlimited }
    ::= { tnIPSourceGuardIfEntry 2 }



--
-- tnIPSourceGuardStaticTable
--

tnIPSourceGuardStaticTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF TnIPSourceGuardStaticEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table lets user to configure the static entries for IP Source Guard."
    ::= { tnIPSourceGuardMgmt 3 }

tnIPSourceGuardStaticEntry OBJECT-TYPE
    SYNTAX        TnIPSourceGuardStaticEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each entry represents a static entry of IP Source Guard."
    INDEX { tnIPSourceGuardStaticPort,
            tnIPSourceGuardStaticVlanID,
            tnIPSourceGuardStaticAddrType,
            tnIPSourceGuardStaticAddr,
            tnIPSourceGuardStaticMask }
    ::= { tnIPSourceGuardStaticTable 1 }

TnIPSourceGuardStaticEntry ::= SEQUENCE {
    tnIPSourceGuardStaticPort         InterfaceIndex,
    tnIPSourceGuardStaticVlanID       INTEGER,
    tnIPSourceGuardStaticAddrType     InetAddressType,
    tnIPSourceGuardStaticAddr         InetAddress,
    tnIPSourceGuardStaticMask         InetAddressPrefixLength,
    tnIPSourceGuardStaticMacAddress   MacAddress,
    tnIPSourceGuardStaticRowStatus    RowStatus
    }

tnIPSourceGuardStaticPort OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The port number for the settings."
    ::= { tnIPSourceGuardStaticEntry 1 }

tnIPSourceGuardStaticVlanID OBJECT-TYPE
    SYNTAX      INTEGER (1..4094)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The vlan id for the settings."
    ::= { tnIPSourceGuardStaticEntry 2 }

tnIPSourceGuardStaticAddrType OBJECT-TYPE
    SYNTAX     InetAddressType
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Address type of Source IP.
        For a detailed description of this type, please refer to INET-ADDRESS-MIB."
    ::= { tnIPSourceGuardStaticEntry 3 }

tnIPSourceGuardStaticAddr OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Address of Source IP.
        For a detailed description of this type, please refer to INET-ADDRESS-MIB."
    ::= { tnIPSourceGuardStaticEntry 4 }


tnIPSourceGuardStaticMask OBJECT-TYPE
    SYNTAX     InetAddressPrefixLength
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Mask of Source IP.
        For a detailed description of this type, please refer to INET-ADDRESS-MIB."
    ::= { tnIPSourceGuardStaticEntry 5 }

tnIPSourceGuardStaticMacAddress OBJECT-TYPE
    SYNTAX     MacAddress
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "Mac Address of Source IP."
    ::= { tnIPSourceGuardStaticEntry 6 }

tnIPSourceGuardStaticRowStatus OBJECT-TYPE
    SYNTAX     RowStatus
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
        "Row status of static IP Source Guard."
    ::= { tnIPSourceGuardStaticEntry 7}



--
-- tnIPSourceGuardDynamicTable
--

tnIPSourceGuardDynamicTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF TnIPSourceGuardDynamicEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "This table lets user to configure the dynamic entries for IP Source Guard."
    ::= { tnIPSourceGuardMgmt 4 }

tnIPSourceGuardDynamicEntry OBJECT-TYPE
    SYNTAX        TnIPSourceGuardDynamicEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Each entry represents a dynamic entry of IP Source Guard."
    INDEX { tnIPSourceGuardDynamicPort,
            tnIPSourceGuardDynamicVlanID,
            tnIPSourceGuardDynamicAddrType,
            tnIPSourceGuardDynamicAddr,
            tnIPSourceGuardDynamicMask }
    ::= { tnIPSourceGuardDynamicTable 1 }

TnIPSourceGuardDynamicEntry ::= SEQUENCE {
    tnIPSourceGuardDynamicPort         InterfaceIndex,
    tnIPSourceGuardDynamicVlanID       INTEGER,
    tnIPSourceGuardDynamicAddrType     InetAddressType,
    tnIPSourceGuardDynamicAddr         InetAddress,
    tnIPSourceGuardDynamicMask         InetAddressPrefixLength,
    tnIPSourceGuardDynamicMacAddress   MacAddress
    }

tnIPSourceGuardDynamicPort OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The port number for the settings."
    ::= { tnIPSourceGuardDynamicEntry 1 }

tnIPSourceGuardDynamicVlanID OBJECT-TYPE
    SYNTAX      INTEGER (1..4094)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The vlan id for the settings. "
    ::= { tnIPSourceGuardDynamicEntry 2 }

tnIPSourceGuardDynamicAddrType OBJECT-TYPE
    SYNTAX     InetAddressType
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Address type of Source IP.
        For a detailed description of this type, please refer to INET-ADDRESS-MIB."
    ::= { tnIPSourceGuardDynamicEntry 3 }

tnIPSourceGuardDynamicAddr OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Address of Source IP.
        For a detailed description of this type, please refer to INET-ADDRESS-MIB."
    ::= { tnIPSourceGuardDynamicEntry 4 }

tnIPSourceGuardDynamicMask OBJECT-TYPE
    SYNTAX     InetAddressPrefixLength
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "Mask of Source IP.
        For a detailed description of this type, please refer to INET-ADDRESS-MIB."
    ::= { tnIPSourceGuardDynamicEntry 5 }

tnIPSourceGuardDynamicMacAddress OBJECT-TYPE
    SYNTAX     MacAddress
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
        "Mac Address of Source IP."
    ::= { tnIPSourceGuardDynamicEntry 6 }
--
-- Notifications
--

END
