CT-FASTPATH-DYNAMIC-ARP-INSPECTION-MIB DEFINITIONS ::= BEGIN

-- LVL7 FASTPATH DHCP Server MIB
-- Copyright LVL7 Systems (2002-2008) All rights reserved.

-- This SNMP Management Information Specification
-- embodies LVL7 System's confidential and proprietary
-- intellectual property.  LVL7 Systems retains all title
-- and ownership in the Specification including any revisions.

-- This Specification is supplied "AS IS", LVL7 Systems
-- makes no warranty, either expressed or implied,
-- as to the use, operation, condition, or performance of the
-- Specification.

--  This module provides authoritative definitions for Cabletron's
--  CT-FASTPATH-DYNAMIC-ARP-INSPECTION-MIB.
--
--  This module will be extended, as needed.
--
--  Enterasys Networks reserves the right to make changes in
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Enterasys Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Enterasys Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Enterasys
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Enterasys grants vendors, end-users, and other interested parties
--  a non-exclusive license to use this Specification in connection
--  with the management of Enterasys and Cabletron products.
--
--  Copyright July 2008 Enterasys Networks, Inc.


IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress,
    Integer32, Unsigned32, TimeTicks, Counter32
                     FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, RowStatus, RowPointer, MacAddress,
    StorageType, TruthValue, DisplayString, PhysAddress
                     FROM SNMPv2-TC
    VlanIndex
                     FROM Q-BRIDGE-MIB
    ifIndex
                     FROM IF-MIB
    ctDynamicArpInspectionExpMib                  
                     FROM CTRON-MIB-NAMES;

ctFastPathDynamicArpInspectionMIB MODULE-IDENTITY
    LAST-UPDATED "200807231519Z"  -- Wed Jul 23 15:19 UTC 2008
    ORGANIZATION "Enterasys Networks, Inc."
    CONTACT-INFO
        "Postal:  Enterasys Networks
                  50 Minuteman Rd.
                  Andover, MA 01810-1008
                  USA
         Phone:   +1 978 684 1000
         E-mail:  support@enterasys.com
         WWW:     http://www.enterasys.com"
      DESCRIPTION
          "The Enterasys MIB for FASTPATH Dynamic ARP INspection"
      ::= { ctDynamicArpInspectionExpMib 1 }


--**************************************************************************************
--    ctAgentDaiConfigGroup  ->contains MIB Objects for configuring Dynamic ARP Inpection
--**************************************************************************************
--************ The Dynamic ARP Inspection Global Config Table ********

    ctAgentDaiConfigGroup  OBJECT IDENTIFIER ::={ ctFastPathDynamicArpInspectionMIB 1}
    
    ctAgentDaiSrcMacValidate OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "This object indicates whether Sender MAC validation in the ARP
             packets is enabled.
    
             If this object is set to 'true', validation
             is enabled.
    
             If this object is set to 'false', validation
             is disabled."
        DEFVAL      { false }
        ::= { ctAgentDaiConfigGroup 1 }
    
    ctAgentDaiDstMacValidate OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "This object indicates whether Target MAC validation in the ARP
             Response packets is enabled.
    
             If this object is set to 'true', validation
             is enabled.
    
             If this object is set to 'false', validation
             is disabled."
        DEFVAL      { false }
        ::= { ctAgentDaiConfigGroup 2 }
    
    ctAgentDaiIPValidate OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "This object indicates whether IP address validation in the ARP
             packets is enabled.
    
             If this object is set to 'true', validation
             is enabled.
    
             If this object is set to 'false', validation
             is disabled."
        DEFVAL      { false }
        ::= { ctAgentDaiConfigGroup 3 }
    
    
--************ The Dynamic ARP Inspection VLAN Config Table ********
    
    ctAgentDaiVlanConfigTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF CtAgentDaiVlanConfigEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "A table provides the mechanism to control Dynamic ARP
            Inspection per VLAN. When a VLAN is created in a device
            supporting this table, a corresponding entry of this table
            will be added."
        ::= { ctAgentDaiConfigGroup 4 }
    
    ctAgentDaiVlanConfigEntry OBJECT-TYPE
        SYNTAX       CtAgentDaiVlanConfigEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "A row instance contains the configuration for Dynamic 
             ARP Inspection at each existing VLAN."
        INDEX { ctAgentDaiVlanIndex }
        ::= { ctAgentDaiVlanConfigTable 1 }
    
    CtAgentDaiVlanConfigEntry ::= SEQUENCE {
        ctAgentDaiVlanIndex                  VlanIndex,
        ctAgentDaiVlanDynArpInspEnable       TruthValue,
        ctAgentDaiVlanLoggingEnable          TruthValue,
        ctAgentDaiVlanArpAclName             DisplayString,
        ctAgentDaiVlanArpAclStaticFlag       TruthValue
    }
    
    ctAgentDaiVlanIndex OBJECT-TYPE
         SYNTAX      VlanIndex
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                "This object indicates the VLAN number on which Dynamic ARP
                 Inspection feature is configured."
         ::= { ctAgentDaiVlanConfigEntry 1 }

    ctAgentDaiVlanDynArpInspEnable OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "This object indicates whether Dynamic ARP Inspection is
             enabled in this VLAN.
    
             If this object is set to 'true', Dynamic ARP Inspection
             is enabled.
    
             If this object is set to 'false', Dynamic ARP Inspection
             is disabled."
        DEFVAL      { false }
        ::= { ctAgentDaiVlanConfigEntry 2 }
    
    ctAgentDaiVlanLoggingEnable  OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION
            "This object indicates whether the Dynamic ARP Inspection
            logging is enabled on this VlAN.
            If this object is set to 'true', Dynamic ARP Inspection
            logging is enabled.
            If this object is set to 'false', Dynamic ARP Inspection
            loging is disabled."
        DEFVAL      { true }
        ::= { ctAgentDaiVlanConfigEntry 3 }
    
    ctAgentDaiVlanArpAclName OBJECT-TYPE
        SYNTAX        DisplayString (SIZE(0..31))
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION
            "This object indicates the ARP ACL name set for this VLAN."
        ::= { ctAgentDaiVlanConfigEntry 4 }

    ctAgentDaiVlanArpAclStaticFlag OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION
            "This object indicates whether the ARP ACL set for this
            VLAN has static flag set.
            If this object is set to 'true', static flag is enabled.
            If this object is set to 'false', static flag is disabled."
        DEFVAL      { false }
        ::= { ctAgentDaiVlanConfigEntry 5 }

--************ The Dynamic ARP Inspection Vlan Statistics Table ********
    
    ctAagentDaiStatsReset OBJECT-TYPE
        SYNTAX       INTEGER {
                     none(0),
                     reset(1)
                     }
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
             "Clear the DAI statistics on all vlans. A value of reset(1)
              is used to reset the statistics. A read on this object will
              always return the value none(0). The value none(0) cannot
              be forcibly set by the administrator."
        ::= { ctAgentDaiConfigGroup 5 }
    
    ctAgentDaiVlanStatsTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF CtAgentDaiVlanStatsEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "A table provides the mechanism to control Dynamic ARP
            Inspection per VLAN. When a VLAN is created in a device
            supporting this table, a corresponding entry of this table
            will be added."
        ::= { ctAgentDaiConfigGroup 6 }
    
    ctAgentDaiVlanStatsEntry OBJECT-TYPE
        SYNTAX       CtAgentDaiVlanStatsEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "A row instance contains the Dynamic ARP Inspection
             statistics per VLAN."
        INDEX { ctAgentDaiVlanStatsIndex }
        ::= { ctAgentDaiVlanStatsTable 1 }
    
    CtAgentDaiVlanStatsEntry ::= SEQUENCE {
        ctAgentDaiVlanStatsIndex          VlanIndex,
        ctAgentDaiVlanPktsForwarded       Counter32,
        ctAgentDaiVlanPktsDropped         Counter32,
        ctAgentDaiVlanDhcpDrops           Counter32,
        ctAgentDaiVlanDhcpPermits         Counter32,
        ctAgentDaiVlanAclDrops            Counter32,
        ctAgentDaiVlanAclPermits          Counter32,
        ctAgentDaiVlanSrcMacFailures      Counter32,
        ctAgentDaiVlanDstMacFailures      Counter32,
        ctAgentDaiVlanIpValidFailures     Counter32
    }

    ctAgentDaiVlanStatsIndex OBJECT-TYPE
        SYNTAX      VlanIndex
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION
            "This object indicates the VLAN number on which Dynamic ARP
            Inspection statistics are retrieved."
        ::= { ctAgentDaiVlanStatsEntry 1 }

    ctAgentDaiVlanPktsForwarded OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Number of valid ARP packets forwarded by DAI."
        ::= { ctAgentDaiVlanStatsEntry 2 }
    
    ctAgentDaiVlanPktsDropped OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Number of invalid ARP packets dropped by DAI."
        ::= { ctAgentDaiVlanStatsEntry 3 }
    
    ctAgentDaiVlanDhcpDrops OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Number of ARP packets that were dropped by DAI as
             there is no matching DHCP Snooping binding entry found."
        ::= { ctAgentDaiVlanStatsEntry 4 }
    
    ctAgentDaiVlanDhcpPermits OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Number of ARP packets that were forwarded by DAI as
             there is a matching DHCP Snooping binding entry found."
        ::= { ctAgentDaiVlanStatsEntry 5 }
    
    ctAgentDaiVlanAclDrops OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Number of ARP packets that were dropped by DAI as
             there is no matching ARP ACL rule found for this Vlan and
             the static flag is set on this vlan."
        ::= { ctAgentDaiVlanStatsEntry 6 }
    
    ctAgentDaiVlanAclPermits OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Number of ARP packets that were permitted by DAI as
             there is a matching ARP ACL rule found for this Vlan."
        ::= { ctAgentDaiVlanStatsEntry 7 }
    
    ctAgentDaiVlanSrcMacFailures OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Number of ARP packets that were dropped by DAI as the
             sender mac address in ARP packet didn't match the source
             mac in ethernet header."
        ::= { ctAgentDaiVlanStatsEntry 8 }
    
    ctAgentDaiVlanDstMacFailures OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Number of ARP packets that were dropped by DAI as the
             target mac address in ARP reply packet didn't match the
             destination mac in ethernet header."
        ::= { ctAgentDaiVlanStatsEntry 9 }
    
    ctAgentDaiVlanIpValidFailures OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "Number of ARP packets that were dropped by DAI as the
             sender IP address in ARP packet or target IP address in
             ARP reply packet is invalid. Invalid addresses include
             0.0.0.0, 255.255.255.255, IP multicast addresses,
             class E addresses (240.0.0.0/4), loopback addresses (127.0.0.0/8)."
        ::= { ctAgentDaiVlanStatsEntry 10 }
    
--************ The Dynamic ARP Inspection Interface Config Table ********
    
    ctAgentDaiIfConfigTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF CtAgentDaiIfConfigEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "A table provides the mechanism to configure the trust
            state for Dynamic ARP Inspection purpose at each physical
            interface capable of this feature."
        ::= { ctAgentDaiConfigGroup 7 }
    
    ctAgentDaiIfConfigEntry OBJECT-TYPE
        SYNTAX       CtAgentDaiIfConfigEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "A row instance contains the configuration for 
             Dynamic ARP Inspection at each physical 
             interface capable of this feature."
        INDEX { ifIndex }
        ::= { ctAgentDaiIfConfigTable 1 }
    
    CtAgentDaiIfConfigEntry ::= SEQUENCE {
        ctAgentDaiIfTrustEnable       TruthValue,
        ctAgentDaiIfRateLimit         Unsigned32,
        ctAgentDaiIfBurstInterval     Unsigned32
    }
    
    ctAgentDaiIfTrustEnable OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "This object indicates whether the interface is trusted for
            Dynamic ARP Inspection purpose.
    
            If this object is set to 'true', the interface is trusted.
            ARP packets coming to this interface will be forwarded
            without checking.
    
            If this object is set to 'false', the interface is not
            trusted. ARP packets coming to this interface will be
            subjected to ARP inspection."
        DEFVAL      { false }
        ::= { ctAgentDaiIfConfigEntry 1 }
    
    ctAgentDaiIfRateLimit OBJECT-TYPE
        SYNTAX      Unsigned32 (0..300)
        UNITS       "packets per second"
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "This object indicates rate limit value for Dynamic ARP
             Inspection purpose. If the incoming rate of ARP packets
             exceeds the value of this object for consecutively
             burst interval seconds, ARP packets will be
             dropped. "
        DEFVAL      { 15 }
        ::= { ctAgentDaiIfConfigEntry 2 }
    
    ctAgentDaiIfBurstInterval OBJECT-TYPE
        SYNTAX      Unsigned32 (1..15)
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION
            "This object indicates the burst interval value
             for rate limiting purpose on this interface."
        DEFVAL      { 1 }
        ::= { ctAgentDaiIfConfigEntry 3 }
    
    
END
