ELTEX-MES-ISS-IP6-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE
                FROM SNMPv2-SMI
        OBJECT-GROUP
                FROM SNMPv2-CONF
        RowStatus, TEXTUAL-CONVENTION, TruthValue, MacAddress
                FROM SNMPv2-TC
        ifIndex
                FROM IF-MIB
        InetAddressIPv6
                FROM INET-ADDRESS-MIB
        eltMesIss
                FROM ELTEX-MES-ISS-MIB;

eltMesIssL2IpSnp6MIB MODULE-IDENTITY
        LAST-UPDATED "202102110000Z"
        ORGANIZATION "Eltex Enterprise, Ltd."
        CONTACT-INFO
                "eltex-co.ru"
        DESCRIPTION
                "L2IPv6 Snooping MIB definitions."
        REVISION "202102110000Z"
        DESCRIPTION "Initial revision."
    ::= { eltMesIss 25 }

-- Top level MIB structure

eltMesIssL2Ip6SnpNotifications          OBJECT IDENTIFIER ::= { eltMesIssL2IpSnp6MIB 0 }
eltMesIssL2Ip6SnpObjects                OBJECT IDENTIFIER ::= { eltMesIssL2IpSnp6MIB 1 }
eltMesIssL2Ip6SnpConformance            OBJECT IDENTIFIER ::= { eltMesIssL2IpSnp6MIB 2 }

-- MIB Groups

eltMesIssL2Ip6NDInsp                    OBJECT IDENTIFIER ::= { eltMesIssL2Ip6SnpObjects 1 }

-- L2 IPv6 ND Inspection Groups

eltMesIssL2Ip6NDInspGlobals             OBJECT IDENTIFIER ::= { eltMesIssL2Ip6NDInsp 1 }
eltMesIssL2Ip6NDInspPortConfig          OBJECT IDENTIFIER ::= { eltMesIssL2Ip6NDInsp 2 }
eltMesIssL2Ip6NDInspPolicyConfig        OBJECT IDENTIFIER ::= { eltMesIssL2Ip6NDInsp 3 }

-- Low level Mib structure

-- --------------------------------------------------------------------------
-- L2 IPv6 ND Inspection Global Configuration
-- --------------------------------------------------------------------------

eltMesIssL2Ip6NDInspStatus OBJECT-TYPE
    SYNTAX      INTEGER {
                    disabled (1),
                    enabled (2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This variable changes global IPv6 ND Inspection status."
    DEFVAL { disabled }
    ::={ eltMesIssL2Ip6NDInspGlobals 1 }

-- --------------------------------------------------------------------------
-- L2 IPv6 ND Inspection Port Configuration
-- --------------------------------------------------------------------------

eltMesIssL2Ip6NDInspPortTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssL2Ip6NDInspPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The table to configure IPv6 ND Inspection on ports."
    ::= { eltMesIssL2Ip6NDInspPortConfig 1 }

eltMesIssL2Ip6NDInspPortEntry OBJECT-TYPE
    SYNTAX      EltMesIssL2Ip6NDInspPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Defines the contents of each line in the eltMesIssL2Ip6NDInspectionPortTable table."
    INDEX   { ifIndex }
    ::= { eltMesIssL2Ip6NDInspPortTable 1 }

EltMesIssL2Ip6NDInspPortEntry ::=
    SEQUENCE {
        eltMesIssL2Ip6NDInspPortStatus        INTEGER,
        eltMesIssL2Ip6NDInspPortPolicyId      INTEGER,
        eltMesIssL2Ip6NDInspPortTrustState    INTEGER,
        eltMesIssL2Ip6NDInspPortRowStatus     RowStatus
}

eltMesIssL2Ip6NDInspPortStatus OBJECT-TYPE
    SYNTAX      INTEGER {
                    disable(1),
                    enable(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object is used to enable/disable the ND Inspection feature on the port."
    DEFVAL { disable }
    ::= { eltMesIssL2Ip6NDInspPortEntry 1 }

eltMesIssL2Ip6NDInspPortPolicyId OBJECT-TYPE
    SYNTAX      INTEGER(0..65535)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object configures policy id on the interface.
         A value of 0 indicates that no policy is applied on the interface."
    DEFVAL { 0 }
    ::= { eltMesIssL2Ip6NDInspPortEntry 2 }

eltMesIssL2Ip6NDInspPortTrustState OBJECT-TYPE
    SYNTAX      INTEGER {
                    untrusted(1),
                    trusted(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object changes port trust state for L2IPv6 ND Inspection.
         On untrusted(1) port Neighbor Advertisement packets will be dropped."
    DEFVAL { untrusted }
    ::= { eltMesIssL2Ip6NDInspPortEntry 3 }

eltMesIssL2Ip6NDInspPortRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object changes port status for L2IPv6 ND Inspection."
    ::= { eltMesIssL2Ip6NDInspPortEntry 4 }

-- --------------------------------------------------------------------------
-- L2 IPv6 ND Inspection Policy Configuration
-- --------------------------------------------------------------------------

eltMesIssL2Ip6NDInspPolicyTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssL2Ip6NDInspPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table contains policy match criteria to validate the legitimate NA messages."
    ::= { eltMesIssL2Ip6NDInspPolicyConfig 1 }

eltMesIssL2Ip6NDInspPolicyEntry OBJECT-TYPE
    SYNTAX      EltMesIssL2Ip6NDInspPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each entry contains the policy details."
    INDEX { eltMesIssL2Ip6NDInspPolicyId }
    ::= { eltMesIssL2Ip6NDInspPolicyTable 1 }

EltMesIssL2Ip6NDInspPolicyEntry ::= SEQUENCE {
    eltMesIssL2Ip6NDInspPolicyId          INTEGER,
    eltMesIssL2Ip6NDInspSrcAddrAclId      INTEGER,
    eltMesIssL2Ip6NDInspRbit              INTEGER,
    eltMesIssL2Ip6NDInspSbit              INTEGER,
    eltMesIssL2Ip6NDInspObit              INTEGER,
    eltMesIssL2Ip6NDInspTgtAddrAclId      INTEGER,
    eltMesIssL2Ip6NDInspTgtMacAclId       INTEGER,
    eltMesIssL2Ip6NDInspPolicyRowStatus   RowStatus
}

eltMesIssL2Ip6NDInspPolicyId OBJECT-TYPE
    SYNTAX      INTEGER(1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object is used as the first index in the eltMesIssL2Ip6NDInspectionPolicyTable.
         It indicates the ND Inspection Policy id."
::= { eltMesIssL2Ip6NDInspPolicyEntry 1 }

eltMesIssL2Ip6NDInspSrcAddrAclId OBJECT-TYPE
    SYNTAX      INTEGER(0..65535)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object configures the source IPv6 ACL id used to validate the
         source IPv6 address carried by NA message.
         Value 0 indicates that no source IPv6 ACL is associated to the policy entry."
    DEFVAL { 0 }
    ::= { eltMesIssL2Ip6NDInspPolicyEntry 2 }

eltMesIssL2Ip6NDInspRbit OBJECT-TYPE
    SYNTAX      INTEGER {
                    none(1),
                    disabled(2),
                    enabled(3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object is used to configure verification of
         the advertised 'router flag' to be disabled / enabled
         None(1) indicates that validation of this field in NA message will be bypassed."
    DEFVAL { none }
    ::= { eltMesIssL2Ip6NDInspPolicyEntry 3 }

eltMesIssL2Ip6NDInspSbit OBJECT-TYPE
    SYNTAX      INTEGER {
                    none(1),
                    disabled(2),
                    enabled(3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object is used to configure verification of
         the advertised 'solicited flag' to be disabled / enabled
         None(1) indicates that validation of this field in NA message will be bypassed."
    DEFVAL { none }
    ::= { eltMesIssL2Ip6NDInspPolicyEntry 4 }

eltMesIssL2Ip6NDInspObit OBJECT-TYPE
    SYNTAX      INTEGER {
                    none(1),
                    disabled(2),
                    enabled(3)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object is used to configure verification of
         the advertised 'override flag' to be disabled / enabled
         None(1) indicates that validation of this field in NA message will be bypassed."
    DEFVAL { none }
    ::= { eltMesIssL2Ip6NDInspPolicyEntry 5 }

eltMesIssL2Ip6NDInspTgtAddrAclId OBJECT-TYPE
    SYNTAX      INTEGER(0..65535)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object configures the target IPv6 ACL id used to validate the
         target IPv6 address field in NA message.
         Value 0 indicates that no target IPv6 ACL is associated to the policy entry."
    DEFVAL { 0 }
    ::= { eltMesIssL2Ip6NDInspPolicyEntry 6 }

eltMesIssL2Ip6NDInspTgtMacAclId OBJECT-TYPE
    SYNTAX      INTEGER(0..65535)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object onfigures the access list for the policy entry
         which is used to validate the target link layer address option carried by NA message.
         Value 0 indicates that no access list is associated to the policy entry."
    DEFVAL { 0 }
    ::= { eltMesIssL2Ip6NDInspPolicyEntry 7 }

eltMesIssL2Ip6NDInspPolicyRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object is used to create or delete the entry in the ND Inspection policy table."
    ::= { eltMesIssL2Ip6NDInspPolicyEntry 8 }

-- --------------------------------------------------------------------------
-- L2 IPv6 ND Inspection Source IPv6 Address ACL Configuration
-- --------------------------------------------------------------------------

eltMesIssL2Ip6NDInspSrcAddrAclTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssL2Ip6NDInspSrcAddrAclEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table contains source IPv6 prefix ACL information that can
         be set as match criteria in the ND Inspection policy entry.
         This can be used for validating the source IPv6 carried by
         incoming NA messages."
    ::= { eltMesIssL2Ip6NDInspPolicyConfig 2 }

eltMesIssL2Ip6NDInspSrcAddrAclEntry OBJECT-TYPE
    SYNTAX      EltMesIssL2Ip6NDInspSrcAddrAclEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each entry contains the source IPv6 prefixes used to validate the prefix information
         carried in NA messages."
    INDEX { eltMesIssL2Ip6NDInspSrcAddrAclNo,
            eltMesIssL2Ip6NDInspSrcAddrAclEntryNo }
    ::= { eltMesIssL2Ip6NDInspSrcAddrAclTable 1 }

EltMesIssL2Ip6NDInspSrcAddrAclEntry ::= SEQUENCE     {
    eltMesIssL2Ip6NDInspSrcAddrAclNo               INTEGER,
    eltMesIssL2Ip6NDInspSrcAddrAclEntryNo          INTEGER,
    eltMesIssL2Ip6NDInspSrcAddrAclAddr             InetAddressIPv6,
    eltMesIssL2Ip6NDInspSrcAddrAclPrefixLen        INTEGER,
    eltMesIssL2Ip6NDInspSrcAddrAclRowStatus        RowStatus
}

eltMesIssL2Ip6NDInspSrcAddrAclNo OBJECT-TYPE
    SYNTAX      INTEGER(1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object indicates the source IPv6 prefix ACL id of this entry.
         The source IPv6 prefix ACL id can be mapped to ND Inspection policy entry to
         configure the matching criteria for the policy entry."
    ::= { eltMesIssL2Ip6NDInspSrcAddrAclEntry 1 }

eltMesIssL2Ip6NDInspSrcAddrAclEntryNo OBJECT-TYPE
    SYNTAX      INTEGER(1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object indicates entry number for each source IPv6 prefix.
         For a single source IPv6 prefix ACL id, many entries can be created. Thus several
         source IPv6 prefixes can be associated to a prefix ACL id."
    ::= { eltMesIssL2Ip6NDInspSrcAddrAclEntry 2 }

eltMesIssL2Ip6NDInspSrcAddrAclAddr OBJECT-TYPE
    SYNTAX      InetAddressIPv6
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object is used to configure source IPv6 prefix value of this entry."
    ::= { eltMesIssL2Ip6NDInspSrcAddrAclEntry 3 }

eltMesIssL2Ip6NDInspSrcAddrAclPrefixLen OBJECT-TYPE
    SYNTAX      INTEGER(1..128)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object is used to configure prefix length for each source IPv6 prefix."
    ::= { eltMesIssL2Ip6NDInspSrcAddrAclEntry 4 }

eltMesIssL2Ip6NDInspSrcAddrAclRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object is used to create or delete entry in the source IPv6 address prefix ACL table."
    ::= { eltMesIssL2Ip6NDInspSrcAddrAclEntry 5 }

-- --------------------------------------------------------------------------
-- L2 IPv6 ND Inspection Target IPv6 Address ACL Configuration
-- --------------------------------------------------------------------------

eltMesIssL2Ip6NDInspTgtAddrAclTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssL2Ip6NDInspTgtAddrAclEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table contains IPv6 address prefix ACL information that can be
         set as match criteria in the ND Inspection policy entry.
         This can be used for validating the IPv6 address prefixes carried by incoming NA messages."
    ::= { eltMesIssL2Ip6NDInspPolicyConfig 3 }

eltMesIssL2Ip6NDInspTgtAddrAclEntry OBJECT-TYPE
    SYNTAX      EltMesIssL2Ip6NDInspTgtAddrAclEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each entry contains the IPv6 address prefixes used to validate the prefix information
         carried in NA messages."
    INDEX { eltMesIssL2Ip6NDInspTgtAddrAclNo,
            eltMesIssL2Ip6NDInspTgtAddrAclEntryNo }
    ::= { eltMesIssL2Ip6NDInspTgtAddrAclTable 1 }

EltMesIssL2Ip6NDInspTgtAddrAclEntry ::= SEQUENCE     {
    eltMesIssL2Ip6NDInspTgtAddrAclNo            INTEGER,
    eltMesIssL2Ip6NDInspTgtAddrAclEntryNo       INTEGER,
    eltMesIssL2Ip6NDInspTgtAddrAclAddr          InetAddressIPv6,
    eltMesIssL2Ip6NDInspTgtAddrAclPrefixLen     INTEGER,
    eltMesIssL2Ip6NDInspTgtAddrAclRowStatus     RowStatus
}

eltMesIssL2Ip6NDInspTgtAddrAclNo OBJECT-TYPE
    SYNTAX      INTEGER(1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object indicates the prefix ACL number of this entry.
         This prefix ACL id can be mapped to ND Inspection policy entry
         to configure the matching criteria for the policy entry."
    ::= { eltMesIssL2Ip6NDInspTgtAddrAclEntry 1 }

eltMesIssL2Ip6NDInspTgtAddrAclEntryNo OBJECT-TYPE
    SYNTAX      INTEGER(1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object indicates entry number for each prefix.
         For a single prefix ACL id, many entries can be created. Thus several prefixes can be associated to
         a prefix ACL id."
    ::= { eltMesIssL2Ip6NDInspTgtAddrAclEntry 2 }

eltMesIssL2Ip6NDInspTgtAddrAclAddr OBJECT-TYPE
    SYNTAX      InetAddressIPv6
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object is used to configure target IPv6 address value for this entry."
    ::= { eltMesIssL2Ip6NDInspTgtAddrAclEntry 3 }

eltMesIssL2Ip6NDInspTgtAddrAclPrefixLen OBJECT-TYPE
    SYNTAX      INTEGER(1..128)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object is used to configure prefix length for each target IPv6 address."
    ::= { eltMesIssL2Ip6NDInspTgtAddrAclEntry 4 }

eltMesIssL2Ip6NDInspTgtAddrAclRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object is used to create or delete entry in the prefix ACL table."
    ::= { eltMesIssL2Ip6NDInspTgtAddrAclEntry 5 }


-- --------------------------------------------------------------------------
-- L2 IPv6 ND Inspection Target Mac Address Option ACL Configuration
-- --------------------------------------------------------------------------

eltMesIssL2Ip6NDInspTgtMacAclTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltMesIssL2Ip6NDInspTgtMacAclEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table contains access list information to be
         set as match criteria in the ND Inspection policy table
         to validate the incoming NA message."
    ::= { eltMesIssL2Ip6NDInspPolicyConfig 4 }

eltMesIssL2Ip6NDInspTgtMacAclEntry OBJECT-TYPE
    SYNTAX      EltMesIssL2Ip6NDInspTgtMacAclEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each entry contains the information about access list."
    INDEX { eltMesIssL2Ip6NDInspTgtMacAclNo,
            eltMesIssL2Ip6NDInspTgtMacAclEntryNo }
    ::= { eltMesIssL2Ip6NDInspTgtMacAclTable 1 }

EltMesIssL2Ip6NDInspTgtMacAclEntry ::= SEQUENCE     {
    eltMesIssL2Ip6NDInspTgtMacAclNo              INTEGER,
    eltMesIssL2Ip6NDInspTgtMacAclEntryNo         INTEGER,
    eltMesIssL2Ip6NDInspTgtMacAclMacAddr         MacAddress,
    eltMesIssL2Ip6NDInspTgtMacAclRowStatus       RowStatus
}

eltMesIssL2Ip6NDInspTgtMacAclNo OBJECT-TYPE
    SYNTAX      INTEGER(1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object indicates the ACL number for this entry.
         This ACL number can be mapped to ND Inspection policy entry
         to configure the matching criteria for the policy entry."
    ::= { eltMesIssL2Ip6NDInspTgtMacAclEntry 1 }

eltMesIssL2Ip6NDInspTgtMacAclEntryNo OBJECT-TYPE
    SYNTAX      INTEGER(1..100)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This object indicates an entry associated with the ACL number.
         For a single ACL number, many entries can be created.
         Thus several MAC addresses can be associated to an ACL number."
    ::= { eltMesIssL2Ip6NDInspTgtMacAclEntry 2 }

eltMesIssL2Ip6NDInspTgtMacAclMacAddr OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object is used to configure the target MAC address
         associated with the ACL id."
    ::= { eltMesIssL2Ip6NDInspTgtMacAclEntry 3 }

eltMesIssL2Ip6NDInspTgtMacAclRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object is used to create or delete entry in the ND Inspection MAC ACL table."
    ::= { eltMesIssL2Ip6NDInspTgtMacAclEntry 4 }

END
