HM2-PLATFORM-PORTSECURITY-MIB DEFINITIONS ::= BEGIN

-- 
-- ***********************************************************
-- Hirschmann Platform Portsecurity MIB
-- ***********************************************************
--

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Unsigned32                          FROM SNMPv2-SMI
    DisplayString,
    MacAddress,
    TruthValue                          FROM SNMPv2-TC
    ifIndex                             FROM IF-MIB
   	hm2PlatformMibs, HmEnabledStatus	FROM HM2-TC-MIB;

hm2PlatformPortSecurity MODULE-IDENTITY
	LAST-UPDATED "201107120000Z" -- July 12, 2011
    ORGANIZATION "Hirschmann Automation and Control GmbH"
    CONTACT-INFO
        "Postal:     Stuttgarter Str. 45-51
                     72654 Neckartenzlingen
                     Germany
         Phone:      +49 7127 140
         E-mail:     hac.support@belden.com"
   	DESCRIPTION
          "The Hirschmann Private Platform2 MIB for Port Security Feature.
		   Copyright (C) 2011. All Rights Reserved."
    REVISION
          "201107120000Z" -- 12 July 2011 12:00:00 GMT
    DESCRIPTION
          "Initial release."
      ::= { hm2PlatformMibs 20 }

     --**************************************************************************************
    -- hm2AgentPortSecurityGroup -> contains MIB objects displaying Port Security
    --
    --**************************************************************************************

hm2AgentPortSecurityGroup OBJECT IDENTIFIER ::= { hm2PlatformPortSecurity 1}

hm2AgentGlobalPortSecurityMode OBJECT-TYPE
    SYNTAX      HmEnabledStatus
	MAX-ACCESS 	read-write
	STATUS 		current
	DESCRIPTION
		"Mode showing whether at the global level, port security is enabled or not."
    DEFVAL { disable }
	::={ hm2AgentPortSecurityGroup 1 }

hm2AgentPortSecurityTable OBJECT-TYPE
	SYNTAX	     SEQUENCE OF Hm2AgentPortSecurityEntry
	MAX-ACCESS   not-accessible
	STATUS       current
	DESCRIPTION "A table for Port Security and associated functionality."
	::= { hm2AgentPortSecurityGroup 2 }

hm2AgentPortSecurityEntry OBJECT-TYPE
	SYNTAX Hm2AgentPortSecurityEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION "Represents entry for port security table"
	INDEX       { ifIndex }
	::={ hm2AgentPortSecurityTable 1}

	Hm2AgentPortSecurityEntry ::=
		SEQUENCE {
		hm2AgentPortSecurityMode
			HmEnabledStatus,
		hm2AgentPortSecurityDynamicLimit
			Unsigned32,
		hm2AgentPortSecurityStaticLimit
			Unsigned32,
        hm2AgentPortSecurityViolationTrapMode
        	HmEnabledStatus,
        hm2AgentPortSecurityStaticMACs
    		DisplayString,
        hm2AgentPortSecurityLastDiscardedMAC
        	DisplayString,
        hm2AgentPortSecurityMACAddressAdd
    		DisplayString,
        hm2AgentPortSecurityMACAddressRemove
        	DisplayString,
        hm2AgentPortSecurityMACAddressMove
        	HmEnabledStatus,
        hm2AgentPortSecurityDynamicCount
        	Unsigned32,
        hm2AgentPortSecurityStaticCount
        	Unsigned32,
    	hm2AgentPortSecurityViolationTrapCount
        	Unsigned32,
        hm2AgentPortSecurityViolationTrapFrequency
        	Unsigned32,
        hm2AgentPortSecurityAutoDisable
            TruthValue,
        hm2AgentPortSecurityStaticIpCount
            Unsigned32,
        hm2AgentPortSecurityStaticIPs
            DisplayString,
        hm2AgentPortSecurityIPAddressAdd
            DisplayString,
        hm2AgentPortSecurityIPAddressRemove
            DisplayString
		}

	hm2AgentPortSecurityMode OBJECT-TYPE
      SYNTAX      	HmEnabledStatus
	  MAX-ACCESS 	read-write
	  STATUS 		current
	  DESCRIPTION
		"Mode showing whether at port level security is enabled or not."
          DEFVAL { disable }
          ::={ hm2AgentPortSecurityEntry 1 }

	hm2AgentPortSecurityDynamicLimit OBJECT-TYPE
        SYNTAX  Unsigned32(0..600)
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"This variable signifies the limit of dynamically locked MAC addresses
			 allowed on a specific port."
	    DEFVAL { 600 }
	::={ hm2AgentPortSecurityEntry 2 }

	hm2AgentPortSecurityStaticLimit OBJECT-TYPE
        SYNTAX  Unsigned32(0..64)
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"This variable signifies the limit of statically locked MAC addresses
			 allowed on a specific port."
	    DEFVAL { 64 }
		::={ hm2AgentPortSecurityEntry 3 }

	hm2AgentPortSecurityViolationTrapMode OBJECT-TYPE
		SYNTAX      HmEnabledStatus
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"This variable is used to enable or disable the sending of new violation
			 traps designating when a packet with a disallowed MAC address is
			 received on a locked port."
		DEFVAL { disable }
		::={hm2AgentPortSecurityEntry 4 }

	hm2AgentPortSecurityStaticMACs OBJECT-TYPE
		SYNTAX      DisplayString (SIZE(0..1536))
		MAX-ACCESS read-only
		STATUS current
		DESCRIPTION
			"This variable displays the statically locked MAC addresses for port.
			 The list displayed in a particular fashion :
			 2 a0:b1:c2:d1:e3:a1,11 a0:b1:c2:d3:e4:f5
			 (i.e., VLAN MAC pairs separated by commas)."
		::={hm2AgentPortSecurityEntry 6 }

	hm2AgentPortSecurityLastDiscardedMAC OBJECT-TYPE
		SYNTAX      DisplayString
		MAX-ACCESS read-only
		STATUS current
		DESCRIPTION
			"This variable displays the vlan-id and source MAC address of the last packet that was
			 discarded on a locked port."
		::={hm2AgentPortSecurityEntry 7 }


	hm2AgentPortSecurityMACAddressAdd OBJECT-TYPE
    	SYNTAX      DisplayString
        MAX-ACCESS  read-write
        STATUS current
	    DESCRIPTION
			"This MIB variable accepts a VLAN id and MAC address to be added to the list
		 	of statically locked MAC addresses on a port. The VLAN id and MAC address combination
		 	would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and
		 	MAC address separated by a blank-space)."
        ::={ hm2AgentPortSecurityEntry 8 }

    hm2AgentPortSecurityMACAddressRemove OBJECT-TYPE
    	SYNTAX      DisplayString
        MAX-ACCESS  read-write
	    STATUS current
	    DESCRIPTION
			"This MIB variable accepts a VLAN id and MAC address to be removed from the list
		 	of statically locked MAC addresses on a port.. The VLAN id and MAC address combination
		 	would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and
		 	MAC address separated by a blank-space)."
        ::={ hm2AgentPortSecurityEntry 9 }

     hm2AgentPortSecurityMACAddressMove OBJECT-TYPE
    	SYNTAX      HmEnabledStatus
        MAX-ACCESS  read-write
	    STATUS current
	    DESCRIPTION
			"When this object is enabled, all the dynamically locked MAC addresses will
             be moved to statically locked addresses on a port. GET operation on this object will display
             disable."
        ::={ hm2AgentPortSecurityEntry 10 }

      hm2AgentPortSecurityDynamicCount OBJECT-TYPE
        SYNTAX  Unsigned32
		MAX-ACCESS read-only
		STATUS current
		DESCRIPTION
			"The current number of dynamically locked MAC addresses on this port."
		::={ hm2AgentPortSecurityEntry 20 }

	  hm2AgentPortSecurityStaticCount OBJECT-TYPE
        SYNTAX  Unsigned32
		MAX-ACCESS read-only
		STATUS current
		DESCRIPTION
			"The current number of statically locked MAC addresses on this port."
		::={ hm2AgentPortSecurityEntry 21 }

	  hm2AgentPortSecurityViolationTrapCount OBJECT-TYPE
        SYNTAX  Unsigned32
		MAX-ACCESS read-only
		STATUS current
		DESCRIPTION
			"The number of active violations for which a violation trap was sent on this port.
			 This counter is only valid when hm2AgentPortSecurityViolationTrapMode is enabled"
		::={ hm2AgentPortSecurityEntry 22 }
		
	  hm2AgentPortSecurityViolationTrapFrequency OBJECT-TYPE
		SYNTAX  Unsigned32 (0..3600)
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"The minimum seconds between two successive violation traps on this port."
	    DEFVAL { 0 }
		::={ hm2AgentPortSecurityEntry 23 }
		
	  hm2AgentPortSecurityAutoDisable OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object indicates whether a port is auto-disabled when the configured threshold is reached."
        DEFVAL { true }
        ::={ hm2AgentPortSecurityEntry 248 }

      hm2AgentPortSecurityStaticIpCount OBJECT-TYPE
        SYNTAX  Unsigned32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The current number of statically locked IP addresses on this port."
        ::={ hm2AgentPortSecurityEntry 249 }

      hm2AgentPortSecurityStaticIPs OBJECT-TYPE
        SYNTAX      DisplayString (SIZE(0..1536))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "This variable displays the statically locked IP addresses for port.
             The list displayed in a particular fashion :
             2 100.1.1.200, 11 110.2.2.100."
        ::={ hm2AgentPortSecurityEntry 250 }

      hm2AgentPortSecurityIPAddressAdd OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-write
        STATUS current
        DESCRIPTION
            "This MIB variable accepts a VLAN id and IP address to be added to the list
            of statically locked IP addresses on a port. The VLAN id and IP address combination
            would be entered in a particular fashion like :- 2 192.168.248.100 (the vlan-id and
            IP address separated by a blank-space)."
        ::={ hm2AgentPortSecurityEntry 251 }

       hm2AgentPortSecurityIPAddressRemove OBJECT-TYPE
        SYNTAX      DisplayString
        MAX-ACCESS  read-write
        STATUS current
        DESCRIPTION
            "This MIB variable accepts a VLAN id and IP address to be removed from the list
            of statically locked IP addresses on a port.. The VLAN id and IP address combination
            would be entered in a particular fashion like :- 2 192.168.248.100 (the vlan-id and
            IP address separated by a blank-space)."
        ::={ hm2AgentPortSecurityEntry 252 }

 --**********************************************************************--

 	hm2AgentPortSecurityDynamicTable OBJECT-TYPE
    	SYNTAX       SEQUENCE OF Hm2AgentPortSecurityDynamicEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION "A table for Port Security Dynamic and associated functionality."
        ::= { hm2AgentPortSecurityGroup 3 }

    hm2AgentPortSecurityDynamicEntry OBJECT-TYPE
    	SYNTAX Hm2AgentPortSecurityDynamicEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION "Represents entry for port MAC Locking table"
        INDEX       { ifIndex,hm2AgentPortSecurityDynamicVLANId,hm2AgentPortSecurityDynamicMACAddress }
        ::={ hm2AgentPortSecurityDynamicTable 1}

    Hm2AgentPortSecurityDynamicEntry ::=
    	SEQUENCE {
        	hm2AgentPortSecurityDynamicVLANId
            	Unsigned32,
            hm2AgentPortSecurityDynamicMACAddress
            	MacAddress
        }

     hm2AgentPortSecurityDynamicVLANId OBJECT-TYPE
     	SYNTAX      Unsigned32
        MAX-ACCESS read-only
        STATUS current
     	DESCRIPTION
        	"Source VLAN id of the packet that is received on the dynamically locked port."
        ::={hm2AgentPortSecurityDynamicEntry 1 }

     hm2AgentPortSecurityDynamicMACAddress OBJECT-TYPE
      	SYNTAX  MacAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
        	"Source MAC address of the packet that is received on the dynamically locked port."
        ::={ hm2AgentPortSecurityDynamicEntry 2 }

 --**********************************************************************--

 	 hm2AgentPortSecurityStaticTable OBJECT-TYPE
     	SYNTAX       SEQUENCE OF Hm2AgentPortSecurityStaticEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION "A table for Port Security Static and associated functionality."
        ::= { hm2AgentPortSecurityGroup 10 }

        hm2AgentPortSecurityStaticEntry OBJECT-TYPE
            SYNTAX Hm2AgentPortSecurityStaticEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION "Represents entry for port MAC Locking table"
            INDEX       { ifIndex,hm2AgentPortSecurityStaticVLANId,hm2AgentPortSecurityStaticMACAddress }
            ::={ hm2AgentPortSecurityStaticTable 1}

        Hm2AgentPortSecurityStaticEntry ::=
        	SEQUENCE {
                hm2AgentPortSecurityStaticVLANId
                	Unsigned32,
                hm2AgentPortSecurityStaticMACAddress
                	MacAddress
                }

        hm2AgentPortSecurityStaticVLANId OBJECT-TYPE
        	SYNTAX      Unsigned32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
            	"VLAN id of the statically locked address ."
            ::={hm2AgentPortSecurityStaticEntry 1 }

        hm2AgentPortSecurityStaticMACAddress OBJECT-TYPE
        	SYNTAX  MacAddress
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
            	"Statically locked MAC address."
            ::={ hm2AgentPortSecurityStaticEntry 2 }

--**********************************************************************--

     hm2AgentPortSecurityIpStaticTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF Hm2AgentPortSecurityIpStaticEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION "A table for Port Security Static and associated functionality."
        ::= { hm2AgentPortSecurityGroup 11 }

        hm2AgentPortSecurityIpStaticEntry OBJECT-TYPE
            SYNTAX Hm2AgentPortSecurityIpStaticEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION "Represents entry for port MAC Locking IP table"
            INDEX       { ifIndex,hm2AgentPortSecurityStaticIpVLANId,hm2AgentPortSecurityStaticIpAddress }
            ::={ hm2AgentPortSecurityIpStaticTable 1}

        Hm2AgentPortSecurityIpStaticEntry ::=
            SEQUENCE {
                hm2AgentPortSecurityStaticIpVLANId
                    Unsigned32,
                hm2AgentPortSecurityStaticIpAddress
                    IpAddress
                }

        hm2AgentPortSecurityStaticIpVLANId OBJECT-TYPE
            SYNTAX      Unsigned32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
                "VLAN id of the statically locked address ."
            ::={hm2AgentPortSecurityIpStaticEntry 1 }

        hm2AgentPortSecurityStaticIpAddress OBJECT-TYPE
            SYNTAX  IpAddress
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
                "Statically locked IP address."
            ::={ hm2AgentPortSecurityIpStaticEntry 2 }

--**************************************************************************************

hm2AgentPortSecurityOperationMode OBJECT-TYPE
    SYNTAX      INTEGER {
                macAddressBased(1),
                ipAddressBased(2)
                }
                
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "Mode showing which operational mode is enabled for port security (MAC vs. IP).
         In MAC mode, filtering is done based on MAC addresses added statically/dinamically.
         In IP mode, filtering is done based on MAC addresses resolved via ARP requests
         for the programmed IP address."
    DEFVAL { macAddressBased }
    ::={ hm2AgentPortSecurityGroup 12 }

    
    -- hm2AgentPortSecurity   Traps
    --
    --**************************************************************************************

    hm2AgentPortSecurityTraps  OBJECT IDENTIFIER ::= { hm2PlatformPortSecurity 2 }

    hm2AgentPortSecurityViolation NOTIFICATION-TYPE
        OBJECTS {
                 ifIndex,
                 hm2AgentPortSecurityLastDiscardedMAC
                }
        STATUS  current
        DESCRIPTION
            "Sent when a packet is received on a locked port with a source MAC address
             that is not allowed."
         ::= { hm2AgentPortSecurityTraps 1 }

END

