-- Port Security MIB overview:
-- Port Security MIB falls under fastPath MIB node of the private subtree.

LANCOM-PORTSECURITY-PRIVATE-MIB DEFINITIONS ::= BEGIN

-- Broadcom FASTPATH Port Security MIB
-- Copyright 2016-2020 Broadcom.
-- This SNMP Management Information Specification
-- embodies Broadcom's confidential and proprietary
-- intellectual property.  Broadcom retains all title
-- and ownership in the Specification including any revisions.

-- This Specification is supplied "AS IS", Broadcom 
-- makes no warranty, either expressed or implied,
-- as to the use, operation, condition, or performance of the
-- Specification.



IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Unsigned32                          FROM SNMPv2-SMI
    TEXTUAL-CONVENTION,RowStatus,
    MacAddress                          FROM SNMPv2-TC
    ifIndex                             FROM IF-MIB
    DisplayString                       FROM RFC1213-MIB
    fastPath                            FROM LANCOM-REF-MIB;

    fastPathPortSecurity MODULE-IDENTITY
           LAST-UPDATED "201101260000Z" -- 26 January 2011 12:00:00 GMT
           ORGANIZATION "Broadcom "
           CONTACT-INFO
           "                      Customer Support
           Postal:                Broadcom 
                                  1030 Swabia Court
                                  Suite 400
                                  Durham, NC 27703
           Tel:                   +1 919 865 2700"
 
     DESCRIPTION
          "The Broadcom Private MIB for FASTPATH Port Security Feature."

      -- Revision history.
      REVISION
          "201101260000Z" -- 26 January 2011 12:00:00 GMT
      DESCRIPTION
          "Postal address updated."
      REVISION
          "200705230000Z" -- 23 May 2007 12:00:00 GMT
      DESCRIPTION
          "Broadcom branding related changes."

      ::= { fastPath 20 }


     --**************************************************************************************
    -- agentPortSecurityGroup -> contains MIB objects displaying Port Security
    -- and associated Functionality 
    --
    --**************************************************************************************

agentPortSecurityGroup OBJECT IDENTIFIER ::= { fastPathPortSecurity 1}

agentGlobalPortSecurityMode OBJECT-TYPE
    SYNTAX      INTEGER {
                enable(1),
                disable(2)
                }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "Mode showing whether at the global level, port security is enabled or not."
    DEFVAL { disable }
        ::={ agentPortSecurityGroup 1 }

agentPortSecurityTable OBJECT-TYPE
        SYNTAX             SEQUENCE OF AgentPortSecurityEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION "A table for Port Security and associated functionality."
        ::= { agentPortSecurityGroup 2 }

agentPortSecurityEntry OBJECT-TYPE
        SYNTAX AgentPortSecurityEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION "Represents entry for port security table"
        INDEX       { ifIndex }
        ::={ agentPortSecurityTable 1}

        AgentPortSecurityEntry ::=
                SEQUENCE {
                agentPortSecurityMode
                        INTEGER,
                agentPortSecurityDynamicLimit
                        Unsigned32,
                agentPortSecurityStaticLimit
                        Unsigned32,
                agentPortSecurityViolationTrapMode
                        INTEGER,
                agentPortSecurityStaticMACs
                        DisplayString,
                agentPortSecurityLastDiscardedMAC
                        DisplayString,
                agentPortSecurityMACAddressAdd
                        DisplayString,
                agentPortSecurityMACAddressRemove
                        DisplayString,
                agentPortSecurityMACAddressMove
                        INTEGER,
                agentPortSecurityStickyMode
                        INTEGER
                }

        agentPortSecurityMode OBJECT-TYPE
          SYNTAX      INTEGER {
                enable(1),
                disable(2)
                }
          MAX-ACCESS read-write
          STATUS current
          DESCRIPTION
                "Mode showing whether at port level security is enabled or not."
          DEFVAL { disable }
          ::={ agentPortSecurityEntry 1 }

        agentPortSecurityDynamicLimit OBJECT-TYPE
        SYNTAX  Unsigned32(0..600)
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "This variable signifies the limit of dynamically locked MAC addresses
                         allowed on a specific port."
            DEFVAL { 600 }
        ::={ agentPortSecurityEntry 2 }

        agentPortSecurityStaticLimit OBJECT-TYPE
        SYNTAX  Unsigned32(0..20)
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "This variable signifies the limit of statically locked MAC addresses
                         allowed on a specific port."
            DEFVAL { 20 }
                ::={ agentPortSecurityEntry 3 }


        agentPortSecurityViolationTrapMode OBJECT-TYPE
                SYNTAX      INTEGER {
                    enable(1),
                    disable(2)
                    }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "This variable is used to enable or disable the sending of new violation
                         traps designating when a packet with a disallowed MAC address is
                         received on a locked port."
                ::={agentPortSecurityEntry 4 }

        agentPortSecurityStaticMACs OBJECT-TYPE
                SYNTAX      DisplayString
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "This variable displays the statically locked MAC addresses for port.
                         The list displayed in a particular fashion :
                         2 a0:b1:c2:d1:e3:a1,11 a0:b1:c2:d3:e4:f5
                         (i.e., VLAN MAC pairs followed by a 1 or 0 to indicate a sticky entry, separated by commas)."
                ::={agentPortSecurityEntry 6 }

        agentPortSecurityLastDiscardedMAC OBJECT-TYPE
                SYNTAX      DisplayString
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "This variable displays the vlan-id and source MAC address of the last packet that was
                         discarded on a locked port."
                ::={agentPortSecurityEntry 7 }
                
        
        agentPortSecurityMACAddressAdd OBJECT-TYPE
                SYNTAX      DisplayString
                MAX-ACCESS  read-write 
                STATUS current
                DESCRIPTION
                "This MIB variable accepts a VLAN id, MAC address and the sticky value to be added to the list
                 of statically locked MAC addresses on a port. The VLAN id, MAC address and sticky value combination
                 would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1 1(the vlan-id, MAC address
                 and sticky value separated by blank-spaces)."
                ::={ agentPortSecurityEntry 8 }
    
        agentPortSecurityMACAddressRemove OBJECT-TYPE
                SYNTAX      DisplayString
                MAX-ACCESS  read-write 
                STATUS current
                DESCRIPTION
                "This MIB variable accepts a VLAN id and MAC address to be removed from the list
                of statically locked MAC addresses on a port.. The VLAN id and MAC address combination
                would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and
                MAC address separated by a blank-space)."
                ::={ agentPortSecurityEntry 9 }
    
        agentPortSecurityMACAddressMove OBJECT-TYPE
                SYNTAX      INTEGER {
                enable(1),
                disable(2)
                }
                MAX-ACCESS  read-write
                STATUS current
                DESCRIPTION
                "When this object is enabled, all the dynamically locked MAC addresses will
                 be moved to statically locked addresses on a port. GET operation on this object will display 
                 disable." 
                 ::={ agentPortSecurityEntry 10 }

          agentPortSecurityStickyMode OBJECT-TYPE
              SYNTAX      INTEGER {
                    enable(1),
                    disable(2)
                    }
                    MAX-ACCESS read-write
                    STATUS current
                    DESCRIPTION
                          "This object is used to configure port level security sticky mode in a port."
                    DEFVAL { disable }
                    ::={ agentPortSecurityEntry 11 }

 --**********************************************************************--

        agentPortSecurityDynamicTable OBJECT-TYPE
            SYNTAX       SEQUENCE OF AgentPortSecurityDynamicEntry
            MAX-ACCESS   not-accessible
            STATUS       current
            DESCRIPTION "A table for Port Security Dynamic and associated functionality."
            ::= { agentPortSecurityGroup 3 }

        agentPortSecurityDynamicEntry OBJECT-TYPE
            SYNTAX AgentPortSecurityDynamicEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION "Represents entry for port MAC Locking table"
            INDEX       { ifIndex,agentPortSecurityDynamicVLANId,agentPortSecurityDynamicMACAddress }
            ::={ agentPortSecurityDynamicTable 1}

        AgentPortSecurityDynamicEntry ::=
                SEQUENCE {
                agentPortSecurityDynamicVLANId
                        Unsigned32,
                agentPortSecurityDynamicMACAddress
                        MacAddress
                }

        
        agentPortSecurityDynamicVLANId OBJECT-TYPE
                SYNTAX      Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Source VLAN id of the packet that is received on the dynamically locked port."
                ::={agentPortSecurityDynamicEntry 1 }
                
        
        agentPortSecurityDynamicMACAddress OBJECT-TYPE
                SYNTAX  MacAddress
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Source MAC address of the packet that is received on the dynamically locked port."
            ::={ agentPortSecurityDynamicEntry 2 }


        agentGlobalPortSecurityStickyMode OBJECT-TYPE
            SYNTAX      INTEGER {
                        enable(1),
                        disable(2)
                        }
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                    "This object is used to apply the Sticky Mode to all ports.
                 This is write-only value. It always returns 'disable' on request" 
            DEFVAL { disable }
            ::={ agentPortSecurityGroup 4 }

        agentGlobalPortSecurityViolationTrapMode OBJECT-TYPE
            SYNTAX      INTEGER {
                        enable(1),
                        disable(2)
                        }
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
                        "This variable is used to enable or disable the sending of new violation
                         traps designating when a packet with a disallowed MAC address is
                         received on a locked port. The configuration will be done on all ports.
                         This is write-only value. It always returns 'disable' on request"
            DEFVAL { disable }
            ::={ agentPortSecurityGroup 5 }
                 
    --**************************************************************************************
    -- agentPortSecurity   Traps
    --
    --**************************************************************************************

    agentPortSecurityTraps                           OBJECT IDENTIFIER ::= { fastPathPortSecurity 2 }

    agentPortSecurityViolation NOTIFICATION-TYPE
        OBJECTS {
                 ifIndex,
                 agentPortSecurityLastDiscardedMAC
                }
        STATUS  current
        DESCRIPTION
            "Sent when a packet is received on a locked port with a source MAC address 
             that is not allowed."
         ::= { agentPortSecurityTraps 1 }

END
