-- Port Security MIB overview:
-- Port Security MIB falls under fastPath MIB node of the private subtree.

FASTPATH-PORTSECURITY-PRIVATE-MIB DEFINITIONS ::= BEGIN

-- Broadcom Corporation FASTPATH Port Security MIB
-- Copyright Broadcom Corporation(2004-2007) All rights reserved.

-- This SNMP Management Information Specification
-- embodies Broadcom Corporation's confidential and proprietary
-- intellectual property.  Broadcom Corporation retains all title
-- and ownership in the Specification including any revisions.

-- This Specification is supplied "AS IS", Broadcom Corporation
-- makes no warranty, either expressed or implied,
-- as to the use, operation, condition, or performance of the
-- Specification.



IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Unsigned32                          FROM SNMPv2-SMI
    TEXTUAL-CONVENTION,RowStatus,
    MacAddress                          FROM SNMPv2-TC
    ifIndex                             FROM IF-MIB

    DisplayString		        FROM RFC1213-MIB
    fastPath                    FROM BROADCOM-REF-MIB;

    fastPathPortSecurity MODULE-IDENTITY
           LAST-UPDATED "200705230000Z" -- 23 May 2007 12:00:00 GMT
           ORGANIZATION "Broadcom Corporation"
           CONTACT-INFO
           "                      Customer Support
           Postal:                Broadcom Corporation
                                   100 Perimeter Park Dr., Suite H
                                   Morrisville, NC 27560
           Tel:                   +1 919 865 2700"
 
     DESCRIPTION
          "The Broadcom Private MIB for FASTPATH Port Security Feature."

      -- Revision history.
      REVISION
          "200705230000Z" -- 23 May 2007 12:00:00 GMT
      DESCRIPTION
          "Broadcom branding related changes."

      ::= { fastPath 20 }


     --**************************************************************************************
    -- agentPortSecurityGroup -> contains MIB objects displaying Port Security
    -- and associated Functionality 
    --
    --**************************************************************************************

agentPortSecurityGroup OBJECT IDENTIFIER ::= { fastPathPortSecurity 1}

agentGlobalPortSecurityMode OBJECT-TYPE
    SYNTAX      INTEGER {
                enable(1),
                disable(2)
                }
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
		"Mode showing whether at the global level, port security is enabled or not." 
    DEFVAL { disable }
	::={ agentPortSecurityGroup 1 }
	
agentPortSecurityTable OBJECT-TYPE
	SYNTAX	     SEQUENCE OF AgentPortSecurityEntry
	MAX-ACCESS   not-accessible
	STATUS       current
	DESCRIPTION "A table for Port Security and associated functionality."
	::= { agentPortSecurityGroup 2 }

agentPortSecurityEntry OBJECT-TYPE
	SYNTAX AgentPortSecurityEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION "Represents entry for port security table"
	INDEX       { ifIndex }
	::={ agentPortSecurityTable 1}

	AgentPortSecurityEntry ::=
		SEQUENCE {
		agentPortSecurityMode
			INTEGER,
		agentPortSecurityDynamicLimit
			Unsigned32,
		agentPortSecurityStaticLimit
			Unsigned32,
                agentPortSecurityViolationTrapMode
                        INTEGER,
                agentPortSecurityStaticMACs
                        DisplayString,
                agentPortSecurityLastDiscardedMAC
                        DisplayString,
                agentPortSecurityMACAddressAdd
                        DisplayString,
                agentPortSecurityMACAddressRemove
                        DisplayString,
                agentPortSecurityMACAddressMove
                        INTEGER				
		}

	agentPortSecurityMode OBJECT-TYPE
          SYNTAX      INTEGER {
                enable(1),
                disable(2)
                }
	  MAX-ACCESS read-write
	  STATUS current
	  DESCRIPTION
		"Mode showing whether at port level security is enabled or not." 
          DEFVAL { disable }
          ::={ agentPortSecurityEntry 1 }
	
	agentPortSecurityDynamicLimit OBJECT-TYPE
        SYNTAX  Unsigned32(0..600)
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"This variable signifies the limit of dynamically locked MAC addresses 
			 allowed on a specific port."
	    DEFVAL { 600 }
	::={ agentPortSecurityEntry 2 } 
		
	agentPortSecurityStaticLimit OBJECT-TYPE
    SYNTAX  Unsigned32(0..100)
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"This variable signifies the limit of statically locked MAC addresses 
			 allowed on a specific port."
		::={ agentPortSecurityEntry 3 }
		
		
	agentPortSecurityViolationTrapMode OBJECT-TYPE
		SYNTAX      INTEGER {
                    enable(1),
                    disable(2)
                    }
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"This variable is used to enable or disable the sending of new violation 
			 traps designating when a packet with a disallowed MAC address is 
			 received on a locked port."
		::={agentPortSecurityEntry 4 }
		
	agentPortSecurityStaticMACs OBJECT-TYPE
		SYNTAX      DisplayString
		MAX-ACCESS read-only
		STATUS current
		DESCRIPTION
			"This variable displays the statically locked MAC addresses for port.
			 The list displayed in a particular fashion :
			 2 a0:b1:c2:d1:e3:a1,11 a0:b1:c2:d3:e4:f5 
			 (i.e., VLAN MAC pairs separated by commas)."
		::={agentPortSecurityEntry 6 }
		
	agentPortSecurityLastDiscardedMAC OBJECT-TYPE
		SYNTAX      DisplayString
		MAX-ACCESS read-only
		STATUS current
		DESCRIPTION
			"This variable displays the vlan-id and source MAC address of the last packet that was
			 discarded on a locked port."
		::={agentPortSecurityEntry 7 }
                
        
        agentPortSecurityMACAddressAdd OBJECT-TYPE
                SYNTAX      DisplayString
                MAX-ACCESS  read-write 
                STATUS current
	        DESCRIPTION
		"This MIB variable accepts a VLAN id and MAC address to be added to the list
		 of statically locked MAC addresses on a port. The VLAN id and MAC address combination 
		 would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and
		 MAC address separated by a blank-space)." 
                ::={ agentPortSecurityEntry 8 }
    
        agentPortSecurityMACAddressRemove OBJECT-TYPE
                SYNTAX      DisplayString
                MAX-ACCESS  read-write 
	        STATUS current
	        DESCRIPTION
		"This MIB variable accepts a VLAN id and MAC address to be removed from the list
		 of statically locked MAC addresses on a port.. The VLAN id and MAC address combination 
		 would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and
		 MAC address separated by a blank-space)." 
                ::={ agentPortSecurityEntry 9 }
    
        agentPortSecurityMACAddressMove OBJECT-TYPE
                SYNTAX      INTEGER {
                enable(1),
                disable(2)
                }
                MAX-ACCESS  read-write
	        STATUS current
	        DESCRIPTION
		"When this object is enabled, all the dynamically locked MAC addresses will
                 be moved to statically locked addresses on a port. GET operation on this object will display 
                 disable." 
                 ::={ agentPortSecurityEntry 10 }
 --**********************************************************************--

        agentPortSecurityDynamicTable OBJECT-TYPE
            SYNTAX       SEQUENCE OF AgentPortSecurityDynamicEntry
            MAX-ACCESS   not-accessible
            STATUS       current
            DESCRIPTION "A table for Port Security Dynamic and associated functionality."
            ::= { agentPortSecurityGroup 3 }

        agentPortSecurityDynamicEntry OBJECT-TYPE
            SYNTAX AgentPortSecurityDynamicEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION "Represents entry for port MAC Locking table"
            INDEX       { ifIndex,agentPortSecurityDynamicVLANId,agentPortSecurityDynamicMACAddress }
            ::={ agentPortSecurityDynamicTable 1}

        AgentPortSecurityDynamicEntry ::=
                SEQUENCE {
                agentPortSecurityDynamicVLANId
                        Unsigned32,
                agentPortSecurityDynamicMACAddress
                        MacAddress
                }

        
        agentPortSecurityDynamicVLANId OBJECT-TYPE
                SYNTAX      Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Source VLAN id of the packet that is received on the dynamically locked port."
                ::={agentPortSecurityDynamicEntry 1 }
                
        
        agentPortSecurityDynamicMACAddress OBJECT-TYPE
                SYNTAX  MacAddress
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Source MAC address of the packet that is received on the dynamically locked port."
            ::={ agentPortSecurityDynamicEntry 2 }

                 
    --**************************************************************************************
    -- agentPortSecurity   Traps
    --
    --**************************************************************************************

    agentPortSecurityTraps                           OBJECT IDENTIFIER ::= { fastPathPortSecurity 2 }

    agentPortSecurityViolation NOTIFICATION-TYPE
        OBJECTS {
                 ifIndex,
                 agentPortSecurityLastDiscardedMAC
                }
        STATUS  current
        DESCRIPTION
            "Sent when a packet is received on a locked port with a source MAC address 
             that is not allowed."
         ::= { agentPortSecurityTraps 1 }



END

