-- *****************************************************************
-- PSEC-MIB:  Cisco private MIB
-- ****************************************************************

CIE1000-PSEC-MIB DEFINITIONS ::= BEGIN

IMPORTS
    NOTIFICATION-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
    NOTIFICATION-TYPE, MODULE-IDENTITY, OBJECT-TYPE FROM SNMPv2-SMI
    TEXTUAL-CONVENTION FROM SNMPv2-TC
    cie1000SwitchMgmt FROM CISCO-IE1000-MIB
    CIE1000DisplayString FROM CIE1000-TC
    CIE1000InterfaceIndex FROM CIE1000-TC
    CIE1000Unsigned16 FROM CIE1000-TC
    Unsigned32 FROM SNMPv2-SMI
    MacAddress FROM SNMPv2-TC
    TruthValue FROM SNMPv2-TC
    ;

cie1000PsecMib MODULE-IDENTITY
    LAST-UPDATED "201606020000Z"
    ORGANIZATION
        "Cisco Systems, Inc."
    CONTACT-INFO
        "Cisco Systems
	 Customer Service

	 Postal: 170 West Tasman Drive
	 San Jose, CA  95134
	 USA

	 Tel: +1 800 553-NETS

	 E-mail: cs-snmp@cisco.com"
    DESCRIPTION
        "This is a private version of the Port Security MIB"
    REVISION    "201606020000Z"
    DESCRIPTION
        "Support SNMP trap"
    REVISION    "201412100000Z"
    DESCRIPTION
        "Remove user of DHCP snooping"
    REVISION    "201412080000Z"
    DESCRIPTION
        "Add users in status port table"
    REVISION    "201410130000Z"
    DESCRIPTION
        "Initial version"
    ::= { cie1000SwitchMgmt 66 }


CIE1000PsecLimitActionType ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "This enumeration defines the Action type in psec function."
    SYNTAX      INTEGER { none(0), trap(1), shutdown(2),
                          trapShutdown(3) }

CIE1000PsecStateType ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
        "This enumeration defines the state of Psec config."
    SYNTAX      INTEGER { forwarding(0), blocked(1) }

cie1000PsecMibObjects OBJECT IDENTIFIER
    ::= { cie1000PsecMib 1 }

cie1000PsecConfig OBJECT IDENTIFIER
    ::= { cie1000PsecMibObjects 2 }

cie1000PsecConfigGlobals OBJECT IDENTIFIER
    ::= { cie1000PsecConfig 1 }

cie1000PsecConfigGlobalsEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Globally enable/disable aging of secured entries. This doesn't affect
         aging of addresses secured by other modules."
    ::= { cie1000PsecConfigGlobals 1 }

cie1000PsecConfigGlobalsEnableAging OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If aging is globally enabled, this is the aging period in seconds.
         Valid range is [10; 10000000] seconds(max is around 115 days)."
    ::= { cie1000PsecConfigGlobals 2 }

cie1000PsecConfigGlobalsAgingPeriodSecs OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If aging is globally enabled, this is the aging period in seconds.
         Valid range is [10; 10000000] seconds(max is around 115 days)."
    ::= { cie1000PsecConfigGlobals 3 }

cie1000PsecConfigPortTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CIE1000PsecConfigPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This is a table of port configuration per session"
    ::= { cie1000PsecConfig 2 }

cie1000PsecConfigPortEntry OBJECT-TYPE
    SYNTAX      CIE1000PsecConfigPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each session has a set of parameters"
    INDEX       { cie1000PsecConfigPortIfIndex }
    ::= { cie1000PsecConfigPortTable 1 }

CIE1000PsecConfigPortEntry ::= SEQUENCE {
    cie1000PsecConfigPortIfIndex  CIE1000InterfaceIndex,
    cie1000PsecConfigPortEnabled  TruthValue,
    cie1000PsecConfigPortLimit    Unsigned32,
    cie1000PsecConfigPortAction   CIE1000PsecLimitActionType
}

cie1000PsecConfigPortIfIndex OBJECT-TYPE
    SYNTAX      CIE1000InterfaceIndex
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Logical interface number of the physical port."
    ::= { cie1000PsecConfigPortEntry 1 }

cie1000PsecConfigPortEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Controls whether Port Security Limit Control is enabled for this port."
    ::= { cie1000PsecConfigPortEntry 2 }

cie1000PsecConfigPortLimit OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Maximum number of MAC addresses allowed on this port.Valid values =
         [PSEC_LIMIT_MIN; PSEC_LIMIT_MAX]."
    ::= { cie1000PsecConfigPortEntry 3 }

cie1000PsecConfigPortAction OBJECT-TYPE
    SYNTAX      CIE1000PsecLimitActionType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Action to take if number of MAC addresses exceeds the limit. NONE(0) Do
         nothing, except disallowing further clients. TRAP(1) Send an SNMP trap
         notification. SHUTDOWN(2) Shut-down the port. TRAP_AND_SHUTDOWN(3) Send
         an SNMP trap notification and shut-down the port."
    ::= { cie1000PsecConfigPortEntry 4 }

cie1000PsecStatus OBJECT IDENTIFIER
    ::= { cie1000PsecMibObjects 3 }

cie1000PsecStatusPortTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CIE1000PsecStatusPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This is a table of port configuration per session"
    ::= { cie1000PsecStatus 1 }

cie1000PsecStatusPortEntry OBJECT-TYPE
    SYNTAX      CIE1000PsecStatusPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each session has a set of parameters"
    INDEX       { cie1000PsecStatusPortIfIndex }
    ::= { cie1000PsecStatusPortTable 1 }

CIE1000PsecStatusPortEntry ::= SEQUENCE {
    cie1000PsecStatusPortIfIndex       CIE1000InterfaceIndex,
    cie1000PsecStatusPortUsers         Unsigned32,
    cie1000PsecStatusPortLimitReached  TruthValue,
    cie1000PsecStatusPortShutdown      TruthValue,
    cie1000PsecStatusPortMacCount      Unsigned32
}

cie1000PsecStatusPortIfIndex OBJECT-TYPE
    SYNTAX      CIE1000InterfaceIndex
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Logical interface number of the physical port."
    ::= { cie1000PsecStatusPortEntry 1 }

cie1000PsecStatusPortUsers OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Bit masks to indicate what users currently use port security on this
         port. Where bit 0 - port security limit, bit 1 - 802.1x, bit 2 - voice
         VLAN."
    ::= { cie1000PsecStatusPortEntry 2 }

cie1000PsecStatusPortLimitReached OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "TRUE if the limit is reached on the port, FALSE otherwise."
    ::= { cie1000PsecStatusPortEntry 3 }

cie1000PsecStatusPortShutdown OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "TRUE if the port is shut down, FALSE otherwise."
    ::= { cie1000PsecStatusPortEntry 4 }

cie1000PsecStatusPortMacCount OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Number of MAC addresses currently assigned to this port. The number
         does NOT include the number of entries that are held due to a H/W
         failure or S/W failure."
    ::= { cie1000PsecStatusPortEntry 5 }

cie1000PsecStatusPortTrapsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CIE1000PsecStatusPortTrapsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This is a table of port configuration per session"
    ::= { cie1000PsecStatus 2 }

cie1000PsecStatusPortTrapsEntry OBJECT-TYPE
    SYNTAX      CIE1000PsecStatusPortTrapsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each session has a set of parameters"
    INDEX       { cie1000PsecStatusPortTrapsIfIndex }
    ::= { cie1000PsecStatusPortTrapsTable 1 }

CIE1000PsecStatusPortTrapsEntry ::= SEQUENCE {
    cie1000PsecStatusPortTrapsIfIndex       CIE1000InterfaceIndex,
    cie1000PsecStatusPortTrapsUsers         Unsigned32,
    cie1000PsecStatusPortTrapsLimitReached  TruthValue,
    cie1000PsecStatusPortTrapsShutdown      TruthValue,
    cie1000PsecStatusPortTrapsMacCount      Unsigned32
}

cie1000PsecStatusPortTrapsIfIndex OBJECT-TYPE
    SYNTAX      CIE1000InterfaceIndex
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Logical interface number of the physical port."
    ::= { cie1000PsecStatusPortTrapsEntry 1 }

cie1000PsecStatusPortTrapsUsers OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Bit masks to indicate what users currently use port security on this
         port. Where bit 0 - port security limit, bit 1 - 802.1x, bit 2 - voice
         VLAN."
    ::= { cie1000PsecStatusPortTrapsEntry 2 }

cie1000PsecStatusPortTrapsLimitReached OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "TRUE if the limit is reached on the port, FALSE otherwise."
    ::= { cie1000PsecStatusPortTrapsEntry 3 }

cie1000PsecStatusPortTrapsShutdown OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "TRUE if the port is shut down, FALSE otherwise."
    ::= { cie1000PsecStatusPortTrapsEntry 4 }

cie1000PsecStatusPortTrapsMacCount OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Number of MAC addresses currently assigned to this port. The number
         does NOT include the number of entries that are held due to a H/W
         failure or S/W failure."
    ::= { cie1000PsecStatusPortTrapsEntry 5 }

cie1000PsecControl OBJECT IDENTIFIER
    ::= { cie1000PsecMibObjects 4 }

cie1000PsecControlPortReopenTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CIE1000PsecControlPortReopenEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This is a table to re-open port and move it to ready state, if it was
         being disabled after limit was reached."
    ::= { cie1000PsecControl 1 }

cie1000PsecControlPortReopenEntry OBJECT-TYPE
    SYNTAX      CIE1000PsecControlPortReopenEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each session has a set of parameters"
    INDEX       { cie1000PsecControlPortReopenIfIndex }
    ::= { cie1000PsecControlPortReopenTable 1 }

CIE1000PsecControlPortReopenEntry ::= SEQUENCE {
    cie1000PsecControlPortReopenIfIndex     CIE1000InterfaceIndex,
    cie1000PsecControlPortReopenPortReOpen  TruthValue
}

cie1000PsecControlPortReopenIfIndex OBJECT-TYPE
    SYNTAX      CIE1000InterfaceIndex
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Logical interface number of the physical port."
    ::= { cie1000PsecControlPortReopenEntry 1 }

cie1000PsecControlPortReopenPortReOpen OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Set to true to reopen after it is shutdown"
    ::= { cie1000PsecControlPortReopenEntry 2 }

cie1000PsecStatistics OBJECT IDENTIFIER
    ::= { cie1000PsecMibObjects 5 }

cie1000PsecStatisticsPortTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF CIE1000PsecStatisticsPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This is a table of port statistics per session"
    ::= { cie1000PsecStatistics 1 }

cie1000PsecStatisticsPortEntry OBJECT-TYPE
    SYNTAX      CIE1000PsecStatisticsPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Each session has a set of parameters"
    INDEX       { cie1000PsecStatisticsPortIfIndex }
    ::= { cie1000PsecStatisticsPortTable 1 }

CIE1000PsecStatisticsPortEntry ::= SEQUENCE {
    cie1000PsecStatisticsPortIfIndex       CIE1000InterfaceIndex,
    cie1000PsecStatisticsPortAgeOrHold     CIE1000DisplayString,
    cie1000PsecStatisticsPortCreationTime  CIE1000DisplayString,
    cie1000PsecStatisticsPortState         CIE1000PsecStateType,
    cie1000PsecStatisticsPortMacId         MacAddress,
    cie1000PsecStatisticsPortVlanId        CIE1000Unsigned16
}

cie1000PsecStatisticsPortIfIndex OBJECT-TYPE
    SYNTAX      CIE1000InterfaceIndex
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "Logical interface number of the physical port."
    ::= { cie1000PsecStatisticsPortEntry 1 }

cie1000PsecStatisticsPortAgeOrHold OBJECT-TYPE
    SYNTAX      CIE1000DisplayString (SIZE(0..14))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Down-counter used in block and ageing process."
    ::= { cie1000PsecStatisticsPortEntry 5 }

cie1000PsecStatisticsPortCreationTime OBJECT-TYPE
    SYNTAX      CIE1000DisplayString (SIZE(0..24))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Time when this entry was orignally added."
    ::= { cie1000PsecStatisticsPortEntry 6 }

cie1000PsecStatisticsPortState OBJECT-TYPE
    SYNTAX      CIE1000PsecStateType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Current State of a entry, expected state can be either FORWARDING or
         BLOCKED."
    ::= { cie1000PsecStatisticsPortEntry 7 }

cie1000PsecStatisticsPortMacId OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The MAC address that this is all about."
    ::= { cie1000PsecStatisticsPortEntry 8 }

cie1000PsecStatisticsPortVlanId OBJECT-TYPE
    SYNTAX      CIE1000Unsigned16
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The VID that this is all about."
    ::= { cie1000PsecStatisticsPortEntry 9 }

cie1000PsecTrap OBJECT IDENTIFIER
    ::= { cie1000PsecMibObjects 6 }

cie1000PsecTrapLimitExceeded NOTIFICATION-TYPE
    OBJECTS     { cie1000PsecStatusPortTrapsIfIndex,
                  cie1000PsecStatusPortTrapsUsers,
                  cie1000PsecStatusPortTrapsLimitReached,
                  cie1000PsecStatusPortTrapsShutdown,
                  cie1000PsecStatusPortTrapsMacCount }
    STATUS      current
    DESCRIPTION
        "This trap signals that a row has been added. The index(es) and value(s)
         of the row is included in the trap."

    ::= { cie1000PsecTrap 1 }

cie1000PsecTrapMod NOTIFICATION-TYPE
    OBJECTS     { cie1000PsecStatusPortTrapsIfIndex,
                  cie1000PsecStatusPortTrapsUsers,
                  cie1000PsecStatusPortTrapsLimitReached,
                  cie1000PsecStatusPortTrapsShutdown,
                  cie1000PsecStatusPortTrapsMacCount }
    STATUS      current
    DESCRIPTION
        "This trap signals that one or more of the objects included in the trap
          has been updated."

    ::= { cie1000PsecTrap 2 }

cie1000PsecTrapLimitRecovered NOTIFICATION-TYPE
    OBJECTS     { cie1000PsecStatusPortTrapsIfIndex }
    STATUS      current
    DESCRIPTION
        "This trap signals that a row has been deleted. The index(es) of the
         row is included in the trap."

    ::= { cie1000PsecTrap 3 }

cie1000PsecMibConformance OBJECT IDENTIFIER
    ::= { cie1000PsecMib 2 }

cie1000PsecMibCompliances OBJECT IDENTIFIER
    ::= { cie1000PsecMibConformance 1 }

cie1000PsecMibGroups OBJECT IDENTIFIER
    ::= { cie1000PsecMibConformance 2 }

cie1000PsecConfigGlobalsInfoGroup OBJECT-GROUP
    OBJECTS     { cie1000PsecConfigGlobalsEnabled,
                  cie1000PsecConfigGlobalsEnableAging,
                  cie1000PsecConfigGlobalsAgingPeriodSecs }
    STATUS      current
    DESCRIPTION
        "A collection of objects."
    ::= { cie1000PsecMibGroups 1 }

cie1000PsecConfigPortTableInfoGroup OBJECT-GROUP
    OBJECTS     { cie1000PsecConfigPortIfIndex,
                  cie1000PsecConfigPortEnabled,
                  cie1000PsecConfigPortLimit,
                  cie1000PsecConfigPortAction }
    STATUS      current
    DESCRIPTION
        "A collection of objects."
    ::= { cie1000PsecMibGroups 2 }

cie1000PsecStatusPortTableInfoGroup OBJECT-GROUP
    OBJECTS     { cie1000PsecStatusPortIfIndex,
                  cie1000PsecStatusPortUsers,
                  cie1000PsecStatusPortLimitReached,
                  cie1000PsecStatusPortShutdown,
                  cie1000PsecStatusPortMacCount }
    STATUS      current
    DESCRIPTION
        "A collection of objects."
    ::= { cie1000PsecMibGroups 3 }

cie1000PsecStatusPortTrapsInfoGroup OBJECT-GROUP
    OBJECTS     { cie1000PsecStatusPortTrapsIfIndex,
                  cie1000PsecStatusPortTrapsUsers,
                  cie1000PsecStatusPortTrapsLimitReached,
                  cie1000PsecStatusPortTrapsShutdown,
                  cie1000PsecStatusPortTrapsMacCount }
    STATUS      current
    DESCRIPTION
        "A collection of objects."
    ::= { cie1000PsecMibGroups 4 }

cie1000PsecControlPortReopenTableInfoGroup OBJECT-GROUP
    OBJECTS     { cie1000PsecControlPortReopenIfIndex,
                  cie1000PsecControlPortReopenPortReOpen }
    STATUS      current
    DESCRIPTION
        "A collection of objects."
    ::= { cie1000PsecMibGroups 5 }

cie1000PsecStatisticsPortTableInfoGroup OBJECT-GROUP
    OBJECTS     { cie1000PsecStatisticsPortIfIndex,
                  cie1000PsecStatisticsPortAgeOrHold,
                  cie1000PsecStatisticsPortCreationTime,
                  cie1000PsecStatisticsPortState,
                  cie1000PsecStatisticsPortMacId,
                  cie1000PsecStatisticsPortVlanId }
    STATUS      current
    DESCRIPTION
        "A collection of objects."
    ::= { cie1000PsecMibGroups 6 }

cie1000PsecTrapLimitExceededInfoGroup NOTIFICATION-GROUP
    NOTIFICATIONS { cie1000PsecTrapLimitExceeded }
    STATUS      current
    DESCRIPTION
        "Information group containing a trap."
    ::= { cie1000PsecMibGroups 7 }

cie1000PsecTrapModInfoGroup NOTIFICATION-GROUP
    NOTIFICATIONS { cie1000PsecTrapMod }
    STATUS      current
    DESCRIPTION
        "Information group containing a trap."
    ::= { cie1000PsecMibGroups 8 }

cie1000PsecTrapLimitRecoveredInfoGroup NOTIFICATION-GROUP
    NOTIFICATIONS { cie1000PsecTrapLimitRecovered }
    STATUS      current
    DESCRIPTION
        "Information group containing a trap."
    ::= { cie1000PsecMibGroups 9 }

cie1000PsecMibCompliance MODULE-COMPLIANCE
    STATUS      current
    DESCRIPTION
        "The compliance statement for the implementation."

    MODULE      -- this module

    MANDATORY-GROUPS { cie1000PsecConfigGlobalsInfoGroup,
                       cie1000PsecConfigPortTableInfoGroup,
                       cie1000PsecStatusPortTableInfoGroup,
                       cie1000PsecStatusPortTrapsInfoGroup,
                       cie1000PsecControlPortReopenTableInfoGroup,
                       cie1000PsecStatisticsPortTableInfoGroup,
                       cie1000PsecTrapLimitExceededInfoGroup,
                       cie1000PsecTrapModInfoGroup,
                       cie1000PsecTrapLimitRecoveredInfoGroup }

    ::= { cie1000PsecMibCompliances 1 }

END
