-- ****************************************************************************
-- DELLEMC-OS10-PORT-SECURITY-MIB
--
--
-- Copyright (c) 2019 by Dell Inc.
-- All rights reserved.
--
-- ****************************************************************************
--

DELLEMC-OS10-PORT-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, 
    OBJECT-TYPE, 
	Unsigned32,
	Integer32						    FROM SNMPv2-SMI
	MODULE-COMPLIANCE,
    OBJECT-GROUP	                    FROM SNMPv2-CONF
	TruthValue,
	MacAddress,
    TEXTUAL-CONVENTION                  FROM SNMPv2-TC
	VlanIndex                           FROM Q-BRIDGE-MIB
	InterfaceIndex                      FROM IF-MIB
    os10                                FROM DELLEMC-OS10-SMI-MIB;

-- ****************************************************************************
-- *   MODULE IDENTITY
-- ****************************************************************************

os10PortSecurityMib MODULE-IDENTITY

       LAST-UPDATED         "201907220000Z"
       ORGANIZATION         "Dell Inc"
       CONTACT-INFO
                            "http://www.dell.com/support"
       DESCRIPTION
                "The Mib module for managing Dell Networking L2 Port Security feature."

       REVISION             "201907220000Z"    -- 22 July, 2019 
       DESCRIPTION
                "Initial version of this Mib module."
     
       ::= {os10 5}

--*****************************************************************
--Top level components of this MIB module
--******************************************************************
	   
os10PortSecurityMibObjects     OBJECT IDENTIFIER ::= 
                                    { os10PortSecurityMib 1 }

os10PortSecurityGlobalObjects        OBJECT IDENTIFIER ::= 
                                    { os10PortSecurityMibObjects 1 }

os10PortSecurityInterfaceObjects     OBJECT IDENTIFIER ::= 
                                    { os10PortSecurityMibObjects 2 }

os10PortSecurityMacObjects           OBJECT IDENTIFIER ::=
                                    { os10PortSecurityMibObjects 3 }

--
-- textual conventions
--

SecureMacAddrType ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION  
                 "Represents Secure mac address type.
                 none(0)    - Neither secure dynamic nor sticky macs
                              are flushed. 0 will be returned on GET
                              operation of os10PortSecurityGlobalClearSecureMacAddresses
                              and os10PortSecurityIfClearSecureMacAddresses MIB objects .

                 dynamic(1) - All secure MAC addresses which are 
                              learnt on the switch.

                 sticky(2) -  All secure MAC addresses which 
                              are learnt and retained across 
                              reboots. This will clear sticky MACs

                 all(3)    -  All the secure dynamic and sticky  mac addresses 
				              will be flushed."

    SYNTAX INTEGER {
        none(0),
        dynamic(1), 
        sticky(2),
        all(3)
    }

SecureMacViolationType  ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
                "Represents secure mac address violation type.
                 none (0)		
                 macLimitViolation(1)  - Secure Mac Learn Limit violation.
                 stmvViolation(2) - Station move violation."

    SYNTAX INTEGER {
        none(0),
        macLimitViolation (1),
        stmvViolation(2)
    }
 
--
-- Port Security Global Configuration Objects
--

os10PortSecurityGlobalEnable OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This object is used to enable or disable 
                      port security feature globally on the device."
        DEFVAL       { true }
        ::= { os10PortSecurityGlobalObjects 1 }

os10PortSecurityGlobalTotalSecureAddresses  OBJECT-TYPE
        SYNTAX        Integer32 (0..2147483647)
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "The total number of MAC addresses secured
                      in the device."
        ::= { os10PortSecurityGlobalObjects 2 }
		
os10PortSecurityGlobalTotalSecureDynamicAddresses  OBJECT-TYPE
        SYNTAX        Integer32 (0..2147483647)
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "The total number of secure dynamic MAC addresses
                      in the device."
        ::= { os10PortSecurityGlobalObjects 3 }
		
os10PortSecurityGlobalTotalSecureStickyAddresses  OBJECT-TYPE
        SYNTAX        Integer32 (0..2147483647)
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "The total number of secure sticky MAC addresses
                      in the device."
        ::= { os10PortSecurityGlobalObjects 4 }

os10PortSecurityGlobalTotalSecureStaticAddresses  OBJECT-TYPE
        SYNTAX        Integer32 (0..2147483647)
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "The total number of secure static MAC addresses
                      in the device."
        ::= { os10PortSecurityGlobalObjects 5 }

os10PortSecurityGlobalClearSecureMacAddresses OBJECT-TYPE
        SYNTAX        SecureMacAddrType
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This object is used to delete all the
                      secure MAC addresses in the device based on the specified
                      type."
        ::= { os10PortSecurityGlobalObjects 6 }

os10PortSecurityGlobalResetViolation OBJECT-TYPE
        SYNTAX        SecureMacViolationType
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This object is used to reset the selected violation type
		               on all port security interfaces in the device. Get request
					   of this object always returns zero as value set through this
					   object will not be stored in database"
        ::= { os10PortSecurityGlobalObjects 7}
		  
-- Port Security Interface Configuration Table
--

os10PortSecurityIfConfigTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF Os10PortSecurityIfConfigEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     
                "A table for Port Security configuration entries.  
                The number of entries is determined by the number of 
                interfaces in the system that can support the 
                port security feature." 
        ::= { os10PortSecurityInterfaceObjects 1 }

os10PortSecurityIfConfigEntry OBJECT-TYPE
        SYNTAX         Os10PortSecurityIfConfigEntry
        MAX-ACCESS     not-accessible
        STATUS         current
        DESCRIPTION     
                "Entry containing port security information for a 
                particular interface."
        INDEX           { os10PortSecurityIfIndex}
        ::= { os10PortSecurityIfConfigTable 1 }

Os10PortSecurityIfConfigEntry ::=
        SEQUENCE {
                os10PortSecurityIfIndex                      InterfaceIndex, 
                os10PortSecurityIfPortSecurityEnable         TruthValue,
                os10PortSecurityIfViolationStatus            INTEGER,
                os10PortSecurityIfSecureMacLearnLimit        Unsigned32,
                os10PortSecurityIfStationMoveEnable          TruthValue,
                os10PortSecurityIfMacViolationAction         INTEGER,
                os10PortSecurityIfStmvViolationAction        INTEGER,
                os10PortSecurityIfStickyEnable               TruthValue,
                os10PortSecurityIfClearSecureMacAddresses    SecureMacAddrType,
                os10PortSecurityIfSecureMacAgeEnable          TruthValue,
                os10PortSecurityIfTotalSecureAddresses     	  Integer32,
                os10PortSecurityIfTotalSecureDynamicAddresses Integer32,
                os10PortSecurityIfTotalSecureStickyAddresses    Integer32,
                os10PortSecurityIfTotalSecureStaticAddresses    Integer32
				}
				
os10PortSecurityIfIndex OBJECT-TYPE
        SYNTAX          InterfaceIndex
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Index to this table. 
		                 The index value used to identify the port security configurations associated with this entry"
        ::= { os10PortSecurityIfConfigEntry 1 }
		
os10PortSecurityIfPortSecurityEnable OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "This Mib object specifies if the port 
                         security feature is enabled or not on an interface.  
                         The value of this object has no effect when the value of
                         os10PortSecurityGlobalEnable is set to 'false'."
        DEFVAL       { false }
        ::= { os10PortSecurityIfConfigEntry 2 }

os10PortSecurityIfViolationStatus OBJECT-TYPE
        SYNTAX          INTEGER { 
                        normal(1),
                        macLearnLimitErrDisable(2),
                        stationMoveErrDisable(3)
                        }                   
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     "This object represents the port security
                         status of an interface.

                        normal(1) - This indicates port is operating normally
                                     without any violation.

                        macLearnLimitErrDisable(2) - This indicates that the port
                                     is shutdown due to mac learn
                                     limit violation when the object 
                                     os10PortSecurityIfMacViolationAction
                                     is of type 'shutdown'.
 
                        stationMoveErrDisable(3) - This indicates that the port
                                     is shutdown due to station move violation 
                                     when the object
                                     os10PortSecurityIfStmvViolationAction
                                     is of type 'shutdownOrig' or 
                                     'shutdownOffending' or 'shutdownBoth'."
                                     
        ::= { os10PortSecurityIfConfigEntry 3 }

os10PortSecurityIfSecureMacLearnLimit  OBJECT-TYPE
        SYNTAX        Unsigned32 (0..4294967295)
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "The maximum  number of MAC addresses to be secured on the interface.
                       User can secure a minimum of one and maximum of 3072 mac addresses on a port. 
                       i.e set operation is allowed only with in range 1-3072.
                       If the newly configured mac learning limit value is smaller than already
                       learnt secure MAC addresses, then all the secure MAC addresses learnt so far
                       (secure sticky or secure dynamic) will be flushed. In case, total 
                       number of secure static mac addresses (configured) count is 
                       greater than newly specified mac learn limit, configuration 
                       will be rejected. Administrator has to delete the extra secure 
                       static addresses or mac learn limit should be modified to accomodate 
                       existing secure static mac addresses. User can remove the mac learing limit 
                       restriction by setting value 4294967295."
       DEFVAL         { 1 }

        ::= { os10PortSecurityIfConfigEntry 4 }

os10PortSecurityIfStationMoveEnable  OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This object is used to enable or disable
                      station movement on the dynamically secured
                      mac addresses learnt on the interface.
                      By default, this is set to false. It is not possible to enable
                      the station movement on a port with sticky feature enabled"
        DEFVAL       { false }
        ::= { os10PortSecurityIfConfigEntry 5 }

os10PortSecurityIfMacViolationAction OBJECT-TYPE
        SYNTAX        INTEGER {
                      drop(1),
                      dropAndNotify(2),
                      shutdown(3),
                      forward(4)
                      }
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "Determines the action to be taken when
                       mac limit violation occurs in the system.

                        drop(1) - No further MAC learning is allowed on the interface.
                                  Packets received with a source MAC address which is not in
                                  the secured MAC address list will be dropped.

                        dropAndNotify(2) - No further MAC learning is allowed on the interface
                                           and a syslog message or an event is emitted to notify 
                                           about port security violation.

                        shutdown(3) - The interface will be shut down.

                        forward(4) -  No further MAC learning is allowed on the interface.
                                    Packets received with a source MAC address which is not
                                    in the secured MAC address list will be flooded or forwarded." 
        DEFVAL        { dropAndNotify }

        ::= { os10PortSecurityIfConfigEntry 6 }

os10PortSecurityIfStmvViolationAction  OBJECT-TYPE
        SYNTAX        INTEGER {
                      drop(1),
                      dropAndNotify(2),
                      shutdownOrigPort(3),
                      shutDownOffendingPort(4),
                      shutdownBoth(5)
                      }
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "Determines the action to be taken when
                       a secure dynamic mac address move violation occurs
					   in the system. 

                        drop(1)     - The MAC address that triggered the violation
                                      shall not be learned on the new port (offending port).
                                      The packets that triggered the violation shall be dropped.

                        dropAndNotify(2)   - Raises a syslog to notify about
                                      station movement violation. The log
                                      will contain MAC causing violation,
                                      vlanId, original interface name
                                      and offending interface name.

                        shutdownOrigPort(3) - The original interface on which
                                              MAC is learnt will be shutdown.

                        shutdownOffendigPort(4) - The offending interface causing 
                                                  station move will be shutdown.
                        
                        shutdowBoth(5) - Both the original and offending interfaces
                                         will be shutdown."
        DEFVAL        { dropAndNotify }
        ::= { os10PortSecurityIfConfigEntry 7 }

os10PortSecurityIfStickyEnable  OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "Set to 'true' to enable and 'false' to disable Sticky port security feature
                       on this interface.  Enabling this feature allows the 
                       device to secure learnt MAC addresses on this interface permanently. 
                       In order to remove the sticky addresses on this interface, user has to 
                       manually delete the sticky MAC address(es) or disable the sticky feature itself. 
                       Manual deletion of all addresses can be accomplished by 
                       os10PortSecurityIfClearSecureMacAddresses object.
                       It is possible to enable sticky feature on a port only if mac learning limit restriction 
                       is enabled with os10PortSecurityIfSecureMacLearnLimit."
       DEFVAL         { false }

        ::= { os10PortSecurityIfConfigEntry 8 }

os10PortSecurityIfClearSecureMacAddresses  OBJECT-TYPE
        SYNTAX        SecureMacAddrType
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This object is used to delete
                      secure MAC addresses based on the specified
                      type."
        ::= { os10PortSecurityIfConfigEntry 9 }
os10PortSecurityIfSecureMacAgeEnable  OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This object is used to enable aging of 
                       the dynamically secured mac addresses learnt 
                       on the interface. Sticky and static macs will 
                       never age out. It is not possible to enable aging
                       on a port on which sticky feature is enabled.
                       By default, this is set to false."
        DEFVAL       { false }
        ::= { os10PortSecurityIfConfigEntry 10 }
		
os10PortSecurityIfTotalSecureAddresses  OBJECT-TYPE
        SYNTAX        Integer32 (0..2147483647)
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "The total number of secured MAC addresses learnt (dynamic or stickt) 
		               or configured (static) on a particular interface."
        ::= { os10PortSecurityIfConfigEntry 11 }
		
os10PortSecurityIfTotalSecureDynamicAddresses  OBJECT-TYPE
        SYNTAX        Integer32 (0..2147483647)
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "The total number of secure dynamic MAC addresses learnt on a particular
                       interface."
        ::= { os10PortSecurityIfConfigEntry 12 }
		
os10PortSecurityIfTotalSecureStickyAddresses  OBJECT-TYPE
        SYNTAX        Integer32 (0..2147483647)
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "The total number of secure sticky MAC addresses learnt on a particular
                      interface."
        ::= { os10PortSecurityIfConfigEntry 13 }

os10PortSecurityIfTotalSecureStaticAddresses  OBJECT-TYPE
        SYNTAX        Integer32 (0..2147483647)
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "The total number of secure static MAC addresses configured on a particular
                      interface."
        ::= { os10PortSecurityIfConfigEntry 14}
		
-- Displaying Port Security Secure MAC Address Table

os10PortSecuritySecureMacAddrTable OBJECT-TYPE
        SYNTAX        SEQUENCE OF Os10PortSecuritySecureMacAddrEntry
        MAX-ACCESS    not-accessible
        STATUS        current 
        DESCRIPTION   "A table containing the list of
                      secure MAC addresses."
       ::= { os10PortSecurityMacObjects 1 }

os10PortSecuritySecureMacAddrEntry OBJECT-TYPE
        SYNTAX        Os10PortSecuritySecureMacAddrEntry
        MAX-ACCESS    not-accessible
        STATUS        current 
        DESCRIPTION   "Entry containing secure MAC address 
                      information for a particular interface."
        INDEX         {os10PortSecuritySecureMacVlanId,
					   os10PortSecuritySecureMacAddress
					  }
        ::= { os10PortSecuritySecureMacAddrTable 1 }

Os10PortSecuritySecureMacAddrEntry ::=
        SEQUENCE {
                os10PortSecuritySecureMacVlanId              VlanIndex,
                os10PortSecuritySecureMacAddress             MacAddress,
                os10PortSecuritySecureMacIfIndex             InterfaceIndex,
                os10PortSecuritySecureMacAddrType            INTEGER
        }


os10PortSecuritySecureMacVlanId    OBJECT-TYPE
        SYNTAX          VlanIndex
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "This is the vlan on which the
                         os10PortSecuritySecureMacAddress is
                         configured or learnt."
        ::= { os10PortSecuritySecureMacAddrEntry 1 }

os10PortSecuritySecureMacAddress OBJECT-TYPE
        SYNTAX          MacAddress
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "This is a secure MAC
                        address configured or learnt on an
                        interface."
        ::= { os10PortSecuritySecureMacAddrEntry 2 }

os10PortSecuritySecureMacIfIndex    OBJECT-TYPE
        SYNTAX          InterfaceIndex
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     "This is the interface on which the
                         os10PortSecuritySecureMacAddress is
                         configured or learnt."
        ::= { os10PortSecuritySecureMacAddrEntry 3 }

os10PortSecuritySecureMacAddrType  OBJECT-TYPE
        SYNTAX          INTEGER { static(1),
				  dynamic(2),
				  sticky(3)
				}
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     "This object indicates if the secure MAC address
                        is a configured 'static' or learnt 'dynamic' or
                        learnt and retained across reboots 'sticky'."
        ::= { os10PortSecuritySecureMacAddrEntry 4 }

-- ****************************************************************************
-- Conformance Information
-- ****************************************************************************

os10PortSecurityMibConformance     OBJECT IDENTIFIER
       ::= { os10PortSecurityMib 2}

os10PortSecurityCompliances     OBJECT IDENTIFIER
       ::= { os10PortSecurityMibConformance 1 }

os10PortSecurityGroups          OBJECT IDENTIFIER
       ::= { os10PortSecurityMibConformance 2 }


-- ****************************************************************************
-- * Compliance Statements
-- ****************************************************************************

os10PortSecurityMibConform   MODULE-COMPLIANCE
       STATUS                   current
       DESCRIPTION
              "The compliance statement for the Dell Networking OS Port Security Mib."
       MODULE
       MANDATORY-GROUPS {
                     os10PortSecurityGlobalGroup, 
                     os10PortSecurityInterfaceGroup,
                     os10PortSecuritySecureMacAddrGroup
              }
       ::= { os10PortSecurityCompliances 1}



-- ****************************************************************************
-- Units of Conformance
-- ****************************************************************************

os10PortSecurityGlobalGroup   OBJECT-GROUP
        OBJECTS {
                os10PortSecurityGlobalEnable,
                os10PortSecurityGlobalTotalSecureAddresses,
                os10PortSecurityGlobalTotalSecureDynamicAddresses,
                os10PortSecurityGlobalTotalSecureStickyAddresses,
                os10PortSecurityGlobalTotalSecureStaticAddresses,
                os10PortSecurityGlobalClearSecureMacAddresses,
                os10PortSecurityGlobalResetViolation
               }
        STATUS current
        DESCRIPTION
                "A set of global objects for use with the Port
                Security feature."
        ::= { os10PortSecurityGroups 1}
		
os10PortSecurityInterfaceGroup   OBJECT-GROUP
        OBJECTS {
				os10PortSecurityIfPortSecurityEnable,  
                os10PortSecurityIfViolationStatus,
                os10PortSecurityIfSecureMacLearnLimit,
                os10PortSecurityIfStationMoveEnable,
                os10PortSecurityIfMacViolationAction,
                os10PortSecurityIfStmvViolationAction,
                os10PortSecurityIfStickyEnable,
                os10PortSecurityIfSecureMacAgeEnable,
				os10PortSecurityIfTotalSecureAddresses,
                os10PortSecurityIfTotalSecureDynamicAddresses,
                os10PortSecurityIfTotalSecureStickyAddresses,
                os10PortSecurityIfTotalSecureStaticAddresses,
                os10PortSecurityIfClearSecureMacAddresses
	            }
        STATUS current
        DESCRIPTION
                "A set of interface level objects for use with the Port
                Security feature."
        ::= { os10PortSecurityGroups 2}
		
os10PortSecuritySecureMacAddrGroup  OBJECT-GROUP
        OBJECTS {
                os10PortSecuritySecureMacIfIndex,		 
                os10PortSecuritySecureMacAddrType         
                }
        STATUS current
        DESCRIPTION
                "Static secure MAC addresss
                 configuration parameters on an interface."
        ::= { os10PortSecurityGroups 3 }

END
