ELTEX-MES-BRIDGE-SECURITY DEFINITIONS ::= BEGIN

-- Version:    2.2
-- Date:       3-Jul-2017

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE,
    Unsigned32, IpAddress, Counter32,
    NOTIFICATION-TYPE                               FROM SNMPv2-SMI
    InterfaceIndex, ifIndex                         FROM IF-MIB
    RowStatus, TEXTUAL-CONVENTION, MacAddress,
    DisplayString, TruthValue                       FROM SNMPv2-TC
    VlanId                                          FROM Q-BRIDGE-MIB
    eltMes, eltMesBridgeSecurity                    FROM ELTEX-MES
    rndErrorDesc, rndErrorSeverity                  FROM RADLAN-DEVICEPARAMS-MIB
    rlIpDhcpSnoopVLANTag,
    rlIpSourceGuardPortEntry,
    rlIpDhcpSnoopMACAddress                         FROM RADLAN-BRIDGE-SECURITY
    VlanList1, VlanList2, VlanList3, VlanList4      FROM RADLAN-BRIDGEMIBOBJECTS-MIB;

eltMesBridgeSecurityNotifications OBJECT IDENTIFIER ::= { eltMesBridgeSecurity 0 }

eltMesIpDhcpSnoop                 OBJECT IDENTIFIER ::= { eltMesBridgeSecurity 1 }

eltMesPppoeIa                     OBJECT IDENTIFIER ::= { eltMesBridgeSecurity 6 }

eltMesIpDhcpSnoopNotif            OBJECT IDENTIFIER ::= { eltMesIpDhcpSnoop 0}

eltMesIpSourceGuard               OBJECT IDENTIFIER ::= { eltMesBridgeSecurity 8 }

eltMesIpArpInspect                OBJECT IDENTIFIER ::= { eltMesBridgeSecurity 7 }

--
-- Common types
--

EltCircuitIdType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "Curcuit-ID suboption of Option 82."
   SYNTAX DisplayString(SIZE(0..63))

EltRemoteIdType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "Remote-ID suboption of Option 82."
   SYNTAX DisplayString(SIZE(0..63))

EltOpt82CombinationType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION    "Specifies circuit id suboption that will be inserted to a option 82."
    SYNTAX INTEGER{
       sp(1),
       sv(2),
       pv(3),
       spv(4),
       bin(5),
       user-defined(6)
    }

EltOpt82CombinationInterfaceType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION    "Specifies circuit id suboption that will be inserted to a option 82 on interface."
    SYNTAX INTEGER{
       sp(1),
       sv(2),
       pv(3),
       spv(4),
       bin(5),
       user-defined(6),
       global(7)
    }

EltOpt82DelimiterType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION    "Specifies circuit id suboption that will be inserted to a option 82."
    SYNTAX INTEGER{
       tr101(1),
       dot(2),
       comma(3),
       semicolon(4),
       hash(5),
       slash(6),
       space(7)
    }

EltOpt82SuboptionType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION    "Specifies global format of option 82 suboptions."
    SYNTAX INTEGER{
       tr101(1),
       custom(2)
    }

EltOpt82SuboptionInterfaceType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION    "Specifies per IfIndex format of option 82 suboptions."
    SYNTAX INTEGER{
       tr101(1),
       custom(2),
       global(3)
    }

EltOpt82PortInsertionType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION    "Specifies per IfIndex a DHCP option 82 insertion enable state."
    SYNTAX INTEGER{
       global(1),
       enable(2),
       disable(3)
    }

EltDHCPSnoopRateLimitType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "DHCP Snooping limit rate type. 0 means rate limit is disabled."
   SYNTAX INTEGER(0..2048)

EltDHCPSnoopClientLimitType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "DHCP Snooping limit client type. 0 means client limit is disabled."
   SYNTAX INTEGER(0..2048)

--
-- DHCP Option 82
--

--
-- Scalars
--

eltIpDhcpOpt82AccessNodeIdentifier OBJECT-TYPE
    SYNTAX DisplayString(SIZE(0..48))
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies an access node identifier used by PPPoE IA."
    ::= { eltMesIpDhcpSnoop 14 }

eltIpDhcpOpt82CircuitIdSuboptionsCombination OBJECT-TYPE
    SYNTAX EltOpt82CombinationType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies circuit id suboption that will be inserted to a PPPoED client packet."
    ::= { eltMesIpDhcpSnoop 15 }

eltIpDhcpOpt82CircuitIdSuboptionsDelimeter OBJECT-TYPE
    SYNTAX EltOpt82DelimiterType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies a char symbol that will delimit circuit id suboption."
    ::= { eltMesIpDhcpSnoop 16 }

eltIpDhcpOpt82SuboptionType OBJECT-TYPE
    SYNTAX EltOpt82SuboptionType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies global format of option 82 suboptions."
    ::= { eltMesIpDhcpSnoop 18 }

eltIpDhcpOpt82RemoteIdentifier OBJECT-TYPE
    SYNTAX     DisplayString(SIZE(0..128))
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION       "Specifies global Remote Identifier suboption template for Option 82."
    ::= { eltMesIpDhcpSnoop 19 }

--
--  eltIpDhcpOpt82PortTable
--

eltIpDhcpOpt82PortTable  OBJECT-TYPE
    SYNTAX  SEQUENCE OF EltIpDhcpOpt82PortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION      "A DHCP interface configuration table."
    ::= { eltMesIpDhcpSnoop 17 }

eltIpDhcpOpt82PortEntry OBJECT-TYPE
   SYNTAX      EltIpDhcpOpt82PortEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "A DHCP interface configuration entry."
   INDEX {ifIndex}
::= { eltIpDhcpOpt82PortTable 1 }

EltIpDhcpOpt82PortEntry ::= SEQUENCE {
   eltIpDhcpOpt82PortCircuitId                              EltCircuitIdType,
   eltIpDhcpOpt82PortRemoteId                               EltRemoteIdType,
   eltIpDhcpOpt82PortRowStatus                              RowStatus,
   eltIpDhcpOpt82PortAccessNodeIdentifier                   DisplayString,
   eltIpDhcpOpt82PortCircuitIdSuboptionsCombination         EltOpt82CombinationInterfaceType,
   eltIpDhcpOpt82PortCircuitIdSuboptionsDelimeter           EltOpt82DelimiterType,
   eltIpDhcpOpt82PortSuboptionType                          EltOpt82SuboptionInterfaceType,
   eltIpDhcpOpt82PortCircuitIdSuboptionsUserDefinedTemplate OCTET STRING,
   eltIpDhcpOpt82PortInsertion                              EltOpt82PortInsertionType
}

eltIpDhcpOpt82PortCircuitId OBJECT-TYPE
    SYNTAX      EltCircuitIdType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "A DHCP interface entry curcuit id"
    ::= { eltIpDhcpOpt82PortEntry 2 }

eltIpDhcpOpt82PortRemoteId OBJECT-TYPE
    SYNTAX      EltRemoteIdType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "A DHCP interface entry remote id"
    ::= { eltIpDhcpOpt82PortEntry 3 }

eltIpDhcpOpt82PortRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Session row status."
    ::= { eltIpDhcpOpt82PortEntry 4 }

eltIpDhcpOpt82PortAccessNodeIdentifier OBJECT-TYPE
    SYNTAX     DisplayString(SIZE(0..128))
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION       "Specifies per ifIndex an access node identifier."
    ::= { eltIpDhcpOpt82PortEntry 5 }

eltIpDhcpOpt82PortCircuitIdSuboptionsCombination OBJECT-TYPE
    SYNTAX EltOpt82CombinationInterfaceType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies per ifIndex circuit id suboption that will be inserted."
    DEFVAL{ 4 }
    ::= { eltIpDhcpOpt82PortEntry 6 }

eltIpDhcpOpt82PortCircuitIdSuboptionsDelimeter OBJECT-TYPE
    SYNTAX EltOpt82DelimiterType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies per ifIndex a char symbol that will delimit circuit id suboption."
    ::= { eltIpDhcpOpt82PortEntry 7 }

eltIpDhcpOpt82PortSuboptionType OBJECT-TYPE
    SYNTAX EltOpt82SuboptionInterfaceType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies per ifIndex format of option 82 suboptions."
    ::= { eltIpDhcpOpt82PortEntry 8 }

eltIpDhcpOpt82PortCircuitIdSuboptionsUserDefinedTemplate OBJECT-TYPE
    SYNTAX OCTET STRING (SIZE (0..128))
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "An octet string template per ifIndex for user-defined format of
        circuit id suboption that will be inserted to packet."
    ::= { eltIpDhcpOpt82PortEntry 9 }
    
eltIpDhcpOpt82PortInsertion OBJECT-TYPE
    SYNTAX      EltOpt82PortInsertionType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Specifies per IfIndex a DHCP option 82 insertion enable state."
    DEFVAL { global }
    ::= { eltIpDhcpOpt82PortEntry 10 }
    
--
-- DHCP Snooping port configuration table
--

eltIpDhcpSnoopPortTable  OBJECT-TYPE
    SYNTAX  SEQUENCE OF EltIpDhcpSnoopPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION      "A DHCP Snooping Client Limiting configuration table on L2 interfaces."
    ::= { eltMesIpDhcpSnoop 20 }

eltIpDhcpSnoopPortEntry OBJECT-TYPE
   SYNTAX      EltIpDhcpSnoopPortEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "A DHCP interface configuration entry."
   INDEX {ifIndex}
::= { eltIpDhcpSnoopPortTable 1 }

EltIpDhcpSnoopPortEntry ::= SEQUENCE {
   eltIpDhcpSnoopPortRateLimit                          EltDHCPSnoopRateLimitType,
   eltIpDhcpSnoopPortRowStatus                          RowStatus,
   eltIpDhcpSnoopPortClientsLimit                       EltDHCPSnoopClientLimitType,
   eltIpDhcpSnoopPortEnabled                            TruthValue
}


eltIpDhcpSnoopPortRateLimit OBJECT-TYPE
    SYNTAX      EltDHCPSnoopRateLimitType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "A DHCP Snooping Limit Rate."
    DEFVAL{ 0 }
    ::= { eltIpDhcpSnoopPortEntry 2 }

eltIpDhcpSnoopPortRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Session row status."
    ::= { eltIpDhcpSnoopPortEntry 3 }

eltIpDhcpSnoopPortClientsLimit OBJECT-TYPE
    SYNTAX      EltDHCPSnoopClientLimitType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "A DHCP Snooping Limit of number of clients."
    DEFVAL{ 0 }
    ::= { eltIpDhcpSnoopPortEntry 4 }

eltIpDhcpSnoopPortEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Indicate status of DHCP snooping per port."
    DEFVAL{ false }
    ::= { eltIpDhcpSnoopPortEntry 5 }

--
-- DHCP Option 82 UserDefined
--

eltIpDhcpOpt82CircuitIdSuboptionsUserDefinedTemplate OBJECT-TYPE
    SYNTAX OCTET STRING (SIZE (0..128))
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "An octet string template for user-defined format of
        circuit id suboption that will be inserted to packet."
    ::= { eltMesIpDhcpSnoop 21 }

--
-- DHCP Snooping enable trap scalars
--

eltIpDhcpSnoopClientsLimitNotificationsEnabled OBJECT-TYPE
     SYNTAX          TruthValue
     MAX-ACCESS      read-write
     STATUS          current
     DESCRIPTION
         "Specifies whether eltIpDhcpSnoopClientLimitTrap notifications
          will or will not be sent when number of clients reached
          configured limit on interface.

          Setting this object to false(2) will not send the
          eltIpDhcpSnoopClientLimitTrap notifications.

          Setting this object to true(1) will send the
          eltIpDhcpSnoopClientLimitTrap notifications."
    DEFVAL { true }
    ::= { eltMesIpDhcpSnoop 23 }
    
--
-- DHCP Snooping action by link down on port
--

eltIpDhcpSnoopDynamicEntriesPortDownAction OBJECT-TYPE
     SYNTAX INTEGER  {
		retain(1),
		clear(2)
	 }
     MAX-ACCESS      read-write
     STATUS          current
     DESCRIPTION
         "The action that is applied for DHCP Snooping dynamic entries
          when a link down event occurred on the client's port."
    DEFVAL { retain }
    ::= { eltMesIpDhcpSnoop 24 } 

eltIpDhcpSnoopMacVerificationFailedNotificationsEnabled OBJECT-TYPE
     SYNTAX          TruthValue
     MAX-ACCESS      read-write
     STATUS          current
     DESCRIPTION
         "Specifies whether eltIpDhcpSnoopMacVerificationFailedTrap notifications
          will or will not be sent when MAC address in ethernet header differ from the DHCP header.

          Setting this object to false(2) will not send the
          eltIpDhcpSnoopMacVerificationFailedTrap notifications.

          Setting this object to true(1) will send the
          eltIpDhcpSnoopMacVerificationFailedTrap notifications."
    DEFVAL { false }
    ::= { eltMesIpDhcpSnoop 25 }

--
-- PPPoE Intermediate Agent
--

eltPppoeIaEnable OBJECT-TYPE
    SYNTAX INTEGER{
       enable(1),
       disable(2)
    }
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION       "Specifies a system PPPoE Intermediate Agent enable state."
   ::= { eltMesPppoeIa 1 }

eltPppoeIaAccessNodeIdentifier OBJECT-TYPE
   SYNTAX DisplayString(SIZE(1..48))
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION       "Specifies an access node identifier used by PPPoE IA."
   ::= { eltMesPppoeIa 2 }

eltPppoeIaCircuitIdSuboptionsCombination OBJECT-TYPE
    SYNTAX EltOpt82CombinationType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies circuit id suboption that will be inserted to a PPPoED client packet."
    ::= { eltMesPppoeIa 3 }

eltPppoeIaCircuitIdSuboptionsDelimeter OBJECT-TYPE
    SYNTAX EltOpt82DelimiterType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies a char symbol that will delimit circuit id suboption."
    ::= { eltMesPppoeIa 4 }

eltPppoeIaGenericErrorMessage OBJECT-TYPE
   SYNTAX DisplayString(SIZE(1..128))
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION       "Specifies a generic error message sent to client if packet is too large."
   ::= { eltMesPppoeIa 5 }

--
-- PPPoE Intermediate Agent configuration interface table
--
eltPppoeIaPortTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF EltPppoeIaPortEntry
  MAX-ACCESS  not-accessible
  STATUS      current
  DESCRIPTION      "A PPPoE Intermediate Agent interface table."
  ::= { eltMesPppoeIa 6 }

eltPppoeIaPortEntry OBJECT-TYPE
   SYNTAX      EltPppoeIaPortEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "A PPPoE Intermediate Agent interface entry."
   INDEX {ifIndex}
::= { eltPppoeIaPortTable 1 }

EltPppoeIaPortEntry ::= SEQUENCE {
   eltPppoeIaPortEnabled                            TruthValue,
   eltPppoeIaPortTrusted                            TruthValue,
   eltPppoeIaPortCircuitId                          EltCircuitIdType,
   eltPppoeIaPortRemoteId                           EltRemoteIdType,
   eltPppoeIaPortStripVendorTag                     TruthValue,
   eltPppoeIaPortStatsRxPADI                        Counter32,
   eltPppoeIaPortStatsRxPADO                        Counter32,
   eltPppoeIaPortStatsRxPADR                        Counter32,
   eltPppoeIaPortStatsRxPADS                        Counter32,
   eltPppoeIaPortStatsRxPADT                        Counter32,
   eltPppoeIaPortStatsTxGenError                    Counter32,
   eltPppoeIaPortStatsDroppedResponseFromUntrusted  Counter32,
   eltPppoeIaPortStatsDroppedRequestToUntrusted     Counter32,
   eltPppoeIaPortStatsDroppedMalformed              Counter32,
   eltPppoeIaPortStatsClearCountersAction           TruthValue,
   eltPppoeIaPortRowStatus                          RowStatus
}

eltPppoeIaPortEnabled OBJECT-TYPE
  SYNTAX        TruthValue
  MAX-ACCESS    read-write
  STATUS        current
  DESCRIPTION
    "A PPPoE Intermediate Agent interface entry enabled state."
  ::= { eltPppoeIaPortEntry 2 }

eltPppoeIaPortTrusted OBJECT-TYPE
  SYNTAX        TruthValue
  MAX-ACCESS    read-write
  STATUS        current
  DESCRIPTION
    "A PPPoE Intermediate Agent interface entry trusted state."
  ::= { eltPppoeIaPortEntry 3 }

eltPppoeIaPortCircuitId OBJECT-TYPE
    SYNTAX      EltCircuitIdType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
      "A PPPoE Intermediate Agent interface entry curcuit id."
    ::= { eltPppoeIaPortEntry 4 }

eltPppoeIaPortRemoteId OBJECT-TYPE
  SYNTAX        EltRemoteIdType
  MAX-ACCESS    read-write
  STATUS        current
  DESCRIPTION
    "A PPPoE Intermediate Agent interface entry remote id."
  ::= { eltPppoeIaPortEntry 5 }

eltPppoeIaPortStripVendorTag OBJECT-TYPE
  SYNTAX        TruthValue
  MAX-ACCESS    read-write
  STATUS        current
  DESCRIPTION
    "A PPPoE Intermediate Agent interface entry enable stripping vendor tag."
  ::= { eltPppoeIaPortEntry 6 }

eltPppoeIaPortStatsRxPADI OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of received PADI packets."
    ::= { eltPppoeIaPortEntry 7 }

eltPppoeIaPortStatsRxPADO OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of received PADO packets."
    ::= { eltPppoeIaPortEntry 8 }

eltPppoeIaPortStatsRxPADR OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of received PADR packets."
    ::= { eltPppoeIaPortEntry 9 }

eltPppoeIaPortStatsRxPADS OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of received PADS packets."
    ::= { eltPppoeIaPortEntry 10 }

eltPppoeIaPortStatsRxPADT OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of received PADT packets."
    ::= { eltPppoeIaPortEntry 11 }

eltPppoeIaPortStatsTxGenError OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of transmitted PPPoED generic error messages."
    ::= { eltPppoeIaPortEntry 12 }

eltPppoeIaPortStatsDroppedResponseFromUntrusted OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of dropped server PPPoED packets from untrusted ports."
    ::= { eltPppoeIaPortEntry 13 }

eltPppoeIaPortStatsDroppedRequestToUntrusted OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of dropped client PPPoED packets from trusted ports."
    ::= { eltPppoeIaPortEntry 14 }

eltPppoeIaPortStatsDroppedMalformed OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Total number of dropped malformed PPPoED packets."
    ::= { eltPppoeIaPortEntry 15 }

eltPppoeIaPortStatsClearCountersAction OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If true, clear (set to zero) all PPPoE Intermediate Agent interface counters."
    DEFVAL{ false }
    ::= { eltPppoeIaPortEntry 16 }

eltPppoeIaPortRowStatus OBJECT-TYPE
  SYNTAX        RowStatus
  MAX-ACCESS    read-write
  STATUS        current
  DESCRIPTION
    "A PPPoE Intermediate Agent interface entry row status."
  ::= { eltPppoeIaPortEntry 17 }

--
-- PPPoE Intermediate Agent clear all statistics
--
eltPppoeIaClearCountersAction OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "If true, clear (set to zero) counters on all ports."
    DEFVAL{ false }
    ::= { eltMesPppoeIa 7 }

--
-- PPPoE Intermediate Agent sessions table
--

EltPppoeIaSessionIDType  ::= TEXTUAL-CONVENTION
   STATUS current
   DESCRIPTION    "PPPoE Intermediate Agent session ID type."
   SYNTAX INTEGER(0..65535)

eltPppoeIaSessionTable  OBJECT-TYPE
  SYNTAX  SEQUENCE OF EltPppoeIaSessionEntry
  MAX-ACCESS  not-accessible
  STATUS      current
  DESCRIPTION      "A PPPoE Intermediate Agent sessions table."
  ::= { eltMesPppoeIa 8 }

eltPppoeIaSessionEntry OBJECT-TYPE
   SYNTAX      EltPppoeIaSessionEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "A PPPoE Intermediate Agent session entry."
   INDEX { eltPppoeIaSessionVLANTag, eltPppoeIaSessionMACAddress }
::= { eltPppoeIaSessionTable 1 }

EltPppoeIaSessionEntry ::= SEQUENCE {
   eltPppoeIaSessionVLANTag          VlanId,
   eltPppoeIaSessionMACAddress       MacAddress,
   eltPppoeIaSessionPort             InterfaceIndex,
   eltPppoeIaSessionID               EltPppoeIaSessionIDType,
   eltPppoeIaSessionTimer            Unsigned32,
   eltPppoeIaSessionRowStatus        RowStatus
}

eltPppoeIaSessionVLANTag OBJECT-TYPE
    SYNTAX      VlanId
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Session VLAN ID."
    ::= { eltPppoeIaSessionEntry 1 }

eltPppoeIaSessionMACAddress OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Session MAC address."
    ::= { eltPppoeIaSessionEntry 2 }

eltPppoeIaSessionPort OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Session interface index."
    ::= { eltPppoeIaSessionEntry 3 }

eltPppoeIaSessionID OBJECT-TYPE
    SYNTAX      EltPppoeIaSessionIDType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Session ID."
    ::= { eltPppoeIaSessionEntry 4 }

eltPppoeIaSessionTimer OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Session timer."
    ::= { eltPppoeIaSessionEntry 5 }

eltPppoeIaSessionRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Session row status."
    ::= { eltPppoeIaSessionEntry 6 }

--
-- PPPoE Intermediate Agent clear sessions
--
eltPppoeIaClearSessionsAction OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "The MAC address of PPPoE session that need to be deleted (set to 00:00:00:00:00:00 to clear all sessions)."
    ::= { eltMesPppoeIa 9 }
    
--
-- PPPoE Intermediate Agent session timeout
--
eltPppoeIaSessionTimeout OBJECT-TYPE
    SYNTAX      INTEGER(0..600)
    MAX-ACCESS  read-write
    STATUS      current
    DEFVAL     { 300 }
    DESCRIPTION
        "The PPPoE session timeout in seconds (set to zero to disable timeout)."
    ::= { eltMesPppoeIa 10 }

--
-- PPPoE Intermediate Agent Option 82 UserDefined
--
eltPppoeIaCircuitIdSuboptionsUserDefinedTemplate OBJECT-TYPE
    SYNTAX OCTET STRING (SIZE (0..128))
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "An octet string template for user-defined format of
        circuit id suboption that will be inserted to packet."
    ::= { eltMesPppoeIa 11 }

--
-- PPPoE Intermediate Agent Option 82 Remote-ID
--
eltPppoeIaRemoteIdSuboptionsTemplate OBJECT-TYPE
    SYNTAX     DisplayString (SIZE (1..128))
    MAX-ACCESS read-write
    STATUS     current
    DEFVAL     { "%M" }
    DESCRIPTION
        "An octet string template for remote id suboption that will be inserted
        to packet."
    ::= { eltMesPppoeIa 12 }

--
-- Notifications
--

eltIpDhcpSnoopClientLimitTrap NOTIFICATION-TYPE
    OBJECTS {
        ifIndex,
        eltIpDhcpSnoopPortClientsLimit,
        rndErrorDesc
    }
    STATUS current
    DESCRIPTION
        "A eltIpDhcpSnoopClientLimitTrap is generated when number of
         clients reached configured limit on interface."
    ::= { eltMesIpDhcpSnoopNotif 2 }

eltIpDhcpSnoopMacVerificationFailedTrap NOTIFICATION-TYPE
    OBJECTS {
        ifIndex,
        rlIpDhcpSnoopVLANTag,
        rlIpDhcpSnoopMACAddress,
        rndErrorDesc
    }
    STATUS current
    DESCRIPTION
        "A eltIpDhcpSnoopMacVerificationFailedTrap is genered when
         MAC address in Ether-header differ from the DHCP-header."
    ::= { eltMesIpDhcpSnoopNotif 3 }
--
-- DHCPv6 LDRA/RelayAgent options
--

eltMesIpv6DhcpRelayAgent OBJECT IDENTIFIER ::= { eltMesBridgeSecurity  5 }
eltMesIpv6DhcpRelayAgentOpt OBJECT IDENTIFIER ::= { eltMesIpv6DhcpRelayAgent  1}

eltIpv6DhcpRelayAgentOptRemoteIdentifier OBJECT-TYPE
    SYNTAX DisplayString(SIZE(1..63))
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies global Remote Identifier (Option 37)."
    ::= { eltMesIpv6DhcpRelayAgentOpt 1 }

eltIpv6DhcpRelayAgentOptPortTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF EltIpv6DhcpRelayAgentOptPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION      "A DHCPv6 interface configuration table."
    ::= { eltMesIpv6DhcpRelayAgentOpt 2 }

eltIpv6DhcpRelayAgentOptInterfaceIdentifier OBJECT-TYPE
    SYNTAX DisplayString(SIZE(1..63))
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION       "Specifies global Interface Identifier (Option 18)."
    ::= { eltMesIpv6DhcpRelayAgentOpt 3 }
    
eltIpv6DhcpRelayAgentOptPortEntry OBJECT-TYPE
   SYNTAX      EltIpv6DhcpRelayAgentOptPortEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION        "A DHCPv6 interface configuration entry."
   INDEX {ifIndex}
::= { eltIpv6DhcpRelayAgentOptPortTable 1 }

EltIpv6DhcpRelayAgentOptPortEntry ::= SEQUENCE {
    eltIpv6DhcpRelayAgentOptPortInterfaceId               EltCircuitIdType,
    eltIpv6DhcpRelayAgentOptPortRemoteId                  EltRemoteIdType,
    eltIpv6DhcpRelayAgentOptPortRowStatus                 RowStatus
}

eltIpv6DhcpRelayAgentOptPortInterfaceId OBJECT-TYPE
    SYNTAX      EltCircuitIdType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "DHCPv6 Interface-ID option on interface entry"
    ::= { eltIpv6DhcpRelayAgentOptPortEntry 2 }

eltIpv6DhcpRelayAgentOptPortRemoteId OBJECT-TYPE
    SYNTAX      EltRemoteIdType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "DHCPv6 Remote-ID option on interface entry"
    ::= { eltIpv6DhcpRelayAgentOptPortEntry 3 }

eltIpv6DhcpRelayAgentOptPortRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Session row status."
    ::= { eltIpv6DhcpRelayAgentOptPortEntry 4 }

eltMesIpv6DhcpLdra OBJECT IDENTIFIER ::= { eltMesIpv6DhcpRelayAgent  2}

eltIpv6DhcpLdraConfTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF EltIpv6DhcpLdraConfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION      "DHCPv6 LDRA interface configuration table."
    ::= { eltMesIpv6DhcpLdra  1 }

eltIpv6DhcpLdraConfEntry OBJECT-TYPE
    SYNTAX      EltIpv6DhcpLdraConfEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION        "DHCPv6 LDRA interface configuration entry."
    INDEX {ifIndex}
::= { eltIpv6DhcpLdraConfTable 1 }

EltIpv6DhcpLdraConfEntry ::= SEQUENCE {
    eltIpv6DhcpLdraConfRowStatus       RowStatus,
    eltIpv6DhcpLdraConfEnabled         TruthValue
}

eltIpv6DhcpLdraConfRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Session row status."
    ::= { eltIpv6DhcpLdraConfEntry 1 }
    
eltIpv6DhcpLdraConfEnabled OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Indicate status of DHCP LDRA per port."
    DEFVAL{ false }
    ::= { eltIpv6DhcpLdraConfEntry 2 }

--------------------------------------------------------------
 -- Notifications
 --------------------------------------------------------------

eltIpv6DhcpLdraMessageDropTrap NOTIFICATION-TYPE
    OBJECTS   {rndErrorDesc, rndErrorSeverity}
    STATUS  current
    DESCRIPTION
        "Warning trap indicating that IPv6 LDRA has dropped a message."
    ::=  { eltMesBridgeSecurityNotifications 1 }


--
-- eltMesIpSourceGuard
--

eltIpSourceGuardPortTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF EltIpSourceGuardPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "IP Source Guard ports entry per vlan."
    ::= { eltMesIpSourceGuard 1 }

eltIpSourceGuardPortEntry OBJECT-TYPE
    SYNTAX      EltIpSourceGuardPortEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A Source Guard entry "
    AUGMENTS   { rlIpSourceGuardPortEntry }
    ::= { eltIpSourceGuardPortTable 1 }

EltIpSourceGuardPortEntry ::= SEQUENCE {
    eltIpSourceGuardPortVlanList1to1024              VlanList1,
    eltIpSourceGuardPortVlanList1025to2048           VlanList2,
    eltIpSourceGuardPortVlanList2049to3072           VlanList3,
    eltIpSourceGuardPortVlanList3073to4094           VlanList4
    }

eltIpSourceGuardPortVlanList1to1024 OBJECT-TYPE
   SYNTAX      VlanList1
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
     "The Ip Source Guard port vlan list 1. Default value is {0}"
   DEFVAL {'00'H}
   ::= { eltIpSourceGuardPortEntry 1 }

eltIpSourceGuardPortVlanList1025to2048 OBJECT-TYPE
   SYNTAX      VlanList2
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
     "The Ip Source Guard port vlan list 2. Default value is {0}"
   DEFVAL {'00'H}
   ::= { eltIpSourceGuardPortEntry 2 }

eltIpSourceGuardPortVlanList2049to3072 OBJECT-TYPE
   SYNTAX      VlanList3
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
     "The Ip Source Guard port vlan list 3. Default value is {0}"
   DEFVAL {'00'H}
   ::= { eltIpSourceGuardPortEntry 3 }

eltIpSourceGuardPortVlanList3073to4094 OBJECT-TYPE
   SYNTAX      VlanList4
   MAX-ACCESS  read-write
   STATUS      current
   DESCRIPTION
     "The Ip Source Guard port vlan list 4. Default value is {0}"
   DEFVAL {'00'H}
   ::= { eltIpSourceGuardPortEntry 4 }


--
-- ARP Inspection ports configurations table
--

eltIpArpInspectPortConfigTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF EltIpArpInspectPortConfigEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "A table contain the configuration of Dynamic ARP 
        Inspection at each interface capable of this feature." 
    ::= { eltMesIpArpInspect 4 }
 
eltIpArpInspectPortConfigEntry OBJECT-TYPE
    SYNTAX       EltIpArpInspectPortConfigEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "A row instance contains the configuration of Dynamic ARP 
        Inspection at each interface capable of this feature." 
    INDEX { ifIndex }
    ::= { eltIpArpInspectPortConfigTable 1 }

EltIpArpInspectPortConfigEntry ::= SEQUENCE {  
    eltIpArpInspectPortRateLimit INTEGER 
}
 
eltIpArpInspectPortRateLimit OBJECT-TYPE
    SYNTAX      INTEGER (0..2048)
    UNITS       "packet per second"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object indicates rate limit value for Dynamic ARP
         Inspection purpose. If the incoming rate of ARP packets
         exceeds the value of this object, interface will be put
         into errdisable state. If the field has the value of 0, 
         no limiting is performed"
    DEFVAL { 0 }
    ::= { eltIpArpInspectPortConfigEntry 1 }


END     
