-- *****************************************************************
-- FS-SECURITY-MIB.mib:  FS Security MIB file
--
-- March 2002, Wuzg
--
-- Copyright (c) 2002 by FS.COM Inc..
-- All rights reserved.
-- 
-- *****************************************************************
--

FS-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE,
        NOTIFICATION-TYPE,
        Integer32,
        IpAddress,
        Unsigned32
                FROM SNMPv2-SMI
        TruthValue,
        RowStatus,
        MacAddress
                FROM SNMPv2-TC
        MODULE-COMPLIANCE,
        OBJECT-GROUP
                FROM SNMPv2-CONF
        ConfigStatus,
        IfIndex
                FROM FS-TC
        ifIndex        
                FROM IF-MIB
        EnabledStatus 
                FROM P-BRIDGE-MIB
        fsMgmt
                FROM FS-SMI;

fsSecurityMIB MODULE-IDENTITY
        LAST-UPDATED "200203200000Z"
        ORGANIZATION "FS.COM Inc.."
        CONTACT-INFO
                " 
                Tel: 400-865-2852 

                E-mail: https://www.fs.com/live_chat_service_mail.html"
        DESCRIPTION
                "This module defines fs security mibs."
        REVISION      "200203200000Z"
        DESCRIPTION
                "Initial version of this MIB module."
        ::= { fsMgmt 6}

fsSecurityMIBObjects OBJECT IDENTIFIER ::= { fsSecurityMIB 1 }

fsUserManagementObjects OBJECT IDENTIFIER ::= { fsSecurityMIBObjects 1 }

fsSecurityAddressObjects OBJECT IDENTIFIER ::= { fsSecurityMIBObjects 2 }

fsPortSecrrityObjects OBJECT IDENTIFIER ::= { fsSecurityMIBObjects 3 }

--
--  user management
--

fsEnableSnmpAgent OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "Enabled indicate that user can manage switch by snmp agent,
             disabled indicate that user can't manage switch by snmp agent."
    ::= { fsUserManagementObjects 1 }
    
fsEnableWeb OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "Enabled indicate that user can manage switch by web,
             disabled indicate that user can't manage switch by web."
    ::= { fsUserManagementObjects 2 }    
    
fsEnableTelnet OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "Enabled indicate that user can manage switch by telnet,
             disabled indicate that user can't manage switch by telnet."
    ::= { fsUserManagementObjects 3 }    

--TelnetHostIpTable
fsTelnetHostIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF FSTelnetHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The table of telnet client's IP address, only these hostes can access the telnet server."
    ::= { fsUserManagementObjects 4 }

fsTelnetHostIpEntry OBJECT-TYPE
        SYNTAX  FSTelnetHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of telnet host IP address table."
        INDEX   { fsTelnetHostIpAddress}
    ::= { fsTelnetHostIpTable 1 }

    FSTelnetHostIpEntry ::=
        SEQUENCE {
                fsTelnetHostIpAddress
                       IpAddress,
                fsTelnetHostIpEnable
                       INTEGER         
      }

fsTelnetHostIpAddress OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The telnet client's IP address, Only these hostes can access the telnet server"
        ::= { fsTelnetHostIpEntry 1 }

fsTelnetHostIpEnable OBJECT-TYPE
        SYNTAX  INTEGER{                   
                   enable(1), 
                   disable(2)
                   }
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
            "The telnet client's IP address enable state"
    ::= { fsTelnetHostIpEntry 2 }
    
--WebHostIpTable
fsWebHostIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF FSWebHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The table of web client's IP address, only these hostes can access the web server."
    ::= { fsUserManagementObjects 5 }

fsWebHostIpEntry OBJECT-TYPE
        SYNTAX  FSWebHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of web host IP address table."
        INDEX   { fsWebHostIpAddress}
    ::= { fsWebHostIpTable 1 }

    FSWebHostIpEntry ::=
        SEQUENCE {
                fsWebHostIpAddress
                       IpAddress,
                fsWebHostIpEnable
                       INTEGER         
      }

fsWebHostIpAddress OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The web client's IP address, Only these hostes can access the web server"
        ::= { fsWebHostIpEntry 1 }

fsWebHostIpEnable OBJECT-TYPE
        SYNTAX  INTEGER{                   
                   enable(1), 
                   disable(2)
                   }
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
            "The web client's IP address enable state"
    ::= { fsWebHostIpEntry 2 }

-- security address 

fsSecurityAddressTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF FSSecurityAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The table of security address."
    ::= { fsSecurityAddressObjects 1 }

fsSecurityAddressEntry OBJECT-TYPE
        SYNTAX  FSSecurityAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of Security address table."
        INDEX   { fsSecurityAddressFdbId,
              fsSecurityAddressAddress,
              fsSecurityAddressPort,
              fsSecurityAddressIpAddr}
    ::= { fsSecurityAddressTable 1 }

    FSSecurityAddressEntry ::=
        SEQUENCE {
                fsSecurityAddressFdbId
                       Unsigned32,
                fsSecurityAddressAddress
                       MacAddress,
                fsSecurityAddressPort
                       IfIndex,  
                fsSecurityAddressIpAddr
                       IpAddress,
                fsSecurityAddressIfBindIp
                       TruthValue,        
                fsSecurityAddressRemainAge
                       Integer32,   
                fsSecurityAddressType
                       INTEGER,         
                fsSecurityAddressStatus
                       RowStatus                       
      }

fsSecurityAddressFdbId OBJECT-TYPE
        SYNTAX       Unsigned32
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "The VID of vlan which the security address blongs to."
    ::= { fsSecurityAddressEntry 1 }
    
fsSecurityAddressAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The MAC address of the security address."
    ::= { fsSecurityAddressEntry 2 }

fsSecurityAddressPort OBJECT-TYPE
        SYNTAX       IfIndex
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "The interface which the security address blongs to."
    ::= { fsSecurityAddressEntry 3 }
    
fsSecurityAddressIpAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IP address which the security address bind.It's meaning only when 
            fsSecurityAddressIfBindIp is true."
        ::= { fsSecurityAddressEntry 4 }
        
fsSecurityAddressIfBindIp OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "this object offer the means whether security address will bind IP."
        ::= { fsSecurityAddressEntry 5 }
        
fsSecurityAddressRemainAge OBJECT-TYPE
        SYNTAX       Integer32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "The remain age of the security address, in units of minute."
    ::= { fsSecurityAddressEntry 6 }

fsSecurityAddressType OBJECT-TYPE
        SYNTAX  INTEGER{                   
                   secureConfigured(1), 
                   dynamicLearn(2)
                   }
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "The type of the security address"
    ::= { fsSecurityAddressEntry 7 }
                
fsSecurityAddressStatus OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "entry status of this entry. and the means in this enviraments can
            reffer to the text-convention definition of the RowStatus."
    ::= { fsSecurityAddressEntry 8 }


--Address Bind Table
fsBindAddressTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF FSBindAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
		"IP-MAC bind table. The source MAC address must be bound when the switch receives the frame with
		 source IP address defined in this table. Otherwise, the frame will be discarded."
    ::= { fsSecurityAddressObjects 2 }

fsBindAddressEntry OBJECT-TYPE
        SYNTAX  FSBindAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of Bind address table."
        INDEX   { fsBindAddressIpAddr}
    ::= { fsBindAddressTable 1 }

    FSBindAddressEntry ::=
        SEQUENCE {
                fsBindAddressIpAddr
                       IpAddress,
                fsBindMacAddress
                       MacAddress,
                fsBindAddressStatus
                       ConfigStatus                       
      }
fsBindAddressIpAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IP address which the security address bind.It's meaning only when 
            fsBindAddressIfBindIp is true."
        ::= { fsBindAddressEntry 1 }
    
fsBindMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
              "The MAC address of the security address."
    ::= { fsBindAddressEntry 2 }    
                
fsBindAddressStatus OBJECT-TYPE
        SYNTAX ConfigStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "entry status. Setting this value to 'invalid' will remove this entry"
    ::= { fsBindAddressEntry 3 }

-- port security
fsPortSecurityTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSPortSecurityEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "list of port security configuration objects."
        ::= { fsPortSecrrityObjects 1 }
    
fsPortSecurityEntry OBJECT-TYPE
        SYNTAX FSPortSecurityEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Entry contains port security configurations."
        INDEX { fsPortSecurityPortIndex }
        ::= { fsPortSecurityTable 1 }
    
FSPortSecurityEntry ::=
        SEQUENCE {
        fsPortSecurityPortIndex IfIndex,
        fsPortSecurityStatus EnabledStatus,
        fsPortSecurViolationType INTEGER,        
        fsPortSecurityAddrNum Integer32,
        fsPortSecurityAddrAge Integer32,
        fsPortStaticSecurAddrIfAge EnabledStatus,
        fsPortSecurityAddressCurrentNum Integer32, 
        fsPortStaticSecurAddrCurrentNum Integer32,
        fsPortSecurityIpDistrMode INTEGER
        }

fsPortSecurityPortIndex OBJECT-TYPE
        SYNTAX IfIndex
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            ""
        ::= { fsPortSecurityEntry 1 }
            
fsPortSecurityStatus OBJECT-TYPE
        SYNTAX EnabledStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            ""
        DEFVAL { disabled }         
        ::= { fsPortSecurityEntry 2 }

fsPortSecurViolationType OBJECT-TYPE
        SYNTAX INTEGER {
            violation-protect(1),
            violation-restrict(2),
            violation-shutdown(3)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "this object define 3 grades of port security:
            violation-protect(1):
                normal security grade, indicate that when the a datagram received on a
                port with illegal MAC address will be discarded but not send trap, 
                legal and illegal MAC to a port security is 
                defined by per port's security below.
            violation-restrict(2):
                normal security grade, indicate that when the a datagram received on a
                port with illegal MAC address will be discarded and send trap, legal and illegal MAC
                to a port security is defined by per port's security below.
            violation-shutdown(3):
                strict security grade, indicate that when the a datagram received on a
                port with illegal MAC address, the port will be disabled for the violation
                of the port's security and send trap."
        DEFVAL { violation-protect }         
        ::= { fsPortSecurityEntry 3 }
            
fsPortSecurityAddrNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This value means the address number threshold of this port. A new address want to 
            add to the port address will be refused when address num exceed this value. 
            This value is valid when fsPortSecurityStatus is 'disabled'"
        ::= { fsPortSecurityEntry 4 }    

fsPortSecurityAddrAge OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Aging time in units of minute of security address of interface"
        ::= { fsPortSecurityEntry 5 }    
        
fsPortStaticSecurAddrIfAge OBJECT-TYPE
        SYNTAX EnabledStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object offer the means whether enable static configured security address 
             aging."
        ::= { fsPortSecurityEntry 6 }
        
fsPortSecurityAddressCurrentNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
              "Current number of the security address of interface."
        ::= { fsPortSecurityEntry 7 }
        
fsPortStaticSecurAddrCurrentNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
              "Current number of the static configured security address of interface."
        ::= { fsPortSecurityEntry 8 }

fsPortSecurityIpDistrMode OBJECT-TYPE
        SYNTAX INTEGER{
            static(1),                     --only Static IP Distribute enabled
            dynamic(2),                 --only Dynamic IP Distribute enabled
            staticAndDynamic(3),     --both Static and Dynamic IP Distribute enable
            unSpecified(4)              --not specified
        }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "IP Distrute Mode
             (0:Static-only mode, 
              1:Dynamic-only mode, 
              2:Dynamic and Static mode, 
              3:Unspecified mode)"
        ::= { fsPortSecurityEntry 9 }

fsSecurityTraps      OBJECT IDENTIFIER ::= { fsSecurityMIB 2 }

portSecurityViolate NOTIFICATION-TYPE
    OBJECTS    {ifIndex}
    STATUS  current
    DESCRIPTION
            "the mac lock violate trap indicates that if you
             have set the threshold number of learned addresses
             from a port, and their comes a new address from the
             port, but the addresses for the port is already 
             full."
    ::= { fsSecurityTraps 1 }        

fsSecurityMIBConformance OBJECT IDENTIFIER ::= { fsSecurityMIB 3 }
fsSecurityMIBCompliances OBJECT IDENTIFIER ::= { fsSecurityMIBConformance 1 }
fsSecurityMIBGroups      OBJECT IDENTIFIER ::= { fsSecurityMIBConformance 2 }


-- compliance statements

fsSecurityMIBCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
                "The compliance statement for entities which implement
                the FS Security MIB"
        MODULE  -- this module
                MANDATORY-GROUPS { fsUserManageMIBGroup,
                                   fsSecurityAddressMIBGroup,
                                   fsPortSecurityMIBGroup
                 }
        ::= { fsSecurityMIBCompliances 1 }
                
-- units of conformance

fsUserManageMIBGroup OBJECT-GROUP
        OBJECTS {
           fsEnableSnmpAgent,
           fsEnableWeb,
           fsEnableTelnet
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing status snmp and web and telnet
                 management agent to a FS agent."
        ::= { fsSecurityMIBGroups 1 }         
        
fsSecurityAddressMIBGroup OBJECT-GROUP
        OBJECTS {
--                fsSecurityAddressFdbId,
--                fsSecurityAddressAddress,
--                fsSecurityAddressPort,
--                fsSecurityAddressIpAddr,
                fsSecurityAddressIfBindIp,        
                fsSecurityAddressRemainAge, 
                fsSecurityAddressType,    
                fsSecurityAddressStatus,
--                fsBindAddressIpAddr,
                fsBindMacAddress,
                fsBindAddressStatus            
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing security address to a
                FS agent."
        ::= { fsSecurityMIBGroups 2 }                         
        
fsPortSecurityMIBGroup OBJECT-GROUP
        OBJECTS {
              fsPortSecurityPortIndex,
              fsPortSecurityStatus,
              fsPortSecurViolationType,
              fsPortSecurityAddrNum,
              fsPortSecurityAddrAge,
              fsPortStaticSecurAddrIfAge,
              fsPortSecurityAddressCurrentNum, 
              fsPortStaticSecurAddrCurrentNum,
              fsPortSecurityIpDistrMode
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing port security to a
                FS agent."
        ::= { fsSecurityMIBGroups 3 }                                 
                
END
