--**MOD+***********************************************************************
--* Module:    hpicfDipldv6.mib
--*
-- Copyright (C) 2017 Hewlett-Packard Development Company, L.P.
--* All Rights Reserved.
--* 
--* The contents of this software are proprietary and confidential
--* to the Hewlett Packard Enterprise Development LP.  No part of this
--* program may be photocopied, reproduced, or translated into another
--* programming language without prior written consent of the
--* Hewlett Packard Enterprise Development LP.
--*
--* Purpose: This file contains MIB definition of HP-ICF-IPv6-DYNAMIC-LOCKDOWN-MIB
--*
--**MOD-*********************************************************************** 

HP-ICF-IPv6-DYNAMIC-LOCKDOWN-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE, Counter32
            FROM SNMPv2-SMI
        MacAddress, TruthValue
            FROM SNMPv2-TC
        MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
            FROM SNMPv2-CONF
        ifIndex , InterfaceIndex
            FROM IF-MIB
        InetAddressType, InetAddress
            FROM INET-ADDRESS-MIB
        VlanIndex
            FROM Q-BRIDGE-MIB
        hpSwitch
            FROM HP-ICF-OID      
        hpicfSaviObjectsFilteringEntry
            FROM HPICF-SAVI-MIB;

   hpicfIpv6Lockdown MODULE-IDENTITY
       LAST-UPDATED "201711080000Z"  -- Nov 08, 2017
       ORGANIZATION "HP Networking"
       CONTACT-INFO 
            "Hewlett-Packard Company
            8000 Foothills Blvd.
            Roseville, CA 95747"
        DESCRIPTION 
            "This MIB module contains HP proprietary
            objects for managing DHCPV6 Snooping."
        REVISION "201711080000Z"
        DESCRIPTION
             "Importing hpicfSaviObjectsFilteringEntry from HPICF-SAVI-MIB
              and augmenting it instead of saviObjectsFilteringEntry."
        REVISION "201310060000Z"     
        DESCRIPTION 
            "Initial Version."
        ::= { hpSwitch 103 }


    hpicfDIPLDv6SourceBindingNotifications OBJECT IDENTIFIER ::= { hpicfIpv6Lockdown 0 }
    
    hpicfDIPLDv6Objects OBJECT IDENTIFIER            ::= { hpicfIpv6Lockdown 1 }

    hpicfIpv6LockConformance OBJECT IDENTIFIER       ::= {hpicfIpv6Lockdown 2 }

    hpicfDIPDv6SourceBindingOutOfResources NOTIFICATION-TYPE
        OBJECTS     { 
                      hpicfDIPLDv6SourceBindingAddrPort,
                      hpicfDIPLDv6SourceBindingAddrMacAddress,
                      hpicfDIPLDv6SourceBindingAddrIpAddressType, 
                      hpicfDIPLDv6SourceBindingAddrIpAddress,
                      hpicfDIPLDv6SourceBindingAddrVlan
                      } 
        STATUS      current
        DESCRIPTION "This trap is sent when hardware runs out of resource 
                     to program Dynamic IPv6 Lockdown rule. It is controlled 
                     by the state of 
                     hpicfcfDIPLDv6SourceBindingOutOfResourcesTrapCtrl
                     object.Implementation of this trap is optional."
        ::= { hpicfDIPLDv6SourceBindingNotifications 1 }

    hpicfDIPLDv6SourceBindingOutOfResourcesObjects
                     OBJECT IDENTIFIER ::= {hpicfDIPLDv6SourceBindingNotifications 2}

    hpicfDIPLDv6SourceBindingAddrPort  OBJECT-TYPE
        SYNTAX      InterfaceIndex
        MAX-ACCESS  accessible-for-notify
        STATUS      current
        DESCRIPTION "The Interface Index of the port for which Dynamic 
                     IPv6 Lockdown rule cannot be programmed into 
                     hardware."
        ::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 1 }

    hpicfDIPLDv6SourceBindingAddrMacAddress  OBJECT-TYPE
        SYNTAX      MacAddress
        MAX-ACCESS  accessible-for-notify
        STATUS      current
        DESCRIPTION "The source MAC address for which Dynamic IPv6 Lockdown rule
                     cannot be programmed into hardware."
        ::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 2 }
  
   hpicfDIPLDv6SourceBindingAddrIpAddressType  OBJECT-TYPE
        SYNTAX      InetAddressType
        MAX-ACCESS  accessible-for-notify
        STATUS      current
        DESCRIPTION "The Type of the IP Address of the source for which 
                     Dynamic IPv6 lockdown rule cannot be programmed 
                     into the hardware."
        ::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 3 }


   hpicfDIPLDv6SourceBindingAddrIpAddress  OBJECT-TYPE
        SYNTAX      InetAddress
        MAX-ACCESS  accessible-for-notify
        STATUS      current
        DESCRIPTION "A source IP address for which Dynamic IPv6 Lockdown rule
                     cannot be programmed into hardware."
        ::= { hpicfDIPLDv6SourceBindingOutOfResourcesObjects 4 }

   hpicfDIPLDv6SourceBindingAddrVlan  OBJECT-TYPE
       SYNTAX      VlanIndex
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION "The VLAN for which Dynamic IPv6 Lockdown rule
                     cannot be programmed into hardware."
       ::= {hpicfDIPLDv6SourceBindingOutOfResourcesObjects 5 }

    hpicfDIPLDv6SourceBindingVoilations NOTIFICATION-TYPE
        OBJECTS    {hpicfDIPLDv6SourceBindingVoilationsCount,
                    hpicfDIPLDv6SourceBindingVoilationsPort,	
                    hpicfDIPLDv6SourceBindingVoilationsSrcIpType,
                    hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress,
                    hpicfDIPLDv6SourceBindingVoilationsDstIpType,
                    hpicfDIPLDv6SourceBindingVoilationsDstIpAddress,
                    hpicfDIPLDv6SourceBindingVoilationsMacAddress,
                    hpicfDIPLDv6SourceBindingVoilationsPktCount}
        STATUS      current
        DESCRIPTION "This notification indicates a host was denied access to
                    the switch based on Dynamic IPv6 lockdown protection rules.
                    This trap is controlled by the state of the 
                    'hpicfDIPLDv6SourceBindingViolationsTrapCtrl' object.
                    Implementation of this trap is optional."
        ::= { hpicfDIPLDv6SourceBindingNotifications 3 }

    hpicfDIPLDv6SourceBindingVoilationsObjects
                   OBJECT IDENTIFIER ::= { hpicfDIPLDv6SourceBindingNotifications 4 }

    hpicfDIPLDv6SourceBindingVoilationsCount OBJECT-TYPE
        SYNTAX      Counter32
        MAX-ACCESS  accessible-for-notify
        STATUS      current
        DESCRIPTION "The number of DIPLDv6 violations sent from a DIPLDv6 
                     entity to the SNMP entity."
        ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 1 }

    hpicfDIPLDv6SourceBindingVoilationsPort OBJECT-TYPE
        SYNTAX      InterfaceIndex
        MAX-ACCESS  accessible-for-notify
        STATUS      current
        DESCRIPTION "The Interface Index of the port for which this 
                    'hpicfDIPLDv6SourceBindingVoilations' applies."
        ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 2 }

    hpicfDIPLDv6SourceBindingVoilationsSrcIpType OBJECT-TYPE
        SYNTAX      InetAddressType -- { ipv6(2), ipv6z (4) }
        MAX-ACCESS  accessible-for-notify
        STATUS      current
        DESCRIPTION "The type of IP address contained in
                    'hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress'.
                    The only values expected are ipv6 or ipv6z."
        ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 3 }

    hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress OBJECT-TYPE
        SYNTAX      InetAddress
        MAX-ACCESS  accessible-for-notify 
        STATUS      current
        DESCRIPTION "The source IP address for which this
                    'hpicfDIPLDv6SourceBindingVoilations' applies."
        ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 4 }

    hpicfDIPLDv6SourceBindingVoilationsDstIpType OBJECT-TYPE
        SYNTAX      InetAddressType -- { ipv6(2), ipv6z (4) }
        MAX-ACCESS  accessible-for-notify
        STATUS      current
        DESCRIPTION "The type of IP address contained in 
                    'hpicfIpLockSourceBindingVoilationsDstIpAddress'.
                    The only values expected are ipv6 or ipv6z."
        ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 5 }

    hpicfDIPLDv6SourceBindingVoilationsDstIpAddress OBJECT-TYPE
        SYNTAX      InetAddress
        MAX-ACCESS  accessible-for-notify 
        STATUS      current
        DESCRIPTION "The destination IP address for which this 
                    'hpicfDIPLDv6SourceBindingVoilations' applies."
        ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 6 }

    hpicfDIPLDv6SourceBindingVoilationsMacAddress OBJECT-TYPE
        SYNTAX      MacAddress
        MAX-ACCESS  accessible-for-notify
        STATUS      current
        DESCRIPTION "The source MAC address for which this 
                    'hpicfDIPLDv6SourceBindingVoilations' applies."
        ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 7 }

    hpicfDIPLDv6SourceBindingVoilationsPktCount  OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION "This object indicates the number of packets 
                     received from this host which were dropped."
        ::= { hpicfDIPLDv6SourceBindingVoilationsObjects 8 }


-- Configuration Parameters    
    hpicfDIPLDv6Config OBJECT IDENTIFIER ::= { hpicfDIPLDv6Objects 1 }

    hpicfDIPLDv6LockEnable OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "The administrative status of the Dynamic IPv6
                    Lockdown feature."
        ::= { hpicfDIPLDv6Config 1 }

    hpicfDIPLDv6PortTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF HpicfDIPLDv6PortEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "Per-interface configuration for Dynamic IPv6
                    Lockdown."
        ::= { hpicfDIPLDv6Config 2 }

    hpicfDIPLDv6PortEntry OBJECT-TYPE
        SYNTAX      HpicfDIPLDv6PortEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "Dynamic IPv6 Lockdown configuration information
                    for a single port."
        INDEX       { ifIndex }
        ::= { hpicfDIPLDv6PortTable 1 }

    HpicfDIPLDv6PortEntry ::=
        SEQUENCE {
            hpicfDIPLDv6PortEnable            TruthValue,
            hpicfDIPLDv6PortOperStatus        BITS
        }

    hpicfDIPLDv6PortEnable OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "This object indicates whether this port is
                    enabled for Dynamic IPv6 Lockdown."
        ::= { hpicfDIPLDv6PortEntry 1 }

    hpicfDIPLDv6PortOperStatus OBJECT-TYPE
        SYNTAX     BITS{
                        active(0),
                        noDsnoopv6(1),
                        trustedPort(2),
                        noSnoopingVlan(3)
                    }
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION "This object indicates the various states of the
                    current operating mode of Dynamic IPv6 Lockdown on
                    this port. The states are:
                       active         - Dynamic IPv6 Lockdown is active
                                        on this port.
                       noDsnoop       - Dynamic IPv6 Lockdown is enabled
                                        on this port, but DHCPv6 Snooping
                                        is not globally enabled.
                       trustedPort    - Dynamic IPv6 Lockdown is enabled
                                        on this port, but is not active
                                        because the port is a DHCPv6
                                        Snooping trusted port.
                       noSnoopingVlan - Dynamic IPv6 Lockdown is enabled
                                        on this port, but is not active
                                        because the port is not a
                                        member of any VLAN with DHCPv6
                                        Snooping enabled."
       
       ::= { hpicfDIPLDv6PortEntry 2 }
 
   hpicfDIPLDv6SourceBindingOutOfResourcesTrapCtrl OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "Controls generation of SNMP notifications for
                    traps defined in this MIB."
        DEFVAL      { true }
        ::= { hpicfDIPLDv6Config 3 }

     hpicfDIPLDv6SourceBindingViolationsTrapCtrl OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-write
        STATUS      current
        DESCRIPTION "Controls generation of SNMP notifications for
                    traps defined in this MIB."
        DEFVAL      { true }
        ::= { hpicfDIPLDv6Config 4 }

    hpicfDIPLDv6Status OBJECT IDENTIFIER ::= { hpicfDIPLDv6Objects 2 }


    hpicfDIPLDv6AddrTable OBJECT-TYPE
        SYNTAX      SEQUENCE OF HpicfDIPLDv6AddrEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "Table of source address bindings on ports
                    where Dynamic IPv6 Lockdown is active that
                    are currently permitted."
        ::= { hpicfDIPLDv6Status 1 }

    hpicfDIPLDv6AddrEntry OBJECT-TYPE
        SYNTAX      HpicfDIPLDv6AddrEntry
        MAX-ACCESS  not-accessible
        STATUS      current
        DESCRIPTION "Extension to the hpicfSAVI filtering table."
        AUGMENTS { hpicfSaviObjectsFilteringEntry }

        ::= { hpicfDIPLDv6AddrTable 1 }

    HpicfDIPLDv6AddrEntry ::=
        SEQUENCE {
            hpicfDIPLDv6AddrVlan       VlanIndex,
            hpicfDIPLDv6ResourceAvailable     TruthValue
        }

    hpicfDIPLDv6AddrVlan OBJECT-TYPE
        SYNTAX      VlanIndex
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION "The VLAN on which this binding entry is permitted." 
        ::= { hpicfDIPLDv6AddrEntry 1 }


    hpicfDIPLDv6ResourceAvailable OBJECT-TYPE
        SYNTAX      TruthValue
        MAX-ACCESS  read-only
        STATUS      current
        DESCRIPTION 
        "This Object provides the availability of HW resources
         while adding a binding. TRUE indicates that hardware
         resources were available to add a binding. FALSE indicates that
         resources were not available."
        ::= { hpicfDIPLDv6AddrEntry 2 }

-- Conformance groups
    hpicfIpv6LockGroups OBJECT IDENTIFIER ::=
        {hpicfIpv6LockConformance 1 }

    hpicfIpv6LockBaseGroup OBJECT-GROUP
        OBJECTS     { hpicfDIPLDv6LockEnable,
                      hpicfDIPLDv6PortEnable,
                      hpicfDIPLDv6PortOperStatus,
                      hpicfDIPLDv6AddrVlan,
                      hpicfDIPLDv6ResourceAvailable
                    }
        STATUS      current
        DESCRIPTION "A collection of objects for configuring and
                    monitoring the base Dynamic IPv6 Lockdown
                    functionality."
        ::= { hpicfIpv6LockGroups 1 }

    hpicfSourceBindingTrapObjectsGroup OBJECT-GROUP
        OBJECTS { 
                      hpicfDIPLDv6SourceBindingAddrPort,
                      hpicfDIPLDv6SourceBindingAddrMacAddress,
                      hpicfDIPLDv6SourceBindingAddrIpAddressType, 
                      hpicfDIPLDv6SourceBindingAddrIpAddress,
                      hpicfDIPLDv6SourceBindingAddrVlan,
                      hpicfDIPLDv6SourceBindingVoilationsCount,
                      hpicfDIPLDv6SourceBindingVoilationsPort,	
                      hpicfDIPLDv6SourceBindingVoilationsSrcIpType,
                      hpicfDIPLDv6SourceBindingVoilationsSrcIpAddress,
                      hpicfDIPLDv6SourceBindingVoilationsDstIpType,
                      hpicfDIPLDv6SourceBindingVoilationsDstIpAddress,
                      hpicfDIPLDv6SourceBindingVoilationsMacAddress,
                      hpicfDIPLDv6SourceBindingVoilationsPktCount,
                      hpicfDIPLDv6SourceBindingOutOfResourcesTrapCtrl,
                      hpicfDIPLDv6SourceBindingViolationsTrapCtrl 
                 }         
        STATUS      current
        DESCRIPTION "A collection of objects used in the Dynamic IPv6 Lockdown
                     notification."
        ::= { hpicfIpv6LockGroups 2 }

    hpicfSourceBindingTrapsGroup NOTIFICATION-GROUP
        NOTIFICATIONS { hpicfDIPDv6SourceBindingOutOfResources ,  
                        hpicfDIPLDv6SourceBindingVoilations }
        STATUS      current
        DESCRIPTION "A collection of trap objects for Dynamic 
                    IP Lockdown feature."  
        ::= {hpicfIpv6LockGroups 3 }


    hpicfIpv6LockCompliances OBJECT IDENTIFIER ::=
        { hpicfIpv6LockConformance 2 }

    hpicfDIPLDv6Compliance MODULE-COMPLIANCE
        STATUS      current
        DESCRIPTION "The compliance statement for HP
                    switches that support Dynamic IPv6 Lockdown."
        MODULE
            MANDATORY-GROUPS { hpicfIpv6LockBaseGroup }
        ::= { hpicfIpv6LockCompliances 1 }

    hpicfIpv6SourceBindingTrapCompliance MODULE-COMPLIANCE
        STATUS      current
        DESCRIPTION "The compliance statement for HP
                    switches that support Dynamic IP Lockdown
                    Notify group ."
        MODULE --this module
        MANDATORY-GROUPS 
        {hpicfSourceBindingTrapObjectsGroup,hpicfSourceBindingTrapsGroup}
        ::= { hpicfIpv6LockCompliances 2 }
END

