-- ==================================================================
-- Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P.
--
-- Description: DHCP Snooping MIB
-- Reference:
-- Version: V1.3
-- History:
-- V1.0 The initial version, created by FuJiajia, 2004.12.29
-- V1.1 2006-03-08 updated by HeHangjun
--      Added hpnicfDhcpSnoopVlanTable
-- V1.2 2007-06-18 updated by qizhenglin
--      Added hpnicfDhcpSnoopSpoofServerDetected
--            hpnicfDhcpSnoopSpoofServerMac
--            hpnicfDhcpSnoopSpoofServerIP
-- V1.3 2013-10-16 updated by xuyufei
--      Added hpnicfDhcpSnoopNewBinding
--            hpnicfDhcpSnoopBindingIP
--            hpnicfDhcpSnoopBindingMac
-- ==================================================================
-- ==================================================================
--
-- Varibles and types be imported
--
-- ==================================================================
HPN-ICF-DHCPSNOOP-MIB DEFINITIONS ::= BEGIN

IMPORTS

    MacAddress
        FROM SNMPv2-TC

    MODULE-IDENTITY,OBJECT-TYPE,NOTIFICATION-TYPE,IpAddress,Integer32
        FROM SNMPv2-SMI

    ifIndex
        FROM IF-MIB

    hpnicfdot1qVlanIndex
        FROM HPN-ICF-LswVLAN-MIB

    InetAddressType, InetAddress
        FROM INET-ADDRESS-MIB

    hpnicfCommon
        FROM HPN-ICF-OID-MIB

    TruthValue
        FROM SNMPv2-TC;

-- ==================================================================
--
-- ======================= definition begin =========================
--
-- ==================================================================
hpnicfDhcpSnoop MODULE-IDENTITY
        LAST-UPDATED "200501140000Z"
        ORGANIZATION
            ""
        CONTACT-INFO
            ""
        DESCRIPTION
            "The private MIB file includes the DHCP Snooping profile."
        ::= { hpnicfCommon  36 }

    hpnicfDhcpSnoopMibObject OBJECT IDENTIFIER ::= {  hpnicfDhcpSnoop 1  }

    hpnicfDhcpSnoopEnable OBJECT-TYPE
        SYNTAX INTEGER
        {
            enable(1),
            disable(2)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION "DHCP Snooping status (enable or disable)."
        DEFVAL { disable }
        ::= { hpnicfDhcpSnoopMibObject 1 }

    hpnicfDhcpSnoopTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF HpnicfDhcpSnoopEntry
        MAX-ACCESS not-accessible
        STATUS   current
        DESCRIPTION "The table containing information of DHCP clients listened by
                    DHCP snooping and it's enabled or disabled by setting
                    hpnicfDhcpSnoopEnable node."
        ::= { hpnicfDhcpSnoopMibObject 2 }


    hpnicfDhcpSnoopEntry OBJECT-TYPE
        SYNTAX  HpnicfDhcpSnoopEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION "An entry containing information of DHCP clients."
        INDEX   { hpnicfDhcpSnoopClientIpAddressType, hpnicfDhcpSnoopClientIpAddress }
        ::= { hpnicfDhcpSnoopTable 1 }

    HpnicfDhcpSnoopEntry   ::=
    SEQUENCE {
        hpnicfDhcpSnoopClientIpAddressType InetAddressType,
        hpnicfDhcpSnoopClientIpAddress   InetAddress,
        hpnicfDhcpSnoopClientMacAddress  MacAddress,
        hpnicfDhcpSnoopClientProperty    INTEGER ,
        hpnicfDhcpSnoopClientUnitNum     Integer32
        }

    hpnicfDhcpSnoopClientIpAddressType OBJECT-TYPE
        SYNTAX  InetAddressType
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION "DHCP clients' IP addresses type (IPv4 or IPv6)."
        DEFVAL { ipv4 }
        ::= { hpnicfDhcpSnoopEntry 1 }

    hpnicfDhcpSnoopClientIpAddress OBJECT-TYPE
        SYNTAX  InetAddress
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION "DHCP clients' IP addresses collected by DHCP snooping."
        ::= { hpnicfDhcpSnoopEntry 2 }

    hpnicfDhcpSnoopClientMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "DHCP clients' MAC addresses collected by DHCP snooping."
        ::= { hpnicfDhcpSnoopEntry 3 }

    hpnicfDhcpSnoopClientProperty OBJECT-TYPE
        SYNTAX  INTEGER
        {
            static(1),
            dynamic(2)
        }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "Method of getting IP addresses collected by DHCP snooping."
        ::= { hpnicfDhcpSnoopEntry 4 }

    hpnicfDhcpSnoopClientUnitNum OBJECT-TYPE
        SYNTAX  Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION "IRF (Intelligent Resilient Fabric) unit number via whom the clients
                    get their IP addresses. The value 0 means this device does not support IRF."
        ::= { hpnicfDhcpSnoopEntry 5 }

    hpnicfDhcpSnoopTrustTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF HpnicfDhcpSnoopTrustEntry
        MAX-ACCESS not-accessible
        STATUS   current
        DESCRIPTION "A table is used to configure and monitor port trusted status."
        ::= { hpnicfDhcpSnoopMibObject 3 }

    hpnicfDhcpSnoopTrustEntry OBJECT-TYPE
        SYNTAX  HpnicfDhcpSnoopTrustEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION "An entry containing information about trusted status of ports."
        INDEX   { ifIndex }
        ::= { hpnicfDhcpSnoopTrustTable 1 }

    HpnicfDhcpSnoopTrustEntry  ::=
    SEQUENCE {
        hpnicfDhcpSnoopTrustStatus     INTEGER
        }

    hpnicfDhcpSnoopTrustStatus OBJECT-TYPE
        SYNTAX  INTEGER
        {
            untrusted(0),
            trusted(1)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION "Trusted status of current port which supports both get and
                    set operation."
        DEFVAL { untrusted }
        ::= { hpnicfDhcpSnoopTrustEntry 1 }

    hpnicfDhcpSnoopVlanTable   OBJECT-TYPE
         SYNTAX          SEQUENCE OF HpnicfDhcpSnoopVlanEntry
         MAX-ACCESS      not-accessible
         STATUS          current
         DESCRIPTION     "A table is used to configure and monitor DHCP Snooping
                         status of VLANs."
         ::= { hpnicfDhcpSnoopMibObject 4 }

    hpnicfDhcpSnoopVlanEntry  OBJECT-TYPE
         SYNTAX          HpnicfDhcpSnoopVlanEntry
         MAX-ACCESS      not-accessible
         STATUS          current
         DESCRIPTION     "The entry information about hpnicfDhcpSnoopVlanTable."
         INDEX
         {
                hpnicfDhcpSnoopVlanIndex
         }
         ::= { hpnicfDhcpSnoopVlanTable 1 }

    HpnicfDhcpSnoopVlanEntry ::=
         SEQUENCE
         {
                hpnicfDhcpSnoopVlanIndex     Integer32,
                hpnicfDhcpSnoopVlanEnable    TruthValue
         }

    hpnicfDhcpSnoopVlanIndex        OBJECT-TYPE
         SYNTAX          Integer32(0..2147483647)
         MAX-ACCESS      not-accessible
         STATUS          current
         DESCRIPTION     "Current VLAN index."
         ::= { hpnicfDhcpSnoopVlanEntry 1 }

    hpnicfDhcpSnoopVlanEnable        OBJECT-TYPE
         SYNTAX          TruthValue
         MAX-ACCESS      read-write
         STATUS          current
         DESCRIPTION     "DHCP Snooping status of current VLAN."
         DEFVAL          { false }
         ::= { hpnicfDhcpSnoopVlanEntry 2 }

-- ==================================================================
--
-- ======================= trap definition begin ====================
--
-- ==================================================================
    hpnicfDhcpSnoopTraps OBJECT IDENTIFIER ::= {  hpnicfDhcpSnoop 2  }
    hpnicfDhcpSnoopTrapsPrefix OBJECT IDENTIFIER ::= {  hpnicfDhcpSnoopTraps 0  }
    hpnicfDhcpSnoopTrapsObject OBJECT IDENTIFIER ::= {  hpnicfDhcpSnoopTraps 1  }

    hpnicfDhcpSnoopSpoofServerMac OBJECT-TYPE
      SYNTAX MacAddress
      MAX-ACCESS accessible-for-notify
      STATUS current
      DESCRIPTION "MAC address of the spoofing server and it is derived from
          link-layer header of offer packet. If the offer packet is relayed
          by dhcp relay entity, it may be the MAC address of relay entity.
          "
      ::= { hpnicfDhcpSnoopTrapsObject 1 }

    hpnicfDhcpSnoopSpoofServerIP OBJECT-TYPE
      SYNTAX IpAddress
      MAX-ACCESS accessible-for-notify
      STATUS current
      DESCRIPTION "IP address of the spoofing server and it is derived from
          IP header of offer packet. A tricksy host may send offer packet use
          other host's address, so this address can not always be  trust.
          "
      ::= { hpnicfDhcpSnoopTrapsObject 2 }

    hpnicfDhcpSnoopBindingIP OBJECT-TYPE
      SYNTAX IpAddress
      MAX-ACCESS accessible-for-notify
      STATUS current
      DESCRIPTION "IP address of a new binding. "
      ::= { hpnicfDhcpSnoopTrapsObject 3 }


    hpnicfDhcpSnoopBindingMac OBJECT-TYPE
      SYNTAX MacAddress
      MAX-ACCESS accessible-for-notify
      STATUS current
      DESCRIPTION "MAC address of a new binding. "
      ::= { hpnicfDhcpSnoopTrapsObject 4 }


    hpnicfDhcpSnoopSpoofServerDetected NOTIFICATION-TYPE
        OBJECTS
        {
            ifIndex,            -- The interface from which an
                                -- illegal dhcp server accessed
            hpnicfdot1qVlanIndex,   -- The vlan from which an illegal
                                -- dhcp server accessed
            hpnicfDhcpSnoopSpoofServerMac,
            hpnicfDhcpSnoopSpoofServerIP
        }
        STATUS         current
        DESCRIPTION
           "To detect unauthorized DHCP servers on a network, the DHCP snooping
           device sends DHCP-DISCOVER messages through its downstream port
           (which is connected to the DHCP clients).
           If any response (DHCP-OFFER message) is received from the downstream port,
           an unauthorized DHCP server is considered present, and then the device
           sends a trap.
           With unauthorized DHCP server detection enabled, the interface sends a
           DHCP-DISCOVER message to detect unauthorized DHCP servers on the network.
           If this interface receives a DHCP-OFFER  message,  the DHCP server which
           sent it is considered unauthorized. "
    ::= { hpnicfDhcpSnoopTrapsPrefix 1 }

    hpnicfDhcpSnoopNewBinding NOTIFICATION-TYPE
        OBJECTS
        {
            hpnicfDhcpSnoopBindingIP,
            hpnicfDhcpSnoopBindingMac
        }
        STATUS current
        DESCRIPTION
           "The device sends a trap when adding a new binding."
    ::= { hpnicfDhcpSnoopTrapsPrefix 2 }

END
