
BAY-STACK-SOURCE-GUARD-MIB DEFINITIONS ::= BEGIN

IMPORTS
    NOTIFICATION-TYPE, OBJECT-TYPE, MODULE-IDENTITY, Counter32
        FROM SNMPv2-SMI
    MacAddress
        FROM SNMPv2-TC
    InterfaceIndex
        FROM IF-MIB
    InetAddressType, InetAddress
        FROM INET-ADDRESS-MIB
    bayStackMibs
        FROM SYNOPTICS-ROOT-MIB;

bayStackSourceGuardMib MODULE-IDENTITY
      LAST-UPDATED "200810300000Z"
      ORGANIZATION "Nortel Ltd."
      CONTACT-INFO "nortel.com"
      DESCRIPTION
              "This MIB module is used for IP Source Guard
               settings in Nortel's software and products."

      REVISION    "200810300000Z"  -- October 30, 2008
      DESCRIPTION "Ver 4:  Added new notification types."

      REVISION    "200803310000Z"  -- Mar 31, 2008
      DESCRIPTION "Ver 3:  Added statistics table."

      REVISION    "200705070000Z"  -- May 07, 2007
      DESCRIPTION "Ver 2:  Fixed some DESCRIPTION clauses."

      REVISION    "200703230000Z"  -- March 23, 2007
      DESCRIPTION "Ver 1:  Initial version."

      ::= { bayStackMibs 20 }

bsSourceGuardNotifications OBJECT IDENTIFIER ::= { bayStackSourceGuardMib 0 }
bsSourceGuardObjects       OBJECT IDENTIFIER ::= { bayStackSourceGuardMib 1 }

--
-- configuration table
--

bsSourceGuardConfigTable   OBJECT-TYPE
    SYNTAX SEQUENCE OF BsSourceGuardConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table is used to configure IP Source Guard per port."
    ::= { bsSourceGuardObjects 1 }

bsSourceGuardConfigEntry OBJECT-TYPE
    SYNTAX       BsSourceGuardConfigEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "An entry containing objects for configuring IP Source Guard
         settings for a port."
    INDEX { bsSourceGuardConfigIfIndex }
    ::= { bsSourceGuardConfigTable 1 }

BsSourceGuardConfigEntry ::=
    SEQUENCE {
        bsSourceGuardConfigIfIndex InterfaceIndex,
        bsSourceGuardConfigMode    INTEGER
    }

bsSourceGuardConfigIfIndex OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The interface on which Source Guard configuration setting apply."
    ::= { bsSourceGuardConfigEntry 1 }

bsSourceGuardConfigMode OBJECT-TYPE
    SYNTAX       INTEGER {
                     disabled(1),
                     ip(2)
                 }
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
        "This object is used to control the Source Guard mode on an
         interface.  The values are as follows:

           disabled(1) - Source Guard is disabled on this interface.

           ip(2) - Source Guard only allows traffic from a list of IP
                   addresses on this interface."
    ::= { bsSourceGuardConfigEntry 2 }

--
-- address table
--

bsSourceGuardAddrTable   OBJECT-TYPE
    SYNTAX SEQUENCE OF BsSourceGuardAddrEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table contains a list of internet and/or MAC addresses
         allowed by Source Guard on an interface.  An entry in this
         table must indicate either a valid internet address and/or
         a valid MAC address.  This means that an entry may not exist
         where the value of bsSourceGuardAddrType is unknown(0) and
         the value of bsSourceGuardAddrMACAddr is 00:00:00:00:00:00.

         If an entry indicates only an internet address, Source Guard
         will allow that address regardless of MAC address.

         Note that currently, MAC addresses are not supported.  This
         means that currently, the value of bsSourceGuardAddrMACAddr
         must always by 00:00:00:00:00:00, and the value of
         bsSourceGuardAddrType must not be unknown(0)."
    ::= { bsSourceGuardObjects 2 }

bsSourceGuardAddrEntry OBJECT-TYPE
    SYNTAX       BsSourceGuardAddrEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "An entry containing an address allowed by Source Guard on
         an interface."
    INDEX { bsSourceGuardAddrIndex,
            bsSourceGuardAddrType,
            bsSourceGuardAddrAddress,
            bsSourceGuardAddrMACAddr }
    ::= { bsSourceGuardAddrTable 1 }

BsSourceGuardAddrEntry ::=
    SEQUENCE {
        bsSourceGuardAddrIndex     InterfaceIndex,
        bsSourceGuardAddrType      InetAddressType,
        bsSourceGuardAddrAddress   InetAddress,
        bsSourceGuardAddrMACAddr   MacAddress,
        bsSourceGuardAddrSource    INTEGER
    }

bsSourceGuardAddrIndex OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The ifIndex value of the interface."
    ::= { bsSourceGuardAddrEntry 1 }

bsSourceGuardAddrType OBJECT-TYPE
    SYNTAX       InetAddressType
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "The type of internet address contained in the corresponding
         instance of bsSourceGuardAddrAddress.  If the value of this
         object is other(0), then the corresponding instance of
         bsSourceGuardAddrAddress must be a zero length value."
    ::= { bsSourceGuardAddrEntry 2 }

bsSourceGuardAddrAddress OBJECT-TYPE
    SYNTAX       InetAddress
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "The internet address allowed by Source Guard on this interface.
         If this object contains a zero length value, then the Source
         Guard feature will not use the value."
    ::= { bsSourceGuardAddrEntry 3 }

bsSourceGuardAddrMACAddr OBJECT-TYPE
    SYNTAX       MacAddress
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "The ethernet MAC address allowed by Source Guard on this interface.
         If this object contains the value 00:00:00:00:00:00, then the
         Source Guard feature will not use the value."
    ::= { bsSourceGuardAddrEntry 4 }

bsSourceGuardAddrSource OBJECT-TYPE
    SYNTAX       INTEGER {
                     dhcpSnooping(1)
                 }
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The source of the address(es).  Currently, the only source is
         from dhcp snooping.  In the future, static addresses will
         be allowed."
    ::= { bsSourceGuardAddrEntry 5 }

--
-- statistics table
--

bsSourceGuardStatsTable   OBJECT-TYPE
    SYNTAX SEQUENCE OF BsSourceGuardStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Per-interface IP Source Guard statistics."
    ::= { bsSourceGuardObjects 3 }

bsSourceGuardStatsEntry OBJECT-TYPE
    SYNTAX       BsSourceGuardStatsEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "An entry containing Source Guard statistics for an interface."
    INDEX { bsSourceGuardStatsIfIndex }
    ::= { bsSourceGuardStatsTable 1 }

BsSourceGuardStatsEntry ::=
    SEQUENCE {
        bsSourceGuardStatsIfIndex         InterfaceIndex,
        bsSourceGuardStatsDroppedPackets  Counter32
    }

bsSourceGuardStatsIfIndex OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The ifIndex value of the interface."
    ::= { bsSourceGuardStatsEntry 1 }

bsSourceGuardStatsDroppedPackets OBJECT-TYPE
    SYNTAX       Counter32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "The number of received packets on this interface that were dropped
         due to IP source guard filtering."
    ::= { bsSourceGuardStatsEntry 2 }

--
-- Notifications
--

bsSourceGuardReachedMaxIpEntries NOTIFICATION-TYPE
    OBJECTS {
        bsSourceGuardConfigMode
    }
    STATUS current
    DESCRIPTION
        "This notification is generated when the maximum number of IP entries
        on a port has been reached.  The port is identified by the instance of
        bssourceGuardConfigMode included in the notification."
    ::= { bsSourceGuardNotifications 1 }

bsSourceGuardCannotEnablePort NOTIFICATION-TYPE
    OBJECTS {
        bsSourceGuardConfigMode
    }
    STATUS current
    DESCRIPTION
        "This notification is generated when there are insufficient resources
        available to enable IP source guard checking on a port.  Note that this
        notification will *not* be generated as the result of a management
        operation, but rather only as a result of internal state changes
        within the system (for example, system initialization).  The port for
        which the notification is generated is identified by the instance of
        bsSourceGuardConfigMode included in the notification."
    ::= { bsSourceGuardNotifications 2 }

END

