BAYSTACK-IPV6-FIRST-HOP-SEC-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Integer32
        FROM SNMPv2-SMI
    MacAddress, TruthValue, TEXTUAL-CONVENTION, RowStatus, DisplayString
        FROM SNMPv2-TC
    bayStackMibs
        FROM SYNOPTICS-ROOT-MIB
    InterfaceIndex
        FROM IF-MIB
    Ipv6Address
        FROM IPV6-TC;

bayStackIpv6FirstHopSecMib  MODULE-IDENTITY
      LAST-UPDATED "201611030000Z"
      ORGANIZATION "Avaya"
      CONTACT-INFO "avaya.com"
      DESCRIPTION
              "This MIB module is used for IPv6 First Hop Security configuration. 
               The purpose of First Hop Security feature is to take care of the treats 
               caused by the immediate node to another immediate node attached to the same 
               First Hop Security device."

      REVISION    "201611030000Z"  -- November 3, 2016
      DESCRIPTION 
              "Ver 10:  Added objects bsIpv6FHSSourceGuardDropCount and bsIpv6FHSSourceGuardClearDropCount."

      REVISION    "201507020000Z"  -- July 02, 2015
      DESCRIPTION 
              "Ver 9:  Added value none(3) for FhsRaGuardDeviceRole and
	      	       FhsDhcpv6GuardDeviceRole.
		       Requested by Amit Choudhary (submit 24712)
		       for FHS on VOSS (Prem)."

      REVISION    "201506300000Z"  -- June 30, 2015
      DESCRIPTION 
              "Ver 8:  Added bsIpv6FHSPolicyPortMapDhcpv6gDeviceRole and
	      	       bsIpv6FHSPolicyPortMapRagDeviceRole
		       Requested by Amit Choudhary (submit 24712)
		       for FHS on VOSS (Prem)."

      REVISION    "201506090000Z"  -- June 9th, 2015
      DESCRIPTION 
              "Ver 8:  Added bsIpv6FHSTrapNotificationObjects, which consists of bsIpv6FHSTrapClientMACAddr,
                       bsIpv6FHSTrapInterfaceIndex, bsIpv6FHSTrapClientIpv6Address and bsIpv6FHSTrapVlanID.
                       Also added bsIpv6FHSTrapMsgType, bsIpv6FhsTrapPktDropReason, as well as new trap
                       notification types for FHS: bsIpv6NDNotificationSBTTableFull, bsIpv6NDNotificationUntrustedPort,
                       bsIpv6RAGuardNotification and bsIpv6DHCPGuardNotification.

                       The following objects have thus become obsolete: bsIpv6NDTrapNotificationObjects,
                       bsIpv6NDInspectionNotificationClientMACAddr, bsIpv6NDInspectionNotificationMsgType,
                       bsIpv6FHSNDInterfaceIndex, bsIpv6FHSNDIpv6Address, bsIpv6FHSNDVlanID, bsIpv6NDSBTTableFull and
                       bsIpv6NDNotificationsUntrustedPort."

      REVISION    "201504080000Z"  -- April 8, 2015
      DESCRIPTION 
              "Ver 7:  Added bsIpv6FHSSourceGuardIntfConfigTable and bsIpv6FHSSourceGuardBindingTable for Feature Ipv6 Source Guard."

      REVISION    "201403200000Z"  -- March 20, 2014
      DESCRIPTION 
              "Ver 6:  Changed the MAX-ACCESS of some indices from read-only to not-accessible."

      REVISION     "201401170000Z"  -- January 17, 2014
      DESCRIPTION
              "Ver 5: Added notification object bsIpv6FHSNDVlanID, changed trap names from
              bsIpv6SBTTableFull to bsIpv6NDSBTTableFull and from bsIpv6NDTrapNotificationUnTrustedPort
              to bsIpv6NDNotificationsUntrustedPort, extended range of bsIpv6FHSSbtVlan from 1..1094 to
              1..4094 and made minor changes in the descriptions of both bsIpv6NDSBTTableFull and
              bsIpv6NDNotificationsUntrustedPort traps. Also, both traps now have the same notification
              objects: bsIpv6NDInspectionNotificationClientMACAddr, bsIpv6NDInspectionNotificationMsgType,
              bsIpv6FHSNDInterfaceIndex, bsIpv6FHSNDIpv6Address and bsIpv6FHSNDVlanID."

      REVISION     "201311180000Z"  -- November 18, 2013
      DESCRIPTION
              "Ver 4: Added mibs for ND Inspection."

      REVISION     "201310110000Z"  -- October 11, 2013
      DESCRIPTION
              "Ver 3: Changed FhsDhcpv6GuardDeviceRole values. Added types to IMPORTS."

      REVISION     "201308200000Z"  -- August 20, 2013
      DESCRIPTION
              "Ver 2:  Extend range of bsIpv6FHSRagHopLimitMin, bsIpv6FHSRagHopLimitMax, 
               bsIpv6FHSDhcpv6gPrefLimitMin and bsIpv6FHSDhcpv6gPrefLimitMax from 1..255 to 0..255.
               Enumerations are starting from 1 instead on 0."

      REVISION     "201305270000Z"  -- May 27, 2013
      DESCRIPTION
              "Ver 1:  Initial version."
      ::= { bayStackMibs 45 }

bsIpv6FirstHopSecNotifications
    OBJECT IDENTIFIER ::= { bayStackIpv6FirstHopSecMib 0 }
bsIpv6FirstHopSecObjects
    OBJECT IDENTIFIER ::= { bayStackIpv6FirstHopSecMib 1 }


-- Start Local Definition 

FhsRaGuardDeviceRole ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
                    "A value indicating a role of ra-guard device."
    SYNTAX          INTEGER {
                        router(1),
                        host(2),
			none(3)
                    }

FhsRaManagedConfigFlag ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
                    "A value indicating ra-guard managed config flag."
    SYNTAX          INTEGER {
                        none(1),
                        on(2),
                        off(3)
                    }

FhsRaRouterPrefMax ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
                    "A value indicating ra-guard router max preference."
    SYNTAX          INTEGER {
                        none(1),
                        high(2),
                        medium(3),
                        low(4)
                    }

FhsDhcpv6GuardDeviceRole ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
                    "A value indicating dhcp-guard device role."
    SYNTAX          INTEGER {
                        server(1),
                        client(2),
                        none(3)
                    }

FhsListName ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
                    "First Hop Security list name."
    SYNTAX          DisplayString (SIZE(1..64))

FhsAccessType ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
                    "A value indicating an access-type."
    SYNTAX          INTEGER {
                        allow(1),
                        deny(2)
                    }

FhsSbtState ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
                    "A value indicating state of SBT entry"
    SYNTAX          INTEGER {
                        incomplete(1),
                        reachable(2),
                        stale(3),
                        down(4)
                    }

FhsSbtType ::= TEXTUAL-CONVENTION
    STATUS          current
    DESCRIPTION
                    "A value indicating SBT entry learn type"
    SYNTAX          INTEGER {
                        static(1),
                        nd(2),
                        dhcp(3)
                    }

-- End Local Definition 


-- Start Definition for First Hop Security scalar variable

bsIpv6FHSScalVar
    OBJECT IDENTIFIER ::= { bsIpv6FirstHopSecObjects 1 }

bsIpv6FHSAdmin OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "First Hop Security Global Admin status"
        DEFVAL          { false }
        ::= { bsIpv6FHSScalVar 1 }

bsIpv6FHSRagAdmin OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "RA guard Global Admin status"
        DEFVAL          { false }
        ::= { bsIpv6FHSScalVar 2 }

bsIpv6FHSDhcpv6gAdmin OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "DHCPv6 guard Global Admin status"
        DEFVAL          { false }
        ::= { bsIpv6FHSScalVar 3 }

bsIpv6FHSNdInspectAdmin OBJECT-TYPE
        SYNTAX          TruthValue
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "ND Inspection Global Admin status"
        DEFVAL          { false }
        ::= { bsIpv6FHSScalVar 4 }

bsIpv6FHSMaxDynSbtEntries OBJECT-TYPE
        SYNTAX          Integer32 (0..1024)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "Maximum Dynamic SBT entries allowed"
        DEFVAL          { 1024 }
        ::= { bsIpv6FHSScalVar 5 }

bsIpv6FHSSbtReachLifeTime OBJECT-TYPE
        SYNTAX          Integer32 (0..864000)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "SBT Reachable state life time in seconds starts from 30 till 86400. Configure timer as 0 will not expire this timer"
        DEFVAL          { 300 }
        ::= { bsIpv6FHSScalVar 6 }

bsIpv6FHSSbtStaleLifeTime OBJECT-TYPE
        SYNTAX          Integer32 (0..86400)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "SBT Stale state life time in seconds starts from 30 till 86400. Configure timer as 0 will not expire this timer"
        DEFVAL          { 86400 }
        ::= { bsIpv6FHSScalVar 7 }

bsIpv6FHSSbtDownLifeTime OBJECT-TYPE
        SYNTAX          Integer32 (0..86400)
        MAX-ACCESS      read-write
        STATUS          current
        DESCRIPTION     "SBT Down state life time in seconds starts from 30 till 86400. Configure timer as 0 will not expire this timer"
        DEFVAL          { 86400 }
        ::= { bsIpv6FHSScalVar 8 }

bsIpv6FHSSbtTblOverFlow OBJECT-TYPE
        SYNTAX          Counter32
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION     "SBT Table Overflow due to the maximum SBT entry restriction"
        ::= { bsIpv6FHSScalVar 9 }


-- End Definition for First Hop Security scalar variable


-- Start Definition for First Hop Security IPv6 access list 
-- This table contains list of IP Access List. With the 
-- ability to assign the range of the IP address using
-- bsIpv6FHSIpAccessListMaskLenFrom and 
-- bsIpv6FHSIpAccessListMaskLenTo variable
-- IP access list table contains the following
-- elements
--      IPv6 Access List Name
--      IPv6 Prefix
--      IPv6 Prefix Mask Len
--      IPv6 Prefix Mask Len From
--      IPv6 Prefix Mask Len To
--      Access Type (Allow or Deny)

bsIpv6FHSIpv6AccessListTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF BsIpv6FHSIpv6AccessEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Table contains the list of
                        IPv6 Access List used for Frist 
                        Hop Security Feature."
        ::= { bsIpv6FirstHopSecObjects 2 }

bsIpv6FHSIpv6AccessListEntry OBJECT-TYPE
        SYNTAX          BsIpv6FHSIpv6AccessEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Entry contains the list of
                        IPv6 Access List used for Frist 
                        Hop Security Feature."
        INDEX           { bsIpv6FHSIpv6AccessListName,  
                          bsIpv6FHSIpv6AccessListPrefix, 
                          bsIpv6FHSIpv6AccessListPrefixMaskLen}
        ::= { bsIpv6FHSIpv6AccessListTable 1 }

BsIpv6FHSIpv6AccessEntry ::=
        SEQUENCE {
                     bsIpv6FHSIpv6AccessListName          FhsListName,
                     bsIpv6FHSIpv6AccessListPrefix        Ipv6Address,
                     bsIpv6FHSIpv6AccessListPrefixMaskLen Integer32,
                     bsIpv6FHSIpv6AccessListMaskLenFrom   Integer32,
                     bsIpv6FHSIpv6AccessListMaskLenTo     Integer32,
                     bsIpv6FHSIpv6AccessListAccessType    FhsAccessType,
                     bsIpv6FHSIpv6AccessListRowStatus     RowStatus 
        }

bsIpv6FHSIpv6AccessListName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "IPv6 Access List Name"
        ::= { bsIpv6FHSIpv6AccessListEntry 1 }

bsIpv6FHSIpv6AccessListPrefix OBJECT-TYPE
        SYNTAX        Ipv6Address
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "IPv6 Prefix attached to this IPv6 access list Id"
        ::= { bsIpv6FHSIpv6AccessListEntry 2 }

bsIpv6FHSIpv6AccessListPrefixMaskLen OBJECT-TYPE
        SYNTAX        Integer32 (0..128)
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "IPv6 Prefix mask length attached to this IPv6 access list Id"
        ::= { bsIpv6FHSIpv6AccessListEntry 3 }

bsIpv6FHSIpv6AccessListMaskLenFrom OBJECT-TYPE
        SYNTAX        Integer32 (0..128)
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "IPv6 Prefix mask length range from"
        DEFVAL          { 0 }
        ::= { bsIpv6FHSIpv6AccessListEntry 4 }

bsIpv6FHSIpv6AccessListMaskLenTo OBJECT-TYPE
        SYNTAX        Integer32 (0..128)
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "IPv6 Prefix mask length range to"
        DEFVAL          { 0 }
        ::= { bsIpv6FHSIpv6AccessListEntry 5 }

bsIpv6FHSIpv6AccessListAccessType OBJECT-TYPE
        SYNTAX        FhsAccessType
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "IPv6 IP Access Type
                       Allow or Deny"
        DEFVAL          { allow }
        ::= { bsIpv6FHSIpv6AccessListEntry 6 }

bsIpv6FHSIpv6AccessListRowStatus OBJECT-TYPE
        SYNTAX        RowStatus
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "IPv6 IP Access List row status"
        ::= { bsIpv6FHSIpv6AccessListEntry 7 }

-- End Definition for First Hop Security IPv6 access list 


-- Start Definition for First Hop Security MAC access list 
-- This table contains list of
--     MAC list name
--     MAC Addresses
--     MAC Access Type (Allow or Deny)

bsIpv6FHSMacAccessListTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF BsIpv6FHSMacAccessEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Table contains the list of
                        MAC Access List used for Frist 
                        Hop Security Feature."
        ::= { bsIpv6FirstHopSecObjects 3 }

bsIpv6FHSMacAccessListEntry OBJECT-TYPE
        SYNTAX          BsIpv6FHSMacAccessEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Entry contains the list of
                        MAC Access List used for Frist 
                        Hop Security Feature."
        INDEX           { bsIpv6FHSMacAccessListName,  
                          bsIpv6FHSMacAccessListMac }
        ::= { bsIpv6FHSMacAccessListTable 3 }

BsIpv6FHSMacAccessEntry ::= 
        SEQUENCE {
                     bsIpv6FHSMacAccessListName          FhsListName,
                     bsIpv6FHSMacAccessListMac           MacAddress,
                     bsIpv6FHSMacAccessListAccessType    FhsAccessType,
                     bsIpv6FHSMacAccessListRowStatus     RowStatus 
        }

bsIpv6FHSMacAccessListName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "MAC Access List Name"
        ::= { bsIpv6FHSMacAccessListEntry 1 }

bsIpv6FHSMacAccessListMac OBJECT-TYPE
        SYNTAX        MacAddress
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "MAC address attached to this MAC access list Id"
        ::= { bsIpv6FHSMacAccessListEntry 2 }

bsIpv6FHSMacAccessListAccessType OBJECT-TYPE
        SYNTAX        FhsAccessType
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "MAC Access Type
                       Allow or Deny"
        DEFVAL          { allow }
        ::= { bsIpv6FHSMacAccessListEntry 3 }

bsIpv6FHSMacAccessListRowStatus OBJECT-TYPE
        SYNTAX        RowStatus
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "MAC Access List row status"
        ::= { bsIpv6FHSMacAccessListEntry 4 }

-- End Definition for First Hop Security MAC access list


-- Start Definition for First Hop Security - port Vs policy mapping
--  This table consist of the mapping between physical port and 
--  different First Hop Security policy name
--
--  At present there would be RA-guard and DHCP-guard per interface
--  This Table consists of 
--      interface index
--      DHCPv6-guard policy name - BsIpv6FHSDhcpv6gPolicyEntry
--      RA-guard policy name - BsIpv6FHSRagPolicyEntry
--      ND-inspection Enable/Disable
--      SBT dynamic learning Enable/Disable
--      DHCPv6 Packet Received
--      DHCPv6 dropped due to the FHS security 
--      RA Packet Received
--      RA Packet dropped due to the FHS security
--      ND Packet Received
--      ND Packet dropped due to the FHS security
--      Clear Stats for DHCPv6 counters 
--      Clear Stats for RA counters
--      Clear Stats for ND counters

bsIpv6FHSPolicyPortMapTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF BsIpv6FHSPolicyPortMapEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Table contains the list of
                        First Hop security Policies  
                        attached to the interface."
        ::= { bsIpv6FirstHopSecObjects 4 }

bsIpv6FHSPolicyPortMapEntry OBJECT-TYPE
        SYNTAX          BsIpv6FHSPolicyPortMapEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Entry contains the list of
                        First Hop security Policies  
                        attached to the interface."
        INDEX           { bsIpv6FHSPolicyPortMapIfIndex} 
        ::= { bsIpv6FHSPolicyPortMapTable 1 }

BsIpv6FHSPolicyPortMapEntry ::= 
        SEQUENCE {                
                     bsIpv6FHSPolicyPortMapIfIndex                  InterfaceIndex,
                     bsIpv6FHSPolicyPortMapDhcpv6gPolicyName        FhsListName,
                     bsIpv6FHSPolicyPortMapRagPolicyName            FhsListName,
                     bsIpv6FHSPolicyPortMapNDAdmin                  TruthValue,
                     bsIpv6FHSPolicyPortMapSbtDynLearnAdmin         TruthValue,
                     bsIpv6FHSPolicyPortMapTotDhcpv6PktRcv          Counter32,
                     bsIpv6FHSPolicyPortMapTotDhcpv6PktDropped      Counter32,
                     bsIpv6FHSPolicyPortMapTotRaPktRcv              Counter32,
                     bsIpv6FHSPolicyPortMapTotRaPktDropped          Counter32,
                     bsIpv6FHSPolicyPortMapTotNdPktRcv              Counter32,
                     bsIpv6FHSPolicyPortMapTotNdPktDropped          Counter32,
                     bsIpv6FHSPolicyPortMapClearDhcpGuardStats      TruthValue,
                     bsIpv6FHSPolicyPortMapClearRaGuardStats        TruthValue,
                     bsIpv6FHSPolicyPortMapClearNDInspectStats      TruthValue,
                     bsIpv6FHSPolicyPortMapRowStatus                RowStatus,
		     bsIpv6FHSPolicyPortMapDhcpv6gDeviceRole        FhsDhcpv6GuardDeviceRole,
		     bsIpv6FHSPolicyPortMapRagDeviceRole            FhsRaGuardDeviceRole 
        }
 
bsIpv6FHSPolicyPortMapIfIndex OBJECT-TYPE
        SYNTAX        InterfaceIndex
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "Interface index number"
        ::= { bsIpv6FHSPolicyPortMapEntry 1 }

bsIpv6FHSPolicyPortMapDhcpv6gPolicyName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "DHCPv6 guard policy name"
        ::= { bsIpv6FHSPolicyPortMapEntry 2 }

bsIpv6FHSPolicyPortMapRagPolicyName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "RA guard policy name"
        ::= { bsIpv6FHSPolicyPortMapEntry 3 }

bsIpv6FHSPolicyPortMapNDAdmin OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "Enable/Disable ND-inspection"
        DEFVAL         { false } 
        ::= { bsIpv6FHSPolicyPortMapEntry 4 }

bsIpv6FHSPolicyPortMapSbtDynLearnAdmin OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "Enable/Disable learning dynamic SBT entry"
        DEFVAL         { true } 
        ::= { bsIpv6FHSPolicyPortMapEntry 5 }


bsIpv6FHSPolicyPortMapTotDhcpv6PktRcv OBJECT-TYPE
        SYNTAX        Counter32
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "Total Number of Dhcpv6 
                       packets Received"
        ::= { bsIpv6FHSPolicyPortMapEntry 6 }

bsIpv6FHSPolicyPortMapTotDhcpv6PktDropped OBJECT-TYPE
        SYNTAX        Counter32
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "Total Number of Dhcpv6 
                       packets dropped"
        ::= { bsIpv6FHSPolicyPortMapEntry 7 }

bsIpv6FHSPolicyPortMapTotRaPktRcv OBJECT-TYPE
        SYNTAX        Counter32
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "Total Number of RA 
                       packets Received"
        ::= { bsIpv6FHSPolicyPortMapEntry 8 }

bsIpv6FHSPolicyPortMapTotRaPktDropped OBJECT-TYPE
        SYNTAX        Counter32
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "Total Number of RA 
                       packets dropped"
        ::= { bsIpv6FHSPolicyPortMapEntry 9 }

bsIpv6FHSPolicyPortMapTotNdPktRcv OBJECT-TYPE
        SYNTAX        Counter32
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "Total Number of ND Packets Received"
        ::= { bsIpv6FHSPolicyPortMapEntry 10 }

bsIpv6FHSPolicyPortMapTotNdPktDropped OBJECT-TYPE
        SYNTAX        Counter32
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "Total Number of ND Packets Dropped"
        ::= { bsIpv6FHSPolicyPortMapEntry 11 }

bsIpv6FHSPolicyPortMapClearDhcpGuardStats OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "First Hop security clear stats: 
                       bsIpv6FHSPolicyPortMapTotDhcpv6PktRcv and
                       bsIpv6FHSPolicyPortMapTotDhcpv6PktDropped"
        DEFVAL         { false } 
        ::= { bsIpv6FHSPolicyPortMapEntry 12 }

bsIpv6FHSPolicyPortMapClearRaGuardStats OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "First Hop security clear stats: 
                       bsIpv6FHSPolicyPortMapTotRaPktRcv and
                       bsIpv6FHSPolicyPortMapTotRaPktDropped"
        DEFVAL         { false } 
        ::= { bsIpv6FHSPolicyPortMapEntry 13 }

bsIpv6FHSPolicyPortMapClearNDInspectStats OBJECT-TYPE
        SYNTAX        TruthValue
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "First Hop security clear stats: 
                       bsIpv6FHSPolicyPortMapTotNdPktRcv, 
                       bsIpv6FHSPolicyPortMapTotNdPktDropped and
                       bsIpv6FHSPolicyPortMapTotSbtEntDropped "
        DEFVAL         { false } 
        ::= { bsIpv6FHSPolicyPortMapEntry 14 }

bsIpv6FHSPolicyPortMapRowStatus OBJECT-TYPE
        SYNTAX        RowStatus
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "First Hop security row status"
        ::= { bsIpv6FHSPolicyPortMapEntry 15 }

bsIpv6FHSPolicyPortMapDhcpv6gDeviceRole OBJECT-TYPE
        SYNTAX        FhsDhcpv6GuardDeviceRole
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the device role of the received port. If 
	    	       the device role is client and if it receives DHCPv6 
		       reply then those packets should be dropped.
                       This object is currently used in VOSS platforms only
                       and is equivalent to bsIpv6FHSDhcpv6gDeviceRole object
                       in other platforms."
        DEFVAL        { server } 
        ::= { bsIpv6FHSPolicyPortMapEntry 16 }

bsIpv6FHSPolicyPortMapRagDeviceRole OBJECT-TYPE
        SYNTAX        FhsRaGuardDeviceRole
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the device role to the received port. If the 
		       device role is host and if it receives RAs then those
		       packets should be dropped.
		       This object is currently used in VOSS platforms only 
		       and is equivalent to bsIpv6FHSRagDeviceRole object 
		       in other platforms."
        DEFVAL        { router } 
        ::= { bsIpv6FHSPolicyPortMapEntry 17 }

-- End Definition for First Hop Security port Vs policy mapping


-- Start Definition for First Hop Security DHCPv6-guard-policy 
-- This table contains DHCPv6-guard Policy List
-- Informations are
--     policy-name
--     device-role
--     server-acces-list  - BsIpv6FHSIpAccessEntry
--     Relay-access-list  - BsIpv6FHSIpAccessEntry
--     Router-Pref-lim-min
--     Router-pref-lim-max


bsIpv6FHSDhcpv6gPolicyListTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF BsIpv6FHSDhcpv6gPolicyEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Table contains the list of
                        DHCPv6 guard Policies used for 
                        Hop Security Feature."
        ::= { bsIpv6FirstHopSecObjects 5 }

bsIpv6FHSDhcpv6gPolicyListEntry OBJECT-TYPE
        SYNTAX          BsIpv6FHSDhcpv6gPolicyEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Entry contains the list of
                        DHCPv6 guard Policies used for 
                        Hop Security Feature."
        INDEX           { bsIpv6FHSDhcpv6gPolicyName}
        ::= { bsIpv6FHSDhcpv6gPolicyListTable 1 }

BsIpv6FHSDhcpv6gPolicyEntry ::= 
        SEQUENCE {
                     bsIpv6FHSDhcpv6gPolicyName           FhsListName,
                     bsIpv6FHSDhcpv6gDeviceRole           FhsDhcpv6GuardDeviceRole,
                     bsIpv6FHSDhcpv6gServerAccessListName FhsListName,
                     bsIpv6FHSDhcpv6gReplyPrefixListName  FhsListName,
                     bsIpv6FHSDhcpv6gPrefLimitMin         Integer32,
                     bsIpv6FHSDhcpv6gPrefLimitMax         Integer32,
                     bsIpv6FHSDhcpv6gPolicyListRowStatus  RowStatus 
        }


bsIpv6FHSDhcpv6gPolicyName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "This is the DHCPv6
                       guard Policy Name"
        ::= { bsIpv6FHSDhcpv6gPolicyListEntry 1 }

bsIpv6FHSDhcpv6gDeviceRole OBJECT-TYPE
        SYNTAX        FhsDhcpv6GuardDeviceRole
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the device role of
                       the received port. If the
                       device role is client and if
                       it receives DHCPv6 reply then
                       those packets should be
                       dropped"
        ::= { bsIpv6FHSDhcpv6gPolicyListEntry 2 }

bsIpv6FHSDhcpv6gServerAccessListName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the IPv6 access list which
                       will be validating source
                       IPv6 address of the DHCPv6 Reply
                       packet from the server"
        ::= { bsIpv6FHSDhcpv6gPolicyListEntry 3 }

bsIpv6FHSDhcpv6gReplyPrefixListName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "Validate the prefix 
                       information in the DHCPv6
                       reply against the configured 
                       reply prefix list. "
        ::= { bsIpv6FHSDhcpv6gPolicyListEntry 4 }

bsIpv6FHSDhcpv6gPrefLimitMin OBJECT-TYPE
        SYNTAX        Integer32 (0..255)
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is check against the
                       DHCPv6 server / relay 
                       router preference. If
                       the received router
                       preference is less
                       than the configured 
                       router preference than
                       drop the packet"
        ::= { bsIpv6FHSDhcpv6gPolicyListEntry 5 }

bsIpv6FHSDhcpv6gPrefLimitMax OBJECT-TYPE
        SYNTAX        Integer32 (0..255)
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is check against the
                       DHCPv6 server / relay 
                       router preference. If
                       the received router
                       preference is greater
                       than the configured 
                       router preference than
                       drop the packet"
        ::= { bsIpv6FHSDhcpv6gPolicyListEntry 6 }

bsIpv6FHSDhcpv6gPolicyListRowStatus OBJECT-TYPE
        SYNTAX        RowStatus
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "DHCPv6 guard policy row status"
        ::= { bsIpv6FHSDhcpv6gPolicyListEntry 7 }

-- End Definition for First Hop Security DHCPv6-guard-policy


-- Start Definition for First Hop Security RA-guard-policy
-- This table contains RA guard Policy List
-- Information is
--     policy-name
--     device-role
--     ipacces-list    - BsIpv6FHSIpAccessEntry
--     ip-prefix-name  - BsIpv6FHSIpAccessEntry
--     mac-list-name   - BsIpv6FHSMacAccessEntry
--     manage-config-flag
--     ra-router-pref-max
--     ra-router-pref-max
--     router pref Max

bsIpv6FHSRagPolicyListTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF BsIpv6FHSRagPolicyEntry
        MAX-ACCESS          not-accessible
        STATUS          current
        DESCRIPTION     "Table contains the list of
                        RA guard Policies used for 
                        Hop Security Feature."
        ::= { bsIpv6FirstHopSecObjects 6 }

bsIpv6FHSRagPolicyListEntry OBJECT-TYPE
        SYNTAX          BsIpv6FHSRagPolicyEntry
        MAX-ACCESS          not-accessible
        STATUS          current
        DESCRIPTION     "Entry contains the list of
                        RA guard Policies used for 
                        Hop Security Feature."
        INDEX           { bsIpv6FHSRagPolicyName}
        ::= { bsIpv6FHSRagPolicyListTable 1 }

BsIpv6FHSRagPolicyEntry ::= 
        SEQUENCE {
                     bsIpv6FHSRagPolicyName               FhsListName,
                     bsIpv6FHSRagDeviceRole               FhsRaGuardDeviceRole,
                     bsIpv6FHSRagIpv6AccessListName       FhsListName,
                     bsIpv6FHSRagIpv6PrefixListName       FhsListName,
                     bsIpv6FHSRagMacListName              FhsListName,
                     bsIpv6FHSRagManagedConfigFlag        FhsRaManagedConfigFlag,
                     bsIpv6FHSRagRouterPrefMax            FhsRaRouterPrefMax,
                     bsIpv6FHSRagHopLimitMin              Integer32,
                     bsIpv6FHSRagHopLimitMax              Integer32,
                     bsIpv6FHSRagPolicyListRowStatus      RowStatus 
        }

bsIpv6FHSRagPolicyName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "RA guard policy Name"
        ::= { bsIpv6FHSRagPolicyListEntry 1 }

bsIpv6FHSRagDeviceRole OBJECT-TYPE
        SYNTAX        FhsRaGuardDeviceRole
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the device role to
                       be checked against"
        DEFVAL        { router } 
        ::= { bsIpv6FHSRagPolicyListEntry 2 }

bsIpv6FHSRagIpv6AccessListName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the IPv6 access list which
                       will be validating the source
                       IPv6 address of the RA packet"
        ::= { bsIpv6FHSRagPolicyListEntry 3 }

bsIpv6FHSRagIpv6PrefixListName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the IPv6 access list which
                       will be validating the Prefix
                       present in the RA packet"
        ::= { bsIpv6FHSRagPolicyListEntry 4 }

bsIpv6FHSRagMacListName OBJECT-TYPE
        SYNTAX        FhsListName
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the MAC access list which
                       will be validating the source
                       MAC of the received RA packet"
        ::= { bsIpv6FHSRagPolicyListEntry 5 }

bsIpv6FHSRagManagedConfigFlag OBJECT-TYPE
        SYNTAX        FhsRaManagedConfigFlag
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "In the RA packets, there is an M flag
                      (Managed Address configuration Flag) 
                      which is set indicating that the address
                      assignments are available via DHCPv6. 
                      This means that DHCPv6 would take care
                      of the interface address assignment
                      in that LAN segment. If filtering policy
                      is enabled then all the RA packets with 
                      M flag not set will be dropped. 
                      By default this check will be ignored"

        ::= { bsIpv6FHSRagPolicyListEntry 6 }

bsIpv6FHSRagRouterPrefMax OBJECT-TYPE
        SYNTAX        FhsRaRouterPrefMax
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "In the RA packet there is router 
                       preference information is available
                       in the Flags. This could be HIGH
                       or LOW or MEDIUM. This filtering
                       policy option would verify that
                       the advertised default router
                       preference parameter value is lower
                       than or equal to a specified limit"
        DEFVAL          { none }
        ::= { bsIpv6FHSRagPolicyListEntry 7 }

bsIpv6FHSRagHopLimitMin OBJECT-TYPE
        SYNTAX        Integer32 (0..255)
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the minimum value check for
                       the hop limit value present in the
                       RA packet. If the value is less
                       than configured minimum value then drop
                       the RA packet"
        DEFVAL         { 0 }
        ::= { bsIpv6FHSRagPolicyListEntry 8 }

bsIpv6FHSRagHopLimitMax OBJECT-TYPE
        SYNTAX        Integer32 (0..255)
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "This is the maximum value check for
                       the hop limit value present in the
                       RA packet. If the value is greater
                       than configured maximum value then drop
                       the RA packet"
        DEFVAL         { 0 }
        ::= { bsIpv6FHSRagPolicyListEntry 9 }

bsIpv6FHSRagPolicyListRowStatus OBJECT-TYPE
        SYNTAX        RowStatus
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "RA guard policy row status"
        ::= { bsIpv6FHSRagPolicyListEntry 10 }

-- End Definition for First Hop Security RA-guard-policy

-- Start Definition for First Hop Security Security Binding Table (FHSSBT) 
-- This table contains list of SBT entries. 
-- SBT Table contains the following elements
--      Interface Index (unit/port)
--      Vlan ID
--      Source IPv6 Address
--      Link Layer Address
--      SBT Entry Type
--      SBT Entry Priority
--      SBT Entry State
--      SBT Entry Age in seconds


bsIpv6FHSSbtTable OBJECT-TYPE
        SYNTAX          SEQUENCE OF BsIpv6FHSSbtEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Table contains the list of
                        SBT entries learnt 
                        Dynamically and statically
                        configure."
        ::= { bsIpv6FirstHopSecObjects 7 }

bsIpv6FHSSbtListEntry OBJECT-TYPE
        SYNTAX          BsIpv6FHSSbtEntry
        MAX-ACCESS      not-accessible
        STATUS          current
        DESCRIPTION     "Entry contains the list of
                        SBT entries."
        INDEX           { bsIpv6FHSSbtInterfaceIndex,  
                          bsIpv6FHSSbtVlan, 
                          bsIpv6FHSSbtSrcIp}
        ::= { bsIpv6FHSSbtTable 1 }

BsIpv6FHSSbtEntry ::=
        SEQUENCE {
                     bsIpv6FHSSbtInterfaceIndex          InterfaceIndex,
                     bsIpv6FHSSbtVlan                    Integer32,
                     bsIpv6FHSSbtSrcIp                   Ipv6Address,
                     bsIpv6FHSSbtLinkLayerAddress        MacAddress,
                     bsIpv6FHSSbtLearnType               FhsSbtType,
                     bsIpv6FHSSbtLearnPriority           Integer32,
                     bsIpv6FHSSbtLearnState              FhsSbtState,
                     bsIpv6FHSSbtLearnAge                Integer32,
                     bsIpv6FHSSbtRowStatus               RowStatus 
        }

bsIpv6FHSSbtInterfaceIndex OBJECT-TYPE
        SYNTAX        InterfaceIndex
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "Derive unit and port number from this ifindex"
        ::= { bsIpv6FHSSbtListEntry 1 }

bsIpv6FHSSbtVlan OBJECT-TYPE
        SYNTAX        Integer32 (1..4094)
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "VLAN"
        ::= { bsIpv6FHSSbtListEntry 2 }

bsIpv6FHSSbtSrcIp OBJECT-TYPE
        SYNTAX        Ipv6Address
        MAX-ACCESS    not-accessible
        STATUS        current
        DESCRIPTION   "Source IPv6 Address"
        ::= { bsIpv6FHSSbtListEntry 3 }

bsIpv6FHSSbtLinkLayerAddress OBJECT-TYPE
        SYNTAX        MacAddress
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "Link Layer MAC address"
        ::= { bsIpv6FHSSbtListEntry 4 }

bsIpv6FHSSbtLearnType OBJECT-TYPE
        SYNTAX        FhsSbtType
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "SBT Entry Type"
        ::= { bsIpv6FHSSbtListEntry 5 }

bsIpv6FHSSbtLearnPriority OBJECT-TYPE
        SYNTAX        Integer32
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "SBT Entry priority"
        ::= { bsIpv6FHSSbtListEntry 6 }

bsIpv6FHSSbtLearnState OBJECT-TYPE
        SYNTAX        FhsSbtState
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "SBT Entry state"
        ::= { bsIpv6FHSSbtListEntry 7 }

bsIpv6FHSSbtLearnAge OBJECT-TYPE
        SYNTAX        Integer32
        MAX-ACCESS    read-only
        STATUS        current
        DESCRIPTION   "Time Elapsed after being in this state"
        ::= { bsIpv6FHSSbtListEntry 8 }

bsIpv6FHSSbtRowStatus OBJECT-TYPE
        SYNTAX        RowStatus
        MAX-ACCESS    read-write
        STATUS        current
        DESCRIPTION   "SBT entry row status"
        ::= { bsIpv6FHSSbtListEntry 9 }

-- End Definition for First Hop Security SBT table

-- Start Definition for First Hop Security Source Guard Interface Configuration

bsIpv6FHSSourceGuardInterfaceConfigTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF BsIpv6FHSSourceGuardInterfaceConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
                "IPv6 Source Guard Interface table."
    ::= { bsIpv6FirstHopSecObjects 9 }

bsIpv6FHSSourceGuardInterfaceConfigEntry OBJECT-TYPE
    SYNTAX      BsIpv6FHSSourceGuardInterfaceConfigEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
                "An entry of this table."
    INDEX       { bsIpv6FHSSourceGuardIfIndex }
    ::= { bsIpv6FHSSourceGuardInterfaceConfigTable 1 }

BsIpv6FHSSourceGuardInterfaceConfigEntry ::=
    SEQUENCE {
            bsIpv6FHSSourceGuardIfIndex            InterfaceIndex,
            bsIpv6FHSSourceGuardInterfaceState     TruthValue,
            bsIpv6FHSSourceGuardMaxAddr            Integer32,
            bsIpv6FHSSourceGuardOverflowCount      Counter32,
            bsIpv6FHSSourceGuardClearOverflowCount TruthValue,
            bsIpv6FHSSourceGuardDropCount          Counter32,
            bsIpv6FHSSourceGuardClearDropCount     TruthValue
	  }               
	
bsIpv6FHSSourceGuardIfIndex   OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
                "Interface index number."
    ::= { bsIpv6FHSSourceGuardInterfaceConfigEntry 1}

bsIpv6FHSSourceGuardInterfaceState OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
                 "IPv6 Source Guard Admin state of an interface."
    DEFVAL  { false }
    ::= { bsIpv6FHSSourceGuardInterfaceConfigEntry 2 }

bsIpv6FHSSourceGuardMaxAddr OBJECT-TYPE
    SYNTAX      Integer32(2..10)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
                "Maximum allowed IPv6 Source Addresses on an interface."
    DEFVAL  { 4 }
    ::= { bsIpv6FHSSourceGuardInterfaceConfigEntry 3 }

bsIpv6FHSSourceGuardOverflowCount OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
                "Number of times the SBT entries could not be added 
				 to the allowed list."
    ::= { bsIpv6FHSSourceGuardInterfaceConfigEntry 4 }

bsIpv6FHSSourceGuardClearOverflowCount OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
                "This object clears counter object bsIpv6FHSSourceGuardOverflowCount."
    ::= { bsIpv6FHSSourceGuardInterfaceConfigEntry 5 }

bsIpv6FHSSourceGuardDropCount  OBJECT-TYPE
    SYNTAX      Counter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
                "Number of dropped packets per port of source guard."
    ::= { bsIpv6FHSSourceGuardInterfaceConfigEntry 6 }

bsIpv6FHSSourceGuardClearDropCount  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
                "This object clears counter object: bsIpv6FHSSourceGuardDropCount."
    ::= { bsIpv6FHSSourceGuardInterfaceConfigEntry 7 }

-- End Definition for First Hop Security Source Guard Interface Config

-- Start Definition for First Hop Security IPv6 Source Guard binding table
-- This table consists of the IPv6 binding entries for each port
    -- interface index
    -- IPv6 address

bsIpv6FHSSourceGuardBindingTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF BsIpv6FHSSourceGuardBindingEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
                "List of IPv6 Source Guard binding entries for each 
			     Source Guard enabled interface."
    ::= { bsIpv6FirstHopSecObjects 10 }

bsIpv6FHSSourceGuardBindingEntry OBJECT-TYPE
    SYNTAX      BsIpv6FHSSourceGuardBindingEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
                "An entry of this table."
    INDEX
             { bsIpv6FHSSourceGuardEntryIfIndex,
               bsIpv6FHSSourceGuardEntryIpv6Addr }
    ::= { bsIpv6FHSSourceGuardBindingTable 1 }

BsIpv6FHSSourceGuardBindingEntry ::=	
    SEQUENCE    {
        bsIpv6FHSSourceGuardEntryIfIndex    InterfaceIndex,
        bsIpv6FHSSourceGuardEntryIpv6Addr   Ipv6Address
    }

bsIpv6FHSSourceGuardEntryIfIndex OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
                "Interface index number."
    ::= { bsIpv6FHSSourceGuardBindingEntry 1 }

bsIpv6FHSSourceGuardEntryIpv6Addr	OBJECT-TYPE
    SYNTAX      Ipv6Address
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
                "IPv6 address allowed on the interface."
    ::= { bsIpv6FHSSourceGuardBindingEntry 2 }

-- End Definition for First Hop Security Source Guard Interface Config

-- ============================================================================
-- Notification Objects
-- ============================================================================

-- Obsoleted Definitions - Objects

bsIpv6NDTrapNotificationObjects
    OBJECT IDENTIFIER ::= { bsIpv6FirstHopSecObjects 8 }


bsIpv6NDInspectionNotificationClientMACAddr  OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      obsolete
    DESCRIPTION
        "This value indicates the source MAC Address of a dropped ND inspection packet."
    ::= { bsIpv6NDTrapNotificationObjects 1 }


bsIpv6NDInspectionNotificationMsgType  OBJECT-TYPE
    SYNTAX      INTEGER {
                    ipv6NDNS(1),
                    ipv6NDNA(2),
                    ipv6NDRS(3),
                    ipv6NDRA(4),
                    ipv6NDRedir(5)                
                }
    MAX-ACCESS  accessible-for-notify
    STATUS      obsolete
    DESCRIPTION
        "This value indicates the message type of a dropped ND packet."
    ::= { bsIpv6NDTrapNotificationObjects 2 }

bsIpv6FHSNDInterfaceIndex  OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  accessible-for-notify
    STATUS      obsolete
    DESCRIPTION
        "This value indicates the unit and port number of a dropped ND inspection packet."
    ::= { bsIpv6NDTrapNotificationObjects 3 }

bsIpv6FHSNDIpv6Address OBJECT-TYPE
     SYNTAX      Ipv6Address
     MAX-ACCESS  accessible-for-notify
     STATUS      obsolete
     DESCRIPTION
        "This value indicates the Ipv6 source address of a dropped ND inspection packet."
   ::= { bsIpv6NDTrapNotificationObjects 4 }

bsIpv6FHSNDVlanID OBJECT-TYPE
     SYNTAX      Integer32 (1..4094)
     MAX-ACCESS  accessible-for-notify
     STATUS      obsolete
     DESCRIPTION
        "This value indicates the Vlan ID of a dropped ND inspection packet."
   ::= { bsIpv6NDTrapNotificationObjects 5 }

-- End of Obsoleted Definitions - Objects

bsIpv6FHSTrapNotificationObjects
    OBJECT IDENTIFIER ::= { bsIpv6FirstHopSecObjects 11 }


bsIpv6FHSTrapClientMACAddr  OBJECT-TYPE
    SYNTAX      MacAddress
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This value indicates the source MAC Address of a dropped ND/RS/RA/DHCP packet."
    ::= { bsIpv6FHSTrapNotificationObjects 1 }


bsIpv6FHSTrapInterfaceIndex  OBJECT-TYPE
    SYNTAX      InterfaceIndex
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This value indicates the unit and port number of a dropped ND/RS/RA/DHCP inspection packet."
    ::= { bsIpv6FHSTrapNotificationObjects 2 }

bsIpv6FHSTrapClientIpv6Address OBJECT-TYPE
     SYNTAX      Ipv6Address
     MAX-ACCESS  accessible-for-notify
     STATUS      current
     DESCRIPTION
        "This value indicates the Ipv6 source address of a dropped ND/RS/RA/DHCP inspection packet."
   ::= { bsIpv6FHSTrapNotificationObjects 3 }

bsIpv6FHSTrapVlanID OBJECT-TYPE
     SYNTAX      Integer32 (1..4094)
     MAX-ACCESS  accessible-for-notify
     STATUS      current
     DESCRIPTION
        "This value indicates the Vlan ID of a dropped ND/RS/RA/DHCP inspection packet."
   ::= { bsIpv6FHSTrapNotificationObjects 4 }

bsIpv6FHSTrapMsgType  OBJECT-TYPE
    SYNTAX      INTEGER {
                    ipv6NDNS(1),
                    ipv6NDNA(2),
                    ipv6NDRS(3),
                    ipv6NDRA(4),
                    ipv6NDRedir(5),
		    ipv6DHCPReq(6),
		    ipv6DHCPReply(7)
                }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This value indicates the message type of a dropped ND/RS/RA/DHCP packet."
    ::= { bsIpv6FHSTrapNotificationObjects 5 }

bsIpv6FhsTrapPktDropReason 	OBJECT-TYPE
    SYNTAX      INTEGER {
		    ipv6PortRoleMismatch(1),
		    ipv6MacMismatch(2),
		    ipv6PrefixMismatch(3),
		    ipv6IpMismatch(4),
		    ipv6ManagedFlagMismatch(5),
		    ipv6RouterPrefMismatch(6),
		    ipv6HopLimitMismatch(7),
		    ipv6LenMismatch(8)
                }
    MAX-ACCESS  accessible-for-notify
    STATUS      current
    DESCRIPTION
        "This value indicates reason for dropped packet in FHS."
    ::= { bsIpv6FHSTrapNotificationObjects 6}

--
-- Notifications
--

-- Obsoleted Definitions - Notifications

bsIpv6NDSBTTableFull NOTIFICATION-TYPE
    OBJECTS {
        bsIpv6NDInspectionNotificationClientMACAddr,
        bsIpv6NDInspectionNotificationMsgType,
        bsIpv6FHSNDInterfaceIndex,
        bsIpv6FHSNDIpv6Address,
        bsIpv6FHSNDVlanID
    }
    STATUS obsolete
    DESCRIPTION
        "This notification is generated when an attempt is made to add a new
        SBT entry when the Secure Binding Table is full.  The value of
        bsIpv6NDInspectionNotificationClientMACAddr represents the MAC address that
        could not be added to the SBT table.  This notification also
        indicates that additional packets will not be added to
        the SBT and will be dropped."
    ::= { bsIpv6FirstHopSecNotifications 1 }



bsIpv6NDNotificationsUntrustedPort NOTIFICATION-TYPE
    OBJECTS {
        bsIpv6NDInspectionNotificationClientMACAddr,
        bsIpv6NDInspectionNotificationMsgType,
        bsIpv6FHSNDInterfaceIndex,
        bsIpv6FHSNDIpv6Address,
        bsIpv6FHSNDVlanID
    }
    STATUS obsolete
    DESCRIPTION
        "This notification is generated when an ND message is suspected
         to be generated by the untrusted system/host."
    ::= { bsIpv6FirstHopSecNotifications 2 }

-- End of Obsoleted Definitions - Notifications

bsIpv6NDNotificationSBTTableFull NOTIFICATION-TYPE
    OBJECTS {
        bsIpv6FHSTrapClientMACAddr,
	bsIpv6FHSTrapClientIpv6Address,
        bsIpv6FHSTrapMsgType,
        bsIpv6FHSTrapInterfaceIndex,
        bsIpv6FHSTrapVlanID 
    }
    STATUS current
    DESCRIPTION
        "This notification is generated when an attempt is made to add a new
        SBT entry when the Secure Binding Table is full.  The value of
        bsIpv6NDInspectionNotificationClientMACAddr represents the MAC address that
        could not be added to the SBT table.  This notification also
        indicates that additional packets will not be added to
        the SBT and will be dropped."
    ::= { bsIpv6FirstHopSecNotifications 3 }



bsIpv6NDNotificationUntrustedPort       NOTIFICATION-TYPE
    OBJECTS {
        bsIpv6FHSTrapClientMACAddr,
	bsIpv6FHSTrapClientIpv6Address,
        bsIpv6FHSTrapMsgType,
        bsIpv6FHSTrapInterfaceIndex,
        bsIpv6FHSTrapVlanID 
    }
    STATUS current
    DESCRIPTION
        "This notification is generated when an ND message is suspected
         to be generated by the untrusted system/host."
    ::= { bsIpv6FirstHopSecNotifications 4 }


bsIpv6RAGuardNotification	NOTIFICATION-TYPE
	OBJECTS {
		bsIpv6FHSTrapClientMACAddr,
        	bsIpv6FHSTrapClientIpv6Address,
		bsIpv6FHSTrapMsgType,
        	bsIpv6FHSTrapInterfaceIndex,
        	bsIpv6FHSTrapVlanID,
		bsIpv6FhsTrapPktDropReason
    	}
    	STATUS current
    		DESCRIPTION
        	"This notification is generated when an RA message comes in that does not
		 match the RA Guard configuration"
    	::= { bsIpv6FirstHopSecNotifications 5 }

bsIpv6DHCPGuardNotification	NOTIFICATION-TYPE
	OBJECTS {
		bsIpv6FHSTrapClientMACAddr,
		bsIpv6FHSTrapClientIpv6Address,
		bsIpv6FHSTrapMsgType,
        	bsIpv6FHSTrapInterfaceIndex,
        	bsIpv6FHSTrapVlanID,
		bsIpv6FhsTrapPktDropReason
    	}
    	STATUS current
    		DESCRIPTION
        	"This notification is generated when an DHCPv6 message comes in that does not
		 match the DHCPv6 Guard configuration"
    	::= { bsIpv6FirstHopSecNotifications 6 }

END

