-- *****************************************************************
-- QTECH-SECURITY-MIB.mib:  Qtech Security MIB file
--
-- March 2002, Wuzg
--
-- Copyright (c) 2002 by Qtech Networks Co.,Ltd.
-- All rights reserved.
-- 
-- *****************************************************************
--

QTECH-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE,
        NOTIFICATION-TYPE,
        Integer32,
        IpAddress,
        Unsigned32
                FROM SNMPv2-SMI
        TruthValue,
        RowStatus,
        MacAddress
                FROM SNMPv2-TC
        MODULE-COMPLIANCE,
        OBJECT-GROUP
                FROM SNMPv2-CONF
        ConfigStatus,
        IfIndex
                FROM QTECH-TC
        ifIndex        
                FROM IF-MIB
        EnabledStatus 
                FROM P-BRIDGE-MIB
        qtechMgmt
                FROM QTECH-SMI;

qtechSecurityMIB MODULE-IDENTITY
        LAST-UPDATED "200203200000Z"
        ORGANIZATION "Qtech Networks Co.,Ltd."
        CONTACT-INFO
                " 
                Tel: 4008-111-000 

                E-mail: service@qtech.com.cn"
        DESCRIPTION
                "This module defines qtech security mibs."
        REVISION      "200203200000Z"
        DESCRIPTION
                "Initial version of this MIB module."
        ::= { qtechMgmt 6}

qtechSecurityMIBObjects OBJECT IDENTIFIER ::= { qtechSecurityMIB 1 }

qtechUserManagementObjects OBJECT IDENTIFIER ::= { qtechSecurityMIBObjects 1 }

qtechSecurityAddressObjects OBJECT IDENTIFIER ::= { qtechSecurityMIBObjects 2 }

qtechPortSecrrityObjects OBJECT IDENTIFIER ::= { qtechSecurityMIBObjects 3 }

--
--  user management
--

qtechEnableSnmpAgent OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "Enabled indicate that user can manage switch by snmp agent,
             disabled indicate that user can't manage switch by snmp agent."
    ::= { qtechUserManagementObjects 1 }
    
qtechEnableWeb OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "Enabled indicate that user can manage switch by web,
             disabled indicate that user can't manage switch by web."
    ::= { qtechUserManagementObjects 2 }    
    
qtechEnableTelnet OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "Enabled indicate that user can manage switch by telnet,
             disabled indicate that user can't manage switch by telnet."
    ::= { qtechUserManagementObjects 3 }    

--TelnetHostIpTable
qtechTelnetHostIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF QtechTelnetHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The table of telnet client's IP address, only these hostes can access the telnet server."
    ::= { qtechUserManagementObjects 4 }

qtechTelnetHostIpEntry OBJECT-TYPE
        SYNTAX  QtechTelnetHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of telnet host IP address table."
        INDEX   { qtechTelnetHostIpAddress}
    ::= { qtechTelnetHostIpTable 1 }

    QtechTelnetHostIpEntry ::=
        SEQUENCE {
                qtechTelnetHostIpAddress
                       IpAddress,
                qtechTelnetHostIpEnable
                       INTEGER         
      }

qtechTelnetHostIpAddress OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The telnet client's IP address, Only these hostes can access the telnet server"
        ::= { qtechTelnetHostIpEntry 1 }

qtechTelnetHostIpEnable OBJECT-TYPE
        SYNTAX  INTEGER{                   
                   enable(1), 
                   disable(2)
                   }
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
            "The telnet client's IP address enable state"
    ::= { qtechTelnetHostIpEntry 2 }
    
--WebHostIpTable
qtechWebHostIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF QtechWebHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The table of web client's IP address, only these hostes can access the web server."
    ::= { qtechUserManagementObjects 5 }

qtechWebHostIpEntry OBJECT-TYPE
        SYNTAX  QtechWebHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of web host IP address table."
        INDEX   { qtechWebHostIpAddress}
    ::= { qtechWebHostIpTable 1 }

    QtechWebHostIpEntry ::=
        SEQUENCE {
                qtechWebHostIpAddress
                       IpAddress,
                qtechWebHostIpEnable
                       INTEGER         
      }

qtechWebHostIpAddress OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The web client's IP address, Only these hostes can access the web server"
        ::= { qtechWebHostIpEntry 1 }

qtechWebHostIpEnable OBJECT-TYPE
        SYNTAX  INTEGER{                   
                   enable(1), 
                   disable(2)
                   }
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
            "The web client's IP address enable state"
    ::= { qtechWebHostIpEntry 2 }

-- security address 

qtechSecurityAddressTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF QtechSecurityAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The table of security address."
    ::= { qtechSecurityAddressObjects 1 }

qtechSecurityAddressEntry OBJECT-TYPE
        SYNTAX  QtechSecurityAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of Security address table."
        INDEX   { qtechSecurityAddressFdbId,
              qtechSecurityAddressAddress,
              qtechSecurityAddressPort,
              qtechSecurityAddressIpAddr}
    ::= { qtechSecurityAddressTable 1 }

    QtechSecurityAddressEntry ::=
        SEQUENCE {
                qtechSecurityAddressFdbId
                       Unsigned32,
                qtechSecurityAddressAddress
                       MacAddress,
                qtechSecurityAddressPort
                       IfIndex,  
                qtechSecurityAddressIpAddr
                       IpAddress,
                qtechSecurityAddressIfBindIp
                       TruthValue,        
                qtechSecurityAddressRemainAge
                       Integer32,   
                qtechSecurityAddressType
                       INTEGER,         
                qtechSecurityAddressStatus
                       RowStatus                       
      }

qtechSecurityAddressFdbId OBJECT-TYPE
        SYNTAX       Unsigned32
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "The VID of vlan which the security address blongs to."
    ::= { qtechSecurityAddressEntry 1 }
    
qtechSecurityAddressAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The MAC address of the security address."
    ::= { qtechSecurityAddressEntry 2 }

qtechSecurityAddressPort OBJECT-TYPE
        SYNTAX       IfIndex
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "The interface which the security address blongs to."
    ::= { qtechSecurityAddressEntry 3 }
    
qtechSecurityAddressIpAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IP address which the security address bind.It's meaning only when 
            qtechSecurityAddressIfBindIp is true."
        ::= { qtechSecurityAddressEntry 4 }
        
qtechSecurityAddressIfBindIp OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "this object offer the means whether security address will bind IP."
        ::= { qtechSecurityAddressEntry 5 }
        
qtechSecurityAddressRemainAge OBJECT-TYPE
        SYNTAX       Integer32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "The remain age of the security address, in units of minute."
    ::= { qtechSecurityAddressEntry 6 }

qtechSecurityAddressType OBJECT-TYPE
        SYNTAX  INTEGER{                   
                   secureConfigured(1), 
                   dynamicLearn(2)
                   }
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "The type of the security address"
    ::= { qtechSecurityAddressEntry 7 }
                
qtechSecurityAddressStatus OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "entry status of this entry. and the means in this enviraments can
            reffer to the text-convention definition of the RowStatus."
    ::= { qtechSecurityAddressEntry 8 }


--Address Bind Table
qtechBindAddressTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF QtechBindAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
		"IP-MAC bind table. The source MAC address must be bound when the switch receives the frame with
		 source IP address defined in this table. Otherwise, the frame will be discarded."
    ::= { qtechSecurityAddressObjects 2 }

qtechBindAddressEntry OBJECT-TYPE
        SYNTAX  QtechBindAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of Bind address table."
        INDEX   { qtechBindAddressIpAddr}
    ::= { qtechBindAddressTable 1 }

    QtechBindAddressEntry ::=
        SEQUENCE {
                qtechBindAddressIpAddr
                       IpAddress,
                qtechBindMacAddress
                       MacAddress,
                qtechBindAddressStatus
                       ConfigStatus                       
      }
qtechBindAddressIpAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IP address which the security address bind.It's meaning only when 
            qtechBindAddressIfBindIp is true."
        ::= { qtechBindAddressEntry 1 }
    
qtechBindMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
              "The MAC address of the security address."
    ::= { qtechBindAddressEntry 2 }    
                
qtechBindAddressStatus OBJECT-TYPE
        SYNTAX ConfigStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "entry status. Setting this value to 'invalid' will remove this entry"
    ::= { qtechBindAddressEntry 3 }

-- port security
qtechPortSecurityTable OBJECT-TYPE
        SYNTAX SEQUENCE OF QtechPortSecurityEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "list of port security configuration objects."
        ::= { qtechPortSecrrityObjects 1 }
    
qtechPortSecurityEntry OBJECT-TYPE
        SYNTAX QtechPortSecurityEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Entry contains port security configurations."
        INDEX { qtechPortSecurityPortIndex }
        ::= { qtechPortSecurityTable 1 }
    
QtechPortSecurityEntry ::=
        SEQUENCE {
        qtechPortSecurityPortIndex IfIndex,
        qtechPortSecurityStatus EnabledStatus,
        qtechPortSecurViolationType INTEGER,        
        qtechPortSecurityAddrNum Integer32,
        qtechPortSecurityAddrAge Integer32,
        qtechPortStaticSecurAddrIfAge EnabledStatus,
        qtechPortSecurityAddressCurrentNum Integer32, 
        qtechPortStaticSecurAddrCurrentNum Integer32,
        qtechPortSecurityIpDistrMode INTEGER
        }

qtechPortSecurityPortIndex OBJECT-TYPE
        SYNTAX IfIndex
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            ""
        ::= { qtechPortSecurityEntry 1 }
            
qtechPortSecurityStatus OBJECT-TYPE
        SYNTAX EnabledStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            ""
        DEFVAL { disabled }         
        ::= { qtechPortSecurityEntry 2 }

qtechPortSecurViolationType OBJECT-TYPE
        SYNTAX INTEGER {
            violation-protect(1),
            violation-restrict(2),
            violation-shutdown(3)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "this object define 3 grades of port security:
            violation-protect(1):
                normal security grade, indicate that when the a datagram received on a
                port with illegal MAC address will be discarded but not send trap, 
                legal and illegal MAC to a port security is 
                defined by per port's security below.
            violation-restrict(2):
                normal security grade, indicate that when the a datagram received on a
                port with illegal MAC address will be discarded and send trap, legal and illegal MAC
                to a port security is defined by per port's security below.
            violation-shutdown(3):
                strict security grade, indicate that when the a datagram received on a
                port with illegal MAC address, the port will be disabled for the violation
                of the port's security and send trap."
        DEFVAL { violation-protect }         
        ::= { qtechPortSecurityEntry 3 }
            
qtechPortSecurityAddrNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This value means the address number threshold of this port. A new address want to 
            add to the port address will be refused when address num exceed this value. 
            This value is valid when qtechPortSecurityStatus is 'disabled'"
        ::= { qtechPortSecurityEntry 4 }    

qtechPortSecurityAddrAge OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Aging time in units of minute of security address of interface"
        ::= { qtechPortSecurityEntry 5 }    
        
qtechPortStaticSecurAddrIfAge OBJECT-TYPE
        SYNTAX EnabledStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object offer the means whether enable static configured security address 
             aging."
        ::= { qtechPortSecurityEntry 6 }
        
qtechPortSecurityAddressCurrentNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
              "Current number of the security address of interface."
        ::= { qtechPortSecurityEntry 7 }
        
qtechPortStaticSecurAddrCurrentNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
              "Current number of the static configured security address of interface."
        ::= { qtechPortSecurityEntry 8 }

qtechPortSecurityIpDistrMode OBJECT-TYPE
        SYNTAX INTEGER{
            static(1),                     --only Static IP Distribute enabled
            dynamic(2),                 --only Dynamic IP Distribute enabled
            staticAndDynamic(3),     --both Static and Dynamic IP Distribute enable
            unSpecified(4)              --not specified
        }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "IP Distrute Mode
             (0:Static-only mode, 
              1:Dynamic-only mode, 
              2:Dynamic and Static mode, 
              3:Unspecified mode)"
        ::= { qtechPortSecurityEntry 9 }

qtechSecurityTraps      OBJECT IDENTIFIER ::= { qtechSecurityMIB 2 }

portSecurityViolate NOTIFICATION-TYPE
    OBJECTS    {ifIndex}
    STATUS  current
    DESCRIPTION
            "the mac lock violate trap indicates that if you
             have set the threshold number of learned addresses
             from a port, and their comes a new address from the
             port, but the addresses for the port is already 
             full."
    ::= { qtechSecurityTraps 1 }        

qtechSecurityMIBConformance OBJECT IDENTIFIER ::= { qtechSecurityMIB 3 }
qtechSecurityMIBCompliances OBJECT IDENTIFIER ::= { qtechSecurityMIBConformance 1 }
qtechSecurityMIBGroups      OBJECT IDENTIFIER ::= { qtechSecurityMIBConformance 2 }


-- compliance statements

qtechSecurityMIBCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
                "The compliance statement for entities which implement
                the Qtech Security MIB"
        MODULE  -- this module
                MANDATORY-GROUPS { qtechUserManageMIBGroup,
                                   qtechSecurityAddressMIBGroup,
                                   qtechPortSecurityMIBGroup
                 }
        ::= { qtechSecurityMIBCompliances 1 }
                
-- units of conformance

qtechUserManageMIBGroup OBJECT-GROUP
        OBJECTS {
           qtechEnableSnmpAgent,
           qtechEnableWeb,
           qtechEnableTelnet
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing status snmp and web and telnet
                 management agent to a Qtech agent."
        ::= { qtechSecurityMIBGroups 1 }         
        
qtechSecurityAddressMIBGroup OBJECT-GROUP
        OBJECTS {
--                qtechSecurityAddressFdbId,
--                qtechSecurityAddressAddress,
--                qtechSecurityAddressPort,
--                qtechSecurityAddressIpAddr,
                qtechSecurityAddressIfBindIp,        
                qtechSecurityAddressRemainAge, 
                qtechSecurityAddressType,    
                qtechSecurityAddressStatus,
--                qtechBindAddressIpAddr,
                qtechBindMacAddress,
                qtechBindAddressStatus            
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing security address to a
                Qtech agent."
        ::= { qtechSecurityMIBGroups 2 }                         
        
qtechPortSecurityMIBGroup OBJECT-GROUP
        OBJECTS {
              qtechPortSecurityPortIndex,
              qtechPortSecurityStatus,
              qtechPortSecurViolationType,
              qtechPortSecurityAddrNum,
              qtechPortSecurityAddrAge,
              qtechPortStaticSecurAddrIfAge,
              qtechPortSecurityAddressCurrentNum, 
              qtechPortStaticSecurAddrCurrentNum,
              qtechPortSecurityIpDistrMode
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing port security to a
                Qtech agent."
        ::= { qtechSecurityMIBGroups 3 }                                 
                
END
