-- *****************************************************************
-- MY-SECURITY-MIB.mib:  My Security MIB file
--
-- $Copyright$
-- 
-- *****************************************************************
--

MY-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE,
        NOTIFICATION-TYPE,
        Integer32,
        Counter32,
        IpAddress,
        Unsigned32
                FROM SNMPv2-SMI
        TruthValue,
        DisplayString,
        RowStatus,
        MacAddress
                FROM SNMPv2-TC
        MODULE-COMPLIANCE,
        OBJECT-GROUP,
        NOTIFICATION-GROUP
                FROM SNMPv2-CONF
        ConfigStatus,
        IfIndex
                FROM MY-TC
        ifIndex        
                FROM IF-MIB
        EnabledStatus 
                FROM P-BRIDGE-MIB
        myMgmt
                FROM MY-SMI;

mySecurityMIB MODULE-IDENTITY
        LAST-UPDATED "200203200000Z"
        ORGANIZATION "$Company$"
        CONTACT-INFO
                " 
                Tel: $Telephone$ 

                E-mail: $E-mail$"
        DESCRIPTION
                "This module defines my security mibs."
        REVISION      "200203200000Z"
        DESCRIPTION
                "Initial version of this MIB module."
        ::= { myMgmt 6}

mySecurityMIBObjects OBJECT IDENTIFIER ::= { mySecurityMIB 1 }

myUserManagementObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 1 }

mySecurityAddressObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 2 }

myPortSecrrityObjects OBJECT IDENTIFIER ::= { mySecurityMIBObjects 3 }

--
--  user management
--

myEnableSnmpAgent OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "Enabled indicate that user can manage switch by snmp agent,
             disabled indicate that user can't manage switch by snmp agent."
    ::= { myUserManagementObjects 1 }
    
myEnableWeb OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "Enabled indicate that user can manage switch by web,
             disabled indicate that user can't manage switch by web."
    ::= { myUserManagementObjects 2 }    
    
myEnableTelnet OBJECT-TYPE
    SYNTAX      EnabledStatus
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
            "Enabled indicate that user can manage switch by telnet,
             disabled indicate that user can't manage switch by telnet."
    ::= { myUserManagementObjects 3 }    

--TelnetHostIpTable
myTelnetHostIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF MyTelnetHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The table of telnet client's IP address, only these hostes can access the telnet server."
    ::= { myUserManagementObjects 4 }

myTelnetHostIpEntry OBJECT-TYPE
        SYNTAX  MyTelnetHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of telnet host IP address table."
        INDEX   { myTelnetHostIpAddress}
    ::= { myTelnetHostIpTable 1 }

    MyTelnetHostIpEntry ::=
        SEQUENCE {
                myTelnetHostIpAddress
                       IpAddress,
                myTelnetHostIpEnable
                       INTEGER         
      }

myTelnetHostIpAddress OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The telnet client's IP address, Only these hostes can access the telnet server"
        ::= { myTelnetHostIpEntry 1 }

myTelnetHostIpEnable OBJECT-TYPE
        SYNTAX  INTEGER{                   
                   enable(1), 
                   disable(2)
                   }
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
            "The telnet client's IP address enable state"
    ::= { myTelnetHostIpEntry 2 }
    
--WebHostIpTable
myWebHostIpTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF MyWebHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The table of web client's IP address, only these hostes can access the web server."
    ::= { myUserManagementObjects 5 }

myWebHostIpEntry OBJECT-TYPE
        SYNTAX  MyWebHostIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of web host IP address table."
        INDEX   { myWebHostIpAddress}
    ::= { myWebHostIpTable 1 }

    MyWebHostIpEntry ::=
        SEQUENCE {
                myWebHostIpAddress
                       IpAddress,
                myWebHostIpEnable
                       INTEGER         
      }

myWebHostIpAddress OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The web client's IP address, Only these hostes can access the web server"
        ::= { myWebHostIpEntry 1 }

myWebHostIpEnable OBJECT-TYPE
        SYNTAX  INTEGER{                   
                   enable(1), 
                   disable(2)
                   }
        MAX-ACCESS   read-write
        STATUS       current
        DESCRIPTION
            "The web client's IP address enable state"
    ::= { myWebHostIpEntry 2 }

-- security address 

mySecurityAddressTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF MySecurityAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The table of security address."
    ::= { mySecurityAddressObjects 1 }

mySecurityAddressEntry OBJECT-TYPE
        SYNTAX  MySecurityAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of Security address table."
        INDEX   { mySecurityAddressFdbId,
              mySecurityAddressAddress,
              mySecurityAddressPort,
              mySecurityAddressIpAddr}
    ::= { mySecurityAddressTable 1 }

    MySecurityAddressEntry ::=
        SEQUENCE {
                mySecurityAddressFdbId
                       Unsigned32,
                mySecurityAddressAddress
                       MacAddress,
                mySecurityAddressPort
                       IfIndex,  
                mySecurityAddressIpAddr
                       IpAddress,
                mySecurityAddressIfBindIp
                       TruthValue,        
                mySecurityAddressRemainAge
                       Integer32,   
                mySecurityAddressType
                       INTEGER,         
                mySecurityAddressStatus
                       RowStatus                       
      }

mySecurityAddressFdbId OBJECT-TYPE
        SYNTAX       Unsigned32
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "The VID of vlan which the security address blongs to."
    ::= { mySecurityAddressEntry 1 }
    
mySecurityAddressAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The MAC address of the security address."
    ::= { mySecurityAddressEntry 2 }

mySecurityAddressPort OBJECT-TYPE
        SYNTAX       IfIndex
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
            "The interface which the security address blongs to."
    ::= { mySecurityAddressEntry 3 }
    
mySecurityAddressIpAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IP address which the security address bind.It's meaning only when 
            mySecurityAddressIfBindIp is true."
        ::= { mySecurityAddressEntry 4 }
        
mySecurityAddressIfBindIp OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "this object offer the means whether security address will bind IP."
        ::= { mySecurityAddressEntry 5 }
        
mySecurityAddressRemainAge OBJECT-TYPE
        SYNTAX       Integer32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "The remain age of the security address, in units of minute."
    ::= { mySecurityAddressEntry 6 }

mySecurityAddressType OBJECT-TYPE
        SYNTAX  INTEGER{                   
                   secureConfigured(1), 
                   dynamicLearn(2)
                   }
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "The type of the security address"
    ::= { mySecurityAddressEntry 7 }
                
mySecurityAddressStatus OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "entry status of this entry. and the means in this enviraments can
            reffer to the text-convention definition of the RowStatus."
    ::= { mySecurityAddressEntry 8 }


--Address Bind Table
myBindAddressTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF MyBindAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
		"IPַMACַ󶨱յԴIPַΪ
                 жIPַ֡ʱ֡ԴMACַ
                 Ϊ󶨵MACַ֡."
    ::= { mySecurityAddressObjects 2 }

myBindAddressEntry OBJECT-TYPE
        SYNTAX  MyBindAddressEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
              "The entry of Bind address table."
        INDEX   { myBindAddressIpAddr}
    ::= { myBindAddressTable 1 }

    MyBindAddressEntry ::=
        SEQUENCE {
                myBindAddressIpAddr
                       IpAddress,
                myBindMacAddress
                       MacAddress,
                myBindAddressStatus
                       ConfigStatus                       
      }
myBindAddressIpAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The IP address which the security address bind.It's meaning only when 
            myBindAddressIfBindIp is true."
        ::= { myBindAddressEntry 1 }
    
myBindMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-create
        STATUS  current
        DESCRIPTION
              "The MAC address of the security address."
    ::= { myBindAddressEntry 2 }    
                
myBindAddressStatus OBJECT-TYPE
        SYNTAX ConfigStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "entry status. Setting this value to 'invalid' will remove this entry"
    ::= { myBindAddressEntry 3 }

-- port security
myPortSecurityTable OBJECT-TYPE
        SYNTAX SEQUENCE OF MyPortSecurityEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "list of port security configuration objects."
        ::= { myPortSecrrityObjects 1 }
    
myPortSecurityEntry OBJECT-TYPE
        SYNTAX MyPortSecurityEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Entry contains port security configurations."
        INDEX { myPortSecurityPortIndex }
        ::= { myPortSecurityTable 1 }
    
MyPortSecurityEntry ::=
        SEQUENCE {
        myPortSecurityPortIndex IfIndex,
        myPortSecurityStatus EnabledStatus,
        myPortSecurViolationType INTEGER,        
        myPortSecurityAddrNum Integer32,
        myPortSecurityAddrAge Integer32,
        myPortStaticSecurAddrIfAge EnabledStatus,
        myPortSecurityAddressCurrentNum Integer32, 
        myPortStaticSecurAddrCurrentNum Integer32,
        myPortSecurityIpDistrMode INTEGER
        }

myPortSecurityPortIndex OBJECT-TYPE
        SYNTAX IfIndex
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            ""
        ::= { myPortSecurityEntry 1 }
            
myPortSecurityStatus OBJECT-TYPE
        SYNTAX EnabledStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            ""
        DEFVAL { disabled }         
        ::= { myPortSecurityEntry 2 }

myPortSecurViolationType OBJECT-TYPE
        SYNTAX INTEGER {
            violation-protect(1),
            violation-restrict(2),
            violation-shutdown(3)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "this object define 3 grades of port security:
            violation-protect(1):
                normal security grade, indicate that when the a datagram received on a
                port with illegal MAC address will be discarded but not send trap, 
                legal and illegal MAC to a port security is 
                defined by per port's security below.
            violation-restrict(2):
                normal security grade, indicate that when the a datagram received on a
                port with illegal MAC address will be discarded and send trap, legal and illegal MAC
                to a port security is defined by per port's security below.
            violation-shutdown(3):
                strict security grade, indicate that when the a datagram received on a
                port with illegal MAC address, the port will be disabled for the violation
                of the port's security and send trap."
        DEFVAL { violation-protect }         
        ::= { myPortSecurityEntry 3 }
            
myPortSecurityAddrNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This value means the address number threshold of this port. A new address want to 
            add to the port address will be refused when address num exceed this value. 
            This value is valid when myPortSecurityStatus is 'disabled'"
        ::= { myPortSecurityEntry 4 }    

myPortSecurityAddrAge OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Aging time in units of minute of security address of interface"
        ::= { myPortSecurityEntry 5 }    
        
myPortStaticSecurAddrIfAge OBJECT-TYPE
        SYNTAX EnabledStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "This object offer the means whether enable static configured security address 
             aging."
        ::= { myPortSecurityEntry 6 }
        
myPortSecurityAddressCurrentNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
              "Current number of the security address of interface."
        ::= { myPortSecurityEntry 7 }
        
myPortStaticSecurAddrCurrentNum OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
              "Current number of the static configured security address of interface."
        ::= { myPortSecurityEntry 8 }

myPortSecurityIpDistrMode OBJECT-TYPE
        SYNTAX INTEGER{
            static(1),                     --only Static IP Distribute enabled
            dynamic(2),                 --only Dynamic IP Distribute enabled
            staticAndDynamic(3),     --both Static and Dynamic IP Distribute enable
            unSpecified(4)              --not specified
        }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "IP Distrute Mode
             (0:Static-only mode, 
              1:Dynamic-only mode, 
              2:Dynamic and Static mode, 
              3:Unspecified mode)"
        ::= { myPortSecurityEntry 9 }

mySecurityTraps      OBJECT IDENTIFIER ::= { mySecurityMIB 2 }

portSecurityViolate NOTIFICATION-TYPE
    OBJECTS    {ifIndex}
    STATUS  current
    DESCRIPTION
            "the mac lock violate trap indicates that if you
             have set the threshold number of learned addresses
             from a port, and their comes a new address from the
             port, but the addresses for the port is already 
             full."
    ::= { mySecurityTraps 1 }        

mySecurityMIBConformance OBJECT IDENTIFIER ::= { mySecurityMIB 3 }
mySecurityMIBCompliances OBJECT IDENTIFIER ::= { mySecurityMIBConformance 1 }
mySecurityMIBGroups      OBJECT IDENTIFIER ::= { mySecurityMIBConformance 2 }


-- compliance statements

mySecurityMIBCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
                "The compliance statement for entities which implement
                the My Security MIB"
        MODULE  -- this module
                MANDATORY-GROUPS { myUserManageMIBGroup,
                                   mySecurityAddressMIBGroup,
                                   myPortSecurityMIBGroup
                 }
        ::= { mySecurityMIBCompliances 1 }
                
-- units of conformance

myUserManageMIBGroup OBJECT-GROUP
        OBJECTS {
           myEnableSnmpAgent,
           myEnableWeb,
           myEnableTelnet
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing status snmp and web and telnet
                 management agent to a My agent."
        ::= { mySecurityMIBGroups 1 }         
        
mySecurityAddressMIBGroup OBJECT-GROUP
        OBJECTS {
               mySecurityAddressFdbId,
                mySecurityAddressAddress,
                mySecurityAddressPort,  
                mySecurityAddressIpAddr,
                mySecurityAddressIfBindIp,        
                mySecurityAddressRemainAge, 
                mySecurityAddressType,    
                mySecurityAddressStatus,
                myBindAddressIpAddr,
                myBindMacAddress,
                myBindAddressStatus            
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing security address to a
                My agent."
        ::= { mySecurityMIBGroups 2 }                         
        
myPortSecurityMIBGroup OBJECT-GROUP
        OBJECTS {
              myPortSecurityPortIndex,
              myPortSecurityStatus,
              myPortSecurViolationType,
              myPortSecurityAddrNum,
              myPortSecurityAddrAge,
              myPortStaticSecurAddrIfAge,
              myPortSecurityAddressCurrentNum, 
              myPortStaticSecurAddrCurrentNum,
              myPortSecurityIpDistrMode
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing port security to a
                My agent."
        ::= { mySecurityMIBGroups 3 }                                 
                
END
