S5-SWITCH-BAYSECURE-MIB: View SNMP OID List / Download MIB

BaySecure MIB - MAC-based Security MIB Copyright 1999-2012 Avaya All rights reserved. This Avaya SNMP Management Information Base Specification (Specification) embodies Avaya's confidential and proprietary intellectual property. Avaya retains all title and ownership in the Specification, including any revisions. This Specification is supplied 'AS IS,' and Avaya makes no warranty, either express or implied, as to the use, operation, condition, or performance of the Specification.

If s5SbsAuthSecurityLock is locked(2), the agent will refuse all requests to modify the 'security configuration'. Objects in s5SbsAuth, the Switch BaySecure MIB Group that are part of the 'security configuration', includes s5SbsAuthCtlPartTime, objects in s5SbsAuthCfgTable, Set requests for all read/write objects in s5SbsAuth group excluding this object will result in a BadValue return value. Enumeration: 'notlocked': 3, 'other': 1, 'locked': 2.

If the value of s5SbsAuthCfgActionMode is partitionPort or partitionPortAndSendTrap, time partition will be done if this value is greater than 0. The value indicates the duration of the time for port partitioning in seconds. The default value is zero. When this value is zero, port remians partitioned until manually re-enabled.

Indicates whether the switch security feature is enabled or not. Enumeration: 'enable': 1, 'disable': 2.

The mode of switch security. singleMACperPort(1) indicates that the switch is in single-MAC-per-port mode which means it allows to configure only one MAC address per port. macList(2) indicates that the switch is in MAC-List mode, user can configure more than one MAC address per port, the maximum numbers of MAC address per port vary from switch to switch. autoLearn(3) indicates that the switch will learn the first MAC address on each port as an allowed address of that port. Change made between singleMACperPort(1), macList(2) and autoLearn(3) will erase all the data in s5SbsAuthCfgTable. Enumeration: 'autoLearn': 3, 'singleMACperPort': 1, 'macList': 2.

Action performed by software when a violation occurs (if s5SbsSecurityStatus is enabled). The security action specified here applies to all ports of the switch. NOTE: da means destination address. A blocked address will always cause the port to be partitioned when unauthorized access is attempted. See s5SbsAuthCfgAccessCtrlType for more information on allowed and blocked addresses. Enumeration: 'partitionPortAndsendTrap': 4, 'partitionPort': 3, 'partitionPortdaFilteringAndsendTrap': 8, 'partitionPortAnddaFiltering': 7, 'noAction': 1, 'daFilteringAndsendTrap': 6, 'trap': 2, 'daFiltering': 5.

The current number of entries of the nodes allowed in the s5SbsAuthCfgTable.

The maximum number of entries of the nodes allowed in the s5SbsAuthCfgTable.

The current number of entries of the nodes blocked in the s5SbsAuthCfgTable.

The maximum number of entries of the nodes blocked in the s5SbsAuthCfgTable.

A table containing a list of boards and ports and MAC addresses that constitute the security configuration.

An entry in this table indicates the security configuration for a specified MAC address and a specified port and a specified board. A SNMP SET PDU for a row of the s5SbsAuthCfgTable requires the entired sequence of the MIB Objects in each s5SbsAuthCfgEntry stored in one PDU. Otherwise, GENERR return-value will be returned.

The index of the slot containing the board on which the port is located. This value is meaningful --NEW only if s5SbsAuthCfgSecureList value is zero. --NEW For other SecureList values it should have the value of zero.

The index of the port on the board. This value is meaningful only if s5SbsAuthCfgSecureList value is zero. --NEW For other SecureList values it should have the value of zero.

The index of source MAC address of allowed station or not-allowed station.

This Node Access Control Type represents whether the node entry is node allowed or node blocked type. A MAC address may be allowed on multiple ports. Enumeration: 'blocked': 2, 'allowed': 1.

The status of the AuthCfg entry. The primary use of this object is for modifying the AuthCfg table. Values that can be written create(2), delete(3), modify(4). Values that can be read: valid(1). Setting this entry to delete(3) causes the entry to be deleted from the table. Setting a new entry with create(2) causes the entry to be created in the table. Setting an entry with modify(4) causes the entry to be modified. The response to a get request or get-next request will always indicate a status of valid (1), since invalid entries are removed from the table. This object cannot be modified for entries whose value of s5SbsAuthCfgSource is autoLearn(2) if the value of s5SbsAutoLearningSticky is false(2). Any such attempt will generate an inconsistentValue error. Enumeration: 'createSticky': 5, 'create': 2, 'valid': 1, 'modify': 4, 'delete': 3.

The index of the security list. This value is meaningful only if s5SbsAuthCfgBrdIndx and s5SbsAuthCfgPortIndx values are zero. For other board and port index values it should have the value of zero. This value is used as an index into s5SbsSecurityListTable. The corresponding MAC Address of this entry is allowed or blocked on all the ports of that port list. Note that this value must be 0 for entries where the value of s5SbsAuthCfgSource is either autoLearn(2) or sticky(3).

This object indicates the source of an entry. A value of static(1) indicates that the entry was manually created by a user. A value of autoLearn(2) indicates that the entry was auto-learned. Note that if the value of s5SbsAutoLearningSticky is false(2), then an auto-learned entry cannot be directly deleted, though disabling auto-learning for a port will delete all auto-learned MAC addresses for the port. However, if the value of s5SbsAutoLearningSticky is true(1), then auto-learned addresses can be deleted normally. Enumeration: 'autoLearn': 2, 'static': 1, 'sticky': 3.

This object indicates the lifetime of an auto-learned entry. This is the time until the entry is automatically deleted by the system. This object does not apply to entries whose value of s5SbsAuthCfgSource is static(1), and for such entries, the value of this object will always be 0.

The trunk on which a MAC address is allowed or disallowed. This value must be 0 if the value of any of these objects is non-zero: s5SbsAuthCfgBrdIndx s5SbsAuthCfgPortIndx s5SbsAuthCfgSecureList The value of this object is only used if the above objects all have zero values. The value of this object must also be 0 if the value of s5SbsAuthCfgSource is either autoLearn(2) or sticky(3).

A table containing a snapshot of the authorized boards and ports status data collection. Port security information consists of an action to be performed when an unAuthorized station is detected and the current security status of a port.

An entry in this table may represent a single MAC address, all MAC addresses on a single port, a single port, all the ports on a single board, a particuler port on all the boards, or all the ports on all the boards.

The index of the board. This corresponds to the index of the slot containing the board if the index is greater than zero. A zero index is a wild card.

The index of the port on the board. This corresponds to the index of the last manageable port on the board if the index is greater than zero. A zero index is a wild card.

The index of MAC address on the port. This corresponds to the index of the MAC address on the port if the index is greater than zero. A zero index is a wild card.

This Node Access Control Type represents whether the node entry is node allowed or node blocked type. Enumeration: 'block': 2, 'allow': 1.

An integer value representing the type of information contained in this s5SbsAuthStatusEntry. noAction(1) represents that port does not have any security assigned or the security is turned off. partitionPort(2) represents port is partitioned. partitionPortAndsendTrap(3) represents port is partitioned and a trap will be sent to trap receive station(s). daFiltering(4) represents port will filter out the frames with the desitnation address field is the MAC address of unauthorized station. daFilteringAndsendTrap(5) represents port will filter out the frames with the desitnation address field is the MAC address of unauthorized station and a trap will be sent to trap receive station(s). sendtrap(6) represents a trap will be sent to trap receive station(s). partitionPortAnddaFiltering(7) represents port is partitioned and port will filter out the frames with the destination address field is the MAC address of unauthorized station. partitionPortdaFilteringAndsendTrap(8) represents port is partitioned, port will filter out the frames with the destination address field is the MAC address of unauthorized station and a trap will be sent to trap receive station(s). Enumeration: 'partitionPortAndsendTrap': 3, 'partitionPort': 2, 'partitionPortdaFilteringAndsendTrap': 8, 'partitionPortAnddaFiltering': 7, 'noAction': 1, 'daFilteringAndsendTrap': 5, 'sendTrap': 6, 'daFiltering': 4.

This represents the current port security status. If s5SbsSecurityStatus is disable, notApplicable(1) will be returned. The port in a normal situation returns the status with portSecure(2). portPartition(3) will be returned only if the port is partitioned. Enumeration: 'portPartition': 3, 'notApplicable': 1, 'portSecure': 2.

A table containing a list of boards, ports where network access violations have occurred. Information also contains the offending MAC addrersses.

An entry in this table

The index of the board. This corresponds to the slot containing the board. This index will be 1 where it is not applicable, e.g., ByaStack 303/304.

The index of the port on the board. This corresponds to the port on which a security violation was seen.

The MAC address of the device attempting unauthorized network access. (MAC addrees-based security)

Type of management access attempted when the violation occurred. Enumeration: 'web': 2, 'snmp': 1, 'telnet': 3.

IP Address of the station attempting unauthorized management access.

The set of ports for which security is enabled. The bitwise AND of s5SbsPortSecurityStatus and s5SbsPortLearnStatus must be the empty set.

The set of ports for which auto learning is enabled. Note that a port's bit in this object may not be turned on if the port's value of s5SbsAutoLearningConfigEnabled is true(1).

The current number of entries of the Security lists in the s5SbsSecurityListTable.

The maximum number of entries of the Security lists in the s5SbsSecurityListTable.

A table containing a list of Security port lists.

An entry in this table

The index of the security list. This corresponds to the Security port list which can be used as index into s5SbsAuthCfgTable.

The set of ports that are currently members in this Port list.

The status of the SecurityList entry. The primary use of this object is for modifying the SecurityList table. Values that can be written create(2), delete(3), modify(4). Values that can be read: valid(1). Setting this entry to delete(3) causes the entry to be deleted from the table. Setting a new entry with create(2) causes the entry to be created in the table. Setting an entry with modify(4) causes the entry to be modified. The response to a get request or get-next request will always indicate a status of valid (1), since invalid entries are removed from the table. Enumeration: 'create': 2, 'valid': 1, 'modify': 4, 'delete': 3.

This object is used to clear all entries in the s5SbsMacViolationTable. Setting it to clear(2) will clear all entries in that table. Setting it to other(1) has no effect. This object always returns a value of other(1). Enumeration: 'clear': 2, 'other': 1.

A table containing a list of Security port lists.

An entry in this table

The MAC address that caused an access violation.

The last board/slot/unit number on which the MAC address caused an access violation.

The last port number on which the MAC address caused an access violation.

The lifetime for MAC addresses which are auto-learned. This is measured in minutes. A value of 0 means addresses are not aged out.

A table containing per-port configuration for auto-learning. Entries exist in the table for each ethernet port in the system.

An entry in this table

The board/slot/unit number.

The port number.

This object indicates whether auto-learning is enabled on the port. Note that this object may not be set to true(1) for a port whose bit is turned on in s5SbsPortLearnStatus. Likewise, a port's bit in s5SbsPortLearnStatus may not be turned on if the port's value of s5SbsAutoLearningConfigEnabled is true(1). Note that if this object is changed from true(1) to false(2), all auto-learned MAC addresses for the port will be removed.

This object indicates the maximum number of MAC addresses that may be learned on the port.

This object specifies the set of ports for which auto- learning is enabled. It is an alternative to s5SbsAutoLearningConfigEnabled.

This object controls whether the 'sticky-mac' feature is enabled.

This object controls the set of ports that are locked such that they cannot have mac-security enabled.