-- Port Security MIB overview:
-- Port Security MIB falls under lb6m MIB node of the private subtree.

NETGEAR-PORTSECURITY-PRIVATE-MIB DEFINITIONS ::= BEGIN

-- Netgear Inc NETGEAR Port Security MIB
-- Copyright Netgear Inc(2004-2007) All rights reserved.

-- This SNMP Management Information Specification
-- embodies Netgear Inc's confidential and proprietary
-- intellectual property.  Netgear Inc retains all title
-- and ownership in the Specification including any revisions.

-- This Specification is supplied "AS IS", Netgear Inc
-- makes no warranty, either expressed or implied,
-- as to the use, operation, condition, or performance of the
-- Specification.



IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Unsigned32                          FROM SNMPv2-SMI
    TEXTUAL-CONVENTION,RowStatus,
    MacAddress                          FROM SNMPv2-TC
    ifIndex                             FROM IF-MIB

    DisplayString		        FROM RFC1213-MIB
    lb6m                    FROM QUANTA-LB6M-REF-MIB;

    fastPathPortSecurity MODULE-IDENTITY
           LAST-UPDATED "201101260000Z" -- 26 January 2011 12:00:00 GMT
           ORGANIZATION "Netgear Inc"
           CONTACT-INFO ""
 
     DESCRIPTION
          "The Netgear Private MIB for NETGEAR Port Security Feature."

      -- Revision history.
      REVISION
          "201101260000Z" -- 26 January 2011 12:00:00 GMT
      DESCRIPTION
          "Postal address updated."
      REVISION
          "200705230000Z" -- 23 May 2007 12:00:00 GMT
      DESCRIPTION
          "Netgear branding related changes."

      ::= { lb6m 20 }


     --**************************************************************************************
    -- agentPortSecurityGroup -> contains MIB objects displaying Port Security
    -- and associated Functionality 
    --
    --**************************************************************************************

agentPortSecurityGroup OBJECT IDENTIFIER ::= { fastPathPortSecurity 1}

agentGlobalPortSecurityMode OBJECT-TYPE
    SYNTAX      INTEGER {
                enable(1),
                disable(2)
                }
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
		"Mode showing whether at the global level, port security is enabled or not." 
    DEFVAL { disable }
	::={ agentPortSecurityGroup 1 }
	
agentPortSecurityTable OBJECT-TYPE
	SYNTAX	     SEQUENCE OF AgentPortSecurityEntry
	MAX-ACCESS   not-accessible
	STATUS       current
	DESCRIPTION "A table for Port Security and associated functionality."
	::= { agentPortSecurityGroup 2 }

agentPortSecurityEntry OBJECT-TYPE
	SYNTAX AgentPortSecurityEntry
	MAX-ACCESS not-accessible
	STATUS current
	DESCRIPTION "Represents entry for port security table"
	INDEX       { ifIndex }
	::={ agentPortSecurityTable 1}

	AgentPortSecurityEntry ::=
		SEQUENCE {
		agentPortSecurityMode
			INTEGER,
		agentPortSecurityDynamicLimit
			Unsigned32,
		agentPortSecurityStaticLimit
			Unsigned32,
                agentPortSecurityViolationTrapMode
                        INTEGER,
                agentPortSecurityStaticMACs
                        DisplayString,
                agentPortSecurityLastDiscardedMAC
                        DisplayString,
                agentPortSecurityMACAddressAdd
                        DisplayString,
                agentPortSecurityMACAddressRemove
                        DisplayString,
                agentPortSecurityMACAddressMove
                        INTEGER,
                agentPortSecurityStickyMode
                        INTEGER
		}

	agentPortSecurityMode OBJECT-TYPE
          SYNTAX      INTEGER {
                enable(1),
                disable(2)
                }
	  MAX-ACCESS read-write
	  STATUS current
	  DESCRIPTION
		"Mode showing whether at port level security is enabled or not." 
          DEFVAL { disable }
          ::={ agentPortSecurityEntry 1 }
	
	agentPortSecurityDynamicLimit OBJECT-TYPE
        SYNTAX  Unsigned32(0..4096)
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"This variable signifies the limit of dynamically locked MAC addresses 
			 allowed on a specific port."
	    DEFVAL { 4096 }
	::={ agentPortSecurityEntry 2 } 
		
	agentPortSecurityStaticLimit OBJECT-TYPE
        SYNTAX  Unsigned32(0..20)
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"This variable signifies the limit of statically locked MAC addresses 
			 allowed on a specific port."
	    DEFVAL { 20 }
		::={ agentPortSecurityEntry 3 }
		
		
	agentPortSecurityViolationTrapMode OBJECT-TYPE
		SYNTAX      INTEGER {
                    enable(1),
                    disable(2)
                    }
		MAX-ACCESS read-write
		STATUS current
		DESCRIPTION
			"This variable is used to enable or disable the sending of new violation 
			 traps designating when a packet with a disallowed MAC address is 
			 received on a locked port."
		::={agentPortSecurityEntry 4 }
		
	agentPortSecurityStaticMACs OBJECT-TYPE
		SYNTAX      DisplayString
		MAX-ACCESS read-only
		STATUS current
		DESCRIPTION
			"This variable displays the statically locked MAC addresses for port.
			 The list displayed in a particular fashion :
			 2 a0:b1:c2:d1:e3:a1,11 a0:b1:c2:d3:e4:f5 
			 (i.e., VLAN MAC pairs followed by a 1 or 0 to indicate a sticky entry, separated by commas)."
		::={agentPortSecurityEntry 6 }
		
	agentPortSecurityLastDiscardedMAC OBJECT-TYPE
		SYNTAX      DisplayString
		MAX-ACCESS read-only
		STATUS current
		DESCRIPTION
			"This variable displays the vlan-id and source MAC address of the last packet that was
			 discarded on a locked port."
		::={agentPortSecurityEntry 7 }
                
        
        agentPortSecurityMACAddressAdd OBJECT-TYPE
                SYNTAX      DisplayString
                MAX-ACCESS  read-write 
                STATUS current
	        DESCRIPTION
		"This MIB variable accepts a VLAN id, MAC address and the sticky value to be added to the list
		 of statically locked MAC addresses on a port. The VLAN id, MAC address and sticky value combination 
		 would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1 1(the vlan-id, MAC address 
		 and sticky value separated by blank-spaces)." 
                ::={ agentPortSecurityEntry 8 }
    
        agentPortSecurityMACAddressRemove OBJECT-TYPE
                SYNTAX      DisplayString
                MAX-ACCESS  read-write 
	        STATUS current
	        DESCRIPTION
		"This MIB variable accepts a VLAN id and MAC address to be removed from the list
		of statically locked MAC addresses on a port.. The VLAN id and MAC address combination 
		would be entered in a particular fashion like :- 2 a0:b0:c0:d1:e2:a1(the vlan-id and
		MAC address separated by a blank-space)."
                ::={ agentPortSecurityEntry 9 }
    
        agentPortSecurityMACAddressMove OBJECT-TYPE
                SYNTAX      INTEGER {
                enable(1),
                disable(2)
                }
                MAX-ACCESS  read-write
	        STATUS current
	        DESCRIPTION
		"When this object is enabled, all the dynamically locked MAC addresses will
                 be moved to statically locked addresses on a port. GET operation on this object will display 
                 disable." 
                 ::={ agentPortSecurityEntry 10 }

          agentPortSecurityStickyMode OBJECT-TYPE
              SYNTAX      INTEGER {
                    enable(1),
                    disable(2)
                    }
          	  MAX-ACCESS read-write
          	  STATUS current
          	  DESCRIPTION
          		"This object is used to configure port level security sticky mode in a port." 
                    DEFVAL { disable }
                    ::={ agentPortSecurityEntry 11 }

 --**********************************************************************--

        agentPortSecurityDynamicTable OBJECT-TYPE
            SYNTAX       SEQUENCE OF AgentPortSecurityDynamicEntry
            MAX-ACCESS   not-accessible
            STATUS       current
            DESCRIPTION "A table for Port Security Dynamic and associated functionality."
            ::= { agentPortSecurityGroup 3 }

        agentPortSecurityDynamicEntry OBJECT-TYPE
            SYNTAX AgentPortSecurityDynamicEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION "Represents entry for port MAC Locking table"
            INDEX       { ifIndex,agentPortSecurityDynamicVLANId,agentPortSecurityDynamicMACAddress }
            ::={ agentPortSecurityDynamicTable 1}

        AgentPortSecurityDynamicEntry ::=
                SEQUENCE {
                agentPortSecurityDynamicVLANId
                        Unsigned32,
                agentPortSecurityDynamicMACAddress
                        MacAddress
                }

        
        agentPortSecurityDynamicVLANId OBJECT-TYPE
                SYNTAX      Unsigned32
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Source VLAN id of the packet that is received on the dynamically locked port."
                ::={agentPortSecurityDynamicEntry 1 }
                
        
        agentPortSecurityDynamicMACAddress OBJECT-TYPE
                SYNTAX  MacAddress
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Source MAC address of the packet that is received on the dynamically locked port."
            ::={ agentPortSecurityDynamicEntry 2 }


        agentGlobalPortSecurityStickyMode OBJECT-TYPE
            SYNTAX      INTEGER {
                        enable(1),
                        disable(2)
                        }
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
            	"This object is used to apply the Sticky Mode to all ports.
                 This is write-only value. It always returns 'disable' on request" 
            DEFVAL { disable }
            ::={ agentPortSecurityGroup 4 }

        agentGlobalPortSecurityViolationTrapMode OBJECT-TYPE
            SYNTAX      INTEGER {
                        enable(1),
                        disable(2)
                        }
            MAX-ACCESS read-write
            STATUS current
            DESCRIPTION
			"This variable is used to enable or disable the sending of new violation 
			 traps designating when a packet with a disallowed MAC address is 
			 received on a locked port. The configuration will be done on all ports.
                         This is write-only value. It always returns 'disable' on request"
            DEFVAL { disable }
            ::={ agentPortSecurityGroup 5 }
                 
    --**************************************************************************************
    -- agentPortSecurity   Traps
    --
    --**************************************************************************************

    agentPortSecurityTraps                           OBJECT IDENTIFIER ::= { fastPathPortSecurity 2 }

    agentPortSecurityViolation NOTIFICATION-TYPE
        OBJECTS {
                 ifIndex,
                 agentPortSecurityLastDiscardedMAC
                }
        STATUS  current
        DESCRIPTION
            "Sent when a packet is received on a locked port with a source MAC address 
             that is not allowed."
         ::= { agentPortSecurityTraps 1 }



END
