1-- ***************************************************************** 2-- CISCO-HARDWARE-IP-VERIFY-MIB.my 3-- 4-- June 2012, Yan Gao, Liang Mei 5-- 6-- Copyright (c) 2012 by Cisco Systems, Inc. 7-- All rights reserved. 8-- ***************************************************************** 9 10CISCO-HARDWARE-IP-VERIFY-MIB DEFINITIONS ::= BEGIN 11 12IMPORTS 13 MODULE-IDENTITY, 14 OBJECT-TYPE, 15 Counter64 16 FROM SNMPv2-SMI 17 MODULE-COMPLIANCE, 18 OBJECT-GROUP 19 FROM SNMPv2-CONF 20 ciscoMgmt 21 FROM CISCO-SMI; 22 23ciscoHardwareIpVerifyMIB MODULE-IDENTITY 24 LAST-UPDATED "201209040000Z" 25 ORGANIZATION "Cisco Systems, Inc." 26 CONTACT-INFO 27 "Cisco Systems 28 Customer Service 29 30 Postal: 170 W Tasman Drive 31 San Jose, CA 95134 32 USA 33 34 Tel: +1 800 553-NETS 35 36 E-mail: cs-lan-switch-snmp@cisco.com" 37 DESCRIPTION 38 "This MIB module defines management objects for 39 configuration and monitoring of the Intrusion 40 Detection System (IDS) that checks for IP packet 41 verification. 42 43 The following terms are used throughout the MIB: 44 IDS: Intrusion Detection System 45 CRC: Cyclic Redundancy Check 46 DF: Don't Fragment 47 " 48 49 REVISION "201209040000Z" 50 DESCRIPTION 51 "Initial version of this MIB module." 52 ::= { ciscoMgmt 804 } 53 54 55ciscoHardwareIpVerifyMIBNotifs OBJECT IDENTIFIER 56 ::= { ciscoHardwareIpVerifyMIB 0 } 57 58ciscoHardwareIpVerifyMIBObjects OBJECT IDENTIFIER 59 ::= { ciscoHardwareIpVerifyMIB 1 } 60 61ciscoHardwareIpVerifyMIBConform OBJECT IDENTIFIER 62 ::= { ciscoHardwareIpVerifyMIB 2 } 63 64-- -------------------------------------------------------------- 65-- Objects to manage IP packet verification Information 66-- -------------------------------------------------------------- 67 68chivIpVerifyTable OBJECT-TYPE 69 SYNTAX SEQUENCE OF ChivIpVerifyEntry 70 MAX-ACCESS not-accessible 71 STATUS current 72 DESCRIPTION 73 "A list of IDS check configuration and statistical information 74 for each IP type and each IDS check type on the management 75 device." 76 ::= { ciscoHardwareIpVerifyMIBObjects 1 } 77 78chivIpVerifyEntry OBJECT-TYPE 79 SYNTAX ChivIpVerifyEntry 80 MAX-ACCESS not-accessible 81 STATUS current 82 DESCRIPTION 83 "An entry contains the IDS packet check configuration 84 information and the associated counters." 85 INDEX { 86 chivIpVerifyCheckIpType, 87 chivIpVerifyCheckTypeName 88 } 89 ::= { chivIpVerifyTable 1 } 90 91ChivIpVerifyEntry ::= SEQUENCE { 92 chivIpVerifyCheckIpType INTEGER, 93 chivIpVerifyCheckTypeName INTEGER, 94 chivIpVerifyCheckStatus INTEGER, 95 chivIpVerifyPacketsDropped Counter64 96} 97 98chivIpVerifyCheckIpType OBJECT-TYPE 99 SYNTAX INTEGER { 100 ipv4(1), -- IPv4 101 ipv6(2) -- IPv6 102 } 103 MAX-ACCESS not-accessible 104 STATUS current 105 DESCRIPTION 106 "This object indicates the IP address type for 107 IDS packet check." 108 ::= { chivIpVerifyEntry 1 } 109 110chivIpVerifyCheckTypeName OBJECT-TYPE 111 SYNTAX INTEGER { 112 addressSrcBroadcast(1), 113 addressSrcMulticast(2), 114 addressDestZero(3), 115 addressIdentical(4), 116 addressSrcReserved(5), 117 addressClassE(6), 118 checksum(7), 119 protocol(8), 120 fragment(9), 121 lengthMinimum(10), 122 lengthConsistent(11), 123 lengthMaximumFragment(12), 124 lengthMaximumUdp(13), 125 lengthMaximumTcp(14), 126 tcpFlags(15), 127 tcpTinyFlags(16), 128 version(17) 129 } 130 MAX-ACCESS not-accessible 131 STATUS current 132 DESCRIPTION 133 "This object indicates the IDS packet check type 134 which can be configured on the device. Each check type 135 is a specific criteria. Those IP packets 136 that matches the certain criteria are dropped. 137 138 addressSrcBroadcast(1) 139 Drop the IPv4 packet if the source 140 address is a broadcast IPv4 address. 141 142 addressSrcMulticast(2) 143 Drop the IPv4 packet if the source 144 address is a multicast IPv4 address. 145 146 addressDestZero(3) 147 Drop the IPv4 packet if the destination 148 address is 0.0.0.0. 149 150 addressIdentical(4) 151 Drop the IPv4 packet if the source IPv4 152 address is identical to destination IPv4 153 address. 154 155 addressSrcReserved(5) 156 Drop the IPv4 packet if the source address 157 is a reserved IPv4 address. 158 159 addressClassE(6) 160 Drop the IPv4 packet if either the source 161 address or destination address is a class E 162 IPv4 address. 163 164 checksum(7) 165 Drops the IPv4 packet if its checksum is invalid. 166 167 protocol(8) 168 Drop the IPv4 packet if the packet fragment 169 has an invalid IP protocol number 170 171 fragment(9) 172 Drop the IPv4 packet if the packet fragment 173 has a nonzero offset and the DF bit is active. 174 175 lengthMinimum(10) 176 Drop the IPv4 packet if the Ethernet frame 177 length is less than the IP packet length plus 178 four octets (the CRC length). 179 180 lengthConsistent(11) 181 Drop the IPv4 or IPv6 packet where the Ethernet 182 frame size is greater than or equal to the IP packet 183 length plus the Ethernet header. 184 185 lengthMaximumFragment(12) 186 Drop the IPv4 or IPv6 packet if the maximum 187 fragment offset is greater than 65536. 188 189 lengthMaximumUdp(13) 190 Drop the IPv4 or IPv6 packet if the IP payload 191 length is less than the UDP packet length. 192 193 lengthMaximumTcp(14) 194 Drop the IPv4 or IPv6 packet if the TCP length 195 is greater than the IP payload length. 196 197 tcpFlags(15) 198 Drop the IPv4 packet if verification of TCP 199 packet header fails. 200 201 tcpTinyFlags(16) 202 Drop the IPv4 or IPv6 packet if the IP fragment 203 offset is 1, or if the IP fragment offset is 0 204 and the IP payload length is less than 16. 205 206 version(17) 207 Drop the IPv4 packet if the Ethertype is not 208 set to 4 (IPv4); and drops the IPv6 packet if 209 the Ethertype is not set to 6 (IPv6)." 210 211 ::= { chivIpVerifyEntry 2 } 212 213chivIpVerifyCheckStatus OBJECT-TYPE 214 SYNTAX INTEGER { 215 disabled(1), 216 enabled(2) 217 } 218 MAX-ACCESS read-write 219 STATUS current 220 DESCRIPTION 221 "This object specifies the IDS packet check configuration 222 status." 223 ::= { chivIpVerifyEntry 3 } 224 225chivIpVerifyPacketsDropped OBJECT-TYPE 226 SYNTAX Counter64 227 MAX-ACCESS read-only 228 STATUS current 229 DESCRIPTION 230 "This object indicates the number of packets which has 231 been dropped." 232 ::= { chivIpVerifyEntry 4 } 233 234 235-- Conformance Information 236 237ciscoHardwareIpVerifyMIBCompliances OBJECT IDENTIFIER 238 ::= { ciscoHardwareIpVerifyMIBConform 1 } 239 240ciscoHardwareIpVerifyMIBGroups OBJECT IDENTIFIER 241 ::= { ciscoHardwareIpVerifyMIBConform 2 } 242 243-- Compliance statements 244 245ciscoHardwareIpVerifyMIBCompliance MODULE-COMPLIANCE 246 STATUS current 247 DESCRIPTION 248 "The compliance statement for the 249 CISCO-HARDWARE-IP-VERIFY-MIB." 250 MODULE -- this module 251 MANDATORY-GROUPS { 252 ciscoHardwareIpVerifyMIBStatisticGroup 253 } 254 255 OBJECT chivIpVerifyCheckStatus 256 MIN-ACCESS read-only 257 DESCRIPTION 258 "Write access is not required." 259 260 ::= { ciscoHardwareIpVerifyMIBCompliances 1 } 261 262-- Units of Conformance 263 264ciscoHardwareIpVerifyMIBStatisticGroup OBJECT-GROUP 265 OBJECTS { 266 chivIpVerifyCheckStatus, 267 chivIpVerifyPacketsDropped 268 } 269 STATUS current 270 DESCRIPTION 271 "A collection of objects that provides configuration 272 and statistical information for IDS packet check." 273 ::= { ciscoHardwareIpVerifyMIBGroups 1 } 274 275END 276 277 278 279