--**MOD+************************************************************************
--* Module:    ARUBAWIRED-PORTSECURITY-MIB : Port Security MIB file
--*
--* (c) Copyright 2021 Hewlett Packard Enterprise Development LP
--* All Rights Reserved.
--*
--* The contents of this software are proprietary and confidential
--* to the Hewlett-Packard Development Company, L.P.  No part of this
--* program may be photocopied, reproduced, or translated into another
--* programming language without prior written consent of the
--* Hewlett-Packard Development Company, L.P.
--*
--* Purpose: This file contains MIB definition of ARUBAWIRED-PORTSECURITY-MIB
--*
--**MOD-************************************************************************

ARUBAWIRED-PORTSECURITY-MIB DEFINITIONS ::= BEGIN
IMPORTS
            MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
            Counter32, Unsigned32
                 FROM SNMPv2-SMI
            DisplayString, TruthValue, MacAddress, RowStatus, TEXTUAL-CONVENTION
                 FROM  SNMPv2-TC
            MODULE-COMPLIANCE , OBJECT-GROUP, NOTIFICATION-GROUP
                 FROM SNMPv2-CONF
            wndFeatures
              FROM ARUBAWIRED-NETWORKING-OID;

arubaWiredPortSecurityMIB MODULE-IDENTITY
        LAST-UPDATED "202110200000Z" -- October 20, 2021
        ORGANIZATION "HPE/Aruba Networking Division"
        CONTACT-INFO "Hewlett Packard Enterprise
                          3000 Hanover St.
                          Palo Alto, CA 94304-1112"
        DESCRIPTION
                     "This MIB module for Port Security"
        REVISION     "202110200000Z" -- October 20, 2021
        DESCRIPTION
                     "Initial version of this MIB module"
        ::= { wndFeatures 21 }


  -- Top-level structure of MIB
     arubaWiredPortSecurityNotifications  OBJECT IDENTIFIER ::= { arubaWiredPortSecurityMIB 0}
     arubaWiredPortSecurityObjects        OBJECT IDENTIFIER ::= { arubaWiredPortSecurityMIB 1}
     arubaWiredPortSecurityGlobalObjects  OBJECT IDENTIFIER ::= { arubaWiredPortSecurityObjects 1}
     arubaWiredPortSecurityPortObjects  OBJECT IDENTIFIER ::= { arubaWiredPortSecurityObjects 2}

     -- textual conventions

     VidList ::= TEXTUAL-CONVENTION
     DISPLAY-HINT "512x"
     STATUS      current
     DESCRIPTION
        "Each octet within this value specifies a set of eight
        VLAN index (VID), with the first octet specifying VIDs 1
        through 8, the second octet specifying VIDs 9 through 16,
        etc.  Within each octet, the most significant bit represents
        the lowest numbered VID, and the least significant bit
        represents the highest numbered VID.  Thus, each VID
        is represented by a single bit within the value of this
        object.  If that bit has a value of 1 then that VID is
        included in the set of VIDs; the VID is not included if its
        bit has a value of 0.  This list represents the entire
        range of VLAN index values defined in the scope of IEEE
        802.1Q."
     SYNTAX      OCTET STRING (SIZE (512))

     ArubaWiredPortSecurityMacAddrType ::= TEXTUAL-CONVENTION
     STATUS       current
     DESCRIPTION
                  "These are the different type of secure mac addresss.

                  dynamic(0) - A secure MAC address which is
                               learned on the switch.
                  static(1) - A secure MAC address which is
                              configured by user.
                  stickyDynamic(2) - A secure MAC address which is learned on
                                      the switch and sticks to the port.
                  stickyStatic(3) -  A secure MAC address which is configured
                                      by user and sticks to the port."
     SYNTAX INTEGER {
         dynamic(0),
         static(1),
         stickyDynamic(2),
         stickyStatic(3)
     }

     -- Port Security Global Configuration Objects

     arubaWiredPortSecurityGlobalEnable OBJECT-TYPE
          SYNTAX          TruthValue
          MAX-ACCESS      read-write
          STATUS          current
          DESCRIPTION     "Indicates whether Port Security is enabled or
                           disabled. By default this object will have a
                           value of false."
          DEFVAL          { false }
        ::= { arubaWiredPortSecurityGlobalObjects 1 }

     -- Port Security Port Configuration Table

     arubaWiredPortSecurityPortTable OBJECT-TYPE
          SYNTAX          SEQUENCE OF ArubaWiredPortSecurityPortEntry
          MAX-ACCESS      not-accessible
          STATUS          current
          DESCRIPTION
                "A list of port security configuration and status entries.
                The number of entries is determined by the number of
                ports in the system that can support the
                port security feature.  Ports that are not
                port security capable will not be displayed
                in this table.  This table includes ports
                on which port security parameters can be set even
                if port security feature itself cannot be enabled
                due to conflict with other features."
          ::= { arubaWiredPortSecurityPortObjects 1 }

     arubaWiredPortSecurityPortEntry OBJECT-TYPE
          SYNTAX          ArubaWiredPortSecurityPortEntry
          MAX-ACCESS      not-accessible
          STATUS          current
          DESCRIPTION
               "Port Security configuration information for a single port."
          INDEX           { arubaWiredifIndex }
          ::= { arubaWiredPortSecurityPortTable 1 }

     ArubaWiredPortSecurityPortEntry ::= SEQUENCE {
          arubaWiredifIndex                          Unsigned32,
          arubaWiredPortSecurityEnable               TruthValue,
          arubaWiredClientLimit                      Unsigned32,
          arubaWiredCurrentSecureMacAddrCount        Unsigned32,
          arubaWiredViolationAction                  INTEGER,
          arubaWiredClientViolationStatus            TruthValue,
          arubaWiredClientViolationReason            INTEGER,
          arubaWiredClientLimitViolationCount        Counter32,
          arubaWiredStickyClientMoveViolationCount   Counter32,
          arubaWiredRecoveryTimer                    Unsigned32,
          arubaWiredShutdownRecovery                 TruthValue,
          arubaWiredStickyEnable                     TruthValue
     }

     arubaWiredifIndex OBJECT-TYPE
             SYNTAX          Unsigned32 (0..4294967295)
             MAX-ACCESS      read-only
             STATUS          current
             DESCRIPTION     "Indicates the unique port index."
             ::= { arubaWiredPortSecurityPortEntry 1 }

     arubaWiredPortSecurityEnable OBJECT-TYPE
             SYNTAX          TruthValue
             MAX-ACCESS      read-write
             STATUS          current
             DESCRIPTION     "This object indicates whether port security
                              feature is enabled on a port. The default value
                              is false."
             DEFVAL          { false }
             ::= { arubaWiredPortSecurityPortEntry 2 }

     arubaWiredClientLimit OBJECT-TYPE
             SYNTAX        Unsigned32 (1..64)
             MAX-ACCESS    read-write
             STATUS        current
             DESCRIPTION   "The maximum number (N) of MAC addresss to be
                           secured on the interface. The first N MAC
                           addresss learned or configured are made secured."
             DEFVAL          { 1 }
             ::= { arubaWiredPortSecurityPortEntry 3 }

     arubaWiredCurrentSecureMacAddrCount OBJECT-TYPE
             SYNTAX        Unsigned32 (0..64)
             MAX-ACCESS    read-only
             STATUS        current
             DESCRIPTION   "The current number of MAC addresss secured
                           on this interface."
             ::= { arubaWiredPortSecurityPortEntry 4 }

     arubaWiredViolationAction  OBJECT-TYPE
             SYNTAX        INTEGER { notify(1), shutdown(2)}
             MAX-ACCESS    read-write
             STATUS        current
             DESCRIPTION   "Determines the action that the device will
                            take if the traffic matches the port security
                            violation.
                             notify(1) - Send an SNMP trap and log an event when
                                         a violation occurs.
                             shutdown(2) - Send an SNMP trap, log an event and
                                           shutdown the port when a violation
                                           occurs."
             DEFVAL          { 1 }
             ::= { arubaWiredPortSecurityPortEntry 5 }

     arubaWiredClientViolationStatus OBJECT-TYPE
             SYNTAX        TruthValue
             MAX-ACCESS    read-only
             STATUS        current
             DESCRIPTION   "Indicates whether this port is
                            currently in violation state or not."
             ::= { arubaWiredPortSecurityPortEntry 6 }

     arubaWiredClientViolationReason OBJECT-TYPE
             SYNTAX          INTEGER { none(0), clientLimitExceeded(1),
                                       stickyClientMove(2) }
             MAX-ACCESS      read-only
             STATUS          current
             DESCRIPTION     "This object represents the reason for violation.

                             none(0) - None of the violation is triggered.
                             clientLimitExceeded(1) - Indicates whether the
                             port is in a state where its client limit has been
                             violated. This will be reset when the client limit
                             reduces to below the threshold or the link goes
                             down.
                             stickyClientMove(2) - Indicates whether the port
                             is in a state where sticky mac client move has been
                             violated. This will be reset when the link goes
                             down."
             DEFVAL          { 0 }
             ::= { arubaWiredPortSecurityPortEntry 7 }

     arubaWiredClientLimitViolationCount  OBJECT-TYPE
             SYNTAX        Counter32
             MAX-ACCESS    read-only
             STATUS        current
             DESCRIPTION   "Number of client limit violations that have occurred
                            on this port since system boot."
             ::= { arubaWiredPortSecurityPortEntry 8 }

     arubaWiredStickyClientMoveViolationCount  OBJECT-TYPE
             SYNTAX        Counter32
             MAX-ACCESS    read-only
             STATUS        current
             DESCRIPTION   "Number of sticky mac client move violations that
                            have occurred on this port since system boot."
             ::= { arubaWiredPortSecurityPortEntry 9 }

     arubaWiredRecoveryTimer  OBJECT-TYPE
             SYNTAX        Unsigned32 (10..600)
             UNITS         "seconds"
             MAX-ACCESS    read-write
             STATUS        current
             DESCRIPTION   "Time in seconds after which the port will be
                           re-enabled if it was shutdown in response to a
                           violation event. This is only applicable if shutdown
                           recovery is enabled."
             DEFVAL        { 10 }
             ::= { arubaWiredPortSecurityPortEntry 10 }

     arubaWiredShutdownRecovery OBJECT-TYPE
             SYNTAX        TruthValue
             MAX-ACCESS    read-write
             STATUS        current
             DESCRIPTION   "Enable auto-recovery for the port. This is only
                            relevant when the violation action is set to
                            shutdown. The port is re-enabled after the recovery
                            timer has expired."
             DEFVAL        { false }
             ::= { arubaWiredPortSecurityPortEntry 11 }

     arubaWiredStickyEnable OBJECT-TYPE
             SYNTAX        TruthValue
             MAX-ACCESS    read-write
             STATUS        current
             DESCRIPTION   "Indicates whether port security sticky MAC learning
                            is enabled on this port. This is only supported on
                            physical ports."
             DEFVAL        { false }
             ::= { arubaWiredPortSecurityPortEntry 12 }

     -- Port Security Client Table.
     -- This table is used to display port security MAC addresss
     -- on a port.

     arubaWiredPortSecurityClientTable OBJECT-TYPE
          SYNTAX          SEQUENCE OF ArubaWiredPortSecurityClientEntry
          MAX-ACCESS      not-accessible
          STATUS          current
          DESCRIPTION
               "Information describing the port security
               clients."
          ::= { arubaWiredPortSecurityPortObjects 2 }

     arubaWiredPortSecurityClientEntry OBJECT-TYPE
          SYNTAX          ArubaWiredPortSecurityClientEntry
          MAX-ACCESS      not-accessible
          STATUS          current
          DESCRIPTION
               "Information describing the port security client."
          INDEX           { arubaWiredClientPortName, arubaWiredClientMac }
          ::= { arubaWiredPortSecurityClientTable 1 }

     ArubaWiredPortSecurityClientEntry ::= SEQUENCE {
          arubaWiredClientPortName
               DisplayString,
          arubaWiredClientMac
               MacAddress,
          arubaWiredClientAuthorizationState
               DisplayString,
          arubaWiredClientMacType
               ArubaWiredPortSecurityMacAddrType
     }

     arubaWiredClientPortName OBJECT-TYPE
          SYNTAX         DisplayString (SIZE (0..8))
          MAX-ACCESS     not-accessible
          STATUS         current
          DESCRIPTION    "The port ifIndex of the client"
          ::= { arubaWiredPortSecurityClientEntry 1 }

     arubaWiredClientMac OBJECT-TYPE
           SYNTAX       MacAddress
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION  "MAC address of the client"
           ::= { arubaWiredPortSecurityClientEntry 2 }

     arubaWiredClientAuthorizationState OBJECT-TYPE
           SYNTAX        DisplayString (SIZE (0..32))
           MAX-ACCESS    read-only
           STATUS        current
           DESCRIPTION   "State of the port security client."
           ::= { arubaWiredPortSecurityClientEntry 3 }

      arubaWiredClientMacType OBJECT-TYPE
           SYNTAX       ArubaWiredPortSecurityMacAddrType
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION  "The learnt type of the MAC address."
           ::= { arubaWiredPortSecurityClientEntry 4 }

     -- Port Security Port Static MAC Configuration Table

     arubaWiredPortSecurityMacCfgTable OBJECT-TYPE
          SYNTAX          SEQUENCE OF ArubaWiredPortSecurityMacCfgEntry
          MAX-ACCESS      not-accessible
          STATUS          current
          DESCRIPTION
                "A list of port security static MAC configuration entries."
          ::= { arubaWiredPortSecurityPortObjects 3 }

     arubaWiredPortSecurityMacCfgEntry OBJECT-TYPE
          SYNTAX          ArubaWiredPortSecurityMacCfgEntry
          MAX-ACCESS      not-accessible
          STATUS          current
          DESCRIPTION
               "Information describing the port security static MAC
                configuration entries."
          INDEX           { arubaWiredPortifIndex,  arubaWiredStaticMacType,
                            arubaWiredStaticClientMac}
          ::= { arubaWiredPortSecurityMacCfgTable 1 }

     ArubaWiredPortSecurityMacCfgEntry ::= SEQUENCE {
          arubaWiredPortifIndex                Unsigned32,
          arubaWiredStaticMacType              TruthValue,
          arubaWiredStaticClientMac            MacAddress,
          arubaWiredClientMacVidList           VidList,
          arubaWiredMacAddrRowStatus           RowStatus
     }

     arubaWiredPortifIndex OBJECT-TYPE
             SYNTAX          Unsigned32 (0..4294967295)
             MAX-ACCESS      not-accessible
             STATUS          current
             DESCRIPTION     "Indicates the unique port index."
             ::= { arubaWiredPortSecurityMacCfgEntry 1 }

     arubaWiredStaticMacType  OBJECT-TYPE
             SYNTAX        TruthValue
             MAX-ACCESS    not-accessible
             STATUS        current
             DESCRIPTION   "Determines the type of MAC address.
                             0 - The non sticky MAC address.
                             1 - The sticky MAC address."
             ::= { arubaWiredPortSecurityMacCfgEntry 2 }

     arubaWiredStaticClientMac OBJECT-TYPE
          SYNTAX       MacAddress
          MAX-ACCESS   not-accessible
          STATUS       current
          DESCRIPTION  "MAC address of the client."
          ::= { arubaWiredPortSecurityMacCfgEntry 3 }

     arubaWiredClientMacVidList  OBJECT-TYPE
             SYNTAX        VidList
             MAX-ACCESS    read-create
             STATUS        current
             DESCRIPTION   "List of VLANs on which this mac address
                            is configured."
             ::= { arubaWiredPortSecurityMacCfgEntry 4 }

     arubaWiredMacAddrRowStatus OBJECT-TYPE
             SYNTAX        RowStatus
             MAX-ACCESS    read-create
             STATUS        current
             DESCRIPTION
                  "This object is a conceptual row entry that allows adding
                   or deleting static port security mac entries on a port."
             ::= { arubaWiredPortSecurityMacCfgEntry 5 }

  -- arubaWiredPortSecurity Notifications
     arubaWiredPortSecurityViolationStatusChange NOTIFICATION-TYPE
         OBJECTS {
             arubaWiredifIndex,
             arubaWiredClientMac,
             arubaWiredClientViolationStatus,
             arubaWiredClientViolationReason
         }
         STATUS        current
         DESCRIPTION
                 "This notification is generated when a violation is triggered."
         ::= { arubaWiredPortSecurityNotifications 1 }

-- Conformance Information

     arubaWiredPortSecurityConformance OBJECT IDENTIFIER ::= { arubaWiredPortSecurityMIB 2 }
     arubaWiredPortSecurityGroups OBJECT IDENTIFIER ::= { arubaWiredPortSecurityConformance 1 }

     arubaWiredPortSecurityPortGroup OBJECT-GROUP
         OBJECTS {  arubaWiredifIndex,
                    arubaWiredPortSecurityEnable,
                    arubaWiredClientLimit,
                    arubaWiredCurrentSecureMacAddrCount,
                    arubaWiredViolationAction,
                    arubaWiredClientViolationStatus,
                    arubaWiredClientViolationReason,
                    arubaWiredClientLimitViolationCount,
                    arubaWiredStickyClientMoveViolationCount,
                    arubaWiredRecoveryTimer,
                    arubaWiredShutdownRecovery,
                    arubaWiredStickyEnable
                   }
        STATUS          current
        DESCRIPTION     "These objects are used for describing
                         Port Security port parameters"
        ::= { arubaWiredPortSecurityGroups 1 }

     arubaWiredPortSecurityClientGroup OBJECT-GROUP
         OBJECTS {  arubaWiredClientMac,
                    arubaWiredClientAuthorizationState,
                    arubaWiredClientMacType
                   }
        STATUS          current
        DESCRIPTION     "These objects are used for describing
                         Port Security Client parameters"
        ::= { arubaWiredPortSecurityGroups 2 }

     arubaWiredPortSecurityMacCfgGroup OBJECT-GROUP
         OBJECTS {  arubaWiredClientMacVidList,
                    arubaWiredMacAddrRowStatus
                   }
        STATUS          current
        DESCRIPTION     "These objects are used for describing
                         Port Security static mac parameters"
        ::= { arubaWiredPortSecurityGroups 3 }

     arubaWiredPortSecurityGlobalCfgGroup  OBJECT-GROUP
            OBJECTS       {
                           arubaWiredPortSecurityGlobalEnable
                          }
            STATUS        current
            DESCRIPTION   "These objects are used for describing
                           port security global configuration parameters"
            ::= { arubaWiredPortSecurityGroups 4 }

     arubaWiredPortSecurityNotificationsGroup NOTIFICATION-GROUP
         NOTIFICATIONS   {
                          arubaWiredPortSecurityViolationStatusChange
                         }
         STATUS      current
         DESCRIPTION "A collection of Port security notification objects."
         ::= { arubaWiredPortSecurityGroups 5 }

-- Compliance Statements

     arubaWiredPortSecurityCompliances OBJECT IDENTIFIER ::=
                    {arubaWiredPortSecurityConformance 2}

     arubaWiredPortSecurityCompliance MODULE-COMPLIANCE
          STATUS      current
          DESCRIPTION "The compliance statement for devices
                       with support of Port Access Clients"
          MODULE  -- this module
          MANDATORY-GROUPS { arubaWiredPortSecurityPortGroup,
                             arubaWiredPortSecurityClientGroup,
                             arubaWiredPortSecurityMacCfgGroup,
                             arubaWiredPortSecurityGlobalCfgGroup,
                             arubaWiredPortSecurityNotificationsGroup
                           }
          ::= { arubaWiredPortSecurityCompliances 1 }
END

