- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
03-HH3C-PORT-SECURITY-MIB | 106.58 KB |
Contents
HH3C-PORT-SECURITY-MIB
About this MIB
Use this MIB to implement port security.
MIB file name
hh3c-port-security.mib
Root object
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).hh3c(25506).hh3cCommon(2).hh3cPortSecurity(26).hh3cPortSecurityMIB(1)
Scalar objects
hh3cSecurePortSecurity
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
hh3cSecurePortSecurityControl (1.3.6.1.4.1.25506.2.26.1.1.1) |
read-write |
INTEGER |
enabled(1), disabled(2) |
Whether to enable port security. |
As per the MIB. |
hh3cSecurePortVlanMembershipList (1.3.6.1.4.1.25506.2.26.1.1.2) |
accessible-for-notify |
DisplayString |
OCTET STRING (0..255) |
VLAN IDs assigned to each port, which are used by notifications. |
As per the MIB. |
hh3cSecureRalmObjects
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
hh3cSecureRalmDefaultSessionTime (1.3.6.1.4.1.25506.2.26.1.1.4.1) |
read-write |
INTEGER |
INTEGER (1..1000000) |
Periodic MAC reauthentication interval. |
Not supported. |
hh3cSecureRalmHoldoffTime (1.3.6.1.4.1.25506.2.26.1.1.4.2) |
read-write |
INTEGER |
INTEGER (1..1000000) |
Quiet timer before a blocked (denied) MAC address can be reauthenticated. |
As per the MIB. |
hh3cSecureRalmReauthenticate (1.3.6.1.4.1.25506.2.26.1.1.4.3) |
read-write |
MacAddress |
OCTET STRING (6) |
Writing a MAC address to this object causes an immediate RALM reauthentication of this address. |
Not supported. |
hh3cSecureRalmAuthMode (1.3.6.1.4.1.25506.2.26.1.1.4.4) |
read-write |
INTEGER |
papUsernameAsMacAddress(1), papUsernameFixed(2) |
MAC authentication user account policy. |
If the value is set to papUsernameAsMacAddress(1), the MAC address of each user is used as both the username and password. If the value is set to papUsernameFixed(2), the username and password are from the h3cSecureRalmAuthUsername and h3cSecureRalmAuthPassword objects. In this mode, the MAC address of each user can be carried in the Calling-Station-Id attribute of RADIUS packets. The hh3cSecureRalmAuthMode object supports the get and set operations. |
hh3cSecureRalmAuthUsername (1.3.6.1.4.1.25506.2.26.1.1.4.5) |
read-write |
DisplayString |
OCTET STRING (1..80) |
Username. |
Length: 1 to 55 characters. The username cannot contain a space or an at sign (@). |
hh3cSecureRalmAuthPassword (1.3.6.1.4.1.25506.2.26.1.1.4.6) |
read-write |
DisplayString |
OCTET STRING (1..63) |
Password. |
Supports only the plaintext form. |
hh3cSecureRalmAuthDomain (1.3.6.1.4.1.25506.2.26.1.1.4.7) |
read-write |
DisplayString |
OCTET STRING (1..255) |
Domain used only by MAC authentication users. |
As per the MIB. |
hh3cSecureRalmAuthOfflineTime (1.3.6.1.4.1.25506.2.26.1.1.4.8) |
read-write |
Integer32 |
Integer32 (60..2147483647) |
MAC authentication offline detect timer. This timer sets the interval that the device must wait for traffic from a user before the device determines that the user is idle. If the device has not received traffic from a user before the timer expires, the device logs off that user and requests the accounting server to stop accounting for the user. |
As per the MIB. |
hh3cSecureRalmAuthServerTimeoutTime (1.3.6.1.4.1.25506.2.26.1.1.4.9) |
read-write |
INTEGER |
INTEGER (1..65535) |
Server timeout timer. This timer sets the interval that the device waits for a response from a RADIUS server before the device determines that the RADIUS server is unavailable. |
Value range: 100 to 300 seconds. |
hh3cSecureMacControl (1.3.6.1.4.1.25506.2.26.1.1.4.10) |
read-write |
TruthValue |
enabled(1), disabled(2) |
Whether to enable MAC authentication globally. |
As per the MIB. |
Tabular objects
hh3cSecurePortTable
About this table
Use this table to configure or obtain security attributes on each port.
Support for operations
Create |
Edit/Modify |
Delete |
Read |
Not supported |
Supported |
Not supported |
Supported |
Columns
The table index is hh3cDomainName.
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
hh3cSecurePortMode (1.3.6.1.4.1.25506.2.26.1.2.1.1.1) |
read-write |
INTEGER |
noRestrictions(1), continuousLearning(2), autoLearn(3), secure(4), userLogin(5), userLoginSecure(6), userLoginWithOUI(7), macAddressWithRadius(8), macAddressOrUserLoginSecure(9), macAddressElseUserLoginSecure(10), userLoginSecureExt(11), macAddressOrUserLoginSecureExt(12), macAddressElseUserLoginSecureExt(13), macAddressAndUserLoginSecure(14), macAddressAndUserLoginSecureExt(15) |
Port security mode of a port. |
The continuousLearning mode is not supported. |
hh3cSecureNeedToKnowMode (1.3.6.1.4.1.25506.2.26.1.2.1.1.2) |
read-write |
INTEGER |
notAvailable(1), disabled(2), needToKnowOnly(3), needToKnowWithBroadcastsAllowed(4), needToKnowWithMulticastsAllowed(5), permanentNeedToKnowOnly(6), permanentNeedToKnowWithBroadcastsAllowed(7), permanentNeedToKnowWithMulticastsAllowed(8) |
This object determines which frames are allowed to pass through the port by detecting the destination MAC addresses of the frames. |
As per the MIB. |
hh3cSecureIntrusionAction (1.3.6.1.4.1.25506.2.26.1.2.1.1.3) |
read-write |
INTEGER |
notAvailable(1), noAction(2), disablePort(3), disablePortTemporarily(4), allowDefaultAccess(5), blockMacAddress(6) |
Intrusion protection action to take when intrusion protection detects illegal frames on the port by detecting the source MAC addresses of the frames. |
The allowDefaultAccess ation is not supported. |
hh3cSecureNumberAddresses (1.3.6.1.4.1.25506.2.26.1.2.1.1.4) |
read-write |
Integer32 |
Standard MIB values. |
Maximum number of MAC addresses that the port can learn or store. |
As per the MIB. |
hh3cSecureNumberAddressesStored (1.3.6.1.4.1.25506.2.26.1.2.1.1.5) |
read-only |
INTEGER |
Standard MIB values. |
Number of MAC addresses that the port has learned or stored. |
As per the MIB. |
hh3cSecureMaximumAddresses (1.3.6.1.4.1.25506.2.26.1.2.1.1.6) |
read-only |
INTEGER |
Standard MIB values. |
Maximum value that the hh3cSecureNumberAddresses object supports. |
As per the MIB. |
hh3cSecureAddressTable
About this table
Use this table to configure or obtain information about MAC addresses on each port.
Support for operations
Create |
Edit/Modify |
Delete |
Read |
Not supported |
Supported |
Not supported |
Supported |
Columns
The table indexes are ifIndex, hh3cSecureAddrMAC, and hh3cSecureAddrVlanID.
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
hh3cSecureAddrMAC (1.3.6.1.4.1.25506.2.26.1.2.2.1.1) |
accessible-for-notify |
MacAddress |
Standard MIB values. |
MAC address on a port. |
Not supported. |
hh3cSecureAddrVlanID (1.3.6.1.4.1.25506.2.26.1.2.2.1.2) |
not-accessible |
Integer32 |
Standard MIB values. |
VLAN ID of the MAC address. |
Not supported. |
hh3cSecureAddrMACStatus (1.3.6.1.4.1.25506.2.26.1.2.2.1.3) |
read-create |
INTEGER |
addressBlackhole(1), addressUserConfig(2), addressDot1xAuth(3), addressRALM(4) |
MAC address attribute. |
Not supported. |
hh3cSecureAddrRowStatus (1.3.6.1.4.1.25506.2.26.1.2.2.1.4) |
read-create |
RowStatus |
active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) |
Row status. |
As per the MIB. |
hh3cSecureOUITable
About this table
Use this table to configure or obtain Organizationally Unique Identifier (OUI) values.
Support for operations
Create |
Edit/Modify |
Delete |
Read |
Supported |
Supported |
Supported |
Supported |
Columns
The table index is hh3cSecureOUIIndex.
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
hh3cSecureOUIIndex (1.3.6.1.4.1.25506.2.26.1.2.3.1.1) |
not-accessible |
INTEGER |
INTEGER (1..1024) |
OUI index |
1..16 |
hh3cSecureOUI (1.3.6.1.4.1.25506.2.26.1.2.3.1.2) |
read-create |
OCTET STRING |
OCTET STRING (3) |
OUI value. |
As per the MIB. |
hh3cSecureOUIRowStatus (1.3.6.1.4.1.25506.2.26.1.2.3.1.3) |
read-create |
RowStatus |
active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) |
Row status. |
As per the MIB. |
hh3cSecureBindingTable
About this table
Use this table to configure or obtain information about port, IP address, and MAC address binding entries.
Support for operations
Create |
Edit/Modify |
Delete |
Read |
Supported |
Supported |
Supported |
Supported |
Columns
The table index is hh3cSecureBindingIndex.
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
hh3cSecureBindingIndex (1.3.6.1.4.1.25506.2.26.1.2.4.1.1) |
not-accessible |
Integer32 |
Standard MIB values. |
Index of a binding entry. |
Not supported. |
hh3cSecureBindingPort (1.3.6.1.4.1.25506.2.26.1.2.4.1.2) |
read-create |
Integer32 |
Standard MIB values. |
Port index in the binding entry. |
Not supported. |
hh3cSecureBindingAddrMAC (1.3.6.1.4.1.25506.2.26.1.2.4.1.3) |
read-create |
MacAddress |
Standard MIB values. |
MAC address in the binding entry. |
Not supported. |
hh3cSecureBindingAddrIp (1.3.6.1.4.1.25506.2.26.1.2.4.1.4) |
read-create |
IpAddress |
Standard MIB values. |
IP address in the binding entry. |
Not supported. |
hh3cSecureBindingRowStatus (1.3.6.1.4.1.25506.2.26.1.2.4.1.5) |
read-create |
RowStatus |
active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) |
Row status. |
Not supported. |
hh3cSecureAssignTable
About this table
Use this table to configure or obtain information about port assignment.
Support for operations
Create |
Edit/Modify |
Delete |
Read |
Not supported |
Supported |
Not supported |
Supported |
Columns
The table index is ifIndex.
Object (OID) |
Access |
Syntax |
Value range |
Description |
Implementation |
hh3cSecureAssignEnable (1.3.6.1.4.1.25506.2.26.1.2.5.1.1) |
read-write |
TruthValue |
true(1), false(2) |
Whether to apply the authorization attributes received from the server to a port. |
As per the MIB. |
hh3cSecureVlanAssignment (1.3.6.1.4.1.25506.2.26.1.2.5.1.2) |
read-only |
OCTET STRING |
OCTET STRING (0..255) |
Authorization VLAN information (including VLAN IDs and the tagged or untagged attribute) assigned by the server to the port. |
As per the MIB. |
Notifications
hh3cSecureAddressLearned
Basic information
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
1.3.6.1.4.1.25506. 2.26.1.3.1 |
A new secure MAC address was learned. |
Informational |
N/A |
N/A |
ON |
Description
This notification is generated when a new secure MAC address is learned.
Status control
ON
CLI: Use the snmp-agent trap enable port-security address-learned command.
OFF
CLI: Use the undo snmp-agent trap enable port-security address-learned command.
Objects
OID (object name) |
Description |
Index |
Type |
Value range |
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
Yes |
INTEGER |
1.. 2147483647 |
1.3.6.1.4.1.25506.2.26.1.2.2.1.1(hh3cSecureAddrMAC) |
Learned MAC address. |
Yes |
MacAddress |
Standard MIB values. |
Recommended action
No action is required.
hh3cSecureViolation
Basic information
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
1.3.6.1.4.1.25506. 2.26.1.3.2 |
Intrusion protection event occurred. |
Informational |
N/A |
N/A |
ON |
Description
This notification is generated when an intrusion protection event occurs.
Status control
ON
CLI: Use the snmp-agent trap enable port-security intrusion command.
OFF
CLI: Use the undo snmp-agent trap enable port-security intrusion command.
Objects
OID (object name) |
Description |
Index |
Type |
Value range |
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
Yes |
Integer32 |
1.. 2147483647 |
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
MAC address. |
Yes |
MacAddress |
Standard MIB values. |
1.3.6.1.2.1.2.2.1.7 (ifAdminStatus) |
Link layer status. |
No |
INTEGER |
up(1) down(2) testing(3) |
Recommended action
No action is required.
hh3cSecureLoginFailure
Basic information
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
1.3.6.1.4.1.25506. 2.26.1.3.3 |
An 802.1X user failed authentication. |
Informational |
N/A |
N/A |
ON |
Description
This notification is generated when an 802.1X user fails authentication.
Status control
ON
CLI: Use the snmp-agent trap enable port-security dot1x-failure command.
OFF
CLI: Use the undo snmp-agent trap enable port-security dot1x-failure command.
Objects
OID (object name) |
Description |
Index |
Type |
Value range |
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
Yes |
InterfaceIndex |
Integer32(1..2147483647) |
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
Yes |
MacAddress |
Standard MIB values. |
1.0.8802.1.1.1.1.2.4.1.9 (dot1xAuthSessionUserName) |
Authentication user name. |
Yes |
SnmpAdminString |
OCTET STRING(SIZE (0..255)) |
Recommended action
No action is required.
hh3cSecureLogon
Basic information
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
1.3.6.1.4.1.25506. 2.26.1.3.4 |
An 802.1X user logged on. |
Informational |
N/A |
N/A |
ON |
Description
A notification is generated when an 802.1X user logs on.
Status control
ON
CLI: Use the snmp-agent trap enable port-security dot1x-logon command.
OFF
CLI: Use the undo snmp-agent trap enable port-security dot1x-logon command.
Objects
OID (object name) |
Description |
Index |
Type |
Value range |
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
Yes |
Integer32 |
Integer32(1..2147483647) |
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
Yes |
MacAddress |
Standard MIB values. |
1.0.8802.1.1.1.1.2.4.1.9 (dot1xAuthSessionUserName) |
Username. |
Yes |
SnmpAdminString |
OCTET STRING(SIZE (0..255)) |
1.0.8802.1.1.1.1.2.4.1.6 (dot1xAuthSessionAuthenticMethod) |
Authentication method. |
No |
INTEGER |
remoteAuthServer(1) localAuthServer(2) |
1.3.6.1.4.1.25506.2.26.1.1.2(hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session activation. |
No |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
hh3cSecureLogoff
Basic information
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
1.3.6.1.4.1.25506.2.26.1.3.5 |
An 802.1X user logged off. |
Informational |
N/A |
N/A |
ON |
Description
This notification is generated when an 802.1X user logs off.
Status control
ON
CLI: Use the snmp-agent trap enable port-security dot1x-logoff command.
OFF
CLI: Use the undo snmp-agent trap enable port-security dot1x-logoff command.
Objects
OID (object name) |
Description |
Index |
Type |
Value range |
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index |
Yes |
Integer32 |
Integer32(1..2147483647) |
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
Yes |
MacAddress |
Standard MIB values. |
1.0.8802.1.1.1.1.2.4.1.9 (dot1xAuthSessionUserName) |
Username. |
Yes |
SnmpAdminString |
OCTET STRING(SIZE (0.. 255)) |
1.0.8802.1.1.1.1.2.4.1.8(dot1xAuthSessionTerminateCause) |
802.1X session termination cause. |
No |
INTEGER |
supplicantLogoff(1) portFailure(2) supplicantRestart(3) reauthFailed(4) authControlForceUnauth(5) portReInit(6) portAdminDisabled(7) notTerminatedYet(999) |
1.3.6.1.4.1.25506.2.26.1.1.2(hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session termination. |
No |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
hh3cSecureRalmLoginFailure
Basic information
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
1.3.6.1.4.1.25506.2.26.1.3.6 |
A MAC authentication user failed authentication. |
Informational |
N/A |
N/A |
ON |
Description
This notification is generated when a MAC authentication user fails authentication.
Status control
ON
CLI: Use the snmp-agent trap enable port-security mac-auth-failure command.
OFF
CLI: Use the undo snmp-agent trap enable port-security mac-auth-failure command.
Objects
OID (object name) |
Description |
Index |
Type |
Value range |
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
Yes |
Integer32 |
1.. 2147483647 |
1.3.6.1.4.1.25506.2.26.1.2.2.1.1(hh3cSecureAddrMAC) |
User MAC address. |
Yes |
MacAddress |
Standard MIB values. |
1.3.6.1.4.1.25506.2.26.1.1.4.4(hh3cSecureRalmAuthMode) |
User account policy. |
No |
INTEGER |
papUsernameAsMacAddress(1) papUsernameFixed(2) |
1.3.6.1.4.1.25506.2.26.1.1.4.5(hh3cSecureRalmAuthUsername) |
Authentication user name. |
No |
DisplayString |
OCTET STRING (1..80) |
Recommended action
No action is required.
hh3cSecureRalmLogon
Basic information
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
1.3.6.1.4.1.25506. 2.26.1.3.7 |
A MAC authentication user logged on. |
Informational |
N/A |
N/A |
ON |
Description
This notification is generated when a MAC authentication user logs on.
Status control
ON
CLI: Use the snmp-agent trap enable port-security mac-auth-logon command.
OFF
CLI: Use the undo snmp-agent trap enable port-security mac-auth-logon command.
Objects
OID (object name) |
Description |
Index |
Type |
Value range |
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
Yes |
Integer32 |
1.. 2147483647 |
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
User MAC address. |
Yes |
MacAddress |
Standard MIB values. |
1.3.6.1.4.1.25506.2.26.1.1.4.4(hh3cSecureRalmAuthMode) |
User account policy. |
No |
INTEGER |
papUsernameAsMacAddress(1) papUsernameFixed(2) |
1.3.6.1.4.1.25506.2.26.1.1.4.5(hh3cSecureRalmAuthUsername) |
Authentication user name. |
No |
DisplayString |
OCTET STRING (1..80) |
1.3.6.1.4.1.25506.2.26.1.1.2(hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session activation. |
No |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.
hh3cSecureRalmLogoff
Basic information
OID |
Event |
Type |
Severity |
Recovery notification |
Default status |
1.3.6.1.4.1.25506. 2.26.1.3.8 |
A MAC authentication user logged off. |
Informational |
N/A |
N/A |
ON |
Description
This notification is generated when a MAC authentication user logs off.
Status control
ON
CLI: Use the snmp-agent trap enable port-security mac-auth-logoff command.
OFF
CLI: Use the undo snmp-agent trap enable port-security mac-auth-logoff command.
Objects
OID (object name) |
Description |
Index |
Type |
Value range |
1.3.6.1.2.1.2.2.1.1 (ifIndex) |
Port index. |
Yes |
Integer32 |
0..2147483647 |
1.3.6.1.4.1.25506.2.26.1.2.2.1.1 (hh3cSecureAddrMAC) |
Secure MAC address. |
Yes |
MacAddress |
Standard MIB values. |
1.3.6.1.4.1.25506.2.26.1.1.4.4(hh3cSecureRalmAuthMode) |
User account policy. |
No |
INTEGER |
papUsernameAsMacAddress(1) papUsernameFixed(2) |
1.3.6.1.4.1.25506.2.26.1.1.4.5(hh3cSecureRalmAuthUsername) |
Authentication user name. |
No |
DisplayString |
OCTET STRING (1..80) |
1.3.6.1.4.1.25506.2.26.1.1.2(hh3cSecurePortVlanMembershipList) |
VLAN membership assigned to the port on session termination. |
No |
DisplayString |
OCTET STRING (0..255) |
Recommended action
No action is required.