ENTERASYS-ANTI-SPOOF-MIB DEFINITIONS ::= BEGIN

--  enterasys-anti-spoof-mib.txt
--
--  Part Number:
--
--

--  This module provides authoritative definitions for Enterasys 
--  Networks' Anti-Spoof functionality.

--  Enterasys Networks reserves the right to make changes in this
--  specification and other information contained in this document
--  without prior notice.  The reader should consult Enterasys Networks
--  to determine whether any such changes have been made.
--
--  In no event shall Enterasys Networks be liable for any incidental,
--  indirect, special, or consequential damages whatsoever (including
--  but not limited to lost profits) arising out of or related to this
--  document or the information contained in it, even if Enterasys
--  Networks has been advised of, known, or should have known, the
--  possibility of such damages.
--
--  Enterasys Networks grants vendors, end-users, and other interested
--  parties a non-exclusive license to use this Specification in 
--  connection with the management of Enterasys Networks products.

--  Copyright January 2013 Enterasys Networks, Inc.

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE
        FROM SNMPv2-SMI
    Unsigned32, Counter32, Integer32
        FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, TruthValue, MacAddress
        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
        FROM SNMPv2-CONF
   SnmpAdminString
        FROM SNMP-FRAMEWORK-MIB
    ifIndex, InterfaceIndexOrZero, InterfaceIndex
        FROM IF-MIB
    InetAddress, InetAddressType
        FROM INET-ADDRESS-MIB
    EnabledStatus
        FROM P-BRIDGE-MIB
    etsysModules
        FROM ENTERASYS-MIB-NAMES;

etsysAntiSpoofMIB MODULE-IDENTITY
    LAST-UPDATED "201301151631Z"  -- Tue Jan 15 16:31 UTC 2013
    ORGANIZATION "Enterasys Networks, Inc."
    CONTACT-INFO
        "Postal:  Enterasys Networks
                  50 Minuteman Rd.
                  Andover, MA 01810-1008
                  USA
         Phone:   +1 978 684 1000
         E-mail:  support@enterasys.com
         WWW:     http://www.enterasys.com"
   
    DESCRIPTION
        "This MIB module defines a portion of the SNMP MIB under
         the Enterasys Networks enterprise OID pertaining to 
         configuration of the anti-spoofing feature."
    
    REVISION    "201301151631Z"  -- Tue Jan 15 16:31 UTC 2013
    DESCRIPTION "Updated informational front and back text sections."

    REVISION    "201210311355Z"  -- Wed Oct 31 1:55 UTC 2012
    DESCRIPTION "Initial version of this MIB module."
    ::= { etsysModules 96 } 

-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------
AntiSpoofPortAction ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "The possible actions that the anti-spoofing feature can
         take when a user exceeds the associated threshold limits.

         generateSyslog(0)
             Generate the appropriate logging message.

         generateNotification(1)
             Generate the respective SNMP notification.

         quarantineUser(2)
             Assign user traffic to the quarantine profile
             as determined by the respective profile-index."
    SYNTAX BITS {
        generateSyslog(0),
        generateNotification(1),
        quarantineUser(2)
    }

AntiSpoofInspectionType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "The possible type of inspection to use on incoming traffic
         on a given port.
   
         enabled(1)
             Allows dynamic inspection to occur and will create bindings
             in the binding database based on the inspection.

         disabled(2)
             Disable both dynamic inspection and the creation of bindings.

         inspectionOnly(3)
             Allows dynamic inspection of packets to occur but will not
             create any bindings in the binding database."

    SYNTAX INTEGER {
        enabled(1),
        disabled(2),
        inspectionOnly(3)
    }

AntiSpoofThresholdType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "The mode the threshold entry will operate in.
        
         ipv4Change(1)
             The threshold action will occur when a user's IPv4 address 
             changes a number of times equal to the threshold value.
         
         ipv6Change(2)
             The threshold action will occur when a user's IPv6 address 
             changes a number of times equal to the threshold value.
             
         portChange(3)
             The threshold action will occur when the port that a user 
             resides on changes a number of times equal to the threshold 
             value."
    SYNTAX INTEGER {
        ipv4Change(1),
        ipv6Change(2),
        portChange(3)
    }
        
AntiSpoofPortType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "The port type mode determines how DHCP traffic is handled.
        
         trusted(1)
             When a port is set to trusted mode DHCP server traffic 
             is accepted and used to create bindings for the client, 
             with no binding verification for connected clients. 

         bypass(2)
             When a port is set to bypass mode DHCP server traffic
             is allowed to pass without any snooping.
        
         untrusted(3)
             When a port is set to untrusted mode client bindings
             will be verified for all traffic, depending on 
             feature configuration."        
   SYNTAX INTEGER {
        trusted(1),
        bypass(2),
        untrusted(3)
   }

AntiSpoofBindingType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "The method by which a given client binding was created.
        
         dhcp(1)
             This indicates that a binding was created by DHCP MAC
             verification.
        
         arp(2)
             This indicates that a binding was created by dynamic
             ARP inspection.
        
         ip(3)
             This indicates that the binding was created by dynamic
             IP inspection."
    SYNTAX INTEGER {
        dhcp(1),
        arp(2),
        ip(3)
    }

EtsysInstanceOID ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "A partial OBJECT IDENTIFIER suitable for use as instancing
         for other MIB objects.  The definition of an OBJECT IDENTIFIER 
         requires that all OIDs start with zero or one, consequently, the
         first two sub-ids of a EtsysInstanceOID will always be {0,0}."
    SYNTAX OBJECT IDENTIFIER
        
-- -------------------------------------------------------------
-- Branches of the Enterasys Anti Spoofing MIB
-- -------------------------------------------------------------

etsysAntiSpoofObjects
        OBJECT IDENTIFIER ::= { etsysAntiSpoofMIB 1 }

etsysAntiSpoofSystemBranch
        OBJECT IDENTIFIER ::= { etsysAntiSpoofObjects 1 }

etsysAntiSpoofClassBranch
        OBJECT IDENTIFIER ::= { etsysAntiSpoofObjects 2 }

etsysAntiSpoofPortBranch
        OBJECT IDENTIFIER ::= { etsysAntiSpoofObjects 3 }

etsysAntiSpoofBindingBranch
        OBJECT IDENTIFIER ::= { etsysAntiSpoofObjects 4 }

etsysAntiSpoofNotificationBranch
        OBJECT IDENTIFIER ::= { etsysAntiSpoofObjects 0 }


-- -------------------------------------------------------------
-- Anti Spoofing System Branch
-- -------------------------------------------------------------
etsysAntiSpoofSystemState  OBJECT-TYPE
    SYNTAX        EnabledStatus
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When enabled(1), all objects in this MIB are fully active.
         When disabled(2), this object overrides all other object
         settings in this MIB without affecting their values.  Maintaining
         the value of this object across agent reboots is REQUIRED."
    DEFVAL { disabled }
    ::= { etsysAntiSpoofSystemBranch 1 }

etsysAntiSpoofMaxClassIndex OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of class indexes available in the system."
    ::= { etsysAntiSpoofSystemBranch 2 }

etsysAntiSpoofMaxClassThresholdIndex OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The maximum number of threshold indexes able to be associated 
         with a particular class."
    ::= { etsysAntiSpoofSystemBranch 3 }


etsysAntiSpoofSystemSnmpNotifications  OBJECT-TYPE
    SYNTAX        EnabledStatus
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The current state of the SNMP Notification functionality in
         the Anti Spoofing feature.

         enabled  (1) - Anti-Spoofing will generate SNMP Notifications
                        for user IP address or port changes that exceed 
                        the configured limits. The Anti-Spoofing feature
                        MUST be enabled for SNMP Notifications to be
                        generated.

         disabled (2) - Anti-Spoofing will not generate SNMP
                        Notifications under any conditions.

         A notification is generated when a value is first detected
         above its respective configured limit. That notification
         SHOULD NOT be generated again until the configured notification
         timeout period has elapsed.

         Agents are not required to generate SNMP Notifications for
         conditions that exist when this object is set to enabled.
         SNMP Notifications MAY only be generated after additional
         IP address changes are detected that exceed the configured 
         limits for the user.          

         Maintaining the value of this object across agent reboots is
         REQUIRED."
    DEFVAL { enabled }
    ::= { etsysAntiSpoofSystemBranch 4 }

etsysAntiSpoofSystemNotificationInterval  OBJECT-TYPE
    SYNTAX        Unsigned32 (0..86400)
    UNITS         "seconds"
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The number of seconds to wait before generating another
         notification of the same type for the same user.
         This allows notification generation to be throttled in
         the case of a user who continually changes IP addresses.  
         A value of zero indicates that the entity SHOULD NOT suppress 
         any notifications related to the Anti-Spoofing feature.
         Maintaining the value of this object across agent reboots
         is REQUIRED."
    DEFVAL { 60 }
    ::= { etsysAntiSpoofSystemBranch 5 }

etsysAntiSpoofDuplicateIpControl  OBJECT-TYPE
    SYNTAX        EnabledStatus
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When this is set to enabled(1) any IP changes will be checked
        across the system to ensure that the newly configured IP 
        address is not already present. If the IP is present in the system
        then a syslog and or trap will be issued.
        When set to disabled(2) this check will not occur."
    DEFVAL { disabled } 
    ::= { etsysAntiSpoofSystemBranch 6 }

etsysAntiSpoofSupportedActionTypes OBJECT-TYPE
    SYNTAX       AntiSpoofPortAction
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "This object specifies that anti-spoofing action types that the
         device supports.  A bit will be set for each corresponding 
         type that is supported."
    ::= { etsysAntiSpoofSystemBranch 7 }

etsysAntiSpoofSupportedThresholdTypes OBJECT-TYPE
    SYNTAX       BITS {
                   ipv4Change(0),
                   ipv6Change(1),
                   portChange(2)
                 }
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "This object specifies that anti-spoofing threshold types that 
         the device supports.  A bit will be set for each corresponding
         type that is supported."
    ::= { etsysAntiSpoofSystemBranch 8 }

etsysAntiSpoofSupportedBindingTypes OBJECT-TYPE
    SYNTAX       BITS {
                   dhcp(0),
                   arp(1),
                   ip(2)
                 }
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
        "This object specifies that anti-spoofing binding types that 
         the device supports.  A bit will be set for each corresponding
         type that is supported."
    ::= { etsysAntiSpoofSystemBranch 9 }

-- -------------------------------------------------------------
-- Anti-Spoofing Class Configuration Branch
-- -------------------------------------------------------------
etsysAntiSpoofClassTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF EtsysAntiSpoofClassEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Provides for the configuring of each of the classes present in 
         Anti-Spoofing. 

         Maintaining the value of the objects in this table across
         agent reboots is REQUIRED."
    ::= { etsysAntiSpoofClassBranch 1 }

etsysAntiSpoofClassEntry OBJECT-TYPE
    SYNTAX        EtsysAntiSpoofClassEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry containing per class properties."
    INDEX { etsysAntiSpoofClassIndex }
    ::= { etsysAntiSpoofClassTable 1 }

EtsysAntiSpoofClassEntry ::=
    SEQUENCE {
        etsysAntiSpoofClassIndex                  
            Unsigned32,
        etsysAntiSpoofClassName                   
            SnmpAdminString,
        etsysAntiSpoofClassTimeout
            Unsigned32 
    }
etsysAntiSpoofClassIndex  OBJECT-TYPE
    SYNTAX        Unsigned32
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "The index of class that this row represents. This
         index has a value between one(1) and 
         etsysAntiSpoofMaxClassIndex."
    ::= { etsysAntiSpoofClassEntry 1 }

etsysAntiSpoofClassName  OBJECT-TYPE
    SYNTAX        SnmpAdminString (SIZE(0..32))
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "Administratively assigned textual description of this class."
    ::= { etsysAntiSpoofClassEntry 2 }

etsysAntiSpoofClassTimeout  OBJECT-TYPE
    SYNTAX        Unsigned32 
    UNITS         "seconds"
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The number of seconds to wait before administratively 
         resetting the counters of the bindings which are based on this
         class associated with this class. A value of zero indicates 
         that the counters will not be reset automatically."
    DEFVAL { 600 }
    ::= { etsysAntiSpoofClassEntry 3 }

etsysAntiSpoofThresholdTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF EtsysAntiSpoofThresholdEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "Provides for the configuration of the Anti-Spoofing feature's
         various thresholds.

         Maintaining the value of the objects in this table across
         agent reboots is REQUIRED."
    ::= { etsysAntiSpoofClassBranch 2 }

etsysAntiSpoofThresholdEntry OBJECT-TYPE
    SYNTAX        EtsysAntiSpoofThresholdEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry providing per class, per threshold configuration."
    INDEX { etsysAntiSpoofClassIndex, etsysAntiSpoofThresholdIndex }
    ::= { etsysAntiSpoofThresholdTable 1 }

EtsysAntiSpoofThresholdEntry ::=
    SEQUENCE {
        etsysAntiSpoofThresholdIndex              
            Unsigned32,
        etsysAntiSpoofThresholdValue         
            Unsigned32,
        etsysAntiSpoofThresholdActionMask             
            AntiSpoofPortAction,
        etsysAntiSpoofThresholdActionQuarantineValue  
            Integer32,
        etsysAntiSpoofThresholdType                   
            AntiSpoofThresholdType
    }

etsysAntiSpoofThresholdIndex  OBJECT-TYPE
    SYNTAX        Unsigned32
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "The index of the threshold that this row represents.  This 
         index has a value between one(1) and 
         etsysAntiSpoofMaxClassThresholdIndex."
    ::= { etsysAntiSpoofThresholdEntry 1 }

etsysAntiSpoofThresholdValue  OBJECT-TYPE
    SYNTAX        Unsigned32
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The threshold at which the action defined by the class is
         taken. A value of zero(0) indicates that the threshold
         actions will never take place."
    ::= { etsysAntiSpoofThresholdEntry 2 }
        
etsysAntiSpoofThresholdActionMask  OBJECT-TYPE
    SYNTAX        AntiSpoofPortAction
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The action(s) that will be taken when the threshold in the class
         represented by this row is reached."
    ::= { etsysAntiSpoofThresholdEntry 3 }

etsysAntiSpoofThresholdActionQuarantineValue  OBJECT-TYPE
    SYNTAX        Integer32
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "A value that delineates the policy quarantine index to which the 
         user will be assigned. This value is only used if the 
         quarantineUser(2) bit is set in the 
         etsysAntiSpoofThresholdActionMask."
    ::= { etsysAntiSpoofThresholdEntry 4 }

etsysAntiSpoofThresholdType  OBJECT-TYPE
    SYNTAX        AntiSpoofThresholdType
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "The class type associated with this entry."
    ::= { etsysAntiSpoofThresholdEntry 5 }


-- -------------------------------------------------------------
-- Anti-Spoofing Port Branch
-- -------------------------------------------------------------
etsysAntiSpoofPortConfigTable  OBJECT-TYPE
    SYNTAX        SEQUENCE OF EtsysAntiSpoofPortConfigEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A table of per port information and configuration for 
         Anti-Spoofing."
    ::= { etsysAntiSpoofPortBranch 1 }

etsysAntiSpoofPortConfigEntry OBJECT-TYPE
    SYNTAX        EtsysAntiSpoofPortConfigEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry containing per port Anti-Spoofing data."
    INDEX { ifIndex } 
    ::= { etsysAntiSpoofPortConfigTable 1 }

EtsysAntiSpoofPortConfigEntry ::= 
    SEQUENCE {
        etsysAntiSpoofDHCPMode
            EnabledStatus, 
        etsysAntiSpoofDHCPMacVerify
            EnabledStatus, 
        etsysAntiSpoofArpInspection
            AntiSpoofInspectionType,
        etsysAntiSpoofIpInspection
            AntiSpoofInspectionType,
        etsysAntiSpoofPortClassIndex
            Unsigned32,
        etsysAntiSpoofUntrustedTrafficPacketCounter
            Counter32
    }

etsysAntiSpoofDHCPMode  OBJECT-TYPE
    SYNTAX        EnabledStatus
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object allows for the enabling or disabling of DHCP 
         Snooping functionality on a per-port basis."
    DEFVAL { disabled }
    ::= { etsysAntiSpoofPortConfigEntry 1 }

etsysAntiSpoofDHCPMacVerify OBJECT-TYPE
    SYNTAX        EnabledStatus
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object allows for the enabling or disabling of 
         DHCP-Snooping to verify the source address MAC with chaddr in 
         DHCP packets on incoming client messages."
    DEFVAL { disabled }
    ::= { etsysAntiSpoofPortConfigEntry 2 }

etsysAntiSpoofArpInspection OBJECT-TYPE
    SYNTAX        AntiSpoofInspectionType
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When set to enabled(1), dynamic ARP inspection is allowed on this 
         port.
         When set to disabled(2), dynamic ARP inspection is not allowed on 
         this port.
         When set to inspectionOnly(3), dynamic ARP inspection will occur
         but will not be used to create bindings."
    DEFVAL { disabled }
    ::= { etsysAntiSpoofPortConfigEntry 3 }

etsysAntiSpoofIpInspection OBJECT-TYPE
    SYNTAX        AntiSpoofInspectionType
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When set to enabled(1), dynamic IP inspection is allowed on this 
         port.
         When set to disabled(2), dynamic IP inspection is not allowed on 
         this port.
         When set to inspectionOnly(3), dynamic IP inspection will occur
         but will not be used to create bindings."
    DEFVAL { disabled }
    ::= { etsysAntiSpoofPortConfigEntry 4 }

etsysAntiSpoofPortClassIndex OBJECT-TYPE
    SYNTAX        Unsigned32
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This value represents the class index to be used for the given 
         port.  The special case value of zero(0) indicates that no class
         index will be used for this port."
    DEFVAL { 0 } 
    ::= { etsysAntiSpoofPortConfigEntry 5 }
        
etsysAntiSpoofUntrustedTrafficPacketCounter OBJECT-TYPE
    SYNTAX        Counter32
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This counter is used to measure the number of DHCP server 
         packets received on this port. This counter will only
         increment when the etsysAntiSpoofPortType is set to 
         untrusted(3)."
    ::= { etsysAntiSpoofPortConfigEntry 6 }

etsysAntiSpoofPortTypeTable  OBJECT-TYPE
    SYNTAX        SEQUENCE OF EtsysAntiSpoofPortTypeEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A table containing port type information for each
         port in the system that supports anti-spoofing."
    ::= { etsysAntiSpoofPortBranch 2 }

etsysAntiSpoofPortTypeEntry OBJECT-TYPE
    SYNTAX        EtsysAntiSpoofPortTypeEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry containing per port anti-spoofing configuration data."
    INDEX { ifIndex } 
    ::= { etsysAntiSpoofPortTypeTable 1 }

EtsysAntiSpoofPortTypeEntry ::= 
    SEQUENCE {
        etsysAntiSpoofPortType
            AntiSpoofPortType
    }

etsysAntiSpoofPortType  OBJECT-TYPE
    SYNTAX        AntiSpoofPortType
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "This object specifies the port type to be used for this port.
         The port type indicates how DHCP traffic is handled."
    DEFVAL { untrusted }
    ::= { etsysAntiSpoofPortTypeEntry 1 } 

-- -------------------------------------------------------------
-- Anti Spoofing Binding Branch
-- -------------------------------------------------------------
etsysAntiSpoofStationBindingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF EtsysAntiSpoofStationBindingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
      "A table containing information pertaining to the current active
       bindings set up through Anti-Spoofing."
    ::= { etsysAntiSpoofBindingBranch 1 }

etsysAntiSpoofStationBindingEntry OBJECT-TYPE
    SYNTAX        EtsysAntiSpoofStationBindingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry containing per binding data."
    INDEX { etsysAntiSpoofStationBindingEntryIndex }
    ::= { etsysAntiSpoofStationBindingTable 1 }

EtsysAntiSpoofStationBindingEntry ::= 
    SEQUENCE {
        etsysAntiSpoofStationBindingEntryIndex
            EtsysInstanceOID,
        etsysAntiSpoofStationBindingEntryMacAddr
            MacAddress,
        etsysAntiSpoofStationBindingEntryInetAddrType
            InetAddressType,
        etsysAntiSpoofStationBindingEntryInetAddr
            InetAddress,
        etsysAntiSpoofStationBindingEntryIfIndex
            InterfaceIndex,
        etsysAntiSpoofStationBindingEntryInetCounter
            Counter32,
        etsysAntiSpoofStationBindingEntryClearInetCounter
            TruthValue,
        etsysAntiSpoofStationBindingEntryPortCounter
            Counter32,
        etsysAntiSpoofStationBindingEntryClearPortCounter
            TruthValue,
        etsysAntiSpoofStationBindingEntryClearBinding
            TruthValue,
        etsysAntiSpoofStationBindingEntryBindingType
            AntiSpoofBindingType,
        etsysAntiSpoofStationBindingEntryDurationTime
            Unsigned32,
        etsysAntiSpoofStationBindingEntryExpirationTime
            Unsigned32
    }

etsysAntiSpoofStationBindingEntryIndex OBJECT-TYPE
    SYNTAX        EtsysInstanceOID
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION 
        "The unique index for this columnar row."
    ::= { etsysAntiSpoofStationBindingEntry 1 }

etsysAntiSpoofStationBindingEntryMacAddr OBJECT-TYPE
    SYNTAX        MacAddress
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The MAC address of the binding."
    ::= { etsysAntiSpoofStationBindingEntry 2 }

etsysAntiSpoofStationBindingEntryInetAddrType OBJECT-TYPE
    SYNTAX        InetAddressType
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The IP address type of the binding."
    ::= { etsysAntiSpoofStationBindingEntry 3 }

etsysAntiSpoofStationBindingEntryInetAddr OBJECT-TYPE
    SYNTAX        InetAddress
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The IP address of the binding." 
    ::= { etsysAntiSpoofStationBindingEntry 4 }

etsysAntiSpoofStationBindingEntryIfIndex OBJECT-TYPE
    SYNTAX        InterfaceIndex
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The port that this binding currently resides on."
    ::= { etsysAntiSpoofStationBindingEntry 5 }

etsysAntiSpoofStationBindingEntryInetCounter OBJECT-TYPE
    SYNTAX        Counter32
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The number of times the IP address has changed for this binding."
    ::= { etsysAntiSpoofStationBindingEntry 6 }

etsysAntiSpoofStationBindingEntryClearInetCounter OBJECT-TYPE
    SYNTAX        TruthValue 
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When set to true(1), this object will clear the IP counter
         associated with this binding.
         Setting this object to a value of false(2) has no effect.  This
         object MUST always return a value of false(2)."
    ::= { etsysAntiSpoofStationBindingEntry 7 }

etsysAntiSpoofStationBindingEntryPortCounter OBJECT-TYPE
    SYNTAX        Counter32
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The number of times the port has changed for this 
         binding."
    ::= { etsysAntiSpoofStationBindingEntry 8 }

etsysAntiSpoofStationBindingEntryClearPortCounter OBJECT-TYPE
    SYNTAX        TruthValue 
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When set to true(1), this object will clear the port counter
         associated with this binding.
         Setting this object to a value of false(2) has no effect.  This
         object MUST always return a value of false(2)."
    ::= { etsysAntiSpoofStationBindingEntry 9 }

etsysAntiSpoofStationBindingEntryClearBinding OBJECT-TYPE
    SYNTAX        TruthValue 
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When set to true(1), this object will clear the current binding.
         Allowing a new binding to be created with the same MAC/IP 
         address and clearing all counter information.
         Setting this object to a value of false(2) has no effect.  This
         object MUST always return a value of false(2)."
    ::= { etsysAntiSpoofStationBindingEntry 10 }

etsysAntiSpoofStationBindingEntryBindingType OBJECT-TYPE
    SYNTAX        AntiSpoofBindingType 
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "This indicates which binding type (DHCP, ARP, or IP inspection) 
         was used to create the entry."
    ::= { etsysAntiSpoofStationBindingEntry 11 }

etsysAntiSpoofStationBindingEntryDurationTime OBJECT-TYPE
    SYNTAX        Unsigned32
    UNITS         "seconds"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The amount of time, in seconds, that this binding has been
         operational for."
    ::= { etsysAntiSpoofStationBindingEntry 12 }

etsysAntiSpoofStationBindingEntryExpirationTime OBJECT-TYPE
    SYNTAX        Unsigned32
    UNITS         "seconds"
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "The amount of time, in seconds, from its creation, that
         this binding will be operational for before being destroyed.
         A value of zero(0) indicates that this binding will
         not expire."
    ::= { etsysAntiSpoofStationBindingEntry 13 }


etsysAntiSpoofMacBindingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF EtsysAntiSpoofMacBindingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A table indicating whether a given binding is accessible.
         This table is indexed first by MAC, then by IP, and finally 
         by port. In this way a user may quickly determine which
         bindings are active for a given station address and look up
         those entries in the etsysAntiSpoofStationBindingTable."
    ::= { etsysAntiSpoofBindingBranch 2 }

etsysAntiSpoofMacBindingEntry OBJECT-TYPE
    SYNTAX        EtsysAntiSpoofMacBindingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry containing per binding data."
    INDEX { etsysAntiSpoofStationBindingEntryMacAddr,
            etsysAntiSpoofStationBindingEntryInetAddrType,
            etsysAntiSpoofStationBindingEntryInetAddr,
            etsysAntiSpoofStationBindingInterface
          }
    ::= { etsysAntiSpoofMacBindingTable 1 }

EtsysAntiSpoofMacBindingEntry ::= 
    SEQUENCE {
        etsysAntiSpoofStationBindingInterface
            InterfaceIndexOrZero,
        etsysAntiSpoofMacStationBindingIndex
            EtsysInstanceOID,
        etsysAntiSpoofMacBindingClearBinding
            TruthValue
    }

etsysAntiSpoofStationBindingInterface OBJECT-TYPE
    SYNTAX        InterfaceIndexOrZero
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "The current interface index that the IP/MAC binding resides on."
    ::= { etsysAntiSpoofMacBindingEntry 1 }

etsysAntiSpoofMacStationBindingIndex OBJECT-TYPE
    SYNTAX        EtsysInstanceOID
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "A unique identifier for this entry to be used as indexing
         in the etsysAntiSpoofStationBindingTable."
    ::= { etsysAntiSpoofMacBindingEntry 2 }

etsysAntiSpoofMacBindingClearBinding OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When set to true(1), this object will clear the current binding,
         allowing a new binding to be created with the same MAC/IP 
         address and clearing all counter information.  If the 
         etsysAntiSpoofStationBindingInterface index specified in the 
         SET operation is zero (0) it will remove the MAC/IP
         binding regardless of the current port it is associated with.
         Specifying an etsysAntiSpoofStationBindingInterface index value
         between 1..2147483647 will only remove the binding if it
         currently resides on that specific interface.

         Setting this object to a value of false(2) has no effect.  This
         object MUST always return a value of false(2)."
    ::= { etsysAntiSpoofMacBindingEntry 3 }

etsysAntiSpoofIpBindingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF EtsysAntiSpoofIpBindingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A table indicating whether a given binding is accessible.
         This table is indexed first by IP, then by MAC, and finally 
         by port. In this way a user may quickly determine which
         bindings are active for a given station address and look up
         those entries in the etsysAntiSpoofStationBindingTable."
    ::= { etsysAntiSpoofBindingBranch 3 }

etsysAntiSpoofIpBindingEntry OBJECT-TYPE
    SYNTAX        EtsysAntiSpoofIpBindingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry containing per binding data."
    INDEX { etsysAntiSpoofStationBindingEntryInetAddrType,
            etsysAntiSpoofStationBindingEntryInetAddr,
            etsysAntiSpoofStationBindingEntryMacAddr,
            etsysAntiSpoofStationBindingInterface
          }
    ::= { etsysAntiSpoofIpBindingTable 1 }

EtsysAntiSpoofIpBindingEntry ::= 
    SEQUENCE {
        etsysAntiSpoofIpStationBindingIndex
            EtsysInstanceOID,
        etsysAntiSpoofIpBindingClearBinding
            TruthValue
    }

etsysAntiSpoofIpStationBindingIndex OBJECT-TYPE
    SYNTAX        EtsysInstanceOID
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "A unique identifier for this entry to be used as indexing
         in the etsysAntiSpoofStationBindingTable."
    ::= { etsysAntiSpoofIpBindingEntry 1 }

etsysAntiSpoofIpBindingClearBinding OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When set to true(1), this object will clear the current binding,
         allowing a new binding to be created with the same MAC/IP
         address and clearing all counter information.  If the
         etsysAntiSpoofStationBindingInterface index specified in the 
         SET operation is zero (0) it will remove the MAC/IP
         binding regardless of the current port it is associated with.
         Specifying an etsysAntiSpoofStationBindingInterface index value
         between 1..2147483647 will only remove the binding if it
         currently resides on that specific interface.

         Setting this object to a value of false(2) has no effect.  This
         object MUST always return a value of false(2)."
   ::= { etsysAntiSpoofIpBindingEntry 2 }

etsysAntiSpoofPortBindingTable OBJECT-TYPE
    SYNTAX        SEQUENCE OF EtsysAntiSpoofPortBindingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "A table indicating whether a given binding is accessible.
         This table is indexed first by port, then by MAC, and finally 
         by IP. In this way a user may quickly determine which
         bindings are active for a given station address and look up
         those entries in the etsysAntiSpoofStationBindingTable."
    ::= { etsysAntiSpoofBindingBranch 4 }

etsysAntiSpoofPortBindingEntry OBJECT-TYPE
    SYNTAX        EtsysAntiSpoofPortBindingEntry
    MAX-ACCESS    not-accessible
    STATUS        current
    DESCRIPTION
        "An entry containing per binding data."
    INDEX { etsysAntiSpoofStationBindingInterface,
            etsysAntiSpoofStationBindingEntryMacAddr,
            etsysAntiSpoofStationBindingEntryInetAddrType,
            etsysAntiSpoofStationBindingEntryInetAddr
          }
    ::= { etsysAntiSpoofPortBindingTable 1 }

EtsysAntiSpoofPortBindingEntry ::= 
    SEQUENCE {
        etsysAntiSpoofPortStationBindingIndex
            EtsysInstanceOID,
        etsysAntiSpoofPortBindingClearBinding
            TruthValue
    }

etsysAntiSpoofPortStationBindingIndex OBJECT-TYPE
    SYNTAX        EtsysInstanceOID
    MAX-ACCESS    read-only
    STATUS        current
    DESCRIPTION
        "A unique identifier for this entry to be used as indexing
         in the etsysAntiSpoofStationBindingTable."
    ::= { etsysAntiSpoofPortBindingEntry 1 }

etsysAntiSpoofPortBindingClearBinding OBJECT-TYPE
    SYNTAX        TruthValue
    MAX-ACCESS    read-write
    STATUS        current
    DESCRIPTION
        "When set to true(1), this object will clear the current binding,
         allowing a new binding to be created with the same MAC/IP
         address and clearing all counter information.  If the
         etsysAntiSpoofStationBindingInterface index specified in the 
         SET operation is zero (0) it will remove the MAC/IP
         binding regardless of the current port it is associated with.
         Specifying an etsysAntiSpoofStationBindingInterface index value
         between 1..2147483647 will only remove the binding if it
         currently resides on that specific interface.

         Setting this object to a value of false(2) has no effect.  This
         object MUST always return a value of false(2)."
    ::= { etsysAntiSpoofPortBindingEntry 2 }

-- -------------------------------------------------------------
-- Anti Spoofing Notification Branch
-- -------------------------------------------------------------
etsysAntiSpoofClassNotification NOTIFICATION-TYPE
    OBJECTS { etsysAntiSpoofThresholdValue,
              etsysAntiSpoofStationBindingEntryMacAddr,
              etsysAntiSpoofStationBindingEntryInetAddrType,
              etsysAntiSpoofStationBindingEntryInetAddr,
              etsysAntiSpoofStationBindingEntryIfIndex }
    STATUS  current
    DESCRIPTION
        "This notification indicates that a Anti Spoof class has reached a 
         threshold limit."
    ::= { etsysAntiSpoofNotificationBranch 1 } 

etsysAntiSpoofDuplicateIpNotification NOTIFICATION-TYPE
    OBJECTS { etsysAntiSpoofStationBindingEntryMacAddr,
              etsysAntiSpoofStationBindingEntryIfIndex,
              etsysAntiSpoofStationBindingEntryInetAddrType,
              etsysAntiSpoofStationBindingEntryInetAddr }
    STATUS  current
    DESCRIPTION
        "This notification indicates that a duplicate IP condition has 
         occurred."
    ::= { etsysAntiSpoofNotificationBranch 2 } 


-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------

etsysAntiSpoofConformance OBJECT IDENTIFIER ::= { etsysAntiSpoofMIB 2 }

etsysAntiSpoofGroups      OBJECT IDENTIFIER ::= { etsysAntiSpoofConformance 1 }
etsysAntiSpoofCompliances OBJECT IDENTIFIER ::= { etsysAntiSpoofConformance 2 }

-- -------------------------------------------------------------
-- Units of conformance
-- -------------------------------------------------------------

etsysAntiSpoofSystemGroup OBJECT-GROUP
    OBJECTS {
        etsysAntiSpoofSystemState,
        etsysAntiSpoofMaxClassIndex,
        etsysAntiSpoofMaxClassThresholdIndex,
        etsysAntiSpoofSystemSnmpNotifications,
        etsysAntiSpoofSystemNotificationInterval,
        etsysAntiSpoofDuplicateIpControl,
        etsysAntiSpoofSupportedActionTypes,
        etsysAntiSpoofSupportedThresholdTypes,
        etsysAntiSpoofSupportedBindingTypes
    }
    STATUS     current
    DESCRIPTION
        "The scalar group for all devices supporting Anti-Spoofing."
    ::= { etsysAntiSpoofGroups 1 }

etsysAntiSpoofClassGroup OBJECT-GROUP
    OBJECTS {
        etsysAntiSpoofClassName,
        etsysAntiSpoofClassTimeout
    }
    STATUS    current
    DESCRIPTION
        "The base level class group for all devices supporting
         Anti-Spoofing."
    ::= { etsysAntiSpoofGroups 2 }

etsysAntiSpoofThresholdGroup OBJECT-GROUP
    OBJECTS {
        etsysAntiSpoofThresholdValue,
        etsysAntiSpoofThresholdActionMask,        
        etsysAntiSpoofThresholdActionQuarantineValue,
        etsysAntiSpoofThresholdType
    }
    STATUS     current
    DESCRIPTION
        "The base level threshold group for all devices supporting
         Anti-Spoofing."
    ::= { etsysAntiSpoofGroups 3 }

etsysAntiSpoofPortGroup OBJECT-GROUP
    OBJECTS { 
        etsysAntiSpoofDHCPMode,
        etsysAntiSpoofDHCPMacVerify,
        etsysAntiSpoofArpInspection,
        etsysAntiSpoofIpInspection,
        etsysAntiSpoofPortClassIndex,
        etsysAntiSpoofUntrustedTrafficPacketCounter,
        etsysAntiSpoofPortType
    }
    STATUS     current
    DESCRIPTION
        "This group of objects for all devices supporting per interface 
         Anti-Spoofing settings."
    ::= { etsysAntiSpoofGroups 4 }

etsysAntiSpoofStationBindingGroup OBJECT-GROUP
    OBJECTS {
        etsysAntiSpoofStationBindingEntryMacAddr,
        etsysAntiSpoofStationBindingEntryInetAddrType,
        etsysAntiSpoofStationBindingEntryInetAddr,
        etsysAntiSpoofStationBindingEntryInetCounter,
        etsysAntiSpoofStationBindingEntryClearInetCounter,
        etsysAntiSpoofStationBindingEntryIfIndex,
        etsysAntiSpoofStationBindingEntryPortCounter,
        etsysAntiSpoofStationBindingEntryClearPortCounter,
        etsysAntiSpoofStationBindingEntryClearBinding,
        etsysAntiSpoofStationBindingEntryBindingType,
        etsysAntiSpoofStationBindingEntryDurationTime,
        etsysAntiSpoofStationBindingEntryExpirationTime
    }
    STATUS     current
    DESCRIPTION
        "The group for all devices which support bindings
         for Anti-Spoofing."
    ::= { etsysAntiSpoofGroups 5 }

etsysAntiSpoofMacBindingGroup OBJECT-GROUP
    OBJECTS {
        etsysAntiSpoofMacStationBindingIndex,
        etsysAntiSpoofMacBindingClearBinding
    }
    STATUS     current
    DESCRIPTION
        "The group for all devices which support MAC bindings
         for Anti-Spoofing."
    ::= { etsysAntiSpoofGroups 6 }


etsysAntiSpoofIpBindingGroup OBJECT-GROUP
    OBJECTS {
        etsysAntiSpoofIpStationBindingIndex,
        etsysAntiSpoofIpBindingClearBinding
    }
    STATUS     current
    DESCRIPTION
        "The group for all devices which support IP bindings
         for Anti-Spoofing."
    ::= { etsysAntiSpoofGroups 7 }

etsysAntiSpoofPortBindingGroup OBJECT-GROUP
    OBJECTS {
        etsysAntiSpoofPortStationBindingIndex,
        etsysAntiSpoofPortBindingClearBinding
    }
    STATUS     current
    DESCRIPTION
        "The group for all devices which support IP bindings
         for Anti-Spoofing."
    ::= { etsysAntiSpoofGroups 8 }

etsysAntiSpoofNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        etsysAntiSpoofClassNotification,
        etsysAntiSpoofDuplicateIpNotification
    }
    STATUS  current
    DESCRIPTION
        "The group of class notifications for Anti-Spoof."
    ::= { etsysAntiSpoofGroups 9 }

-- -------------------------------------------------------------
-- Compliance statements
-- -------------------------------------------------------------
etsysAntiSpoofCompliance MODULE-COMPLIANCE
    STATUS     current
    DESCRIPTION
        "The compliance statement for devices that support Anti-Spoof."
    MODULE
        MANDATORY-GROUPS { 
          etsysAntiSpoofSystemGroup,
          etsysAntiSpoofClassGroup,
          etsysAntiSpoofThresholdGroup,
          etsysAntiSpoofPortGroup,
          etsysAntiSpoofStationBindingGroup, 
          etsysAntiSpoofMacBindingGroup, 
          etsysAntiSpoofPortBindingGroup, 
          etsysAntiSpoofIpBindingGroup, 
          etsysAntiSpoofNotificationGroup 
        }

    ::= { etsysAntiSpoofCompliances 1 }
END
