-- CISCO-PORT-SECURITY-MIB.my: -- MIB support for the Port Security feature -- -- May 2002, Nagarani Chandika -- -- Copyright (c) 2002, 2003, 2004, 2005 by Cisco Systems, Inc. -- All rights reserved. CISCO-PORT-SECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY,OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, Counter32, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF ifIndex, ifName FROM IF-MIB TruthValue, MacAddress, RowStatus, TEXTUAL-CONVENTION FROM SNMPv2-TC ciscoMgmt FROM CISCO-SMI vtpVlanName FROM CISCO-VTP-MIB VlanIndex FROM Q-BRIDGE-MIB; ciscoPortSecurityMIB MODULE-IDENTITY LAST-UPDATED "200905080000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO " Cisco Systems Customer Services Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-lan-switch-snmp@cisco.com" DESCRIPTION "The MIB module for managing Cisco Port Security." -- Revision History REVISION "200905080000Z" DESCRIPTION "Update description of cpsIfMaxSecureMacAddr object." REVISION "200505040000Z" DESCRIPTION "Obsolete cpsIfVlanTable and replace it with cpsIfMultiVlanTable. Add cpsExtInterfaceGroup1 and cpsIfVlanSecureNotificationGroup." REVISION "200503120000Z" DESCRIPTION "Change description in cpsIfSecureLastMacAddress." REVISION "200408070000Z" DESCRIPTION "Added cpsTrunkSecureMacAddrViolation. Expanded on the description of cpsSecureMacAddrViolation. Created the NOTIFICATION-GROUP cpsTrunkSecureNotificationGroup." REVISION "200403080000Z" DESCRIPTION "Adding cpsGlobalClearSecureMacAddresses, cpsIfClearSecureMacAddresses, cpsIfInvalidSrcRateLimitEnable, cpsIfInvalidSrcRateLimitValue cpsIfStickyEnable, cpsIfVlanTable, cpsInterfaceGroup2, ciscoPortSecurityMIBCompliance2 and cpsInterfaceGroup2. Deprecating cpsIfClearSecureAddresses, ciscoPortSecurityMIBCompliance1 and cpsInterfaceGroup1." REVISION "200402100000Z" DESCRIPTION "Deprecated cpsSecureMacAddressTable. Adding cpsIfVlanSecureMacAddrTable." REVISION "200307010000Z" DESCRIPTION "Deprecated the ciscoPortSecurityMIBCompliance. Adding ciscoPortSecurityMIBCompliance1. Adding cpsUnicastFloodingInterfaceGroup and cpsShutdownTimeoutInterfaceGroup." REVISION "200302240000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 315 } ciscoPortSecurityMIBNotifs OBJECT IDENTIFIER ::= { ciscoPortSecurityMIB 0 } ciscoPortSecurityMIBObjects OBJECT IDENTIFIER ::= { ciscoPortSecurityMIB 1 } ciscoPortSecurityMIBConform OBJECT IDENTIFIER ::= { ciscoPortSecurityMIB 2 } cpsGlobalObjects OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBObjects 1 } cpsInterfaceObjects OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBObjects 2 } -- -- textual conventions -- ClearSecureMacAddrType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This are the different type of secure mac addresses which user is allowed to delete globally or per interface. When the address deletion is in progress GET request will not show any values which were set using SET operation. done(0) - This the value which is always returned in a GET request when the clear command has completed or in progress. Setting this value to this object has no effect. dynamic(1) - All secure MAC addresses which are learned on the switch. static(2) - All secure MAC addresses which are configured by user. sticky(3) - All secure MAC addresses which are learned and retained across reboots. all(4) - All the MAC addresses on the switch." SYNTAX INTEGER { done(0), dynamic(1), static(2), sticky(3), all(4) } -- -- Port Security Global Configuration Objects -- cpsGlobalMaxSecureAddress OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of secure MAC addresses allowed in the device." ::= { cpsGlobalObjects 1 } cpsGlobalTotalSecureAddress OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of MAC addresses secured in the device." ::= { cpsGlobalObjects 2 } cpsGlobalPortSecurityEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The global control to enable or disable port security feature on the device." ::= { cpsGlobalObjects 3 } cpsGlobalSNMPNotifRate OBJECT-TYPE SYNTAX Integer32 (0..1000) UNITS "notifs per second" MAX-ACCESS read-write STATUS current DESCRIPTION "The global control to set the SNMP Notification rate for port security feature. This object specifies the rate at which SNMP Notifications are generated when cpsIfViolationAction selected is of the type 'dropNotify'. A value of 0 indicates that an SNMP Notification is generated for every security violation." ::= { cpsGlobalObjects 4 } cpsGlobalSNMPNotifControl OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set to 'true' to enable global SNMP Notification for port security feature. Setting the object to 'false' will disable SNMP notifications even if the cpsIfViolationAction is set to 'dropNotify' on an interface. The default value is 'false'." ::= { cpsGlobalObjects 5 } cpsGlobalClearSecureMacAddresses OBJECT-TYPE SYNTAX ClearSecureMacAddrType MAX-ACCESS read-write STATUS current DESCRIPTION "This objects allows the user to delete secure MAC addresses based on the specified type." ::= { cpsGlobalObjects 6 } -- -- Port Security Interface Configuration Table -- cpsIfConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CpsIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of port security configuration entries. The number of entries is determined by the number of interfaces in the system that can support the port security feature. Interfaces that are not port security capable will not be displayed in this Table. This table includes interfaces on which port security parameters can be set even if port security feature itself cannot be enabled due to conflict with other features." ::= { cpsInterfaceObjects 1 } cpsIfConfigEntry OBJECT-TYPE SYNTAX CpsIfConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing port security information for a particular interface." INDEX { ifIndex } ::= { cpsIfConfigTable 1 } CpsIfConfigEntry ::= SEQUENCE { cpsIfPortSecurityEnable TruthValue, cpsIfPortSecurityStatus INTEGER, cpsIfMaxSecureMacAddr Integer32, cpsIfCurrentSecureMacAddrCount Integer32, cpsIfSecureMacAddrAgingTime Integer32, cpsIfSecureMacAddrAgingType INTEGER, cpsIfStaticMacAddrAgingEnable TruthValue, cpsIfViolationAction INTEGER, cpsIfViolationCount Counter32, cpsIfSecureLastMacAddress MacAddress, cpsIfClearSecureAddresses TruthValue, cpsIfUnicastFloodingEnable TruthValue, cpsIfShutdownTimeout Unsigned32, cpsIfClearSecureMacAddresses ClearSecureMacAddrType, cpsIfStickyEnable TruthValue, cpsIfInvalidSrcRateLimitEnable TruthValue, cpsIfInvalidSrcRateLimitValue Integer32, cpsIfSecureLastMacAddrVlanId VlanIndex } cpsIfPortSecurityEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the port security feature is enabled on an interface. Upon setting this object to 'true', the source MAC address that does not match any cpsSecureMacAddress for the given interface in cpsSecureMacAddressTable and the value of cpsIfCurrentSecureMacAddrCount is equal to cpsIfMaxSecureMacAddr, is considered as port security violation and an action as specified in cpsIfViolationAction is taken on the interface. The value of this object has no effect when the value of cpsGlobalPortSecurityEnable is set to 'false'." ::= { cpsIfConfigEntry 1 } cpsIfPortSecurityStatus OBJECT-TYPE SYNTAX INTEGER { secureup(1), securedown(2), shutdown(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object represents the operational status of the port security feature on an interface. secureup(1) - This indicates port security is operational. securedown(2) - This indicates port security is not operational. This happens when port security is configured to be enabled but could not be enabled due to certain reasons such as conflict with other features. shutdown(3) - This indicates that the port is shutdown due to port security violation when the object cpsIfViolationAction is of type 'shutdown'." ::= { cpsIfConfigEntry 2 } cpsIfMaxSecureMacAddr OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number (N) of MAC addresses to be secured on the interface. The first N MAC addresses learned or configured are made secured. Changing this object value from N to M is not allowed if M is smaller than N, and M is less than the value of cpsIfCurrentSecureMacAddrCount on the interface. One way to change the number in this case is by deleting sufficient number of secure mac addresses configured or learned on the device. Also, some devices may choose to limit the sum of this object value for all interfaces to less than or equal to cpsGlobalMaxSecureAddress." ::= { cpsIfConfigEntry 3 } cpsIfCurrentSecureMacAddrCount OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of MAC addresses secured on this interface." ::= { cpsIfConfigEntry 4 } cpsIfSecureMacAddrAgingTime OBJECT-TYPE SYNTAX Integer32 (0..1440) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "The interval in which the interface is secured. After the expiration of the time, the corresponding cpsSecureMacAddressEntry from the cpsSecureMacAddressTable will be removed. If the value of this object is 0, the aging mechanism is disabled." ::= { cpsIfConfigEntry 5 } cpsIfSecureMacAddrAgingType OBJECT-TYPE SYNTAX INTEGER { absolute(1), inactivity(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The aging type determines the way the secure MAC addresses are aged out. absolute(1) - all the secure MAC addresses will be aged out after cpsIfSecureMacAddrAgingTime minutes since the time the secure MAC address is learned or configured. inactivity(2) - all the secure MAC addresses will age out and will be removed from the cpsSecureMacAddressTable only if there is no data traffic from the secure source MAC address for the specified time period." ::= { cpsIfConfigEntry 6 } cpsIfStaticMacAddrAgingEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the secure MAC address aging mechanism is enabled on static MAC address entries in cpsSecureMacAddressTable. Setting this object value to 'false' will cause the static MAC addresses to remain in the cpsSecureMacAddressTable regardless of the aging time and type configured on the interface. Setting this object value to 'true' will cause the static MAC addresses to be aged out from cpsSecureMacAddressTable according to the aging time and type specified on the interface." ::= { cpsIfConfigEntry 7 } cpsIfViolationAction OBJECT-TYPE SYNTAX INTEGER { shutdown(1), dropNotify(2), drop(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Determines the action that the device will take if the traffic matches the port security violation. shutdown(1) - the interface will be forced to shut down. dropNotify(2) - the matched traffic will be dropped and cpsSecureMacAddrViolation notification will be generated. drop(3) - the matched traffic will be dropped." ::= { cpsIfConfigEntry 8 } cpsIfViolationCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of violations occurred on a secure interface. The counter will be initialized to zero when the port security feature is enabled on an interface. This MIB object is only instantiated if the device can provide this violation statistics on the interface." ::= { cpsIfConfigEntry 9 } cpsIfSecureLastMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the last MAC address that is seen on this interface. This object is also used as a variable in the cpsSecureMacAddrViolation notification to contain the value of the MAC address which caused the violation." ::= { cpsIfConfigEntry 10 } cpsIfClearSecureAddresses OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS deprecated -- superceded by -- cpsIfClearSecureMacAddresses DESCRIPTION "Set to 'true' to delete all secure addresses on this interface. Setting this object to 'false' has no effect. This object always returns 'false' when read." ::= { cpsIfConfigEntry 11 } cpsIfUnicastFloodingEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to true(1) will configure the interface not to block unicast flooded traffic when the secure address count reaches the threshold. Setting this object to false(2) will configure the interface to block unicast flooded traffic when the secure address count reaches the threshold." ::= { cpsIfConfigEntry 12 } cpsIfShutdownTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "The interval in which the cpsIfPortSecurityStatus may remain in shutdown(3). After the expiration of the time, all the security configuration of this port is re-installed and the port is enabled. If the value of this object is 0, the port is shut down permanently." ::= { cpsIfConfigEntry 13 } cpsIfClearSecureMacAddresses OBJECT-TYPE SYNTAX ClearSecureMacAddrType MAX-ACCESS read-write STATUS current DESCRIPTION "This objects allows the user to delete secure MAC addresses based on the type specified." ::= { cpsIfConfigEntry 14 } cpsIfStickyEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set to 'true' to enable and 'false' to disable Sticky port security feature on this interface. Enabling this feature allows the device to secure learned MAC addresses on this interface permanently. In order to remove the sticky addresses on this interface, user has to manually delete the sticky MAC address(es) or disable the sticky feature itself. Manual deletion of all addresses can be accomplished by cpsIfClearSecureMacAddresses object. Manual of single address can be accomplished by cpsIfVlanSecureMacAddrRowStatus object." ::= { cpsIfConfigEntry 15 } cpsIfInvalidSrcRateLimitEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Set to 'true' to enable and 'false' to disable rate limiting for invalid source MAC addresses received on this interface. Enabling this feature will help to rate limit packets which comes with invalid src MAC address on this interface." ::= { cpsIfConfigEntry 16 } cpsIfInvalidSrcRateLimitValue OBJECT-TYPE SYNTAX Integer32 (-1..1000) UNITS "Packets per second" MAX-ACCESS read-write STATUS current DESCRIPTION "If cpsIfInvalidSrcRateLimitEnable is set to 'true' then this value is used to limit the rate at which packets with invalid source MAC addresses are processed on this interface. Upon exceeding the rate, the port is shutdown. If cpsIfInvalidSrcRateLimitEnable is set to 'false' then this value will be -1." ::= { cpsIfConfigEntry 17 } cpsIfSecureLastMacAddrVlanId OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the VLAN where the last MAC address that is seen on this interface. This object is also used as a variable in the cpsIfVlanSecureMacAddrViolation notification to contain the value of the VLAN received the mac address which caused the violation." ::= { cpsIfConfigEntry 18 } -- Port Security Mac Address Table. -- This table is used to both configure and display secure MAC addresses -- on an interface. cpsSecureMacAddressTable OBJECT-TYPE SYNTAX SEQUENCE OF CpsSecureMacAddressEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "A list of port security entries containing the secure MAC address information." ::= { cpsInterfaceObjects 2 } cpsSecureMacAddressEntry OBJECT-TYPE SYNTAX CpsSecureMacAddressEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Entry containing secure MAC address information for a particular interface. A secure MAC address can be configured by the user and can be added by the agent when the device learns a new secured MAC address. Note that the secure MAC addresses can be configured on an interface even if port security feature is disabled." INDEX { ifIndex, cpsSecureMacAddress } ::= { cpsSecureMacAddressTable 1 } CpsSecureMacAddressEntry ::= SEQUENCE { cpsSecureMacAddress MacAddress, cpsSecureMacAddrType INTEGER, cpsSecureMacAddrRemainingAge Integer32, cpsSecureMacAddrRowStatus RowStatus } cpsSecureMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "This object indicates a secure MAC address configured or learned on an interface." ::= { cpsSecureMacAddressEntry 1 } cpsSecureMacAddrType OBJECT-TYPE SYNTAX INTEGER { static(1), dynamic(2) } MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This object indicates if the secure MAC address is a configured (static) or learned (dynamic) address on this interface." ::= { cpsSecureMacAddressEntry 2 } cpsSecureMacAddrRemainingAge OBJECT-TYPE SYNTAX Integer32 (0..1440) UNITS "minutes" MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This object indicates the remaining age of the secure MAC address if aging is enabled on that port. A value of 0 indicates that aging is disabled for this MAC address entry." ::= { cpsSecureMacAddressEntry 3 } cpsSecureMacAddrRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS deprecated DESCRIPTION "This object is a conceptual row entry that allows to add or delete entries to or from the cpsSecureMacAddressTable. 1. When creating an entry in this table 'createAndGo' method is used and the value of this object is set to 'active'. Deactivation of an 'active' entry is not allowed. 2. When deleting an entry in this table 'destroy' method is used." ::= { cpsSecureMacAddressEntry 4 } cpsIfVlanSecureMacAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF CpsIfVlanSecureMacAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of port security entries containing the secure MAC address information. This table is simular to cpsSecureMacAddressTable except that cpsIfVlanSecureVlanIndex is part of the INDEX clause. This table is used to configure a secure MAC address on either an access interface or trunking interface which support port security feature." ::= { cpsInterfaceObjects 3 } cpsIfVlanSecureMacAddrEntry OBJECT-TYPE SYNTAX CpsIfVlanSecureMacAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing secure MAC address information for a particular interface. A secure MAC address can be configured by the user and can be added by the agent when the device learns a new secure MAC address. Note that the secure MAC addresses can be configured on an interface even if the port security feature is disabled." INDEX { ifIndex, cpsIfVlanSecureMacAddress, cpsIfVlanSecureVlanIndex } ::= { cpsIfVlanSecureMacAddrTable 1 } CpsIfVlanSecureMacAddrEntry ::= SEQUENCE { cpsIfVlanSecureMacAddress MacAddress, cpsIfVlanSecureVlanIndex VlanIndex, cpsIfVlanSecureMacAddrType INTEGER, cpsIfVlanSecureMacAddrRemainAge Unsigned32, cpsIfVlanSecureMacAddrRowStatus RowStatus } cpsIfVlanSecureMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates a secure MAC address configured or learned on an interface." ::= { cpsIfVlanSecureMacAddrEntry 1 } cpsIfVlanSecureVlanIndex OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the vlan configured on an interface." ::= { cpsIfVlanSecureMacAddrEntry 2 } cpsIfVlanSecureMacAddrType OBJECT-TYPE SYNTAX INTEGER { static(1), dynamic(2), sticky(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates if the secure MAC address is a configured 'static' or learned 'dynamic' or learned and retained across reboots 'sticky'." ::= { cpsIfVlanSecureMacAddrEntry 3 } cpsIfVlanSecureMacAddrRemainAge OBJECT-TYPE SYNTAX Unsigned32 UNITS "minutes" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the remaining age of the secure MAC address if aging is enabled on that port. A value of 0 indicates that aging is disabled for this MAC address entry." ::= { cpsIfVlanSecureMacAddrEntry 4 } cpsIfVlanSecureMacAddrRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is a conceptual row entry that allows adding or deleting entries to or from the cpsIfVlanSecureMacAddressTable. 1. When creating an entry in this table the 'createAndGo' method is used and the value of this object is set to 'active'. Deactivation of an 'active' entry is not allowed. 2. When deleting an entry in this table 'destroy' method is used." ::= { cpsIfVlanSecureMacAddrEntry 5 } -- Port Security Trunk Interface VLAN Table -- cpsIfVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF CpsIfVlanEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Each entry in this table represents port-security information for each vlan that is allowed on trunk interface. The number of entries is determined by the number of allowed VLANs on trunk interface in the system . An Entry in the table gets created when a vlan becomes allowed and gets deleted when a vlan becomes disallowed on a trunk port. User cannot create new entries in this table, but can only read and modify existing entries. This table is obsolete and replaced with cpsIfMultiVlanTable." ::= { cpsInterfaceObjects 4 } cpsIfVlanEntry OBJECT-TYPE SYNTAX CpsIfVlanEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "Entry containing port security information for a particular VLAN within a trunk port." INDEX { ifIndex, cpsIfVlanIndex } ::= { cpsIfVlanTable 1 } CpsIfVlanEntry ::= SEQUENCE { cpsIfVlanIndex VlanIndex, cpsIfVlanMaxSecureMacAddr Unsigned32, cpsIfVlanCurSecureMacAddrCount Unsigned32 } cpsIfVlanIndex OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "The ID of a VLAN within this trunk port." REFERENCE "IEEE 802.1Q/D11 Section 9.3.2.3" ::= { cpsIfVlanEntry 1 } cpsIfVlanMaxSecureMacAddr OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS read-write STATUS obsolete DESCRIPTION "The maximum number of MAC addresses to be secured in the VLAN indicated by cpsIfVlanIndex on this interface. If cpsIfVlanMaxSecureMacAddr is not set, its value is 1. If cpsIfVlanMaxSecureMacAddr is not set, then the cpsIfMaxSecureMacAddr applies to this VLAN. If cpsIfVlanMaxSecureMacAddr is set and is less than cpsIfMaxSecureMacAddr, then the cpsIfVlanMaxSecureMacAddr applies to this VLAN. If cpsIfVlanMaxSecureMacAddr is set and is greater than cpsIfMaxSecureMacAddr, then the cpsIfMaxSecureMacAddr applies to this VLAN." ::= { cpsIfVlanEntry 2 } cpsIfVlanCurSecureMacAddrCount OBJECT-TYPE SYNTAX Unsigned32 (0..2147483647) MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The current number of MAC addresses secured in the VLAN indicated by cpsIfVlanIndex on this interface." ::= { cpsIfVlanEntry 3 } -- Port Security Interface Multi Vlan Table -- cpsIfMultiVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF CpsIfMultiVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in this table represents port-security information such as the maximum value of secured mac address allowed, the current number of secure mac address applied on a VLAN that is allowed on multi-vlan interface as well as a mechanism to clear the secure mac address on such VLANs." ::= { cpsInterfaceObjects 5 } cpsIfMultiVlanEntry OBJECT-TYPE SYNTAX CpsIfMultiVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing port security information for a particular VLAN within a multi-vlan port. When secured mac addresses are learned or configured on such interface denoted by ifIndex and an allowed VLAN in this interface denoted by cpsIfMultiVlanIndex, an entry will be automatically created in this table. If there is no corresponding entry in this table for a specific interface and VLAN, the maximum number of secured MAC addresses allowed in such interface and VLAN will be limited in the manner which the device limits the aggregate maximum number of secured MAC address allowed in this specific interface." INDEX { ifIndex, cpsIfMultiVlanIndex } ::= { cpsIfMultiVlanTable 1 } CpsIfMultiVlanEntry ::= SEQUENCE { cpsIfMultiVlanIndex VlanIndex, cpsIfMultiVlanMaxSecureMacAddr Unsigned32, cpsIfMultiVlanSecureMacAddrCount Unsigned32, cpsIfMultiVlanClearSecureMacAddr ClearSecureMacAddrType, cpsIfMultiVlanRowStatus RowStatus } cpsIfMultiVlanIndex OBJECT-TYPE SYNTAX VlanIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The VLAN ID of an allowed VLAN for this multi-vlan port." REFERENCE "IEEE 802.1Q/D11 Section 9.3.2.3" ::= { cpsIfMultiVlanEntry 1 } cpsIfMultiVlanMaxSecureMacAddr OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum number (N) of MAC addresses to be secured in the VLAN indicated by cpsIfMultiVlanIndex object on this interface. Setting the value of this object to zero indicates that there is no specific restriction on the maximum number of MAC adddress to be secured for this particular VLAN in this interface. In this case, the maximum number of secured MAC addresses allowed in this VLAN will be limited in the manner which the device limits the aggregate maximum number of secured MAC address allowed in this interface. Changing this object value from N to M (M is greater than 0) is not allowed if M is smaller than N, and M is less than the value of cpsIfMultiVlanSecureMacAddrCount on this VLAN. One way to change the number in this case is by deleting sufficient number of secure mac addresses configured or learned on the VLAN. If cpsIfMultiVlanMaxSecureMacAddr is less than cpsIfMaxSecureMacAddr, then the aggregate maximum number of secure mac address allowed in this interface is limited by the value of cpsIfMaxSecureMacAddr, and the maximum number of secure mac address allowed in this VLAN for this interface is the value of cpsIfMultiVlanMaxSecureMacAddr object. If cpsIfMultiVlanMaxSecureMacAddr is greater than cpsIfMaxSecureMacAddr, then this object value does not have any effect. The aggregate maximum number of secure mac address allowed in all VLANs for this interface is limited by the value of cpsIfMaxSecureMacAddr object." DEFVAL { 1 } ::= { cpsIfMultiVlanEntry 2 } cpsIfMultiVlanSecureMacAddrCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of MAC addresses secured in the VLAN indicated by cpsIfMultiVlanIndex object on this interface." ::= { cpsIfMultiVlanEntry 3 } cpsIfMultiVlanClearSecureMacAddr OBJECT-TYPE SYNTAX ClearSecureMacAddrType MAX-ACCESS read-create STATUS current DESCRIPTION "This objects allows the user to delete secure MAC addresses based on the type specified per interface per VLAN." DEFVAL { done } ::= { cpsIfMultiVlanEntry 4 } cpsIfMultiVlanRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The object is used to manage the creation and deletion of row in this table. It only supports 'active', 'destroy', and 'createAndGo' value. Entry in the table gets created by setting cpsIfMultiVlanRowStatus object to 'createAndGo'. Entry in this table gets deleted by setting cpsIfMultiVlanRowStatus object to 'destroy' or when a VLAN indicated by cpsIfMultiVlanIndex object becomes disallowed on a multi-vlan port. If the value of cpsIfMultiVlanSecureMacAddrCount object in the same row is greater than zero, this entry cannot be deleted. Value of cpsIfMultiVlanMaxSecureMacAddr object can be modified when the value of this RowStatus object is 'active'." ::= { cpsIfMultiVlanEntry 5 } -- -- Notifications -- cpsInterfaceNotifs OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBNotifs 0 } cpsSecureMacAddrViolation NOTIFICATION-TYPE OBJECTS { ifIndex, ifName, cpsIfSecureLastMacAddress } STATUS current DESCRIPTION "The address violation notification is generated when port security address violation is detected on a secure non-trunk, access interface (that carries a single vlan) and the cpsIfViolationAction is set to 'dropNotify'." ::= { cpsInterfaceNotifs 1 } cpsTrunkSecureMacAddrViolation NOTIFICATION-TYPE OBJECTS { ifName, vtpVlanName, cpsIfSecureLastMacAddress } STATUS deprecated DESCRIPTION "The address violation notification is generated when port security address violation is detected on a secure trunk or a multi-vlan interface and the cpsIfViolationAction is set to 'dropNotify'." ::= { cpsInterfaceNotifs 2 } cpsIfVlanSecureMacAddrViolation NOTIFICATION-TYPE OBJECTS { ifName, cpsIfSecureLastMacAddrVlanId, cpsIfSecureLastMacAddress } STATUS current DESCRIPTION "The address violation notification is generated when port security address violation is detected on a multi-vlan interface and the cpsIfViolationAction is set to 'dropNotify'." ::= { cpsInterfaceNotifs 3 } -- -- Conformance -- ciscoPortSecurityMIBCompliances OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBConform 1 } ciscoPortSecurityMIBGroups OBJECT IDENTIFIER ::= { ciscoPortSecurityMIBConform 2 } ciscoPortSecurityMIBCompliance MODULE-COMPLIANCE STATUS deprecated -- superceded -- by ciscoPortSecurityMIBCompliance1 DESCRIPTION "The compliance statement for the Port Security MIB." MODULE -- this module MANDATORY-GROUPS { cpsGlobalGroup, cpsInterfaceGroup } GROUP cpsExtInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable of keeping track of the last secure MAC address learned or configured on the interface." GROUP cpsNotificationGroup DESCRIPTION "This is mandatory only for the device that supports 'dropNotify' of cpsIfViolationAction." GROUP cpsExtConfigInterfaceGroup DESCRIPTION "This group is a optional." OBJECT cpsGlobalPortSecurityEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required. This may be read-only." OBJECT cpsGlobalSNMPNotifRate MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsGlobalSNMPNotifControl MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureMacAddrAgingType MIN-ACCESS read-only DESCRIPTION "read-write is not required if the device only support one aging type." OBJECT cpsIfViolationAction SYNTAX INTEGER { shutdown(1) } DESCRIPTION "The support of the values 'dropNotify' and/or 'drop' is not required if the device does not support the configuration of 'dropNotify' and/or 'drop'." OBJECT cpsIfViolationCount DESCRIPTION "An implementation of violation count is required only if the device can provide the number of the violations occurred on the device." OBJECT cpsIfStaticMacAddrAgingEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureLastMacAddress DESCRIPTION "An implementation of this object is not mandatory." OBJECT cpsIfClearSecureAddresses MIN-ACCESS read-only DESCRIPTION "read-write access is not required if the device does not support the command to clear all secure address on the interface." ::= { ciscoPortSecurityMIBCompliances 1 } ciscoPortSecurityMIBCompliance1 MODULE-COMPLIANCE STATUS deprecated -- superceded -- by ciscoPortSecurityMIBCompliance2 DESCRIPTION "The compliance statement for the Port Security MIB." MODULE -- this module MANDATORY-GROUPS { cpsGlobalGroup, cpsInterfaceGroup1, cpsIfVlanSecureMacAddrGroup } GROUP cpsExtInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable of keeping track of the last secure MAC address learned or configured on the interface." GROUP cpsNotificationGroup DESCRIPTION "This is mandatory only for the device that supports 'dropNotify' of cpsIfViolationAction." GROUP cpsUnicastFloodingInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable of blocking unicast flooded traffic when the secure address count reaches the threshold on the interface." GROUP cpsShutdownTimeoutInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable to support shutdown timeout on the interface." OBJECT cpsGlobalPortSecurityEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required. This may be read-only." OBJECT cpsGlobalSNMPNotifRate MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsGlobalSNMPNotifControl MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureMacAddrAgingType MIN-ACCESS read-only DESCRIPTION "read-write is not required if the device only support one aging type." OBJECT cpsIfViolationAction SYNTAX INTEGER { shutdown(1) } DESCRIPTION "The support of the values 'dropNotify' and/or 'drop' is not required if the device does not support the configuration of 'dropNotify' and/or 'drop'." OBJECT cpsIfViolationCount DESCRIPTION "An implementation of violation count is required only if the device can provide the number of the violations occurred on the device." OBJECT cpsIfStaticMacAddrAgingEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureLastMacAddress DESCRIPTION "An implementation of this object is not mandatory." OBJECT cpsIfClearSecureAddresses MIN-ACCESS read-only DESCRIPTION "read-write access is not required if the device does not support the command to clear all secure address on the interface." ::= { ciscoPortSecurityMIBCompliances 2 } ciscoPortSecurityMIBCompliance2 MODULE-COMPLIANCE STATUS obsolete -- superceded -- by ciscoPortSecurityMIBCompliance3 DESCRIPTION "The compliance statement for the Port Security MIB." MODULE -- this module MANDATORY-GROUPS { cpsGlobalGroup, cpsInterfaceGroup2, cpsIfVlanSecureMacAddrGroup } GROUP cpsExtInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable of keeping track of the last secure MAC address learned or configured on the interface." GROUP cpsNotificationGroup DESCRIPTION "This is mandatory only for the device that supports 'dropNotify' of cpsIfViolationAction." GROUP cpsUnicastFloodingInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable of blocking unicast flooded traffic when the secure address count reaches the threshold on the interface." GROUP cpsShutdownTimeoutInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable to support shutdown timeout on the interface." OBJECT cpsGlobalPortSecurityEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required. This may be read-only." OBJECT cpsGlobalSNMPNotifRate MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsGlobalSNMPNotifControl MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureMacAddrAgingType MIN-ACCESS read-only DESCRIPTION "read-write is not required if the device only support one aging type." OBJECT cpsIfViolationAction SYNTAX INTEGER { shutdown(1) } DESCRIPTION "The support of the values 'dropNotify' and/or 'drop' is not required if the device does not support the configuration of 'dropNotify' and/or 'drop'." OBJECT cpsIfViolationCount DESCRIPTION "An implementation of violation count is required only if the device can provide the number of the violations occurred on the device." OBJECT cpsIfStaticMacAddrAgingEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureLastMacAddress DESCRIPTION "An implementation of this object is not mandatory." GROUP cpsIfVlanGroup DESCRIPTION "This group is mandatory only for the device that is capable to support trunk port security on the interfaces." GROUP cpsGlobalClearAddressGroup DESCRIPTION "This group is mandatory only for the device that is capable of clearing secure addresses from the system." OBJECT cpsGlobalClearSecureMacAddresses MIN-ACCESS read-only DESCRIPTION "read-write access is not required if the device does not support the command to clear all secure address on the interface." OBJECT cpsIfClearSecureMacAddresses MIN-ACCESS read-only DESCRIPTION "read-write access is not required if the device does not support the command to clear all secure address on the interface." ::= { ciscoPortSecurityMIBCompliances 3 } ciscoPortSecurityMIBCompliance3 MODULE-COMPLIANCE STATUS obsolete -- superceded by -- ciscoPortSecurityMIBCompliance4 DESCRIPTION "The compliance statement for the Port Security MIB." MODULE -- this module MANDATORY-GROUPS { cpsGlobalGroup, cpsInterfaceGroup2, cpsIfVlanSecureMacAddrGroup } GROUP cpsExtInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable of keeping track of the last secure MAC address learned or configured on the interface." GROUP cpsNotificationGroup DESCRIPTION "This is mandatory only for the device that supports 'dropNotify' of cpsIfViolationAction." GROUP cpsUnicastFloodingInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable of blocking unicast flooded traffic when the secure address count reaches the threshold on the interface." GROUP cpsShutdownTimeoutInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable to support shutdown timeout on the interface." OBJECT cpsGlobalPortSecurityEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required. This may be read-only." OBJECT cpsGlobalSNMPNotifRate MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsGlobalSNMPNotifControl MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureMacAddrAgingType MIN-ACCESS read-only DESCRIPTION "read-write is not required if the device only support one aging type." OBJECT cpsIfViolationAction SYNTAX INTEGER { shutdown(1) } DESCRIPTION "The support of the values 'dropNotify' and/or 'drop' is not required if the device does not support the configuration of 'dropNotify' and/or 'drop'." OBJECT cpsIfViolationCount DESCRIPTION "An implementation of violation count is required only if the device can provide the number of the violations occurred on the device." OBJECT cpsIfStaticMacAddrAgingEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureLastMacAddress DESCRIPTION "An implementation of this object is not mandatory." GROUP cpsIfVlanGroup DESCRIPTION "This group is mandatory only for the device that is capable to support trunk port security on the interfaces." GROUP cpsGlobalClearAddressGroup DESCRIPTION "This group is mandatory only for the device that is capable of clearing secure addresses from the system." OBJECT cpsGlobalClearSecureMacAddresses MIN-ACCESS read-only DESCRIPTION "read-write access is not required if the device does not support the command to clear all secure address on the interface." OBJECT cpsIfClearSecureMacAddresses MIN-ACCESS read-only DESCRIPTION "read-write access is not required if the device does not support the command to clear all secure address on the interface." GROUP cpsTrunkSecureNotificationGroup DESCRIPTION "This group is mandatory only if the device supports port-security feature on a trunk or multi-vlan port and also supports the 'dropNotify' option for the object cpsIfViolationAction." ::= { ciscoPortSecurityMIBCompliances 4 } ciscoPortSecurityMIBCompliance4 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the Port Security MIB." MODULE -- this module MANDATORY-GROUPS { cpsGlobalGroup, cpsInterfaceGroup2, cpsIfVlanSecureMacAddrGroup } GROUP cpsExtInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable of keeping track of the last secure MAC address learned or configured on the interface." GROUP cpsNotificationGroup DESCRIPTION "This is mandatory only for the device that supports 'dropNotify' of cpsIfViolationAction." GROUP cpsUnicastFloodingInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable of blocking unicast flooded traffic when the secure address count reaches the threshold on the interface." GROUP cpsShutdownTimeoutInterfaceGroup DESCRIPTION "This group is mandatory only for the device that is capable to support shutdown timeout on the interface." OBJECT cpsGlobalPortSecurityEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required. This may be read-only." OBJECT cpsGlobalSNMPNotifRate MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsGlobalSNMPNotifControl MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureMacAddrAgingType MIN-ACCESS read-only DESCRIPTION "read-write is not required if the device only support one aging type." OBJECT cpsIfViolationAction SYNTAX INTEGER { shutdown(1) } DESCRIPTION "The support of the values 'dropNotify' and/or 'drop' is not required if the device does not support the configuration of 'dropNotify' and/or 'drop'." OBJECT cpsIfViolationCount DESCRIPTION "An implementation of violation count is required only if the device can provide the number of the violations occurred on the device." OBJECT cpsIfStaticMacAddrAgingEnable MIN-ACCESS read-only DESCRIPTION "read-write access is not required." OBJECT cpsIfSecureLastMacAddress DESCRIPTION "An implementation of this object is not mandatory." GROUP cpsIfMultiVlanGroup DESCRIPTION "This group is mandatory only for the device that is capable to support port security on the multi-vlan interfaces as well as capable to support the maximum number of secure mac address specified on per interface per VLAN." GROUP cpsGlobalClearAddressGroup DESCRIPTION "This group is mandatory only for the device that is capable of clearing secure addresses from the system." OBJECT cpsGlobalClearSecureMacAddresses MIN-ACCESS read-only DESCRIPTION "read-write access is not required if the device does not support the command to clear all secure address on the interface." OBJECT cpsIfClearSecureMacAddresses MIN-ACCESS read-only DESCRIPTION "read-write access is not required if the device does not support the command to clear all secure address on the interface." GROUP cpsIfVlanSecureNotificationGroup DESCRIPTION "This group is mandatory only if the device supports port-security feature on a multi-vlan port and also supports the 'dropNotify' option for the object cpsIfViolationAction." GROUP cpsExtInterfaceGroup1 DESCRIPTION "This group is mandatory only for the device that is capable of keeping track of the VLAN-id where last MAC address that is seen on the interface." ::= { ciscoPortSecurityMIBCompliances 5 } -- -- Units of Conformance -- cpsGlobalGroup OBJECT-GROUP OBJECTS { cpsGlobalMaxSecureAddress, cpsGlobalTotalSecureAddress, cpsGlobalPortSecurityEnable, cpsGlobalSNMPNotifRate, cpsGlobalSNMPNotifControl } STATUS current DESCRIPTION "A collection of objects for use with the Port Security feature." ::= { ciscoPortSecurityMIBGroups 1 } cpsInterfaceGroup OBJECT-GROUP OBJECTS { cpsIfPortSecurityEnable, cpsIfPortSecurityStatus, cpsIfMaxSecureMacAddr, cpsIfCurrentSecureMacAddrCount, cpsIfSecureMacAddrAgingType, cpsIfSecureMacAddrAgingTime, cpsIfStaticMacAddrAgingEnable, cpsIfViolationAction, cpsIfViolationCount, cpsIfClearSecureAddresses, cpsSecureMacAddrType, cpsSecureMacAddrRemainingAge, cpsSecureMacAddrRowStatus } STATUS deprecated DESCRIPTION "********* THIS GROUP IS DEPRECATED ********** A collection of objects for use with the Port Security feature." ::= { ciscoPortSecurityMIBGroups 2 } cpsExtInterfaceGroup OBJECT-GROUP OBJECTS { cpsIfSecureLastMacAddress } STATUS current DESCRIPTION "A collection of objects providing the additional information for the Port Security feature." ::= { ciscoPortSecurityMIBGroups 3 } cpsNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { cpsSecureMacAddrViolation } STATUS current DESCRIPTION "A collection of notifications for use with the Port Security feature." ::= { ciscoPortSecurityMIBGroups 4 } cpsUnicastFloodingInterfaceGroup OBJECT-GROUP OBJECTS { cpsIfUnicastFloodingEnable } STATUS current DESCRIPTION "A collection of objects providing the unicast flooding information for the Port Security feature." ::= { ciscoPortSecurityMIBGroups 5 } cpsShutdownTimeoutInterfaceGroup OBJECT-GROUP OBJECTS { cpsIfShutdownTimeout } STATUS current DESCRIPTION "A collection of objects providing the shutdown timeout information for the Port Security feature." ::= { ciscoPortSecurityMIBGroups 6 } cpsIfVlanSecureMacAddrGroup OBJECT-GROUP OBJECTS { cpsIfVlanSecureMacAddrType, cpsIfVlanSecureMacAddrRemainAge, cpsIfVlanSecureMacAddrRowStatus } STATUS current DESCRIPTION "A collection of objects for use with the Port Security feature." ::= { ciscoPortSecurityMIBGroups 8 } cpsInterfaceGroup1 OBJECT-GROUP OBJECTS { cpsIfPortSecurityEnable, cpsIfPortSecurityStatus, cpsIfMaxSecureMacAddr, cpsIfCurrentSecureMacAddrCount, cpsIfSecureMacAddrAgingType, cpsIfSecureMacAddrAgingTime, cpsIfStaticMacAddrAgingEnable, cpsIfViolationAction, cpsIfViolationCount, cpsIfClearSecureAddresses } STATUS deprecated -- superceded -- by cpsInterfaceGroup2 DESCRIPTION "********* THIS GROUP IS DEPRECATED ********** A collection of objects for use with the Port Security configuration." ::= { ciscoPortSecurityMIBGroups 9 } cpsExtConfigInterfaceGroup OBJECT-GROUP OBJECTS { cpsIfShutdownTimeout, cpsIfUnicastFloodingEnable } STATUS deprecated DESCRIPTION "********* THIS GROUP IS DEPRECATED ********** A collection of objects providing the additional information for the Port Security feature." ::= { ciscoPortSecurityMIBGroups 10 } cpsIfVlanGroup OBJECT-GROUP OBJECTS { cpsIfVlanMaxSecureMacAddr, cpsIfVlanCurSecureMacAddrCount } STATUS obsolete DESCRIPTION "A collection of objects providing additional trunk VLAN information for the Port Security feature on a given interface." ::= { ciscoPortSecurityMIBGroups 11 } cpsGlobalClearAddressGroup OBJECT-GROUP OBJECTS { cpsGlobalClearSecureMacAddresses } STATUS current DESCRIPTION "A collection of objects for clearing addresses on the device." ::={ ciscoPortSecurityMIBGroups 12 } cpsInterfaceGroup2 OBJECT-GROUP OBJECTS { cpsIfPortSecurityEnable, cpsIfPortSecurityStatus, cpsIfMaxSecureMacAddr, cpsIfCurrentSecureMacAddrCount, cpsIfSecureMacAddrAgingType, cpsIfSecureMacAddrAgingTime, cpsIfStaticMacAddrAgingEnable, cpsIfViolationAction, cpsIfViolationCount, cpsIfClearSecureMacAddresses, cpsIfInvalidSrcRateLimitEnable, cpsIfInvalidSrcRateLimitValue, cpsIfStickyEnable } STATUS current DESCRIPTION "A collection of objects for use with the Port Security configuration." ::= { ciscoPortSecurityMIBGroups 13 } cpsTrunkSecureNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { cpsTrunkSecureMacAddrViolation } STATUS deprecated DESCRIPTION "A collection of trunk or multi-vlan port related notifications for use with the port-security feature." ::= { ciscoPortSecurityMIBGroups 14 } cpsIfMultiVlanGroup OBJECT-GROUP OBJECTS { cpsIfMultiVlanMaxSecureMacAddr, cpsIfMultiVlanSecureMacAddrCount, cpsIfMultiVlanClearSecureMacAddr, cpsIfMultiVlanRowStatus } STATUS current DESCRIPTION "A collection of objects providing additional per interface per VLAN port security feature information on a multi-vlan interface." ::= { ciscoPortSecurityMIBGroups 15 } cpsIfVlanSecureNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { cpsIfVlanSecureMacAddrViolation } STATUS current DESCRIPTION "A collection of trunk or multi-vlan port related notifications for use with the port-security feature." ::= { ciscoPortSecurityMIBGroups 16 } cpsExtInterfaceGroup1 OBJECT-GROUP OBJECTS { cpsIfSecureLastMacAddrVlanId } STATUS current DESCRIPTION "A collection of objects providing the information of the VLAN-id for the last MAC address seen on the interface." ::= { ciscoPortSecurityMIBGroups 17 } END