idnits 2.17.1 draft-ietf-bridge-bridgemib-smiv2-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1.a on line 18. -- Found old boilerplate from RFC 3978, Section 5.5 on line 2060. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 2037. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 2044. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 2050. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: This document is an Internet-Draft and is subject to all provisions of Section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 12, 2005) is 7036 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE8021D' -- Obsolete informational reference (is this intentional?): RFC 1493 (Obsoleted by RFC 4188) Summary: 5 errors (**), 0 flaws (~~), 3 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group K. Norseth, Ed. 3 Internet-Draft L-3 Communications 4 Obsoletes: 1493 (if approved) E. Bell, Ed. 5 Expires: July 13, 2005 3Com Europe Limited 6 January 12, 2005 8 Definitions of Managed Objects for Bridges 9 draft-ietf-bridge-bridgemib-smiv2-09.txt 11 Status of this Memo 13 This document is an Internet-Draft and is subject to all provisions 14 of section 3 of RFC 3667. By submitting this Internet-Draft, each 15 author represents that any applicable patent or other IPR claims of 16 which he or she is aware have been or will be disclosed, and any of 17 which he or she become aware will be disclosed, in accordance with 18 RFC 3668. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as 23 Internet-Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt. 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 This Internet-Draft will expire on July 13, 2005. 38 Copyright Notice 40 Copyright (C) The Internet Society (2005). 42 Abstract 44 This memo defines a portion of the Management Information Base (MIB) 45 for use with network management protocols in TCP/IP based internets. 46 In particular it defines objects for managing MAC bridges based on 47 the IEEE 802.1D-1998 standard between Local Area Network (LAN) 48 segments. Provisions are made for support of transparent bridging. 49 Provisions are also made so that these objects apply to bridges 50 connected by subnetworks other than LAN segments. 52 The MIB module presented in this memo is a translation of the 53 BRIDGE-MIB defined in RFC 1493 to the SMIv2 syntax. 55 This memo obsoletes RFC 1493. 57 Table of Contents 59 1. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 2. The Internet-Standard Management Framework . . . . . . . . . . 3 61 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 3.1 Structure of the MIB Module . . . . . . . . . . . . . . . 4 63 3.1.1 The dot1dBase Subtree . . . . . . . . . . . . . . . . 6 64 3.1.2 The dot1dStp Subtree . . . . . . . . . . . . . . . . . 6 65 3.1.3 The dot1dSr Subtree . . . . . . . . . . . . . . . . . 6 66 3.1.4 The dot1dTp Subtree . . . . . . . . . . . . . . . . . 7 67 3.1.5 The dot1dStatic Subtree . . . . . . . . . . . . . . . 7 68 3.2 Relationship to Other MIB Modules . . . . . . . . . . . . 7 69 3.2.1 Relationship to the SNMPv2-MIB . . . . . . . . . . . . 7 70 3.2.2 Relationship to the IF-MIB . . . . . . . . . . . . . . 7 71 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 8 72 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39 73 6. Security Considerations . . . . . . . . . . . . . . . . . . . 39 74 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 40 75 8. Contact Information . . . . . . . . . . . . . . . . . . . . . 41 76 9. Changes from RFC 1493 . . . . . . . . . . . . . . . . . . . . 42 77 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 42 78 10.1 Normative References . . . . . . . . . . . . . . . . . . . . 42 79 10.2 Informative References . . . . . . . . . . . . . . . . . . . 43 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 43 81 Intellectual Property and Copyright Statements . . . . . . . . 44 83 1. Conventions 85 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 86 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 87 "OPTIONAL", when they appear in this document, are to be interpreted 88 as described in BCP 14, RFC 2119 [RFC2119]. 90 2. The Internet-Standard Management Framework 92 For a detailed overview of the documents that describe the current 93 Internet-Standard Management Framework, please refer to section 7 of 94 RFC 3410 [RFC3410]. 96 Managed objects are accessed via a virtual information store, termed 97 the Management Information Base or MIB. MIB objects are generally 98 accessed through the Simple Network Management Protocol (SNMP). 99 Objects in the MIB are defined using the mechanisms defined in the 100 Structure of Management Information (SMI). This memo specifies a MIB 101 module that is compliant to the SMIv2, which is described in STD 58, 102 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 103 [RFC2580]. 105 3. Overview 107 A common device present in many networks is the Bridge. This device 108 is used to connect Local Area Network segments below the network 109 layer. 111 There are two major modes defined for this bridging; transparent and 112 source route. The transparent method of bridging is defined in the 113 IEEE 802.1D specification [IEEE8021D]. This memo defines those 114 objects needed for the management of a bridging entity operating in 115 the transparent mode, as well as some objects applicable to all types 116 of bridges. 118 To be consistent with IAB directives and good engineering practice, 119 an explicit attempt was made to keep this MIB module as simple as 120 possible. This was accomplished by applying the following criteria 121 to objects proposed for inclusion: 123 1. Start with a small set of essential objects and add only as 124 further objects are needed. 125 2. Require objects be essential for either fault or configuration 126 management. 127 3. Consider evidence of current use and/or utility. 128 4. Limit the total number of objects. 129 5. Exclude objects which are simply derivable from others in this or 130 other MIB modules. 132 6. Avoid causing critical sections to be heavily instrumented. The 133 guideline that was followed is one counter per critical section 134 per layer. 136 3.1 Structure of the MIB Module 138 Objects in this MIB module are arranged into subtrees. Each subtree 139 is organized as a set of related objects. The overall structure and 140 assignment of objects to their subtrees is shown below. Where 141 appropriate the corresponding IEEE 802.1D [IEEE8021D] management 142 object name is also included. 144 Bridge MIB Name IEEE 802.1D Name 146 dot1dBridge 147 dot1dBase 148 BridgeAddress Bridge.BridgeAddress 149 NumPorts Bridge.NumberOfPorts 150 Type 151 PortTable 152 Port BridgePort.PortNumber 153 IfIndex 154 Circuit 155 DelayExceededDiscards .DiscardTransitDelay 156 MtuExceededDiscards .DiscardOnError 157 dot1dStp 158 ProtocolSpecification 159 Priority SpanningTreeProtocol 160 .BridgePriority 161 TimeSinceTopologyChange .TimeSinceTopologyChange 162 TopChanges .TopologyChangeCount 163 DesignatedRoot .DesignatedRoot 164 RootCost .RootCost 165 RootPort .RootPort 166 MaxAge .MaxAge 167 HelloTime .HelloTime 168 HoldTime .HoldTime 169 ForwardDelay .ForwardDelay 170 BridgeMaxAge .BridgeMaxAge 171 BridgeHelloTime .BridgeHelloTime 172 BridgeForwardDelay .BridgeForwardDelay 173 PortTable 174 Port SpanningTreeProtocolPort 175 .PortNumber 176 Priority .PortPriority 177 State .SpanningTreeState 178 Enable 179 PathCost .PortPathCost 180 DesignatedRoot .DesignatedRoot 181 DesignatedCost .DesignatedCost 182 DesignatedBridge .DesignatedBridge 183 DesignatedPort .DesignatedPort 184 ForwardTransitions 185 dot1dTp 186 LearnedEntryDiscards BridgeFilter.DatabaseSize 187 .NumDynamic,NumStatic 188 AgingTime BridgeFilter.AgingTime 189 FdbTable 190 Address 191 Port 192 Status 193 PortTable 194 Port 195 MaxInfo 196 InFrames BridgePort.FramesReceived 197 OutFrames .ForwardOutbound 198 InDiscards .DiscardInbound 199 dot1dStatic 200 StaticTable 201 Address 202 ReceivePort 203 AllowedToGoTo 204 Status 206 The following IEEE 802.1D management objects have not been included 207 in the BRIDGE-MIB module for the indicated reasons. 209 IEEE 802.1D Object Disposition 211 Bridge.BridgeName Same as sysDescr (SNMPv2-MIB) 212 Bridge.BridgeUpTime Same as sysUpTime (SNMPv2-MIB) 213 Bridge.PortAddresses Same as ifPhysAddress (IF-MIB) 214 BridgePort.PortName Same as ifDescr (IF-MIB) 215 BridgePort.PortType Same as ifType (IF-MIB) 216 BridgePort.RoutingType Derivable from the implemented 217 subtrees 219 SpanningTreeProtocol 220 .BridgeIdentifier Combination of dot1dStpPriority 221 and dot1dBaseBridgeAddress 222 .TopologyChange Since this is transitory, it 223 is not considered useful. 224 SpanningTreeProtocolPort 225 .Uptime Same as ifLastChange (IF-MIB) 226 .PortIdentifier Combination of dot1dStpPort 227 and dot1dStpPortPriority 228 .TopologyChangeAcknowledged Since this is transitory, it 229 is not considered useful. 230 .DiscardLackOfBuffers Redundant 232 Transmission Priority These objects are not required 233 as per the Pics Proforma and 234 not considered useful. 235 .TransmissionPriorityName 236 .OutboundUserPriority 237 .OutboundAccessPriority 239 3.1.1 The dot1dBase Subtree 241 This subtree contains the objects which are applicable to all types 242 of bridges. 244 3.1.2 The dot1dStp Subtree 246 This subtree contains the objects that denote the bridge's state with 247 respect to the Spanning Tree Protocol. If a node does not 248 implemented the Spanning Tree Protocol, this subtree will not be 249 implemented. 251 3.1.3 The dot1dSr Subtree 253 This subtree contains the objects that describe the entity's state 254 with respect to source route bridging. If source routing is not 255 supported this subtree will not be implemented. This subtree is 256 applicable to source route only, and SRT bridges. This subtree 257 described in RFC 1525 [RFC1525] is applicable only to source route 258 bridging. 260 3.1.4 The dot1dTp Subtree 262 This subtree contains objects that describe the entity's state with 263 respect to transparent bridging. If transparent bridging is not 264 supported this subtree will not be implemented. This subtree is 265 applicable to transparent only and SRT bridges. 267 3.1.5 The dot1dStatic Subtree 269 This subtree contains objects that describe the entity's state with 270 respect to destination-address filtering. If destination-address 271 filtering is not supported this subtree will not be implemented. 272 This subtree is applicable to any type of bridge which performs 273 destination-address filtering. 275 3.2 Relationship to Other MIB Modules 277 As described above, some IEEE 802.1D management objects have not been 278 included in this MIB module because they overlap with objects in 279 other MIB modules applicable to a bridge implementing this MIB. In 280 particular, it is assumed that a bridge implementing the BRIDGE-MIB 281 module will also implement (at least) the 'system' subtree of the 282 SNMPv2-MIB [RFC3418] and the 'interfaces' subtree of the IF-MIB 283 [RFC2863]. 285 3.2.1 Relationship to the SNMPv2-MIB 287 In the SNMPv2-MIB [RFC3418], the 'system' subtree is defined as being 288 mandatory for all systems. Thus, those objects apply to the entity 289 as a whole irrespective of whether the entity's sole functionality is 290 bridging, or whether bridging is only a subset of the entity's 291 functionality. 293 3.2.2 Relationship to the IF-MIB 295 In the Interfaces Group MIB [RFC2863], the 'interfaces' subtree is 296 defined as being mandatory for all systems and contains information 297 on an entity's interfaces, where each interface is thought of as 298 being attached to a `subnetwork'. (Note that this term is not to be 299 confused with `subnet' which refers to an addressing partitioning 300 scheme used in the Internet suite of protocols.) The term 'segment' 301 is used in this memo to refer to such a subnetwork, whether it be an 302 Ethernet segment, a 'ring', a WAN link, or even an X.25 virtual 303 circuit. 305 Implicit in this BRIDGE-MIB is the notion of ports on a bridge. Each 306 of these ports is associated with one interface of the 'interfaces' 307 subtree, and in most situations, each port is associated with a 308 different interface. However, there are situations in which multiple 309 ports are associated with the same interface. An example of such a 310 situation would be several ports each corresponding one-to-one with 311 several X.25 virtual circuits but all on the same interface. 313 Each port is uniquely identified by a port number. A port number has 314 no mandatory relationship to an interface number, but in the simple 315 case a port number will have the same value as the corresponding 316 interface's interface number. Port numbers are in the range 317 (1..dot1dBaseNumPorts). 319 Some entities perform other functionality as well as bridging through 320 the sending and receiving of data on their interfaces. In such 321 situations, only a subset of the data sent/received on an interface 322 is within the domain of the entity's bridging functionality. This 323 subset is considered to be delineated according to a set of 324 protocols, with some protocols being bridged, and other protocols not 325 being bridged. For example, in an entity which exclusively performed 326 bridging, all protocols would be considered as being bridged, whereas 327 in an entity which performed IP routing on IP datagrams and only 328 bridged other protocols, only the non-IP data would be considered as 329 being bridged. 331 Thus, this BRIDGE-MIB (and in particular, its counters) are 332 applicable only to that subset of the data on an entity's interfaces 333 which is sent/received for a protocol being bridged. All such data 334 is sent/received via the ports of the bridge. 336 4. Definitions 338 BRIDGE-MIB DEFINITIONS ::= BEGIN 340 -- ---------------------------------------------------------- -- 341 -- MIB for IEEE 802.1D devices 342 -- ---------------------------------------------------------- -- 343 IMPORTS 344 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 345 Counter32, Integer32, TimeTicks, mib-2 346 FROM SNMPv2-SMI 347 TEXTUAL-CONVENTION, MacAddress 348 FROM SNMPv2-TC 349 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 350 FROM SNMPv2-CONF 351 InterfaceIndex FROM IF-MIB 352 ; 354 dot1dBridge MODULE-IDENTITY 355 LAST-UPDATED "200501120000Z" 356 ORGANIZATION "IETF Bridge MIB Working Group" 357 CONTACT-INFO 358 "Email: bridge-mib@ietf.org 360 K.C. Norseth (Editor) 361 L-3 Communications 362 Tel: +1 801-594-2809 363 Email: kenyon.c.norseth@L-3com.com 364 Postal: 640 N. 2200 West. 365 Salt Lake City, Utah 84116-0850 367 Les Bell (Editor) 368 3Com Europe Limited 369 Phone: +44 1442 438025 370 Email: Les_Bell@3Com.com 371 Postal: 3Com Centre, Boundary Way 372 Hemel Hempstead 373 Herts. HP2 7YU 374 UK 376 Send comments to " 377 DESCRIPTION 378 "The Bridge MIB module for managing devices that support 379 IEEE 802.1D. 381 Copyright (C) The Internet Society (2004). This version of 382 this MIB module is part of RFC XXXX; see the RFC itself for 383 full legal notices." 384 REVISION "200501120000Z" 385 -- RFC Ed.: replace XXXX with RFC number and remove this note 386 DESCRIPTION 387 "Third revision, published as part of RFC XXXX. 389 The MIB module has been converted to SMIv2 format. 390 Conformance statements have been added and some 391 description and reference clauses have been updated. 393 The object dot1dStpPortPathCost32 was added to 394 support IEEE 802.1t and the permissible values of 395 dot1dStpPriority and dot1dStpPortPriority have been 396 clarified for bridges supporting IEEE 802.1t or 397 IEEE 802.1w. 399 The interpretation of dot1dStpTimeSinceTopologyChange 400 has been clarified for bridges supporting the rapid 401 spanning tree protocol (RSTP)." 403 REVISION "199307310000Z" 404 DESCRIPTION 405 "Second revision, published as part of RFC 1493." 406 REVISION "199112310000Z" 407 DESCRIPTION 408 "Initial revision, published as part of RFC 1286." 409 ::= { mib-2 17 } 411 -- ---------------------------------------------------------- -- 412 -- Textual Conventions 413 -- ---------------------------------------------------------- -- 415 BridgeId ::= TEXTUAL-CONVENTION 416 STATUS current 417 DESCRIPTION 418 "The Bridge-Identifier as used in the Spanning Tree 419 Protocol to uniquely identify a bridge. Its first two 420 octets (in network byte order) contain a priority value 421 and its last 6 octets contain the MAC address used to 422 refer to a bridge in a unique fashion (typically, the 423 numerically smallest MAC address of all ports on the 424 bridge)." 425 SYNTAX OCTET STRING (SIZE (8)) 427 Timeout ::= TEXTUAL-CONVENTION 428 DISPLAY-HINT "d" 429 STATUS current 430 DESCRIPTION 431 "A Spanning Tree Protocol (STP) timer in units of 1/100 432 seconds. Several objects in this MIB module represent 433 values of timers used by the Spanning Tree Protocol. 434 In this MIB, these timers have values in units of 435 hundredths of a second (i.e. 1/100 secs). 437 These timers, when stored in a Spanning Tree Protocol's 438 BPDU, are in units of 1/256 seconds. Note, however, that 439 802.1D-1998 specifies a settable granularity of no more 440 than one second for these timers. To avoid ambiguity, 441 a conversion algorithm is defined below for converting 442 between the different units, to ensure a timer's value 443 is not distorted by multiple conversions. 445 To convert a Timeout value into a value in units of 446 1/256 seconds, the following algorithm should be used: 448 b = floor( (n * 256) / 100) 450 where: 451 floor = quotient [ignore remainder] 452 n is the value in 1/100 second units 453 b is the value in 1/256 second units 455 To convert the value from 1/256 second units back to 456 1/100 seconds, the following algorithm should be used: 457 n = ceiling( (b * 100) / 256) 459 where: 460 ceiling = quotient [if remainder is 0], or 461 quotient + 1 [if remainder is nonzero] 462 n is the value in 1/100 second units 464 b is the value in 1/256 second units 466 Note: it is important that the arithmetic operations are 467 done in the order specified (i.e., multiply first, 468 divide second)." 469 SYNTAX Integer32 471 -- ---------------------------------------------------------- -- 472 -- subtrees in the Bridge MIB 473 -- ---------------------------------------------------------- -- 475 dot1dNotifications OBJECT IDENTIFIER ::= { dot1dBridge 0 } 477 dot1dBase OBJECT IDENTIFIER ::= { dot1dBridge 1 } 478 dot1dStp OBJECT IDENTIFIER ::= { dot1dBridge 2 } 480 dot1dSr OBJECT IDENTIFIER ::= { dot1dBridge 3 } 481 -- documented in RFC 1525 483 dot1dTp OBJECT IDENTIFIER ::= { dot1dBridge 4 } 484 dot1dStatic OBJECT IDENTIFIER ::= { dot1dBridge 5 } 486 -- Subtrees used by Bridge MIB Extensions: 487 -- pBridgeMIB MODULE-IDENTITY ::= { dot1dBridge 6 } 488 -- qBridgeMIB MODULE-IDENTITY ::= { dot1dBridge 7 } 489 -- Note that the practice of registering related MIB modules 490 -- below dot1dBridge has been discouraged since there is no 491 -- robust mechanism to track such registrations. 493 dot1dConformance OBJECT IDENTIFIER ::= { dot1dBridge 8 } 495 -- ---------------------------------------------------------- -- 496 -- the dot1dBase subtree 497 -- ---------------------------------------------------------- -- 498 -- Implementation of the dot1dBase subtree is mandatory for all 499 -- bridges. 500 -- ---------------------------------------------------------- -- 502 dot1dBaseBridgeAddress OBJECT-TYPE 504 SYNTAX MacAddress 505 MAX-ACCESS read-only 506 STATUS current 507 DESCRIPTION 508 "The MAC address used by this bridge when it must be 509 referred to in a unique fashion. It is recommended 510 that this be the numerically smallest MAC address of all 511 ports that belong to this bridge. However it is only 512 required to be unique. When concatenated with 513 dot1dStpPriority a unique BridgeIdentifier is formed 514 which is used in the Spanning Tree Protocol." 515 REFERENCE 516 "IEEE 802.1D-1998: clauses 14.4.1.1.3 and 7.12.5" 517 ::= { dot1dBase 1 } 519 dot1dBaseNumPorts OBJECT-TYPE 520 SYNTAX Integer32 521 UNITS "ports" 522 MAX-ACCESS read-only 523 STATUS current 524 DESCRIPTION 525 "The number of ports controlled by this bridging 526 entity." 527 REFERENCE 528 "IEEE 802.1D-1998: clause 14.4.1.1.3" 529 ::= { dot1dBase 2 } 531 dot1dBaseType OBJECT-TYPE 532 SYNTAX INTEGER { 533 unknown(1), 534 transparentOnly(2), 535 sourcerouteOnly(3), 536 srt(4) 537 } 538 MAX-ACCESS read-only 539 STATUS current 540 DESCRIPTION 541 "Indicates what type of bridging this bridge can 542 perform. If a bridge is actually performing a 543 certain type of bridging this will be indicated by 544 entries in the port table for the given type." 545 ::= { dot1dBase 3 } 547 -- ---------------------------------------------------------- -- 548 -- The Generic Bridge Port Table 549 -- ---------------------------------------------------------- -- 550 dot1dBasePortTable OBJECT-TYPE 551 SYNTAX SEQUENCE OF Dot1dBasePortEntry 552 MAX-ACCESS not-accessible 553 STATUS current 554 DESCRIPTION 555 "A table that contains generic information about every 556 port that is associated with this bridge. Transparent, 557 source-route, and srt ports are included." 558 ::= { dot1dBase 4 } 560 dot1dBasePortEntry OBJECT-TYPE 561 SYNTAX Dot1dBasePortEntry 562 MAX-ACCESS not-accessible 563 STATUS current 565 DESCRIPTION 566 "A list of information for each port of the bridge." 567 REFERENCE 568 "IEEE 802.1D-1998: clause 14.4.2, 14.6.1" 569 INDEX { dot1dBasePort } 570 ::= { dot1dBasePortTable 1 } 572 Dot1dBasePortEntry ::= 573 SEQUENCE { 574 dot1dBasePort 575 Integer32, 576 dot1dBasePortIfIndex 577 InterfaceIndex, 578 dot1dBasePortCircuit 579 OBJECT IDENTIFIER, 580 dot1dBasePortDelayExceededDiscards 581 Counter32, 582 dot1dBasePortMtuExceededDiscards 583 Counter32 584 } 586 dot1dBasePort OBJECT-TYPE 587 SYNTAX Integer32 (1..65535) 588 MAX-ACCESS read-only 589 STATUS current 590 DESCRIPTION 591 "The port number of the port for which this entry 592 contains bridge management information." 593 ::= { dot1dBasePortEntry 1 } 595 dot1dBasePortIfIndex OBJECT-TYPE 596 SYNTAX InterfaceIndex 597 MAX-ACCESS read-only 598 STATUS current 599 DESCRIPTION 600 "The value of the instance of the ifIndex object, 601 defined in IF-MIB, for the interface corresponding 602 to this port." 603 ::= { dot1dBasePortEntry 2 } 605 dot1dBasePortCircuit OBJECT-TYPE 606 SYNTAX OBJECT IDENTIFIER 607 MAX-ACCESS read-only 608 STATUS current 609 DESCRIPTION 610 "For a port which (potentially) has the same value of 611 dot1dBasePortIfIndex as another port on the same bridge, 612 this object contains the name of an object instance 613 unique to this port. For example, in the case where 614 multiple ports correspond one-to-one with multiple X.25 615 virtual circuits, this value might identify an (e.g., 616 the first) object instance associated with the X.25 617 virtual circuit corresponding to this port. 619 For a port which has a unique value of 620 dot1dBasePortIfIndex, this object can have the value 621 { 0 0 }." 622 ::= { dot1dBasePortEntry 3 } 624 dot1dBasePortDelayExceededDiscards OBJECT-TYPE 625 SYNTAX Counter32 626 MAX-ACCESS read-only 627 STATUS current 628 DESCRIPTION 629 "The number of frames discarded by this port due 630 to excessive transit delay through the bridge. It 631 is incremented by both transparent and source 632 route bridges." 633 REFERENCE 634 "IEEE 802.1D-1998: clause 14.6.1.1.3" 635 ::= { dot1dBasePortEntry 4 } 637 dot1dBasePortMtuExceededDiscards OBJECT-TYPE 638 SYNTAX Counter32 639 MAX-ACCESS read-only 640 STATUS current 641 DESCRIPTION 642 "The number of frames discarded by this port due 643 to an excessive size. It is incremented by both 644 transparent and source route bridges." 645 REFERENCE 646 "IEEE 802.1D-1998: clause 14.6.1.1.3" 647 ::= { dot1dBasePortEntry 5 } 649 -- ---------------------------------------------------------- -- 650 -- the dot1dStp subtree 651 -- ---------------------------------------------------------- -- 652 -- Implementation of the dot1dStp subtree is optional. It is 653 -- implemented by those bridges that support the Spanning Tree 654 -- Protocol. 655 -- ---------------------------------------------------------- -- 657 dot1dStpProtocolSpecification OBJECT-TYPE 658 SYNTAX INTEGER { 659 unknown(1), 660 decLb100(2), 661 ieee8021d(3) 662 } 663 MAX-ACCESS read-only 664 STATUS current 665 DESCRIPTION 666 "An indication of what version of the Spanning Tree 667 Protocol is being run. The value 'decLb100(2)' 668 indicates the DEC LANbridge 100 Spanning Tree protocol. 669 IEEE 802.1D implementations will return 'ieee8021d(3)'. 670 If future versions of the IEEE Spanning Tree Protocol 671 are released that are incompatible with the current 672 version a new value will be defined." 673 ::= { dot1dStp 1 } 675 dot1dStpPriority OBJECT-TYPE 676 SYNTAX Integer32 (0..65535) 677 MAX-ACCESS read-write 678 STATUS current 679 DESCRIPTION 680 "The value of the write-able portion of the Bridge ID, 681 i.e., the first two octets of the (8 octet long) Bridge 682 ID. The other (last) 6 octets of the Bridge ID are 683 given by the value of dot1dBaseBridgeAddress. 684 On bridges supporting IEEE 802.1t or IEEE 802.1w, 685 permissible values are 0-61440, in steps of 4096." 686 REFERENCE 687 "IEEE 802.1D-1998 clause 8.10.2, Table 8-4, 688 IEEE 802.1t clause 8.10.2, Table 8-4, clause 14.3." 689 ::= { dot1dStp 2 } 691 dot1dStpTimeSinceTopologyChange OBJECT-TYPE 692 SYNTAX TimeTicks 693 UNITS "centi-seconds" 694 MAX-ACCESS read-only 695 STATUS current 696 DESCRIPTION 697 "The time (in hundredths of a second) since the 698 last time a topology change was detected by the 699 bridge entity. 700 For RSTP, this reports the time since the tcWhile 701 timer for any port on this Bridge was nonzero." 702 REFERENCE 703 "IEEE 802.1D-1998 clause 14.8.1.1., 704 IEEE 802.1w clause 14.8.1.1." 705 ::= { dot1dStp 3 } 707 dot1dStpTopChanges OBJECT-TYPE 708 SYNTAX Counter32 709 MAX-ACCESS read-only 710 STATUS current 711 DESCRIPTION 712 "The total number of topology changes detected by 713 this bridge since the management entity was last 714 reset or initialized." 715 REFERENCE 716 "IEEE 802.1D-1998 clause 14.8.1.1." 717 ::= { dot1dStp 4 } 719 dot1dStpDesignatedRoot OBJECT-TYPE 720 SYNTAX BridgeId 721 MAX-ACCESS read-only 722 STATUS current 723 DESCRIPTION 724 "The bridge identifier of the root of the spanning 725 tree as determined by the Spanning Tree Protocol 726 as executed by this node. This value is used as 727 the Root Identifier parameter in all Configuration 728 Bridge PDUs originated by this node." 729 REFERENCE 730 "IEEE 802.1D-1998: clause 8.5.3.1" 731 ::= { dot1dStp 5 } 733 dot1dStpRootCost OBJECT-TYPE 734 SYNTAX Integer32 735 MAX-ACCESS read-only 736 STATUS current 737 DESCRIPTION 738 "The cost of the path to the root as seen from 739 this bridge." 740 REFERENCE 741 "IEEE 802.1D-1998: clause 8.5.3.2" 742 ::= { dot1dStp 6 } 744 dot1dStpRootPort OBJECT-TYPE 745 SYNTAX Integer32 746 MAX-ACCESS read-only 747 STATUS current 748 DESCRIPTION 749 "The port number of the port which offers the lowest 750 cost path from this bridge to the root bridge." 751 REFERENCE 752 "IEEE 802.1D-1998: clause 8.5.3.3" 753 ::= { dot1dStp 7 } 755 dot1dStpMaxAge OBJECT-TYPE 756 SYNTAX Timeout 757 UNITS "centi-seconds" 758 MAX-ACCESS read-only 759 STATUS current 760 DESCRIPTION 761 "The maximum age of Spanning Tree Protocol information 762 learned from the network on any port before it is 763 discarded, in units of hundredths of a second. This is 764 the actual value that this bridge is currently using." 765 REFERENCE 766 "IEEE 802.1D-1998: clause 8.5.3.4" 767 ::= { dot1dStp 8 } 769 dot1dStpHelloTime OBJECT-TYPE 770 SYNTAX Timeout 771 UNITS "centi-seconds" 772 MAX-ACCESS read-only 773 STATUS current 774 DESCRIPTION 775 "The amount of time between the transmission of 776 Configuration bridge PDUs by this node on any port when 777 it is the root of the spanning tree or trying to become 778 so, in units of hundredths of a second. This is the 779 actual value that this bridge is currently using." 780 REFERENCE 781 "IEEE 802.1D-1998: clause 8.5.3.5" 782 ::= { dot1dStp 9 } 784 dot1dStpHoldTime OBJECT-TYPE 785 SYNTAX Integer32 786 UNITS "centi-seconds" 787 MAX-ACCESS read-only 788 STATUS current 789 DESCRIPTION 790 "This time value determines the interval length 791 during which no more than two Configuration bridge 792 PDUs shall be transmitted by this node, in units 793 of hundredths of a second." 794 REFERENCE 795 "IEEE 802.1D-1998: clause 8.5.3.14" 796 ::= { dot1dStp 10 } 798 dot1dStpForwardDelay OBJECT-TYPE 799 SYNTAX Timeout 800 UNITS "centi-seconds" 801 MAX-ACCESS read-only 802 STATUS current 803 DESCRIPTION 804 "This time value, measured in units of hundredths of a 805 second, controls how fast a port changes its spanning 806 state when moving towards the Forwarding state. The 807 value determines how long the port stays in each of the 808 Listening and Learning states, which precede the 809 Forwarding state. This value is also used, when a 810 topology change has been detected and is underway, to 811 age all dynamic entries in the Forwarding Database. 812 [Note that this value is the one that this bridge is 813 currently using, in contrast to 814 dot1dStpBridgeForwardDelay which is the value that this 815 bridge and all others would start using if/when this 816 bridge were to become the root.]" 817 REFERENCE 818 "IEEE 802.1D-1998: clause 8.5.3.6" 819 ::= { dot1dStp 11 } 821 dot1dStpBridgeMaxAge OBJECT-TYPE 822 SYNTAX Timeout (600..4000) 823 UNITS "centi-seconds" 824 MAX-ACCESS read-write 825 STATUS current 826 DESCRIPTION 827 "The value that all bridges use for MaxAge when this 828 bridge is acting as the root. Note that 802.1D-1998 829 specifies that the range for this parameter is related 830 to the value of dot1dStpBridgeHelloTime. The 831 granularity of this timer is specified by 802.1D-1998 to 832 be 1 second. An agent may return a badValue error if a 833 set is attempted to a value which is not a whole number 834 of seconds." 836 REFERENCE 837 "IEEE 802.1D-1998: clause 8.5.3.8" 838 ::= { dot1dStp 12 } 840 dot1dStpBridgeHelloTime OBJECT-TYPE 841 SYNTAX Timeout (100..1000) 842 UNITS "centi-seconds" 843 MAX-ACCESS read-write 844 STATUS current 845 DESCRIPTION 846 "The value that all bridges use for HelloTime when this 847 bridge is acting as the root. The granularity of this 848 timer is specified by 802.1D-1998 to be 1 second. An 849 agent may return a badValue error if a set is attempted 850 to a value which is not a whole number of seconds." 851 REFERENCE 852 "IEEE 802.1D-1998: clause 8.5.3.9" 853 ::= { dot1dStp 13 } 855 dot1dStpBridgeForwardDelay OBJECT-TYPE 856 SYNTAX Timeout (400..3000) 857 UNITS "centi-seconds" 858 MAX-ACCESS read-write 859 STATUS current 860 DESCRIPTION 861 "The value that all bridges use for ForwardDelay when 862 this bridge is acting as the root. Note that 863 802.1D-1998 specifies that the range for this parameter 864 is related to the value of dot1dStpBridgeMaxAge. The 865 granularity of this timer is specified by 802.1D-1998 to 866 be 1 second. An agent may return a badValue error if a 867 set is attempted to a value which is not a whole number 868 of seconds." 869 REFERENCE 870 "IEEE 802.1D-1998: clause 8.5.3.10" 871 ::= { dot1dStp 14 } 873 -- ---------------------------------------------------------- -- 874 -- The Spanning Tree Port Table 875 -- ---------------------------------------------------------- -- 877 dot1dStpPortTable OBJECT-TYPE 878 SYNTAX SEQUENCE OF Dot1dStpPortEntry 879 MAX-ACCESS not-accessible 880 STATUS current 881 DESCRIPTION 882 "A table that contains port-specific information 883 for the Spanning Tree Protocol." 885 ::= { dot1dStp 15 } 887 dot1dStpPortEntry OBJECT-TYPE 888 SYNTAX Dot1dStpPortEntry 889 MAX-ACCESS not-accessible 890 STATUS current 891 DESCRIPTION 892 "A list of information maintained by every port about 893 the Spanning Tree Protocol state for that port." 894 INDEX { dot1dStpPort } 895 ::= { dot1dStpPortTable 1 } 897 Dot1dStpPortEntry ::= 898 SEQUENCE { 900 dot1dStpPort 901 Integer32, 902 dot1dStpPortPriority 903 Integer32, 904 dot1dStpPortState 905 INTEGER, 906 dot1dStpPortEnable 907 INTEGER, 908 dot1dStpPortPathCost 909 Integer32, 910 dot1dStpPortDesignatedRoot 911 BridgeId, 912 dot1dStpPortDesignatedCost 913 Integer32, 914 dot1dStpPortDesignatedBridge 915 BridgeId, 916 dot1dStpPortDesignatedPort 917 OCTET STRING, 918 dot1dStpPortForwardTransitions 919 Counter32, 920 dot1dStpPortPathCost32 921 Integer32 922 } 924 dot1dStpPort OBJECT-TYPE 925 SYNTAX Integer32 (1..65535) 926 MAX-ACCESS read-only 927 STATUS current 928 DESCRIPTION 929 "The port number of the port for which this entry 930 contains Spanning Tree Protocol management information." 931 REFERENCE 932 "IEEE 802.1D-1998: clause 14.8.2.1.2" 934 ::= { dot1dStpPortEntry 1 } 936 dot1dStpPortPriority OBJECT-TYPE 937 SYNTAX Integer32 (0..255) 938 MAX-ACCESS read-write 939 STATUS current 940 DESCRIPTION 941 "The value of the priority field which is contained in 942 the first (in network byte order) octet of the (2 octet 943 long) Port ID. The other octet of the Port ID is given 944 by the value of dot1dStpPort. 945 On bridges supporting IEEE 802.1t or IEEE 802.1w, 946 permissible values are 0-240, in steps of 16." 947 REFERENCE 948 "IEEE 802.1D-1998 clause 8.10.2, Table 8-4, 949 IEEE 802.1t clause 8.10.2, Table 8-4, clause 14.3." 950 ::= { dot1dStpPortEntry 2 } 952 dot1dStpPortState OBJECT-TYPE 953 SYNTAX INTEGER { 954 disabled(1), 955 blocking(2), 956 listening(3), 957 learning(4), 958 forwarding(5), 959 broken(6) 960 } 961 MAX-ACCESS read-only 962 STATUS current 963 DESCRIPTION 964 "The port's current state as defined by application of 965 the Spanning Tree Protocol. This state controls what 966 action a port takes on reception of a frame. If the 967 bridge has detected a port that is malfunctioning it 968 will place that port into the broken(6) state. For 969 ports which are disabled (see dot1dStpPortEnable), this 970 object will have a value of disabled(1)." 971 REFERENCE 972 "IEEE 802.1D-1998: clause 8.5.5.2" 973 ::= { dot1dStpPortEntry 3 } 975 dot1dStpPortEnable OBJECT-TYPE 976 SYNTAX INTEGER { 977 enabled(1), 978 disabled(2) 979 } 980 MAX-ACCESS read-write 981 STATUS current 982 DESCRIPTION 983 "The enabled/disabled status of the port." 984 REFERENCE 985 "IEEE 802.1D-1998: clause 8.5.5.2" 986 ::= { dot1dStpPortEntry 4 } 988 dot1dStpPortPathCost OBJECT-TYPE 989 SYNTAX Integer32 (1..65535) 990 MAX-ACCESS read-write 991 STATUS current 992 DESCRIPTION 993 "The contribution of this port to the path cost of 994 paths towards the spanning tree root which include 995 this port. 802.1D-1998 recommends that the default 996 value of this parameter be in inverse proportion to 997 the speed of the attached LAN. 999 New implementations should support dot1dStpPortPathCost32. 1000 If the port path costs exceeds the maximum value of this 1001 object then this object should report the maximum value, 1002 namely 65535. Applications should try to read the 1003 dot1dStpPortPathCost32 object if this object reports 1004 the maximum value." 1005 REFERENCE "IEEE 802.1D-1998: clause 8.5.5.3" 1006 ::= { dot1dStpPortEntry 5 } 1008 dot1dStpPortDesignatedRoot OBJECT-TYPE 1009 SYNTAX BridgeId 1010 MAX-ACCESS read-only 1011 STATUS current 1012 DESCRIPTION 1013 "The unique Bridge Identifier of the Bridge 1014 recorded as the Root in the Configuration BPDUs 1015 transmitted by the Designated Bridge for the 1016 segment to which the port is attached." 1017 REFERENCE 1018 "IEEE 802.1D-1998: clause 8.5.5.4" 1019 ::= { dot1dStpPortEntry 6 } 1021 dot1dStpPortDesignatedCost OBJECT-TYPE 1022 SYNTAX Integer32 1023 MAX-ACCESS read-only 1024 STATUS current 1025 DESCRIPTION 1026 "The path cost of the Designated Port of the segment 1027 connected to this port. This value is compared to the 1028 Root Path Cost field in received bridge PDUs." 1029 REFERENCE 1030 "IEEE 802.1D-1998: clause 8.5.5.5" 1031 ::= { dot1dStpPortEntry 7 } 1033 dot1dStpPortDesignatedBridge OBJECT-TYPE 1034 SYNTAX BridgeId 1035 MAX-ACCESS read-only 1036 STATUS current 1037 DESCRIPTION 1038 "The Bridge Identifier of the bridge which this 1039 port considers to be the Designated Bridge for 1040 this port's segment." 1041 REFERENCE 1042 "IEEE 802.1D-1998: clause 8.5.5.6" 1043 ::= { dot1dStpPortEntry 8 } 1045 dot1dStpPortDesignatedPort OBJECT-TYPE 1046 SYNTAX OCTET STRING (SIZE (2)) 1047 MAX-ACCESS read-only 1048 STATUS current 1049 DESCRIPTION 1050 "The Port Identifier of the port on the Designated 1051 Bridge for this port's segment." 1052 REFERENCE 1053 "IEEE 802.1D-1998: clause 8.5.5.7" 1054 ::= { dot1dStpPortEntry 9 } 1056 dot1dStpPortForwardTransitions OBJECT-TYPE 1057 SYNTAX Counter32 1058 MAX-ACCESS read-only 1059 STATUS current 1060 DESCRIPTION 1061 "The number of times this port has transitioned 1062 from the Learning state to the Forwarding state." 1063 ::= { dot1dStpPortEntry 10 } 1065 dot1dStpPortPathCost32 OBJECT-TYPE 1066 SYNTAX Integer32 (1..200000000) 1067 MAX-ACCESS read-write 1068 STATUS current 1069 DESCRIPTION 1070 "The contribution of this port to the path cost of 1071 paths towards the spanning tree root which include 1072 this port. 802.1D-1998 recommends that the default 1073 value of this parameter be in inverse proportion to 1074 the speed of the attached LAN. 1076 This object replaces dot1dStpPortPathCost to support 1077 IEEE 802.1t." 1079 REFERENCE 1080 "IEEE 802.1t clause 8.10.2, Table 8-5." 1081 ::= { dot1dStpPortEntry 11 } 1083 -- ---------------------------------------------------------- -- 1084 -- the dot1dTp subtree 1085 -- ---------------------------------------------------------- -- 1086 -- Implementation of the dot1dTp subtree is optional. It is 1087 -- implemented by those bridges that support the transparent 1088 -- bridging mode. A transparent or SRT bridge will implement 1089 -- this subtree. 1090 -- ---------------------------------------------------------- -- 1092 dot1dTpLearnedEntryDiscards OBJECT-TYPE 1093 SYNTAX Counter32 1094 MAX-ACCESS read-only 1095 STATUS current 1096 DESCRIPTION 1097 "The total number of Forwarding Database entries, which 1098 have been or would have been learnt, but have been 1099 discarded due to a lack of space to store them in the 1100 Forwarding Database. If this counter is increasing, it 1101 indicates that the Forwarding Database is regularly 1102 becoming full (a condition which has unpleasant 1103 performance effects on the subnetwork). If this counter 1104 has a significant value but is not presently increasing, 1105 it indicates that the problem has been occurring but is 1106 not persistent." 1107 REFERENCE 1108 "IEEE 802.1D-1998: clause 14.7.1.1.3" 1109 ::= { dot1dTp 1 } 1111 dot1dTpAgingTime OBJECT-TYPE 1112 SYNTAX Integer32 (10..1000000) 1113 UNITS "seconds" 1114 MAX-ACCESS read-write 1115 STATUS current 1116 DESCRIPTION 1117 "The timeout period in seconds for aging out 1118 dynamically learned forwarding information. 1119 802.1D-1998 recommends a default of 300 seconds." 1120 REFERENCE 1121 "IEEE 802.1D-1998: clause 14.7.1.1.3" 1122 ::= { dot1dTp 2 } 1124 -- ---------------------------------------------------------- -- 1125 -- The Forwarding Database for Transparent Bridges 1126 -- ---------------------------------------------------------- -- 1128 dot1dTpFdbTable OBJECT-TYPE 1129 SYNTAX SEQUENCE OF Dot1dTpFdbEntry 1130 MAX-ACCESS not-accessible 1131 STATUS current 1132 DESCRIPTION 1133 "A table that contains information about unicast 1134 entries for which the bridge has forwarding and/or 1135 filtering information. This information is used 1136 by the transparent bridging function in 1137 determining how to propagate a received frame." 1138 ::= { dot1dTp 3 } 1140 dot1dTpFdbEntry OBJECT-TYPE 1141 SYNTAX Dot1dTpFdbEntry 1142 MAX-ACCESS not-accessible 1143 STATUS current 1144 DESCRIPTION 1145 "Information about a specific unicast MAC address 1146 for which the bridge has some forwarding and/or 1147 filtering information." 1148 INDEX { dot1dTpFdbAddress } 1149 ::= { dot1dTpFdbTable 1 } 1151 Dot1dTpFdbEntry ::= 1152 SEQUENCE { 1153 dot1dTpFdbAddress 1154 MacAddress, 1155 dot1dTpFdbPort 1156 Integer32, 1157 dot1dTpFdbStatus 1158 INTEGER 1159 } 1161 dot1dTpFdbAddress OBJECT-TYPE 1162 SYNTAX MacAddress 1163 MAX-ACCESS read-only 1164 STATUS current 1165 DESCRIPTION 1166 "A unicast MAC address for which the bridge has 1167 forwarding and/or filtering information." 1168 REFERENCE 1169 "IEEE 802.1D-1998: clause 7.9.1, 7.9.2" 1170 ::= { dot1dTpFdbEntry 1 } 1172 dot1dTpFdbPort OBJECT-TYPE 1173 SYNTAX Integer32 1174 MAX-ACCESS read-only 1175 STATUS current 1176 DESCRIPTION 1177 "Either the value '0', or the port number of the port on 1178 which a frame having a source address equal to the value 1179 of the corresponding instance of dot1dTpFdbAddress has 1180 been seen. A value of '0' indicates that the port 1181 number has not been learned but that the bridge does 1182 have some forwarding/filtering information about this 1183 address (e.g. in the dot1dStaticTable). Implementors 1184 are encouraged to assign the port value to this object 1185 whenever it is learned even for addresses for which the 1186 corresponding value of dot1dTpFdbStatus is not 1187 learned(3)." 1188 ::= { dot1dTpFdbEntry 2 } 1190 dot1dTpFdbStatus OBJECT-TYPE 1191 SYNTAX INTEGER { 1192 other(1), 1193 invalid(2), 1194 learned(3), 1195 self(4), 1196 mgmt(5) 1197 } 1198 MAX-ACCESS read-only 1199 STATUS current 1200 DESCRIPTION 1201 "The status of this entry. The meanings of the 1202 values are: 1203 other(1) - none of the following. This would 1204 include the case where some other MIB object 1205 (not the corresponding instance of 1206 dot1dTpFdbPort, nor an entry in the 1207 dot1dStaticTable) is being used to determine if 1208 and how frames addressed to the value of the 1209 corresponding instance of dot1dTpFdbAddress are 1210 being forwarded. 1211 invalid(2) - this entry is not longer valid (e.g., 1212 it was learned but has since aged-out), but has 1213 not yet been flushed from the table. 1214 learned(3) - the value of the corresponding instance 1215 of dot1dTpFdbPort was learned, and is being 1216 used. 1217 self(4) - the value of the corresponding instance of 1218 dot1dTpFdbAddress represents one of the bridge's 1219 addresses. The corresponding instance of 1220 dot1dTpFdbPort indicates which of the bridge's 1221 ports has this address. 1223 mgmt(5) - the value of the corresponding instance of 1224 dot1dTpFdbAddress is also the value of an 1225 existing instance of dot1dStaticAddress." 1226 ::= { dot1dTpFdbEntry 3 } 1228 -- ---------------------------------------------------------- -- 1229 -- Port Table for Transparent Bridges 1230 -- ---------------------------------------------------------- -- 1232 dot1dTpPortTable OBJECT-TYPE 1233 SYNTAX SEQUENCE OF Dot1dTpPortEntry 1234 MAX-ACCESS not-accessible 1235 STATUS current 1236 DESCRIPTION 1237 "A table that contains information about every port that 1238 is associated with this transparent bridge." 1239 ::= { dot1dTp 4 } 1241 dot1dTpPortEntry OBJECT-TYPE 1242 SYNTAX Dot1dTpPortEntry 1243 MAX-ACCESS not-accessible 1244 STATUS current 1245 DESCRIPTION 1246 "A list of information for each port of a transparent 1247 bridge." 1248 INDEX { dot1dTpPort } 1249 ::= { dot1dTpPortTable 1 } 1251 Dot1dTpPortEntry ::= 1252 SEQUENCE { 1253 dot1dTpPort 1254 Integer32, 1255 dot1dTpPortMaxInfo 1256 Integer32, 1257 dot1dTpPortInFrames 1258 Counter32, 1259 dot1dTpPortOutFrames 1260 Counter32, 1261 dot1dTpPortInDiscards 1262 Counter32 1263 } 1265 dot1dTpPort OBJECT-TYPE 1266 SYNTAX Integer32 (1..65535) 1267 MAX-ACCESS read-only 1268 STATUS current 1269 DESCRIPTION 1270 "The port number of the port for which this entry 1271 contains Transparent bridging management information." 1272 ::= { dot1dTpPortEntry 1 } 1274 -- It would be nice if we could use ifMtu as the size of the 1275 -- largest INFO field, but we can't because ifMtu is defined 1276 -- to be the size that the (inter-)network layer can use which 1277 -- can differ from the MAC layer (especially if several layers 1278 -- of encapsulation are used). 1280 dot1dTpPortMaxInfo OBJECT-TYPE 1281 SYNTAX Integer32 1282 UNITS "bytes" 1283 MAX-ACCESS read-only 1284 STATUS current 1285 DESCRIPTION 1286 "The maximum size of the INFO (non-MAC) field that 1287 this port will receive or transmit." 1288 ::= { dot1dTpPortEntry 2 } 1290 dot1dTpPortInFrames OBJECT-TYPE 1291 SYNTAX Counter32 1292 UNITS "frames" 1293 MAX-ACCESS read-only 1294 STATUS current 1295 DESCRIPTION 1296 "The number of frames that have been received by this 1297 port from its segment. Note that a frame received on the 1298 interface corresponding to this port is only counted by 1299 this object if and only if it is for a protocol being 1300 processed by the local bridging function, including 1301 bridge management frames." 1302 REFERENCE 1303 "IEEE 802.1D-1998: clause 14.6.1.1.3" 1304 ::= { dot1dTpPortEntry 3 } 1306 dot1dTpPortOutFrames OBJECT-TYPE 1307 SYNTAX Counter32 1308 UNITS "frames" 1309 MAX-ACCESS read-only 1310 STATUS current 1311 DESCRIPTION 1312 "The number of frames that have been transmitted by this 1313 port to its segment. Note that a frame transmitted on 1314 the interface corresponding to this port is only counted 1315 by this object if and only if it is for a protocol being 1316 processed by the local bridging function, including 1317 bridge management frames." 1318 REFERENCE 1319 "IEEE 802.1D-1998: clause 14.6.1.1.3" 1320 ::= { dot1dTpPortEntry 4 } 1322 dot1dTpPortInDiscards OBJECT-TYPE 1323 SYNTAX Counter32 1324 UNITS "frames" 1325 MAX-ACCESS read-only 1326 STATUS current 1327 DESCRIPTION 1328 "Count of valid frames received which were discarded 1329 (i.e., filtered) by the Forwarding Process." 1330 REFERENCE 1331 "IEEE 802.1D-1998: clause 14.6.1.1.3" 1332 ::= { dot1dTpPortEntry 5 } 1334 -- ---------------------------------------------------------- -- 1335 -- The Static (Destination-Address Filtering) Database 1336 -- ---------------------------------------------------------- -- 1337 -- Implementation of this subtree is optional. 1338 -- ---------------------------------------------------------- -- 1340 dot1dStaticTable OBJECT-TYPE 1341 SYNTAX SEQUENCE OF Dot1dStaticEntry 1342 MAX-ACCESS not-accessible 1343 STATUS current 1344 DESCRIPTION 1345 "A table containing filtering information configured 1346 into the bridge by (local or network) management 1347 specifying the set of ports to which frames received 1348 from specific ports and containing specific destination 1349 addresses are allowed to be forwarded. The value of 1350 zero in this table as the port number from which frames 1351 with a specific destination address are received, is 1352 used to specify all ports for which there is no specific 1353 entry in this table for that particular destination 1354 address. Entries are valid for unicast and for 1355 group/broadcast addresses." 1356 REFERENCE 1357 "IEEE 802.1D-1998: clause 14.7.2" 1358 ::= { dot1dStatic 1 } 1360 dot1dStaticEntry OBJECT-TYPE 1361 SYNTAX Dot1dStaticEntry 1362 MAX-ACCESS not-accessible 1363 STATUS current 1364 DESCRIPTION 1365 "Filtering information configured into the bridge by 1366 (local or network) management specifying the set of 1367 ports to which frames received from a specific port and 1368 containing a specific destination address are allowed to 1369 be forwarded." 1370 REFERENCE 1371 "IEEE 802.1D-1998: clause 14.7.2" 1372 INDEX { dot1dStaticAddress, dot1dStaticReceivePort } 1373 ::= { dot1dStaticTable 1 } 1375 Dot1dStaticEntry ::= 1376 SEQUENCE { 1377 dot1dStaticAddress MacAddress, 1378 dot1dStaticReceivePort Integer32, 1379 dot1dStaticAllowedToGoTo OCTET STRING, 1380 dot1dStaticStatus INTEGER 1381 } 1383 dot1dStaticAddress OBJECT-TYPE 1384 SYNTAX MacAddress 1385 MAX-ACCESS read-create 1386 STATUS current 1387 DESCRIPTION 1388 "The destination MAC address in a frame to which this 1389 entry's filtering information applies. This object can 1390 take the value of a unicast address, a group address or 1391 the broadcast address." 1392 REFERENCE 1393 "IEEE 802.1D-1998: clause 7.9.1, 7.9.2" 1394 ::= { dot1dStaticEntry 1 } 1396 dot1dStaticReceivePort OBJECT-TYPE 1397 SYNTAX Integer32 (0..65535) 1398 MAX-ACCESS read-create 1399 STATUS current 1400 DESCRIPTION 1401 "Either the value '0', or the port number of the port 1402 from which a frame must be received in order for this 1403 entry's filtering information to apply. A value of zero 1404 indicates that this entry applies on all ports of the 1405 bridge for which there is no other applicable entry." 1406 ::= { dot1dStaticEntry 2 } 1408 dot1dStaticAllowedToGoTo OBJECT-TYPE 1409 SYNTAX OCTET STRING (SIZE (0..512)) 1410 MAX-ACCESS read-create 1411 STATUS current 1412 DESCRIPTION 1413 "The set of ports to which frames received from a 1414 specific port and destined for a specific MAC address, 1415 are allowed to be forwarded. Each octet within the 1416 value of this object specifies a set of eight ports, 1417 with the first octet specifying ports 1 through 8, the 1418 second octet specifying ports 9 through 16, etc. Within 1419 each octet, the most significant bit represents the 1420 lowest numbered port, and the least significant bit 1421 represents the highest numbered port. Thus, each port 1422 of the bridge is represented by a single bit within the 1423 value of this object. If that bit has a value of '1' 1424 then that port is included in the set of ports; the port 1425 is not included if its bit has a value of '0'. (Note 1426 that the setting of the bit corresponding to the port 1427 from which a frame is received is irrelevant.) The 1428 default value of this object is a string of ones of 1429 appropriate length. 1431 The value of this object may exceed the required minimum 1432 maximum message size of some SNMP transport (484 bytes 1433 in case of SNMP over UDP, see RFC 3417 section 3.2). 1434 SNMP engines on bridges supporting a large number of 1435 ports must support appropriate maximum message sizes." 1436 ::= { dot1dStaticEntry 3 } 1438 dot1dStaticStatus OBJECT-TYPE 1439 SYNTAX INTEGER { 1440 other(1), 1441 invalid(2), 1442 permanent(3), 1443 deleteOnReset(4), 1444 deleteOnTimeout(5) 1445 } 1446 MAX-ACCESS read-create 1447 STATUS current 1448 DESCRIPTION 1449 "This object indicates the status of this entry. 1450 The default value is permanent(3). 1451 other(1) - this entry is currently in use but the 1452 conditions under which it will remain so are 1453 different from each of the following values. 1454 invalid(2) - writing this value to the object 1455 removes the corresponding entry. 1456 permanent(3) - this entry is currently in use and 1457 will remain so after the next reset of the 1458 bridge. 1459 deleteOnReset(4) - this entry is currently in use 1460 and will remain so until the next reset of the 1461 bridge. 1462 deleteOnTimeout(5) - this entry is currently in use 1463 and will remain so until it is aged out." 1464 ::= { dot1dStaticEntry 4 } 1466 -- ---------------------------------------------------------- -- 1467 -- Notifications for use by Bridges 1468 -- ---------------------------------------------------------- -- 1469 -- Notifications for the Spanning Tree Protocol 1470 -- ---------------------------------------------------------- -- 1472 newRoot NOTIFICATION-TYPE 1473 -- OBJECTS { } 1474 STATUS current 1475 DESCRIPTION 1476 "The newRoot trap indicates that the sending agent has 1477 become the new root of the Spanning Tree; the trap is 1478 sent by a bridge soon after its election as the new 1479 root, e.g., upon expiration of the Topology Change Timer 1480 immediately subsequent to its election. Implementation 1481 of this trap is optional." 1482 ::= { dot1dNotifications 1 } 1484 topologyChange NOTIFICATION-TYPE 1485 -- OBJECTS { } 1486 STATUS current 1487 DESCRIPTION 1488 "A topologyChange trap is sent by a bridge when any of 1489 its configured ports transitions from the Learning state 1490 to the Forwarding state, or from the Forwarding state to 1491 the Blocking state. The trap is not sent if a newRoot 1492 trap is sent for the same transition. Implementation of 1493 this trap is optional." 1494 ::= { dot1dNotifications 2 } 1496 -- ---------------------------------------------------------- -- 1497 -- IEEE 802.1D MIB - Conformance Information 1498 -- ---------------------------------------------------------- -- 1500 dot1dGroups OBJECT IDENTIFIER ::= { dot1dConformance 1 } 1501 dot1dCompliances OBJECT IDENTIFIER ::= { dot1dConformance 2 } 1503 -- ---------------------------------------------------------- -- 1504 -- units of conformance 1505 -- ---------------------------------------------------------- -- 1507 -- ---------------------------------------------------------- -- 1508 -- the dot1dBase group 1509 -- ---------------------------------------------------------- -- 1510 dot1dBaseBridgeGroup OBJECT-GROUP 1511 OBJECTS { 1512 dot1dBaseBridgeAddress, 1513 dot1dBaseNumPorts, 1514 dot1dBaseType 1515 } 1516 STATUS current 1517 DESCRIPTION 1518 "Bridge level information for this device." 1519 ::= { dot1dGroups 1 } 1521 dot1dBasePortGroup OBJECT-GROUP 1522 OBJECTS { 1523 dot1dBasePort, 1524 dot1dBasePortIfIndex, 1525 dot1dBasePortCircuit, 1526 dot1dBasePortDelayExceededDiscards, 1527 dot1dBasePortMtuExceededDiscards 1528 } 1529 STATUS current 1530 DESCRIPTION 1531 "Information for each port on this device." 1532 ::= { dot1dGroups 2 } 1534 -- ---------------------------------------------------------- -- 1535 -- the dot1dStp group 1536 -- ---------------------------------------------------------- -- 1538 dot1dStpBridgeGroup OBJECT-GROUP 1539 OBJECTS { 1540 dot1dStpProtocolSpecification, 1541 dot1dStpPriority, 1542 dot1dStpTimeSinceTopologyChange, 1543 dot1dStpTopChanges, 1544 dot1dStpDesignatedRoot, 1545 dot1dStpRootCost, 1546 dot1dStpRootPort, 1547 dot1dStpMaxAge, 1548 dot1dStpHelloTime, 1549 dot1dStpHoldTime, 1550 dot1dStpForwardDelay, 1551 dot1dStpBridgeMaxAge, 1552 dot1dStpBridgeHelloTime, 1553 dot1dStpBridgeForwardDelay 1554 } 1555 STATUS current 1556 DESCRIPTION 1557 "Bridge level Spanning Tree data for this device." 1559 ::= { dot1dGroups 3 } 1561 dot1dStpPortGroup OBJECT-GROUP 1562 OBJECTS { 1563 dot1dStpPort, 1564 dot1dStpPortPriority, 1565 dot1dStpPortState, 1566 dot1dStpPortEnable, 1567 dot1dStpPortPathCost, 1568 dot1dStpPortDesignatedRoot, 1569 dot1dStpPortDesignatedCost, 1570 dot1dStpPortDesignatedBridge, 1571 dot1dStpPortDesignatedPort, 1572 dot1dStpPortForwardTransitions 1573 } 1574 STATUS current 1575 DESCRIPTION 1576 "Spanning Tree data for each port on this device." 1577 ::= { dot1dGroups 4 } 1579 dot1dStpPortGroup2 OBJECT-GROUP 1580 OBJECTS { 1581 dot1dStpPort, 1582 dot1dStpPortPriority, 1583 dot1dStpPortState, 1584 dot1dStpPortEnable, 1585 dot1dStpPortDesignatedRoot, 1586 dot1dStpPortDesignatedCost, 1587 dot1dStpPortDesignatedBridge, 1588 dot1dStpPortDesignatedPort, 1589 dot1dStpPortForwardTransitions, 1590 dot1dStpPortPathCost32 1591 } 1592 STATUS current 1593 DESCRIPTION 1594 "Spanning Tree data for each port on this device." 1595 ::= { dot1dGroups 5 } 1597 dot1dStpPortGroup3 OBJECT-GROUP 1598 OBJECTS { 1599 dot1dStpPortPathCost32 1600 } 1601 STATUS current 1602 DESCRIPTION 1603 "Spanning Tree data for devices supporting 32-bit 1604 path costs." 1605 ::= { dot1dGroups 6 } 1607 -- ---------------------------------------------------------- -- 1608 -- the dot1dTp group 1609 -- ---------------------------------------------------------- -- 1611 dot1dTpBridgeGroup OBJECT-GROUP 1612 OBJECTS { 1613 dot1dTpLearnedEntryDiscards, 1614 dot1dTpAgingTime 1615 } 1616 STATUS current 1617 DESCRIPTION 1618 "Bridge level Transparent Bridging data." 1619 ::= { dot1dGroups 7 } 1621 dot1dTpFdbGroup OBJECT-GROUP 1622 OBJECTS { 1623 dot1dTpFdbAddress, 1624 dot1dTpFdbPort, 1625 dot1dTpFdbStatus 1626 } 1628 STATUS current 1629 DESCRIPTION 1630 "Filtering Database information for the Bridge." 1631 ::= { dot1dGroups 8 } 1633 dot1dTpGroup OBJECT-GROUP 1634 OBJECTS { 1635 dot1dTpPort, 1636 dot1dTpPortMaxInfo, 1637 dot1dTpPortInFrames, 1638 dot1dTpPortOutFrames, 1639 dot1dTpPortInDiscards 1640 } 1641 STATUS current 1642 DESCRIPTION 1643 "Dynamic Filtering Database information for each port of 1644 the Bridge." 1645 ::= { dot1dGroups 9 } 1647 -- ---------------------------------------------------------- -- 1648 -- The Static (Destination-Address Filtering) Database 1649 -- ---------------------------------------------------------- -- 1651 dot1dStaticGroup OBJECT-GROUP 1652 OBJECTS { 1653 dot1dStaticAddress, 1654 dot1dStaticReceivePort, 1655 dot1dStaticAllowedToGoTo, 1656 dot1dStaticStatus 1657 } 1658 STATUS current 1659 DESCRIPTION 1660 "Static Filtering Database information for each port of 1661 the Bridge." 1662 ::= { dot1dGroups 10 } 1664 -- ---------------------------------------------------------- -- 1665 -- The Trap Notification Group 1666 -- ---------------------------------------------------------- -- 1668 dot1dNotificationGroup NOTIFICATION-GROUP 1669 NOTIFICATIONS { 1670 newRoot, 1671 topologyChange 1672 } 1673 STATUS current 1674 DESCRIPTION 1675 "Group of objects describing notifications (traps)." 1676 ::= { dot1dGroups 11 } 1678 -- ---------------------------------------------------------- -- 1679 -- compliance statements 1680 -- ---------------------------------------------------------- -- 1682 bridgeCompliance1493 MODULE-COMPLIANCE 1683 STATUS current 1684 DESCRIPTION 1685 "The compliance statement for device support of bridging 1686 services. As per RFC1493" 1688 MODULE 1689 MANDATORY-GROUPS { 1690 dot1dBaseBridgeGroup, 1691 dot1dBasePortGroup 1692 } 1694 GROUP dot1dStpBridgeGroup 1695 DESCRIPTION 1696 "Implementation of this group is mandatory for bridges 1697 that support the Spanning Tree Protocol." 1699 GROUP dot1dStpPortGroup 1700 DESCRIPTION 1701 "Implementation of this group is mandatory for bridges 1702 that support the Spanning Tree Protocol." 1704 GROUP dot1dTpBridgeGroup 1705 DESCRIPTION 1706 "Implementation of this group is mandatory for bridges 1707 that support the transparent bridging mode. A 1708 transparent or SRT bridge will implement this group." 1710 GROUP dot1dTpFdbGroup 1711 DESCRIPTION 1712 "Implementation of this group is mandatory for bridges 1713 that support the transparent bridging mode. A 1714 transparent or SRT bridge will implement this group." 1716 GROUP dot1dTpGroup 1717 DESCRIPTION 1718 "Implementation of this group is mandatory for bridges 1719 that support the transparent bridging mode. A 1720 transparent or SRT bridge will implement this group." 1722 GROUP dot1dStaticGroup 1723 DESCRIPTION 1724 "Implementation of this group is optional." 1726 GROUP dot1dNotificationGroup 1727 DESCRIPTION 1728 "Implementation of this group is optional." 1729 ::= { dot1dCompliances 1 } 1731 bridgeComplianceXXXX MODULE-COMPLIANCE 1732 -- RFC Ed.: replace XXXX with RFC number and remove this note 1733 STATUS current 1734 DESCRIPTION 1735 "The compliance statement for device support of bridging 1736 services. This supports 32-bit Path Cost values and the 1737 more restricted bridge and port priorities, as per IEEE 1738 802.1t." 1740 MODULE 1741 MANDATORY-GROUPS { 1742 dot1dBaseBridgeGroup, 1743 dot1dBasePortGroup 1744 } 1746 GROUP dot1dStpBridgeGroup 1747 DESCRIPTION 1748 "Implementation of this group is mandatory for 1749 bridges that support the Spanning Tree Protocol." 1751 OBJECT dot1dStpPriority 1752 SYNTAX Integer32 (0|4096|8192|12288|16384|20480|24576 1753 |28672|32768|36864|40960|45056|49152 1754 |53248|57344|61440) 1755 DESCRIPTION 1756 "All possible values as per IEEE 802.1t." 1758 GROUP dot1dStpPortGroup2 1759 DESCRIPTION 1760 "Implementation of this group is mandatory for 1761 bridges that support the Spanning Tree Protocol." 1763 GROUP dot1dStpPortGroup3 1764 DESCRIPTION 1765 "Implementation of this group is mandatory for bridges 1766 that support the Spanning Tree Protocol and 32-bit path 1767 costs. This in particular includes devices supporting 1768 IEEE 802.1t and IEEE 802.1w." 1770 OBJECT dot1dStpPortPriority 1771 SYNTAX Integer32 (0|16|32|48|64|80|96|112|128 1772 |144|160|176|192|208|224|240) 1773 DESCRIPTION 1774 "All possible values as per IEEE 802.1t." 1776 GROUP dot1dTpBridgeGroup 1777 DESCRIPTION 1778 "Implementation of this group is mandatory for 1779 bridges that support the transparent bridging 1780 mode. A transparent or SRT bridge will implement 1781 this group." 1783 GROUP dot1dTpFdbGroup 1784 DESCRIPTION 1785 "Implementation of this group is mandatory for 1786 bridges that support the transparent bridging 1787 mode. A transparent or SRT bridge will implement 1788 this group." 1790 GROUP dot1dTpGroup 1791 DESCRIPTION 1792 "Implementation of this group is mandatory for 1793 bridges that support the transparent bridging 1794 mode. A transparent or SRT bridge will implement 1795 this group." 1797 GROUP dot1dStaticGroup 1798 DESCRIPTION 1799 "Implementation of this group is optional." 1801 GROUP dot1dNotificationGroup 1802 DESCRIPTION 1803 "Implementation of this group is optional." 1805 ::= { dot1dCompliances 2 } 1807 END 1809 5. IANA Considerations 1811 The MIB module in this document uses the following IANA-assigned 1812 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1814 Descriptor OBJECT IDENTIFIER value 1815 ---------- ----------------------- 1816 dot1dBridge { mib-2 17 } 1818 Editor's Note (to be removed prior to publication): this draft makes 1819 no additional requests of the IANA. (XXX) 1821 6. Security Considerations 1823 There are a number of management objects defined in this MIB module 1824 that have a MAX-ACCESS clause of read-write and/or read-create. Such 1825 objects may be considered sensitive or vulnerable in some network 1826 environments. The support for SET operations in a non-secure 1827 environment without proper protection can have a negative effect on 1828 network operations. 1830 Some of the readable objects in this MIB module (i.e., objects with a 1831 MAX-ACCESS other than not-accessible) may be considered sensitive or 1832 vulnerable in some network environments. It is thus important to 1833 control even GET and/or NOTIFY access to these objects and possibly 1834 to even encrypt the values of these objects when sending them over 1835 the network via SNMP. 1837 These are the tables and objects and their sensitivity/vulnerability: 1839 o The writable objects dot1dStpPriority, dot1dStpBridgeMaxAge, 1840 dot1dStpBridgeHelloTime, dot1dStpBridgeForwardDelay, 1841 dot1dStpPortPriority, dot1dStpPortEnable, dot1dStpPortPathCost, 1842 dot1dStpPortPathCost32 influence the spanning tree protocol. 1843 Unauthorized write access to these objects can cause the spanning 1844 tree protocol to compute other default topologies or it can change 1845 the speed in which the spanning tree protocol reacts to failures. 1846 o The writable object dot1dTpAgingTime controls how fast dynamically 1847 learned forwarding information is aged out. Setting this object 1848 to a large value may simplify forwarding table overflow attacks. 1849 o The writable dot1dStaticTable provides a filtering mechanism 1850 controlling to which ports frames originating from a specific 1851 source may be forwarded. Write access to this table can be used 1852 to turn provisioned filtering off or to add filters to prevent 1853 rightful use of the network. 1854 o The readable objects defined in the BRIDGE-MIB module provide 1855 information about the topology of a bridged network and the 1856 attached active stations. The addresses listed in the 1857 dot1dTpFdbTable usually reveal information about the manufacturer 1858 of the MAC hardware, which can be useful information for mounting 1859 other specific attacks. 1860 o The two notifications newRoot and topologyChange are emitted 1861 during spanning tree computation and may trigger management 1862 systems to inspect the status of bridges and to recompute internal 1863 topology information. Hence, forged notifications may cause 1864 management systems to perform unnecessary computations and to 1865 generate additional SNMP traffic directed to the bridges in a 1866 network. Forged notifications therefore may be part of a denial 1867 of service attack. 1869 SNMP versions prior to SNMPv3 did not include adequate security. 1870 Even if the network itself is secure (for example by using IPSec), 1871 even then, there is no control as to who on the secure network is 1872 allowed to access and GET/SET (read/change/create/delete) the objects 1873 in this MIB module. 1875 It is RECOMMENDED that implementers consider the security features as 1876 provided by the SNMPv3 framework (see [RFC3410], section 8), 1877 including full support for the SNMPv3 cryptographic mechanisms (for 1878 authentication and privacy). 1880 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1881 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1882 enable cryptographic security. It is then a customer/operator 1883 responsibility to ensure that the SNMP entity giving access to an 1884 instance of this MIB module is properly configured to give access to 1885 the objects only to those principals (users) that have legitimate 1886 rights to indeed GET or SET (change/create/delete) them. 1888 7. Acknowledgments 1890 The MIB module presented in this memo is a translation of the 1891 BRIDGE-MIB defined in [RFC1493] to the SMIv2 syntax. The original 1892 authors of the SMIv1 module were E. Decker, P. Langille, A 1893 Rijsinghani and K. McCloghrie. Further acknowledgement is given to 1894 the members of the original Bridge Working Group in [RFC1493]. 1896 This document was produced on behalf of the Bridge MIB Working Group 1897 in the Operations and Management area of the Internet Engineering 1898 Task Force. The editors wish to thank the members of the Bridge MIB 1899 Working Group, especially Mike MacFadden, John Flick, and Bert 1900 Visscher for their many comments and suggestions which improved this 1901 effort. Juergen Schoenwaelder helped in finalizing the draft for 1902 publication. 1904 8. Contact Information 1906 The original version of this document was the result of significant 1907 work by four major contributors: 1909 E. Decker 1910 xxx details missing here xxx 1912 P. Langille 1913 xxx details missing here xxx 1915 Anil Rijsinghan 1916 Accton Technology Corporation 1917 5 Mount Royal Ave 1918 Marlboro, MA 01752 1919 USA 1921 K. McCloghrie 1922 Cisco Systems, Inc. 1923 170 West Tasman Drive 1924 San Jose, CA 95134 1925 USA 1927 The conversion to SMIv2 format is based on work done by the following 1928 two contributors: 1930 Kenyon C. Norseth 1931 L-3 Communications 1932 640 N. 2200 West 1933 Salt Lake City, Utah 84116-0850 1934 USA 1936 E. Bell 1937 3Com Europe Limited 1938 3Com Centre, Boundary Way 1939 Hemel Hempstead Herts. HP2 7YU 1940 UK 1942 9. Changes from RFC 1493 1944 The following changes have been made from RFC 1493. 1946 1. Translated the MIB definitions to use SMIv2. This includes the 1947 introduction of conformance statements. ASN.1 type definitions 1948 have been converted into textual-conventions and several units 1949 clauses were added. 1950 2. The object dot1dStpPortPathCost32 was added to support IEEE 1951 802.1t. 1952 3. Permissible values for dot1dStpPriority and dot1dStpPortPriority 1953 have been clarified for bridges supporting IEEE 802.1t or IEEE 1954 802.1w. 1955 4. Interpretation of dot1dStpTimeSinceTopologyChange has been 1956 clarified for bridges supporting the rapid spanning tree protocol 1957 (RSTP). 1958 5. Updated the introductionary boilerplate text, the security 1959 considerations section and the references to comply with the 1960 current IETF standards and guidelines. 1961 6. Updated references to point to newer IEEE 802.1d documents. 1962 7. Additions and clarifications in various description clauses. 1964 10. References 1966 10.1 Normative References 1968 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1969 Requirement Levels", BCP 14, RFC 2119, March 1997. 1971 [RFC2578] McCloghrie, K., Perkins, D. and J. Schoenwaelder, 1972 "Structure of Management Information Version 2 (SMIv2)", 1973 STD 58, RFC 2578, April 1999. 1975 [RFC2579] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual 1976 Conventions for SMIv2", STD 58, RFC 2579, April 1999. 1978 [RFC2580] McCloghrie, K., Perkins, D. and J. Schoenwaelder, 1979 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1980 April 1999. 1982 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the 1983 Simple Network Management Protocol (SNMP)", STD 62, RFC 1984 3418, December 2002. 1986 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1987 MIB", RFC 2863, June 2000. 1989 [IEEE8021D] 1990 IEEE Project 802 Local and Metropolitan Area Networks, 1991 "ANSI/IEEE Standard 802.1D-1998 MAC Bridges", March 1998. 1993 10.2 Informative References 1995 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 1996 "Introduction and Applicability Statements for 1997 Internet-Standard Management Framework", RFC 3410, 1998 December 2002. 2000 [RFC1493] Decker, E., Langille, P., Rijsinghani, A. and K. 2001 McCloghrie, "Definitions of Managed Objects for Bridges", 2002 RFC 1493, July 1993. 2004 [RFC1525] Decker, E., McCloghrie, K., Langille, P. and A. 2005 Rijsinghani, "Definitions of Managed Objects for Source 2006 Routing Bridges", RFC 1525, September 1993. 2008 Authors' Addresses 2010 Kenyon C. Norseth (editor) 2011 L-3 Communications 2012 640 N. 2200 West 2013 Salt Lake City, Utah 84116-0850 2014 USA 2016 Phone: +1 801-594-2809 2017 EMail: kenyon.c.norseth@L-3com.com 2019 E. Bell (editor) 2020 3Com Europe Limited 2021 3Com Centre, Boundary Way 2022 Hemel Hempstead Herts. HP2 7YU 2023 UK 2025 Phone: +44 1442 438025 2026 EMail: Les_Bell@3Com.com 2028 Intellectual Property Statement 2030 The IETF takes no position regarding the validity or scope of any 2031 Intellectual Property Rights or other rights that might be claimed to 2032 pertain to the implementation or use of the technology described in 2033 this document or the extent to which any license under such rights 2034 might or might not be available; nor does it represent that it has 2035 made any independent effort to identify any such rights. Information 2036 on the procedures with respect to rights in RFC documents can be 2037 found in BCP 78 and BCP 79. 2039 Copies of IPR disclosures made to the IETF Secretariat and any 2040 assurances of licenses to be made available, or the result of an 2041 attempt made to obtain a general license or permission for the use of 2042 such proprietary rights by implementers or users of this 2043 specification can be obtained from the IETF on-line IPR repository at 2044 http://www.ietf.org/ipr. 2046 The IETF invites any interested party to bring to its attention any 2047 copyrights, patents or patent applications, or other proprietary 2048 rights that may cover technology that may be required to implement 2049 this standard. Please address the information to the IETF at 2050 ietf-ipr@ietf.org. 2052 Disclaimer of Validity 2054 This document and the information contained herein are provided on an 2055 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 2056 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 2057 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 2058 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 2059 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 2060 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 2062 Copyright Statement 2064 Copyright (C) The Internet Society (2005). This document is subject 2065 to the rights, licenses and restrictions contained in BCP 78, and 2066 except as set forth therein, the authors retain all their rights. 2068 Acknowledgment 2070 Funding for the RFC Editor function is currently provided by the 2071 Internet Society.