Brocade Communications Systems 6910 ユーザーズマニュアル
Brocade 6910 Ethernet Access Switch MIB Reference
41
53-1002582-01
Chapter
8
Traffic Security
This chapter presents the SNMP MIB objects for various traffic security features such as Dynamic
ARP Inspections, DHCP Snooping, and IP Source Guard.
ARP Inspections, DHCP Snooping, and IP Source Guard.
Dynamic ARP Inspection VLAN configuration table
Dynamic ARP Inspection (DAI) is a security mechanism which validates all ARP packets in a subnet
and discard those packets with invalid IP to MAC address bindings. To configure the feature using
SNMP MIB objects, do the following:
and discard those packets with invalid IP to MAC address bindings. To configure the feature using
SNMP MIB objects, do the following:
1. Enable DAI on a VLAN
DAI on a VLAN is disabled by default. To enable DAI on an existing VLAN, set the object
fdryDaiVlanDynArpInspEnable in the fdryDaiVlanConfigTable to true. Set it to false to disable it.
fdryDaiVlanDynArpInspEnable in the fdryDaiVlanConfigTable to true. Set it to false to disable it.
2. Enable trust on a port
The default trust setting for a port is untrusted. To enable trust on a port, set the object
fdryDaiIfTrustValue in the fdryDaiIfConfigTable to true. Set it to false to disable trust on a port.
fdryDaiIfTrustValue in the fdryDaiIfConfigTable to true. Set it to false to disable trust on a port.
3. Configure a DAI ARP entry
To configure a DAI ARP entry, set the fdryDaiArpInspectIpAddr, fdryDaiArpInspectMacAddr and
fdryDaiArpInspectRowStatus (value as createAndGo) in the fdryDaiArpInspectTable. This table
displays all DAI entries. A row instance contains the configuration to map a device IP address
with its MAC address and its type, state, age and port.
fdryDaiArpInspectRowStatus (value as createAndGo) in the fdryDaiArpInspectTable. This table
displays all DAI entries. A row instance contains the configuration to map a device IP address
with its MAC address and its type, state, age and port.
DAI VLAN configuration table
Name, Identifier, and Syntax
Access
Description
fdryDaiVlanConfigTable
brcdIp.1.1.3.35.1.1
brcdIp.1.1.3.35.1.1
N/A
This table provides the mechanism to control Dynamic ARP
Inspection per VLAN.
Inspection per VLAN.
fdryDaiVlanConfigEntry
brcdIp.1.1.3.35.1.1.1
brcdIp.1.1.3.35.1.1.1
N/A
When a VLAN is created on a device supporting this table, a
corresponding entry of this table is added.
This entry represents a row that contains the configuration to
enable or disable Dynamic ARP Inspection on the existing VLAN.
It is indexed by fdryDaiVlanVLanId.
corresponding entry of this table is added.
This entry represents a row that contains the configuration to
enable or disable Dynamic ARP Inspection on the existing VLAN.
It is indexed by fdryDaiVlanVLanId.
fdryDaiVlanVLanId
brcdIp.1.1.3.35.1.1.1.1
Syntax: VlanIndex
brcdIp.1.1.3.35.1.1.1.1
Syntax: VlanIndex
N/A
This object indicates the VLAN number on which the Dynamic ARP
Inspection feature is configured.
Inspection feature is configured.
fdryDaiVlanDynArpInspEnable
brcdIp.1.1.3.35.1.1.1.2
Syntax: TruthValue
brcdIp.1.1.3.35.1.1.1.2
Syntax: TruthValue
Read-write
This object indicates whether Dynamic ARP Inspection is enabled
in this VLAN.
If this object is set to “true”, Dynamic ARP Inspection is enabled.
If this object is set to “false”, Dynamic ARP Inspection is disabled.
in this VLAN.
If this object is set to “true”, Dynamic ARP Inspection is enabled.
If this object is set to “false”, Dynamic ARP Inspection is disabled.