NETGEAR-MGMT-SECURITY-MIB DEFINITIONS ::= BEGIN

-- Broadcom Corporation FastPath Mgmt Security MIB
-- Copyright Broadcom Corporation (2003-2007) All rights reserved.

-- This SNMP Management Information Specification
-- embodies Broadcom Corporation's confidential and proprietary
-- intellectual property.  Broadcom Corporation retains all title
-- and ownership in the Specification including any revisions.

-- This Specification is supplied "AS IS", Broadcom Corporation
-- makes no warranty, either expressed or implied,
-- as to the use, operation, condition, or performance of the
-- Specification.


IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 
    IpAddress, Integer32                FROM SNMPv2-SMI
    ng7000managedswitch                 FROM NETGEAR-REF-MIB
    DisplayString                       FROM RFC1213-MIB
    TruthValue                          FROM SNMPv2-TC;

    fastPathMgmtSecurity MODULE-IDENTITY
        LAST-UPDATED "200705230000Z" -- 23 May 2007 12:00:00 GMT
        ORGANIZATION "Netgear"
        CONTACT-INFO
          ""
        DESCRIPTION
          "The NETGEAR Private MIB for FastPath Security"

        -- Revision history.
        REVISION
          "200705230000Z" -- 23 May 2007 12:00:00 GMT
        DESCRIPTION
          "Netgear branding related changes."
        REVISION
          "200311210000Z" -- 21 Nov 2003 12:00:00 GMT
        DESCRIPTION
          "Initial revision."

    ::= { ng7000managedswitch 11 }

AgentLanMngInfServiceType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "Management ACL Service type to be configured."
    SYNTAX INTEGER {
        allType(0),
        snmp(1),
        http(2),
        https(3)
    }
        
AgentLanMngInfActionType ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
        "Management ACL Action definition."
    SYNTAX INTEGER {
        permit(0),
        deny(1)
    }

    --**************************************************************************************
    -- agentSSLConfigGroup
    --
    --**************************************************************************************

    agentSSLConfigGroup                        OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 1 }

    agentSSLAdminMode OBJECT-TYPE
         SYNTAX      INTEGER {
                     enable(1),
                     disable(2)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures whether the SSL service is enabled on this switch.  The
                      default value is disable(2)."
         ::= { agentSSLConfigGroup 1 }

    agentSSLSecurePort OBJECT-TYPE
         SYNTAX      Integer32 (1..65535)
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures the port the SSL service will respond on.  The default
                      value is 443."
         ::= { agentSSLConfigGroup 2 }

    agentSSLProtocolLevel OBJECT-TYPE
         SYNTAX      INTEGER {
                     ssl30(1), -- SSL 3.0
                     tls10(2), -- TSL 1.0
                     both(3)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures which protocol versions of SSL are enabled on this
                     switch.  The default value is both(3)."
         ::= { agentSSLConfigGroup 3 }

    agentSSLMaxSessions OBJECT-TYPE
         SYNTAX      Integer32 (0..16)
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures the maximum number of allowable SSL sessions.  The default
                      value is 16."
         ::= { agentSSLConfigGroup 4 }

    agentSSLHardTimeout OBJECT-TYPE
         SYNTAX      Integer32 (1..168)
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures the hard timeout for SSL sessions in hours.  The default
                      value is 24 hours."
         ::= { agentSSLConfigGroup 5 }

    agentSSLSoftTimeout OBJECT-TYPE
         SYNTAX      Integer32 (1..60)
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures the soft (activity) timeout for SSL sessions in minutes.
                      The default value is 5 minutes."
         ::= { agentSSLConfigGroup 6 }

    agentSSLCertificatePresent OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Boolean value indicating whether SSL certificate files exist on the device."
         ::= { agentSSLConfigGroup 7 }

    agentSSLCertificateControl OBJECT-TYPE
         SYNTAX      INTEGER {
                     noop(1),
                     generate(2),
                     delete(3)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Controls certificate generation and deletion. Always returns noop(1)."
         ::= { agentSSLConfigGroup 8 }

    agentSSLCertificateGenerationStatus OBJECT-TYPE
         SYNTAX      TruthValue
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Indicates whether certificate files are currently being generated."
         ::= { agentSSLConfigGroup 9 }

    --**************************************************************************************
    -- agentSSHConfigGroup
    --
    --**************************************************************************************

    agentSSHConfigGroup                        OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 2 }

    agentSSHAdminMode OBJECT-TYPE
         SYNTAX      INTEGER {
                     enable(1),
                     disable(2)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures whether the SSH service is enabled on this switch.  The
                      default value is disable(2)."
         ::= { agentSSHConfigGroup 1 }

    agentSSHProtocolLevel OBJECT-TYPE
         SYNTAX      INTEGER {
                     ssh10(1), -- SSH 1.0
                     ssh20(2), -- SSH 2.0
                     both(3)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Configures which protocol versions of SSH are enabled on this
                     switch.  The default value is both(3)."
         ::= { agentSSHConfigGroup 2 }

    agentSSHSessionsCount OBJECT-TYPE
         SYNTAX      Integer32
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Current number of active SSH sessions on this switch."
         ::= { agentSSHConfigGroup 3 }

   agentSSHMaxSessionsCount OBJECT-TYPE
         SYNTAX       Integer32 (0..5)
         MAX-ACCESS   read-write
         STATUS       current
         DESCRIPTION
                     "Max number of SSH sessions permitted on this switch."
         ::= { agentSSHConfigGroup 4 }

   agentSSHSessionTimeout OBJECT-TYPE
         SYNTAX       Integer32 (1..160)
         MAX-ACCESS   read-write
         STATUS       current
         DESCRIPTION
                     "ssh idle timeout value for this switch im minutes."
         ::= { agentSSHConfigGroup 5 }

    agentSSHKeysPresent OBJECT-TYPE
         SYNTAX      INTEGER {
                     dsa(1),
                     rsa(2),
                     both(3),
                     none(4)
                     }
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Indicates what key files are present on the device, if any."
         ::= { agentSSHConfigGroup 6 }

    agentSSHKeyGenerationStatus OBJECT-TYPE
         SYNTAX      INTEGER {
                     dsa(1),
                     rsa(2),
                     both(3),
                     none(4)
                     }
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Indicates what key files are currently being generated, if any."
         ::= { agentSSHConfigGroup 7 }

    agentSSHRSAKeyControl OBJECT-TYPE
         SYNTAX      INTEGER {
                     noop(1),
                     generate(2),
                     delete(3)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Controls RSA key generation and deletion.  Always returns noop(1)."
         ::= { agentSSHConfigGroup 8 }

    agentSSHDSAKeyControl OBJECT-TYPE
         SYNTAX      INTEGER {
                     noop(1),
                     generate(2),
                     delete(3)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Controls DSA key generation and deletion.  Always returns noop(1)."
         ::= { agentSSHConfigGroup 9 }

    --**************************************************************************************
    -- agentACALConfigGroup
    --
    --**************************************************************************************
    agentACALConfigGroup                        OBJECT IDENTIFIER ::= { fastPathMgmtSecurity 3 }

agentLanMngInfEnable OBJECT-TYPE
    SYNTAX TruthValue
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "The variable specifies if Management ACL functionality is enabled.
	 Setting this value to FALSE will disable the ACL checking so all
	 management interfaces will be allowed access to the system.  By
	 default this parameter value is TRUE, which means that management
	 interface ACL is checked when granting access to the system."
    ::= { agentACALConfigGroup 1 }

agentLanMngInfActiveListName OBJECT-TYPE
    SYNTAX DisplayString (SIZE(0..32))
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "This parameter may be used to activate a particular management
         ACL rule-set.  If no management ACL rule-set is specified (by 
         setting this parameter to a NULL string) then the system assumes 
         that management ACL is disabled (similar to setting 
         agentLanMngInfEnable to FALSE - meaning that ACL is not checked 
         and all management access are allowed).

         If the user attempts to set this parameter to the name of an
         invalid or non-existence ACL rule-set, the configuration will fail.

         If the user deletes a management ACL rule-set to which this 
         parameter references, the parameter will be set to a NULL 
         string and the system will assume that management ACL checking 
         has been disabled."
    ::= { agentACALConfigGroup 2 }

agentLanMngInfListTable OBJECT-TYPE
    SYNTAX SEQUENCE OF AgentLanMngInfListEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "This table defines all management ACL rule-set as well as the rules
         within the rule-set.  To activate a specific ACL rule-set, please 
         refer to the 'agentLanMngInfActiveListName' parameter above."
    ::= { agentACALConfigGroup 3 }

agentLanMngInfListEntry  OBJECT-TYPE
    SYNTAX AgentLanMngInfListEntry
    MAX-ACCESS not-accessible
    STATUS current
    DESCRIPTION
        "Each entry in the table is a single rule within a given rule-set.
         The rules within a rule-set are grouped together via a common
         name 'gentLanMngInfListName'.  Each rule has a specific priority
         within the rule-set given by 'agentLanMngInfListPriority', where
         priority 1 is the highest priority of the given set."

    INDEX { agentLanMngInfListName, agentLanMngInfListPriority }
    ::= { agentLanMngInfListTable 1 }

AgentLanMngInfListEntry ::= SEQUENCE {
    agentLanMngInfListName            DisplayString,
    agentLanMngInfListPriority        Unsigned32,
    agentLanMngInfListIpAddr          IpAddress,
    agentLanMngInfListIpNetMask       IpAddress,
    agentLanMngInfListService         AgentLanMngInfServiceType,
    agentLanMngInfListAction          AgentLanMngInfActionType,
    agentLanMngInfListRowStatus       RowStatus
}

agentLanMngInfListName OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(1..32))
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
        "The name of a given rule-set." 
    ::= { agentLanMngInfListEntry 1 }

agentLanMngInfListPriority OBJECT-TYPE
    SYNTAX  Unsigned32 (1..40)
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
        "The priority value of a given rule within the rule-set.User must
         enter the priority value along with agentLanMngInfListIpAddr 
         and agentLanMngInfListAction."
    ::= { agentLanMngInfListEntry 2 }

agentLanMngInfListIpAddr OBJECT-TYPE
    SYNTAX  IpAddress
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "The IP address to which this rule applies. The IP address may be set 
         to be 0, which means that the rule applies to all IP addresses.
         Otherwise, the rule applies to all management request which comes
         from a given IP address.User must enter the IP address value along 
         with agentLanMngInfListAction and agentLanMngInfListPriority." 
    ::= { agentLanMngInfListEntry 3 }

agentLanMngInfListIpNetMask OBJECT-TYPE
    SYNTAX  IpAddress
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "The subnet mask associated with the IP address of this entry. The 
         value of the mask is an IP address with all the network bits set 
         to 1 and all the hosts bits set to 0.  Using this in conjunction
         with the ipAddress given above, it is possible to make the rule
         applies to a subnet instead of a specific address (to force the
         rule to apply to a single address, use a netmask with all bits
         set to 1 (i.e. 255.255.255.255 netmask).User must enter the subnet 
         mask value along with agentLanMngInfListAction, 
         agentLanMngInfListIpAddr and agentLanMngInfListPriority."
    ::= { agentLanMngInfListEntry 4 }

agentLanMngInfListService  OBJECT-TYPE
    SYNTAX  AgentLanMngInfServiceType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "The type of services that this rule applies to. By setting this
         to a specific service type, the rule will only apply if the 
         request is coming to the switch using the particular protocol
         type specified.  The Service type address can be configured to 
         be 0, which means any of the supported protocols or service
         such as SNMP, HTTP, HTTPS are applicable.User must enter the 
         type of service value along with agentLanMngInfListAction,
         agentLanMngInfListIpAddr and agentLanMngInfListPriority."
    ::= { agentLanMngInfListEntry 5 }

agentLanMngInfListAction  OBJECT-TYPE
    SYNTAX  AgentLanMngInfActionType
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
        "The action to apply to the given traffic matching the rule.  The
         action may be to permit or deny the requested management access. This 
         object MUST be set along with agentLanMngInfListPriority and agentLanMngInfListIpAddr"
    ::= { agentLanMngInfListEntry 6 }

agentLanMngInfListRowStatus OBJECT-TYPE
    SYNTAX   RowStatus
    MAX-ACCESS read-create
    STATUS   current
    DESCRIPTION
        "The row status variable, used according to row creation and
         deletion conventions."
    ::= { agentLanMngInfListEntry 7 }

END
