draft-ietf-bridge-bridgemib-smiv2-10.txt   rfc4188.txt 
Network Working Group K. Norseth, Ed. Network Working Group K. Norseth, Ed.
Internet-Draft L-3 Communications Request for Comments: 4188 L-3 Communications
Obsoletes: 1493 (if approved) E. Bell, Ed. Obsoletes: 1493 E. Bell, Ed.
Expires: August 17, 2005 3Com Europe Limited Category: Standards Track 3Com Europe Limited
February 16, 2005 September 2005
Definitions of Managed Objects for Bridges Definitions of Managed Objects for Bridges
draft-ietf-bridge-bridgemib-smiv2-10.txt
Status of this Memo
This document is an Internet-Draft and is subject to all provisions Status of This Memo
of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 17, 2005. This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in TCP/IP based internets. for use with network management protocols in TCP/IP-based internets.
In particular it defines objects for managing MAC bridges based on In particular, it defines objects for managing MAC bridges based on
the IEEE 802.1D-1998 standard between Local Area Network (LAN) the IEEE 802.1D-1998 standard between Local Area Network (LAN)
segments. Provisions are made for support of transparent bridging. segments. Provisions are made for the support of transparent
Provisions are also made so that these objects apply to bridges bridging. Provisions are also made so that these objects apply to
connected by subnetworks other than LAN segments. bridges connected by subnetworks other than LAN segments.
The MIB module presented in this memo is a translation of the The MIB module presented in this memo is a translation of the
BRIDGE-MIB defined in RFC 1493 to the SMIv2 syntax. BRIDGE-MIB defined in RFC 1493 to the SMIv2 syntax.
This memo obsoletes RFC 1493. This memo obsoletes RFC 1493.
Table of Contents Table of Contents
1. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. The Internet-Standard Management Framework ......................2
2. The Internet-Standard Management Framework . . . . . . . . . . 3 2. Conventions .....................................................2
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Overview ........................................................3
3.1 Structure of the MIB Module . . . . . . . . . . . . . . . 4 3.1. Structure of the MIB Module ................................3
3.1.1 The dot1dBase Subtree . . . . . . . . . . . . . . . . 6 3.1.1. The dot1dBase Subtree ...............................6
3.1.2 The dot1dStp Subtree . . . . . . . . . . . . . . . . . 6 3.1.2. The dot1dStp Subtree ................................6
3.1.3 The dot1dSr Subtree . . . . . . . . . . . . . . . . . 6 3.1.3. The dot1dSr Subtree .................................6
3.1.4 The dot1dTp Subtree . . . . . . . . . . . . . . . . . 7 3.1.4. The dot1dTp Subtree .................................6
3.1.5 The dot1dStatic Subtree . . . . . . . . . . . . . . . 7 3.1.5. The dot1dStatic Subtree .............................6
3.2 Relationship to Other MIB Modules . . . . . . . . . . . . 7 3.2. Relationship to Other MIB Modules ..........................6
3.2.1 Relationship to the SNMPv2-MIB . . . . . . . . . . . . 7 3.2.1. Relationship to the SNMPv2-MIB ......................7
3.2.2 Relationship to the IF-MIB . . . . . . . . . . . . . . 7 3.2.2. Relationship to the IF-MIB ..........................7
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 8 4. Definitions .....................................................8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39 5. IANA Considerations ............................................39
6. Security Considerations . . . . . . . . . . . . . . . . . . . 39 6. Security Considerations ........................................39
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 41 7. Acknowledgements ...............................................40
8. Contact Information . . . . . . . . . . . . . . . . . . . . . 41 8. Contact Information ............................................41
9. Changes from RFC 1493 . . . . . . . . . . . . . . . . . . . . 42 9. Changes from RFC 1493 ..........................................42
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 42 10. References ....................................................42
10.1 Normative References . . . . . . . . . . . . . . . . . . . . 42 10.1. Normative References .....................................42
10.2 Informative References . . . . . . . . . . . . . . . . . . . 43 10.2. Informative References ...................................43
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 43
Intellectual Property and Copyright Statements . . . . . . . . 45
1. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL", when they appear in this document, are to be interpreted
as described in BCP 14, RFC 2119 [RFC2119].
2. The Internet-Standard Management Framework 1. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410]. RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP). accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58, module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580]. [RFC2580].
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL", when they appear in this document, are to be interpreted
as described in BCP 14, RFC 2119 [RFC2119].
3. Overview 3. Overview
A common device present in many networks is the Bridge. This device A common device present in many networks is the Bridge. This device
is used to connect Local Area Network segments below the network is used to connect Local Area Network segments below the network
layer. layer.
There are two major modes defined for this bridging; transparent and There are two major modes defined for this bridging: transparent and
source route. The transparent method of bridging is defined in the source route. The transparent method of bridging is defined in the
IEEE 802.1D specification [IEEE8021D]. This memo defines those IEEE 802.1D specification [IEEE8021D]. This memo defines those
objects needed for the management of a bridging entity operating in objects needed for the management of a bridging entity that operates
the transparent mode, as well as some objects applicable to all types in the transparent mode, as well as some objects that apply to all
of bridges. types of bridges.
To be consistent with IAB directives and good engineering practice, To be consistent with IAB directives and good engineering practices,
an explicit attempt was made to keep this MIB module as simple as an explicit attempt was made to keep this MIB module as simple as
possible. This was accomplished by applying the following criteria possible. This was accomplished by applying the following criteria
to objects proposed for inclusion: to objects proposed for inclusion:
1. Start with a small set of essential objects and add only as 1. Start with a small set of essential objects and add only as
further objects are needed. further objects are needed.
2. Require objects be essential for either fault or configuration
management.
3. Consider evidence of current use and/or utility.
4. Limit the total number of objects.
5. Exclude objects which are simply derivable from others in this or
other MIB modules.
6. Avoid causing critical sections to be heavily instrumented. The 2. Require that objects be essential for either fault or
guideline that was followed is one counter per critical section configuration management.
per layer.
3. Consider evidence of current use and/or utility.
4. Limit the total number of objects.
5. Exclude objects that are simply derivable from others in this or
other MIB modules.
6. Avoid causing critical sections to be heavily instrumented. The
guideline that was followed is one counter per critical section
per layer.
3.1 Structure of the MIB Module 3.1 Structure of the MIB Module
Objects in this MIB module are arranged into subtrees. Each subtree Objects in this MIB module are arranged into subtrees. Each subtree
is organized as a set of related objects. The overall structure and is organized as a set of related objects. The overall structure and
assignment of objects to their subtrees is shown below. Where assignment of objects to their subtrees is shown below. Where
appropriate the corresponding IEEE 802.1D [IEEE8021D] management appropriate, the corresponding IEEE 802.1D [IEEE8021D] management
object name is also included. object name is also included.
Bridge MIB Name IEEE 802.1D Name Bridge MIB Name IEEE 802.1D Name
dot1dBridge dot1dBridge
dot1dBase dot1dBase
BridgeAddress Bridge.BridgeAddress BridgeAddress Bridge.BridgeAddress
NumPorts Bridge.NumberOfPorts NumPorts Bridge.NumberOfPorts
Type Type
PortTable PortTable
skipping to change at page 6, line 30 skipping to change at page 6, line 7
SpanningTreeProtocolPort SpanningTreeProtocolPort
.Uptime Same as ifLastChange (IF-MIB) .Uptime Same as ifLastChange (IF-MIB)
.PortIdentifier Combination of dot1dStpPort .PortIdentifier Combination of dot1dStpPort
and dot1dStpPortPriority and dot1dStpPortPriority
.TopologyChangeAcknowledged Since this is transitory, it .TopologyChangeAcknowledged Since this is transitory, it
is not considered useful. is not considered useful.
.DiscardLackOfBuffers Redundant .DiscardLackOfBuffers Redundant
Transmission Priority These objects are not required Transmission Priority These objects are not required
as per the Pics Proforma and as per the Pics Proforma and
not considered useful. are not considered useful.
.TransmissionPriorityName .TransmissionPriorityName
.OutboundUserPriority .OutboundUserPriority
.OutboundAccessPriority .OutboundAccessPriority
3.1.1 The dot1dBase Subtree 3.1.1 The dot1dBase Subtree
This subtree contains the objects which are applicable to all types This subtree contains the objects that are applicable to all types of
of bridges. bridges.
3.1.2 The dot1dStp Subtree 3.1.2 The dot1dStp Subtree
This subtree contains the objects that denote the bridge's state with This subtree contains the objects that denote the bridge's state with
respect to the Spanning Tree Protocol. If a node does not implement respect to the Spanning Tree Protocol. If a node does not implement
the Spanning Tree Protocol, this subtree will not be implemented. the Spanning Tree Protocol, this subtree will not be implemented.
3.1.3 The dot1dSr Subtree 3.1.3 The dot1dSr Subtree
This subtree contains the objects that describe the entity's state This subtree contains the objects that describe the entity's state
with respect to source route bridging. This subtree described in RFC with respect to source route bridging. This subtree described in RFC
1525 [RFC1525] is applicable only to source route bridging. 1525 [RFC1525] is applicable only to source route bridging.
3.1.4 The dot1dTp Subtree 3.1.4 The dot1dTp Subtree
This subtree contains objects that describe the entity's state with This subtree contains objects that describe the entity's state with
respect to transparent bridging. If transparent bridging is not respect to transparent bridging. If transparent bridging is not
supported this subtree will not be implemented. This subtree is supported, this subtree will not be implemented. This subtree is
applicable to transparent only and SRT bridges. applicable to transparent-only and SRT bridges.
3.1.5 The dot1dStatic Subtree 3.1.5 The dot1dStatic Subtree
This subtree contains objects that describe the entity's state with This subtree contains objects that describe the entity's state with
respect to destination-address filtering. If destination-address respect to destination-address filtering. If destination-address
filtering is not supported this subtree will not be implemented. filtering is not supported, this subtree will not be implemented.
This subtree is applicable to any type of bridge which performs This subtree is applicable to any type of bridge that performs
destination-address filtering. destination-address filtering.
3.2 Relationship to Other MIB Modules 3.2 Relationship to Other MIB Modules
As described above, some IEEE 802.1D management objects have not been As described above, some IEEE 802.1D management objects have not been
included in this MIB module because they overlap with objects in included in this MIB module because they overlap with objects in
other MIB modules applicable to a bridge implementing this MIB other MIB modules that are applicable to a bridge implementing this
module. MIB module.
3.2.1 Relationship to the SNMPv2-MIB 3.2.1 Relationship to the SNMPv2-MIB
The SNMPv2-MIB [RFC3418] defines objects that are generally The SNMPv2-MIB [RFC3418] defines objects that are generally
applicable to managed devices. These objects apply to the device as applicable to managed devices. These objects apply to the device as
a whole irrespective of whether the device's sole functionality is a whole, irrespective of whether the device's sole functionality is
bridging, or whether bridging is only a subset of the device's bridging, or whether bridging is only a subset of the device's
functionality. functionality.
As explained in Section 3.1, full support for the 802.1D management As explained in Section 3.1, full support for the 802.1D management
objects requires that the SNMPv2-MIB objects sysDescr and sysUpTime objects requires that the SNMPv2-MIB objects sysDescr and sysUpTime
are implemented. Note that compliance to the current SNMPv2-MIB be implemented. Note that compliance with the current SNMPv2-MIB
module requires additional objects and notifications to be module requires additional objects and notifications to be
implemented as specified in RFC 3418 [RFC3418]. implemented, as specified in RFC 3418 [RFC3418].
3.2.2 Relationship to the IF-MIB 3.2.2 Relationship to the IF-MIB
The IF-MIB [RFC2863] defines managed objects for managing network The IF-MIB [RFC2863] defines managed objects for managing network
interfaces. A network interface is thought of as being attached to a interfaces. A network interface is thought of as being attached to a
`subnetwork'. (Note that this term is not to be confused with `subnetwork'. Note that this term is not to be confused with
`subnet' which refers to an addressing partitioning scheme used in `subnet', which refers to an addressing partitioning scheme used in
the Internet suite of protocols.) The term 'segment' is used in this the Internet suite of protocols. The term 'segment' is used in this
memo to refer to such a subnetwork, whether it be an Ethernet memo to refer to such a subnetwork, whether it be an Ethernet
segment, a 'ring', a WAN link, or even an X.25 virtual circuit. segment, a 'ring', a WAN link, or even an X.25 virtual circuit.
As explained in Section 3.1, full support for the 802.1D management As explained in Section 3.1, full support for the 802.1D management
objects requires that the IF-MIB objects ifIndex, ifType, ifDescr, objects requires that the IF-MIB objects ifIndex, ifType, ifDescr,
ifPhysAddress, and ifLastChange are implemented. Note that ifPhysAddress, and ifLastChange are implemented. Note that
compliance to the current IF-MIB module requires additional objects compliance to the current IF-MIB module requires additional objects
and notifications to be implemented as specified in RFC 2863 and notifications to be implemented as specified in RFC 2863
[RFC2863]. [RFC2863].
Implicit in this BRIDGE-MIB is the notion of ports on a bridge. Each Implicit in this BRIDGE-MIB is the notion of ports on a bridge. Each
of these ports is associated with one interface of the 'interfaces' of these ports is associated with one interface of the 'interfaces'
subtree, and in most situations, each port is associated with a subtree, and in most situations, each port is associated with a
different interface. However, there are situations in which multiple different interface. However, there are situations in which multiple
ports are associated with the same interface. An example of such a ports are associated with the same interface. An example of such a
situation would be several ports each corresponding one-to-one with situation would be several ports, each corresponding, one-to-one,
several X.25 virtual circuits but all on the same interface. with several X.25 virtual circuits that are all on the same
interface.
Each port is uniquely identified by a port number. A port number has Each port is uniquely identified by a port number. A port number has
no mandatory relationship to an interface number, but in the simple no mandatory relationship to an interface number, but in the simple
case a port number will have the same value as the corresponding case, a port number will have the same value as the corresponding
interface's interface number. Port numbers are in the range interface's interface number. Port numbers are in the range
(1..dot1dBaseNumPorts). (1..dot1dBaseNumPorts).
Some entities perform other functionality as well as bridging through Some entities perform other functionalities as well as bridging
the sending and receiving of data on their interfaces. In such through the sending and receiving of data on their interfaces. In
situations, only a subset of the data sent/received on an interface such situations, only a subset of the data sent/received on an
is within the domain of the entity's bridging functionality. This interface is within the domain of the entity's bridging
subset is considered to be delineated according to a set of functionality. This subset is considered to be delineated according
protocols, with some protocols being bridged, and other protocols not to a set of protocols, with some protocols being bridged, and other
being bridged. For example, in an entity which exclusively performed protocols not being bridged. For example, in an entity that
bridging, all protocols would be considered as being bridged, whereas exclusively performs bridging, all protocols would be considered as
in an entity which performed IP routing on IP datagrams and only bridged, whereas in an entity that performs IP routing on IP
bridged other protocols, only the non-IP data would be considered as datagrams and only bridges other protocols, only the non-IP data
being bridged. would be considered as having been bridged.
Thus, this BRIDGE-MIB (and in particular, its counters) are Thus, this BRIDGE-MIB (and in particular, its counters) are
applicable only to that subset of the data on an entity's interfaces applicable only to that subset of the data on an entity's interfaces
which is sent/received for a protocol being bridged. All such data that is sent/received for a protocol being bridged. All such data is
is sent/received via the ports of the bridge. sent/received via the ports of the bridge.
4. Definitions 4. Definitions
BRIDGE-MIB DEFINITIONS ::= BEGIN BRIDGE-MIB DEFINITIONS ::= BEGIN
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- MIB for IEEE 802.1D devices -- MIB for IEEE 802.1D devices
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
Counter32, Integer32, TimeTicks, mib-2 Counter32, Integer32, TimeTicks, mib-2
FROM SNMPv2-SMI FROM SNMPv2-SMI
TEXTUAL-CONVENTION, MacAddress TEXTUAL-CONVENTION, MacAddress
FROM SNMPv2-TC FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF FROM SNMPv2-CONF
InterfaceIndex FROM IF-MIB InterfaceIndex FROM IF-MIB
; ;
dot1dBridge MODULE-IDENTITY dot1dBridge MODULE-IDENTITY
LAST-UPDATED "200502100000Z" LAST-UPDATED "200509190000Z"
ORGANIZATION "IETF Bridge MIB Working Group" ORGANIZATION "IETF Bridge MIB Working Group"
CONTACT-INFO CONTACT-INFO
"Email: bridge-mib@ietf.org "Email: bridge-mib@ietf.org
K.C. Norseth (Editor) K.C. Norseth (Editor)
L-3 Communications L-3 Communications
Tel: +1 801-594-2809 Tel: +1 801-594-2809
Email: kenyon.c.norseth@L-3com.com Email: kenyon.c.norseth@L-3com.com
Postal: 640 N. 2200 West. Postal: 640 N. 2200 West.
Salt Lake City, Utah 84116-0850 Salt Lake City, Utah 84116-0850
skipping to change at page 9, line 22 skipping to change at page 9, line 4
ORGANIZATION "IETF Bridge MIB Working Group" ORGANIZATION "IETF Bridge MIB Working Group"
CONTACT-INFO CONTACT-INFO
"Email: bridge-mib@ietf.org "Email: bridge-mib@ietf.org
K.C. Norseth (Editor) K.C. Norseth (Editor)
L-3 Communications L-3 Communications
Tel: +1 801-594-2809 Tel: +1 801-594-2809
Email: kenyon.c.norseth@L-3com.com Email: kenyon.c.norseth@L-3com.com
Postal: 640 N. 2200 West. Postal: 640 N. 2200 West.
Salt Lake City, Utah 84116-0850 Salt Lake City, Utah 84116-0850
Les Bell (Editor) Les Bell (Editor)
3Com Europe Limited 3Com Europe Limited
Phone: +44 1442 438025 Phone: +44 1442 438025
Email: Les_Bell@3Com.com Email: elbell@ntlworld.com
Postal: 3Com Centre, Boundary Way Postal: 3Com Centre, Boundary Way
Hemel Hempstead Hemel Hempstead
Herts. HP2 7YU Herts. HP2 7YU
UK UK
Send comments to <bridge-mib@ietf.org>" Send comments to <bridge-mib@ietf.org>"
DESCRIPTION DESCRIPTION
"The Bridge MIB module for managing devices that support "The Bridge MIB module for managing devices that support
IEEE 802.1D. IEEE 802.1D.
Copyright (C) The Internet Society (2005). This version of Copyright (C) The Internet Society (2005). This version of
this MIB module is part of RFC XXXX; see the RFC itself for this MIB module is part of RFC 4188; see the RFC itself for
full legal notices." full legal notices."
REVISION "200502100000Z" REVISION "200509190000Z"
-- RFC Ed.: replace XXXX with RFC number and remove this note
DESCRIPTION DESCRIPTION
"Third revision, published as part of RFC XXXX. "Third revision, published as part of RFC 4188.
The MIB module has been converted to SMIv2 format. The MIB module has been converted to SMIv2 format.
Conformance statements have been added and some Conformance statements have been added and some
description and reference clauses have been updated. description and reference clauses have been updated.
The object dot1dStpPortPathCost32 was added to The object dot1dStpPortPathCost32 was added to
support IEEE 802.1t and the permissible values of support IEEE 802.1t and the permissible values of
dot1dStpPriority and dot1dStpPortPriority have been dot1dStpPriority and dot1dStpPortPriority have been
clarified for bridges supporting IEEE 802.1t or clarified for bridges supporting IEEE 802.1t or
IEEE 802.1w. IEEE 802.1w.
The interpretation of dot1dStpTimeSinceTopologyChange The interpretation of dot1dStpTimeSinceTopologyChange
has been clarified for bridges supporting the rapid has been clarified for bridges supporting the Rapid
spanning tree protocol (RSTP)." Spanning Tree Protocol (RSTP)."
REVISION "199307310000Z" REVISION "199307310000Z"
DESCRIPTION DESCRIPTION
"Second revision, published as part of RFC 1493." "Second revision, published as part of RFC 1493."
REVISION "199112310000Z" REVISION "199112310000Z"
DESCRIPTION DESCRIPTION
"Initial revision, published as part of RFC 1286." "Initial revision, published as part of RFC 1286."
::= { mib-2 17 } ::= { mib-2 17 }
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- Textual Conventions -- Textual Conventions
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
BridgeId ::= TEXTUAL-CONVENTION BridgeId ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Bridge-Identifier as used in the Spanning Tree "The Bridge-Identifier, as used in the Spanning Tree
Protocol to uniquely identify a bridge. Its first two Protocol, to uniquely identify a bridge. Its first two
octets (in network byte order) contain a priority value octets (in network byte order) contain a priority value,
and its last 6 octets contain the MAC address used to and its last 6 octets contain the MAC address used to
refer to a bridge in a unique fashion (typically, the refer to a bridge in a unique fashion (typically, the
numerically smallest MAC address of all ports on the numerically smallest MAC address of all ports on the
bridge)." bridge)."
SYNTAX OCTET STRING (SIZE (8)) SYNTAX OCTET STRING (SIZE (8))
Timeout ::= TEXTUAL-CONVENTION Timeout ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A Spanning Tree Protocol (STP) timer in units of 1/100 "A Spanning Tree Protocol (STP) timer in units of 1/100
seconds. Several objects in this MIB module represent seconds. Several objects in this MIB module represent
values of timers used by the Spanning Tree Protocol. values of timers used by the Spanning Tree Protocol.
In this MIB, these timers have values in units of In this MIB, these timers have values in units of
hundredths of a second (i.e. 1/100 secs). hundredths of a second (i.e., 1/100 secs).
These timers, when stored in a Spanning Tree Protocol's These timers, when stored in a Spanning Tree Protocol's
BPDU, are in units of 1/256 seconds. Note, however, that BPDU, are in units of 1/256 seconds. Note, however, that
802.1D-1998 specifies a settable granularity of no more 802.1D-1998 specifies a settable granularity of no more
than one second for these timers. To avoid ambiguity, than one second for these timers. To avoid ambiguity,
a conversion algorithm is defined below for converting a conversion algorithm is defined below for converting
between the different units, to ensure a timer's value between the different units, which ensures a timer's
is not distorted by multiple conversions. value is not distorted by multiple conversions.
To convert a Timeout value into a value in units of To convert a Timeout value into a value in units of
1/256 seconds, the following algorithm should be used: 1/256 seconds, the following algorithm should be used:
b = floor( (n * 256) / 100) b = floor( (n * 256) / 100)
where: where:
floor = quotient [ignore remainder] floor = quotient [ignore remainder]
n is the value in 1/100 second units n is the value in 1/100 second units
b is the value in 1/256 second units b is the value in 1/256 second units
skipping to change at page 12, line 21 skipping to change at page 11, line 49
-- bridges. -- bridges.
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
dot1dBaseBridgeAddress OBJECT-TYPE dot1dBaseBridgeAddress OBJECT-TYPE
SYNTAX MacAddress SYNTAX MacAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The MAC address used by this bridge when it must be "The MAC address used by this bridge when it must be
referred to in a unique fashion. It is recommended referred to in a unique fashion. It is recommended
that this be the numerically smallest MAC address of all that this be the numerically smallest MAC address of
ports that belong to this bridge. However it is only all ports that belong to this bridge. However, it is only
required to be unique. When concatenated with required to be unique. When concatenated with
dot1dStpPriority a unique BridgeIdentifier is formed dot1dStpPriority, a unique BridgeIdentifier is formed,
which is used in the Spanning Tree Protocol." which is used in the Spanning Tree Protocol."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clauses 14.4.1.1.3 and 7.12.5" "IEEE 802.1D-1998: clauses 14.4.1.1.3 and 7.12.5"
::= { dot1dBase 1 } ::= { dot1dBase 1 }
dot1dBaseNumPorts OBJECT-TYPE dot1dBaseNumPorts OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
UNITS "ports" UNITS "ports"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
skipping to change at page 13, line 6 skipping to change at page 12, line 35
unknown(1), unknown(1),
transparent-only(2), transparent-only(2),
sourceroute-only(3), sourceroute-only(3),
srt(4) srt(4)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates what type of bridging this bridge can "Indicates what type of bridging this bridge can
perform. If a bridge is actually performing a perform. If a bridge is actually performing a
certain type of bridging this will be indicated by certain type of bridging, this will be indicated by
entries in the port table for the given type." entries in the port table for the given type."
::= { dot1dBase 3 } ::= { dot1dBase 3 }
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- The Generic Bridge Port Table -- The Generic Bridge Port Table
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
dot1dBasePortTable OBJECT-TYPE dot1dBasePortTable OBJECT-TYPE
SYNTAX SEQUENCE OF Dot1dBasePortEntry SYNTAX SEQUENCE OF Dot1dBasePortEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
skipping to change at page 14, line 25 skipping to change at page 14, line 6
"The value of the instance of the ifIndex object, "The value of the instance of the ifIndex object,
defined in IF-MIB, for the interface corresponding defined in IF-MIB, for the interface corresponding
to this port." to this port."
::= { dot1dBasePortEntry 2 } ::= { dot1dBasePortEntry 2 }
dot1dBasePortCircuit OBJECT-TYPE dot1dBasePortCircuit OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"For a port which (potentially) has the same value of "For a port that (potentially) has the same value of
dot1dBasePortIfIndex as another port on the same bridge, dot1dBasePortIfIndex as another port on the same bridge.
this object contains the name of an object instance This object contains the name of an object instance
unique to this port. For example, in the case where unique to this port. For example, in the case where
multiple ports correspond one-to-one with multiple X.25 multiple ports correspond one-to-one with multiple X.25
virtual circuits, this value might identify an (e.g., virtual circuits, this value might identify an (e.g.,
the first) object instance associated with the X.25 the first) object instance associated with the X.25
virtual circuit corresponding to this port. virtual circuit corresponding to this port.
For a port which has a unique value of For a port which has a unique value of
dot1dBasePortIfIndex, this object can have the value dot1dBasePortIfIndex, this object can have the value
{ 0 0 }." { 0 0 }."
::= { dot1dBasePortEntry 3 } ::= { dot1dBasePortEntry 3 }
skipping to change at page 15, line 39 skipping to change at page 15, line 18
ieee8021d(3) ieee8021d(3)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An indication of what version of the Spanning Tree "An indication of what version of the Spanning Tree
Protocol is being run. The value 'decLb100(2)' Protocol is being run. The value 'decLb100(2)'
indicates the DEC LANbridge 100 Spanning Tree protocol. indicates the DEC LANbridge 100 Spanning Tree protocol.
IEEE 802.1D implementations will return 'ieee8021d(3)'. IEEE 802.1D implementations will return 'ieee8021d(3)'.
If future versions of the IEEE Spanning Tree Protocol If future versions of the IEEE Spanning Tree Protocol
are released that are incompatible with the current that are incompatible with the current version
version a new value will be defined." are released a new value will be defined."
::= { dot1dStp 1 } ::= { dot1dStp 1 }
dot1dStpPriority OBJECT-TYPE dot1dStpPriority OBJECT-TYPE
SYNTAX Integer32 (0..65535) SYNTAX Integer32 (0..65535)
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of the write-able portion of the Bridge ID, "The value of the write-able portion of the Bridge ID
i.e., the first two octets of the (8 octet long) Bridge (i.e., the first two octets of the (8 octet long) Bridge
ID. The other (last) 6 octets of the Bridge ID are ID). The other (last) 6 octets of the Bridge ID are
given by the value of dot1dBaseBridgeAddress. given by the value of dot1dBaseBridgeAddress.
On bridges supporting IEEE 802.1t or IEEE 802.1w, On bridges supporting IEEE 802.1t or IEEE 802.1w,
permissible values are 0-61440, in steps of 4096." permissible values are 0-61440, in steps of 4096."
REFERENCE REFERENCE
"IEEE 802.1D-1998 clause 8.10.2, Table 8-4, "IEEE 802.1D-1998 clause 8.10.2, Table 8-4,
IEEE 802.1t clause 8.10.2, Table 8-4, clause 14.3." IEEE 802.1t clause 8.10.2, Table 8-4, clause 14.3."
::= { dot1dStp 2 } ::= { dot1dStp 2 }
dot1dStpTimeSinceTopologyChange OBJECT-TYPE dot1dStpTimeSinceTopologyChange OBJECT-TYPE
SYNTAX TimeTicks SYNTAX TimeTicks
skipping to change at page 16, line 44 skipping to change at page 16, line 25
REFERENCE REFERENCE
"IEEE 802.1D-1998 clause 14.8.1.1." "IEEE 802.1D-1998 clause 14.8.1.1."
::= { dot1dStp 4 } ::= { dot1dStp 4 }
dot1dStpDesignatedRoot OBJECT-TYPE dot1dStpDesignatedRoot OBJECT-TYPE
SYNTAX BridgeId SYNTAX BridgeId
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The bridge identifier of the root of the spanning "The bridge identifier of the root of the spanning
tree as determined by the Spanning Tree Protocol tree, as determined by the Spanning Tree Protocol,
as executed by this node. This value is used as as executed by this node. This value is used as
the Root Identifier parameter in all Configuration the Root Identifier parameter in all Configuration
Bridge PDUs originated by this node." Bridge PDUs originated by this node."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.3.1" "IEEE 802.1D-1998: clause 8.5.3.1"
::= { dot1dStp 5 } ::= { dot1dStp 5 }
dot1dStpRootCost OBJECT-TYPE dot1dStpRootCost OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
MAX-ACCESS read-only MAX-ACCESS read-only
skipping to change at page 17, line 21 skipping to change at page 16, line 49
this bridge." this bridge."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.3.2" "IEEE 802.1D-1998: clause 8.5.3.2"
::= { dot1dStp 6 } ::= { dot1dStp 6 }
dot1dStpRootPort OBJECT-TYPE dot1dStpRootPort OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The port number of the port which offers the lowest "The port number of the port that offers the lowest
cost path from this bridge to the root bridge." cost path from this bridge to the root bridge."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.3.3" "IEEE 802.1D-1998: clause 8.5.3.3"
::= { dot1dStp 7 } ::= { dot1dStp 7 }
dot1dStpMaxAge OBJECT-TYPE dot1dStpMaxAge OBJECT-TYPE
SYNTAX Timeout SYNTAX Timeout
UNITS "centi-seconds" UNITS "centi-seconds"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum age of Spanning Tree Protocol information "The maximum age of Spanning Tree Protocol information
learned from the network on any port before it is learned from the network on any port before it is
skipping to change at page 17, line 49 skipping to change at page 17, line 29
::= { dot1dStp 8 } ::= { dot1dStp 8 }
dot1dStpHelloTime OBJECT-TYPE dot1dStpHelloTime OBJECT-TYPE
SYNTAX Timeout SYNTAX Timeout
UNITS "centi-seconds" UNITS "centi-seconds"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The amount of time between the transmission of "The amount of time between the transmission of
Configuration bridge PDUs by this node on any port when Configuration bridge PDUs by this node on any port when
it is the root of the spanning tree or trying to become it is the root of the spanning tree, or trying to become
so, in units of hundredths of a second. This is the so, in units of hundredths of a second. This is the
actual value that this bridge is currently using." actual value that this bridge is currently using."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.3.5" "IEEE 802.1D-1998: clause 8.5.3.5"
::= { dot1dStp 9 } ::= { dot1dStp 9 }
dot1dStpHoldTime OBJECT-TYPE dot1dStpHoldTime OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
UNITS "centi-seconds" UNITS "centi-seconds"
MAX-ACCESS read-only MAX-ACCESS read-only
skipping to change at page 18, line 32 skipping to change at page 18, line 12
SYNTAX Timeout SYNTAX Timeout
UNITS "centi-seconds" UNITS "centi-seconds"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This time value, measured in units of hundredths of a "This time value, measured in units of hundredths of a
second, controls how fast a port changes its spanning second, controls how fast a port changes its spanning
state when moving towards the Forwarding state. The state when moving towards the Forwarding state. The
value determines how long the port stays in each of the value determines how long the port stays in each of the
Listening and Learning states, which precede the Listening and Learning states, which precede the
Forwarding state. This value is also used, when a Forwarding state. This value is also used when a
topology change has been detected and is underway, to topology change has been detected and is underway, to
age all dynamic entries in the Forwarding Database. age all dynamic entries in the Forwarding Database.
[Note that this value is the one that this bridge is [Note that this value is the one that this bridge is
currently using, in contrast to currently using, in contrast to
dot1dStpBridgeForwardDelay which is the value that this dot1dStpBridgeForwardDelay, which is the value that this
bridge and all others would start using if/when this bridge and all others would start using if/when this
bridge were to become the root.]" bridge were to become the root.]"
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.3.6" "IEEE 802.1D-1998: clause 8.5.3.6"
::= { dot1dStp 11 } ::= { dot1dStp 11 }
dot1dStpBridgeMaxAge OBJECT-TYPE dot1dStpBridgeMaxAge OBJECT-TYPE
SYNTAX Timeout (600..4000) SYNTAX Timeout (600..4000)
UNITS "centi-seconds" UNITS "centi-seconds"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value that all bridges use for MaxAge when this "The value that all bridges use for MaxAge when this
bridge is acting as the root. Note that 802.1D-1998 bridge is acting as the root. Note that 802.1D-1998
specifies that the range for this parameter is related specifies that the range for this parameter is related
to the value of dot1dStpBridgeHelloTime. The to the value of dot1dStpBridgeHelloTime. The
granularity of this timer is specified by 802.1D-1998 to granularity of this timer is specified by 802.1D-1998 to
be 1 second. An agent may return a badValue error if a be 1 second. An agent may return a badValue error if a
set is attempted to a value which is not a whole number set is attempted to a value that is not a whole number
of seconds." of seconds."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.3.8" "IEEE 802.1D-1998: clause 8.5.3.8"
::= { dot1dStp 12 } ::= { dot1dStp 12 }
dot1dStpBridgeHelloTime OBJECT-TYPE dot1dStpBridgeHelloTime OBJECT-TYPE
SYNTAX Timeout (100..1000) SYNTAX Timeout (100..1000)
UNITS "centi-seconds" UNITS "centi-seconds"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value that all bridges use for HelloTime when this "The value that all bridges use for HelloTime when this
bridge is acting as the root. The granularity of this bridge is acting as the root. The granularity of this
timer is specified by 802.1D-1998 to be 1 second. An timer is specified by 802.1D-1998 to be 1 second. An
agent may return a badValue error if a set is attempted agent may return a badValue error if a set is attempted
to a value which is not a whole number of seconds." to a value that is not a whole number of seconds."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.3.9" "IEEE 802.1D-1998: clause 8.5.3.9"
::= { dot1dStp 13 } ::= { dot1dStp 13 }
dot1dStpBridgeForwardDelay OBJECT-TYPE dot1dStpBridgeForwardDelay OBJECT-TYPE
SYNTAX Timeout (400..3000) SYNTAX Timeout (400..3000)
UNITS "centi-seconds" UNITS "centi-seconds"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value that all bridges use for ForwardDelay when "The value that all bridges use for ForwardDelay when
this bridge is acting as the root. Note that this bridge is acting as the root. Note that
802.1D-1998 specifies that the range for this parameter 802.1D-1998 specifies that the range for this parameter
is related to the value of dot1dStpBridgeMaxAge. The is related to the value of dot1dStpBridgeMaxAge. The
granularity of this timer is specified by 802.1D-1998 to granularity of this timer is specified by 802.1D-1998 to
be 1 second. An agent may return a badValue error if a be 1 second. An agent may return a badValue error if a
set is attempted to a value which is not a whole number set is attempted to a value that is not a whole number
of seconds." of seconds."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.3.10" "IEEE 802.1D-1998: clause 8.5.3.10"
::= { dot1dStp 14 } ::= { dot1dStp 14 }
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- The Spanning Tree Port Table -- The Spanning Tree Port Table
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
dot1dStpPortTable OBJECT-TYPE dot1dStpPortTable OBJECT-TYPE
skipping to change at page 21, line 17 skipping to change at page 20, line 44
contains Spanning Tree Protocol management information." contains Spanning Tree Protocol management information."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 14.8.2.1.2" "IEEE 802.1D-1998: clause 14.8.2.1.2"
::= { dot1dStpPortEntry 1 } ::= { dot1dStpPortEntry 1 }
dot1dStpPortPriority OBJECT-TYPE dot1dStpPortPriority OBJECT-TYPE
SYNTAX Integer32 (0..255) SYNTAX Integer32 (0..255)
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value of the priority field which is contained in "The value of the priority field that is contained in
the first (in network byte order) octet of the (2 octet the first (in network byte order) octet of the (2 octet
long) Port ID. The other octet of the Port ID is given long) Port ID. The other octet of the Port ID is given
by the value of dot1dStpPort. by the value of dot1dStpPort.
On bridges supporting IEEE 802.1t or IEEE 802.1w, On bridges supporting IEEE 802.1t or IEEE 802.1w,
permissible values are 0-240, in steps of 16." permissible values are 0-240, in steps of 16."
REFERENCE REFERENCE
"IEEE 802.1D-1998 clause 8.10.2, Table 8-4, "IEEE 802.1D-1998 clause 8.10.2, Table 8-4,
IEEE 802.1t clause 8.10.2, Table 8-4, clause 14.3." IEEE 802.1t clause 8.10.2, Table 8-4, clause 14.3."
::= { dot1dStpPortEntry 2 } ::= { dot1dStpPortEntry 2 }
skipping to change at page 21, line 40 skipping to change at page 21, line 19
disabled(1), disabled(1),
blocking(2), blocking(2),
listening(3), listening(3),
learning(4), learning(4),
forwarding(5), forwarding(5),
broken(6) broken(6)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The port's current state as defined by application of "The port's current state, as defined by application of
the Spanning Tree Protocol. This state controls what the Spanning Tree Protocol. This state controls what
action a port takes on reception of a frame. If the action a port takes on reception of a frame. If the
bridge has detected a port that is malfunctioning it bridge has detected a port that is malfunctioning, it
will place that port into the broken(6) state. For will place that port into the broken(6) state. For
ports which are disabled (see dot1dStpPortEnable), this ports that are disabled (see dot1dStpPortEnable), this
object will have a value of disabled(1)." object will have a value of disabled(1)."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.5.2" "IEEE 802.1D-1998: clause 8.5.5.2"
::= { dot1dStpPortEntry 3 } ::= { dot1dStpPortEntry 3 }
dot1dStpPortEnable OBJECT-TYPE dot1dStpPortEnable OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
enabled(1), enabled(1),
disabled(2) disabled(2)
} }
skipping to change at page 22, line 30 skipping to change at page 22, line 9
DESCRIPTION DESCRIPTION
"The contribution of this port to the path cost of "The contribution of this port to the path cost of
paths towards the spanning tree root which include paths towards the spanning tree root which include
this port. 802.1D-1998 recommends that the default this port. 802.1D-1998 recommends that the default
value of this parameter be in inverse proportion to value of this parameter be in inverse proportion to
the speed of the attached LAN. the speed of the attached LAN.
New implementations should support dot1dStpPortPathCost32. New implementations should support dot1dStpPortPathCost32.
If the port path costs exceeds the maximum value of this If the port path costs exceeds the maximum value of this
object then this object should report the maximum value, object then this object should report the maximum value,
namely 65535. Applications should try to read the namely 65535. Applications should try to read the
dot1dStpPortPathCost32 object if this object reports dot1dStpPortPathCost32 object if this object reports
the maximum value." the maximum value."
REFERENCE "IEEE 802.1D-1998: clause 8.5.5.3" REFERENCE "IEEE 802.1D-1998: clause 8.5.5.3"
::= { dot1dStpPortEntry 5 } ::= { dot1dStpPortEntry 5 }
dot1dStpPortDesignatedRoot OBJECT-TYPE dot1dStpPortDesignatedRoot OBJECT-TYPE
SYNTAX BridgeId SYNTAX BridgeId
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 23, line 18 skipping to change at page 22, line 45
Root Path Cost field in received bridge PDUs." Root Path Cost field in received bridge PDUs."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.5.5" "IEEE 802.1D-1998: clause 8.5.5.5"
::= { dot1dStpPortEntry 7 } ::= { dot1dStpPortEntry 7 }
dot1dStpPortDesignatedBridge OBJECT-TYPE dot1dStpPortDesignatedBridge OBJECT-TYPE
SYNTAX BridgeId SYNTAX BridgeId
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Bridge Identifier of the bridge which this "The Bridge Identifier of the bridge that this
port considers to be the Designated Bridge for port considers to be the Designated Bridge for
this port's segment." this port's segment."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 8.5.5.6" "IEEE 802.1D-1998: clause 8.5.5.6"
::= { dot1dStpPortEntry 8 } ::= { dot1dStpPortEntry 8 }
dot1dStpPortDesignatedPort OBJECT-TYPE dot1dStpPortDesignatedPort OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (2)) SYNTAX OCTET STRING (SIZE (2))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
skipping to change at page 24, line 28 skipping to change at page 24, line 7
-- implemented by those bridges that support the transparent -- implemented by those bridges that support the transparent
-- bridging mode. A transparent or SRT bridge will implement -- bridging mode. A transparent or SRT bridge will implement
-- this subtree. -- this subtree.
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
dot1dTpLearnedEntryDiscards OBJECT-TYPE dot1dTpLearnedEntryDiscards OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The total number of Forwarding Database entries, which "The total number of Forwarding Database entries that
have been or would have been learnt, but have been have been or would have been learned, but have been
discarded due to a lack of space to store them in the discarded due to a lack of storage space in the
Forwarding Database. If this counter is increasing, it Forwarding Database. If this counter is increasing, it
indicates that the Forwarding Database is regularly indicates that the Forwarding Database is regularly
becoming full (a condition which has unpleasant becoming full (a condition that has unpleasant
performance effects on the subnetwork). If this counter performance effects on the subnetwork). If this counter
has a significant value but is not presently increasing, has a significant value but is not presently increasing,
it indicates that the problem has been occurring but is it indicates that the problem has been occurring but is
not persistent." not persistent."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 14.7.1.1.3" "IEEE 802.1D-1998: clause 14.7.1.1.3"
::= { dot1dTp 1 } ::= { dot1dTp 1 }
dot1dTpAgingTime OBJECT-TYPE dot1dTpAgingTime OBJECT-TYPE
SYNTAX Integer32 (10..1000000) SYNTAX Integer32 (10..1000000)
UNITS "seconds" UNITS "seconds"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The timeout period in seconds for aging out "The timeout period in seconds for aging out
dynamically learned forwarding information. dynamically-learned forwarding information.
802.1D-1998 recommends a default of 300 seconds." 802.1D-1998 recommends a default of 300 seconds."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 14.7.1.1.3" "IEEE 802.1D-1998: clause 14.7.1.1.3"
::= { dot1dTp 2 } ::= { dot1dTp 2 }
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- The Forwarding Database for Transparent Bridges -- The Forwarding Database for Transparent Bridges
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
dot1dTpFdbTable OBJECT-TYPE dot1dTpFdbTable OBJECT-TYPE
skipping to change at page 26, line 18 skipping to change at page 25, line 44
dot1dTpFdbPort OBJECT-TYPE dot1dTpFdbPort OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Either the value '0', or the port number of the port on "Either the value '0', or the port number of the port on
which a frame having a source address equal to the value which a frame having a source address equal to the value
of the corresponding instance of dot1dTpFdbAddress has of the corresponding instance of dot1dTpFdbAddress has
been seen. A value of '0' indicates that the port been seen. A value of '0' indicates that the port
number has not been learned but that the bridge does number has not been learned, but that the bridge does
have some forwarding/filtering information about this have some forwarding/filtering information about this
address (e.g. in the dot1dStaticTable). Implementors address (e.g., in the dot1dStaticTable). Implementors
are encouraged to assign the port value to this object are encouraged to assign the port value to this object
whenever it is learned even for addresses for which the whenever it is learned, even for addresses for which the
corresponding value of dot1dTpFdbStatus is not corresponding value of dot1dTpFdbStatus is not
learned(3)." learned(3)."
::= { dot1dTpFdbEntry 2 } ::= { dot1dTpFdbEntry 2 }
dot1dTpFdbStatus OBJECT-TYPE dot1dTpFdbStatus OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
other(1), other(1),
invalid(2), invalid(2),
learned(3), learned(3),
self(4), self(4),
skipping to change at page 26, line 48 skipping to change at page 26, line 26
"The status of this entry. The meanings of the "The status of this entry. The meanings of the
values are: values are:
other(1) - none of the following. This would other(1) - none of the following. This would
include the case where some other MIB object include the case where some other MIB object
(not the corresponding instance of (not the corresponding instance of
dot1dTpFdbPort, nor an entry in the dot1dTpFdbPort, nor an entry in the
dot1dStaticTable) is being used to determine if dot1dStaticTable) is being used to determine if
and how frames addressed to the value of the and how frames addressed to the value of the
corresponding instance of dot1dTpFdbAddress are corresponding instance of dot1dTpFdbAddress are
being forwarded. being forwarded.
invalid(2) - this entry is not longer valid (e.g., invalid(2) - this entry is no longer valid (e.g.,
it was learned but has since aged-out), but has it was learned but has since aged out), but has
not yet been flushed from the table. not yet been flushed from the table.
learned(3) - the value of the corresponding instance learned(3) - the value of the corresponding instance
of dot1dTpFdbPort was learned, and is being of dot1dTpFdbPort was learned, and is being
used. used.
self(4) - the value of the corresponding instance of self(4) - the value of the corresponding instance of
dot1dTpFdbAddress represents one of the bridge's dot1dTpFdbAddress represents one of the bridge's
addresses. The corresponding instance of addresses. The corresponding instance of
dot1dTpFdbPort indicates which of the bridge's dot1dTpFdbPort indicates which of the bridge's
ports has this address. ports has this address.
mgmt(5) - the value of the corresponding instance of mgmt(5) - the value of the corresponding instance of
skipping to change at page 28, line 16 skipping to change at page 27, line 42
SYNTAX Integer32 (1..65535) SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The port number of the port for which this entry "The port number of the port for which this entry
contains Transparent bridging management information." contains Transparent bridging management information."
::= { dot1dTpPortEntry 1 } ::= { dot1dTpPortEntry 1 }
-- It would be nice if we could use ifMtu as the size of the -- It would be nice if we could use ifMtu as the size of the
-- largest INFO field, but we can't because ifMtu is defined -- largest INFO field, but we can't because ifMtu is defined
-- to be the size that the (inter-)network layer can use which -- to be the size that the (inter-)network layer can use, which
-- can differ from the MAC layer (especially if several layers -- can differ from the MAC layer (especially if several layers
-- of encapsulation are used). -- of encapsulation are used).
dot1dTpPortMaxInfo OBJECT-TYPE dot1dTpPortMaxInfo OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
UNITS "bytes" UNITS "bytes"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The maximum size of the INFO (non-MAC) field that "The maximum size of the INFO (non-MAC) field that
this port will receive or transmit." this port will receive or transmit."
::= { dot1dTpPortEntry 2 } ::= { dot1dTpPortEntry 2 }
dot1dTpPortInFrames OBJECT-TYPE dot1dTpPortInFrames OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
UNITS "frames" UNITS "frames"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of frames that have been received by this "The number of frames that have been received by this
port from its segment. Note that a frame received on the port from its segment. Note that a frame received on the
interface corresponding to this port is only counted by interface corresponding to this port is only counted by
this object if and only if it is for a protocol being this object if and only if it is for a protocol being
processed by the local bridging function, including processed by the local bridging function, including
bridge management frames." bridge management frames."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 14.6.1.1.3" "IEEE 802.1D-1998: clause 14.6.1.1.3"
::= { dot1dTpPortEntry 3 } ::= { dot1dTpPortEntry 3 }
dot1dTpPortOutFrames OBJECT-TYPE dot1dTpPortOutFrames OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
skipping to change at page 29, line 19 skipping to change at page 28, line 45
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 14.6.1.1.3" "IEEE 802.1D-1998: clause 14.6.1.1.3"
::= { dot1dTpPortEntry 4 } ::= { dot1dTpPortEntry 4 }
dot1dTpPortInDiscards OBJECT-TYPE dot1dTpPortInDiscards OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
UNITS "frames" UNITS "frames"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Count of valid frames received which were discarded "Count of received valid frames that were discarded
(i.e., filtered) by the Forwarding Process." (i.e., filtered) by the Forwarding Process."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 14.6.1.1.3" "IEEE 802.1D-1998: clause 14.6.1.1.3"
::= { dot1dTpPortEntry 5 } ::= { dot1dTpPortEntry 5 }
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- The Static (Destination-Address Filtering) Database -- The Static (Destination-Address Filtering) Database
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
-- Implementation of this subtree is optional. -- Implementation of this subtree is optional.
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
skipping to change at page 29, line 41 skipping to change at page 29, line 19
dot1dStaticTable OBJECT-TYPE dot1dStaticTable OBJECT-TYPE
SYNTAX SEQUENCE OF Dot1dStaticEntry SYNTAX SEQUENCE OF Dot1dStaticEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A table containing filtering information configured "A table containing filtering information configured
into the bridge by (local or network) management into the bridge by (local or network) management
specifying the set of ports to which frames received specifying the set of ports to which frames received
from specific ports and containing specific destination from specific ports and containing specific destination
addresses are allowed to be forwarded. The value of addresses are allowed to be forwarded. The value of
zero in this table as the port number from which frames zero in this table, as the port number from which frames
with a specific destination address are received, is with a specific destination address are received, is
used to specify all ports for which there is no specific used to specify all ports for which there is no specific
entry in this table for that particular destination entry in this table for that particular destination
address. Entries are valid for unicast and for address. Entries are valid for unicast and for
group/broadcast addresses." group/broadcast addresses."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 14.7.2" "IEEE 802.1D-1998: clause 14.7.2"
::= { dot1dStatic 1 } ::= { dot1dStatic 1 }
dot1dStaticEntry OBJECT-TYPE dot1dStaticEntry OBJECT-TYPE
skipping to change at page 30, line 33 skipping to change at page 30, line 12
dot1dStaticStatus INTEGER dot1dStaticStatus INTEGER
} }
dot1dStaticAddress OBJECT-TYPE dot1dStaticAddress OBJECT-TYPE
SYNTAX MacAddress SYNTAX MacAddress
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The destination MAC address in a frame to which this "The destination MAC address in a frame to which this
entry's filtering information applies. This object can entry's filtering information applies. This object can
take the value of a unicast address, a group address or take the value of a unicast address, a group address, or
the broadcast address." the broadcast address."
REFERENCE REFERENCE
"IEEE 802.1D-1998: clause 7.9.1, 7.9.2" "IEEE 802.1D-1998: clause 7.9.1, 7.9.2"
::= { dot1dStaticEntry 1 } ::= { dot1dStaticEntry 1 }
dot1dStaticReceivePort OBJECT-TYPE dot1dStaticReceivePort OBJECT-TYPE
SYNTAX Integer32 (0..65535) SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 31, line 18 skipping to change at page 30, line 45
"The set of ports to which frames received from a "The set of ports to which frames received from a
specific port and destined for a specific MAC address, specific port and destined for a specific MAC address,
are allowed to be forwarded. Each octet within the are allowed to be forwarded. Each octet within the
value of this object specifies a set of eight ports, value of this object specifies a set of eight ports,
with the first octet specifying ports 1 through 8, the with the first octet specifying ports 1 through 8, the
second octet specifying ports 9 through 16, etc. Within second octet specifying ports 9 through 16, etc. Within
each octet, the most significant bit represents the each octet, the most significant bit represents the
lowest numbered port, and the least significant bit lowest numbered port, and the least significant bit
represents the highest numbered port. Thus, each port represents the highest numbered port. Thus, each port
of the bridge is represented by a single bit within the of the bridge is represented by a single bit within the
value of this object. If that bit has a value of '1' value of this object. If that bit has a value of '1',
then that port is included in the set of ports; the port then that port is included in the set of ports; the port
is not included if its bit has a value of '0'. (Note is not included if its bit has a value of '0'. (Note
that the setting of the bit corresponding to the port that the setting of the bit corresponding to the port
from which a frame is received is irrelevant.) The from which a frame is received is irrelevant.) The
default value of this object is a string of ones of default value of this object is a string of ones of
appropriate length. appropriate length.
The value of this object may exceed the required minimum The value of this object may exceed the required minimum
maximum message size of some SNMP transport (484 bytes maximum message size of some SNMP transport (484 bytes,
in case of SNMP over UDP, see RFC 3417 section 3.2). in the case of SNMP over UDP, see RFC 3417, section 3.2).
SNMP engines on bridges supporting a large number of SNMP engines on bridges supporting a large number of
ports must support appropriate maximum message sizes." ports must support appropriate maximum message sizes."
::= { dot1dStaticEntry 3 } ::= { dot1dStaticEntry 3 }
dot1dStaticStatus OBJECT-TYPE dot1dStaticStatus OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
other(1), other(1),
invalid(2), invalid(2),
permanent(3), permanent(3),
deleteOnReset(4), deleteOnReset(4),
skipping to change at page 32, line 26 skipping to change at page 32, line 4
-- Notifications for the Spanning Tree Protocol -- Notifications for the Spanning Tree Protocol
-- ---------------------------------------------------------- -- -- ---------------------------------------------------------- --
newRoot NOTIFICATION-TYPE newRoot NOTIFICATION-TYPE
-- OBJECTS { } -- OBJECTS { }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The newRoot trap indicates that the sending agent has "The newRoot trap indicates that the sending agent has
become the new root of the Spanning Tree; the trap is become the new root of the Spanning Tree; the trap is
sent by a bridge soon after its election as the new sent by a bridge soon after its election as the new
root, e.g., upon expiration of the Topology Change Timer root, e.g., upon expiration of the Topology Change Timer,
immediately subsequent to its election. Implementation immediately subsequent to its election. Implementation
of this trap is optional." of this trap is optional."
::= { dot1dNotifications 1 } ::= { dot1dNotifications 1 }
topologyChange NOTIFICATION-TYPE topologyChange NOTIFICATION-TYPE
-- OBJECTS { } -- OBJECTS { }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A topologyChange trap is sent by a bridge when any of "A topologyChange trap is sent by a bridge when any of
its configured ports transitions from the Learning state its configured ports transitions from the Learning state
skipping to change at page 37, line 38 skipping to change at page 37, line 16
GROUP dot1dStaticGroup GROUP dot1dStaticGroup
DESCRIPTION DESCRIPTION
"Implementation of this group is optional." "Implementation of this group is optional."
GROUP dot1dNotificationGroup GROUP dot1dNotificationGroup
DESCRIPTION DESCRIPTION
"Implementation of this group is optional." "Implementation of this group is optional."
::= { dot1dCompliances 1 } ::= { dot1dCompliances 1 }
bridgeComplianceXXXX MODULE-COMPLIANCE bridgeCompliance4188 MODULE-COMPLIANCE
-- RFC Ed.: replace XXXX with RFC number and remove this note
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The compliance statement for device support of bridging "The compliance statement for device support of bridging
services. This supports 32-bit Path Cost values and the services. This supports 32-bit Path Cost values and the
more restricted bridge and port priorities, as per IEEE more restricted bridge and port priorities, as per IEEE
802.1t. 802.1t.
Full support for the 802.1D management objects requires that Full support for the 802.1D management objects requires that
the SNMPv2-MIB [RFC3418] objects sysDescr, and sysUpTime as the SNMPv2-MIB [RFC3418] objects sysDescr, and sysUpTime, as
well as the IF-MIB [RFC2863] objects ifIndex, ifType, ifDescr, well as the IF-MIB [RFC2863] objects ifIndex, ifType,
ifPhysAddress, and ifLastChange are implemented." ifDescr, ifPhysAddress, and ifLastChange are implemented."
MODULE MODULE
MANDATORY-GROUPS { MANDATORY-GROUPS {
dot1dBaseBridgeGroup, dot1dBaseBridgeGroup,
dot1dBasePortGroup dot1dBasePortGroup
} }
GROUP dot1dStpBridgeGroup GROUP dot1dStpBridgeGroup
DESCRIPTION DESCRIPTION
"Implementation of this group is mandatory for "Implementation of this group is mandatory for
bridges that support the Spanning Tree Protocol." bridges that support the Spanning Tree Protocol."
OBJECT dot1dStpPriority OBJECT dot1dStpPriority
SYNTAX Integer32 (0|4096|8192|12288|16384|20480|24576 SYNTAX Integer32 (0|4096|8192|12288|16384|20480|24576
|28672|32768|36864|40960|45056|49152 |28672|32768|36864|40960|45056|49152
|53248|57344|61440) |53248|57344|61440)
DESCRIPTION DESCRIPTION
"All possible values as per IEEE 802.1t." "The possible values defined by IEEE 802.1t."
GROUP dot1dStpPortGroup2 GROUP dot1dStpPortGroup2
DESCRIPTION DESCRIPTION
"Implementation of this group is mandatory for "Implementation of this group is mandatory for
bridges that support the Spanning Tree Protocol." bridges that support the Spanning Tree Protocol."
GROUP dot1dStpPortGroup3 GROUP dot1dStpPortGroup3
DESCRIPTION DESCRIPTION
"Implementation of this group is mandatory for bridges "Implementation of this group is mandatory for bridges
that support the Spanning Tree Protocol and 32-bit path that support the Spanning Tree Protocol and 32-bit path
costs. This in particular includes devices supporting costs. In particular, this includes devices supporting
IEEE 802.1t and IEEE 802.1w." IEEE 802.1t and IEEE 802.1w."
OBJECT dot1dStpPortPriority OBJECT dot1dStpPortPriority
SYNTAX Integer32 (0|16|32|48|64|80|96|112|128 SYNTAX Integer32 (0|16|32|48|64|80|96|112|128
|144|160|176|192|208|224|240) |144|160|176|192|208|224|240)
DESCRIPTION DESCRIPTION
"All possible values as per IEEE 802.1t." "The possible values defined by IEEE 802.1t."
GROUP dot1dTpBridgeGroup GROUP dot1dTpBridgeGroup
DESCRIPTION DESCRIPTION
"Implementation of this group is mandatory for "Implementation of this group is mandatory for
bridges that support the transparent bridging bridges that support the transparent bridging
mode. A transparent or SRT bridge will implement mode. A transparent or SRT bridge will implement
this group." this group."
GROUP dot1dTpFdbGroup GROUP dot1dTpFdbGroup
DESCRIPTION DESCRIPTION
skipping to change at page 39, line 28 skipping to change at page 39, line 8
DESCRIPTION DESCRIPTION
"Implementation of this group is optional." "Implementation of this group is optional."
::= { dot1dCompliances 2 } ::= { dot1dCompliances 2 }
END END
5. IANA Considerations 5. IANA Considerations
The MIB module in this document uses the following IANA-assigned The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry: OBJECT IDENTIFIER values that are recorded in the SMI Numbers
registry:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
dot1dBridge { mib-2 17 }
Editor's Note (to be removed prior to publication): this draft makes Descriptor OBJECT IDENTIFIER value
no additional requests of the IANA. (XXX) ---------- -----------------------
dot1dBridge { mib-2 17 }
6. Security Considerations 6. Security Considerations
There are a number of management objects defined in this MIB module There are a number of management objects defined in this MIB module
that have a MAX-ACCESS clause of read-write and/or read-create. Such that have a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
network operations. network operations.
skipping to change at page 40, line 11 skipping to change at page 39, line 36
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. the network via SNMP.
These are the tables and objects and their sensitivity/vulnerability: These are the tables and objects and their sensitivity/vulnerability:
o The writable objects dot1dStpPriority, dot1dStpBridgeMaxAge, o The writable objects dot1dStpPriority, dot1dStpBridgeMaxAge,
dot1dStpBridgeHelloTime, dot1dStpBridgeForwardDelay, dot1dStpBridgeHelloTime, dot1dStpBridgeForwardDelay,
dot1dStpPortPriority, dot1dStpPortEnable, dot1dStpPortPathCost, dot1dStpPortPriority, dot1dStpPortEnable, dot1dStpPortPathCost,
dot1dStpPortPathCost32 influence the spanning tree protocol. and dot1dStpPortPathCost32 influence the spanning tree protocol.
Unauthorized write access to these objects can cause the spanning Unauthorized write access to these objects can cause the spanning
tree protocol to compute other default topologies or it can change tree protocol to compute other default topologies or it can change
the speed in which the spanning tree protocol reacts to failures. the speed in which the spanning tree protocol reacts to failures.
o The writable object dot1dTpAgingTime controls how fast dynamically
learned forwarding information is aged out. Setting this object o The writable object dot1dTpAgingTime controls how fast
to a large value may simplify forwarding table overflow attacks. dynamically-learned forwarding information is aged out. Setting
this object to a large value may simplify forwarding table
overflow attacks.
o The writable dot1dStaticTable provides a filtering mechanism o The writable dot1dStaticTable provides a filtering mechanism
controlling to which ports frames originating from a specific controlling to which ports frames originating from a specific
source may be forwarded. Write access to this table can be used source may be forwarded. Write access to this table can be used
to turn provisioned filtering off or to add filters to prevent to turn provisioned filtering off or to add filters to prevent
rightful use of the network. rightful use of the network.
o The readable objects defined in the BRIDGE-MIB module provide o The readable objects defined in the BRIDGE-MIB module provide
information about the topology of a bridged network and the information about the topology of a bridged network and the
attached active stations. The addresses listed in the attached active stations. The addresses listed in the
dot1dTpFdbTable usually reveal information about the manufacturer dot1dTpFdbTable usually reveal information about the manufacturer
of the MAC hardware, which can be useful information for mounting of the MAC hardware, which can be useful information for mounting
other specific attacks. other specific attacks.
o The two notifications newRoot and topologyChange are emitted o The two notifications newRoot and topologyChange are emitted
during spanning tree computation and may trigger management during spanning tree computation and may trigger management
systems to inspect the status of bridges and to recompute internal systems to inspect the status of bridges and to recompute internal
topology information. Hence, forged notifications may cause topology information. Hence, forged notifications may cause
management systems to perform unnecessary computations and to management systems to perform unnecessary computations and to
generate additional SNMP traffic directed to the bridges in a generate additional SNMP traffic directed to the bridges in a
network. Forged notifications therefore may be part of a denial network. Therefore, forged notifications may be part of a denial
of service attack. of service attack.
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec), Even if the network itself is secure (for example by using IPSec),
even then, there is no control as to who on the secure network is even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module. in this MIB module.
It is RECOMMENDED that implementers consider the security features as It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8), provided by the SNMPv3 framework (see [RFC3410], section 8),
skipping to change at page 41, line 9 skipping to change at page 40, line 40
authentication and privacy). authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
7. Acknowledgments 7. Acknowledgements
The MIB module presented in this memo is a translation of the The MIB module presented in this memo is a translation of the
BRIDGE-MIB defined in [RFC1493] to the SMIv2 syntax. The original BRIDGE-MIB defined in [RFC1493] to the SMIv2 syntax. The original
authors of the SMIv1 module were E. Decker, P. Langille, A authors of the SMIv1 module were E. Decker, P. Langille, A.
Rijsinghani and K. McCloghrie. Further acknowledgement is given to Rijsinghani, and K. McCloghrie. Further acknowledgement is given to
the members of the original Bridge Working Group in [RFC1493]. the members of the original Bridge Working Group in [RFC1493].
This document was produced on behalf of the Bridge MIB Working Group This document was produced on behalf of the Bridge MIB Working Group
in the Operations and Management area of the Internet Engineering in the Operations and Management area of the Internet Engineering
Task Force. The editors wish to thank the members of the Bridge MIB Task Force. The editors wish to thank the members of the Bridge MIB
Working Group, especially Mike MacFadden, John Flick, and Bert Working Group, especially Mike MacFadden, John Flick, and Bert
Visscher for their many comments and suggestions which improved this Visscher for their many comments and suggestions that improved this
effort. Juergen Schoenwaelder helped in finalizing the draft for effort. Juergen Schoenwaelder helped in finalizing the document for
publication. publication.
8. Contact Information 8. Contact Information
The original version of this document was the result of significant The original version of this document was the result of significant
work by four major contributors: work by four major contributors:
E. Decker E. Decker
xxx details missing here xxx
P. Langille P. Langille
xxx details missing here xxx
Anil Rijsinghan A. Rijsinghan
Accton Technology Corporation Accton Technology Corporation
5 Mount Royal Ave 5 Mount Royal Ave
Marlboro, MA 01752 Marlboro, MA 01752
USA USA
K. McCloghrie K. McCloghrie
Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134 San Jose, CA 95134
USA USA
The conversion to SMIv2 format is based on work done by the following The conversion to the SMIv2 format is based on work done by the
two contributors: following two contributors:
Kenyon C. Norseth Kenyon C. Norseth
L-3 Communications L-3 Communications
640 N. 2200 West 640 N. 2200 West
Salt Lake City, Utah 84116-0850 Salt Lake City, Utah 84116-0850
USA USA
E. Bell E. Bell
3Com Europe Limited 3Com Europe Limited
3Com Centre, Boundary Way 3Com Centre, Boundary Way
Hemel Hempstead Herts. HP2 7YU Hemel Hempstead Herts. HP2 7YU
UK UK
9. Changes from RFC 1493 9. Changes from RFC 1493
The following changes have been made from RFC 1493. The following changes have been made from RFC 1493.
1. Translated the MIB definitions to use SMIv2. This includes the 1. Translated the MIB definitions to use SMIv2. This includes the
introduction of conformance statements. ASN.1 type definitions introduction of conformance statements. ASN.1 type definitions
have been converted into textual-conventions and several units have been converted into textual-conventions and several UNITS
clauses were added. clauses were added.
2. The object dot1dStpPortPathCost32 was added to support IEEE
802.1t. 2. The object dot1dStpPortPathCost32 was added to support IEEE
3. Permissible values for dot1dStpPriority and dot1dStpPortPriority 802.1t.
have been clarified for bridges supporting IEEE 802.1t or IEEE
802.1w. 3. Permissible values for dot1dStpPriority and dot1dStpPortPriority
4. Interpretation of dot1dStpTimeSinceTopologyChange has been have been clarified for bridges supporting IEEE 802.1t or IEEE
clarified for bridges supporting the rapid spanning tree protocol 802.1w.
(RSTP).
5. Updated the introductionary boilerplate text, the security 4. Interpretation of dot1dStpTimeSinceTopologyChange has been
considerations section and the references to comply with the clarified for bridges supporting the rapid spanning tree protocol
current IETF standards and guidelines. (RSTP).
6. Updated references to point to newer IEEE 802.1d documents.
7. Additions and clarifications in various description clauses. 5. Updated the introductory boilerplate text, the security
considerations section, and the references to comply with the
current IETF standards and guidelines.
6. Updated references to point to newer IEEE 802.1d documents.
7. Additions and clarifications in various description clauses.
10. References 10. References
10.1 Normative References 10.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Perkins, D. and J. Schoenwaelder, [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Structure of Management Information Version 2 (SMIv2)", "Structure of Management Information Version 2 (SMIv2)",
STD 58, RFC 2578, April 1999. STD 58, RFC 2578, April 1999.
[RFC2579] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
Conventions for SMIv2", STD 58, RFC 2579, April 1999. "Textual Conventions for SMIv2", STD 58, RFC 2579, April
1999.
[RFC2580] McCloghrie, K., Perkins, D. and J. Schoenwaelder, [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580, "Conformance Statements for SMIv2", STD 58, RFC 2580,
April 1999. April 1999.
[RFC3418] Presuhn, R., "Management Information Base (MIB) for the [RFC3418] Presuhn, R., "Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP)", STD 62, RFC Simple Network Management Protocol (SNMP)", STD 62, RFC
3418, December 2002. 3418, December 2002.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, June 2000. MIB", RFC 2863, June 2000.
[IEEE8021D] [IEEE8021D] IEEE Project 802 Local and Metropolitan Area Networks,
IEEE Project 802 Local and Metropolitan Area Networks, "ANSI/IEEE Standard 802.1D-1998 MAC Bridges", March 1998.
"ANSI/IEEE Standard 802.1D-1998 MAC Bridges", March 1998.
10.2 Informative References 10.2 Informative References
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for "Introduction and Applicability Statements for Internet-
Internet-Standard Management Framework", RFC 3410, Standard Management Framework", RFC 3410, December 2002.
December 2002.
[RFC1493] Decker, E., Langille, P., Rijsinghani, A. and K. [RFC1493] Decker, E., Langille, P., Rijsinghani, A., and K.
McCloghrie, "Definitions of Managed Objects for Bridges", McCloghrie, "Definitions of Managed Objects for Bridges",
RFC 1493, July 1993. RFC 1493, July 1993.
[RFC1525] Decker, E., McCloghrie, K., Langille, P. and A. [RFC1525] Decker, E., McCloghrie, K., Langille, P., and A.
Rijsinghani, "Definitions of Managed Objects for Source Rijsinghani, "Definitions of Managed Objects for Source
Routing Bridges", RFC 1525, September 1993. Routing Bridges", RFC 1525, September 1993.
Authors' Addresses Authors' Addresses
Kenyon C. Norseth (editor) Kenyon C. Norseth (editor)
L-3 Communications L-3 Communications
640 N. 2200 West 640 N. 2200 West
Salt Lake City, Utah 84116-0850 Salt Lake City, Utah 84116-0850
USA USA
Phone: +1 801-594-2809 Phone: +1 801-594-2809
skipping to change at page 44, line 4 skipping to change at page 43, line 39
Authors' Addresses Authors' Addresses
Kenyon C. Norseth (editor) Kenyon C. Norseth (editor)
L-3 Communications L-3 Communications
640 N. 2200 West 640 N. 2200 West
Salt Lake City, Utah 84116-0850 Salt Lake City, Utah 84116-0850
USA USA
Phone: +1 801-594-2809 Phone: +1 801-594-2809
EMail: kenyon.c.norseth@L-3com.com EMail: kenyon.c.norseth@L-3com.com
E. Bell (editor) E. Bell (editor)
3Com Europe Limited 3Com Europe Limited
3Com Centre, Boundary Way 3Com Centre, Boundary Way
Hemel Hempstead Herts. HP2 7YU Hemel Hempstead Herts. HP2 7YU
UK UK
Phone: +44 1442 438025 Phone: +44 1442 438025
EMail: Les_Bell@3Com.com EMail: elbell@ntlworld.com
Intellectual Property Statement Full Copyright Statement
Copyright (C) The Internet Society (2005).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at ietf-
ietf-ipr@ietf.org. ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgement
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 116 change blocks. 
280 lines changed or deleted 269 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/