-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00 --------------------------------------------------------------------------- -- (C)opyright 2011-2014 bintec elmeg GmbH -- $RCSfile: mib-ipext,v $ -- $Revision: 1.18 $ -- $Date: 2014-02-07 10:37:49 $ -- Author: awimmer --------------------------------------------------------------------------- BINTEC-IPEXT-MIB DEFINITIONS ::= BEGIN IMPORTS enterprises FROM RFC1155-SMI IpAddress, enterprises FROM RFC1155-SMI MacAddress, DisplayString, TimeStamp, TruthValue FROM SNMPv2-TC biboip, Date, BitValue FROM BINTEC-MIB MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Counter64, TimeTicks FROM SNMPv2-SMI TRAP-TYPE FROM RFC-1215 TruthValue FROM SNMPv2-TC ifIndex FROM IF-MIB OBJECT-TYPE FROM RFC-1212 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF InetAddressType, InetAddress FROM INET-ADDRESS-MIB; ipExtMIB MODULE-IDENTITY LAST-UPDATED "201310090000Z" ORGANIZATION "bintec elmeg GmbH" CONTACT-INFO "EMail: info@bintec-elmeg.com Web: www.bintec-elmeg.com " DESCRIPTION "The MIB module for IP extended configuration and status." REVISION "201101250000Z" DESCRIPTION "Vendor specific Management Information for the IP subsystem." ::= { biboip 250 } -- IP Group -- Management Information for the IP Subsystem -- old access list tables, don't reuse these OIDs -- ipAllowTable OBJECT-TYPE ::= { biboip 1 } -- ipDenyTable OBJECT-TYPE ::= { biboip 2 } -- ********************************************************************** -- * ipExtIfTable TABLE -- ********************************************************************** ipExtIfTable OBJECT-TYPE SYNTAX SEQUENCE OF IpExtIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ipExtIfTable contains extended information related to IP and the interfaces found on the system. Entries can only be added or deleted by the system." ::= { biboip 3 } ipExtIfEntry OBJECT-TYPE SYNTAX IpExtIfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipExtIfIndex } ::= { ipExtIfTable 1 } IpExtIfEntry ::= SEQUENCE { ipExtIfIndex INTEGER, ipExtIfRipSend INTEGER, ipExtIfRipReceive INTEGER, ipExtIfProxyArp INTEGER, ipExtIfNat INTEGER, ipExtIfNatRmvFin INTEGER, ipExtIfNatTcpTimeout INTEGER, ipExtIfNatOtherTimeout INTEGER, ipExtIfNatOutXlat INTEGER, ipExtIfAccounting INTEGER, ipExtIfTcpSpoofing INTEGER, ipExtIfAccessAction INTEGER, ipExtIfAccessReport INTEGER, ipExtIfOspf INTEGER, ipExtIfOspfMetric INTEGER, ipExtIfTcpCksum INTEGER, ipExtIfBackRtVerify INTEGER, ipExtIfRuleIndex INTEGER, ipExtIfAuthentication INTEGER, ipExtIfAuthMode INTEGER, ipExtIfAuthLifeTime INTEGER, ipExtIfAuthKeepalive INTEGER, ipExtIfRouteAnnounce INTEGER, ipExtIfIpFragmentation INTEGER, ipExtIfRerouting INTEGER, ipExtIfBodRuleIndex INTEGER, ipExtIfQosRuleIndex INTEGER, ipExtIfIpsecAccounting INTEGER, ipExtIfMulticast INTEGER, ipExtIfNatSilentDeny INTEGER, -- ipExtIfNetMeetingTunnel INTEGER ipExtIfNatPPTPXlat INTEGER, ipExtIfTcpMssClamping INTEGER, ipExtIfNbdgmRelayAddress IpAddress, ipExtIfNatMaxSessions INTEGER, ipExtIfAllowedPeers INTEGER, ipExtIfNatFlush INTEGER, ipExtIfHttpRedirect INTEGER, ipExtIfWolRuleIndex INTEGER } ipExtIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Unique interface index" ::= { ipExtIfEntry 1 } ipExtIfRipSend OBJECT-TYPE SYNTAX INTEGER { ripV1 (1), -- send RIP V1 messages ripV2 (2), -- send RIP V2 messages both(3), -- send RIP V1 and RIP V2 messages none(4), -- don't send RIP messages ripV2mcast(5), -- send RIP V2 messages as multicast ripV1trig(6), -- send Triggered RIP V1 messages (RFC 2091) ripV2trig(7) -- send Triggered RIP V2 messages (RFC 2091) } MAX-ACCESS read-write STATUS current DESCRIPTION "specifies which versions of RIP messages are sent to that interface. Usually RIP messages are sent as broadcast, except this object is set to ripV2mcast. In this case RIP V2 messages are sent to the multicast address 224.0.0.9 ." DEFVAL { none } ::= { ipExtIfEntry 3 } ipExtIfRipReceive OBJECT-TYPE SYNTAX INTEGER { ripV1 (1), -- accept only RIP V1 messages ripV2 (2), -- accept only RIP V2 messages both(3), -- accept RIP V1 and RIP V2 messages none(4), -- don't accept any RIP messages ripV1trig(5), -- accept only Triggered RIP V1 msg's(RFC 2091) ripV2trig(6) -- accept only Triggered RIP V2 msg's(RFC 2091) } MAX-ACCESS read-write STATUS current DESCRIPTION "specifies which versions of RIP messages are accepted from that interface. RIP V2 messages are received regardless if they are sent as broadcast or multicast." DEFVAL { none } ::= { ipExtIfEntry 4 } ipExtIfProxyArp OBJECT-TYPE SYNTAX INTEGER { off(1), -- proxy arp switched off on(2), -- if operational status of the destination -- interface is up or dormant up-only(3) -- if operational status of the destination -- interface is up } MAX-ACCESS read-write STATUS current DESCRIPTION "Switch for Proxy ARP on this interface." DEFVAL { off } ::= { ipExtIfEntry 5 } ipExtIfNat OBJECT-TYPE SYNTAX INTEGER { off(1), on(2), reverse(3), loopback(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to switch NAT on and off for a specific interface. " DEFVAL { off } ::= { ipExtIfEntry 6 } ipExtIfNatRmvFin OBJECT-TYPE SYNTAX INTEGER { no(1), yes(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies, whether entries in the IpNatTable shall be removed, when TCP-FINS have been received and acknowledged in both directions, a TCP-RST has been received or a ICMP-ERROR message has been received for the entry." DEFVAL { yes } ::= { ipExtIfEntry 7 } ipExtIfNatTcpTimeout OBJECT-TYPE SYNTAX INTEGER (0..5184000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "TCP NAT entries vanish unconditionally after not being used for the amount of time specified by this object in seconds." DEFVAL { 3600 } ::= { ipExtIfEntry 8 } ipExtIfNatOtherTimeout OBJECT-TYPE SYNTAX INTEGER (0..5184000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Non-TCP NAT entries vanish unconditionally after not being used for the amount of time specified by this object in seconds." DEFVAL { 15 } ::= { ipExtIfEntry 9 } ipExtIfNatOutXlat OBJECT-TYPE SYNTAX INTEGER { on(1), off(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object can be used to switch the outgoing address translation off. Then, all addresses are passed instead of being translated. The session mechanism remains active and implements a security mechanism. " DEFVAL { on } ::= { ipExtIfEntry 10 } ipExtIfAccounting OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Switch for accounting on the specified interface. An IP packet is being accounted, when this object is set to on for either the source or the destination interface." DEFVAL { off } ::= { ipExtIfEntry 11 } ipExtIfTcpSpoofing OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Switch for TCP spoofing on this interface. TCP keepalive polls are answered by the BRICK to prevent unnecessary ISDN connections. Set this object to on for ISDN dialup interfaces." DEFVAL { off } ::= { ipExtIfEntry 12 } ipExtIfAccessAction OBJECT-TYPE SYNTAX INTEGER { ignore(1), refuse(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes the action, that is done, when a packet received from the interface has been filtered out. When set to ignore, no action takes place. When set to refuse, an ICMP unreachable message is being sent to the originator of the packet." DEFVAL { ignore } ::= { ipExtIfEntry 13 } ipExtIfAccessReport OBJECT-TYPE SYNTAX INTEGER { none(1), info(2), dump(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies, how a packed filtered by accesslists should be logged. When set to none, no logging takes place. When set to info, protocol, ip-addresses and portnumbers are logged. When set to dump, a dump of the first 64 bytes of the packet will be written to the syslog table." DEFVAL { info } ::= { ipExtIfEntry 14 } ipExtIfOspf OBJECT-TYPE SYNTAX INTEGER { passive(1), active(2), off(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Configure the OSPF status of this interface. Routing information about routes on passive and active interfaces is propagated on active interfaces. Only active interfaces run the OSPF protocol. When set to off the interface and its associated routes are invisible to the OSPF protocol." DEFVAL { passive } ::= { ipExtIfEntry 15 } ipExtIfOspfMetric OBJECT-TYPE SYNTAX INTEGER { auto(1), -- based on ifSpeed fixed(2), -- user configured auto-adjust(3), -- auto + metric adjustment fixed-adjust(4) -- fixed + metric adjustment } MAX-ACCESS read-write STATUS current DESCRIPTION "Configure the metric calculation of OSPF interfaces. If set to auto the metric is calculated based on ifSpeed. If set to fixed the metric is taken from the ospfIfMetricTable. Additionaly the metric adjustment for dialup interfaces can be configured. If set to auto-adjust or fixed-adjust the basic metric value is reduced if the operational status of the dialup interface is up." DEFVAL { auto } ::= { ipExtIfEntry 16 } ipExtIfTcpCksum OBJECT-TYPE SYNTAX INTEGER { check(1), dont-check(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable the TCP checksum check for local packets received on the corresponding interface. Disabling the check may improve performance for some local applications (i.e. remote CAPI). This object should only be set to dont-check on interfaces for LANs without further routers. Packets received from routers may have a corrupted TCP checksum and TCP will no longer be able to detect those packets. The TCP checksum must be checked by the receiving TCP under any circumstances, when TCP header compression is used on any router." DEFVAL { check } ::= { ipExtIfEntry 17 } ipExtIfBackRtVerify OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object activates an additional check for incoming packets. If set to on, incoming packets are only accepted if return packets sent back to their source IP address would be sent over the same interface. This prevents packets being passed from untrusted interfaces to this interface." DEFVAL { off } ::= { ipExtIfEntry 18 } ipExtIfRuleIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the index of the first access rule that is applied for incoming packets. If set to 0 or if there is no access rule with this index no access rules are applied for this interface." DEFVAL { 0 } ::= { ipExtIfEntry 19 } ipExtIfAuthentication OBJECT-TYPE SYNTAX INTEGER { off(1), securID(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the authentication scheme used for incoming packets." DEFVAL { off } ::= { ipExtIfEntry 20 } ipExtIfAuthMode OBJECT-TYPE SYNTAX INTEGER { strict(1), loose(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the authentication mode. If set to strict each source IP address must be authenticated. If set to loose all source IP addresses are allowed if at least one IP address is successfully authenticated." DEFVAL { strict } ::= { ipExtIfEntry 21 } ipExtIfAuthLifeTime OBJECT-TYPE SYNTAX INTEGER (180..36000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the time in seconds a successful authentication is valid since the IP partner was authenticated." DEFVAL { 3600 } ::= { ipExtIfEntry 22 } ipExtIfAuthKeepalive OBJECT-TYPE SYNTAX INTEGER UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the period between short authentications that are invisible to the user" DEFVAL { 60 } ::= { ipExtIfEntry 23 } ipExtIfRouteAnnounce OBJECT-TYPE SYNTAX INTEGER { up-only(1), up-dormant(2), always(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the condition when routes on this interface are propagated by routing protocols. If set to up-only routes are only propagated if the operational status of the interface is up. If set to up-dormant routes are propagated if the status is up or dormant. If set to always routes are propagated independent of the operational status." DEFVAL { up-dormant } ::= { ipExtIfEntry 24 } ipExtIfIpFragmentation OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2), equal(3), reverse(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines different modes used for fragmentation of IP datagrams greater than the MTU of the destination interface. If set to enabled (1) each IP datagram will be splitted into a first fragment MTU sized and the last one smaller than the first. If set to disabled (2) an ICMP unreachable message will be performed. The equal (3) mode defines a fragmentation technique wich generates fragments having approximately the same size whereon the reverse (4) mode starts with a small fragment followed by MTU sized fragment(s)." DEFVAL { enabled } ::= { ipExtIfEntry 25 } ipExtIfRerouting OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object enables or disables rerouting on this interface. The default value is enabled. If set to disabled, then only the better one route from two or more possible routes is chosen, even if the ifOperStatus of the interface for this route is dormant." DEFVAL { enabled } ::= { ipExtIfEntry 26 } ipExtIfBodRuleIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the index of the first rule used for Bandwidth on Demand (BOD) that is applied for incoming and/or outgoing traffic. If set to 0 or if there is no entry in the ipBodRuleTable with this index no BOD-specific information is applied for this interface." DEFVAL { 0 } ::= { ipExtIfEntry 27 } ipExtIfQosRuleIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the index of the first rule used for Qos (Qualtiy of Service) rules applied for IP traffic. If set to 0 or if there is no entry in the ipQoSTable with this index no QoS-specific information is applied for this interface." DEFVAL { 0 } ::= { ipExtIfEntry 28 } ipExtIfIpsecAccounting OBJECT-TYPE SYNTAX INTEGER { ipsec(1), clear(2), both(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object determines, whether packets which are en- or decapsulated by IPSec should be accounted with encapsulation header(ipsec) or without the encapsulation header (clear), or even twice (both)." DEFVAL { ipsec } ::= { ipExtIfEntry 29 } ipExtIfMulticast OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable that multicast frames are accepted from that interface." DEFVAL { off } ::= { ipExtIfEntry 30 } ipExtIfNatSilentDeny OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies - if NAT is enabled (see ipExtIfNat) - whether incoming IP packets not passed by the NAT barrier should answered with an ICMP Host Unreachable or TCP RST message addressed to to packet originator. If set to enabled(2), such incoming IP packets will be silently discarded." DEFVAL { disabled } ::= { ipExtIfEntry 31 } -- ipExtIfNetMeetingTunnel OBJECT-TYPE -- SYNTAX INTEGER { -- off(1), -- on(2) -- } -- MAX-ACCESS read-write -- STATUS current -- DESCRIPTION -- "This object controls the replacement of ip address -- information exchanged by two NetMeeting clients -- if NAT is enabled on this interface." -- DEFVAL { off } -- ::= { ipExtIfEntry 32 } ipExtIfNatPPTPXlat OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies - if NAT is enabled (see ipExtIfNat) - whether PPTP (point to point protocol) connections are translated. This is needed if there are more than one PPTP client behind NAT." DEFVAL { disabled } ::= { ipExtIfEntry 33 } ipExtIfTcpMssClamping OBJECT-TYPE SYNTAX INTEGER (-1..32000) UNITS "bytes" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether TCP MSS clamping is enabled on the interface. -1 disables clamping, 0 clamps the MSS depending on the interface MTU. A value > 0 will be used as clamping size." DEFVAL { -1 } ::= { ipExtIfEntry 34 } ipExtIfNbdgmRelayAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the destination IP address to which Netbios Datagram request are forwarded by the router." ::= { ipExtIfEntry 35 } ipExtIfNatMaxSessions OBJECT-TYPE SYNTAX INTEGER(1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object limits the maximum number of NAT sessions on a interface." DEFVAL { 4000 } ::= { ipExtIfEntry 36 } ipExtIfAllowedPeers OBJECT-TYPE SYNTAX INTEGER { all(1), dhcpclients(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If this object is set to 'dhcpclients', the router refuses to exchange data with hosts which are not DHCP clients on this interface. If this object is set to 'all', the router accepts to exchange data with any host." DEFVAL { all } ::= { ipExtIfEntry 37 } ipExtIfNatFlush OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If this object in enabled NAT-Flushing is done else not. NAT-Flushing means that the NAT Entries for this interface will be deleted in the case of an OperStatus change to down or dormant." DEFVAL { on } ::= { ipExtIfEntry 38 } ipExtIfHttpRedirect OBJECT-TYPE SYNTAX INTEGER { disabled(1), local(2), proxy(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "If not set to 'disabled' all HTTP requests on this interface will be directed either to the local HTTP daemon or HTTP proxy." DEFVAL { disabled } ::= { ipExtIfEntry 39 } ipExtIfWolRuleIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the index of the first rule used for Wake-On-LAN (WOL) that is applied for incoming and/or outgoing traffic. If set to 0 or if there is no entry in the ipWolRuleTable with this index no WOL-specific information is applied for this interface." DEFVAL { 0 } ::= { ipExtIfEntry 40 } -- ********************************************************************** -- * ipLfiTable TABLE -- ********************************************************************** ipLfiTable OBJECT-TYPE SYNTAX SEQUENCE OF IpLfiEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." ::= { biboip 57 } ipLfiEntry OBJECT-TYPE SYNTAX IpLfiEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipLfiIfIndex } ::= { ipLfiTable 1 } IpLfiEntry ::= SEQUENCE { ipLfiIfIndex INTEGER, ipLfiMode INTEGER, ipLfiMaxFragSize INTEGER, ipLfiMinFragSize INTEGER, ipLfiCurrVoipCalls INTEGER } ipLfiIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the associated interface." ::= { ipLfiEntry 1 } ipLfiMode OBJECT-TYPE SYNTAX INTEGER { enabled (1), disabled (2), delete (3), controlled-only (4), always (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object enables Link Framentation and Interleave (LFI) mode on the associated interface." DEFVAL { enabled } ::= { ipLfiEntry 2 } ipLfiMaxFragSize OBJECT-TYPE SYNTAX INTEGER UNITS "bytes" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the current maximum fragment size used for Link Fragmentation and Interleave (LFI) mode on the associated interface." ::= { ipLfiEntry 10 } ipLfiMinFragSize OBJECT-TYPE SYNTAX INTEGER UNITS "bytes" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the current minimum fragment size used for Link Fragmentation and Interleave (LFI) mode on the associated interface." ::= { ipLfiEntry 11 } ipLfiCurrVoipCalls OBJECT-TYPE SYNTAX INTEGER (0..64) MAX-ACCESS read-write STATUS current DESCRIPTION "The current number of VoIP Calls routed via the associated interface." ::= { ipLfiEntry 12 } -- ********************************************************************** -- * ipExtRtTable TABLE -- ********************************************************************** ipExtRtTable OBJECT-TYPE SYNTAX SEQUENCE OF IpExtRtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ipExtRtTable can be used in addition (not instead of) to the ipRouteTable to specify routing of IP datagrams. The selection of datagram-types is more specific with the ipExtRtTable, so routing of different services over different pathes is possible. The specification of local IP-addresses is not possible in the ipExtRtTable. The ipExtRtTable will be searched before the ipRouteTable. If a matching entry is found, it will be taken for routing and no further lookup in the ipRouteTable will happen." ::= { biboip 4 } ipExtRtEntry OBJECT-TYPE SYNTAX IpExtRtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the ipExtRtTable describes a set of IP datagrams and the destination interface for that set. Metric parameters allow for ordering of the different specifications for overlapping sets." INDEX { ipExtRtProtocol } ::= { ipExtRtTable 1 } IpExtRtEntry ::= SEQUENCE { ipExtRtProtocol INTEGER, ipExtRtSrcIfIndex INTEGER, ipExtRtSrcAddr IpAddress, ipExtRtSrcMask IpAddress, ipExtRtSrcPort INTEGER, ipExtRtSrcPortRange INTEGER, ipExtRtDstAddr IpAddress, ipExtRtDstMask IpAddress, ipExtRtDstPort INTEGER, ipExtRtDstPortRange INTEGER, ipExtRtTos INTEGER, ipExtRtTosMask INTEGER, ipExtRtDstIfMode INTEGER, ipExtRtDstIfIndex INTEGER, ipExtRtNextHop IpAddress, ipExtRtType INTEGER, ipExtRtMetric1 INTEGER, ipExtRtMetric2 INTEGER, ipExtRtMetric3 INTEGER, ipExtRtMetric4 INTEGER, ipExtRtMetric5 INTEGER, ipExtRtProto INTEGER, ipExtRtAge TimeTicks, ipExtRtDescription DisplayString } ipExtRtProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), ggp(3), tcp(6), egp(8), pup(12), udp(17), hmp(20), xns-idp(22), rdp(27), rsvp(46), ipv6(41), gre(47), esp(50), ah(51), igrp(88), ospf(89), pim(103), l2tp(115), dont-verify(256) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the value of the protocolfield in the ip header for all IP-datagrams belonging to the set. If this object is set to dont-verify, the value of the protocol field is not specified and can take any value." DEFVAL { dont-verify } ::= { ipExtRtEntry 1 } ipExtRtSrcIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the source index of the IP-datagrams. If this object has a value other than 0, only datagrams received over the interface with the appropriate interface index are considered to be part of the set. If this object is set to 0, the source interface index for the datagrams belonging to the set is not specified." ::= { ipExtRtEntry 2 } ipExtRtSrcAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtSrcMask the range of the source-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the source- addresses for the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 3 } ipExtRtSrcMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtSrcAddr the range of the source-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the source- addresses for the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 4 } ipExtRtSrcPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtSrcPortRange the range of source portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the source portnumber is not specified and can take any value." DEFVAL { -1 } ::= { ipExtRtEntry 5 } ipExtRtSrcPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtSrcPort the range of source portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the source portnumber is not specified and can take any value." DEFVAL { -1 } ::= { ipExtRtEntry 6 } ipExtRtDstAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtDstMask the range of the target-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the target- addresses for the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 7 } ipExtRtDstMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtDstAddr the range of the target-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the target- addresses for the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 8 } ipExtRtDstPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtDstPortRange the range of target-portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the target portnumber is not specified and can take any value." DEFVAL { -1 } ::= { ipExtRtEntry 9 } ipExtRtDstPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtDstPort the range of target-portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the target portnumber is not specified and can take any value." DEFVAL { -1 } ::= { ipExtRtEntry 10 } ipExtRtTos OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtTosMask the range of the Type of Service field (TOS) in the IP-header of the IP-datagrams belonging to the set. A TOS value is considered within the range, when the following equation is valid: (tos & ipExtRtTosMask) == (ipExtRtTos & ipExtRtTosMask) If both objects are set to 0 the TOS value of the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 11 } ipExtRtTosMask OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipExtRtTos the range of the Type of Service field (TOS) in the IP-header of the IP-datagrams belonging to the set. A TOS value is considered within the range, when the following equation is valid: (tos & ipExtRtTosMask) == (ipExtRtTos & ipExtRtTosMask) If both objects are set to 0 the TOS value of the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 12 } ipExtRtDstIfMode OBJECT-TYPE SYNTAX INTEGER { dialup-wait(1), dialup-continue(2), up-only(3), always(4) , dialup-always(5) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes different behavior depending on the ifOperStatus of the destination interface: dialup-wait: The route matches, when the ifOperStatus of the destination interface is either up or dormant. If the status is dormant, the ifAdminStatus is set to dialup to bring the interface to the up state. The datagram will wait until the ifOperStatus reaches the up state. For all other states, the routing tables will be searched for a different matching entry. dialup-continue: The route matches, if the ifOperStatus of the destination interface is up. For all other states, the routing tables are searched for different matching entry. However, if the ifOperStatus was dormant and no other extendend route (with different DstIfMode or established link) is matching, the ifAdminStatus will be set to dialup to bring the interface to the up state. This setting can be used to establish a better path for a specific service and to use an existing path for that service as long as the better path could not be established. up-only: The route matches, if the ifOperStatus of the destination interface is up. For all other states, the routing tables are searched for different matching entry. always: The route matches independantly of the ifOperStatus of the destination interface. If it is up, the interface is used. If the state is dormant, ifAdminStatus is set to dialup to bring the interface in the up state. For all other states, the destination is considered unreachable. dialup-always: Same as dialup-wait(1), however, if the ifOperStatus was dormant, the ifAdminStatus will be set to dialup to bring the interface to the up state if the value of ipExtRtMetric1 is the lowest of all matching routes in this table. " DEFVAL { dialup-wait } ::= { ipExtRtEntry 13 } ipExtRtDstIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the destination interface for the IP-datagrams belonging to the set. If the value of this object is set to 0, the datagrams of the set are discarded and an ICMP destination unreachable datagram is sent back to the originator." ::= { ipExtRtEntry 14 } ipExtRtNextHop OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used on point-to-multipoint interfaces with indirect routes (see ipExrRtType) to specify the IP-address of the gateway on the network, where the datagram should be routed to." ::= { ipExtRtEntry 15 } ipExtRtType OBJECT-TYPE SYNTAX INTEGER { other(1), invalid(2), direct(3), indirect(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies, on point-to-multipoint interface whether the datagram shall be sent to the destination IP address in the IP datagram header (direct) or to a gateway (indirect). In the later case, the IP-addres of the gateway is specified by ipExtRtNextHop. If this object is set to other, the entry is not used for routing. The complete entry can also be deleted, by setting this object to invalid. " DEFVAL { indirect } ::= { ipExtRtEntry 16 } ipExtRtMetric1 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to specify an order on the entries in the ipExtRtTable. If a datagram is matching multiple entries, the entry with the lowest value of ipExtRtMetric1 is choosen. The decision is undefined, when even after interpreting the metric, there are still multiple entries matching the IP-datagram." ::= { ipExtRtEntry 17 } ipExtRtMetric2 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Undefined yet; for further extension" ::= { ipExtRtEntry 18 } ipExtRtMetric3 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Undefined yet; for further extension" ::= { ipExtRtEntry 19 } ipExtRtMetric4 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Undefined yet; for further extension" ::= { ipExtRtEntry 20 } ipExtRtMetric5 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Undefined yet; for further extension" ::= { ipExtRtEntry 21 } ipExtRtProto OBJECT-TYPE SYNTAX INTEGER { other(1), local(2), netmgmt(3), icmp(4), egp(5), ggp(6), hello(7), rip(8), is-is(9), es-is(10), ciscoIgrp(11), bbnSpfIgp(12), ospf(13), bgp(14) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes, how the route has been gained. This will normaly be netmgmt, because there is currently no routing protocol, that is able to handle extended routes." DEFVAL { netmgmt } ::= { ipExtRtEntry 22 } ipExtRtAge OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the age of the route." ::= { ipExtRtEntry 23 } ipExtRtDescription OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "A textual string describing this extended route." ::= { ipExtRtEntry 24 } -- ********************************************************************** -- * ipNatTable TABLE -- ********************************************************************** ipNatTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "If NAT is switched on for an interface, this table contains an entry for each session running over the interface. Table entries are creates by the system whenever a valid session is established. A session may be either a tcp connection, a udp connection or an icmp connection with icmp-echo messages (ping). A valid session is either an outgoing session or an incoming session specified in the ipNatPresetTable. Everything behind an interface with NAT enabled is called outside. The BRICK itself and all networks connected to it via interfaces without NAT are called inside. Table entries are removed after timeout. This timeout is specified by ipExtIfNatOtherTimeout for UDP and ICMP sessions. specified by ipExtIfTcpTimeout for TCP sessions 16 seconds for closed TCP-sessions (FIN has been received and acknowledged in both directions). " ::= { biboip 5 } ipNatEntry OBJECT-TYPE SYNTAX IpNatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipNatIfIndex, ipNatProtocol, ipNatIntAddr, ipNatIntPort } ::= { ipNatTable 1 } IpNatEntry ::= SEQUENCE { ipNatIfIndex INTEGER, ipNatProtocol INTEGER, ipNatIntAddr IpAddress, ipNatIntPort INTEGER, ipNatExtAddr IpAddress, ipNatExtPort INTEGER, ipNatRemoteAddr IpAddress, ipNatRemotePort INTEGER, ipNatDirection INTEGER, ipNatAge TimeTicks, ipNatContext INTEGER, ipNatTimeout INTEGER, ipNatState INTEGER, ipNatCategory INTEGER } ipNatIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the interface, for which the session is monitored." ::= { ipNatEntry 1 } ipNatProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), tcp(6), udp(17), ipv6(41), gre(47), esp(50), ah(51), ospf(89), l2tp(115) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the protocol, the session is using. The value icmp specifies an icmp-echo (ping) session. ICMP error messages are processed by the appropriate tcp or udp session. " ::= { ipNatEntry 2 } ipNatIntAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the internal local IP Address used for the session. The internal address is only visible to inside networks and is translated to the external address, when a packet is being sent outside. " ::= { ipNatEntry 3 } ipNatIntPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the internal local portnumber used for the session. The internal portnumber is only visible to inside networks and is translated to the external portnumber whenever a packet is being sent outside. " ::= { ipNatEntry 4 } ipNatExtAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the external local address used for the session. This address is visible outside only and will be translated to the internal address, whenever a packet is received from outside. " ::= { ipNatEntry 5 } ipNatExtPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the external local portnumber used for the session. This address is visible outside only and is translated to the internal portnumber, whenever a packet is received from outside. " ::= { ipNatEntry 6 } ipNatRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the remote IP-address used for the session. This is an outside address. However, it is visible to outside networks and also to inside networks. " ::= { ipNatEntry 7 } ipNatRemotePort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the remote portnumber used for the session. This is an outside portnumber. However, it is visible to outside networks and also to inside networks. " ::= { ipNatEntry 8 } ipNatDirection OBJECT-TYPE SYNTAX INTEGER { incoming(1), outgoing(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies, whether the session is incoming (from outside to inside) or outgoing (from inside to outside). " ::= { ipNatEntry 9 } ipNatAge OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies how long no packet has been transferred for the session and is used internally for timeout purposes. " ::= { ipNatEntry 10 } ipNatContext OBJECT-TYPE SYNTAX INTEGER (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "This object holds a protocol specific context needed to identify sessions for ICMP unreachable address mapping. " ::= { ipNatEntry 11 } ipNatTimeout OBJECT-TYPE SYNTAX INTEGER (1..5184000) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "When there is no traffic associated with a NAT entry, this entry is discarded at the end of a timeout value. This object holds this timeout value in seconds. " ::= { ipNatEntry 12 } ipNatState OBJECT-TYPE SYNTAX INTEGER { delete(1), active(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Set this object to delete to remove this entry. " DEFVAL { active } ::= { ipNatEntry 13 } ipNatCategory OBJECT-TYPE SYNTAX INTEGER { full-cone(1), restricted-cone(2), port-restricted-cone(3), symmetric(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the NAT category according RFC 3489 and 5389 to be applied for UDP traffic matching with this entry." DEFVAL { symmetric } ::= { ipNatEntry 14 } -- ********************************************************************** -- * ipNatPresetTable TABLE -- ********************************************************************** ipNatPresetTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNatPresetEntry MAX-ACCESS not-accessible STATUS current -- CNAT: modif: add ipNatPrIntMask DESCRIPTION "This table specifies the IP addresses and port numbers for sessions requested from outside. If this table is empty and NAT is enabled, only packets for sessions initiated from inside are forwarded. The IP address and the port number of the internal server can be specified individually for each combination of - protocol (udp/tcp/icmp) - initiating hosts IP address (RemoteAddr, RemoteMask) - destination address or network (ExtAddr, ExtMask) - destination port number or range (ExtPort, ExtPortRange) Entries in the table are created and removed manually by network management." ::= { biboip 6 } ipNatPresetEntry OBJECT-TYPE SYNTAX IpNatPresetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipNatPrIfIndex, ipNatPrProtocol, ipNatPrExtPort } ::= { ipNatPresetTable 1 } IpNatPresetEntry ::= SEQUENCE { ipNatPrIfIndex INTEGER, ipNatPrProtocol INTEGER, ipNatPrRemoteAddr IpAddress, ipNatPrRemoteMask IpAddress, ipNatPrExtAddr IpAddress, ipNatPrExtMask IpAddress, ipNatPrExtPort INTEGER, ipNatPrExtPortRange INTEGER, ipNatPrIntAddr IpAddress, ipNatPrIntPort INTEGER, ipNatPrIntMask IpAddress, ipNatPrTimeout INTEGER, ipNatPrDescr DisplayString } ipNatPrIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the interface index, for which the table entry shall be valid. If set to 0, the entry will be valid for all interfaces configured to use NAT." ::= { ipNatPresetEntry 1 } ipNatPrProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), ggp(3), ip(4), tcp(6), egp(8), igp(9), pup(12), chaos(16), udp(17), hmp(20), xns-idp(22), rdp(27), ipv6(41), rsvp(46), gre(47), esp(50), ah(51), tlsp(56), skip(57), kryptolan(65), iso-ip(80), igrp(88), ospf(89), ipinip(94), ipx-in-ip(111), vrrp(112), l2tp(115), any(255), delete(256) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the protocol, for which the table entry shall be valid." DEFVAL { any } ::= { ipNatPresetEntry 2 } ipNatPrRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatPrRemoteMask the the set of IP addresses of remote hosts initiating a session. The table entry will be valid for an incoming packet, when the IP adress of the remote host initiating the session lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any remote host." ::= { ipNatPresetEntry 3 } ipNatPrRemoteMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatPrRemoteAddr the set of IP addresses of remote hosts initiating the session. The table entry will be valid for an incoming packet, when the IP adress of the remote host initiating the session lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any remote host." ::= { ipNatPresetEntry 4 } ipNatPrExtAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatPrExtMask the set of destination IP addresses, for which the table entry shall be valid. The entry is valid, if the target IP address of an incoming IP packet lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any IP address." ::= { ipNatPresetEntry 5 } ipNatPrExtMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatPrExtAddr the set of destination IP addresses, for which the table entry shall be valid. The entry is valid, if the target IP address of an incoming packet lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any IP address." ::= { ipNatPresetEntry 6 } ipNatPrExtPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatPrExtPortRange the range of port numbers for incoming packets, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatPrPortRange is set to -1, the entry is only valid, when the destination port of an incoming IP packet is equal to ipNatPrExtPort. Otherwise, the entry is valid, if the destination port number lies in the range ExtPort .. ExtPortRange." DEFVAL { -1 } ::= { ipNatPresetEntry 7 } ipNatPrExtPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatPrExtPort the range of portnumbers for incoming packets, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatPrPortRange is set to -1, the entry is only valid, when the destination portnumber of an incoming IP packet is equal to ipNatPrExtPort. Otherwise, the entry is valid, if the portnumber lies in the range ExtPort .. ExtPortRange." DEFVAL { -1 } ::= { ipNatPresetEntry 8 } ipNatPrIntAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "With ipNatPrIntMask, this object specifies the internal target host's IP address for incoming packets matching the table entry. An incoming packet matching this entry will be routed to the internal server specified by this object and ipNatPrIntMask. If this object is set to 0.0.0.0, the target host will be the original target host in the incoming packet. No translation of the IP-addresses takes place in this case. If ipNatPrIntMask is set to 255.255.255.255, the internal server IP address is ipNatPrIntAddr. If ipNatPrIntMask is a subnet mask, the internal server IP address is the incoming one in which the NET part is mapped according to 'ipNatPrIntAddr / ipNatPrIntMask'." ::= { ipNatPresetEntry 9 } ipNatPrIntPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the internal target host's port-number for incoming packets matching the table entry. If this object is set to -1, the target portnumber will be taken from the original incoming packet. No translation of the portnumber will take place in this case. If the set of portnumbers for this table entry is a range instead of a single portnumber, this object will specify the base of the target range of portnumbers. The internal portnumber will be constructed as follows: new-target-port := old-target-port - ipNatPrExtPort + ipNatPrIntPort " DEFVAL { -1 } ::= { ipNatPresetEntry 10 } ipNatPrIntMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "With ipNatPrIntAddr, this object specifies the internal target host's IP address for incoming packets matching the table entry. An incoming packet matching this entry will be routed to the internal server specified by this object and ipNatPrIntMask. If this object is set to 255.255.255.255, the internal server IP address is ipNatPrIntAddr. If this object is a subnet mask, the internal server IP address is the incoming one in which the NET part is mapped according to 'ipNatPrIntAddr / ipNatPrIntMask'." DEFVAL { 'ffffffff'h } --DEFVAL { 4294967295 } ::= { ipNatPresetEntry 11 } ipNatPrTimeout OBJECT-TYPE SYNTAX INTEGER (0..5184000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "When there is no traffic associated with a NAT entry, this entry is discarded at the end of a timeout value. This object holds this timeout value in seconds. If set to the default value of 0, the timeout will be set to the value specified either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout, depending on the protocol." DEFVAL { 0 } ::= { ipNatPresetEntry 12 } ipNatPrDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "A textual string describing this NAT forwarding rule." ::= { ipNatPresetEntry 13 } -- ********************************************************************** -- * ipSessionTable TABLE -- ********************************************************************** ipSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF IpSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." ::= { biboip 7 } ipSessionEntry OBJECT-TYPE SYNTAX IpSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipSessionProtocol, ipSessionSrcAddr, ipSessionSrcPort, ipSessionDstAddr, ipSessionDstPort } ::= { ipSessionTable 1 } IpSessionEntry ::= SEQUENCE { ipSessionSrcAddr IpAddress, ipSessionSrcPort INTEGER, ipSessionDstAddr IpAddress, ipSessionDstPort INTEGER, ipSessionOutPkts Counter32, ipSessionOutOctets Counter32, ipSessionInPkts Counter32, ipSessionInOctets Counter32, ipSessionProtocol INTEGER, ipSessionAge TimeTicks, ipSessionIdle TimeTicks, ipSessionSrcIfIndex INTEGER, ipSessionDstIfIndex INTEGER } ipSessionSrcAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "source address of IP session" ::= { ipSessionEntry 1 } ipSessionSrcPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "source port of IP session" ::= { ipSessionEntry 2 } ipSessionDstAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "destination port of IP session" ::= { ipSessionEntry 3 } ipSessionDstPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "destination port of IP session" ::= { ipSessionEntry 4 } ipSessionOutPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "outgoing packets in IP session" ::= { ipSessionEntry 5 } ipSessionOutOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "outgoing octets in IP session" ::= { ipSessionEntry 6 } ipSessionInPkts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "incoming packets in IP session" ::= { ipSessionEntry 7 } ipSessionInOctets OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "incoming octets in IP session" ::= { ipSessionEntry 8 } ipSessionProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), ggp(3), tcp(6), egp(8), pup(12), udp(17), hmp(20), xns-idp(22), rdp(27), ipv6(41), rsvp(46), gre(47), esp(50), ah(51), igrp(88), ospf(89), pim(103), l2tp(115), reserved(255) } MAX-ACCESS read-only STATUS current DESCRIPTION "protocol of IP session" ::= { ipSessionEntry 9 } ipSessionAge OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "age of IP session" ::= { ipSessionEntry 10 } ipSessionIdle OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "idle time of IP session" ::= { ipSessionEntry 11 } ipSessionSrcIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "source interface index of IP session" ::= { ipSessionEntry 12 } ipSessionDstIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "destination interface index of IP session" ::= { ipSessionEntry 13 } -- ********************************************************************** -- * ipImportTable TABLE -- ********************************************************************** ipImportTable OBJECT-TYPE SYNTAX SEQUENCE OF IpImportEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies how routes from one routing protocol are imported into another routing protocol. The dummy protocol default-route allows the generation of a default route for the routing domain. Not all combinations of source and destination protocols might be valid or implemented." ::= { biboip 12 } ipImportEntry OBJECT-TYPE SYNTAX IpImportEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipImportSrcProto, ipImportDstProto, ipImportAddr } ::= { ipImportTable 1 } IpImportEntry ::= SEQUENCE { ipImportSrcProto INTEGER, ipImportDstProto INTEGER, ipImportMetric1 INTEGER, ipImportType INTEGER, ipImportAddr IpAddress, ipImportMask IpAddress, ipImportEffect INTEGER, ipImportIfIndex INTEGER, ipImportAssociatedAS INTEGER, ipImportRouteMapName DisplayString } ipImportSrcProto OBJECT-TYPE SYNTAX INTEGER { default-route(1), direct(2), static(3), rip(4), ospf(5), special(6), radius(7), bgp(8) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes the protocol that generated the route and inserted it into the routing table." ::= { ipImportEntry 1 } ipImportDstProto OBJECT-TYPE SYNTAX INTEGER { delete(1), rip(2), ospf(3), bgp(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes the destination protocol into that the routes should be imported." ::= { ipImportEntry 2 } ipImportMetric1 OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the metric in the context of the destination protocol the imported routes should get. If set to -1 these routes get a protocol specific default metric." DEFVAL { -1 } ::= { ipImportEntry 3 } ipImportType OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object might define protocol specific properties of the imported routes in the context of the destination protocol." DEFVAL { 0 } ::= { ipImportEntry 4 } ipImportAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipImportMask the range of IP addresses for which the table entry should be valid. The entry is valid if the destination IP address of the route lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for destination." ::= { ipImportEntry 5 } ipImportMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipImportAddr the range of IP addresses for which the table entry should be valid. The entry is valid if the destination IP address of the route lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for destination." ::= { ipImportEntry 6 } ipImportEffect OBJECT-TYPE SYNTAX INTEGER { import (1), doNotImport(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines the effect this row should have. If set to import, the importation from ipImportSrcProto to ipImportDstProto takes place. If set to doNotImport the importation is prevented." DEFVAL { import } ::= { ipImportEntry 7 } ipImportIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the interface index of the interface for which the entry should be valid. If set to -1 it will be valid for all interfaces." DEFVAL { -1 } ::= { ipImportEntry 8 } ipImportAssociatedAS OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies an optional Autonomous System identifier for use with BGP." ::= { ipImportEntry 9 } ipImportRouteMapName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies an optional route-map name for use with BGP." ::= { ipImportEntry 10 } -- ********************************************************************** -- * ipPriorityTable TABLE -- ********************************************************************** ipPriorityTable OBJECT-TYPE SYNTAX SEQUENCE OF IpPriorityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the order, in which routes from different protocols are being used to determine the destination of an ip packet. The table will contain an entry for each type of routing protocol including STATIC and DIRECT routes. A priority-value can be configured for each of those protocols to get an order between the different protocols. The table contains a fixed number of entries. Only the priority may be configured." ::= { biboip 13 } ipPriorityEntry OBJECT-TYPE SYNTAX IpPriorityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipPriorityProto } ::= { ipPriorityTable 1 } IpPriorityEntry ::= SEQUENCE { ipPriorityProto INTEGER, ipPriorityValue INTEGER } ipPriorityProto OBJECT-TYPE SYNTAX INTEGER { direct(1), static(2), rip(3), -- RIP routes ospf(4), -- OSPF intra and inter area routes ospf-ext(5), -- OSPF type 1 and 2 external routes bgp(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the routig-protocol, for which the entry is valid." ::= { ipPriorityEntry 1 } ipPriorityValue OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-write STATUS current DESCRIPTION "This object contains the priority-value for a specific routing protocol. Low values mean high precedence." ::= { ipPriorityEntry 2 } -- ********************************************************************** -- * ipFilterTable TABLE -- ********************************************************************** ipFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF IpFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ipFilterTable defines filters that describe subsets of IP packets. The filter matches if all conditions defined are true when comparing with the header of an IP packet." ::= { biboip 15 } ipFilterEntry OBJECT-TYPE SYNTAX IpFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipFilterProtocol } ::= { ipFilterTable 1 } IpFilterEntry ::= SEQUENCE { ipFilterIndex INTEGER, ipFilterDescr DisplayString, ipFilterProtocol INTEGER, ipFilterSrcAddr IpAddress, ipFilterSrcMask IpAddress, ipFilterSrcPort INTEGER, ipFilterSrcPortRange INTEGER, ipFilterDstAddr IpAddress, ipFilterDstMask IpAddress, ipFilterDstPort INTEGER, ipFilterDstPortRange INTEGER, ipFilterTcpConnState INTEGER, ipFilterIcmpType INTEGER, ipFilterTos INTEGER, ipFilterTosMask INTEGER, ipFilterLevel2Prio INTEGER, ipFilterLevel2PrioMask INTEGER, ipFilterSrcIfIndex INTEGER } ipFilterIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This object uniquely references this filter. The index value is generated automatically." ::= { ipFilterEntry 1 } ipFilterDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "A textual string describing this filter." ::= { ipFilterEntry 2 } ipFilterProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), ggp(3), ip(4), tcp(6), egp(8), igp(9), pup(12), chaos(16), udp(17), hmp(20), xns-idp(22), rdp(27), ipv6(41), rsvp(46), gre(47), esp(50), ah(51), tlsp(56), skip(57), kryptolan(65), iso-ip(80), igrp(88), ospf(89), ipip(94), pim(103), ipx-in-ip(111), vrrp(112), l2tp(115), delete(255), dont-verify(256) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the value of the protocol field in the ip header for all IP-datagrams belonging to the set. If this object is set to dont-verify, the value of the protocol field is not specified and can take any value." DEFVAL { dont-verify } ::= { ipFilterEntry 3 } ipFilterSrcAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipFilterSrcMask the set of IP addresses of datagrams that belong to the subset defined by this entry. If both objects are set to 0.0.0.0 the source-addresses for the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 4 } ipFilterSrcMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipFilterSrcAddr the set of IP addresses of datagrams that belong to the subset defined by this entry. If both objects are set to 0.0.0.0 the source-addresses for the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 5 } ipFilterSrcPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterSrcPortRange the range of source portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the source portnumber is not specified and can take any value." DEFVAL { -1 } ::= { ipFilterEntry 6 } ipFilterSrcPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterDstPort the range of source portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the source portnumber is not specified and can take any value." DEFVAL { -1 } ::= { ipFilterEntry 7 } ipFilterDstAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterDstMask the range of the target-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the target- addresses for the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 8 } ipFilterDstMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterDstAddr the range of the target-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the target- addresses for the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 9 } ipFilterDstPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterDstPortRange the range of target-portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the target portnumber is not specified and can take any value." DEFVAL { -1 } ::= { ipFilterEntry 10 } ipFilterDstPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterDstPort the range of target-portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the target portnumber is not specified and can take any value." DEFVAL { -1 } ::= { ipFilterEntry 11 } ipFilterTcpConnState OBJECT-TYPE SYNTAX INTEGER { dont-verify(1), established(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes the state of the TCP connection associated with the packets belonging to the set. If this object is set to established, the value of the TCP flags of incoming packets is checked. Packets with flags that initiate TCP connections are excluded from the set. If this object is set to dont-verify, the TCP flags are not checked and can be any value." DEFVAL { dont-verify } ::= { ipFilterEntry 12 } ipFilterIcmpType OBJECT-TYPE SYNTAX INTEGER { dont-verify(31), echoRep(1), destUnreach(4), srcQuench(5), redirect(6), echo(9), timeExcds(12), parmProb(13), timestamp(14), timestampRep(15), addrMask(16), addrMaskRep(17) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes the ICMP type of the packets belonging to the set. If this object is set to dont-verify, the value of the ICMP type field is not specified and can take any value." DEFVAL { dont-verify } ::= { ipFilterEntry 13 } ipFilterTos OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterTosMask the range of the Type of Service field (TOS) in the IP-header of the IP-datagrams belonging to the set. A TOS value is considered within the range, when the following equation is valid: (tos & ipFilterTosMask) == (ipFilterTos & ipFilterTosMask) If both objects are set to 0 the TOS value of the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 14 } ipFilterTosMask OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterTos the range of the Type of Service field (TOS) in the IP-header of the IP-datagrams belonging to the set. A TOS value is considered within the range, when the following equation is valid: (tos & ipFilterTosMask) == (ipFilterTos & ipFilterTosMask) If both objects are set to 0 the TOS value of the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 15 } ipFilterLevel2Prio OBJECT-TYPE SYNTAX INTEGER (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterLevel2PrioMask the range of the level 2 priority field associated with the IP-datagrams belonging to the set. A priority value is considered within the range, when the following equation is valid: (priority & ipFilterLevel2PrioMask) == (ipFilterLevel2Prio & ipFilterLevel2PrioMask) If both objects are set to 0 the level 2 priority of the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 16 } ipFilterLevel2PrioMask OBJECT-TYPE SYNTAX INTEGER (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION "This object describes together with ipFilterLevel2PrioMask the range of the level 2 priority field associated with the IP-datagrams belonging to the set. A priority value is considered within the range, when the following equation is valid: (priority & ipFilterLevel2PrioMask) == (ipFilterLevel2Prio & ipFilterLevel2PrioMask) If both objects are set to 0 the level 2 priority of the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 17 } ipFilterSrcIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the source index of the IP-datagrams. If this object has a value other than 0, only datagrams received over the interface with the appropriate interface index are considered to be part of the set. If this object is set to 0, the source interface index for the datagrams belonging to the set is not specified." ::= { ipFilterEntry 18 } -- ********************************************************************** -- * ipRuleTable TABLE -- ********************************************************************** ipRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF IpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ipRuleTable defines access rules for checking incoming IP packets. The rules are processed in order, i.e. each rule has a link to the next rule. The set of rules is processed until a match occurs, that means the rule's associated filter matches and the specified action is performed (either accept or deny a packet). The last rule is implicitly a deny rule. The set of rules to be processed can be defined for each interface" ::= { biboip 16 } ipRuleEntry OBJECT-TYPE SYNTAX IpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipRuleFilterIndex } ::= { ipRuleTable 1 } IpRuleEntry ::= SEQUENCE { ipRuleIndex INTEGER, ipRuleFilterIndex INTEGER, ipRuleAction INTEGER, ipRuleNextRuleIndex INTEGER, ipRuleDescr DisplayString } ipRuleIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Unique rule index." ::= { ipRuleEntry 1 } ipRuleFilterIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "References the rule's associated filter." ::= { ipRuleEntry 2 } ipRuleAction OBJECT-TYPE SYNTAX INTEGER { allow(1), -- allow if filter matches allow-if-not(2),-- allow if filter not matches deny(3), -- deny if filter matches deny-if-not(4), -- deny if filter not matches ignore(5), -- ignore rule and skip to next rule delete(6) -- delete the entry from the table } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the action to be performed if the rule's associated filter matches. If set to ignore the filter is not consulted and the next rule is processed immediately." DEFVAL { allow } ::= { ipRuleEntry 3 } ipRuleNextRuleIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the next rule to be processed if the rule's associated filter does not match. The value 0 is used to mark the end of the rule set." DEFVAL { 0 } ::= { ipRuleEntry 4 } ipRuleDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "A textual string describing this access rule." ::= { ipRuleEntry 5 } -- ********************************************************************** -- * ipNatOutTable TABLE -- ********************************************************************** ipNatOutTable OBJECT-TYPE -- CNAT: modif: add ipNatOutExtMask SYNTAX SEQUENCE OF IpNatOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the IP address translation for outgoing sessions. If no matching entry is found the IP address is set to the IP address defined on the interface configured for NAT. If a matching entry is found, the source IP address of outgoing IP packets is translated according to the couple 'ipNatOutExtAddr / ipNatOutExtMask'. - If external IP address is a 'host IP address', the whole source IP address is mapped. - If external IP address is a 'net IP address', only the 'net part' of source IP address is affected. This table is only used if the outgoing address translation is activated (ipExtIfNatOutXlat). Entries in the table are created and removed manually by network management." ::= { biboip 18 } ipNatOutEntry OBJECT-TYPE SYNTAX IpNatOutEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipNatOutIfIndex, ipNatOutIntAddr, ipNatOutExtAddr } ::= { ipNatOutTable 1 } IpNatOutEntry ::= SEQUENCE { ipNatOutIfIndex INTEGER, ipNatOutProtocol INTEGER, ipNatOutRemoteAddr IpAddress, ipNatOutRemoteMask IpAddress, ipNatOutExtAddr IpAddress, ipNatOutRemotePort INTEGER, ipNatOutRemotePortRange INTEGER, ipNatOutIntAddr IpAddress, ipNatOutIntMask IpAddress, ipNatOutIntPort INTEGER, ipNatOutExtPort INTEGER, ipNatOutExtMask IpAddress, ipNatOutTimeout INTEGER, ipNatOutDescr DisplayString, ipNatOutNatCategory INTEGER, ipNatOutIntPortRange INTEGER, ipNatOutExtPortRange INTEGER } ipNatOutIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the interface index, for which the table entry shall be valid. If set to 0, the entry will be valid for all interfaces configured to use NAT." ::= { ipNatOutEntry 1 } ipNatOutProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), ggp(3), ip(4), tcp(6), egp(8), igp(9), pup(12), chaos(16), udp(17), hmp(20), xns-idp(22), rdp(27), ipv6(41), rsvp(46), gre(47), esp(50), ah(51), tlsp(56), skip(57), kryptolan(65), iso-ip(80), igrp(88), ospf(89), ipip(94), ipx-in-ip(111), vrrp(112), l2tp(115), any(255), delete(256) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the protocol, for which the table entry shall be valid." DEFVAL { any } ::= { ipNatOutEntry 2 } ipNatOutRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatOutRemoteMask the set of target IP addresses for which the table entry is valid. If both objects are set to 0.0.0.0, the table entry will be valid for any target IP address." ::= { ipNatOutEntry 3 } ipNatOutRemoteMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatOutRemoteAddr the set of target IP addresses for which the table entry is valid. If both objects are set to 0.0.0.0, the table entry will be valid for any target IP address." ::= { ipNatOutEntry 4 } ipNatOutExtAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "With ipNatOutExtMask, this object specifies the external 'IP address' or 'NET address' to which the internal IP address is mapped. - To map exactly to ipNatOutExtAddr (i.e. map to a single IP address), ipNatOutExtMask MUST be set to 255.255.255.255 - To keep HOST part of source IP address and map only the NET part, ipNatOutExtMask MUST be the related subnet mask (and it should be the same as ipNatOutIntMask )." ::= { ipNatOutEntry 5 } ipNatOutRemotePort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatOutRemotePortRange the range of portnumbers for outgoing packets, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatOutPortRange is set to -1, the entry is only valid, when the portnumber of an outgoing packet is equal to ipNatOutRemotePort. Otherwise, the entry is valid, if the destination portnumber lies in the range RemotePort .. RemotePortRange." DEFVAL { -1 } ::= { ipNatOutEntry 6 } ipNatOutRemotePortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatOutRemotePort the range of portnumbers for outgoing packets, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatOutPortRange is set to -1, the entry is only valid, when the portnumber of an outgoing packet is equal to ipNatOutRemotePort. Otherwise, the entry is valid, if the destination portnumber lies in the range RemotePort .. RemotePortRange." DEFVAL { -1 } ::= { ipNatOutEntry 7 } ipNatOutIntAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatOutIntMask the internal hosts IP address for outgoing packets matching the table entry. If both objects are set to 0.0.0.0, the table entry will be valid for any source IP address." ::= { ipNatOutEntry 8 } ipNatOutIntMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatOutIntAddr the internal hosts IP address for outgoing packets matching the table entry. If both objects are set to 0.0.0.0, the table entry will be valid for any source IP address." ::= { ipNatOutEntry 9 } ipNatOutIntPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the internal source port for which the table entry shall be valid. If this object is set to -1, any internal source port matches this entry." DEFVAL { -1 } ::= { ipNatOutEntry 10 } ipNatOutExtPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object may be used to specify a fixed external source port to which the internal source port is mapped. If this object is set to -1, the port is mapped to the next free source port available." DEFVAL { -1 } ::= { ipNatOutEntry 11 } ipNatOutExtMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "With ipNatOutExtAddr, this object specifies the external 'IP address' or 'NET address' to which the internal IP address is mapped. - To map exactly to ipNatOutExtAddr (i.e. map to a single IP address), ipNatOutExtMask MUST be set to 255.255.255.255 - To keep HOST part of source IP address and map only the NET part, ipNatOutExtMask MUST be the related subnet mask (and it should be the same as ipNatOutIntMask)." DEFVAL { 'ffffffff'h } --DEFVAL { 4294967295 } ::= { ipNatOutEntry 12 } ipNatOutTimeout OBJECT-TYPE SYNTAX INTEGER (0..5184000) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "When there is no traffic associated with a NAT entry, this entry is discarded at the end of a timeout value. This object holds this timeout value in seconds. If set to the default value of 0, the timeout will be set to the value specified either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout, depending on the protocol." DEFVAL { 0 } ::= { ipNatOutEntry 13 } ipNatOutDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "A textual string describing this NAT translation rule." ::= { ipNatOutEntry 14 } ipNatOutNatCategory OBJECT-TYPE SYNTAX INTEGER { full-cone(1), restricted-cone(2), port-restricted-cone(3), symmetric(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the NAT category according RFC 3489 and 5389 to be applied for UDP traffic matching with this entry." DEFVAL { symmetric } ::= { ipNatOutEntry 15 } ipNatOutIntPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatOutIntPort the internal source port range for which the table entry shall be valid. If this object is set to -1, only ipNatOutIntPort is used as selector for this entry." DEFVAL { -1 } ::= { ipNatOutEntry 16 } ipNatOutExtPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object may be used together with ipNatOutExtPort to specify a fixed external source port number range to which the internal source port numbers are mapped. This mapping depends on the position of the original source port number within the range specified by ipNatOutIntPort and ipNatOutIntPortRange. If this object is set to -1, only ipNatOutExtPort is considered for this entry." DEFVAL { -1 } ::= { ipNatOutEntry 17 } -- ********************************************************************** -- * ipHostsAliveTable TABLE -- ********************************************************************** ipHostsAliveTable OBJECT-TYPE SYNTAX SEQUENCE OF IpHostsAliveEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the watched IP addresses. Entries in the table are created and removed manually by network management." ::= { biboip 19 } ipHostsAliveEntry OBJECT-TYPE SYNTAX IpHostsAliveEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipHostsAliveIPAddress } ::= { ipHostsAliveTable 1 } IpHostsAliveEntry ::= SEQUENCE { ipHostsAliveGroup INTEGER, ipHostsAliveIPAddress IpAddress, ipHostsAliveState INTEGER, ipHostsAliveInterval INTEGER, ipHostsAliveDownAction INTEGER, ipHostsAliveFirstIfIndex INTEGER, ipHostsAliveRange INTEGER, ipHostsAliveSrcIPAddress IpAddress, ipHostsAliveTrials INTEGER, ipHostsAliveBackups INTEGER } ipHostsAliveGroup OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "The group of the watched IP-Addresses" DEFVAL { 0 } ::= { ipHostsAliveEntry 1 } ipHostsAliveIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The watched IP-Address. If set to zero, the default gateway is used." ::= { ipHostsAliveEntry 2 } ipHostsAliveState OBJECT-TYPE SYNTAX INTEGER { alive(1), down(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The State of the watched IP-Address" DEFVAL { alive } ::= { ipHostsAliveEntry 3 } ipHostsAliveInterval OBJECT-TYPE SYNTAX INTEGER (1..65536) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This is the time interval for state verification" DEFVAL { 300 } ::= { ipHostsAliveEntry 4 } ipHostsAliveDownAction OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), delete(3), none(4), reset(5), redial(6), monitor(7) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action be performed if the ipHostsAliveState changes to down (2), If set to none (4) there is no action specified, if set to monitor (7) this entry just enables monitoring of this status in other subsystem context like IP load balancing." DEFVAL { down } ::= { ipHostsAliveEntry 5 } ipHostsAliveFirstIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The first ifc" DEFVAL { 10001 } ::= { ipHostsAliveEntry 6 } ipHostsAliveRange OBJECT-TYPE SYNTAX INTEGER (0..65536) MAX-ACCESS read-write STATUS current DESCRIPTION "The range of all ifc's" DEFVAL { 4999 } ::= { ipHostsAliveEntry 7 } ipHostsAliveSrcIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The source IP-Address" ::= { ipHostsAliveEntry 8 } ipHostsAliveTrials OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "How many ping attempts until host is considered down. Default value is 3." DEFVAL { 3 } ::= { ipHostsAliveEntry 9 } ipHostsAliveBackups OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "How many successful pings until host is considered up. Default value is 1." DEFVAL { 1 } ::= { ipHostsAliveEntry 10 } -- ********************************************************************** -- * ipBodRuleTable TABLE -- ********************************************************************** ipBodRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF IpBodRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ipBodRuleTable defines access rules for checking incoming IP packets. The rules are processed in order, i.e. each rule has a link to the next rule. The set of rules is processed until a match occurs, that means the rule's associated filter matches and the specified action is performed (either request or deny additional bandwidth). The last rule is implicitly a deny rule. The set of rules to be processed can be defined for each interface." ::= { biboip 21 } ipBodRuleEntry OBJECT-TYPE SYNTAX IpBodRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipBodRuleFilterIndex } ::= { ipBodRuleTable 1 } IpBodRuleEntry ::= SEQUENCE { ipBodRuleIndex INTEGER, ipBodRuleFilterIndex INTEGER, ipBodRuleAction INTEGER, ipBodRuleDirection INTEGER, ipBodRuleChannels INTEGER, ipBodRuleNextRuleIndex INTEGER, ipBodRuleIdleTime INTEGER } ipBodRuleIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Unique rule index." ::= { ipBodRuleEntry 1 } ipBodRuleFilterIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "References the rule's associated filter." ::= { ipBodRuleEntry 2 } ipBodRuleAction OBJECT-TYPE SYNTAX INTEGER { invoke(1), -- invoke bandwidth if filter matches invoke-if-not(2), -- invoke if filter not matches deny(3), -- deny BOD if filter matches deny-if-not(4), -- deny BOD if filter not matches ignore(5), -- ignore rule and skip to next rule delete(6) -- delete the entry from the table } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the action to be performed if the rule's associated filter matches. If set to ignore the filter is not consulted and the next rule is processed immediately." DEFVAL { invoke } ::= { ipBodRuleEntry 3 } ipBodRuleDirection OBJECT-TYPE SYNTAX INTEGER { outgoing(1), -- used for outgoing packets only incoming(2), -- used for incoming packets only both(3) -- used for both directions } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the direction of the packets for which the rule is processed." DEFVAL { outgoing } ::= { ipBodRuleEntry 4 } ipBodRuleChannels OBJECT-TYPE SYNTAX INTEGER (0..8) MAX-ACCESS read-write STATUS current DESCRIPTION "The number of B-channels to invoke if the rule's associated filter matches." DEFVAL { 1 } ::= { ipBodRuleEntry 5 } ipBodRuleNextRuleIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the next rule to be processed if the rule's associated filter does not match. The value 0 is used to mark the end of the rule set." DEFVAL { 0 } ::= { ipBodRuleEntry 6 } ipBodRuleIdleTime OBJECT-TYPE SYNTAX INTEGER (-1..3600) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the time in seconds the interface-specific shorthold interval (see biboPPPTable) is extended if the rule's associated filter matches. When set to zero this setting is ignored. When set to -1 matching packets are sent piggyback, they are not considered for shorthold mode." DEFVAL { 0 } ::= { ipBodRuleEntry 7 } -- ********************************************************************** -- * ipQoSTable TABLE -- ********************************************************************** ipQoSTable OBJECT-TYPE SYNTAX SEQUENCE OF IpQoSEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ipQosTable defines the classifier rules that are applied to IP traffic arriving this interface in a particular direction. The rules are processed in order, i.e. each rule has a link to the next rule. The set of rules is processed until a match occurs, that means the rule's associated filter matches and the specified action is performed (alter the IP headers TOS field, alter associated level 2 priority, specify a service class for QoS). The set of these rules to be processed can be defined for each interface." ::= { biboip 22 } ipQoSEntry OBJECT-TYPE SYNTAX IpQoSEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipQoSFilterIndex } ::= { ipQoSTable 1 } IpQoSEntry ::= SEQUENCE { ipQoSIndex INTEGER, ipQoSFilterIndex INTEGER, ipQoSNextRuleIndex INTEGER, ipQoSAction INTEGER, ipQoSTos INTEGER, -- ipQoSClassOfService INTEGER, ipQoSTosSetRate INTEGER, ipQoSTosSetBurst INTEGER, ipQoSTosSetExceedAction INTEGER, ipQoSTosRemark INTEGER, ipQoSServiceClass INTEGER, ipQoSClassId INTEGER, ipQoSDirection INTEGER, ipQoSTosSetRateLimitation INTEGER, ipQoSTosSetRateBps INTEGER, ipQoSTosSetBurstBps INTEGER, ipQoSClassifyAction INTEGER, ipQoSExceedRateLimitation INTEGER, ipQoSExceedRate INTEGER, ipQoSExceedBurst INTEGER, ipQoSExceedRateBps INTEGER, ipQoSExceedBurstBps INTEGER, ipQoSTosAndMask INTEGER, ipQoSTosOrMask INTEGER, ipQoSLevel2PrioAndMask INTEGER, ipQoSLevel2PrioOrMask INTEGER, ipQoSTosAndMaskExceed INTEGER, ipQoSTosOrMaskExceed INTEGER, ipQoSLevel2PrioAndMaskExceed INTEGER, ipQoSLevel2PrioOrMaskExceed INTEGER, ipQoSDescr DisplayString } ipQoSIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Unique rule index." ::= { ipQoSEntry 1 } ipQoSFilterIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "References the associated filter (see IpFilterTable)." ::= { ipQoSEntry 2 } ipQoSNextRuleIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the next classifier rule to be processed if the rule's associated filter does not match. The value 0 is used to mark the end of the rule set." DEFVAL { 0 } ::= { ipQoSEntry 3 } ipQoSAction OBJECT-TYPE SYNTAX INTEGER { classify(1), -- filter matches, classify packet & set TOS classify-if-not(2), -- classify & set TOS if filter doesn't match disabled(3), -- ignore rule and skip to next rule classify-keep-tos(4), -- filter matches, classify packet (keep TOS) classify-keep-tos-if-not(5), -- classify (keep TOS) if filter doesn't match delete(15) -- delete the entry from the table } MAX-ACCESS read-write STATUS obsolete DESCRIPTION "WARNING: this object is obsolete and must not be used. It exists in this table for configuration conversion purposes. Below is its previous definition: This object specifies the action to be performed if the associated filter matches. If set to disabled the filter is not consulted and the next rule is processed immediately, possible values: classify(1) = filter matches, classify packet & set TOS classify-if-not(2) = classify & set TOS if filter doesn't match disabled(3) = ignore rule and skip to next rule classify-keep-tos(4) = filter matches, classify packet (keep TOS) classify-keep-tos-if-not(5) = classify (keep TOS) if filter doesn't match delete(15) = delete the entry from the table." DEFVAL { classify } ::= { ipQoSEntry 4 } ipQoSTos OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS obsolete DESCRIPTION "WARNING: this object is obsolete and must not be used. It exists in this table for configuration conversion purposes. Below is its previous definition: Value for TOS field inside IP header to be set." DEFVAL { 0 } ::= { ipQoSEntry 5 } -- ipQoSClassOfService OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- ACCESS read-write -- STATUS mandatory -- -- DESCRIPTION -- "Specifies the class of service used for the congestion -- management, priorization and traffic shapping. If set to -- 256 (high priority service class) the related traffic -- will be always handled first." -- DEFVAL { 1 } -- ::= { ipQoSEntry 6 } -- ipQoSTosSetRate OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-write STATUS obsolete DESCRIPTION "WARNING: this object is obsolete and must not be used. It exists in this table for configuration conversion purposes. Below is its previous definition: Maximum amount of packets per second that should be TOS changed." DEFVAL { 0 } ::= { ipQoSEntry 7 } ipQoSTosSetBurst OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-write STATUS obsolete DESCRIPTION "WARNING: this object is obsolete and must not be used. It exists in this table for configuration conversion purposes. Below is its previous definition: Maximum amount of packets per second additional to the ipQosSetRate that could be TOS changed." DEFVAL { 0 } ::= { ipQoSEntry 8 } ipQoSTosSetExceedAction OBJECT-TYPE SYNTAX INTEGER { none(1), remark-tos(2), ignore(3) } MAX-ACCESS read-write STATUS obsolete DESCRIPTION "WARNING: this object is obsolete and must not be used. It exists in this table for configuration conversion purposes. Below is its previous definition: This object specifies how to mark packets in excess of the rate limitation defined for this entry. Possible values: none(1) = the TOS field is unchanged, but the packet is flagged as eligible for discard. remark-tos(2) = the TOS field is set with the ipQosTosRemark value. ignore(3) = used internally for conversion between old format and new format of this table." DEFVAL { ignore } ::= { ipQoSEntry 9 } ipQoSTosRemark OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS obsolete DESCRIPTION "WARNING: this object is obsolete and must not be used. It exists in this table for configuration conversion purposes. Below is its previous definition: Value for TOS field inside IP header to be set when ipQoSTosSetExceedAction is set to remark-tos." DEFVAL { 0 } ::= { ipQoSEntry 10 } ipQoSServiceClass OBJECT-TYPE SYNTAX INTEGER { normal(1), high-priority(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipQoSClassId the class of service used for the congestion management, priorization and traffic shapping. If set to high-priority(2) (high priority service class) the related traffic will be always handled first and ipQoSClassId is ignored." DEFVAL { normal } ::= { ipQoSEntry 11 } ipQoSClassId OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipQoSServiceClass (normal(1) only) the class of service used for congestion avoidance, congestion management, priorization and traffic shapping. Note that this ID is not used to give a nominal priority to the related IP traffic." DEFVAL { 1 } ::= { ipQoSEntry 12 } ipQoSDirection OBJECT-TYPE SYNTAX INTEGER { outgoing(1), -- used for outgoing packets only incoming(2), -- used for incoming packets only both(3) -- used for both directions } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the direction for witch this classifier rule applies on this interface, possible values: outgoing(1) = used for outgoing packets only incoming(2) = used for incoming packets only both(3) = used for both directions." DEFVAL { outgoing } ::= { ipQoSEntry 13 } ipQoSTosSetRateLimitation OBJECT-TYPE SYNTAX INTEGER { none(1), packets(2), throughput(3) } MAX-ACCESS read-write STATUS obsolete DESCRIPTION "WARNING: this object is obsolete and must not be used. It exists in this table for configuration conversion purposes. Below is its previous definition: This field specifies a rate limitation for the packets to mark with the ipQosTos value. Possible values: none(1) = no limitation is defined. packets(2) = a limitation is defined in number of packets per second. throughput(3) = a limitation is defined in bits per second." DEFVAL { packets } ::= { ipQoSEntry 14 } ipQoSTosSetRateBps OBJECT-TYPE SYNTAX INTEGER UNITS "bps" MAX-ACCESS read-write STATUS obsolete DESCRIPTION "WARNING: this object is obsolete and must not be used. It exists in this table for configuration conversion purposes. Below is its previous definition: Maximum amount of trafic in bits per second that should be marked with TOS value ipQosTos." DEFVAL { 0 } ::= { ipQoSEntry 15 } ipQoSTosSetBurstBps OBJECT-TYPE SYNTAX INTEGER UNITS "bps" MAX-ACCESS read-write STATUS obsolete DESCRIPTION "WARNING: this object is obsolete and must not be used. It exists in this table for configuration conversion purposes. Below is its previous definition: Maximum amount of additional trafic to the ipQoSTosSetRateBps in bits per second that should be marked with TOS value ipQosTos." DEFVAL { 0 } ::= { ipQoSEntry 16 } ipQoSClassifyAction OBJECT-TYPE SYNTAX INTEGER { classify(1), -- filter matches, classify packet & set TOS classify-if-not(2), -- classify & set TOS if filter doesn't match disabled(3), -- ignore rule and skip to next rule delete(15) -- delete the entry from the table } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the action to be performed if the associated filter matches. If set to disabled the filter is not consulted and the next rule is processed immediately, possible values: classify(1) = filter matches, classify packet & set TOS classify-if-not(2) = classify & set TOS if filter doesn't match disabled(3) = ignore rule and skip to next rule delete(15) = delete the entry from the table." DEFVAL { classify } ::= { ipQoSEntry 17 } ipQoSExceedRateLimitation OBJECT-TYPE SYNTAX INTEGER { none(1), packets(2), throughput(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This field specifies a rate limitation between in-profile and out-profile datagrams. Possible values: none(1) = no limitation is defined. packets(2) = a limitation is defined in number of packets per second. throughput(3)= a limitation is defined in bits per second." DEFVAL { packets } ::= { ipQoSEntry 18 } ipQoSExceedRate OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum amount of packets per second that are considered in-profile. Packets in excess of (ipQosExceedRate + ipQosExceedBurst) are considered out-profile." DEFVAL { 0 } ::= { ipQoSEntry 19 } ipQoSExceedBurst OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum additional amount of packets per second that are considered in-profile. Packets in excess of (ipQosExceedRate + ipQosExceedBurst) are considered out-profile." DEFVAL { 0 } ::= { ipQoSEntry 20 } ipQoSExceedRateBps OBJECT-TYPE SYNTAX INTEGER UNITS "bps" MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum amount of traffic in bits per second that is considered in-profile. Traffic in excess of (ipQosExceedRateBps + ipQosExceedBurstBps) is considered out-profile." DEFVAL { 0 } ::= { ipQoSEntry 21 } ipQoSExceedBurstBps OBJECT-TYPE SYNTAX INTEGER UNITS "bps" MAX-ACCESS read-write STATUS current DESCRIPTION "Maximum amount of additional traffic that is considered in-profile. Traffic in excess of (ipQosExceedRateBps + ipQosExceedBurstBps) is considered out-profile." DEFVAL { 0 } ::= { ipQoSEntry 22 } ipQoSTosAndMask OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "AND mask applied to TOS field inside IP header of in-profile datagrams." DEFVAL { 255 } ::= { ipQoSEntry 23 } ipQoSTosOrMask OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "OR mask applied to TOS field inside IP header of in-profile datagrams." DEFVAL { 0 } ::= { ipQoSEntry 24 } ipQoSLevel2PrioAndMask OBJECT-TYPE SYNTAX INTEGER (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION "AND mask applied to level 2 priority associated with in-profile datagrams." DEFVAL { 7 } ::= { ipQoSEntry 25 } ipQoSLevel2PrioOrMask OBJECT-TYPE SYNTAX INTEGER (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION "OR mask applied to level 2 priority associated with in-profile datagrams." DEFVAL { 0 } ::= { ipQoSEntry 26 } ipQoSTosAndMaskExceed OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "AND mask applied to TOS field inside IP header of out-profile datagrams." DEFVAL { 255 } ::= { ipQoSEntry 27 } ipQoSTosOrMaskExceed OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "OR mask applied to TOS field inside IP header of out-profile datagrams." DEFVAL { 0 } ::= { ipQoSEntry 28 } ipQoSLevel2PrioAndMaskExceed OBJECT-TYPE SYNTAX INTEGER (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION "AND mask applied to level 2 priority associated with out-profile datagrams." DEFVAL { 7 } ::= { ipQoSEntry 29 } ipQoSLevel2PrioOrMaskExceed OBJECT-TYPE SYNTAX INTEGER (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION "OR mask applied to level 2 priority associated with out-profile datagrams." DEFVAL { 0 } ::= { ipQoSEntry 30 } ipQoSDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "A textual string describing this classifier rules." ::= { ipQoSEntry 31 } -- ********************************************************************** -- * ipRipTimerTable TABLE -- ********************************************************************** -- Should be named 'ipRipStaticTable' instead ipRipTimerTable OBJECT-TYPE SYNTAX SEQUENCE OF IpRipTimerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The 'ipRipTimerTable' contains the basic configuration of the RIP protocol. Formerly created to define only the 3 timers involved in RIP process (cf RFC 2453). This set of timers is unique for the router. Values should be the same on all the routers of the whole network." ::= { biboip 23 } ipRipTimerEntry OBJECT-TYPE SYNTAX IpRipTimerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipRipVersion} ::= { ipRipTimerTable 1 } IpRipTimerEntry ::= SEQUENCE { ipRipVersion INTEGER, ipRipTimerUpdate INTEGER, ipRipTimerTimeout INTEGER, ipRipTimerGarbage INTEGER, ipRipRfc2453Timer INTEGER, ipRipRfc2091Timer INTEGER, ipRipUpdatePacketRetryTimer INTEGER, ipRipPoisonedReverse INTEGER, ipRipDistributeDefaultRoutes INTEGER, ipRipHoldDownTimer INTEGER } ipRipVersion OBJECT-TYPE -- This member only needed to have a ReadOnly "index" -- so avoiding "row creation" by EndUser. SYNTAX INTEGER (1..3) MAX-ACCESS read-only STATUS current DESCRIPTION "RFC 2453, RIP Version 2." DEFVAL { 2 } ::= { ipRipTimerEntry 1 } ipRipTimerUpdate OBJECT-TYPE SYNTAX INTEGER (1..65535) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "An unsollicited RIP response is broadcast every 'ipRipTimerUpdate' seconds." DEFVAL { 30 } ::= { ipRipTimerEntry 2 } ipRipTimerTimeout OBJECT-TYPE SYNTAX INTEGER (1..65535) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "If 'ipRipTimerTimeout' seconds elapse from the last time an update message is received for this route, the route is dropped but keeped in routing table. Then 'garbage process' is started." DEFVAL { 180 } ::= { ipRipTimerEntry 3 } ipRipTimerGarbage OBJECT-TYPE SYNTAX INTEGER (1..65535) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "If 'ipRipTimerGarbage' seconds elapse from the start of 'garbage process' (and if route is still 'dropped'), the route is removed from the routing table." DEFVAL { 120 } ::= { ipRipTimerEntry 4 } ipRipRfc2453Timer OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The 'ipRipRfc2453Timer' enabled/disables variable timer definition from RFC 2453." DEFVAL { enabled } ::= { ipRipTimerEntry 5 } ipRipRfc2091Timer OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The 'ipRipRfc2453Timer' enabled/disables variable timer definition from RFC 2091." DEFVAL { disabled } ::= { ipRipTimerEntry 6 } ipRipUpdatePacketRetryTimer OBJECT-TYPE SYNTAX INTEGER (1..10) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "If 'ipRipTimerUpdatePacketRetry' seconds elapse since the transmission of the last update packet without receiving an acknowledge the update packet is resend." DEFVAL { 5 } ::= { ipRipTimerEntry 7 } ipRipPoisonedReverse OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable the (currently unimplemented) control over 'poisoned reverse' route distribution." DEFVAL { disabled } ::= { ipRipTimerEntry 8 } ipRipDistributeDefaultRoutes OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable the distribution of 'default routes'." DEFVAL { enabled } ::= { ipRipTimerEntry 9 } ipRipHoldDownTimer OBJECT-TYPE SYNTAX INTEGER (1..65535) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "If 'ipRipHoldDownTimer' seconds elapse from the start of 'database timeout' (and if route is still 'dropped'), the route is removed from the routing table." DEFVAL { 120 } ::= { ipRipTimerEntry 10 } -- ********************************************************************** -- * ipRipFilterTable TABLE -- ********************************************************************** ipRipFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF IpRipFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ipRipFilterTable contains additional information related to IP and the interfaces found on the system. Entries can only be added or deleted by the system." ::= { biboip 33 } ipRipFilterEntry OBJECT-TYPE SYNTAX IpRipFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipRipFilterIfIndex, ipRipFilterIpAddr, ipRipFilterNetMask, ipRipFilterPriority, ipRipFilterDirection } ::= { ipRipFilterTable 1 } IpRipFilterEntry ::= SEQUENCE { ipRipFilterEntryState INTEGER, ipRipFilterIfIndex INTEGER, ipRipFilterIpAddr IpAddress, ipRipFilterNetMask IpAddress, ipRipFilterPriority INTEGER, ipRipFilterDirection INTEGER, ipRipFilterDistribution INTEGER, ipRipFilterMetric1IfUpOffset INTEGER, ipRipFilterMetric1IfDormantOffset INTEGER } ipRipFilterEntryState OBJECT-TYPE SYNTAX INTEGER { active(1), delete(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "makes entry active" DEFVAL { active } ::= { ipRipFilterEntry 1 } ipRipFilterIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The index value which uniquely identifies the local interface through which the next hop of this route should be reached. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex." ::= { ipRipFilterEntry 2 } ipRipFilterIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The IP-Address range affected by the filter operation. Ranges are separately defined for import and export. IP-Address ranges which are not matched by any filters pass the filter stage unmodified. If this isn't intended an additional filter must be defined to disable the unmatched IP-Address range(s)." ::= { ipRipFilterEntry 3 } ipRipFilterNetMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Indicate the mask to be logical-ANDed with the ip-address before being compared to the value in the ipRipFilterIpAddr field. If a subnet mask is not specified, it will be set automatically according to the following table: Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.255.0 If the value of the ipRipFilterIpAddr is 0.0.0.0 (a default route) then a mask value of 0.0.0.0 matches all IP-Addresses (normally used to disable all routes as last rule in the chain). An ipRipFilterIpAddr of 0.0.0.0 with a mask value of 255.255.255.255 matches (filters) the default route exactly. Host routes are created by setting the subnet mask to 255.255.255.255." ::= { ipRipFilterEntry 4 } ipRipFilterPriority OBJECT-TYPE SYNTAX INTEGER (1..16) MAX-ACCESS read-write STATUS current DESCRIPTION "If more than one filter matches the IP-Address range this priority decides which filter to apply. 1 indictes highest priority and 16 lowest priority" DEFVAL { 1 } ::= { ipRipFilterEntry 5 } ipRipFilterDirection OBJECT-TYPE SYNTAX INTEGER { import(1), export(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The direction the filter is defined for." DEFVAL { import } ::= { ipRipFilterEntry 6 } ipRipFilterDistribution OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Include or exclude the IP-Address range from distribution." DEFVAL { enabled } ::= { ipRipFilterEntry 7 } ipRipFilterMetric1IfUpOffset OBJECT-TYPE SYNTAX INTEGER (-16..16) MAX-ACCESS read-write STATUS current DESCRIPTION "Add 'ipRipFilterMetric1IfUpOffset' to metric1 during import of this route if the operation status of this interface is up. On export, add 'ipRipFilterMetric1IfUpOffset' to the exported metric value if the operation status of this interface is up." DEFVAL { 0 } ::= { ipRipFilterEntry 8 } ipRipFilterMetric1IfDormantOffset OBJECT-TYPE SYNTAX INTEGER (-16..16) MAX-ACCESS read-write STATUS current DESCRIPTION "Add 'ipRipFilterMetric1IfDormantOffset' to metric1 during import of this route if the operation status of this interface is dormant. On export, add 'ipRipFilterMetric1IfDormantOffset' to the exported metric value if the operation status of this interface is dormant." DEFVAL { 0 } ::= { ipRipFilterEntry 9 } -- ********************************************************************** -- * ipIcmpTable TABLE -- ********************************************************************** -- The STATIC ipIcmp Table contains all extended configuration related to ICMP ipIcmp OBJECT IDENTIFIER ::= { biboip 32 } ipIcmpSourceQuench OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enabled : If an IP packet is discarded due to congestion, the system sends an ICMP 'Source-Quench' message back to the originator of the packet. For congestion-control/prevention, the system may send ICMP 'Source-Quench' messages also. This is the default behavior of the system. The rate of ICMP 'Source Quench' messages is limited to max. 1 message/s per originator. disabled: system never sends ICMP 'Source-Quench' messages (not for congestions nor for congestion-control). " DEFVAL { enabled } ::= { ipIcmp 1 } ipIcmpTimeExceededTrans OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enabled : If an IP packet could not be delivered/forwarded to destination due to packet TTL (Time to live) or dialup-interface timeout, the packet is discarded and the system sends an ICMP 'Time-Exceeded/Trans' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet could not be delivered/forwarded to destination due to packet TTL (Time to live) or dialup-interface timeout, the packet is silently discarded. ICMP 'Time Exceeded/Trans' messages should be disabled with care (only if really necessary), because some usefull external tools based on this protocol (e.g. 'traceroute'). " DEFVAL { enabled } ::= { ipIcmp 2 } ipIcmpTimeExceededFrag OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enabled : If an IP packet could not be delivered/forwarded to destination due to fragment-reassembly timeout, the system sends an ICMP 'Time-Exceeded/Fragment' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet could not be delivered/forwarded to destination due to fragment-reassembly timeout, the IP packet is silently discarded. ICMP 'Time Exceeded/Fragment' messages should be disabled with care (only if really necessary). " DEFVAL { enabled } ::= { ipIcmp 3 } ipIcmpDestUnreachFrag OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enabled : If an IP packet could not be delivered/forwarded to destination due to MTU/Dont-Fragment error (packet must be fragmented due to interface-MTU but Dont-Fragment (DF) bit is set in IP header), the IP packet is discarded and the system sends an ICMP 'Destination-Unreachable/Fragment' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet could not be delivered/forwarded to destination due to interface-MTU/DF-bit problem, the packet is silently discarded. ICMP 'Destination-UnreachableFragment' messages should be disabled with care (only if really necessary). Disabling of this ICMP messages will make Path MTU Discovery impossible and might lead to bad performance behaviours. " DEFVAL { enabled } ::= { ipIcmp 4 } ipIcmpDestUnreachHost OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enabled : If an IP packet could not be delivered/forwarded to destination due to routing errors (e.g. no matching route exists, interface down/blocked), the packet is discarded and the system sends an ICMP 'Destination-Unreachable/Host' message back to the originator of the packet. This is the default behavior of the system. (see ipIcmpDestUnreachHostTcp also) disabled: If an IP packet could not be delivered/forwarded to destination due to routing errors (e.g. no matching route exists, interface down/blocked), the packet is silently discarded. ICMP 'Destination-Unreachable/Host' messages should be disabled with care (only if really necessary). The functionality of the virtual REFUSE-Interface is NOT affected by this parameter - the system will continue to send ICMP 'Dest-Unreachable/Host' messages for all packets explicity routed to this Interface (ifIndex 0). The functionality of ipExtIfNatSilentDeny=disabled is NOT affected by this parameter - the system will continue to send ICMP 'Dest-Unreachable/Host' messages for incoming IP-Packets that does not pass the NAT barrier of NAT-enabled Interfaces. " DEFVAL { enabled } ::= { ipIcmp 5 } ipIcmpDestUnreachHostTcp OBJECT-TYPE SYNTAX INTEGER { tcp-rst(1), icmp(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Set ICMP (Dest Unreachable/Host) behavior for TCP packets. tcp-rst : If a TCP packet can not be delivered/forwarded to destination (e.g. no matching route exists, interface down/blocked), the TCP-Connection is terminated by sending a TCP-RST message (a TCP packet with RST-bit set in TCP-header) back to the originator of the packet. This is the default behavior of the system. The TCP RST message is send INSTEAD of an ICMP 'Destination-Unreachable/Host' message. If ipIcmpDestUnreachHost is set to disabled(2), no TCP-RST message is sent back. icmp : TCP traffic is handled like all other IP traffic. (see description of ipIcmpDestUnreachHost) " DEFVAL { tcp-rst } ::= { ipIcmp 6 } ipIcmpDestUnreachProto OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enabled: If an IP packet addressed to local system could not be handled due to unsupported protocol type in IP packet-header (e.g. not TCP, UDP or ICMP), the packet is discarded and the system sends an ICMP 'Destination-Unreachable/Proto' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet addressed to local system could not be handled due to unsupported protocol type in IP packet-header (e.g. not TCP, UDP or ICMP), the packet is silently discarded. ICMP 'Destination-Unreachable/Proto' messages should be disabled with care (only if really necessary). " DEFVAL { enabled } ::= { ipIcmp 7 } ipIcmpEchoReply OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enabled : each incoming ICMP 'Echo-Request' message addressed to local system is answered with an ICMP 'Echo-Reply' message. This is the default behavior of the system. disabled: incoming ICMP 'Echo-Request' messages addressed to local system are silently discarded. ICMP 'Echo-Reply' messages should be disabled with care (only if really necessary), because some usefull external tools based on this protocol (e.g. 'ping'). local 'pings' to other system/routers are not affected by this parameter. " DEFVAL { enabled } ::= { ipIcmp 8 } ipIcmpMaskReply OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enabled : each incoming ICMP 'Mask-Request' message addressed to local system is answered with an ICMP 'Mask-Reply' message. This is the default behavior of the system. disabled: incoming ICMP 'Mask-Request' messages addressed to local system are silently discarded. ICMP 'Echo-Mask' messages should be disabled with care (only if really necessary), because subnet-discovery based on this protocol. " DEFVAL { enabled } ::= { ipIcmp 9 } ipIcmpTimestampReply OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2), extended (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "enabled : each incoming ICMP 'Timestamp' message addressed to local system is answered with an RFC792-compliant ICMP 'Timestamp-Reply' message. This is the default behavior of the system. disabled: incoming ICMP 'Timestamp' messages addressed to local system are silently discarded. extended: if an incoming ICMP 'Timestamp' message contains data appended after the three timestamp fields (which is a deviation of RFC792), the system replies with a modified 'Timestamp-Reply' message which contains a copy of the received data appended after the three timestamp fields. This behaviour is not RFC792-compliant and should be reserved for testing purposes. " DEFVAL { enabled } ::= { ipIcmp 10 } -- ********************************************************************** -- * ipNatExpTable TABLE -- ********************************************************************** ipNatExpTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNatExpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "If NAT is switched on for an interface, this table contains entries for expected sessions. Table entries are creates by the system whenever there is a need for a new incoming session. Table entries are removed after timeout or if the expected session is established." ::= { biboip 34 } ipNatExpEntry OBJECT-TYPE SYNTAX IpNatExpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipNatExpIfIndex } ::= { ipNatExpTable 1 } IpNatExpEntry ::= SEQUENCE { ipNatExpIfIndex INTEGER, ipNatExpProtocol INTEGER, ipNatExpIntAddr IpAddress, ipNatExpIntPort INTEGER, ipNatExpExtAddr IpAddress, ipNatExpExtPort INTEGER, ipNatExpRemoteAddr IpAddress, ipNatExpExtPortType INTEGER, ipNatExpRemotePort INTEGER, ipNatExpTimeout INTEGER } ipNatExpIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the interface, for which the session is expected. A value of 0 means ANY interface." ::= { ipNatExpEntry 1 } ipNatExpProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), tcp(6), udp(17), ipv6(41), gre(47), esp(50), ah(51), ospf(89), l2tp(115) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the protocol, the expected session is using. " ::= { ipNatExpEntry 2 } ipNatExpIntAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the internal local IP Address used for the expected session. " ::= { ipNatExpEntry 3 } ipNatExpIntPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the internal local port-number used for the expected session. A value of -1 means to copy the related external port-number without any NAT-translation. " ::= { ipNatExpEntry 4 } ipNatExpExtAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the external local address used for the expected session. A value of 0.0.0.0 means ANY address. " ::= { ipNatExpEntry 5 } ipNatExpExtPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the external local port-number used for the expected session. A value of -1 means ANY port-number. " ::= { ipNatExpEntry 6 } ipNatExpRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the remote IP-address used for the expected session. A value of 0.0.0.0 means ANY address. " ::= { ipNatExpEntry 7 } ipNatExpExtPortType OBJECT-TYPE SYNTAX INTEGER { supplied(1), pool(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This field is used for NAT-internal signalling. Applications shall set it to . For automatically generated, NAT-out-triggered entries, the system sets this field to temporarily when the related ExtPort-entry is taken from one of the pools and must be released again later. " DEFVAL { supplied } ::= { ipNatExpEntry 8 } ipNatExpRemotePort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the remote port-number used for the expected session. A value of -1 means ANY port number. " ::= { ipNatExpEntry 9 } ipNatExpTimeout OBJECT-TYPE SYNTAX INTEGER (0..86400) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "Set a specific Timeout in seconds for a new expected session. A value of 0 means UNSPECIFIED (default-value is taken). " DEFVAL { 0 } ::= { ipNatExpEntry 10 } -- ********************************************************************** -- * mcastFwdTable TABLE -- ********************************************************************** -- mcastFwdTable is used for simple multicast packet forwarding mcastFwdTable OBJECT-TYPE SYNTAX SEQUENCE OF McastFwdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entries in the Multicast Forwarding Table define a rule where to forward packets with a specified multicast group address to a dedicated destination interface." ::= { biboip 53 } mcastFwdEntry OBJECT-TYPE SYNTAX McastFwdEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the Multicast Forwarding Table." INDEX { mcastFwdAddress } ::= { mcastFwdTable 1 } McastFwdEntry ::= SEQUENCE { mcastFwdAddress IpAddress, mcastFwdSrcIfIndex INTEGER, mcastFwdDestIfIndex INTEGER, mcastFwdStatus INTEGER } mcastFwdAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The multicast forwarding group address which will be forwarded. The group address 224.0.0.0 may be used as a wildcard matching all addresses." ::= { mcastFwdEntry 1 } mcastFwdSrcIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The source interface of incoming multicast packets." ::= { mcastFwdEntry 2 } mcastFwdDestIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The destination interface where to forward multicast packets." ::= { mcastFwdEntry 3 } mcastFwdStatus OBJECT-TYPE SYNTAX INTEGER { active(1), inactive(2), delete(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The status of this entry." DEFVAL { 1 } ::= { mcastFwdEntry 4 } -- ********************************************************************** -- * ipNatExcludeTable TABLE -- ********************************************************************** -- ipNatExcludeTable is used for excluding some traffics from NAT processing ipNatExcludeTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNatExcludeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the IP addresses and port numbers for sessions that must not be processed by NAT. Entries in the table are created and removed manually by network management." ::= { biboip 60 } ipNatExcludeEntry OBJECT-TYPE SYNTAX IpNatExcludeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipNatExIfIndex, ipNatExProtocol, ipNatExLocalPort, ipNatExRemotePort } ::= { ipNatExcludeTable 1 } IpNatExcludeEntry ::= SEQUENCE { ipNatExIfIndex INTEGER, ipNatExProtocol INTEGER, ipNatExLocalAddr IpAddress, ipNatExLocalMask IpAddress, ipNatExLocalPort INTEGER, ipNatExLocalPortRange INTEGER, ipNatExRemoteAddr IpAddress, ipNatExRemoteMask IpAddress, ipNatExRemotePort INTEGER, ipNatExRemotePortRange INTEGER, ipNatExDescr DisplayString, ipNatExAction INTEGER } ipNatExIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the interface index, for which the table entry shall be valid. If set to 0, the entry will be valid for all interfaces configured to use NAT." ::= { ipNatExcludeEntry 1 } ipNatExProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), ggp(3), ip(4), tcp(6), egp(8), igp(9), pup(12), chaos(16), udp(17), hmp(20), xns-idp(22), rdp(27), ipv6(41), rsvp(46), gre(47), esp(50), ah(51), tlsp(56), skip(57), kryptolan(65), iso-ip(80), igrp(88), ospf(89), ipinip(94), ipx-in-ip(111), vrrp(112), l2tp(115), any(255), delete(256) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the protocol, for which the table entry shall be valid." DEFVAL { any } ::= { ipNatExcludeEntry 2 } ipNatExLocalAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatExLocalMask the set of IP addresses of local hosts involved in the communication. The table entry will be valid when the IP address of the local host lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any local host." ::= { ipNatExcludeEntry 3 } ipNatExLocalMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatExLocalAddr the set of IP addresses of local hosts involved in the communication. The table entry will be valid when the IP address of the local host lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any local host." ::= { ipNatExcludeEntry 4 } ipNatExLocalPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatExLocalPortRange the range of local portnumbers, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all local portnumbers. If ipNatExLocalPortRange is set to -1, the entry is only valid when the local portnumber of a packet is equal to ipNatExLocalPort. Otherwise, the entry is valid if the local portnumber lies in the range ExLocalPort .. ExLocalPortRange." DEFVAL { -1 } ::= { ipNatExcludeEntry 5 } ipNatExLocalPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatExLocalPort the range of local portnumbers, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all local portnumbers. If ipNatExLocalPortRange is set to -1, the entry is only valid when the local portnumber of a packet is equal to ipNatExLocalPort. Otherwise, the entry is valid if the local portnumber lies in the range ExLocalPort .. ExLocalPortRange." DEFVAL { -1 } ::= { ipNatExcludeEntry 6 } ipNatExRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatExRemoteMask the set of IP addresses of remote hosts involved in the communication. The table entry will be valid when the IP address of the remote host lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any remote host." ::= { ipNatExcludeEntry 7 } ipNatExRemoteMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatExRemoteAddr the set of IP addresses of remote hosts involved in the communication. The table entry will be valid when the IP address of the remote host lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any remote host." ::= { ipNatExcludeEntry 8 } ipNatExRemotePort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatExRemotePortRange the range of remote portnumbers, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all remote portnumbers. If ipNatExRemotePortRange is set to -1, the entry is only valid when the remote portnumber of a packet is equal to ipNatExRemotePort. Otherwise, the entry is valid if the remote portnumber lies in the range ExRemotePort .. ExRemotePortRange." DEFVAL { -1 } ::= { ipNatExcludeEntry 9 } ipNatExRemotePortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies together with ipNatExRemotePort the range of remote portnumbers, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all remote portnumbers. If ipNatExRemotePortRange is set to -1, the entry is only valid when the remote portnumber of a packet is equal to ipNatExRemotePort. Otherwise, the entry is valid if the remote portnumber lies in the range ExRemotePort .. ExRemotePortRange." DEFVAL { -1 } ::= { ipNatExcludeEntry 10 } ipNatExDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "A textual string describing this NAT excluding rule." ::= { ipNatExcludeEntry 11 } ipNatExAction OBJECT-TYPE SYNTAX INTEGER { exclude(1), exclude-if-not(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies which packets will be excluded from NAT processing. When set to 'exclude' (default value), any packet matching the parameters of the entry will be excluded from NAT processing. When set to 'exclude-if-not', any packet not matching the parameters of the entry will be excluded from NAT processing." DEFVAL { exclude } ::= { ipNatExcludeEntry 12 } -- ********************************************************************** -- * ipNatOutOperTable TABLE -- ********************************************************************** -- ipNatOutOperTable contains all policies considered for IP address translation ipNatOutOperTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNatOutOperEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table displays all currently active IP address translation policies in 'outgoing' direction. It's similar to the former defined ipNatOutTable. Table entries are created: - either by the IP subsystem itself due to the administratively-defined ipNatOutTable entries (ipNatOutOperType_permanent(1)) - or by several subsystems whenever there is a need for such non-static NAT policies (ipNatOutOperType_temporary(2)) Table entries are deleted: - either by the IP subsystem itself due to the administratively-defined ipNatOutTable entries (ipNatOutOperType_permanent(1)) - or by several subsystems whenever there is a need for such non-static NAT policies (ipNatOutOperType_temporary(2)) - or, in case of non-permanent entries, by the administrator If no matching entry is found (neither in the IP address is set to the IP address defined on the interface configured for NAT. If a matching entry is found, the source IP address of outgoing IP packets is translated according to the couple 'ipNatOutOperExtAddr /ipNatOutOperExtMask'. - If external IP address is a 'host IP address', the whole source IP address is mapped. - If external IP address is a 'net IP address', only the 'net part' of source IP address is affected. This table is only used if the outgoing address translation is activated (ipExtIfNatOutXlat)." ::= { biboip 61 } ipNatOutOperEntry OBJECT-TYPE SYNTAX IpNatOutOperEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipNatOutOperIfIndex, ipNatOutOperIntAddr, ipNatOutOperExtAddr } ::= { ipNatOutOperTable 1 } IpNatOutOperEntry ::= SEQUENCE { ipNatOutOperIfIndex INTEGER, ipNatOutOperProtocol INTEGER, ipNatOutOperRemoteAddr IpAddress, ipNatOutOperRemoteMask IpAddress, ipNatOutOperExtAddr IpAddress, ipNatOutOperRemotePort INTEGER, ipNatOutOperRemotePortRange INTEGER, ipNatOutOperIntAddr IpAddress, ipNatOutOperIntMask IpAddress, ipNatOutOperIntPort INTEGER, ipNatOutOperExtPort INTEGER, ipNatOutOperExtMask IpAddress, ipNatOutOperTimeout INTEGER, ipNatOutOperType INTEGER, ipNatOutOperNatCategory INTEGER, ipNatOutOperParent INTEGER, ipNatOutOperIntPortRange INTEGER, ipNatOutOperExtPortRange INTEGER } ipNatOutOperIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the interface index, for which the table entry shall be valid. If set to 0, the entry will be valid for all interfaces configured to use NAT." ::= { ipNatOutOperEntry 1 } ipNatOutOperProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), ggp(3), ip(4), tcp(6), egp(8), igp(9), pup(12), chaos(16), udp(17), hmp(20), xns-idp(22), rdp(27), ipv6(41), rsvp(46), gre(47), esp(50), ah(51), tlsp(56), skip(57), kryptolan(65), iso-ip(80), igrp(88), ospf(89), ipip(94), ipx-in-ip(111), vrrp(112), l2tp(115), any(255) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the protocol, for which the table entry shall be valid." DEFVAL { any } ::= { ipNatOutOperEntry 2 } ipNatOutOperRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatOutOperRemoteMask the set of target IP addresses for which the table entry is valid. If both objects are set to 0.0.0.0, the table entry will be valid for any target IP address." ::= { ipNatOutOperEntry 3 } ipNatOutOperRemoteMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatOutOperRemoteAddr the set of target IP addresses for which the table entry is valid. If both objects are set to 0.0.0.0, the table entry will be valid for any target IP address." ::= { ipNatOutOperEntry 4 } ipNatOutOperExtAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "With ipNatOutOperExtMask, this object specifies the external 'IP address' or 'NET address' to which the internal IP address is mapped. - To map exactly to ipNatOutOperExtAddr (i.e. map to a single IP address), ipNatOutOperExtMask MUST be set to 255.255.255.255 - To keep HOST part of source IP address and map only the NET part, ipNatOutOperExtMask MUST be the related subnet mask (and it should be the same as ipNatOutOperIntMask )." ::= { ipNatOutOperEntry 5 } ipNatOutOperRemotePort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatOutRemotePortRange the range of portnumbers for outgoing packets, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatOutOperPortRange is set to -1, the entry is only valid, when the portnumber of an outgoing packet is equal to ipNatOutOperRemotePort. Otherwise, the entry is valid, if the destination portnumber lies in the range RemotePort .. RemotePortRange." DEFVAL { -1 } ::= { ipNatOutOperEntry 6 } ipNatOutOperRemotePortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatOutOperRemotePort the range of portnumbers for outgoing packets, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatOutOperPortRange is set to -1, the entry is only valid, when the portnumber of an outgoing packet is equal to ipNatOutOperRemotePort. Otherwise, the entry is valid, if the destination portnumber lies in the range RemotePort .. RemotePortRange." DEFVAL { -1 } ::= { ipNatOutOperEntry 7 } ipNatOutOperIntAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatOutOperIntMask the internal hosts IP address for outgoing packets matching the table entry. If both objects are set to 0.0.0.0, the table entry will be valid for any source IP address." ::= { ipNatOutOperEntry 8 } ipNatOutOperIntMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatOutOperIntAddr the internal hosts IP address for outgoing packets matching the table entry. If both objects are set to 0.0.0.0, the table entry will be valid for any source IP address." ::= { ipNatOutOperEntry 9 } ipNatOutOperIntPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the internal source port for which the table entry shall be valid. If this object is set to -1, any internal source port matches this entry." DEFVAL { -1 } ::= { ipNatOutOperEntry 10 } ipNatOutOperExtPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object may be used to specify a fixed external source port to which the internal source port is mapped. If this object is set to -1, the port is mapped to the next free source port available." DEFVAL { -1 } ::= { ipNatOutOperEntry 11 } ipNatOutOperExtMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "With ipNatOutOperExtAddr, this object specifies the external 'IP address' or 'NET address' to which the internal IP address is mapped. - To map exactly to ipNatOutOperExtAddr (i.e. map to a single IP address), ipNatOutOperExtMask MUST be set to 255.255.255.255 - To keep HOST part of source IP address and map only the NET part, ipNatOutOperExtMask MUST be the related subnet mask (and it should be the same as ipNatOutOperIntMask)." DEFVAL { 'ffffffff'h } --DEFVAL { 4294967295 } ::= { ipNatOutOperEntry 12 } ipNatOutOperTimeout OBJECT-TYPE SYNTAX INTEGER (0..5184000) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "When there is no traffic associated with a NAT entry, this entry is discarded at the end of a timeout value. This object holds this timeout value in seconds. If set to the default value of 0, the timeout will be set to the value specified either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout, depending on the protocol." DEFVAL { 0 } ::= { ipNatOutOperEntry 13 } ipNatOutOperType OBJECT-TYPE SYNTAX INTEGER { permanent(1), temporary(2), delete(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies whether there is an associated ipNatOutTable entry (permanent) or not (temporary). Note that entries with type permanent (1) cannot be deleted by the administrator directly." DEFVAL { temporary } ::= { ipNatOutOperEntry 14 } ipNatOutOperNatCategory OBJECT-TYPE SYNTAX INTEGER { full-cone(1), restricted-cone(2), port-restricted-cone(3), symmetric(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the NAT category according RFC 3489 and 5389 to be applied for UDP traffic matching with this entry." DEFVAL { symmetric } ::= { ipNatOutOperEntry 16 } ipNatOutOperParent OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Row number of the associated ipNatOutTable entry." DEFVAL { 0 } ::= { ipNatOutOperEntry 15 } ipNatOutOperIntPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatOutOperIntPort the internal source port range for which the table entry shall be valid. If this object is set to -1, only ipNatOutOperIntPort is used as selector for this entry." DEFVAL { -1 } ::= { ipNatOutOperEntry 17 } ipNatOutOperExtPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object may be used together with ipNatOutOperExtPort to specify a fixed external source port number range to which the internal source port numbers are mapped. This mapping depends on the position of the original source port number within the range specified by ipNatOutOperIntPort and ipNatOutOperIntPortRange. If this object is set to -1, only ipNatOutExtPort is considered for this entry." DEFVAL { -1 } ::= { ipNatOutOperEntry 18 } -- ********************************************************************** -- * ipNatPresetOperTable TABLE -- ********************************************************************** -- ipNatPresetOperTable contains all policies considered for IP address translation ipNatPresetOperTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNatPresetOperEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies the IP addresses and port numbers for sessions requested from outside. If this table is empty and NAT is enabled, only packets for sessions initiated from inside are forwarded. It's similar to the former defined ipNatPresetTable. The IP address and the port number of the internal server can be specified individually for each combination of - protocol (udp/tcp/icmp) - initiating hosts IP address (RemoteAddr, RemoteMask) - destination address or network (ExtAddr, ExtMask) - destination port number or range (ExtPort, ExtPortRange) Entries in the table are created: - either by the IP subsystem itself due to the administratively-defined ipNatPresetTable entries (ipNatPresetOperType_permanent(1)) - or by several subsystems whenever there is a need for such non-static NAT policies (ipNatPresetOperType_temporary(2)) Entries are deleted: - either by the IP subsystem itself due to the administratively-defined ipNatPresetTable entries (ipNatPresetOperType_permanent(1)) - or by several subsystems whenever there is a need for such non-static NAT policies (ipNatPresetOperType_temporary(2)) - or, in case of non-permanent entries, by the administrator." ::= { biboip 63 } ipNatPresetOperEntry OBJECT-TYPE SYNTAX IpNatPresetOperEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { ipNatPrOperIfIndex, ipNatPrOperProtocol, ipNatPrOperExtPort } ::= { ipNatPresetOperTable 1 } IpNatPresetOperEntry ::= SEQUENCE { ipNatPrOperIfIndex INTEGER, ipNatPrOperProtocol INTEGER, ipNatPrOperRemoteAddr IpAddress, ipNatPrOperRemoteMask IpAddress, ipNatPrOperExtAddr IpAddress, ipNatPrOperExtMask IpAddress, ipNatPrOperExtPort INTEGER, ipNatPrOperExtPortRange INTEGER, ipNatPrOperIntAddr IpAddress, ipNatPrOperIntPort INTEGER, ipNatPrOperIntMask IpAddress, ipNatPrOperTimeout INTEGER, ipNatPrOperTcpOption BITS, ipNatPrOperType INTEGER, ipNatPrOperParent INTEGER } ipNatPrOperIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the interface index, for which the table entry shall be valid. If set to 0, the entry will be valid for all interfaces configured to use NAT." ::= { ipNatPresetOperEntry 1 } ipNatPrOperProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), igmp(2), ggp(3), ip(4), tcp(6), egp(8), igp(9), pup(12), chaos(16), udp(17), hmp(20), xns-idp(22), rdp(27), ipv6(41), rsvp(46), gre(47), esp(50), ah(51), tlsp(56), skip(57), kryptolan(65), iso-ip(80), igrp(88), ospf(89), ipinip(94), ipx-in-ip(111), vrrp(112), l2tp(115), any(255), delete(256) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the protocol, for which the table entry shall be valid." DEFVAL { any } ::= { ipNatPresetOperEntry 2 } ipNatPrOperRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatPrOperRemoteMask the the set of IP addresses of remote hosts initiating a session. The table entry will be valid for an incoming packet, when the IP adress of the remote host initiating the session lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any remote host." ::= { ipNatPresetOperEntry 3 } ipNatPrOperRemoteMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatPrOperRemoteAddr the set of IP addresses of remote hosts initiating the session. The table entry will be valid for an incoming packet, when the IP adress of the remote host initiating the session lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any remote host." ::= { ipNatPresetOperEntry 4 } ipNatPrOperExtAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatPrOperExtMask the set of destination IP addresses, for which the table entry shall be valid. The entry is valid, if the target IP address of an incoming IP packet lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any IP address." ::= { ipNatPresetOperEntry 5 } ipNatPrOperExtMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatPrOperExtAddr the set of destination IP addresses, for which the table entry shall be valid. The entry is valid, if the target IP address of an incoming packet lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any IP address." ::= { ipNatPresetOperEntry 6 } ipNatPrOperExtPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatPrOperExtPortRange the range of portnumbers for incoming packets, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatPrOperPortRange is set to -1, the entry is only valid, when the destination portnumber of an incoming packet is equal to ipNatPrOperExtPort. Otherwise, the entry is valid, if the destination portnumber lies in the range ExtPort .. ExtPortRange." DEFVAL { -1 } ::= { ipNatPresetOperEntry 7 } ipNatPrOperExtPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies together with ipNatPrOperExtPort the range of portnumbers for incoming packets, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatPrOperPortRange is set to -1, the entry is only valid, when the destination portnumber of an incoming packet is equal to ipNatPrOperExtPort. Otherwise, the entry is valid, if the destination portnumber lies in the range ExtPort .. ExtPortRange." DEFVAL { -1 } ::= { ipNatPresetOperEntry 8 } ipNatPrOperIntAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "With ipNatPrOperIntMask, this object specifies the internal target host's IP address for incoming packets matching the table entry. An incoming packet matching this entry will be routed to the internal server specified by this object and ipNatPrOperIntMask. If this object is set to 0.0.0.0, the target host will be the original target host in the incoming packet. No translation of the IP-addresses takes place in this case. If ipNatPrOperIntMask is set to 255.255.255.255, the internal server IP address is ipNatPrOperIntAddr. If ipNatPrOperIntMask is a subnet mask, the internal server IP address is the incoming one in which the NET part is mapped according to 'ipNatPrOperIntAddr / ipNatPrOperIntMask'." ::= { ipNatPresetOperEntry 9 } ipNatPrOperIntPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the internal target host's port-number for incoming packets matching the table entry. If this object is set to -1, the target portnumber will be taken from the original incoming packet. No translation of the portnumber will take place in this case. If the set of portnumbers for this table entry is a range instead of a single portnumber, this object will specify the base of the target range of portnumbers. The internal portnumber will be constructed as follows: new-target-port := old-target-port - ipNatPrOperExtPort + ipNatPrOperIntPort " DEFVAL { -1 } ::= { ipNatPresetOperEntry 10 } ipNatPrOperIntMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "With ipNatPrOperIntAddr, this object specifies the internal target host's IP address for incoming packets matching the table entry. An incoming packet matching this entry will be routed to the internal server specified by this object and ipNatPrOperIntMask. If this object is set to 255.255.255.255, the internal server IP address is ipNatPrOperIntAddr. If this object is a subnet mask, the internal server IP address is the incoming one in which the NET part is mapped according to 'ipNatPrOperIntAddr / ipNatPrOperIntMask'." DEFVAL { 'ffffffff'h } --DEFVAL { 4294967295 } ::= { ipNatPresetOperEntry 11 } ipNatPrOperTimeout OBJECT-TYPE SYNTAX INTEGER (0..5184000) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "When there is no traffic associated with a NAT entry, this entry is discarded at the end of a timeout value. This object holds this timeout value in seconds. If set to the default value of 0, the timeout will be set to the value specified either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout, depending on the protocol." DEFVAL { 0 } ::= { ipNatPresetOperEntry 12 } ipNatPrOperTcpOption OBJECT-TYPE SYNTAX BITS { pathFinder(0) } MAX-ACCESS read-only STATUS current DESCRIPTION "Additional selector, increases the prossible granularity of the TCP-related NAT preset rules. This parameter doesn't matter if not set, in all other cases initial TCP SYN messages without the associated TCP option will be ignored, possible settings: - pathFinder(0) proprietary NCP pathfinder option " DEFVAL { 0 } ::= { ipNatPresetOperEntry 13 } ipNatPrOperType OBJECT-TYPE SYNTAX INTEGER { permanent(1), temporary(2), delete(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies whether there is an associated ipNatPrestTable entry (permanent) or not (temporary). Note that entries with type permanent (1) cannot be deleted by the administrator directly." DEFVAL { temporary } ::= { ipNatPresetOperEntry 14 } ipNatPrOperParent OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Row number of the associated ipNatPresetTable entry." DEFVAL { 0 } ::= { ipNatPresetOperEntry 15 } ipWolRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF IpWolRuleEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The ipWolRuleTable defines access rules for checking incoming IP packets. The rules are processed in order, i.e. each rule has a link to the next rule. The set of rules is processed until a match occurs, that means the rule's associated filter matches and the specified action is performed (either send a Wake-On-LAN packet via Ethernet or via UDP). The last rule is implicitly a deny rule. The set of rules to be processed can be defined for each interface." ::= { biboip 67 } ipWolRuleEntry OBJECT-TYPE SYNTAX IpWolRuleEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipWolRuleFilterIndex } ::= { ipWolRuleTable 1 } IpWolRuleEntry ::= SEQUENCE { ipWolRuleIndex INTEGER, ipWolRuleFilterIndex INTEGER, ipWolRuleAction INTEGER, ipWolRuleNextRuleIndex INTEGER, ipWolRuleWolType INTEGER, ipWolRuleTarget MacAddress, ipWolRulePassword DisplayString, ipWolRuleDescr DisplayString, ipWolRuleTargetIfIndex INTEGER } ipWolRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Unique rule index." ::= { ipWolRuleEntry 1 } ipWolRuleFilterIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "References the rule's associated filter." ::= { ipWolRuleEntry 2 } ipWolRuleAction OBJECT-TYPE SYNTAX INTEGER { invoke(1), -- invoke WoL if filter matches invoke-if-not(2), -- invoke if filter not matches deny(3), -- deny WoL if filter matches deny-if-not(4), -- deny WoL if filter not matches ignore(5), -- ignore rule and skip to next rule delete(6) -- delete the entry from the table } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the action to be performed if the rule's associated filter matches. If set to ignore the filter is not consulted and the next rule is processed immediately. invoke, invoke WoL if filter matches invoke-if-not, invoke if filter not matches deny, deny WoL if filter matches deny-if-not, deny WoL if filter not matches ignore, ignore rule and skip to next rule delete delete the entry from the table " DEFVAL { invoke } ::= { ipWolRuleEntry 3 } ipWolRuleNextRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Specifies the next rule to be processed. The value 0 is used to mark the end of the rule set." ::= { ipWolRuleEntry 4 } ipWolRuleWolType OBJECT-TYPE SYNTAX INTEGER { ether(1), udp(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Which Wake-On-LAN standard should be used." DEFVAL { ether } ::= { ipWolRuleEntry 5 } ipWolRuleTarget OBJECT-TYPE SYNTAX MacAddress ACCESS read-write STATUS mandatory DESCRIPTION "The mac address of the interface to be woken up." ::= { ipWolRuleEntry 6 } ipWolRulePassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..6)) ACCESS read-write STATUS mandatory DESCRIPTION "Wake-On-LAN password. The password length is either 0, 4 or 6." ::= { ipWolRuleEntry 7 } ipWolRuleDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "A textual string describing this Wake-On-LAN rule." ::= { ipWolRuleEntry 8 } ipWolRuleTargetIfIndex OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The index value which uniquely identifies Wake-On-LAN outbound interface." ::= { ipWolRuleEntry 9 } END