-- ******************************************************************* -- CISCO-LWAPP-ACL-MIB.my -- August 2006, Sheeba Kamra -- -- Copyright (c) 2005-2006, 2016, 2017 by Cisco Systems, Inc. -- All rights reserved. -- ******************************************************************* CISCO-LWAPP-ACL-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF TruthValue, RowStatus FROM SNMPv2-TC InetAddressType, InetAddress FROM INET-ADDRESS-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB CiscoURLString FROM CISCO-TC ciscoMgmt FROM CISCO-SMI; -- ******************************************************************** -- * MODULE IDENTITY -- ******************************************************************** ciscoLwappAclMIB MODULE-IDENTITY LAST-UPDATED "201704240000Z" ORGANIZATION "Cisco Systems Inc." CONTACT-INFO "Cisco Systems, Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS Email: cs-wnbu-snmp@cisco.com" DESCRIPTION "This MIB is intended to be implemented on all those devices operating as Central Controllers (CC) that terminate the Light Weight Access Point Protocol tunnel from Light-weight LWAPP Access Points. This MIB provides configuration and status information about the ACLs on the controller. Particularly this mib covers the CPU ACLs for the wireless controllers. Traffic to the controller CPU comes from the NPU (Network Processing Unit). Using CPU ACLs, the user can place restrictions on type of traffic reaching the CPU of the controller from the NPU. CPU ACLs introduce an ACL for the traffic to the CPU of controller. With this ACL the type of packets reaching the CPU can be controlled. The mode of operation is as follows. The administrator designates one ACL for the traffic to the CPU. The ACL kicks in for packets from the NPU to the CPU. Each ACL is an ordered set of rules. If a rule matches then action for that rule is applied to the packet. The decision to send or drop the packet is taken based on the action parameter of the ACL. There will be no ACL for the packets from the CPU to the NPU. GLOSSARY Access Control List ( ACL ) A list of rules used to restrict the traffic reaching an interface or the CPU. Each ACL is an ordered set of rules and actions. If a rule matches then the action for that rule is applied to the packet. Access Point ( AP ) An entity that contains an 802.11 medium access control ( MAC ) and physical layer ( PHY ) interface and provides acess to the distribution services via the wireless medium for associated clients. CPU ACL ( CPU ACL ) The ACL applied to the CPU. This controls the type of traffic reaching the CPU of the controller. Network Processing Unit ( NPU ) This entity is responsible for forwarding traffic to the CPU. The only exceptions are data coming through the console port and the Service port i.e. these communicate directly with the CPU and not via the NPU. Light Weight Access Point Protocol ( LWAPP ) This is a generic protocol that defines the communciation between the Access Points and the Central Controller. REFERENCE [1] Part 11 Wireless LAN Medium Access Control ( MAC ) and Physical Layer ( PHY ) Specifications." REVISION "201704240000Z" DESCRIPTION "Changed name claAclUrl to claAclUrlName." REVISION "201003040000Z" DESCRIPTION "Added claAclTable and claAclRuleTable." REVISION "200608290000Z" DESCRIPTION "Moved scalar attributes to claCpuAclTable." REVISION "200607190000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 577 } ciscoLwappAclMIBNotifs OBJECT IDENTIFIER ::= { ciscoLwappAclMIB 0 } ciscoLwappAclMIBObjects OBJECT IDENTIFIER ::= { ciscoLwappAclMIB 1 } ciscoLwappAclMIBConform OBJECT IDENTIFIER ::= { ciscoLwappAclMIB 2 } ciscoLwappCpuAcl OBJECT IDENTIFIER ::= { ciscoLwappAclMIBObjects 1 } ciscoLwappControllerAcl OBJECT IDENTIFIER ::= { ciscoLwappAclMIBObjects 2 } ciscoLwappControllerAclGeneral OBJECT IDENTIFIER ::= { ciscoLwappAclMIBObjects 3 } claAclCounterEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the ACL Counters status if packets are hitting any of the ACLs that are configured on the controller. A value of 'true' indicates that ACL counter is enabled. A value of 'false' indicates that ACL counter is disabled." DEFVAL { false } ::= { ciscoLwappControllerAclGeneral 1 } claUrlAclExternalServerIpType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the IP address type of External server to which the blocked URL will be redirected." ::= { ciscoLwappControllerAclGeneral 2 } claUrlAclExternalServerIp OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the Ip address of External server to which the blocked URL will be redirected." ::= { ciscoLwappControllerAclGeneral 3 } claCpuAclTable OBJECT-TYPE SYNTAX SEQUENCE OF ClaCpuAclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table represents the CPU ACL related parameters of the controller." ::= { ciscoLwappCpuAcl 1 } claCpuAclEntry OBJECT-TYPE SYNTAX ClaCpuAclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a conceptual row in this table. For each CPU ACL of the controller, there will be a row." INDEX { claCpuAclIndex } ::= { claCpuAclTable 1 } ClaCpuAclEntry ::= SEQUENCE { claCpuAclIndex Unsigned32, claCpuAclName SnmpAdminString, claCpuAclPacketApplicability INTEGER } claCpuAclIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents unique instance of a CPU ACL on the controller." ::= { claCpuAclEntry 1 } claCpuAclName OBJECT-TYPE SYNTAX SnmpAdminString(SIZE (0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies name of the ACL applied to the CPU. The access list to be applied should already exist on the controller. If it is required to remove the ACL for the CPU, this field should be set to an empty string." ::= { claCpuAclEntry 2 } claCpuAclPacketApplicability OBJECT-TYPE SYNTAX INTEGER { none(1), wired(2), wireless(3), both(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether CPU ACL applied for only wired packets, wireless packets or both. From release 7.0 onwards, wired and wireless is not supported. A value of none(1) indicates that, no ACL applied to CPU. A value of wired(2) indicates that, ACL applied to wired packets. A value of wireless(3) indicates that, ACL applied to wireless packets. A value of both(4) indicates that, the attribute claCpuAclName got set." DEFVAL { none } ::= { claCpuAclEntry 3 } claAclTable OBJECT-TYPE SYNTAX SEQUENCE OF ClaAclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table represents the ACLs (Access Control Lists) and counter status on the Switch." ::= { ciscoLwappControllerAcl 1 } claAclEntry OBJECT-TYPE SYNTAX ClaAclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a conceptual row in this table. For each ACL on the controller, there will be a row. " INDEX { claAclName } ::= { claAclTable 1 } ClaAclEntry ::= SEQUENCE { claAclName OCTET STRING, claAclCounterClear TruthValue } claAclName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents name of the Access Control List." ::= { claAclEntry 1 } claAclCounterClear OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the counter clear value of a unique ACL name. A value of 'true' indicates that, ACL counter will be cleared. A value of 'false' indicates that, ACL counter will not be cleared." DEFVAL { false } ::= { claAclEntry 2 } claAclRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF ClaAclRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table represents the rules and number of hits under ACL on the switch." ::= { ciscoLwappControllerAcl 2 } claAclRuleEntry OBJECT-TYPE SYNTAX ClaAclRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a conceptual row in this table. For each ACL rule of the controller, there will be a row." INDEX { claAclName, claAclRuleIndex } ::= { claAclRuleTable 1 } ClaAclRuleEntry ::= SEQUENCE { claAclRuleIndex Unsigned32, claAclRuleHits Counter32 } claAclRuleIndex OBJECT-TYPE SYNTAX Unsigned32(1..64) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents index of the ACL rule. This can be updated to reset the sequence of the rules of an ACL." ::= { claAclRuleEntry 2 } claAclRuleHits OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates number of hits in the particular rule under the ACL. This object is cleared by setting the claAclCounterClear object." ::= { claAclRuleEntry 3 } claAclUrlTable OBJECT-TYPE SYNTAX SEQUENCE OF ClaAclUrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table represents the URL ACLs (Access Control Lists)." ::= { ciscoLwappControllerAcl 3 } claAclUrlEntry OBJECT-TYPE SYNTAX ClaAclUrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a conceptual row in this table. For each ACL rule of the controller, there will be a row. " INDEX { claAclName, claAclUrlIndex } ::= { claAclUrlTable 1 } ClaAclUrlEntry ::= SEQUENCE { claAclUrlIndex Unsigned32, claAclUrlName CiscoURLString, claAclUrlRowStatus RowStatus } claAclUrlIndex OBJECT-TYPE SYNTAX Unsigned32(1..10) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents index of the ACL URL. This can be updated to reset the sequence of the URL entries of an ACL." ::= { claAclUrlEntry 1 } claAclUrlName OBJECT-TYPE SYNTAX CiscoURLString MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies URL used for ACL. This is used by ACL to permit or deny " ::= { claAclUrlEntry 2 } claAclUrlRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This is the status column for this row and is used to create and delete specific instances of rows in this table." ::= { claAclUrlEntry 3 } -- ******************************************************************* -- clUrlAclTable -- ******************************************************************* claUrlAclTable OBJECT-TYPE SYNTAX SEQUENCE OF ClaUrlAclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table represents URL ACLs on the switch." ::= { ciscoLwappControllerAcl 4 } claUrlAclEntry OBJECT-TYPE SYNTAX ClaUrlAclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents the attributes for cLlaUrlAclTable. An entry gets added to the table on creating a Url ACL. Only 64 Url-Acls can be configured" INDEX { claUrlAclName } ::= { claUrlAclTable 1 } ClaUrlAclEntry ::= SEQUENCE { claUrlAclName OCTET STRING, claUrlAclApplyMode INTEGER, claUrlAclCounterClear TruthValue, claUrlAclRowStatus RowStatus, claUrlAclListType INTEGER } claUrlAclName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object specifies name of the URL Access Control List." ::= { claUrlAclEntry 1 } claUrlAclApplyMode OBJECT-TYPE SYNTAX INTEGER { notapplied(1), applied(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the apply mode of the URL ACL on the switch. A value of notapplied(1) indicates that, URL ACL not applied. A value of applied(2) indicates that, URL ACL has been applied on the switch." DEFVAL { notapplied } ::= { claUrlAclEntry 2 } claUrlAclCounterClear OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the URL ACL counter clear value. A value of 'true' indicates that, URL ACL counters will be cleared. A value of 'false' indicates that, URL ACL counters will not be cleared." DEFVAL { false } ::= { claUrlAclEntry 3 } claUrlAclRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies status column for this row and used to create and delete specific instances of rows in this table." ::= { claUrlAclEntry 4 } claUrlAclListType OBJECT-TYPE SYNTAX INTEGER { whitelist(1), blacklist(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the URL ACL list type. A value of whitelist(1) indicates that, all the url configured in acl will only be permitted. A value of blacklist(2) indicates that, only rules specified in the acl will be denied" DEFVAL { whitelist } ::= { claUrlAclEntry 5 } claUrlAclRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF ClaUrlAclRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table represents URL ACL Rules." ::= { ciscoLwappControllerAcl 5 } claUrlAclRuleEntry OBJECT-TYPE SYNTAX ClaUrlAclRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents the attributes for claUrlAclRuleTable. An entry gets added to the table on creating a rule on URL ACL.In a given ACL there can only be 100 rules" INDEX { claUrlAclName, claUrlAclRuleIndex } ::= { claUrlAclRuleTable 1 } ClaUrlAclRuleEntry ::= SEQUENCE { claUrlAclRuleIndex Unsigned32, claUrlAclRuleUrl OCTET STRING, claUrlAclRuleAction INTEGER, claUrlAclRuleHits Counter32, claUrlAclRuleRowStatus RowStatus } claUrlAclRuleIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents the unique index of the URL ACL rule. This can be updated to reset the sequence of the rules of an URL ACL." ::= { claUrlAclRuleEntry 1 } claUrlAclRuleUrl OBJECT-TYPE SYNTAX OCTET STRING (SIZE(1..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the URL of a rule." ::= { claUrlAclRuleEntry 2 } claUrlAclRuleAction OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the permission mode of a rule. A value of deny(0) indicates that, URL is to be denied. A value of permit(1) indicates that, URL is to be permitted." DEFVAL { permit } ::= { claUrlAclRuleEntry 3 } claUrlAclRuleHits OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates number of hits in the particular rule under the URL ACL.This object is cleared by setting the claUrlAclCounterClear object." ::= { claUrlAclRuleEntry 4 } claUrlAclRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This is the status column for this row and is used to create and delete specific instances of rows in this table." ::= { claUrlAclRuleEntry 5 } -- ******************************************************************** -- * Compliance statements -- ******************************************************************** ciscoLwappAclMIBCompliances OBJECT IDENTIFIER ::= { ciscoLwappAclMIBConform 1 } ciscoLwappAclMIBGroups OBJECT IDENTIFIER ::= { ciscoLwappAclMIBConform 2 } ciscoLwappAclMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for the SNMP entities that implement the ciscoLwappAclMIB module." MODULE -- this module MANDATORY-GROUPS { ciscoLwappCpuAclGroup } ::= { ciscoLwappAclMIBCompliances 1 } ciscoLwappAclMIBComplianceRev1 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the SNMP entities that implement the ciscoLwappAclMIB module." MODULE -- this module MANDATORY-GROUPS { ciscoLwappCpuAclGroup, ciscoLwappAclGroup } ::= { ciscoLwappAclMIBCompliances 2 } -- ******************************************************************** -- * Units of conformance -- ******************************************************************** ciscoLwappCpuAclGroup OBJECT-GROUP OBJECTS { claCpuAclName, claCpuAclPacketApplicability } STATUS current DESCRIPTION "This collection of objects represents the information about the general attributes of CPU ACL." ::= { ciscoLwappAclMIBGroups 1 } ciscoLwappAclGroup OBJECT-GROUP OBJECTS { claAclCounterEnable, claAclCounterClear, claAclRuleHits, claAclCounterEnable, claAclCounterClear, claAclRuleHits, claUrlAclExternalServerIpType, claUrlAclExternalServerIp, claAclUrlName, claAclUrlRowStatus, claUrlAclApplyMode, claUrlAclCounterClear, claUrlAclRowStatus, claUrlAclListType, claUrlAclRuleUrl, claUrlAclRuleAction, claUrlAclRuleHits, claUrlAclRuleRowStatus } STATUS current DESCRIPTION "This collection of objects represents the information about the general attributes of controller ACL." ::= { ciscoLwappAclMIBGroups 2 } END