-- ***************************************************************** -- CISCO-NAT-CGN-EXT-MIB -- Definitions of managed objects describing Carrier Grade NAT -- -- March 2014, Jagadish Shivamurthy -- -- Copyright (c) 2014 by Cisco Systems, Inc. -- All rights reserved. -- ***************************************************************** CISCO-NAT-CGN-EXT-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Counter64, Gauge32, NOTIFICATION-TYPE FROM SNMPv2-SMI MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF TEXTUAL-CONVENTION FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB NatBehaviorType, NatPoolingType, natInstanceIndex, natInstanceEntry, natCountersEntry FROM NAT-MIB ciscoMgmt FROM CISCO-SMI; ciscoNatCgnExtMIB MODULE-IDENTITY LAST-UPDATED "201404030000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-snmp@cisco.com" DESCRIPTION "This MIB module extends the IETF draft NAT MIB available at http://tools.ietf.org/html/draft-ietf-behave-nat-mib-11 The extensions are intended to address the needs of the Carrier Grade NAT (CGN), also known as Large Scale NAT (LSN). GLOSSARY ========== Address mapping - is used to refer to association between a private IP to public IP (in case of NAT44 and DS Lite) or source IPv6 address to IPv4 address in case of NAT64 stateful application. Mapping - A mapping used to refer to a NAT translation record. It is a record held in memory that maps a private IP address and port to a public IP address and port. Subscriber - A subscriber is a record held in memory that provides IP address and other details of an end user device which has one or more mappings. Session - A session is a record maintained in memory that identifies a flow. The flow is uniquely identified by the source IPv4/IPv6 address, source port, translated IP address, translated source port, destination IPv4/IPv6 address and destination port. In to Out packet - A packet originating from a subscriber, with a private source address (or with an IPv6 address in case of NAT64), destined to a host with a public IP address. This packet needs NAT (or NAPT) service. Out to In packet - A packet originating from a host on the public Internet (or any host with a routable/public) source address, whose destination address is a mapped (translated) IP address. This packet needs reverse-NAT. Bulk port allocation - A NAT instance can be configured pre-allocate a range of contiguous ports instead of a single port. A mapping log record is created indicating the range of ports allocated to this subscriber. This is done in anticipation that the subscriber is likely to send packets that require more mappings to be created. For the subsequent mapping requests, one of the pre-allocated port is used and no additional log entries need to be created. This is a technique used to reduce the volume of translation record data." REVISION "201404030000Z" DESCRIPTION "Latest version of this MIB module." ::= { ciscoMgmt 818 } -- Textual Conventions definition will be defined before this line ciscoNatCgnExtMIBNotifs OBJECT IDENTIFIER ::= { ciscoNatCgnExtMIB 0 } ciscoNatCgnExtMIBObjects OBJECT IDENTIFIER ::= { ciscoNatCgnExtMIB 1 } ciscoNatCgnExtMIBConform OBJECT IDENTIFIER ::= { ciscoNatCgnExtMIB 2 } -- textual conventions NatCgnInstanceType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A value that represents a type of NAT instance. nat44(1): This is the traditional Network Address Translation from IPv4 to IPv4, explained in RFC 4787. nat64Stateful(2): This is the IPv6 to IPv4 translation (that is, Address Family translation), explained in RFC 6146. dsLite(3): This is the Dual Stack Lite, explained in RFC 6333." SYNTAX INTEGER { nat44(1), nat64Stateful(2), dsLite(3) } NatCgnALGType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A value that represents ALG (Application Level Gateway) protocol type." SYNTAX INTEGER { algActiveFTP(1), algDNS(2), algH323(3), algHTTP(4), algLDAP(5), algMSRPC(6), algNetBIOS(7), algPCP(8), algPPTP(9), algRCMD(10), algRTSP(11), algSCCP(12), algSIP(13), algSunRPC(14) } -- MIB Objects cNatCgnInstanceTable OBJECT-TYPE SYNTAX SEQUENCE OF CNatCgnInstanceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the NAT instances configured on the device." ::= { ciscoNatCgnExtMIBObjects 1 } cNatCgnInstanceEntry OBJECT-TYPE SYNTAX CNatCgnInstanceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describes a NAT instance configured on the device. The parameters include the type of the NAT instance and the important configuration elements." AUGMENTS { natInstanceEntry } ::= { cNatCgnInstanceTable 1 } CNatCgnInstanceEntry ::= SEQUENCE { cNatCgnInstanceType NatCgnInstanceType, cNatCgnInstanceServiceName SnmpAdminString, cNatCgnInstanceVrf SnmpAdminString, cNatCgnInstanceInterface SnmpAdminString, cNatCgnInstanceBehaviorType NatBehaviorType, cNatCgnInstancePoolingType NatPoolingType, cNatCgnInstanceProtocolPortLimit Unsigned32, cNatCgnInstanceProtocolPortBulkAllocControl Unsigned32 } cNatCgnInstanceType OBJECT-TYPE SYNTAX NatCgnInstanceType MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the type of the NAT instance. If the instance type is changed, the service-type attribute of the corresponding interfaces will also need to be changed." ::= { cNatCgnInstanceEntry 1 } cNatCgnInstanceServiceName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..32)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the CGN service name of this instance." ::= { cNatCgnInstanceEntry 2 } cNatCgnInstanceVrf OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the name the VRF that is bringing in subscriber's traffic that needs to undergo NAT." ::= { cNatCgnInstanceEntry 3 } cNatCgnInstanceInterface OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the name the interface that is bringing in subscriber's traffic that needs to undergo NAT. Typically either the cNatCgnInstanceVrf or cNatCgnInstanceInterface is needed to be configured, but not both." ::= { cNatCgnInstanceEntry 4 } cNatCgnInstanceBehaviorType OBJECT-TYPE SYNTAX NatBehaviorType MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the configured NAT mapping behavior for this instance." ::= { cNatCgnInstanceEntry 5 } cNatCgnInstancePoolingType OBJECT-TYPE SYNTAX NatPoolingType MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the configured NAT address pooling type for this instance." ::= { cNatCgnInstanceEntry 6 } cNatCgnInstanceProtocolPortLimit OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the configured protocol port limit. This is the maximum number of active mappings each subscriber can have at any given time. Value of zero means, it is unlimited." ::= { cNatCgnInstanceEntry 7 } cNatCgnInstanceProtocolPortBulkAllocControl OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the configured bulk port allocation size. Value of 0 means, bulk allocation is not applicable (or not supported). Value of 1 means, it is not enabled, that is, ports are allocated individually and not in bulk." ::= { cNatCgnInstanceEntry 8 } -- counters and statistics cNatCgnCounters OBJECT IDENTIFIER ::= { ciscoNatCgnExtMIBObjects 2 } cNatCgnCounterTable OBJECT-TYPE SYNTAX SEQUENCE OF CNatCgnCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the counters of NAT instances in the device." ::= { cNatCgnCounters 1 } cNatCgnCounterEntry OBJECT-TYPE SYNTAX CNatCgnCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry contains the additional statistics of a NAT instance." AUGMENTS { natCountersEntry } ::= { cNatCgnCounterTable 1 } CNatCgnCounterEntry ::= SEQUENCE { cNatCgnCounterSessionCreations Counter64, cNatCgnCounterSessionRemovals Counter64, cNatCgnCounterOutOfSessionDrops Counter64, cNatCgnCounterSessionLimitDrops Counter64, cNatCgnCounterNoMappingEntryDrops Counter64, cNatCgnCounterSourceIPOutOfRangeDrops Counter64, cNatCgnCounterEndPointFilteringDrops Counter64, cNatCgnCounterTCPSequenceDrops Counter64, cNatCgnCounterTCPMappingDrops Counter64, cNatCgnCounterFragmentPktsInToOutDrops Counter64, cNatCgnCounterFragmentPktsOutToInDrops Counter64, cNatCgnCounterCurrentPortAllocation Integer32, cNatCgnCounterPortUsageLowThreshold Integer32, cNatCgnCounterPortUsageClearLowThreshold Integer32, cNatCgnCounterPortUsageHighThreshold Integer32, cNatCgnCounterPortUsageClearHighThreshold Integer32, cNatCgnCounterAverageBulkPortUsage Gauge32 } cNatCgnCounterSessionCreations OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of sessions created since the instance is up." ::= { cNatCgnCounterEntry 1 } cNatCgnCounterSessionRemovals OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of sessions removed since the instance is up. The number of active sessions is equal to cNatCgnCounterSessionCreations - cNatCgnCounterSessionRemovals." ::= { cNatCgnCounterEntry 2 } cNatCgnCounterOutOfSessionDrops OBJECT-TYPE SYNTAX Counter64 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of packets dropped because they required a new session entry to be created, however, there is no space to create new sessions." ::= { cNatCgnCounterEntry 3 } cNatCgnCounterSessionLimitDrops OBJECT-TYPE SYNTAX Counter64 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of packets in either in to out or out to in direction dropped because of exceeding limit on session entries." ::= { cNatCgnCounterEntry 4 } cNatCgnCounterNoMappingEntryDrops OBJECT-TYPE SYNTAX Counter64 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of packets in the out to in direction not translated because there was no mapping found." ::= { cNatCgnCounterEntry 5 } cNatCgnCounterSourceIPOutOfRangeDrops OBJECT-TYPE SYNTAX Counter64 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of packets in the in to out direction not translated because source address was out of configured prefix or range. For NAT44 configured in predefined mode, NAT64 stateful or DS Lite, it could be drops due to source IP address not matching the configured prefix bits." ::= { cNatCgnCounterEntry 6 } cNatCgnCounterEndPointFilteringDrops OBJECT-TYPE SYNTAX Counter64 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of packets in the out to in direction dropped because of end point dependent filtering policy. Note, the value of this object should be interpreted in conjunction with the value of cNatCgnInstanceBehaviorType. If the NAT instance is configured with endpointIndependent behavior, the instance is not supposed to filter or drop any packets based on the destination. In such case this counter could either be zero or could be the number of packets passed which would have otherwise be filtered and dropped if cNatCgnInstanceBehaviorType is set to addressDependent or addressAndPortDependent." ::= { cNatCgnCounterEntry 7 } cNatCgnCounterTCPSequenceDrops OBJECT-TYPE SYNTAX Counter64 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of packets in the out to in direction dropped because TCP sequence check failed." ::= { cNatCgnCounterEntry 8 } cNatCgnCounterTCPMappingDrops OBJECT-TYPE SYNTAX Counter64 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of TCP packets in the in to out direction dropped because a new mapping was required to be created, however TCP SYN flag was not set." ::= { cNatCgnCounterEntry 9 } cNatCgnCounterFragmentPktsInToOutDrops OBJECT-TYPE SYNTAX Counter64 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of fragmented packets in the in to out direction dropped due to errors such as timed out waiting for first fragment or no space to hold the fragment." ::= { cNatCgnCounterEntry 10 } cNatCgnCounterFragmentPktsOutToInDrops OBJECT-TYPE SYNTAX Counter64 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of fragmented packets in the out to in direction dropped due to errors such as timed out waiting for first fragment or no space to hold the fragment." ::= { cNatCgnCounterEntry 11 } cNatCgnCounterCurrentPortAllocation OBJECT-TYPE SYNTAX Integer32 (0..100) MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the current average port allocation across all available public IP addresses applied to this NAT instance. When bulk allocation is enabled (that is, the value of cNatCgnInstanceProtocolPortBulkAllocControl is more than 1), this value will include all the ports pre-allocated in bulk (whether they are in use or not)." ::= { cNatCgnCounterEntry 12 } cNatCgnCounterPortUsageLowThreshold OBJECT-TYPE SYNTAX Integer32 (0..100) UNITS "percent" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the low threshold in percentage of available public ports that are used up. The notification cNatCgnNotifPortUsageWatermarkLow is sent once the value of cNatCgnCounterAveragePortAllocation becomes less than or equal to this value. If this object is set to zero, the notification is not generated." DEFVAL { 0 } ::= { cNatCgnCounterEntry 13 } cNatCgnCounterPortUsageClearLowThreshold OBJECT-TYPE SYNTAX Integer32 (0..100) UNITS "percent" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the clear low threshold in percentage of available public ports that are used up. The notification cNatCgnNotifPortUsageWatermarkLowClear is sent once the value of cNatCgnCounterAveragePortAllocation becomes more than or equal to this value. If this object is set to zero, the notification is not generated. Implementations must ensure that values of objects cNatCgnCounterPortUsageClearLowThreshold and cNatCgnCounterPortUsageLowThreshold remain consistent. For example, an implementation must respond with an inconsistentValue error if an attempt is made to set the the value of cNatCgnCounterPortUsageClearLowThreshold to be less than or equal to that of cNatCgnCounterPortUsageLowThreshold and vice versa." DEFVAL { 0 } ::= { cNatCgnCounterEntry 14 } cNatCgnCounterPortUsageHighThreshold OBJECT-TYPE SYNTAX Integer32 (0..100) UNITS "percent" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the high threshold in percentage of available public ports that are used up. The notification cNatCgnNotifPortUsageWatermarkHigh is sent once the value of cNatCgnCounterAveragePortAllocation becomes higher than or equal to this value. If this field is set to zero, the notification is not generated." DEFVAL { 0 } ::= { cNatCgnCounterEntry 15 } cNatCgnCounterPortUsageClearHighThreshold OBJECT-TYPE SYNTAX Integer32 (0..100) UNITS "percent" MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the clear high threshold in percentage of available public ports that are used up. The notification cNatCgnNotifPortUsageWatermarkHighClear is sent once the value of cNatCgnCounterAveragePortAllocation becomes less than or equal to this value. If this object is set to zero, the notification is not generated. Implementations must ensure that values of objects cNatCgnCounterPortUsageClearHighThreshold and cNatCgnCounterPortUsageHighThreshold remain consistent. For example, an implementation must respond with an inconsistentValue error if an attempt is made to set the the value of cNatCgnCounterPortUsageClearHighThreshold to be more than or equal to that of cNatCgnCounterPortUsageHighThreshold and vice versa." DEFVAL { 0 } ::= { cNatCgnCounterEntry 16 } cNatCgnCounterAverageBulkPortUsage OBJECT-TYPE SYNTAX Gauge32 (0..100) MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the average percentage usage of ports pre-allocated in bulk. This value is valid only if the bulk allocation is configured. That is the value specified by the cNatCgnInstanceProtocolPortBulkAllocControl is more than 1. This value gives hints about effectiveness of bulk port allocation technique. A very low percentage of bulk port usage may suggest that, bulk allocation size be reduced. On the other hand, a value close to 100 may hint at increasing the bulk size to further reduce log data volume." ::= { cNatCgnCounterEntry 17 } -- Translation logging cNatCgnLogStatTable OBJECT-TYPE SYNTAX SEQUENCE OF CNatCgnLogStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the logging statistics of each NAT instance in the device." ::= { cNatCgnCounters 2 } cNatCgnLogStatEntry OBJECT-TYPE SYNTAX CNatCgnLogStatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describes the logging related statistics of a NAT instance." INDEX { natInstanceIndex } ::= { cNatCgnLogStatTable 1 } CNatCgnLogStatEntry ::= SEQUENCE { cNatCgnLogStatMappingCreateRecords Counter64, cNatCgnLogStatMappingDeleteRecords Counter64, cNatCgnLogStatSessionCreateRecords Counter64, cNatCgnLogStatSessionDeleteRecords Counter64, cNatCgnLogStatNetflowPackets Counter64, cNatCgnLogStatNetflowPacketDrops Counter64, cNatCgnLogStatSyslogPackets Counter64, cNatCgnLogStatSyslogPacketDrops Counter64 } cNatCgnLogStatMappingCreateRecords OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of translation create records generated. It could be Netflow or Syslog records. It may not always necessarily be equal to number of mappings created (natMappingCreations of the NAT-MIB). If bulk allocation is enabled, this number could be much smaller than natMappingCreations. If the NAT mode is configured to be pre-defined or if logging is not configured, this could be zero." ::= { cNatCgnLogStatEntry 1 } cNatCgnLogStatMappingDeleteRecords OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of translation delete records generated. It could be Netflow or Syslog records. It may not always necessarily be equal to number of mappings deleted (natMappingRemovals of the NAT-MIB). If bulk allocation is enabled, this number could be much smaller than natMappingRemovals. If the NAT mode is configured to be pre-defined or if logging is not configured, this could be zero." ::= { cNatCgnLogStatEntry 2 } cNatCgnLogStatSessionCreateRecords OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of session create records generated. It could be Netflow or Syslog records. It may not always necessarily be equal to number of sessions created (cNatCgnCounterSessionCreations). If logging is not configured or if session logging is not configured, this could be zero." ::= { cNatCgnLogStatEntry 3 } cNatCgnLogStatSessionDeleteRecords OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of session delete records generated. It could be Netflow or Syslog records. It may not always necessarily be equal to number of sessions deleted (cNatCgnCounterSessionRemovals). If the logging is not configured or if session logging is not configured, this could be zero." ::= { cNatCgnLogStatEntry 4 } cNatCgnLogStatNetflowPackets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of Netflow packets generated. This includes the packet which could not be sent out due to congestion or other reasons." ::= { cNatCgnLogStatEntry 5 } cNatCgnLogStatNetflowPacketDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of Netflow packets which could not be sent out due to congestion or other errors within the CGN device. This does not include any drops along the way to the collector." ::= { cNatCgnLogStatEntry 6 } cNatCgnLogStatSyslogPackets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of Syslog packets generated. This includes the packet which could not be sent out due to congestion or other reasons." ::= { cNatCgnLogStatEntry 7 } cNatCgnLogStatSyslogPacketDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of Syslog packets which could not be sent out due to congestion or other errors within the CGN device. This does not include any drops along the way to the collector." ::= { cNatCgnLogStatEntry 8 } -- ALG specific counters cNatCgnALGCountersTable OBJECT-TYPE SYNTAX SEQUENCE OF CNatCgnALGCountersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the application level gateway status and counters for each ALG type and for each NAT instance in the device." ::= { cNatCgnCounters 3 } cNatCgnALGCountersEntry OBJECT-TYPE SYNTAX CNatCgnALGCountersEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describes status and counters of a specific ALG type for a specific NAT instance." INDEX { natInstanceIndex, cNatCgnALGType } ::= { cNatCgnALGCountersTable 1 } CNatCgnALGCountersEntry ::= SEQUENCE { cNatCgnALGType NatCgnALGType, cNatCgnALGStatus INTEGER, cNatCgnALGMappingCreations Counter64, cNatCgnALGMappingRemovals Counter64, cNatCgnALGUnsupportedErrors Counter64, cNatCgnALGProtocolErrors Counter64 } cNatCgnALGType OBJECT-TYPE SYNTAX NatCgnALGType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the ALG type which together with natInstanceIndex uniquely identifies the set of counters being reported." ::= { cNatCgnALGCountersEntry 1 } cNatCgnALGStatus OBJECT-TYPE SYNTAX INTEGER { notApplicable(1), unSupported(2), notEnabled(3), enabled(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the status of this ALG type for this NAT instance. notApplicable: This ALG type is not relevant to this NAT instance. unSupported: This ALG type is relevant to this NAT instance, however it is not supported. notEnabled: This ALG is supported on this NAT instance, however it is not enabled in the configuration. enabled: This ALG is enabled on this NAT instance. The rest of the objects of this entry are valid only if the cNatCgnALGStatus is set to enabled." ::= { cNatCgnALGCountersEntry 2 } cNatCgnALGMappingCreations OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of mappings created for this ALG." ::= { cNatCgnALGCountersEntry 3 } cNatCgnALGMappingRemovals OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of mappings removed which were created for this ALG. The number of active mappings for this ALG is equal to cNatCgnALGMappingCreations - cNatCgnALGMappingRemovals." ::= { cNatCgnALGCountersEntry 4 } cNatCgnALGUnsupportedErrors OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of application level messages/packets which could not be processed as they used options which are not yet supported. This does not include messages/packets that did not conform to the protocol." ::= { cNatCgnALGCountersEntry 5 } cNatCgnALGProtocolErrors OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the number of application level messages/packets which could not be processed as they did not conform to the protocol." ::= { cNatCgnALGCountersEntry 6 } -- notifications cNatCgnNotifPortUsageWatermarkLow NOTIFICATION-TYPE OBJECTS { cNatCgnCounterCurrentPortAllocation, cNatCgnCounterPortUsageLowThreshold } STATUS current DESCRIPTION "The device generates this notification when the value of cNatCgnCounterCurrentPortAllocation becomes lower than or equal to the value of cNatCgnCounterPortUsageLowThreshold. The device will not generate notification if cNatCgnCounterPortUsageLowThreshold is set to zero." ::= { ciscoNatCgnExtMIBNotifs 1 } cNatCgnNotifPortUsageWatermarkLowClear NOTIFICATION-TYPE OBJECTS { cNatCgnCounterCurrentPortAllocation, cNatCgnCounterPortUsageClearLowThreshold } STATUS current DESCRIPTION "The device generates this notification when the value of cNatCgnCounterCurrentPortAllocation becomes higher than or equal to the value of cNatCgnCounterPortUsageClearLowThreshold and if cNatCgnNotifPortUsageWatermarkLow is already generated. The device will not generate notification if cNatCgnCounterPortUsageClearLowThreshold is set to zero." ::= { ciscoNatCgnExtMIBNotifs 2 } cNatCgnNotifPortUsageWatermarkHigh NOTIFICATION-TYPE OBJECTS { cNatCgnCounterCurrentPortAllocation, cNatCgnCounterPortUsageHighThreshold } STATUS current DESCRIPTION "The device generates this notification when the value of cNatCgnCounterCurrentPortAllocation becomes higher than or equal to the cNatCgnCounterPortUsageHighThreshold. The device will not generate notification if cNatCgnCounterPortUsageHighThreshold is set to zero." ::= { ciscoNatCgnExtMIBNotifs 3 } cNatCgnNotifPortUsageWatermarkHighClear NOTIFICATION-TYPE OBJECTS { cNatCgnCounterCurrentPortAllocation, cNatCgnCounterPortUsageClearHighThreshold } STATUS current DESCRIPTION "The device generates this notification when the value of cNatCgnCounterCurrentPortAllocation becomes lower than or equal to the value of cNatCgnCounterPortUsageClearLowThreshold and if cNatCgnNotifPortUsageWatermarkHigh is already generated. The device will not generate notification if cNatCgnCounterPortUsageClearHighThreshold is set to zero." ::= { ciscoNatCgnExtMIBNotifs 4 } -- conformance and grouping cNatCgnMIBCompliances OBJECT IDENTIFIER ::= { ciscoNatCgnExtMIBConform 1 } cNatCgnMIBGroups OBJECT IDENTIFIER ::= { ciscoNatCgnExtMIBConform 2 } -- compliance statements cNatCgnModuleCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "This compliance statement specifies the minimal requirements an implementation must meet in order to claim full compliance with the definition of the CISCO-NAT-CGN-EXT-MIB." MODULE -- this module MANDATORY-GROUPS { cNatCgnConfigGroup, cNatCgnCountersGroup, cNatCgnNotificationsGroup } GROUP cNatCgnOptionConfigGroup DESCRIPTION "This group is to be supported if the device supports configuration of NAT pooling and behavior types." GROUP cNatCgnBulkAllocGroup DESCRIPTION "This group is to be supported if the device supports bulk port allocation." GROUP cNatCgnSessionGroup DESCRIPTION "This group is to be supported if the device supports session level tracking." GROUP cNatCgnNetflowLoggingGroup DESCRIPTION "This group is to be supported if the device supports Netflow format of translation logging." GROUP cNatCgnSyslogLoggingGroup DESCRIPTION "This group is to be supported if the device supports Syslog format of translation logging." GROUP cNatCgnFragmentsGroup DESCRIPTION "This group is to be supported if the device supports fragmented packet processing." GROUP cNatCgnALGCountersGroup DESCRIPTION "This group is to be supported if the device supports one or more ALGs in the NAT." GROUP cNatCgnServiceNameGroup DESCRIPTION "This group is to be supported if the device supports service configuration." OBJECT cNatCgnInstanceBehaviorType MIN-ACCESS read-only DESCRIPTION "Write access is optional." OBJECT cNatCgnInstancePoolingType MIN-ACCESS read-only DESCRIPTION "Write access is optional." OBJECT cNatCgnInstanceProtocolPortLimit MIN-ACCESS read-only DESCRIPTION "Write access is optional." OBJECT cNatCgnInstanceProtocolPortBulkAllocControl MIN-ACCESS read-only DESCRIPTION "Write access is optional." OBJECT cNatCgnInstanceType MIN-ACCESS read-only DESCRIPTION "Write access is optional." OBJECT cNatCgnInstanceVrf MIN-ACCESS read-only DESCRIPTION "Write access is optional." OBJECT cNatCgnInstanceInterface MIN-ACCESS read-only DESCRIPTION "Write access is optional." OBJECT cNatCgnInstanceServiceName MIN-ACCESS read-only DESCRIPTION "Write access is optional." ::= { cNatCgnMIBCompliances 1 } -- object groups cNatCgnConfigGroup OBJECT-GROUP OBJECTS { cNatCgnInstanceType, cNatCgnInstanceInterface, cNatCgnInstanceVrf } STATUS current DESCRIPTION "This group contains objects describing basic configuration elements of NAT instances." ::= { cNatCgnMIBGroups 1 } cNatCgnOptionConfigGroup OBJECT-GROUP OBJECTS { cNatCgnInstanceBehaviorType, cNatCgnInstancePoolingType, cNatCgnInstanceProtocolPortLimit } STATUS current DESCRIPTION "This group contains objects describing optional configuration elements of NAT instances." ::= { cNatCgnMIBGroups 2 } cNatCgnCountersGroup OBJECT-GROUP OBJECTS { cNatCgnCounterNoMappingEntryDrops, cNatCgnCounterSourceIPOutOfRangeDrops, cNatCgnCounterEndPointFilteringDrops, cNatCgnCounterTCPSequenceDrops, cNatCgnCounterTCPMappingDrops, cNatCgnCounterCurrentPortAllocation, cNatCgnCounterPortUsageLowThreshold, cNatCgnCounterPortUsageClearLowThreshold, cNatCgnCounterPortUsageHighThreshold, cNatCgnCounterPortUsageClearHighThreshold } STATUS current DESCRIPTION "This group contains objects describing counters and thresholds." ::= { cNatCgnMIBGroups 3 } cNatCgnSessionGroup OBJECT-GROUP OBJECTS { cNatCgnCounterSessionCreations, cNatCgnCounterSessionRemovals, cNatCgnCounterOutOfSessionDrops, cNatCgnCounterEndPointFilteringDrops, cNatCgnCounterSessionLimitDrops } STATUS current DESCRIPTION "This group contains objects describing counters specific to session level tracking." ::= { cNatCgnMIBGroups 4 } cNatCgnBulkAllocGroup OBJECT-GROUP OBJECTS { cNatCgnInstanceProtocolPortBulkAllocControl, cNatCgnCounterAverageBulkPortUsage } STATUS current DESCRIPTION "This group contains objects describing configuration and statistics specific to bulk port allocation." ::= { cNatCgnMIBGroups 5 } cNatCgnNetflowLoggingGroup OBJECT-GROUP OBJECTS { cNatCgnLogStatMappingCreateRecords, cNatCgnLogStatMappingDeleteRecords, cNatCgnLogStatSessionCreateRecords, cNatCgnLogStatSessionDeleteRecords, cNatCgnLogStatNetflowPackets, cNatCgnLogStatNetflowPacketDrops } STATUS current DESCRIPTION "This group contains objects describing counters of Netflow based logging." ::= { cNatCgnMIBGroups 6 } cNatCgnSyslogLoggingGroup OBJECT-GROUP OBJECTS { cNatCgnLogStatMappingCreateRecords, cNatCgnLogStatMappingDeleteRecords, cNatCgnLogStatSessionCreateRecords, cNatCgnLogStatSessionDeleteRecords, cNatCgnLogStatSyslogPackets, cNatCgnLogStatSyslogPacketDrops } STATUS current DESCRIPTION "This group contains objects describing counters of syslog based logging." ::= { cNatCgnMIBGroups 7 } cNatCgnFragmentsGroup OBJECT-GROUP OBJECTS { cNatCgnCounterFragmentPktsInToOutDrops, cNatCgnCounterFragmentPktsOutToInDrops } STATUS current DESCRIPTION "This group contains objects describing fragment related counters." ::= { cNatCgnMIBGroups 8 } cNatCgnALGCountersGroup OBJECT-GROUP OBJECTS { cNatCgnALGStatus, cNatCgnALGMappingCreations, cNatCgnALGMappingRemovals, cNatCgnALGUnsupportedErrors, cNatCgnALGProtocolErrors } STATUS current DESCRIPTION "This group contains objects describing counters related to ALG processing." ::= { cNatCgnMIBGroups 9 } cNatCgnNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { cNatCgnNotifPortUsageWatermarkLow, cNatCgnNotifPortUsageWatermarkLowClear, cNatCgnNotifPortUsageWatermarkHigh, cNatCgnNotifPortUsageWatermarkHighClear } STATUS current DESCRIPTION "This group contains notifications supporting NAT instances." ::= { cNatCgnMIBGroups 15 } cNatCgnServiceNameGroup OBJECT-GROUP OBJECTS { cNatCgnInstanceServiceName } STATUS current DESCRIPTION "This group contains objects describing service related configuration elements" ::= { cNatCgnMIBGroups 11 } END