WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/avaya/POLICY-MIB

4856 lines
199 KiB
Plaintext
Raw Permalink Blame History

--
-- POLICY-MIB.my
-- ========================================================
--
-- MIB : Policy Avaya Communication
--
-- ========================================================
-- Source Safe data:
-- $Revision: 38 $
-- Check In: $Date: 16/11/06 10:56a $
-- $Author: Sbiton $
-- $Archive: /MIBs/Version 1.0/Source/Lannet/POLICY-MIB.MY $
-- ========================================================
--
-- Copyright 1999, 2000, 2001, 2002, 2003 Avaya Ltd.
-- All Rights Reserved.
--
-- Reproduction of this document is authorized on condition
-- that the foregoing copyright notice is included.
--
-- This Avaya SNMP Management Information Base
-- Specification embodies Avaya confidential and
-- proprietary intellectual property. Lucent Technologies retains all
-- title and ownership in the Specification, including any revisions
--
-- It is Avaya intent to encourage the widespread use of this
-- Specification in connection with the management of Avaya
-- products.
--
-- Avaya grants vendors, endusers, and other interested parties
-- a nonexclusive license to use this Specification in connection
-- with the management of Avaya products.
--
-- This Specification is supplied "as is," and Avaya makes
-- no warranty, either express or implied, as to the use,
-- operation, condition, or performance of the Specification.
--
-- ==========================================================
--
-- POLICYMIB.my
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Thursday, May 01, 2003 at 18:22:30
--
-- POLICYMIB.MY
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Thursday, May 01, 2003 at 14:22:21
--
-- POLICYMIB.MY
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Thursday, May 01, 2003 at 11:07:40
--
-- Policy.mib
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Wednesday, December 18, 2002 at 11:05:55
--
-- Policy.mib
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Thursday, December 12, 2002 at 10:51:52
--
-- Policy.mib
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Thursday, December 12, 2002 at 10:42:38
--
-- Policy.mib
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Tuesday, December 03, 2002 at 08:54:10
--
-- POLICYMIB.mib
-- MIB generated by MGSOFT Visual MIB Builder Version 3.0 Build 253
-- Monday, July 08, 2002 at 09:14:03
--
POLICY-MIB DEFINITIONS ::= BEGIN
IMPORTS
lannet
FROM GEN-MIB
DisplayString
FROM RFC1213-MIB
TimeTicks, IpAddress, Integer32, OBJECT-TYPE, MODULE-IDENTITY
FROM SNMPv2-SMI
TEXTUAL-CONVENTION
FROM SNMPv2-TC;
-- June 29, 2003 at 09:58 GMT
-- June 25, 2003 at 21:19 GMT
-- June 18, 2003 at 11:58 GMT
-- June 18, 2003 at 10:56 GMT
-- June 16, 2003 at 19:27 GMT
-- June 03, 2003 at 10:36 GMT
-- May 05, 2003 at 15:25 GMT
-- May 01, 2003 at 10:16 GMT
-- July 21, 2002 at 12:33 GMT
-- December 06, 2001 at 10:17 GMT
-- May 28, 2003 at 17:24 GMT
-- October 27, 2003 at 14:57 GMT
-- December 01, 2003 at 10:08 GMT
ipPolicyMgmt MODULE-IDENTITY
LAST-UPDATED "200609051358Z" -- September 05, 2006 at 13:58
ORGANIZATION
"Avaya Inc."
CONTACT-INFO
"1. Emek Sadot - esadot@avaya.com
2. Itai Zilbershtein - izilbers@avaya.com"
DESCRIPTION
"Shlomi Biton
Add ipPolicyListNATPoolListIndex as an index to NAT pool list to IpPolicyListEntry."
REVISION "200609051358Z" -- September 05, 2006 at 13:58
DESCRIPTION
"Shlomi Biton
Adding bit 33 - Support MSS feature (ipPolicyRuleDoSClass) to the
ipPolicyControlCapabilitiesGeneral"
REVISION "200511171149Z" -- November 17, 2005 at 11:49
-- DESCRIPTION
-- "Shlomi Biton
-- Renaming ipPolicyRuleStatus to ipPolicyRuleRowStatus"
-- REVISION "200510271125Z" October 27, 2005 at 11:25
DESCRIPTION
"Shlomi Biton
1. Adding example for ipPolicyControlCapabilitiesGeneral.
For example if the value of the mib is 05.FF.B7.05.80... then:
05 = 0000 0101 bits 0 to 7, bits 5 and 7 are set.
FF = 1111 1111 bits 8 to 15, all bits are set.
B7 = 1011 0111 bits 16 to 23, bits 16, 18-19, 21-23 are set.
05 = 0000 0101 bits 24 to 31, bits 29 and 31 are set.
80 = 1000 0000 bits 32 to 39, bit 32 is set."
REVISION "200504251134Z" -- April 25, 2005 at 11:34
DESCRIPTION
"Shlomi Biton
1. Adding remark to ipPolicyActivationTable (ipPolicyActivationList, ipPolicyActivationAclList,
ipPolicyActivationQoSList, ipPolicyActivationSourceNatList, ipPolicyActivationDestinationNatList,
ipPolicyActivationAntiSpoofignList, ipPolicyActivationPBRList, ipPolicyActivationCryptoList) that
When no list is assigned to the interface/direction then the MIB returns value 200.
2. ipPolicyListTrackChanges - Adding note that when adding default rule to the list
increment this counter to 1.
"
REVISION "200504131619Z" -- April 14, 2005 at 16:19 GMT
DESCRIPTION
"Shlomi Biton
1. Adding bit 32 to ipPolicyControlCapabilitiesGeneral for Support Copy List MIB,
Fragment as key for IP rule and IP rule description. In addition the DSCP field
will be supported on QoS and ACL lists in addition to PBR and Capture lists."
REVISION "200503151828Z" -- March 15, 2005 at 18:28 GMT
DESCRIPTION
"DoS classification was defined as augmentation
to ipPolicyRuleTable"
REVISION "200410191653Z" -- October 19, 2004 at 16:53 GMT
DESCRIPTION
"Shlomi Biton
1. Adding copy mib items in order to allow copy lists. I.e. adding:
ipPolicyControlCopySourceList, ipPolicyControlCopyDestinationList,
ipPolicyControlCopyOperation, ipPolicyControlCopyOperationLastStatus
and ipPolicyControlCopyOperationLastFailureDisplay to IpPolicyControlEntry
2. Updating that ipPolicyRuleDescription will be up to 127Bytes length.
and there will be no description field for default rules to save space.
The default value will be null string."
REVISION "200502091219Z" -- February 09, 2005 at 12:19 GMT
DESCRIPTION
"Shlomi Biton
1. Adding ipPolicyRuleDescription for description of IP rules.
The main reason is for crypto list which use ip rules to present tunnels.
2. Adding note to the field ipPolicyRuleDSCPFilterWild that it is not used."
REVISION "200409231333Z"
DESCRIPTION
"Emek Sadot
1. New MIB: ipPolicyControlCombinedSplitList
2. New MIB: ipPolicyActivationAclList
3. Update MIB: ipPolicyActivationList"
REVISION "200306290958Z" -- June 29, 2003 at 09:58 GMT
DESCRIPTION
"By Emek Sadot
1. Add ipPolicyCompositeOpTrustDscp
2. Update ipPolicyCompositeOp802priority"
REVISION "200306252119Z" -- June 25, 2003 at 21:19 GMT
DESCRIPTION
"By Emek Sadot
1. Add ipPolicyValidEtherTypeRuleListID
2. Add IpPolicyQueryIpFragments
3. Add IpPolicyQueryIpOption
4. Add etherTypePolicyQueryTable
5. Remove ether type objects from ipPolicyQueryTable
6. Add etherTypePolicyQueryOperation
7. Add etherTypePolicyQueryRuleID
8. Remove ipPolicyCompositeOpKeepsState"
REVISION "200306181158Z" -- June 18, 2003 at 11:58 GMT
DESCRIPTION
"Emek Sadot
1. Change MIB: ipPolicyRuleIcmpTypeCode
2. Change MIB: ipPolicyQueryIcmpTypeCode"
REVISION "200306181056Z" -- June 18, 2003 at 10:56 GMT
DESCRIPTION
"Emek Sadot (on behalf of Itai Z.)
1. Remove MIB: ipPolicyControlCapabilitiesMaxCombinedLists
2. Remove MIB: ipPolicyControlCapabilitiesMaxAclLists
3. Remove MIB: ipPolicyControlCapabilitiesMaxQosLists"
REVISION "200306161927Z" -- June 16, 2003 at 19:27 GMT
DESCRIPTION
"Emek Sadot (on behalf of Itai Z.)
1. New MIB: ipPolicyControlCapabilitiesGeneral
2. New MIB: ipPolicyControlCapabilitiesMaxCombinedLists
3. New MIB: ipPolicyControlCapabilitiesMaxAclLists
4. New MIB: ipPolicyControlCapabilitiesMaxQosLists"
REVISION "200306031036Z" -- June 03, 2003 at 10:36 GMT
DESCRIPTION
"By Emek Sadot
1. Merge ipPolicyRuleIcmpType and ipPolicyRuleIcmpCode to ipPolicyRuleIcmpTypeCode
2. Merge ipPolicyRuleIcmpTypeNot and ipPolicyRuleIcmpCodeNot to ipPolicyRuleIcmpTypeCodeNot
3. Merge ipPolicyQueryIcmpType and ipPolicyQueryIcmpCode to ipPolicyQueryIcmpTypeCode"
REVISION "200305051525Z" -- May 05, 2003 at 15:25 GMT
DESCRIPTION
"Itai Zilbershtein.
1. New MIB: ipPolicyAccessControlViolationRuleType for supporting a new notification trap.
2. Fixed INTEGER clauses and Integer32 clauses to conform to v2 requirements."
REVISION "200305011016Z" -- May 01, 2003 at 10:16 GMT
DESCRIPTION
"Emek Sadot
1. New MIB: ipPolicyRuleSrcPolicyUserGroupName
2. New MIB: ipPolicyRuleDstPolicyUserGroupName
3. Change MIB: ipPolicyCompositeOpErrorReply
4. Change MIB: ipPolicyRuleSrcAddrNot
5. Change MIB: ipPolicyRuleDstAddrNot
6. New MIB table: etherTypeRuleTable"
REVISION "200207211233Z" -- July 21, 2002 at 12:33 GMT
DESCRIPTION
"Emek Sadot
1. new mib object ipPolicyListIpOption.
2. new mib object ipPolicyListIpFragmentation.
3. new mib object ipPolicyRuleIcmpType.
4. new mib object ipPolicyRuleIcmpCode.
5. new mib object ipPolicyRuleSrcAddrNot.
6. new mib object ipPolicyRuleDstAddrNot.
7. new mib object ipPolicyRuleProtocolNot.
8. new mib object ipPolicyRuleL4SrcPortNot.
9. new mib object ipPolicyRuleL4DstPortNot.
10 new mib object ipPolicyCompositeOpKeepsState.
11. new mib object ipPolicyCompositeOpLog.
12. new mib object ipPolicyCompositeErrorReply.
13. adding list types, based on list number.
14. add not-supported value to ipPolicyListTrustedFields MIB."
REVISION "200112061017Z" -- December 06, 2001 at 10:17 GMT
DESCRIPTION
"Michael Weksler
Added 'error' values for the ipPolicyQuery table These values are to be
used when a query is made with invalid ifIndex / subContext."
REVISION "200305281724Z" -- May 28, 2003 at 17:24 GMT
DESCRIPTION
"Emek Sadot
1. New MIB: ipPolicyListEtherTypeDefaultOperation
2. Add notSupported to composite operation table actions
3. Rules index starts from 1
4. ipPolicyEtherTypeRuleEtherType range from 0 to 65535
5. New table: ipPolicyValidEtherTypeRuleTable
6. Remove MIB object: ipPolicyControlCombinedSplitList
7. Enhance iPolicyCompositeOpNotify to send log in addition to trap
8. Remove ipPolicyCompositeOpLog
9. New MIB: ipPolicyValidListIpOption
10. New MIB: ipPolicyValidListIpFragmentation
11. Update ipPolicyQueryTable:
a. ipPolicyQueryEtherTypeType
b. ipPolicyQueryEtherTypeTrafficType
c. ipPolicyQueryIcmpType
d. ipPolicyQueryIcmpCode"
REVISION "200310271457Z" -- October 27, 2003 at 14:57 GMT
DESCRIPTION
"Emek Sadot & Shlomi Biton
1. ipPolicyListType: add lists 800-899 Policy Based Routing
2. ipPolicyListDefaultOperation: add PBR operations
3. ipPolicyRuleOperation: add PBR operations
4. ipPolicyControlCapabilitiesGeneral: add PBR capability
5. ipPolicyRuleDSCPFilterNot: new object
6. ipPolicyCompositeOpName: add PBR operations
7. ipPolicyQueryOperation: add PBR (and split lists) operations"
REVISION "200312011008Z" -- December 01, 2003 at 10:08 GMT
DESCRIPTION
"Emek Sadot
1. Add new Policy capability: 30 - Query results in distinct leafs (instead of ipPolicyQueryOperation)
2. Add ipPolicyQueryAccessOperation
3. Add ipPolicyQueryNotifyOperation
4. Add ipPolicyQueryErrorReplyOperation
5. Add ipPolicyQueryCoSOperation"
::= { lannet 36 }
--
-- Type definitions
--
-- Type definitions
--
-- Type definitions
--
-- Type definitions
--
-- Type definitions
--
-- Type definitions
--
-- Type definitions
--
-- Type definitions
--
RowStatus ::= INTEGER
{
active(1),
notInService(2),
notReady(3),
createAndGo(4),
createAndWait(5),
destroy(6)
}
SubContextTypes ::= INTEGER
{
ingress(1),
egress(2)
}
--
-- Textual conventions
--
-- Textual conventions
--
-- Textual conventions
--
-- Textual conventions
--
-- Textual conventions
--
-- Textual conventions
--
TruthValue ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Represents a boolean value."
SYNTAX INTEGER
{
true(1),
false(2)
}
--
-- Node definitions
--
-- Node definitions
--
-- Node definitions
--
ipPolicyListTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to add/delete/monitor policy lists.
This table maintains a list of policy lists in the system.
Each POLICY list is made up of a group of policy rules, a table
of Diff-Serv Code-Point (DSCP) mappings, and a compositeOP table.
The policy rules are stored in the ipPolicyRuleTable.
The DSCP mappings are stored in ipDSCPmapTable.
The Composite Ops are stored in ipPolicyCompositeOps.
Number of lists in a device (both in run-time and in NVRAM) is not
part of the syntax of this mib.
This is a device issue that should be agreed between the device and
the managment applications and should be specified in the
device and/or managment Spec.
RNR for example needs 3 lists : 1 for validation + 2 for activation"
::= { ipPolicyMgmt 1 }
ipPolicyListEntry OBJECT-TYPE
SYNTAX IpPolicyListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The information concerning one of the IP policy lists"
INDEX { ipPolicyListSlot, ipPolicyListID }
::= { ipPolicyListTable 1 }
IpPolicyListEntry ::=
SEQUENCE {
ipPolicyListSlot
Integer32,
ipPolicyListID
Integer32,
ipPolicyListName
DisplayString,
ipPolicyListValidityStatus
INTEGER,
ipPolicyListChecksum
Integer32,
ipPolicyListRowStatus
RowStatus,
ipPolicyListDefaultOperation
INTEGER,
ipPolicyListCookie
Integer32,
ipPolicyListTrackChanges
Integer32,
ipPolicyListOwner
DisplayString,
ipPolicyListErrMsg
DisplayString,
ipPolicyListTrustedFields
INTEGER,
ipPolicyListScope
INTEGER,
ipPolicyListIpOptionOperation
INTEGER,
ipPolicyListIpFragmentationOperation
INTEGER,
ipPolicyListType
INTEGER,
ipPolicyListEtherTypeDefaultOperation
INTEGER,
ipPolicyListLocalAddress
OCTET STRING,
ipPolicyListNATPoolListIndex
Integer32
}
ipPolicyListSlot OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The EntID-id (AKA module-id / box number) to which this list relates"
::= { ipPolicyListEntry 1 }
ipPolicyListID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The ID of the list.
List 0 is the default list. It contains read-only rule (permit all),
and a default DSCP mapping table and composite Op. When a new list
is created, the default DSCP table and composite ops are copied by
the agent to the new list's DSCP mapping and Composite OP table.
When changes are made to DSCP mapping/Composite OP, they are made to
a specific instance of those tables, asscoiated with the list.
Lists 1-99 distribution list.
Lists 100-149 local policy manager use (for example CLI or
Routing Manager).
Lists 150-199 a remote policy manager use (for example RNR).
Lists 300-399 access control.
Lists 400-499 QoS.
Lists 500-599 Capture.
Lists 600-699 destination NAT.
Lists 700-799 anti-spoofing.
Lists 800-899 Policy Based Routing
Lists 900-999 Crypto (VPN)."
::= { ipPolicyListEntry 2 }
ipPolicyListName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Name of this list.
ACL default name: ACL List #list-number
QoS default name: QoS List #list-number
PBR default name: PBR List #list-number"
DEFVAL { "" }
::= { ipPolicyListEntry 3 }
ipPolicyListValidityStatus OBJECT-TYPE
SYNTAX INTEGER
{
valid(1),
partiallyValid(2),
invalid(3),
validationInProgress(4)
}
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Validity status of this list. Summarizes validity of rules,
dscp table and composite Opertaions associated with this list.
The validity context is that of the first entry for this SlotID in
ipPolicyValidListTable.
valid - For all rules in the list:
ipPolicyRuleApplicabilityStatus = applicable
all DSCP rules are applicable.
partiallyValid - in One or more rules/dscp mapping in the list
ipPolicyRuleApplicabilityPrecedence < 9999 (not mandatory) and
ipPolicyRuleApplicabilityStatus != applicable
In all other rules (if any) :
ipPolicyRuleApplicabilityStatus=applicable
invalid - In One or more rules/dscp mappings in the list
ipPolicyRuleApplicabilityPrecedence=9999 (mandatory) and
ipPolicyRuleApplicabilityStatus != applicable
validationInProgress - The current validity of the list is currently
computed. Managment station should poll the device until one of
the definitive values is returned."
::= { ipPolicyListEntry 4 }
ipPolicyListChecksum OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Checksum of all the configurable (read/write) mib items that are
part of this list or part of any rule/dscp mapping/compositeOp
that belongs to this list.
Addition/deletion/modification of a rule in this list shall result in
a checksum change.
This field can be used by the management application to discover this
list has changed (instead of polling all the rules of the list)."
::= { ipPolicyListEntry 5 }
ipPolicyListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for creation/deletion of a list and for monitoring list status.
Use CreateAndWait (5) to create a list.
Destroy (6) to destroy a list. The active list can NOT
be destroyed. Destroying a list automatically removes all
the rules in this list.
active (1) is returned when a list is the active list
NotInService is returned when the list is not the active list"
::= { ipPolicyListEntry 6 }
ipPolicyListDefaultOperation OBJECT-TYPE
SYNTAX INTEGER (1..1000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The operation that should be applied to a packet in case the packet does not match any of the user specified rules. Values pertains to ACL or QoS depending on List type.
This field points to the appropriate ipPolicyCompositeOpID in ipPolicyCompositeOpTable.
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a combined List:
OpId OpName PolicyRuleOp prior to Policy MIB 1.3.0
==== ====== ======================================
1 Priority 0 forwardPriority0(1)
2 Priority 1 forwardPriority1(2)
3 Priority 2 forwardPriority2(3)
4 Priority 3 forwardPriority3(4)
5 Priority 4 forwardPriority4(5)
6 Priority 5 forwardPriority5(6)
7 Priority 6 forwardPriority6(7)
8 Priority 7 forwardPriority7(8)
9 Forward No Change forward(9)
10 Deny deny(10)
11 Deny and Notify denyAndNotify(11)
12 Do not EZRoute layer2Switching(12)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for list in split list mode:
OpId OpName
==== ======
1 permit
2 deny
3 deny-and-notify
4 deny-and-reset-connection (Boxster only)
5 deny-and-notify-and-reset-connection (Boxster only)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a ACL list in split list mode:
OpId OpName
==== ======
1 CoS0
2 CoS1
3 CoS2
4 CoS3
5 CoS4
6. CoS5
7. CoS6
8. CoS7
9. no-change
10. trust-dscp-only
11. trust-dscp-and-cos (Boxster default)
The following read-only rows are always defined in ipPolicyCompositeOpTable for PBR list in split list mode:
OpId OpName
==== ======
1 DBR (Destination Based Routing)
2 unused
.
.
9 NH1 (Next Hop)
10 NH2
.
.
28 NH20
The following read-only rows are always defined in ipPolicyCompositeOpTable for Crypto list in split list mode:
OpId OpName
==== ======
1 Bypass
2 Crypto Map 1
3 Crypto Map 2
21 Crypto Map 20
Access-control default operation is permit.
QoS default operation is no-change.
PBR default operation is DBR (Destination Based Routing)."
::= { ipPolicyListEntry 7 }
ipPolicyListCookie OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A cookie to be associated with this list. This mib item can be used
by the management application as a unique ID of the list.
Note: The Agent is not aware of the contents of this cookie.
Its only purpose is to help the management application.
Changing this cookie resets ipPolicyListTrackChanges to notChanged
state. A value of 0 means Cookie not available."
DEFVAL { 0 }
::= { ipPolicyListEntry 8 }
ipPolicyListTrackChanges OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Counts the number of changes made to the configuration of the list
including changes to the rules that are part of the list.
This counters is set to 0 when the list is being created. Adding default
rule to the list increment this counter to 1.
It is also set to 0 when ipPolicyListCookie is changed.
This mib item together with the ipPolicyListCookie can be used by the
management application to determine if this policy list was changed,
and if two instances of this list on different devices are the same."
DEFVAL { 0 }
::= { ipPolicyListEntry 9 }
ipPolicyListOwner OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The entity that configured this list"
DEFVAL { "other" }
::= { ipPolicyListEntry 10 }
ipPolicyListErrMsg OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Free text describing the reason why the list is not valid.
When the list is valid returns NULL string.
The values returned for this MIB are not affected by the list
status (active/inactive)."
::= { ipPolicyListEntry 11 }
ipPolicyListTrustedFields OBJECT-TYPE
SYNTAX INTEGER
{
cos(1),
dscp(2),
cos-dscp(3),
untrust(4),
not-supported(256)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specify which fields in the incoming packet might be trusted when the policy decision should be based in the incoming packet itself.
Policy decision depend on the active policy list.
In cases that the result of the active policy list is Permit, then the treatment of the outgoing packet may be based on the incoming packet instead of an explicit filter rule.
Trusting COS (802.1p) means that the outgoing packet priority (802.1p) should equal the incoming packet priority.
Trusting DSCP means that the treatment of the outgoing packet (prioirty tagging (802.1p) or some other composite operation) should be taken from ipPolicyDSCPmapTable using the incoming packet DSCP value.
Trusting COS + DSCP means that both fields should be used.
The behavior of the device when both COS + DSCP should be trusted is outside the scope of the current version of the MIB.
(Note: P333R uses the max between incoming COS & DSCP-to-COS mapping).
Not supported to be used in non access-and-QoS combined list and non QoS specific list.
Some devices might support only a subset of the values."
::= { ipPolicyListEntry 12 }
ipPolicyListScope OBJECT-TYPE
SYNTAX INTEGER
{
forward(1),
forwardAndControl(2)
}
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"Controls the scope of the policy rules.
forward(1) - policy rules apply to packets forwarded by the Entity.
local subnet will not apply to theIf
forwardAndControl(2) - policy rules apply to control packets sent
to the Entity as well as packets forwarded by the entity.
Example:
A router entity has interface 10.2.2.1 on IP subnet 10.2.2.0,
and a 'deny traffic to 10.2.2.0' rule is enforced.
In both forward(1) and forwardAndControl(2) modes, packets will
not be routed to the subnet.
In forwward(1) mode, packets sent directly to the router interface
will reach it. In forwardAndControl(2) mode, packets sent directly
to the router interface will be droped.
This object is obsolete, since its functionality can now be defined
using the apropriate interface / direction policy.
"
DEFVAL { forwardAndControl }
::= { ipPolicyListEntry 13 }
ipPolicyListIpOptionOperation OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2),
deny-and-notify(3),
deny-and-reset-connection(4),
deny-and-notify-and-reset-connection(5),
not-supported(255)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The operation that should be applied to packets carrying IP Options.
Applied only for ingress access-control List. Egress is not-supported.
This field points to the appropriate ipPolicyCompositeOpID in IpPolicyCompositeOpTable.
reset-connection would apply to the Boxster product only."
DEFVAL { permit }
::= { ipPolicyListEntry 14 }
ipPolicyListIpFragmentationOperation OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2),
deny-and-notify(3),
deny-and-reset-connection(4),
deny-and-notify-and-reset-connection(5),
not-supported(255)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The operation that should be applied to IP fragmentation packets.
Applied only for ingress access-control List. Egress is not-supported.
This field points to the appropriate ipPolicyCompositeOpID in IpPolicyCompositeOpTable.
reset-connection would apply to the Boxster product only."
DEFVAL { permit }
::= { ipPolicyListEntry 15 }
ipPolicyListType OBJECT-TYPE
SYNTAX INTEGER
{
acl-and-qos(1),
acl(2),
qos(3),
source-nat(4),
capture(5),
anti-spoofing(6),
policy-based-routing(7),
crypto(8)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"IP policy list type.
Derived from list range. See ipPolicyListID MIB."
::= { ipPolicyListEntry 16 }
ipPolicyListEtherTypeDefaultOperation OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2),
deny-and-notify(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The operation that should be applied to a packet in case the packet
does not match any of the user specified ether type rules.
This field points to the appropriate ipPolicyCompositeOpID in IpPolicyCompositeOpTable.
Pertains only for access control list."
DEFVAL { permit }
::= { ipPolicyListEntry 17 }
ipPolicyListLocalAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Local address for VPN tunnel (crypto list).
Field format: either IP address (x.x.x.x) or IP interface name. Management application shall parse and display local address value based as either IP address or IP interface name."
DEFVAL { "" }
::= { ipPolicyListEntry 18 }
ipPolicyListNATPoolListIndex OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Add ipPolicyListNATPoolListIndex as an index to NAT pool list to
IpPolicyListEntry.
Values:
1 - Invalid.
2 - Null, No NAT list association.
3 - 10 - NAT list index 1-8.
The field is relevant to crypto list only. Non crypto
lists will return the value 1 - invalid. "
::= { ipPolicyListEntry 19 }
ipPolicyRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to add/delete/modify/monitor individual policy rules in a policy list."
::= { ipPolicyMgmt 2 }
ipPolicyRuleEntry OBJECT-TYPE
SYNTAX IpPolicyRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Controls all the conditional fields and its parameters for
a policy rule."
INDEX { ipPolicyRuleSlot, ipPolicyRuleListID, ipPolicyRuleID }
::= { ipPolicyRuleTable 1 }
IpPolicyRuleEntry ::=
SEQUENCE {
ipPolicyRuleSlot
Integer32,
ipPolicyRuleListID
Integer32,
ipPolicyRuleID
INTEGER,
ipPolicyRuleSrcAddr
IpAddress,
ipPolicyRuleSrcAddrWild
IpAddress,
ipPolicyRuleDstAddr
IpAddress,
ipPolicyRuleDstAddrWild
IpAddress,
ipPolicyRuleProtocol
INTEGER,
ipPolicyRuleL4SrcPortMin
INTEGER,
ipPolicyRuleL4SrcPortMax
INTEGER,
ipPolicyRuleL4DestPortMin
INTEGER,
ipPolicyRuleL4DestPortMax
INTEGER,
ipPolicyRuleEstablished
INTEGER,
ipPolicyRuleOperation
INTEGER,
ipPolicyRuleApplicabilityPrecedence
INTEGER,
ipPolicyRuleApplicabilityStatus
INTEGER,
ipPolicyRuleApplicabilityType
INTEGER,
ipPolicyRuleErrMsg
DisplayString,
ipPolicyRuleStatus
RowStatus,
ipPolicyRuleDSCPOperation
INTEGER,
ipPolicyRuleDSCPFilter
INTEGER,
ipPolicyRuleDSCPFilterWild
INTEGER,
ipPolicyRuleIcmpTypeCode
INTEGER,
ipPolicyRuleSrcAddrNot
INTEGER,
ipPolicyRuleDstAddrNot
INTEGER,
ipPolicyRuleProtocolNot
INTEGER,
ipPolicyRuleL4SrcPortNot
INTEGER,
ipPolicyRuleL4DestPortNot
INTEGER,
ipPolicyRuleIcmpTypeCodeNot
INTEGER,
ipPolicyRuleSrcPolicyUserGroupName
DisplayString,
ipPolicyRuleDstPolicyUserGroupName
DisplayString,
ipPolicyRuleDSCPFilterNot
INTEGER,
ipPolicyRuleDescription
DisplayString,
ipPolicyRuleFragment
INTEGER,
ipPolicyRuleDoSClass
INTEGER
}
ipPolicyRuleSlot OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The EntID-id (AKA module-id / box number) to which this rule relates"
::= { ipPolicyRuleEntry 1 }
ipPolicyRuleListID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The ID of the list this rule is part of.
Derived from list range. See ipPolicyListID MIB."
::= { ipPolicyRuleEntry 2 }
ipPolicyRuleID OBJECT-TYPE
SYNTAX INTEGER (1..1000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rule within its list. Each list may contain many rule.
Lists work in a First Match manner.
A rule with a lower ID would be preferred over a rule with a higher ID."
::= { ipPolicyRuleEntry 3 }
ipPolicyRuleSrcAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The IP address of the source station. A value of 255.255.255.255
in ipPolicyRuleSrcAddrWild indicates this is a DON'T CARE field."
DEFVAL { '00000000'h }
::= { ipPolicyRuleEntry 4 }
ipPolicyRuleSrcAddrWild OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This field specifies the wildcard of the source IP address.
Note that a the mask for a single host is 0.0.0.0 and the mask for all
hosts is 255.255.255.255. This field can has any combination of bits
set allowing all kind of rules.
For example ipPolicyRuleSrcAddr=192.168.0.254, ipPolicyRuleSrcAddrWild=0.0.255.0
matches all packets with source ip address 192.168.*.254"
DEFVAL { 'FFFFFFFF'h }
::= { ipPolicyRuleEntry 5 }
ipPolicyRuleDstAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The IP address of the destination station.
A value of 255.255.255.255 in ipPolicyRuleDstAddrWild indicates this
is a DON'T CARE field."
DEFVAL { '00000000'h }
::= { ipPolicyRuleEntry 6 }
ipPolicyRuleDstAddrWild OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This field specifies the wildcard of the destination IP address.
Note that a the mask for a single host is 0.0.0.0 and the mask for
all hosts is 255.255.255.255. This field can has any combination of
bits set allowing all kind of rules.
For example ipPolicyRuleDstAddr=192.168.0.254, ipPolicyRuleDstAddrWild=0.0.255.0
matches all packets with destination ip address 192.168.*.254"
DEFVAL { 'FFFFFFFF'h }
::= { ipPolicyRuleEntry 7 }
ipPolicyRuleProtocol OBJECT-TYPE
SYNTAX INTEGER (0..256)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The IP protocol to which this rule relates.
Use 256 to specify any IP (i.e. don't care)"
DEFVAL { 256 }
::= { ipPolicyRuleEntry 8 }
ipPolicyRuleL4SrcPortMin OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The minimal source port number.
This fields is applicable only when ipPolicyRuleProtocol is TCP(6)
UDP(17). In all other cases its values is not used."
DEFVAL { 0 }
::= { ipPolicyRuleEntry 9 }
ipPolicyRuleL4SrcPortMax OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The maximal source port number.
This fields is applicable only when ipPolicyRuleProtocol is TCP(6) or
UDP(17). In all other cases its values is not used."
DEFVAL { 65535 }
::= { ipPolicyRuleEntry 10 }
ipPolicyRuleL4DestPortMin OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The minimal destination port number.
This fields is applicable only when ipPolicyRuleProtocol is TCP(6)
or UDP(17). In all other cases its values is not used."
DEFVAL { 0 }
::= { ipPolicyRuleEntry 11 }
ipPolicyRuleL4DestPortMax OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The maximal destination port number.
This fields is applicable only when ipPolicyRuleProtocol is TCP(6)
or UDP(17). In all other cases its value is not used."
DEFVAL { 65535 }
::= { ipPolicyRuleEntry 12 }
ipPolicyRuleEstablished OBJECT-TYPE
SYNTAX INTEGER
{
yes(1),
dontCare(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This field indicates the value of the established bit in the TCP header.
If protocol is not TCP this values should not be used."
DEFVAL { dontCare }
::= { ipPolicyRuleEntry 13 }
ipPolicyRuleOperation OBJECT-TYPE
SYNTAX INTEGER (1..1000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The operation that should be applied to a packet in case the packet does not match any of the user specified rules. Values pertains to ACL or QoS depending on List type.
This field points to the appropriate ipPolicyCompositeOpID in ipPolicyCompositeOpTable.
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a combined List:
OpId OpName PolicyRuleOp prior to Policy MIB 1.3.0
==== ====== ======================================
1 Priority 0 forwardPriority0(1)
2 Priority 1 forwardPriority1(2)
3 Priority 2 forwardPriority2(3)
4 Priority 3 forwardPriority3(4)
5 Priority 4 forwardPriority4(5)
6 Priority 5 forwardPriority5(6)
7 Priority 6 forwardPriority6(7)
8 Priority 7 forwardPriority7(8)
9 Forward No Change forward(9)
10 Deny deny(10)
11 Deny and Notify denyAndNotify(11)
12 Do not EZRoute layer2Switching(12)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for list in split list mode:
OpId OpName
==== ======
1 permit
2 deny
3 deny-and-notify
4 deny-and-reset-connection (Boxster only)
5 deny-and-notify-and-reset-connection (Boxster only)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a ACL list in split list mode:
OpId OpName
==== ======
1 CoS0
2 CoS1
3 CoS2
4 CoS3
5 CoS4
6. CoS5
7. CoS6
8. CoS7
9. no-change
10. trust-dscp-only
11. trust-dscp-and-cos (Boxster default)
The following read-only rows are always defined in ipPolicyCompositeOpTable for PBR list in split list mode:
OpId OpName
==== ======
1 DBR (Destination Based Routing)
2 unused
.
.
9 NH1 (Next Hop)
10 NH2
.
.
28 NH20
The following read-only rows are always defined in ipPolicyCompositeOpTable for Crypto list in split list mode:
OpId OpName
==== ======
1 Bypass
2 Crypto Map 1
3 Crypto Map 2
21 Crypto Map 20
Access-control default operation is permit.
QoS default operation is no-change.
PBR default operation is DBR (Destination Based Routing).
Zydeco uses combined list with additional two actions. Actions' access is permits. QoS is defined below:
13: Change 802.1p based on DSCP - change 802.1p value based on packet's DSCP (MIB wise: uses DSCP table to further DSCP based classification)
14: Change DSCP based on 5-tuple - change DSCP value (MIB wise: ipPolicyRuleDSCPOperation indicates the new DSCP value)"
::= { ipPolicyRuleEntry 14 }
ipPolicyRuleApplicabilityPrecedence OBJECT-TYPE
SYNTAX INTEGER (0..9999)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This field indicates how important is it to enforce this rule.
The higher the number the more important it is to enforce this rule.
The value 9999 has a special meaning of Mandatory which means this
rule MUST be enforced.
Note: Access control rules are probably Mandatory rule where as QoS rules
might be configured by the user as optional rules in some cases.
Device may choose to support only a subset of these values.
P333R supports two values:
9999 - Mandatory rule
0 - Optional rule."
DEFVAL { 9999 }
::= { ipPolicyRuleEntry 15 }
ipPolicyRuleApplicabilityStatus OBJECT-TYPE
SYNTAX INTEGER
{
applicable(1),
partiallyApplicable(2),
notApplicable(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Used to monitor if a rule is currently applicable (for the active
list)or would be applicable (if the list becomes active).
The applicability context is that of the first entry for this SlotID
in ipPolicyValidRuleTable.
The values returned for this MIB are not affected by the list status
active/inactive)
applicable - This rule is/would be applicable
partiallyApplicable - This rule is/would be applicable for some
packets/sessions but might not be applicable for other
packets/sessions
notApplicable - This rule is NOT/would NOT be applicable
unknown - Status is temporary unknown. This may be because the list
validation is inProgress. Querying this item triggeres list
validation if not already triggered."
::= { ipPolicyRuleEntry 16 }
ipPolicyRuleApplicabilityType OBJECT-TYPE
SYNTAX INTEGER
{
static(1),
quasiStatic(2),
dynamic(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Used to monitor the ApplicabilityStatus of the rule in the context of
this list. The values returned for this MIB are not affected by the
list status (active/inactive)
static - The applicabilityStatus of this rule is guaranteed
regardless of the ApplicabilityPrecedence of this rule
or of other rules in the list.
quasiStatic - The applicability status of this rule is
guaranteed if no configuration changes are made,
BUT changes of ApplicabilityPrecedence of this rule or
other rules in this list may change the applicabilityStatus
of this rule.
dynamic - The applicabilityStatus of this rule can change
depending on network conditions (i.e. localization) or
other conditions such as (but not limited to) changes of
ApplicabilityPrecedence of this rule or other rules in
this list.
unknown - Status is temporary unknown. This may be because the
list validation is inProgress. Querying this item triggeres
list validation if not already triggered.
The values returned for this MIB are not affected by the list
status (active/inactive)"
::= { ipPolicyRuleEntry 17 }
ipPolicyRuleErrMsg OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Free text describing the reason why the rule is not Applicable.
When rule is Applicable returns NULL string.
The values returned for this MIB are not affected by the list status
(active/inactive)"
::= { ipPolicyRuleEntry 18 }
ipPolicyRuleStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used to configure and monitor one rule.
Use CreateAndWait (4) to create a rule.
Destroy (6) to destroy a rule
active (1) is returned when a rule is complete and is configured
into device HW
NotReady (3) is returned when not all mandatory fields in the
rule have been configured or the rule is not valid.
Not In Service (2) is returned when the rule is not active
because the list is not active or device lacks resources
to support the rule"
::= { ipPolicyRuleEntry 19 }
ipPolicyRuleDSCPOperation OBJECT-TYPE
SYNTAX INTEGER (0..64)
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"The New DSCP value that should be applied to packets that meatch this rule.
A value of 64 means no change."
DEFVAL { 64 }
::= { ipPolicyRuleEntry 20 }
ipPolicyRuleDSCPFilter OBJECT-TYPE
SYNTAX INTEGER (0..64)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A DSCP value to match against.
This filter can be used instead or with the DSCP implicit
mapping table.
This filter is used in combination with
ipPolicyRuleDSCPFilterWild to match DSCP values.
Example:
a filter value of 21 and a mask value of 60 will match
the following DSCP values:
b10100 = D20
b10101 = D21
b10110 = D22
b10111 = D23
A value of 64 means don't care."
DEFVAL { 64 }
::= { ipPolicyRuleEntry 21 }
ipPolicyRuleDSCPFilterWild OBJECT-TYPE
SYNTAX INTEGER (0..63)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A bitmask wildcard to match bits in the Diff-Serv
byte. '1' bits are part of the comparison.
'0' bits are 'don't care'.
A value of 63 means match all bits.
A value of 0 means don't care.
Note: this field is not in use."
DEFVAL { 63 }
::= { ipPolicyRuleEntry 22 }
ipPolicyRuleIcmpTypeCode OBJECT-TYPE
SYNTAX INTEGER
{
echo-reply(0),
netwrok-unreachable(768),
host-unreachable(769),
protocol-unreachable(770),
port-unreachable(771),
fragmentation-needed-but-df-bit-set(772),
source-route-failed(773),
destination-network-unknown(774),
destination-host-unknown(775),
destination-network-admin-prohibited(777),
network-unreachable-for-tos(779),
host-unreachable-for-tos(780),
communication-admin-prohibited-filtering(781),
host-precedence-violation(782),
precedence-cutoff-in-effect(783),
source-quench(1024),
redirect-for-network(1280),
redirect-for-type-of-service-and-host(1283),
echo-request(2048),
router-advertisement(2304),
time-to-live-equals-0-during-reassembly(2817),
bad-ip-header(3072),
required-option-missing(3073),
timestamp-requested(3328),
timestamp-reply(3584),
address-mask-request(4352),
address-mask-reply(4608),
traceroute-outbound-packet-successfully-fw(7680),
traceroute-no-route-for-outbound-packet(7681),
domain-name-request(9472),
domain-name-reply(9728),
skip-algorithm-discovery-protocol(9984),
unreachable(66304),
redirect(66816),
time-exceeded(68352),
parameters-problem(68608),
traceroute(73216),
conversion-errors(73472),
mobile-host-redirect(73728),
ipv6-where-are-you(73984),
ipv6-I-am-here(74240),
mobile-registration-request(74496),
mobile-registration-reply(74752),
security-failure(75776),
any(196608),
not-supported(262144)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The ICMP type and code to which this rule relates.
If protocol is not ICMP this values should not be used.
Field format:
- 19 bits filed.
- MSB (bit 18) stand for not-supported.
- Bit 17 stands for any ICMP type.
- Bit 16 stands for any ICMP code.
- Bits 8-15 stand for ICMP type.
- Bits 0-7 stand for ICMP code.
For example:
- not-supported(262144) = 0x40000
- any(196608) = 0x30000
- ICMP type unreachable(66304), code any = 0x10300
- ICMP type & code host-unreachable(769) = 0x301"
DEFVAL { not-supported }
::= { ipPolicyRuleEntry 23 }
ipPolicyRuleSrcAddrNot OBJECT-TYPE
SYNTAX INTEGER
{
disable(1),
not-source-ip-address(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Logical NOT of the source-IP or source policy user name field.
Packets with source IPs or source policy user name which do NOT match the IP address & wildcard or source policy user name
specified will match the source-IP or source policy user name field."
DEFVAL { disable }
::= { ipPolicyRuleEntry 24 }
ipPolicyRuleDstAddrNot OBJECT-TYPE
SYNTAX INTEGER
{
disable(1),
not-destination-ip-address(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Logical NOT of the destination-IP field or destination policy user name.
Packets with destination IPs or destination policy user name which do NOT match the IP address & wildcard or destination policy user name
specified will match the destination-IP field or destination policy user name."
DEFVAL { disable }
::= { ipPolicyRuleEntry 25 }
ipPolicyRuleProtocolNot OBJECT-TYPE
SYNTAX INTEGER
{
disable(1),
not-ip-protocol(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Logical NOT of the IP protocol field."
DEFVAL { disable }
::= { ipPolicyRuleEntry 26 }
ipPolicyRuleL4SrcPortNot OBJECT-TYPE
SYNTAX INTEGER
{
disable(1),
not-source-port(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Logical NOT of the tcp source port settings."
DEFVAL { disable }
::= { ipPolicyRuleEntry 27 }
ipPolicyRuleL4DestPortNot OBJECT-TYPE
SYNTAX INTEGER
{
disable(1),
not-destination-port(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Logical NOT of the tcp destination port settings."
DEFVAL { disable }
::= { ipPolicyRuleEntry 28 }
ipPolicyRuleIcmpTypeCodeNot OBJECT-TYPE
SYNTAX INTEGER
{
disable(1),
not-icmp-type-code(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Logical NOT of the protocol field + ICMP type and code."
DEFVAL { disable }
::= { ipPolicyRuleEntry 29 }
ipPolicyRuleSrcPolicyUserGroupName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..32))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Source user group's policy name.
Identical to ugPolicyName MIB.
ipPolicyRuleSrcAddr and ipPolicyRuleSrcAddrWild MIBs should be cleared when this value sets and vise versa."
DEFVAL { "" }
::= { ipPolicyRuleEntry 30 }
ipPolicyRuleDstPolicyUserGroupName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..32))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination user group's policy name.
Identical to ugPolicyName MIB.
ipPolicyRuleDstAddr and ipPolicyRuleDstAddrWild MIBs should be cleared when this value sets and vise versa."
DEFVAL { "" }
::= { ipPolicyRuleEntry 31 }
ipPolicyRuleDSCPFilterNot OBJECT-TYPE
SYNTAX INTEGER
{
disable(1),
not-dscp(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Logical NOT of DSCP filter settings."
DEFVAL { disable }
::= { ipPolicyRuleEntry 32 }
ipPolicyRuleDescription OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..127))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"IP rule description field. Allowing the user to specify the description for each rule.
In Crypto list a rule equals a tunnel and therefore the description is of the tunnel.
There is no description for default rules to save space. The default of description
field is Null string."
::= { ipPolicyRuleEntry 33 }
ipPolicyRuleFragment OBJECT-TYPE
SYNTAX INTEGER
{
yes(1),
dontCare(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This field indicates whether the rule will apply to non-initial fragments only.
When this key is set the L4 information is removed."
DEFVAL { dontCare }
::= { ipPolicyRuleEntry 34 }
ipPolicyRuleDoSClass OBJECT-TYPE
SYNTAX INTEGER
{
ipPolicySmurf-AttackRule(8),
ipPolicyFraggleAttackRule(9),
ipPolicypSpoofingRule(11),
ipPolicyUsedDefinedDoS100(100),
ipPolicyUsedDefinedDoS101(101),
ipPolicyUsedDefinedDoS102(102),
ipPolicyUsedDefinedDoS103(103),
ipPolicyUsedDefinedDoS104(104),
ipPolicyUsedDefinedDoS105(105),
ipPolicyNonApplicable(255)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enumerated description of DoS attack this
correspondingly defends from.
Presently the DoS description is used for classification of DoS attacks in the MSS notification.
For all non-Dos related rules the default value is non-applicable
User can provide additional user-defined DoS classification via 5 pre-allocated
ipPolicyUsedDefinedDoS10 - ipPolicyUsedDefinedDoS15 enumerations
"
DEFVAL { ipPolicyNonApplicable }
::= { ipPolicyRuleEntry 35 }
ipPolicyControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyControlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table activates & monitors the policy application"
::= { ipPolicyMgmt 3 }
ipPolicyControlEntry OBJECT-TYPE
SYNTAX IpPolicyControlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry relates to one EntID (AKA module / box) in the stack"
INDEX { ipPolicyControlSlot }
::= { ipPolicyControlTable 1 }
IpPolicyControlEntry ::=
SEQUENCE {
ipPolicyControlSlot
Integer32,
ipPolicyControlActiveGeneralList
INTEGER,
ipPolicyControlAllowedPolicyManagers
INTEGER,
ipPolicyControlCurrentChecksum
Integer32,
ipPolicyControlMinimalPolicyManagmentVersion
OCTET STRING,
ipPolicyControlMaximalPolicyManagmentVersion
OCTET STRING,
ipPolicyControlMIBversion
Integer32,
ipPolicyControlCapabilitiesGeneral
OCTET STRING,
ipPolicyControlCopySourceList
INTEGER,
ipPolicyControlCopyDestinationList
INTEGER,
ipPolicyControlCopyOperation
INTEGER,
ipPolicyControlCopyOperationLastStatus
INTEGER,
ipPolicyControlCopyOperationLastFailureDisplay
DisplayString
}
ipPolicyControlSlot OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The EntID-id (AKA module-id / box number) to which this control entry
relates"
::= { ipPolicyControlEntry 1 }
ipPolicyControlActiveGeneralList OBJECT-TYPE
SYNTAX INTEGER (0..2147483647)
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"The ipPolicyListID of the Active general policy List on this EntID.
A value of Zero means there is no active list.
If the new list can not be activated the old list continues to be
active.
The Policy Enforcement Point of the Active General List is defined by
ipPolicyControlDefaultPEP.
"
::= { ipPolicyControlEntry 2 }
ipPolicyControlAllowedPolicyManagers OBJECT-TYPE
SYNTAX INTEGER
{
local(1),
remote(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specify if who is allowed to configure policy on the device.
local - a local policy manager is allowed to configure
(using CLI or SNMP)
remote - A remote policy manger is allowed to configure
(using CLI or SNMP)
The distinction between local & remote managers is done according to the
List ID. Local & Remote managers use different ranges.
When changing the value of this item, device may choose from resources
or other reasons to automatically remove all or some of the lists
that were configured bt the previous type of manager."
DEFVAL { remote }
::= { ipPolicyControlEntry 3 }
ipPolicyControlCurrentChecksum OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Checksum of the entire CURRENT Policy Database including (but not
limited to) the following :
o ipPolicyControlActiveGeneralList
o ipPolicyControlAllowedPolicyManagers
o ipPolicyListCookie &
ipPolicyListTrackChanges of the active list (if exists)
o ipPolicyComposite entries of this list
o ipPolicyDSCPmap entries of this list
o routeGroupRouterMode
additional configuration fields that are important enough to cause
re-configuration by RNR.
Any change in any of the above policy parmeters shall result in a
change in the value of this field. Polling of this value shall reveal
any change of policy configuration without the need for polling of
the entire policy database."
::= { ipPolicyControlEntry 4 }
ipPolicyControlMinimalPolicyManagmentVersion OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (25))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The minimal policy management version that this device inter operates
with as verified by actual testing.
For example: The P330R/340/130 shall return 1.1 (if testing succeeds).
The special value 'none' means that the device does not know of any
RNR version with which it works (because there was no RNR release with
which testing actually succeeded)."
::= { ipPolicyControlEntry 5 }
ipPolicyControlMaximalPolicyManagmentVersion OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (25))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The maximal policy management version that this device inter operates
with as verified by actual testing.
For example: The P330R/340/130 shall return 1.1 (if testing succeeds).
P360 for example may return 2.0 because it shall support features that
are only supported in RNR 2.0.
The special value 'none' means that the device does not know of any
RNR version with which it works (because there was no RNR release with
which testing actually succeeded)."
::= { ipPolicyControlEntry 6 }
ipPolicyControlMIBversion OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The version of the Policy MIB supported by the module.
The format:
0.X.Y.Z
Example:
2.1.2 will be coded as:
0x00020102"
::= { ipPolicyControlEntry 7 }
ipPolicyControlCapabilitiesGeneral OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reports the Policy capabilities of the device.
Each bit in the string represents a capability/behavior. Value of '1' means that the behavior is supported. Value of '0' means that it's not supported.
Capability number indicates position in the string.
Divide by 8 to get byte number.
Modulo 8 to get bit number. 0 is LSB.
For example 17 is 3rd byte, 2 LSbit.
For example if the value of the mib is 05.FF.B7.05.80... then:
For example if the value of the mib is 05.FF.B7.05.80... then:
05 = 0000 0101 bits 0 to 7, bits 5 and 7 are set.
FF = 1111 1111 bits 8 to 15, all bits are set.
B7 = 1011 0111 bits 16 to 23, bits 16, 18-19, 21-23 are set.
05 = 0000 0101 bits 24 to 31, bits 29 and 31 are set.
80 = 1000 0000 bits 32 to 39, bit 32 is set.
0 - Support Cajun Rules - P333R, P333ML, P333RLB
1 - Default value of Cajun Rule support
2 - Default list is RW - 2
3 - Policy To Me (scope) - P333RLB
4 - Trust is a global parameter - old
5 - Trust is a per list parameter
6 - DSCP is a global parameter - old
7 - DSCP is a per list parameter
8 - Multiple policy interfaces (with Active lists) per device-X330WAN, Boxster, Cayenne
9 - Composite Operation Table - Add/Remove/Edit entries
10 - Composite Operation Permit/Deny
11 - Composite Operation Notify
12 - Composite Operation COS (802)
13 - Composite Operation DSCP (DSCP Coloring)
14 - Composite Operation Error Reply
15 - Support QoS lists - Boxster , Cayenne
16 - Supports ACL lists - Boxster , Cayenne
17 - Support Combined lists - P333R, P333RLB, P330ML, C460, P130, X330WAN
18 - ICMP Classification (ICMP code/type)
19 - Not Rules (Covers all relevant supported classification features)
20 - User group classification
21 - Options with basic operations (permit, deny, deny&Notify)
22 - Fragments with basic operations (permit, deny, deny&Notify)
23 - Simulate Support (covers all other supported features)
24 - Packet Counter Per rule - Cayenne
25 - Session Counter Per rule - Cayenne
26 - Auditing (log per rule) - Not supported yet.
27 - Statefull Inspection Firewall - Not supported yet.
28 - Combined list but QoS only operations - P130.
29 - Policy Based Routing
30 - Query results in distinct leafs (instead of ipPolicyQueryOperation)
31 - Crypto
32 - Support Copy List MIB, Fragment as key for IP rule and IP rule description.
In addition the DSCP field will be supported on QoS and ACL lists in addition
to PBR and Capture lists.
33 - Support MSS feature(ipPolicyRuleDoSClass).
"
::= { ipPolicyControlEntry 8 }
ipPolicyControlCopySourceList OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specify the source list index for copy operation. "
::= { ipPolicyControlEntry 9 }
ipPolicyControlCopyDestinationList OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specify the destination list index for copy operation. "
::= { ipPolicyControlEntry 10 }
ipPolicyControlCopyOperation OBJECT-TYPE
SYNTAX INTEGER
{
idle(1),
copy(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Copy operation and status of the copy operation.
idle(1)- R/O - Last Copy operation finished OK.
copy(2)- R/W - Activate the copy operation with the relevant source/destination
list indexes.
"
DEFVAL { idle }
::= { ipPolicyControlEntry 11 }
ipPolicyControlCopyOperationLastStatus OBJECT-TYPE
SYNTAX INTEGER
{
noError(1),
error(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Copy operation status."
DEFVAL { noError }
::= { ipPolicyControlEntry 12 }
ipPolicyControlCopyOperationLastFailureDisplay OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Display string for each one of the errors."
::= { ipPolicyControlEntry 13 }
ipPolicyDiffServTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyDiffServEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"This table is used to configure the policy that is associated with
differntiated services. For each DSCP value the table contain the
operation that should applied to packets that match this DSCP value.
Note that in this version of this mib, allowed policies are restricted
to prioirty levels and access control.
Note: The ietf notion of PHB (per-hop forwarding behaviors) is not
yet supported"
::= { ipPolicyMgmt 4 }
ipPolicyDiffServEntry OBJECT-TYPE
SYNTAX IpPolicyDiffServEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"The information concerning one of the IP policy lists"
INDEX { ipPolicyDiffServSlot, ipPolicyDiffServDSCP }
::= { ipPolicyDiffServTable 1 }
IpPolicyDiffServEntry ::=
SEQUENCE {
ipPolicyDiffServSlot
Integer32,
ipPolicyDiffServDSCP
INTEGER,
ipPolicyDiffServOperation
INTEGER,
ipPolicyDiffServName
DisplayString,
ipPolicyDiffServAggIndex
INTEGER,
ipPolicyDiffServApplicabilityPrecedence
INTEGER,
ipPolicyDiffServApplicabilityStatus
INTEGER,
ipPolicyDiffServApplicabilityType
INTEGER,
ipPolicyDiffServErrMsg
DisplayString
}
ipPolicyDiffServSlot OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The EntID-id (AKA module-id / box number) to which diff-serv
table relates"
::= { ipPolicyDiffServEntry 1 }
ipPolicyDiffServDSCP OBJECT-TYPE
SYNTAX INTEGER (0..63)
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The DSCP value to which this entry relates."
::= { ipPolicyDiffServEntry 2 }
ipPolicyDiffServOperation OBJECT-TYPE
SYNTAX INTEGER (1..1000)
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"This field points to the appropriate ipPolicyCompositeOpID in
ipPolicyCompositeOpTable.
The following read-only rows are always defined in
ipPolicyCompositeOpTable,for backward comaptability with Policy
MIB prior to version 1.3.0:
OpId OpName PolicyRuleOp prior to Policy MIB 1.3.0
==== ====== ======================================
1 Priority 0 forwardPriority0(1)
2 Priority 1 forwardPriority1(2)
3 Priority 2 forwardPriority2(3)
4 Priority 3 forwardPriority3(4)
5 Priority 4 forwardPriority4(5)
6 Priority 5 forwardPriority5(6)
7 Priority 6 forwardPriority6(7)
8 Priority 7 forwardPriority7(8)
9 Forward No Change forward(9)
10 Deny deny(10)
11 Deny and Notify denyAndNotify(11)
12 Reserved - do not use layer2Switching(12)
"
DEFVAL { 9 }
::= { ipPolicyDiffServEntry 3 }
ipPolicyDiffServName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..40))
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"Name of this DSCP entry. This fields is used only for documentation
purposes. Default name is:
DSCP #N "
::= { ipPolicyDiffServEntry 4 }
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
-- 1.3.6.1.4.1.81.36.4.1.5
ipPolicyDiffServAggIndex OBJECT-TYPE
SYNTAX INTEGER (0..63)
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"Index of the aggregated group this DSCP entry belongs too.
Management station may use this mib item to classify the DSCP entries
to groups with the same behaviour.
The defval for this mib item is device specific."
::= { ipPolicyDiffServEntry 5 }
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
-- 1.3.6.1.4.1.81.36.4.1.6
ipPolicyDiffServApplicabilityPrecedence OBJECT-TYPE
SYNTAX INTEGER (0..9999)
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"This field indicates how important is it to enforce this entry.
The higher the number the more important it is to enforce this entry.
The value 9999 has a special meaning of Mandatory which means this
entry MUST be enforced.
Device may choose to support only a subset of these values.."
DEFVAL { 9999 }
::= { ipPolicyDiffServEntry 6 }
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
-- 1.3.6.1.4.1.81.36.4.1.7
ipPolicyDiffServApplicabilityStatus OBJECT-TYPE
SYNTAX INTEGER
{
applicable(1),
partiallyApplicable(2),
notApplicable(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Used to monitor if a DSCP entry is currently applicable
or would be applicable (if the table becomes active).
The values returned for this MIB are not affected by the table status
active/inactive)
applicable - This entry is/would be applicable
partiallyApplicable - This entry is/would be applicable for some
packets/sessions but might not be applicable for other
packets/sessions
notApplicable - This entry is NOT/would NOT be applicable
unknown - Status is temporary unknown. This may be because the table
validation is inProgress. Querying this item triggeres table
validation if not already triggered."
::= { ipPolicyDiffServEntry 7 }
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
-- 1.3.6.1.4.1.81.36.4.1.8
ipPolicyDiffServApplicabilityType OBJECT-TYPE
SYNTAX INTEGER
{
static(1),
quasiStatic(2),
dynamic(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Used to monitor the ApplicabilityStatus of the entry in the context of
this table. The values returned for this MIB are not affected by the
table status (active/inactive).
static - The applicabilityStatus of this entry is guaranteed
regardless of the ApplicabilityPrecedence of this entry
or of other entries in the list.
quasiStatic - The applicability status of this entry is
guaranteed if no configuration changes are made,
BUT changes of ApplicabilityPrecedence of this entry or
other entries in this table may change the
applicabilityStatus of this entry.
dynamic - The applicabilityStatus of this entry can change
depending on network conditions (i.e. localization) or
other conditions such as (but not limited to) changes of
ApplicabilityPrecedence of this entry or other entries
in this table.
unknown - Status is temporary unknown. This may be because the
table validation is inProgress. Querying this item triggeres
table validation if not already triggered.
The values returned for this MIB are not affected by the table
status (active/inactive)"
::= { ipPolicyDiffServEntry 8 }
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
-- 1.3.6.1.4.1.81.36.4.1.9
ipPolicyDiffServErrMsg OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Free text describing the reason why the entry is not Applicable.
When entry is Applicable returns NULL string.
The values returned for this MIB are not affected by the list status
(active/inactive)"
::= { ipPolicyDiffServEntry 9 }
ipPolicyQueryTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyQueryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to query the policy application for different
types of information. The first use is to query about the operation
that would be applied to a given packet.
This table can be used by a managment application to supply the user
an interactive dialog for looking ahead at the outcomes of the policy
defined"
::= { ipPolicyMgmt 5 }
ipPolicyQueryEntry OBJECT-TYPE
SYNTAX IpPolicyQueryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry relates to one EntID (AKA module / box) in the stack"
INDEX { ipPolicyQuerySlot }
::= { ipPolicyQueryTable 1 }
IpPolicyQueryEntry ::=
SEQUENCE {
ipPolicyQuerySlot
Integer32,
ipPolicyQueryListID
INTEGER,
ipPolicyQuerySrcAddr
IpAddress,
ipPolicyQueryDstAddr
IpAddress,
ipPolicyQueryProtocol
INTEGER,
ipPolicyQueryL4SrcPort
INTEGER,
ipPolicyQueryL4DestPort
INTEGER,
ipPolicyQueryEstablished
INTEGER,
ipPolicyQueryDSCP
INTEGER,
ipPolicyQueryOperation
INTEGER,
ipPolicyQueryRuleID
INTEGER,
ipPolicyQueryDSCPOperation
INTEGER,
ipPolicyQueryPriority
INTEGER,
ipPolicyQueryIfIndex
Integer32,
ipPolicyQuerySubContext
SubContextTypes,
ipPolicyQueryIcmpTypeCode
INTEGER,
ipPolicyQueryIpFragments
INTEGER,
ipPolicyQueryIpOption
TruthValue,
ipPolicyQueryAccessOperation
INTEGER,
ipPolicyQueryNotifyOperation
INTEGER,
ipPolicyQueryErrorReplyOperation
INTEGER,
ipPolicyQueryCoSOperation
INTEGER
}
ipPolicyQuerySlot OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The EntID-id (AKA module-id / box number) to which this rule relates"
::= { ipPolicyQueryEntry 1 }
ipPolicyQueryListID OBJECT-TYPE
SYNTAX INTEGER (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The ID of the list used to check the simulated packet. "
::= { ipPolicyQueryEntry 2 }
ipPolicyQuerySrcAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The IP address of the source station in the packet"
::= { ipPolicyQueryEntry 3 }
ipPolicyQueryDstAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The IP address of the destination station in the packet"
::= { ipPolicyQueryEntry 4 }
ipPolicyQueryProtocol OBJECT-TYPE
SYNTAX INTEGER (0..256)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The IP protocol in the packet. Use 256 to specify IP
(i.e. don't care)"
DEFVAL { 256 }
::= { ipPolicyQueryEntry 5 }
ipPolicyQueryL4SrcPort OBJECT-TYPE
SYNTAX INTEGER (0..65536)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The source port of the packet.
This fields is applicable only when ipPolicyQueryProtocol
is TCP(6) or UDP(17).
In all other cases its values is not used."
::= { ipPolicyQueryEntry 6 }
ipPolicyQueryL4DestPort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The destination port of the packet.
This fields is applicable only when ipPolicyRuleProtocol is TCP(6) or UDP(17).
In all other cases its values is not used."
::= { ipPolicyQueryEntry 7 }
ipPolicyQueryEstablished OBJECT-TYPE
SYNTAX INTEGER
{
yes(1),
no(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of the TCP Establish bit in simulated packet.
This fields is applicable only when ipPolicyQueryProtocol is TCP(6)"
DEFVAL { no }
::= { ipPolicyQueryEntry 8 }
ipPolicyQueryDSCP OBJECT-TYPE
SYNTAX INTEGER (0..64)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The DSCP value in the simulated packet.
The value 64 is used to specify DONT CARE. In this case the result
maybe forwardNoChange
If a specifc value is specified the result would be the exact prioirty
associated with the packet after consulting the DSCP table."
DEFVAL { 64 }
::= { ipPolicyQueryEntry 9 }
ipPolicyQueryOperation OBJECT-TYPE
SYNTAX INTEGER (1..1000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The operation that would be applied to the simulated packet.
This field points to the appropriate ipPolicyCompositeOpID in
ipPolicyCompositeOpTable.
The following read-only rows are always defined in
ipPolicyCompositeOpTable,for backward comaptability with Policy
MIB prior to version 1.3.0:
OpId OpName PolicyRuleOp prior to Policy MIB 1.3.0
==== ====== ======================================
0 Not relevant - this value should be returned when and invalid ifIndex, direction is specified.
1 Priority 0 forwardPriority0(1)
2 Priority 1 forwardPriority1(2)
3 Priority 2 forwardPriority2(3)
4 Priority 3 forwardPriority3(4)
5 Priority 4 forwardPriority4(5)
6 Priority 5 forwardPriority5(6)
7 Priority 6 forwardPriority6(7)
8 Priority 7 forwardPriority7(8)
9 Forward No Change forward(9)
10 Deny deny(10)
11 Deny and Notify denyAndNotify(11)
12 Reserved - do not use layer2Switching(12)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for list in split list mode:
OpId OpName
==== ======
1 permit
2 deny
3 deny-and-notify
4 deny-and-reset-connection (Boxster only)
5 deny-and-notify-and-reset-connection (Boxster only)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a ACL list in split list mode:
OpId OpName
==== ======
1 CoS0
2 CoS1
3 CoS2
4 CoS3
5 CoS4
6. CoS5
7. CoS6
8. CoS7
9. no-change
10. trust-dscp-only
11. trust-dscp-and-cos (Boxster default)
The following read-only rows are always defined in ipPolicyCompositeOpTable for PBR list in split list mode:
OpId OpName
==== ======
1 DBR (Destination Based Routing)
2 unused
.
.
9 NH1 (Next Hop)
10 NH2
.
.
28 NH20
The following read-only rows are always defined in ipPolicyCompositeOpTable for Crypto list in split list mode:
OpId OpName
==== ======
1 Bypass
2 Crypto Map 1
3 Crypto Map 2
21 Crypto Map 20"
::= { ipPolicyQueryEntry 10 }
ipPolicyQueryRuleID OBJECT-TYPE
SYNTAX INTEGER (0..10000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"ID of the rule of the list that resulted in the ipPolicyQueryOperation for the query.
A value of 0 means that ipPolicyQueryOperation is a result of the ipPolicyListDefaultOperation
10000 should be returned in case of an error, where this query can't be processed."
::= { ipPolicyQueryEntry 11 }
ipPolicyQueryDSCPOperation OBJECT-TYPE
SYNTAX INTEGER (0..65)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The New DSCP value that of the simulated packet
A value of 64 means the DSCP field will not be changed.
A value of 65 means this query can't be processed."
::= { ipPolicyQueryEntry 12 }
ipPolicyQueryPriority OBJECT-TYPE
SYNTAX INTEGER
{
forwardPriority0(1),
forwardPriority1(2),
forwardPriority2(3),
forwardPriority3(4),
forwardPriority4(5),
forwardPriority5(6),
forwardPriority6(7),
forwardPriority7(8),
dontCare(99)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The 802.1p priority in the simulated packet.
When the priority is dontCare, the result maybe forwardNoChange."
DEFVAL { dontCare }
::= { ipPolicyQueryEntry 13 }
ipPolicyQueryIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This variable should be made equal to the ifIndex of the interface for which this query should be resolved.
The value of 0 means the context of the first entry in the ipPolicyActivationTable for this SlotID"
DEFVAL { 0 }
::= { ipPolicyQueryEntry 14 }
ipPolicyQuerySubContext OBJECT-TYPE
SYNTAX SubContextTypes
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The direction for which this query should be resolved:
ingress(1)- going into the interface, from the network
egress(2) - going out of the interface, towards the network"
DEFVAL { ingress }
::= { ipPolicyQueryEntry 15 }
ipPolicyQueryIcmpTypeCode OBJECT-TYPE
SYNTAX INTEGER
{
echo-reply(0),
netwrok-unreachable(768),
host-unreachable(769),
protocol-unreachable(770),
port-unreachable(771),
fragmentation-needed-but-df-bit-set(772),
source-route-failed(773),
destination-network-unknown(774),
destination-host-unknown(775),
destination-network-admin-prohibited(777),
network-unreachable-for-tos(779),
host-unreachable-for-tos(780),
communication-admin-prohibited-filtering(781),
host-precedence-violation(782),
precedence-cutoff-in-effect(783),
source-quench(1024),
redirect-for-network(1280),
redirect-for-type-of-service-and-host(1283),
echo-request(2048),
router-advertisement(2304),
time-to-live-equals-0-during-reassembly(2817),
bad-ip-header(3072),
required-option-missing(3073),
timestamp-requested(3328),
timestamp-reply(3584),
address-mask-request(4352),
address-mask-reply(4608),
traceroute-outbound-packet-successfully-fw(7680),
traceroute-no-route-for-outbound-packet(7681),
domain-name-request(9472),
domain-name-reply(9728),
skip-algorithm-discovery-protocol(9984),
unreachable(66304),
redirect(66816),
time-exceeded(68352),
parameters-problem(68608),
traceroute(73216),
conversion-errors(73472),
mobile-host-redirect(73728),
ipv6-where-are-you(73984),
ipv6-I-am-here(74240),
mobile-registration-request(74496),
mobile-registration-reply(74752),
security-failure(75776),
any(196608),
not-supported(262144)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Simulated packet ICMP type and code.
If protocol is not ICMP this values should not be used.
Field format:
- 19 bits filed.
- MSB (bit 18) stand for not-supported.
- Bit 17 stands for any ICMP type.
- Bit 16 stands for any ICMP code.
- Bits 8-15 stand for ICMP type.
- Bits 0-7 stand for ICMP code.
For example:
- not-supported(262144) = 0x40000
- any(196608) = 0x30000
- ICMP type unreachable(66304), code any = 0x10300
- ICMP type & code host-unreachable(769) = 0x301"
DEFVAL { not-supported }
::= { ipPolicyQueryEntry 16 }
ipPolicyQueryIpFragments OBJECT-TYPE
SYNTAX INTEGER
{
not-fragment(1),
fragment-first-packet(2),
fragment-non-first-packet(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Simulate fragment packet."
DEFVAL { not-fragment }
::= { ipPolicyQueryEntry 17 }
ipPolicyQueryIpOption OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Simulate IP option packet."
DEFVAL { false }
::= { ipPolicyQueryEntry 18 }
ipPolicyQueryAccessOperation OBJECT-TYPE
SYNTAX INTEGER
{
not-supported(0),
permit(1),
deny(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object reports the Access operation result.
This object obsoletes the ipPolicyQueryOperation object."
::= { ipPolicyQueryEntry 19 }
ipPolicyQueryNotifyOperation OBJECT-TYPE
SYNTAX INTEGER
{
not-supported(0),
ignore(1),
notify(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object reports the Notify operation result.
This object obsoletes the ipPolicyQueryOperation object."
::= { ipPolicyQueryEntry 20 }
ipPolicyQueryErrorReplyOperation OBJECT-TYPE
SYNTAX INTEGER
{
not-supported(0),
disable(1),
tcp-reset(2),
icmp-unreachable(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object reports the Error Reply operation result.
This object obsoletes the ipPolicyQueryOperation object."
::= { ipPolicyQueryEntry 21 }
ipPolicyQueryCoSOperation OBJECT-TYPE
SYNTAX INTEGER
{
not-supported(0),
cos0(1),
cos1(2),
cos2(3),
cos3(4),
cos4(5),
cos5(6),
cos6(7),
cos7(8),
no-change(9)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object reports the CoS (Ethernet=802.1p) operation result.
This object obsoletes the ipPolicyQueryOperation object."
::= { ipPolicyQueryEntry 22 }
ipPolicyDiffServControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyDiffServControlEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"This table activates & monitors the Diff Serv application"
::= { ipPolicyMgmt 6 }
ipPolicyDiffServControlEntry OBJECT-TYPE
SYNTAX IpPolicyDiffServControlEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"Each entry relates to one EntID (AKA module / box) in the stack"
INDEX { ipPolicyDiffServSlot }
::= { ipPolicyDiffServControlTable 1 }
IpPolicyDiffServControlEntry ::=
SEQUENCE {
ipPolicyDiffServControlSlot
Integer32,
ipPolicyDiffServControlChecksum
Integer32,
ipPolicyDiffServControlTrustedFields
INTEGER,
ipPolicyDiffServControlValidityStatus
INTEGER,
ipPolicyDiffServControlErrMsg
DisplayString
}
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
-- 1.3.6.1.4.1.81.36.6.1.1
ipPolicyDiffServControlSlot OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The EntID-id (AKA module-id / box number) to which this control entry
relates"
::= { ipPolicyDiffServControlEntry 1 }
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- INTEGER
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
-- 1.3.6.1.4.1.81.36.6.1.2
ipPolicyDiffServControlChecksum OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Checksum of all the configurable (read/write) DiffServ mib items
including the Diff Serv table.
This field can be used by the management application to discover that
Diff Serv configuration has changed (instead of polling all the
Diff Serv mib items)."
::= { ipPolicyDiffServControlEntry 2 }
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
-- 1.3.6.1.4.1.81.36.6.1.3
ipPolicyDiffServControlTrustedFields OBJECT-TYPE
SYNTAX INTEGER
{
cos(1),
dscp(2),
cos-dscp(3),
untrust(4)
}
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"Specify which fields in the incoming packet might be trausted when the
policy decision should be based in the incoming packet itself.
Policy decision depend on the active policy list.
In cases that there is no active policy list or that the result of the
active policy list is Permit, then the outgoing packet prioirty may be
based on the incoming packet instead of an the user specification.
Trusting COS (802.1p) means that the outgoing packet prioirty (802.1p)
should equal the incoming packet prioirty.
Trusting DSCP means that the outgoing packet prioirty (802.1p)
should be taken from ipPolicyDiffServTable using the incoming packet
DSCP value.
Trusting COS + DSCP means that both fields should be used.
The behavior of the device when both COS + DSCP should be trusted
is outside the scope of the current version of the MIB.
(Note: P333R uses the max between incoming COS & DSCP-to-COS mapping)
Some devices might support only a subset of the values."
DEFVAL { dscp }
::= { ipPolicyDiffServControlEntry 3 }
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
-- 1.3.6.1.4.1.81.36.6.1.4
ipPolicyDiffServControlValidityStatus OBJECT-TYPE
SYNTAX INTEGER
{
valid(1),
invalid(2)
}
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Validity status of the DSCP table:
valid - All the entries in the DSCP table can be executed
invalid - One or more of the entries in the DSCP table
can NOT be EXECUTED."
::= { ipPolicyDiffServControlEntry 4 }
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
-- 1.3.6.1.4.1.81.36.6.1.5
ipPolicyDiffServControlErrMsg OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Free text describing the reason why the table is not valid.
When the table is valid returns NULL string.
The values returned for this MIB are not affected by the table
status (active/inactive)."
::= { ipPolicyDiffServControlEntry 5 }
ipPolicyAccessControlViolationTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyAccessControlViolationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains infomations raerding the last packet (per module)
for which ipPolicyAccessControlViolationTrap was sent."
::= { ipPolicyMgmt 7 }
ipPolicyAccessControlViolationEntry OBJECT-TYPE
SYNTAX IpPolicyAccessControlViolationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry conatins the information regarding the last packet for which
ipPolicyAccessControlViolationTrap was sent by the specific module."
INDEX { ipPolicyAccessControlViolationEntID }
::= { ipPolicyAccessControlViolationTable 1 }
IpPolicyAccessControlViolationEntry ::=
SEQUENCE {
ipPolicyAccessControlViolationEntID
Integer32,
ipPolicyAccessControlViolationSrcAddr
IpAddress,
ipPolicyAccessControlViolationDstAddr
IpAddress,
ipPolicyAccessControlViolationProtocol
INTEGER,
ipPolicyAccessControlViolationL4SrcPort
INTEGER,
ipPolicyAccessControlViolationL4DstPort
INTEGER,
ipPolicyAccessControlViolationEstablished
INTEGER,
ipPolicyAccessControlViolationDSCP
INTEGER,
ipPolicyAccessControlViolationIfIndex
Integer32,
ipPolicyAccessControlViolationSubCtxt
INTEGER,
ipPolicyAccessControlViolationTime
TimeTicks,
ipPolicyAccessControlViolationRuleType
INTEGER
}
ipPolicyAccessControlViolationEntID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The EntID-id (AKA module-id / box number) for which the trap was vsent"
::= { ipPolicyAccessControlViolationEntry 1 }
ipPolicyAccessControlViolationSrcAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the source station in the packet"
::= { ipPolicyAccessControlViolationEntry 2 }
ipPolicyAccessControlViolationDstAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the destination station in the packet"
::= { ipPolicyAccessControlViolationEntry 3 }
ipPolicyAccessControlViolationProtocol OBJECT-TYPE
SYNTAX INTEGER (0..256)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP protocol in the packet. Use 256 to specify IP (i.e. don't care)"
::= { ipPolicyAccessControlViolationEntry 4 }
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
-- 1.3.6.1.4.1.81.36.7.1.5
ipPolicyAccessControlViolationL4SrcPort OBJECT-TYPE
SYNTAX INTEGER (0..65536)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The source port of the packet.
This fields is applicable only when
ipPolicyAccessControlViolationProtocol is TCP(6) or UDP(17).
In all other cases its values is not used."
::= { ipPolicyAccessControlViolationEntry 5 }
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
-- 1.3.6.1.4.1.81.36.7.1.6
ipPolicyAccessControlViolationL4DstPort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The destination port of the packet.
This fields is applicable only when
ipPolicyAccessControlViolationProtocol is TCP(6) or UDP(17).
In all other cases its values is not used."
::= { ipPolicyAccessControlViolationEntry 6 }
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
-- 1.3.6.1.4.1.81.36.7.1.7
ipPolicyAccessControlViolationEstablished OBJECT-TYPE
SYNTAX INTEGER
{
yes(1),
dontCare(2),
no(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This field indicates the value of the established bit in the TCP header
of the packet. This fields is applicable only when \
ipPolicyAccessControlViolationProtocol is TCP(6) or UDP(17).
In all other cases its values is not used."
::= { ipPolicyAccessControlViolationEntry 7 }
ipPolicyAccessControlViolationDSCP OBJECT-TYPE
SYNTAX INTEGER (0..64)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The DSCP value in the violating packet.
The value 64 is used to specify DONT know. "
::= { ipPolicyAccessControlViolationEntry 8 }
-- 1.3.6.1.4.1.81.36.7.1.9
-- 1.3.6.1.4.1.81.36.7.1.9
-- 1.3.6.1.4.1.81.36.7.1.9
ipPolicyAccessControlViolationIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The interface on which the violation occured."
::= { ipPolicyAccessControlViolationEntry 9 }
-- 1.3.6.1.4.1.81.36.7.1.10
-- 1.3.6.1.4.1.81.36.7.1.10
-- 1.3.6.1.4.1.81.36.7.1.10
ipPolicyAccessControlViolationSubCtxt OBJECT-TYPE
SYNTAX INTEGER
{
ingress(1),
egress(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The sub-context on which this violation occured."
::= { ipPolicyAccessControlViolationEntry 10 }
-- 1.3.6.1.4.1.81.36.7.1.11
-- 1.3.6.1.4.1.81.36.7.1.11
-- 1.3.6.1.4.1.81.36.7.1.11
ipPolicyAccessControlViolationTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime at the time the violation was recorded"
::= { ipPolicyAccessControlViolationEntry 11 }
-- 1.3.6.1.4.1.81.36.7.1.12
-- 1.3.6.1.4.1.81.36.7.1.12
-- 1.3.6.1.4.1.81.36.7.1.12
-- 1.3.6.1.4.1.81.36.7.1.12
-- 1.3.6.1.4.1.81.36.7.1.12
-- 1.3.6.1.4.1.81.36.7.1.12
-- 1.3.6.1.4.1.81.36.7.1.12
ipPolicyAccessControlViolationRuleType OBJECT-TYPE
SYNTAX INTEGER
{
ruleEntry(1),
ipOptionOperation(2),
ipFragmentationOperation(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of rule that generated this notification.
ruleEntry - notification generated by a rule in IpPolicyRuleEntry
ipOptionOperation - notification generated by the list-level
ipPolicyListIpOptionOperation rule.
ipFragmentationOperation - notification generated by the list-level
ipPolicyListIpFragmentationOperation rule.
"
::= { ipPolicyAccessControlViolationEntry 12 }
ipPolicyCompositeOpTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyCompositeOpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to add/delete/modify/monitor individual composite operations in a policy list."
::= { ipPolicyMgmt 8 }
ipPolicyCompositeOpEntry OBJECT-TYPE
SYNTAX IpPolicyCompositeOpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An operation composed of different actions that can be applied to a
flow. A compostie op is refernced from ipPolicyRuleOperation"
INDEX { ipPolicyCompositeOpEntID, ipPolicyCompositeOpListID, ipPolicyCompositeOpID }
::= { ipPolicyCompositeOpTable 1 }
IpPolicyCompositeOpEntry ::=
SEQUENCE {
ipPolicyCompositeOpEntID
Integer32,
ipPolicyCompositeOpListID
INTEGER,
ipPolicyCompositeOpID
Integer32,
ipPolicyCompositeOpName
DisplayString,
ipPolicyCompositeOp802priority
INTEGER,
ipPolicyCompositeOpAccess
INTEGER,
ipPolicyCompositeOpDscp
INTEGER,
ipPolicyCompositeOpRSGQualityClass
INTEGER,
ipPolicyCompositeOpNotify
INTEGER,
ipPolicyCompositeOpRowStatus
RowStatus,
ipPolicyCompositeOpErrorReply
INTEGER,
ipPolicyCompositeOpTrustDscp
INTEGER
}
ipPolicyCompositeOpEntID OBJECT-TYPE
SYNTAX Integer32 (0..1000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Id of the entity for which a set of rows applies. This index is
provided as a mean of distributing non-related information on
different entities such as physical modules. The module ID
(EntID number). "
::= { ipPolicyCompositeOpEntry 1 }
ipPolicyCompositeOpListID OBJECT-TYPE
SYNTAX INTEGER (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The list object this set of operations belong to.
List 0 is the default list. When a new list is created, the
CompositeOp table of list 0 is copied to the composite op table of
that list. Hence changing the composite OP of list 0 changes the
default ops of the system."
::= { ipPolicyCompositeOpEntry 2 }
ipPolicyCompositeOpID OBJECT-TYPE
SYNTAX Integer32 (1..1000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The ID of the operation. This ID is pointed by the corresponding
ipPolycyRuleOperation."
::= { ipPolicyCompositeOpEntry 3 }
ipPolicyCompositeOpName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"User-created name for the composite action.
The operation that should be applied to a packet in case the packet does not match any of the user specified rules. Values pertains to ACL or QoS depending on List type.
This field points to the appropriate ipPolicyCompositeOpID in ipPolicyCompositeOpTable.
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a combined List:
OpId OpName PolicyRuleOp prior to Policy MIB 1.3.0
==== ====== ======================================
1 Priority 0 forwardPriority0(1)
2 Priority 1 forwardPriority1(2)
3 Priority 2 forwardPriority2(3)
4 Priority 3 forwardPriority3(4)
5 Priority 4 forwardPriority4(5)
6 Priority 5 forwardPriority5(6)
7 Priority 6 forwardPriority6(7)
8 Priority 7 forwardPriority7(8)
9 Forward No Change forward(9)
10 Deny deny(10)
11 Deny and Notify denyAndNotify(11)
12 Do not EZRoute layer2Switching(12)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a ACL list in split list mode:
OpId OpName
==== ======
1 permit
2 deny
3 deny-and-notify
4 deny-and-reset-connection (Boxster only)
5 deny-and-notify-and-reset-connection (Boxster only)
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a ACL list in split list mode:
OpId OpName
==== ======
1 CoS0
2 CoS1
3 CoS2
4 CoS3
5 CoS4
6. CoS5
7. CoS6
8. CoS7
9. no-change
10. trust-dscp-only
11. trust-dscp-and-cos (Boxster default)
The following read-only rows are always defined in ipPolicyCompositeOpTable for PBR list in split list mode:
OpId OpName
==== ======
1 DBR (Destination Based Routing)
2 unused
.
.
9 NH1 (Next Hop)
10 NH2
.
.
28 NH20
The following read-only rows are always defined in ipPolicyCompositeOpTable for Crypto list in split list mode:
OpId OpName
==== ======
1 Bypass
2 Crypto Map 1
3 Crypto Map 2
21 Crypto Map 20
Access-control default operation is permit.
QoS default operation is no-change.
PBR default operation is DBR (Destination Based Routing)."
DEFVAL { "" }
::= { ipPolicyCompositeOpEntry 4 }
ipPolicyCompositeOp802priority OBJECT-TYPE
SYNTAX INTEGER
{
cos0(1),
cos1(2),
cos2(3),
cos3(4),
cos4(5),
cos5(6),
cos6(7),
cos7(8),
no-change(9),
not-supported(255)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Class of Service to use.
In the Ethernet world it means 802.1p tagging."
DEFVAL { no-change }
::= { ipPolicyCompositeOpEntry 5 }
ipPolicyCompositeOpAccess OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2),
not-supported(255)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Access control method - block or forward."
DEFVAL { deny }
::= { ipPolicyCompositeOpEntry 6 }
ipPolicyCompositeOpDscp OBJECT-TYPE
SYNTAX INTEGER (0..64 | 255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The New DSCP value that should be applied to packets that match
this rule. Applicable only to devices that can change the DSCP
field of a packet.
64 - no change.
255 - notSupported."
DEFVAL { 64 }
::= { ipPolicyCompositeOpEntry 7 }
ipPolicyCompositeOpRSGQualityClass OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Requested Web Switching Service quality.
This field is meaningfull onnly in the context of Web-Switching
applications (Server Load balancing, Application redirection,
Firewall load balancing, etc.).
If a given flow needs to be mapped to a server group,
(because of WebSwitching configurations), and this flow also matches
a policy rule, then the selection of the group will be determined
by mapping the quality class required ny the flow to the wquality
assigned to the available groups.
The meaining of the class is:
0 - lowest quality
255 - highest quality.
Example:
A flow matches quality level of 42.
two server groups are defined - one with quality class of 0, and
the 2nd with quality class of 42.
The flow will map to the server group with quality class 42.
"
DEFVAL { 0 }
::= { ipPolicyCompositeOpEntry 8 }
ipPolicyCompositeOpNotify OBJECT-TYPE
SYNTAX INTEGER
{
ignore(1),
notify(2),
not-supported(255)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Notify (send trap and/or log) to management if specific flow was detected."
DEFVAL { ignore }
::= { ipPolicyCompositeOpEntry 9 }
ipPolicyCompositeOpRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for creation/deletion of an operation"
::= { ipPolicyCompositeOpEntry 10 }
ipPolicyCompositeOpErrorReply OBJECT-TYPE
SYNTAX INTEGER
{
disable(1),
auto(2),
not-supported(255)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Reset connection.
Sends TCP reset as response to TCP syn or TCP syn+ack packets or send ICMP destination unreachable, communication administratively prohibited by filtering (code 13) for non-TCP packets. Boxster specific command."
DEFVAL { disable }
::= { ipPolicyCompositeOpEntry 11 }
ipPolicyCompositeOpTrustDscp OBJECT-TYPE
SYNTAX INTEGER
{
no(1),
dscp-only(2),
dscp-and-cos(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Trust DSCP table.
trust dscp-only or trust dscp-and-cos means 'consult DSCP table' (which actually points back to composite operation table).
Packet's DSCP field would be remarked based on DSCP table.
Packet's CoS field:
a. Trust dscp-only means that CoS values would be taken according to DSCP table (in the same manner of DSCP remarking).
b. Trust dscp-and-cos means that the new CoS value would be the maximum value between packet's CoS and DSCP table suggestion."
DEFVAL { no }
::= { ipPolicyCompositeOpEntry 12 }
ipPolicyDSCPmapTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyDSCPmapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to configure the policy that is associated with differntiated services. For each DSCP value the table contain the operation that should applied to packets that match this DSCP value.
Note that in this version of this mib, allowed policies are restricted to priority levels and access control.
There is one set of DSCP mappings per List. Set no. 0 is the default set.
When a new list is created, DSCP mappings of set 0 are copied to the DSCP mapping set of the new list.
Note: The ietf notion of PHB (per-hop forwarding behaviors) is not yet supported"
::= { ipPolicyMgmt 9 }
ipPolicyDSCPmapEntry OBJECT-TYPE
SYNTAX IpPolicyDSCPmapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The information concerning one of the IP policy lists"
INDEX { ipPolicyDSCPmapEntID, ipPolicyDSCPmapListID, ipPolicyDSCPmapDSCP }
::= { ipPolicyDSCPmapTable 1 }
IpPolicyDSCPmapEntry ::=
SEQUENCE {
ipPolicyDSCPmapEntID
Integer32,
ipPolicyDSCPmapListID
INTEGER,
ipPolicyDSCPmapDSCP
INTEGER,
ipPolicyDSCPmapOperation
INTEGER,
ipPolicyDSCPmapName
DisplayString,
ipPolicyDSCPmapApplicabilityPrecedence
INTEGER,
ipPolicyDSCPmapApplicabilityStatus
INTEGER,
ipPolicyDSCPmapApplicabilityType
INTEGER,
ipPolicyDSCPmapErrMsg
DisplayString
}
-- 1.3.6.1.4.1.81.36.9.1.1
ipPolicyDSCPmapEntID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The EntID-id (AKA module-id / box number) to which diff-serv
table relates"
::= { ipPolicyDSCPmapEntry 1 }
-- 1.3.6.1.4.1.81.36.9.1.2
ipPolicyDSCPmapListID OBJECT-TYPE
SYNTAX INTEGER (0..1000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The list object this set of DSCP mappings belong to.
List 0 is the default list. When a new list is created, the
DSCP mapping of list 0 is opied to the DSCP mappingp table of
that list. Hence changing the DSCP mapping oflist 0 changes the
default DSCP mapping of the system."
::= { ipPolicyDSCPmapEntry 2 }
-- 1.3.6.1.4.1.81.36.9.1.3
ipPolicyDSCPmapDSCP OBJECT-TYPE
SYNTAX INTEGER (0..63)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The DSCP value to which this entry relates."
::= { ipPolicyDSCPmapEntry 3 }
ipPolicyDSCPmapOperation OBJECT-TYPE
SYNTAX INTEGER (0..1000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This field points to the appropriate ipPolicyCompositeOpID in ipPolicyCompositeOpTable.
The operation that should be applied to a packet in case the packet does not match any of the user specified rules. Values pertains to ACL or QoS depending on List type.
This field points to the appropriate ipPolicyCompositeOpID in ipPolicyCompositeOpTable.
The following read-only rows that are always defined in ipPolicyCompositeOpTable for a combined List:
OpId OpName PolicyRuleOp prior to Policy MIB 1.3.0
==== ====== ======================================
1 Priority 0 forwardPriority0(1)
2 Priority 1 forwardPriority1(2)
3 Priority 2 forwardPriority2(3)
4 Priority 3 forwardPriority3(4)
5 Priority 4 forwardPriority4(5)
6 Priority 5 forwardPriority5(6)
7 Priority 6 forwardPriority6(7)
8 Priority 7 forwardPriority7(8)
9 Forward No Change forward(9)
10 Deny deny(10)
11 Deny and Notify denyAndNotify(11)
12 Do not EZRoute layer2Switching(12)
The following read-only rows that can be point in QoS List:
OpId OpName
==== ======
1 CoS0
2 CoS1
3 CoS2
4 CoS3
5 CoS4
6. CoS5
7. CoS6
8. CoS7
9. no-change
QoS default operation is no-change."
DEFVAL { 9 }
::= { ipPolicyDSCPmapEntry 4 }
-- 1.3.6.1.4.1.81.36.9.1.5
ipPolicyDSCPmapName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..32))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Name of this DSCP entry. This field is used only for documentation purposes.
Default name is:
CS0 - 0
CS1 - 8
CS2 - 16
CS3 - 24
CS4 - 32
CS5 - 40
CS6 - 48
CS7 - 56
AF11 - 10
AF12 - 12
AF13 - 14
AF21 - 18
AF22 - 20
AF23 - 22
AF31 - 26
AF32 - 28
AF33 - 30
AF41 - 34
AF42 - 36
AF43 - 38
EF PHB - 46
Other name are: DSCP #N."
::= { ipPolicyDSCPmapEntry 5 }
-- 1.3.6.1.4.1.81.36.9.1.6
ipPolicyDSCPmapApplicabilityPrecedence OBJECT-TYPE
SYNTAX INTEGER (0..9999)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This field indicates how important is it to enforce this entry.
The higher the number the more important it is to enforce this entry.
The value 9999 has a special meaning of Mandatory which means this
entry MUST be enforced.
Device may choose to support only a subset of these values.."
DEFVAL { 9999 }
::= { ipPolicyDSCPmapEntry 6 }
-- 1.3.6.1.4.1.81.36.9.1.7
ipPolicyDSCPmapApplicabilityStatus OBJECT-TYPE
SYNTAX INTEGER
{
applicable(1),
partiallyApplicable(2),
notApplicable(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Used to monitor if a DSCP entry is currently applicable
or would be applicable (if the table becomes active).
The applicability context is that of the first entry for this SlotID
in ipPolicyValidDSCPTable.
The values returned for this MIB are not affected by the table status
active/inactive)
applicable - This entry is/would be applicable
partiallyApplicable - This entry is/would be applicable for some
packets/sessions but might not be applicable for other
packets/sessions
notApplicable - This entry is NOT/would NOT be applicable
unknown - Status is temporary unknown. This may be because the table
validation is inProgress. Querying this item triggeres table
validation if not already triggered."
::= { ipPolicyDSCPmapEntry 7 }
-- 1.3.6.1.4.1.81.36.9.1.8
ipPolicyDSCPmapApplicabilityType OBJECT-TYPE
SYNTAX INTEGER
{
static(1),
quasiStatic(2),
dynamic(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Used to monitor the ApplicabilityStatus of the entry in the context of
this table. The values returned for this MIB are not affected by the
table status (active/inactive).
static - The applicabilityStatus of this entry is guaranteed
regardless of the ApplicabilityPrecedence of this entry
or of other entries in the list.
quasiStatic - The applicability status of this entry is
guaranteed if no configuration changes are made,
BUT changes of ApplicabilityPrecedence of this entry or
other entries in this table may change the
applicabilityStatus of this entry.
dynamic - The applicabilityStatus of this entry can change
depending on network conditions (i.e. localization) or
other conditions such as (but not limited to) changes of
ApplicabilityPrecedence of this entry or other entries
in this table.
unknown - Status is temporary unknown. This may be because the
table validation is inProgress. Querying this item triggeres
table validation if not already triggered.
The values returned for this MIB are not affected by the table
status (active/inactive)"
::= { ipPolicyDSCPmapEntry 8 }
-- 1.3.6.1.4.1.81.36.9.1.9
ipPolicyDSCPmapErrMsg OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"Free text describing the reason why the entry is not Applicable.
When entry is Applicable returns NULL string.
The values returned for this MIB are not affected by the list status
(active/inactive)"
::= { ipPolicyDSCPmapEntry 9 }
ipPolicyActivationTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyActivationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ipPolicyActivationTable is used to map between
interface/direction pairs
to policy lists.
This table accomodates devices that have one or more active
Policy list, each list for a different qualifying
interface/direction context.
Each entry has a number which represents the list that is active
for the matching interface/direction.
Devices which have no distinction between interfaces, will
use ifIndex 0.
"
::= { ipPolicyMgmt 10 }
ipPolicyActivationEntry OBJECT-TYPE
SYNTAX IpPolicyActivationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The information concerning an interface/direction pair"
INDEX { ipPolicyActivationEntID, ipPolicyActivationifIndex, ipPolicyActivationSubContext }
::= { ipPolicyActivationTable 1 }
IpPolicyActivationEntry ::=
SEQUENCE {
ipPolicyActivationEntID
INTEGER,
ipPolicyActivationifIndex
Integer32,
ipPolicyActivationSubContext
SubContextTypes,
ipPolicyActivationSubContextName
OCTET STRING,
ipPolicyActivationList
Integer32,
ipPolicyActivationAclList
Integer32,
ipPolicyActivationQoSList
Integer32,
ipPolicyActivationSourceNatList
Integer32,
ipPolicyActivationDestinationNatList
Integer32,
ipPolicyActivationAntiSpoofignList
Integer32,
ipPolicyActivationPBRList
Integer32,
ipPolicyActivationCryptoList
Integer32
}
ipPolicyActivationEntID OBJECT-TYPE
SYNTAX INTEGER (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Id of the entity for which a set of rows applies. This index is
provided as a mean of distributing non-related information on
different entities such as physical modules. The module ID
(EntID number). "
::= { ipPolicyActivationEntry 1 }
ipPolicyActivationifIndex OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This variable should be made equal to the ifIndex of the interface
for which this entry is relevant"
::= { ipPolicyActivationEntry 2 }
ipPolicyActivationSubContext OBJECT-TYPE
SYNTAX SubContextTypes
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The direction for which this list is relevant:
ingress(1)- going into the interface, from the network
egress(2) - going out of the interface, towards the network"
::= { ipPolicyActivationEntry 3 }
ipPolicyActivationSubContextName OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The description of the sub context of this interface, in a human
readable string, to be displayed by the NMS."
::= { ipPolicyActivationEntry 4 }
ipPolicyActivationList OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number representing the list from the ipPolicyList table that is active for this interface/direction pair.
This object should be used only if the device supports combined lists scheme.
When no list is assigned to the interface/direction then the MIB returns
value 200."
::= { ipPolicyActivationEntry 5 }
ipPolicyActivationAclList OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number (300 - 399) representing the ACL list from the ipPolicyList table that is active for this interface/direction pair.
This object should be used only if the device supports split lists scheme.
When no list is assigned to the interface/direction then the MIB returns
value 200."
::= { ipPolicyActivationEntry 6 }
ipPolicyActivationQoSList OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number (400 - 499) representing the QoS list from the ipPolicyList table that is active for this interface/direction pair.
This object should be used only if the device supports split lists scheme.
When no list is assigned to the interface/direction then the MIB returns
value 200."
::= { ipPolicyActivationEntry 7 }
ipPolicyActivationSourceNatList OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number (500 - 599) representing the QoS list from the ipPolicyList table that is active for this interface/direction pair.
This object should be used only if the device supports split lists scheme.
When no list is assigned to the interface/direction then the MIB returns
value 200."
::= { ipPolicyActivationEntry 8 }
ipPolicyActivationDestinationNatList OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number (600 - 699) representing the QoS list from the ipPolicyList table that is active for this interface/direction pair.
This object should be used only if the device supports split lists scheme.
When no list is assigned to the interface/direction then the MIB returns
value 200."
::= { ipPolicyActivationEntry 9 }
ipPolicyActivationAntiSpoofignList OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number (700 - 799) representing the QoS list from the ipPolicyList table that is active for this interface/direction pair.
This object should be used only if the device supports split lists scheme.
When no list is assigned to the interface/direction then the MIB returns
value 200."
::= { ipPolicyActivationEntry 10 }
ipPolicyActivationPBRList OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number (800 - 899) representing the PBR list from the ipPolicyList table that is active for this interface/direction pair.
This object should be used only if the device supports split lists scheme.
When no list is assigned to the interface/direction then the MIB returns
value 200."
::= { ipPolicyActivationEntry 11 }
ipPolicyActivationCryptoList OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number (900 - 999) representing Crypto list from the ipPolicyList table that is active for this interface/direction pair.
This object should be used only if the device supports split lists scheme.
When no list is assigned to the interface/direction then the MIB returns
value 200."
::= { ipPolicyActivationEntry 12 }
ipPolicyValidation OBJECT IDENTIFIER ::= { ipPolicyMgmt 11 }
-- 1.3.6.1.4.1.81.36.11.1
ipPolicyValidListTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyValidListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is a Read-Only table that describes
the validity status of a list object in the context
of interface/direction pair.
Devices which have no distinction between interfaces, will
use ifIndex 0."
::= { ipPolicyValidation 1 }
ipPolicyValidListEntry OBJECT-TYPE
SYNTAX IpPolicyValidListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The information concerning an interface/direction pair"
INDEX { ipPolicyValidListEntID, ipPolicyValidListIfIndex, ipPolicyValidListSubContext, ipPolicyValidListListID }
::= { ipPolicyValidListTable 1 }
IpPolicyValidListEntry ::=
SEQUENCE {
ipPolicyValidListEntID
Integer32,
ipPolicyValidListIfIndex
Integer32,
ipPolicyValidListSubContext
SubContextTypes,
ipPolicyValidListListID
Integer32,
ipPolicyValidListStatus
INTEGER,
ipPolicyValidListErrMsg
DisplayString,
ipPolicyValidListIpOption
TruthValue,
ipPolicyValidListIpFragmentation
TruthValue
}
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
-- 1.3.6.1.4.1.81.36.11.1.1.1
ipPolicyValidListEntID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Id of the entity for which a set of rows applies. This index is
provided as a mean of distributing non-related information on
different entities such as physical modules. The module ID
(EntID number). "
::= { ipPolicyValidListEntry 1 }
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
-- 1.3.6.1.4.1.81.36.11.1.1.2
ipPolicyValidListIfIndex OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This variable should be made equal to the ifIndex of the interface
for which this entry is relevant"
::= { ipPolicyValidListEntry 2 }
ipPolicyValidListSubContext OBJECT-TYPE
SYNTAX SubContextTypes
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The direction for which this list should be validated:
ingress(1)- going into the interface, from the network
egress(2) - going out of the interface, towards the network"
::= { ipPolicyValidListEntry 3 }
ipPolicyValidListListID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number representing the list from the ipPolicyList table that is
to be validated for this interface/direction pair."
::= { ipPolicyValidListEntry 4 }
-- 1.3.6.1.4.1.81.36.11.1.1.5
-- 1.3.6.1.4.1.81.36.11.1.1.5
-- 1.3.6.1.4.1.81.36.11.1.1.5
ipPolicyValidListStatus OBJECT-TYPE
SYNTAX INTEGER
{
valid(1),
partiallyValid(2),
invalid(3),
validationInProgress(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Validity status of this list in the context of a particular
interface and direction,
on a particular policy entity.
Summarizes validity of rules,
dscp table and composite Opertaions associated with this list.
valid - For all rules in the list:
ipPolicyRuleApplicabilityStatus = applicable
all DSCP rules are applicable.
partiallyValid - in One or more rules/dscp mapping in the list
ipPolicyRuleApplicabilityPrecedence < 9999 (not mandatory) and
ipPolicyRuleApplicabilityStatus != applicable
In all other rules (if any) :
ipPolicyRuleApplicabilityStatus=applicable
invalid - In One or more rules/dscp mappings in the list
ipPolicyRuleApplicabilityPrecedence=9999 (mandatory) and
ipPolicyRuleApplicabilityStatus != applicable
validationInProgress - The current validity of the list is currently
computed. Managment station should poll the device until one of
the definitive values is returned."
::= { ipPolicyValidListEntry 5 }
-- 1.3.6.1.4.1.81.36.11.1.1.6
-- 1.3.6.1.4.1.81.36.11.1.1.6
-- 1.3.6.1.4.1.81.36.11.1.1.6
ipPolicyValidListErrMsg OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Free text describing the reason why the list is not valid.
When the list is valid returns NULL string.
The values returned for this MIB are not affected by the list
status (active/inactive)."
::= { ipPolicyValidListEntry 6 }
-- 1.3.6.1.4.1.81.36.11.1.1.7
-- 1.3.6.1.4.1.81.36.11.1.1.7
-- 1.3.6.1.4.1.81.36.11.1.1.7
ipPolicyValidListIpOption OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The list is not valid since filtering based on IP option (ipPolicyListIpOptionOperation) cannot be executed."
::= { ipPolicyValidListEntry 7 }
-- 1.3.6.1.4.1.81.36.11.1.1.8
-- 1.3.6.1.4.1.81.36.11.1.1.8
-- 1.3.6.1.4.1.81.36.11.1.1.8
ipPolicyValidListIpFragmentation OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The list is not valid since filtering based on IP fragmentation (ipPolicyListIpFragmentationOperation) cannot be executed."
::= { ipPolicyValidListEntry 8 }
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
-- 1.3.6.1.4.1.81.36.11.2
ipPolicyValidRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyValidRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is a Read-Only table that describes
the applicability/validity status of a rule in a List in the context
of interface/direction pair.
Devices which have no distinction between interfaces, will
use ifIndex 0."
::= { ipPolicyValidation 2 }
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
-- 1.3.6.1.4.1.81.36.11.2.1
ipPolicyValidRuleEntry OBJECT-TYPE
SYNTAX IpPolicyValidRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The information concerning an interface/direction pair"
INDEX { ipPolicyValidRuleEntID, ipPolicyValidRuleIfIndex, ipPolicyValidRuleSubContext, ipPolicyValidRuleListID, ipPolicyValidRuleRuleID
}
::= { ipPolicyValidRuleTable 1 }
IpPolicyValidRuleEntry ::=
SEQUENCE {
ipPolicyValidRuleEntID
Integer32,
ipPolicyValidRuleIfIndex
Integer32,
ipPolicyValidRuleSubContext
SubContextTypes,
ipPolicyValidRuleListID
Integer32,
ipPolicyValidRuleRuleID
Integer32,
ipPolicyValidRuleStatus
INTEGER,
ipPolicyValidRuleApplicabilityType
INTEGER,
ipPolicyValidRuleErrMsg
DisplayString
}
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
-- 1.3.6.1.4.1.81.36.11.2.1.1
ipPolicyValidRuleEntID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Id of the entity for which a set of rows applies. This index is
provided as a mean of distributing non-related information on
different entities such as physical modules. The module ID
(EntID number). "
::= { ipPolicyValidRuleEntry 1 }
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
-- 1.3.6.1.4.1.81.36.11.2.1.2
ipPolicyValidRuleIfIndex OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This variable should be made equal to the ifIndex of the interface
for which this entry is relevant"
::= { ipPolicyValidRuleEntry 2 }
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
-- 1.3.6.1.4.1.81.36.11.2.1.3
ipPolicyValidRuleSubContext OBJECT-TYPE
SYNTAX SubContextTypes
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The direction for which this list/rule should be validated:
ingress(1)- going into the interface, from the network
egress(2) - going out of the interface, towards the network"
::= { ipPolicyValidRuleEntry 3 }
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
-- 1.3.6.1.4.1.81.36.11.2.1.4
ipPolicyValidRuleListID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number representing the list from the ipPolicyList table that is
to be validated for this interface/direction pair."
::= { ipPolicyValidRuleEntry 4 }
-- 1.3.6.1.4.1.81.36.11.2.1.5
-- 1.3.6.1.4.1.81.36.11.2.1.5
-- 1.3.6.1.4.1.81.36.11.2.1.5
ipPolicyValidRuleRuleID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The rule ID from ipPolicyRuleTable, in theis list,
to be validated for this interface/direction pair."
::= { ipPolicyValidRuleEntry 5 }
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
-- 1.3.6.1.4.1.81.36.11.2.1.6
ipPolicyValidRuleStatus OBJECT-TYPE
SYNTAX INTEGER
{
applicable(1),
partiallyApplicable(2),
notApplicable(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Used to monitor if a rule is is currently applicable
or would be applicable (if the table becomes active).
In the context of a particular interface and direction,
on a particular policy entity.
The values returned for this MIB are not affected by the list status
active/inactive)
applicable - This rule is/would be applicable
partiallyApplicable - This rule is/would be applicable for some
packets/sessions but might not be applicable for other
packets/sessions
notApplicable - This rule is NOT/would NOT be applicable
unknown - Status is temporary unknown. This may be because the list
validation is inProgress. Querying this item triggeres list
validation if not already triggered."
::= { ipPolicyValidRuleEntry 6 }
-- 1.3.6.1.4.1.81.36.11.2.1.7
-- 1.3.6.1.4.1.81.36.11.2.1.7
-- 1.3.6.1.4.1.81.36.11.2.1.7
ipPolicyValidRuleApplicabilityType OBJECT-TYPE
SYNTAX INTEGER
{
static(1),
quasiStatic(2),
dynamic(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Used to monitor the ApplicabilityStatus of the rule in the context of
this list. The values returned for this MIB are not affected by the
list status (active/inactive)
static - The applicabilityStatus of this rule is guaranteed
regardless of the ApplicabilityPrecedence of this rule
or of other rules in the list.
quasiStatic - The applicability status of this rule is
guaranteed if no configuration changes are made,
BUT changes of ApplicabilityPrecedence of this rule or
other rules in this list may change the applicabilityStatus
of this rule.
dynamic - The applicabilityStatus of this rule can change
depending on network conditions (i.e. localization) or
other conditions such as (but not limited to) changes of
ApplicabilityPrecedence of this rule or other rules in
this list.
unknown - Status is temporary unknown. This may be because the
list validation is inProgress. Querying this item triggeres
list validation if not already triggered.
The values returned for this MIB are not affected by the list
status (active/inactive)"
::= { ipPolicyValidRuleEntry 7 }
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
-- 1.3.6.1.4.1.81.36.11.2.1.8
ipPolicyValidRuleErrMsg OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Free text describing the reason why the rule is not Applicable.
When rule is Applicable returns NULL string.
The values returned for this MIB are not affected by the list status
(active/inactive)"
::= { ipPolicyValidRuleEntry 8 }
-- 1.3.6.1.4.1.81.36.11.3
-- 1.3.6.1.4.1.81.36.11.3
-- 1.3.6.1.4.1.81.36.11.3
-- 1.3.6.1.4.1.81.36.11.3
ipPolicyValidDSCPTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyValidDSCPEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is a Read-Only table that describes
the applicability/validity status of a DSCP mapping
in a List in the context of interface/direction pair.
In essencse, this is ipPolicyDSCPmapTable
Devices which have no distinction between interfaces, will
use ifIndex 0."
::= { ipPolicyValidation 3 }
ipPolicyValidDSCPEntry OBJECT-TYPE
SYNTAX IpPolicyValidDSCPEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The information concerning an interface/direction pair"
INDEX { ipPolicyValidDSCPEntID, ipPolicyValidDSCPIfIndex, ipPolicyValidDSCPSubContext, ipPolicyValidDSCPListID, ipPolicyValidDSCPvalue
}
::= { ipPolicyValidDSCPTable 1 }
IpPolicyValidDSCPEntry ::=
SEQUENCE {
ipPolicyValidDSCPEntID
Integer32,
ipPolicyValidDSCPIfIndex
Integer32,
ipPolicyValidDSCPSubContext
SubContextTypes,
ipPolicyValidDSCPListID
Integer32,
ipPolicyValidDSCPvalue
Integer32,
ipPolicyValidDSCPStatus
INTEGER,
ipPolicyValidDSCPApplicabilityType
INTEGER,
ipPolicyValidDSCPErrMsg
DisplayString
}
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
-- 1.3.6.1.4.1.81.36.11.3.1.1
ipPolicyValidDSCPEntID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Id of the entity for which a set of rows applies. This index is
provided as a mean of distributing non-related information on
different entities such as physical modules. The module ID
(EntID number). "
::= { ipPolicyValidDSCPEntry 1 }
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
-- 1.3.6.1.4.1.81.36.11.3.1.2
ipPolicyValidDSCPIfIndex OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This variable should be made equal to the ifIndex of the interface
for which this entry is relevant"
::= { ipPolicyValidDSCPEntry 2 }
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
-- 1.3.6.1.4.1.81.36.11.3.1.3
ipPolicyValidDSCPSubContext OBJECT-TYPE
SYNTAX SubContextTypes
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The direction for which this list/rule should be validated:
ingress(1)- going into the interface, from the network
egress(2) - going out of the interface, towards the network"
::= { ipPolicyValidDSCPEntry 3 }
ipPolicyValidDSCPListID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number representing the list from the ipPolicyList table that is
to be validated for this interface/direction pair."
::= { ipPolicyValidDSCPEntry 4 }
ipPolicyValidDSCPvalue OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The DSCP value (from ipPolicyDSCPmapTable) in this list,
to be validated for this interface/direction pair."
::= { ipPolicyValidDSCPEntry 5 }
ipPolicyValidDSCPStatus OBJECT-TYPE
SYNTAX INTEGER
{
applicable(1),
partiallyApplicable(2),
notApplicable(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Used to monitor if a DSCP entry is currently applicable
or would be applicable (if the table becomes active).
In the context of a particular interface and direction,
on a particular policy entity.
The values returned for this MIB are not affected by the table status
active/inactive)
applicable - This entry is/would be applicable
partiallyApplicable - This entry is/would be applicable for some
packets/sessions but might not be applicable for other
packets/sessions
notApplicable - This entry is NOT/would NOT be applicable
unknown - Status is temporary unknown. This may be because the table
validation is inProgress. Querying this item triggeres table
validation if not already triggered."
::= { ipPolicyValidDSCPEntry 6 }
ipPolicyValidDSCPApplicabilityType OBJECT-TYPE
SYNTAX INTEGER
{
static(1),
quasiStatic(2),
dynamic(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Used to monitor the ApplicabilityStatus of the entry in the context of
this table. The values returned for this MIB are not affected by the
table status (active/inactive).
static - The applicabilityStatus of this entry is guaranteed
regardless of the ApplicabilityPrecedence of this entry
or of other entries in the list.
quasiStatic - The applicability status of this entry is
guaranteed if no configuration changes are made,
BUT changes of ApplicabilityPrecedence of this entry or
other entries in this table may change the
applicabilityStatus of this entry.
dynamic - The applicabilityStatus of this entry can change
depending on network conditions (i.e. localization) or
other conditions such as (but not limited to) changes of
ApplicabilityPrecedence of this entry or other entries
in this table.
unknown - Status is temporary unknown. This may be because the
table validation is inProgress. Querying this item triggeres
table validation if not already triggered.
The values returned for this MIB are not affected by the table
status (active/inactive)"
::= { ipPolicyValidDSCPEntry 7 }
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
-- 1.3.6.1.4.1.81.36.11.3.1.8
ipPolicyValidDSCPErrMsg OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Free text describing the reason why the entry is not Applicable.
When entry is Applicable returns NULL string.
The values returned for this MIB are not affected by the list status
(active/inactive)"
::= { ipPolicyValidDSCPEntry 8 }
-- 1.3.6.1.4.1.81.36.11.4
-- 1.3.6.1.4.1.81.36.11.4
-- 1.3.6.1.4.1.81.36.11.4
-- 1.3.6.1.4.1.81.36.11.4
ipPolicyValidEtherTypeRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPolicyValidEtherTypeRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is a Read-Only table that describes
the applicability/validity status of a rule in a List in the context
of interface/direction pair.
Devices which have no distinction between interfaces, will
use ifIndex 0."
::= { ipPolicyValidation 4 }
-- 1.3.6.1.4.1.81.36.11.4.1
-- 1.3.6.1.4.1.81.36.11.4.1
-- 1.3.6.1.4.1.81.36.11.4.1
-- 1.3.6.1.4.1.81.36.11.4.1
ipPolicyValidEtherTypeRuleEntry OBJECT-TYPE
SYNTAX IpPolicyValidEtherTypeRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The information concerning an interface/direction pair"
INDEX { ipPolicyValidRuleEntID, ipPolicyValidRuleIfIndex, ipPolicyValidRuleSubContext, ipPolicyValidRuleListID, ipPolicyValidRuleRuleID
}
::= { ipPolicyValidEtherTypeRuleTable 1 }
IpPolicyValidEtherTypeRuleEntry ::=
SEQUENCE {
ipPolicyValidEtherTypeRuleEntID
Integer32,
ipPolicyValidEtherTypeRuleIfIndex
Integer32,
ipPolicyValidEtherTypeRuleSubContext
SubContextTypes,
ipPolicyValidEtherTypeRuleListID
Integer32,
ipPolicyValidEtherTypeRuleRuleID
Integer32,
ipPolicyValidEtherTypeRuleStatus
INTEGER,
ipPolicyValidEtherTypeRuleApplicabilityType
INTEGER,
ipPolicyValidEtherTypeRuleErrMsg
DisplayString
}
-- 1.3.6.1.4.1.81.36.11.4.1.1
-- 1.3.6.1.4.1.81.36.11.4.1.1
-- 1.3.6.1.4.1.81.36.11.4.1.1
-- 1.3.6.1.4.1.81.36.11.4.1.1
ipPolicyValidEtherTypeRuleEntID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Id of the entity for which a set of rows applies. This index is
provided as a mean of distributing non-related information on
different entities such as physical modules. The module ID
(EntID number). "
::= { ipPolicyValidEtherTypeRuleEntry 1 }
-- 1.3.6.1.4.1.81.36.11.4.1.2
-- 1.3.6.1.4.1.81.36.11.4.1.2
-- 1.3.6.1.4.1.81.36.11.4.1.2
-- 1.3.6.1.4.1.81.36.11.4.1.2
ipPolicyValidEtherTypeRuleIfIndex OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This variable should be made equal to the ifIndex of the interface
for which this entry is relevant"
::= { ipPolicyValidEtherTypeRuleEntry 2 }
-- 1.3.6.1.4.1.81.36.11.4.1.3
-- 1.3.6.1.4.1.81.36.11.4.1.3
-- 1.3.6.1.4.1.81.36.11.4.1.3
-- 1.3.6.1.4.1.81.36.11.4.1.3
ipPolicyValidEtherTypeRuleSubContext OBJECT-TYPE
SYNTAX SubContextTypes
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The direction for which this list/rule should be validated:
ingress(1)- going into the interface, from the network
egress(2) - going out of the interface, towards the network"
::= { ipPolicyValidEtherTypeRuleEntry 3 }
-- 1.3.6.1.4.1.81.36.11.4.1.4
ipPolicyValidEtherTypeRuleListID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number representing the list from the ipPolicyList table that is
to be validated for this interface/direction pair."
::= { ipPolicyValidEtherTypeRuleEntry 4 }
-- 1.3.6.1.4.1.81.36.11.4.1.5
ipPolicyValidEtherTypeRuleRuleID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The rule ID from etherTypeRuleTable, in theis list, to be validated for this interface/direction pair."
::= { ipPolicyValidEtherTypeRuleEntry 5 }
-- 1.3.6.1.4.1.81.36.11.4.1.6
-- 1.3.6.1.4.1.81.36.11.4.1.6
-- 1.3.6.1.4.1.81.36.11.4.1.6
-- 1.3.6.1.4.1.81.36.11.4.1.6
ipPolicyValidEtherTypeRuleStatus OBJECT-TYPE
SYNTAX INTEGER
{
applicable(1),
partiallyApplicable(2),
notApplicable(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Used to monitor if a rule is is currently applicable
or would be applicable (if the table becomes active).
In the context of a particular interface and direction,
on a particular policy entity.
The values returned for this MIB are not affected by the list status
active/inactive)
applicable - This rule is/would be applicable
partiallyApplicable - This rule is/would be applicable for some
packets/sessions but might not be applicable for other
packets/sessions
notApplicable - This rule is NOT/would NOT be applicable
unknown - Status is temporary unknown. This may be because the list
validation is inProgress. Querying this item triggeres list
validation if not already triggered."
::= { ipPolicyValidEtherTypeRuleEntry 6 }
-- 1.3.6.1.4.1.81.36.11.4.1.7
-- 1.3.6.1.4.1.81.36.11.4.1.7
-- 1.3.6.1.4.1.81.36.11.4.1.7
-- 1.3.6.1.4.1.81.36.11.4.1.7
ipPolicyValidEtherTypeRuleApplicabilityType OBJECT-TYPE
SYNTAX INTEGER
{
static(1),
quasiStatic(2),
dynamic(3),
unknown(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Used to monitor the ApplicabilityStatus of the rule in the context of
this list. The values returned for this MIB are not affected by the
list status (active/inactive)
static - The applicabilityStatus of this rule is guaranteed
regardless of the ApplicabilityPrecedence of this rule
or of other rules in the list.
quasiStatic - The applicability status of this rule is
guaranteed if no configuration changes are made,
BUT changes of ApplicabilityPrecedence of this rule or
other rules in this list may change the applicabilityStatus
of this rule.
dynamic - The applicabilityStatus of this rule can change
depending on network conditions (i.e. localization) or
other conditions such as (but not limited to) changes of
ApplicabilityPrecedence of this rule or other rules in
this list.
unknown - Status is temporary unknown. This may be because the
list validation is inProgress. Querying this item triggeres
list validation if not already triggered.
The values returned for this MIB are not affected by the list
status (active/inactive)"
::= { ipPolicyValidEtherTypeRuleEntry 7 }
-- 1.3.6.1.4.1.81.36.11.4.1.8
-- 1.3.6.1.4.1.81.36.11.4.1.8
-- 1.3.6.1.4.1.81.36.11.4.1.8
-- 1.3.6.1.4.1.81.36.11.4.1.8
ipPolicyValidEtherTypeRuleErrMsg OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..80))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Free text describing the reason why the rule is not Applicable.
When rule is Applicable returns NULL string.
The values returned for this MIB are not affected by the list status
(active/inactive)"
::= { ipPolicyValidEtherTypeRuleEntry 8 }
etherTypeRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtherTypeRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to add/delete/modify/monitor individual
ether type policy rules in a policy list."
::= { ipPolicyMgmt 12 }
etherTypeRuleEntry OBJECT-TYPE
SYNTAX EtherTypeRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Controls all the conditional fields and its parameters for
a policy rule."
INDEX { ipPolicyEtherTypeRuleSlot, ipPolicyEtherTypeRuleListID, ipPolicyEtherTypeRuleID }
::= { etherTypeRuleTable 1 }
EtherTypeRuleEntry ::=
SEQUENCE {
ipPolicyEtherTypeRuleSlot
Integer32,
ipPolicyEtherTypeRuleListID
Integer32,
ipPolicyEtherTypeRuleID
INTEGER,
ipPolicyEtherTypeRuleEtherType
Integer32,
ipPolicyEtherTypeRuleTrafficType
INTEGER,
ipPolicyEtherTypeRuleOperation
INTEGER,
ipPolicyEtherTypeRowStatus
RowStatus
}
ipPolicyEtherTypeRuleSlot OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The EntID-id (AKA module-id / box number) to which this ether type rule relates"
::= { etherTypeRuleEntry 1 }
ipPolicyEtherTypeRuleListID OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The ID of the list this ether type rule is part of.
Derived from list range. See ipPolicyListID MIB."
::= { etherTypeRuleEntry 2 }
ipPolicyEtherTypeRuleID OBJECT-TYPE
SYNTAX INTEGER (1..1000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of ether type rule within its list. Each list may contain many rule.
Lists work in a First Match manner.
A rule with a lower ID would be preferred over a rule with a higher ID."
::= { etherTypeRuleEntry 3 }
ipPolicyEtherTypeRuleEtherType OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Packet's ether type.
IP protocol (2048 - 0x800) is not allowed."
::= { etherTypeRuleEntry 4 }
ipPolicyEtherTypeRuleTrafficType OBJECT-TYPE
SYNTAX INTEGER
{
all(1),
broadcasts(2),
multicasts(3),
broadcasts-and-multicasts(4),
unicast(5)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Match packets based on either broadcast, multicast, both or all packets."
DEFVAL { all }
::= { etherTypeRuleEntry 5 }
ipPolicyEtherTypeRuleOperation OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2),
deny-and-notify(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The operation that should be applied to a packet in case the packet matches the rule.
This field points to the appropriate ipPolicyCompositeOpID in ipPolicyCompositeOpTable."
DEFVAL { permit }
::= { etherTypeRuleEntry 6 }
ipPolicyEtherTypeRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for creation/deletion of a list and for monitoring list status.
Use CreateAndWait (5) to create a list.
Destroy (6) to destroy a list. The active list can NOT
be destroyed. Destroying a list automatically removes all
the rules in this list.
active (1) is returned when a list is the active list
NotInService is returned when the list is not the active list"
::= { etherTypeRuleEntry 7 }
etherTypePolicyQueryTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtherTypePolicyQueryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to query the policy application for different
types of ehter type information. The first use is to query about the operation
that would be applied to a given packet.
This table can be used by a managment application to supply the user
an interactive dialog for looking ahead at the outcomes of the policy
defined"
::= { ipPolicyMgmt 13 }
etherTypePolicyQueryEntry OBJECT-TYPE
SYNTAX EtherTypePolicyQueryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry relates to one EntID (AKA module / box) in the stack"
INDEX { etherTypePolicyQuerySlot }
::= { etherTypePolicyQueryTable 1 }
EtherTypePolicyQueryEntry ::=
SEQUENCE {
etherTypePolicyQuerySlot
Integer32,
etherTypePolicyQueryListID
INTEGER,
etherTypePolicyQueryIfIndex
Integer32,
etherTypePolicyQuerySubContext
SubContextTypes,
etherTypePolicyQueryType
Integer32,
etherTypePolicyQueryTrafficType
INTEGER,
etherTypePolicyQueryOperation
INTEGER,
etherTypePolicyQueryRuleID
INTEGER
}
etherTypePolicyQuerySlot OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The EntID-id (AKA module-id / box number) to which this rule relates"
::= { etherTypePolicyQueryEntry 1 }
etherTypePolicyQueryListID OBJECT-TYPE
SYNTAX INTEGER (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The ID of the list used to check the simulated packet."
::= { etherTypePolicyQueryEntry 2 }
etherTypePolicyQueryIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This variable should be made equal to the ifIndex of the interface
for which this query should be resolved.
The value of 0 means the context of the first entry in the
ipPolicyActivationTable for this SlotID."
DEFVAL { 0 }
::= { etherTypePolicyQueryEntry 3 }
etherTypePolicyQuerySubContext OBJECT-TYPE
SYNTAX SubContextTypes
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The direction for which this query should be resolved:
ingress(1)- going into the interface, from the network
egress(2) - going out of the interface, towards the network"
DEFVAL { ingress }
::= { etherTypePolicyQueryEntry 4 }
etherTypePolicyQueryType OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Simulated packet ether type.
IP protocol (2048 = 0x800) is not allowed."
::= { etherTypePolicyQueryEntry 5 }
etherTypePolicyQueryTrafficType OBJECT-TYPE
SYNTAX INTEGER
{
unicast(1),
broadcasts(2),
multicasts(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Simulated packet ether type traffic type."
::= { etherTypePolicyQueryEntry 6 }
etherTypePolicyQueryOperation OBJECT-TYPE
SYNTAX INTEGER (1..1000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The operation that would be applied to the simulated packet.
This field points to the appropriate ipPolicyCompositeOpID in ipPolicyCompositeOpTable.
The following read-only rows are always defined in ipPolicyCompositeOpTable:
1. permit
2. deny
3. deny-and-notify"
::= { etherTypePolicyQueryEntry 7 }
etherTypePolicyQueryRuleID OBJECT-TYPE
SYNTAX INTEGER (0..10000)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"ID of the rule of the list that resulted in the query.
A value of 0 means that result of the ipEtherTypePolicyListDefaultOperation 10000 should be returned in case of an error, where this query can't be processed."
::= { etherTypePolicyQueryEntry 8 }
END
--
-- POLICY-MIB.my
--
View Git Blame Copy Permalink