WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/bintec/BINTEC-IPEXT-MIB

5505 lines
183 KiB
Plaintext
Raw Blame History

-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00
---------------------------------------------------------------------------
-- (C)opyright 2011-2014 bintec elmeg GmbH
-- $RCSfile: mib-ipext,v $
-- $Revision: 1.18 $
-- $Date: 2014-02-07 10:37:49 $
-- Author: awimmer
---------------------------------------------------------------------------
BINTEC-IPEXT-MIB DEFINITIONS ::= BEGIN
IMPORTS
enterprises
FROM RFC1155-SMI
IpAddress, enterprises
FROM RFC1155-SMI
MacAddress, DisplayString, TimeStamp, TruthValue
FROM SNMPv2-TC
biboip, Date, BitValue
FROM BINTEC-MIB
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Counter64, TimeTicks
FROM SNMPv2-SMI
TRAP-TYPE
FROM RFC-1215
TruthValue
FROM SNMPv2-TC
ifIndex
FROM IF-MIB
OBJECT-TYPE
FROM RFC-1212
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
InetAddressType, InetAddress
FROM INET-ADDRESS-MIB;
ipExtMIB MODULE-IDENTITY
LAST-UPDATED "201310090000Z"
ORGANIZATION "bintec elmeg GmbH"
CONTACT-INFO
"EMail: info@bintec-elmeg.com
Web: www.bintec-elmeg.com
"
DESCRIPTION
"The MIB module for IP extended configuration and status."
REVISION "201101250000Z"
DESCRIPTION
"Vendor specific Management Information for the IP subsystem."
::= { biboip 250 }
-- IP Group
-- Management Information for the IP Subsystem
-- old access list tables, don't reuse these OIDs
-- ipAllowTable OBJECT-TYPE ::= { biboip 1 }
-- ipDenyTable OBJECT-TYPE ::= { biboip 2 }
-- **********************************************************************
-- * ipExtIfTable TABLE
-- **********************************************************************
ipExtIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpExtIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ipExtIfTable contains extended information related to
IP and the interfaces found on the system. Entries can only
be added or deleted by the system."
::= { biboip 3 }
ipExtIfEntry OBJECT-TYPE
SYNTAX IpExtIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX { ipExtIfIndex }
::= { ipExtIfTable 1 }
IpExtIfEntry ::=
SEQUENCE {
ipExtIfIndex INTEGER,
ipExtIfRipSend INTEGER,
ipExtIfRipReceive INTEGER,
ipExtIfProxyArp INTEGER,
ipExtIfNat INTEGER,
ipExtIfNatRmvFin INTEGER,
ipExtIfNatTcpTimeout INTEGER,
ipExtIfNatOtherTimeout INTEGER,
ipExtIfNatOutXlat INTEGER,
ipExtIfAccounting INTEGER,
ipExtIfTcpSpoofing INTEGER,
ipExtIfAccessAction INTEGER,
ipExtIfAccessReport INTEGER,
ipExtIfOspf INTEGER,
ipExtIfOspfMetric INTEGER,
ipExtIfTcpCksum INTEGER,
ipExtIfBackRtVerify INTEGER,
ipExtIfRuleIndex INTEGER,
ipExtIfAuthentication INTEGER,
ipExtIfAuthMode INTEGER,
ipExtIfAuthLifeTime INTEGER,
ipExtIfAuthKeepalive INTEGER,
ipExtIfRouteAnnounce INTEGER,
ipExtIfIpFragmentation INTEGER,
ipExtIfRerouting INTEGER,
ipExtIfBodRuleIndex INTEGER,
ipExtIfQosRuleIndex INTEGER,
ipExtIfIpsecAccounting INTEGER,
ipExtIfMulticast INTEGER,
ipExtIfNatSilentDeny INTEGER,
-- ipExtIfNetMeetingTunnel INTEGER
ipExtIfNatPPTPXlat INTEGER,
ipExtIfTcpMssClamping INTEGER,
ipExtIfNbdgmRelayAddress IpAddress,
ipExtIfNatMaxSessions INTEGER,
ipExtIfAllowedPeers INTEGER,
ipExtIfNatFlush INTEGER,
ipExtIfHttpRedirect INTEGER,
ipExtIfWolRuleIndex INTEGER
}
ipExtIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Unique interface index"
::= { ipExtIfEntry 1 }
ipExtIfRipSend OBJECT-TYPE
SYNTAX INTEGER {
ripV1 (1), -- send RIP V1 messages
ripV2 (2), -- send RIP V2 messages
both(3), -- send RIP V1 and RIP V2 messages
none(4), -- don't send RIP messages
ripV2mcast(5), -- send RIP V2 messages as multicast
ripV1trig(6), -- send Triggered RIP V1 messages (RFC 2091)
ripV2trig(7) -- send Triggered RIP V2 messages (RFC 2091)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"specifies which versions of RIP messages are sent
to that interface. Usually RIP messages are sent as
broadcast, except this object is set to ripV2mcast. In
this case RIP V2 messages are sent to the multicast
address 224.0.0.9 ."
DEFVAL { none }
::= { ipExtIfEntry 3 }
ipExtIfRipReceive OBJECT-TYPE
SYNTAX INTEGER {
ripV1 (1), -- accept only RIP V1 messages
ripV2 (2), -- accept only RIP V2 messages
both(3), -- accept RIP V1 and RIP V2 messages
none(4), -- don't accept any RIP messages
ripV1trig(5), -- accept only Triggered RIP V1 msg's(RFC 2091)
ripV2trig(6) -- accept only Triggered RIP V2 msg's(RFC 2091)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"specifies which versions of RIP messages are accepted
from that interface. RIP V2 messages are received
regardless if they are sent as broadcast or multicast."
DEFVAL { none }
::= { ipExtIfEntry 4 }
ipExtIfProxyArp OBJECT-TYPE
SYNTAX INTEGER {
off(1), -- proxy arp switched off
on(2), -- if operational status of the destination
-- interface is up or dormant
up-only(3) -- if operational status of the destination
-- interface is up
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Switch for Proxy ARP on this interface."
DEFVAL { off }
::= { ipExtIfEntry 5 }
ipExtIfNat OBJECT-TYPE
SYNTAX INTEGER {
off(1),
on(2),
reverse(3),
loopback(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object can be used to switch NAT on and off for
a specific interface.
"
DEFVAL { off }
::= { ipExtIfEntry 6 }
ipExtIfNatRmvFin OBJECT-TYPE
SYNTAX INTEGER {
no(1),
yes(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies, whether entries in the IpNatTable
shall be removed, when TCP-FINS have been received and
acknowledged in both directions, a TCP-RST has been received
or a ICMP-ERROR message has been received for the entry."
DEFVAL { yes }
::= { ipExtIfEntry 7 }
ipExtIfNatTcpTimeout OBJECT-TYPE
SYNTAX INTEGER (0..5184000)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"TCP NAT entries vanish unconditionally after not being
used for the amount of time specified by this object
in seconds."
DEFVAL { 3600 }
::= { ipExtIfEntry 8 }
ipExtIfNatOtherTimeout OBJECT-TYPE
SYNTAX INTEGER (0..5184000)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Non-TCP NAT entries vanish unconditionally after not being
used for the amount of time specified by this object
in seconds."
DEFVAL { 15 }
::= { ipExtIfEntry 9 }
ipExtIfNatOutXlat OBJECT-TYPE
SYNTAX INTEGER { on(1), off(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object can be used to switch the outgoing address
translation off. Then, all addresses are passed instead
of being translated. The session mechanism remains
active and implements a security mechanism.
"
DEFVAL { on }
::= { ipExtIfEntry 10 }
ipExtIfAccounting OBJECT-TYPE
SYNTAX INTEGER {
off(1),
on(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Switch for accounting on the specified interface. An IP
packet is being accounted, when this object is set to
on for either the source or the destination interface."
DEFVAL { off }
::= { ipExtIfEntry 11 }
ipExtIfTcpSpoofing OBJECT-TYPE
SYNTAX INTEGER {
off(1),
on(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Switch for TCP spoofing on this interface. TCP keepalive
polls are answered by the BRICK to prevent unnecessary
ISDN connections. Set this object to on for ISDN
dialup interfaces."
DEFVAL { off }
::= { ipExtIfEntry 12 }
ipExtIfAccessAction OBJECT-TYPE
SYNTAX INTEGER { ignore(1), refuse(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes the action, that is done,
when a packet received from the interface has been
filtered out. When set to ignore, no action takes
place. When set to refuse, an ICMP unreachable message
is being sent to the originator of the packet."
DEFVAL { ignore }
::= { ipExtIfEntry 13 }
ipExtIfAccessReport OBJECT-TYPE
SYNTAX INTEGER { none(1), info(2), dump(3) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies, how a packed filtered by accesslists
should be logged. When set to none, no logging takes place.
When set to info, protocol, ip-addresses and portnumbers
are logged. When set to dump, a dump of the first 64 bytes
of the packet will be written to the syslog table."
DEFVAL { info }
::= { ipExtIfEntry 14 }
ipExtIfOspf OBJECT-TYPE
SYNTAX INTEGER { passive(1), active(2), off(3) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configure the OSPF status of this interface. Routing
information about routes on passive and active interfaces is
propagated on active interfaces. Only active interfaces run
the OSPF protocol. When set to off the interface and its
associated routes are invisible to the OSPF protocol."
DEFVAL { passive }
::= { ipExtIfEntry 15 }
ipExtIfOspfMetric OBJECT-TYPE
SYNTAX INTEGER { auto(1), -- based on ifSpeed
fixed(2), -- user configured
auto-adjust(3), -- auto + metric adjustment
fixed-adjust(4) -- fixed + metric adjustment
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configure the metric calculation of OSPF interfaces. If set
to auto the metric is calculated based on ifSpeed. If set
to fixed the metric is taken from the ospfIfMetricTable.
Additionaly the metric adjustment for dialup interfaces
can be configured. If set to auto-adjust or fixed-adjust
the basic metric value is reduced if the operational status
of the dialup interface is up."
DEFVAL { auto }
::= { ipExtIfEntry 16 }
ipExtIfTcpCksum OBJECT-TYPE
SYNTAX INTEGER { check(1), dont-check(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable or disable the TCP checksum check for local packets
received on the corresponding interface. Disabling the check
may improve performance for some local applications (i.e.
remote CAPI). This object should only be set to dont-check
on interfaces for LANs without further routers. Packets
received from routers may have a corrupted TCP checksum
and TCP will no longer be able to detect those packets. The
TCP checksum must be checked by the receiving TCP under any
circumstances, when TCP header compression is used on any
router."
DEFVAL { check }
::= { ipExtIfEntry 17 }
ipExtIfBackRtVerify OBJECT-TYPE
SYNTAX INTEGER { off(1), on(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object activates an additional check for incoming
packets. If set to on, incoming packets are only accepted
if return packets sent back to their source IP address
would be sent over the same interface. This prevents
packets being passed from untrusted interfaces to this
interface."
DEFVAL { off }
::= { ipExtIfEntry 18 }
ipExtIfRuleIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the index of the first access rule
that is applied for incoming packets. If set to 0 or if
there is no access rule with this index no access rules
are applied for this interface."
DEFVAL { 0 }
::= { ipExtIfEntry 19 }
ipExtIfAuthentication OBJECT-TYPE
SYNTAX INTEGER { off(1), securID(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the authentication scheme used for
incoming packets."
DEFVAL { off }
::= { ipExtIfEntry 20 }
ipExtIfAuthMode OBJECT-TYPE
SYNTAX INTEGER { strict(1), loose(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the authentication mode. If set to strict
each source IP address must be authenticated. If set to
loose all source IP addresses are allowed if at least one
IP address is successfully authenticated."
DEFVAL { strict }
::= { ipExtIfEntry 21 }
ipExtIfAuthLifeTime OBJECT-TYPE
SYNTAX INTEGER (180..36000)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the time in seconds a successful
authentication is valid since the IP partner was
authenticated."
DEFVAL { 3600 }
::= { ipExtIfEntry 22 }
ipExtIfAuthKeepalive OBJECT-TYPE
SYNTAX INTEGER
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the period between short authentications
that are invisible to the user"
DEFVAL { 60 }
::= { ipExtIfEntry 23 }
ipExtIfRouteAnnounce OBJECT-TYPE
SYNTAX INTEGER { up-only(1), up-dormant(2), always(3) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the condition when routes on this
interface are propagated by routing protocols.
If set to up-only routes are only propagated
if the operational status of the interface is up. If set
to up-dormant routes are propagated if the status is
up or dormant. If set to always routes are propagated
independent of the operational status."
DEFVAL { up-dormant }
::= { ipExtIfEntry 24 }
ipExtIfIpFragmentation OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2),
equal(3),
reverse(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines different modes used for fragmentation
of IP datagrams greater than the MTU of the destination
interface. If set to enabled (1) each IP datagram will be
splitted into a first fragment MTU sized and the last one
smaller than the first. If set to disabled (2) an ICMP
unreachable message will be performed. The equal (3) mode
defines a fragmentation technique wich generates fragments
having approximately the same size whereon the reverse (4)
mode starts with a small fragment followed by MTU sized
fragment(s)."
DEFVAL { enabled }
::= { ipExtIfEntry 25 }
ipExtIfRerouting OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object enables or disables rerouting on this interface.
The default value is enabled. If set to disabled, then only
the better one route from two or more possible routes is
chosen, even if the ifOperStatus of the interface for this
route is dormant."
DEFVAL { enabled }
::= { ipExtIfEntry 26 }
ipExtIfBodRuleIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the index of the first rule used for
Bandwidth on Demand (BOD) that is applied for incoming and/or
outgoing traffic. If set to 0 or if there is no entry in
the ipBodRuleTable with this index no BOD-specific information
is applied for this interface."
DEFVAL { 0 }
::= { ipExtIfEntry 27 }
ipExtIfQosRuleIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the index of the first rule used for
Qos (Qualtiy of Service) rules applied for IP traffic.
If set to 0 or if there is no entry in the ipQoSTable with
this index no QoS-specific information is applied for this
interface."
DEFVAL { 0 }
::= { ipExtIfEntry 28 }
ipExtIfIpsecAccounting OBJECT-TYPE
SYNTAX INTEGER {
ipsec(1),
clear(2),
both(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object determines, whether packets which are en- or
decapsulated by IPSec should be accounted with encapsulation
header(ipsec) or without the encapsulation header (clear),
or even twice (both)."
DEFVAL { ipsec }
::= { ipExtIfEntry 29 }
ipExtIfMulticast OBJECT-TYPE
SYNTAX INTEGER {
off(1),
on(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable that multicast frames are accepted
from that interface."
DEFVAL { off }
::= { ipExtIfEntry 30 }
ipExtIfNatSilentDeny OBJECT-TYPE
SYNTAX INTEGER {
disabled(1),
enabled(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies - if NAT is enabled (see ipExtIfNat) -
whether incoming IP packets not passed by the NAT barrier
should answered with an ICMP Host Unreachable or TCP RST
message addressed to to packet originator. If set to
enabled(2), such incoming IP packets will be silently
discarded."
DEFVAL { disabled }
::= { ipExtIfEntry 31 }
-- ipExtIfNetMeetingTunnel OBJECT-TYPE
-- SYNTAX INTEGER {
-- off(1),
-- on(2)
-- }
-- MAX-ACCESS read-write
-- STATUS current
-- DESCRIPTION
-- "This object controls the replacement of ip address
-- information exchanged by two NetMeeting clients
-- if NAT is enabled on this interface."
-- DEFVAL { off }
-- ::= { ipExtIfEntry 32 }
ipExtIfNatPPTPXlat OBJECT-TYPE
SYNTAX INTEGER {
disabled(1),
enabled(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies - if NAT is enabled (see ipExtIfNat) -
whether PPTP (point to point protocol) connections are
translated. This is needed if there are more than one
PPTP client behind NAT."
DEFVAL { disabled }
::= { ipExtIfEntry 33 }
ipExtIfTcpMssClamping OBJECT-TYPE
SYNTAX INTEGER (-1..32000)
UNITS "bytes"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether TCP MSS clamping is enabled
on the interface. -1 disables clamping, 0 clamps the MSS
depending on the interface MTU. A value > 0 will be used
as clamping size."
DEFVAL { -1 }
::= { ipExtIfEntry 34 }
ipExtIfNbdgmRelayAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object contains the destination IP address
to which Netbios Datagram request are forwarded by the
router."
::= { ipExtIfEntry 35 }
ipExtIfNatMaxSessions OBJECT-TYPE
SYNTAX INTEGER(1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object limits the maximum number of NAT sessions
on a interface."
DEFVAL { 4000 }
::= { ipExtIfEntry 36 }
ipExtIfAllowedPeers OBJECT-TYPE
SYNTAX INTEGER {
all(1),
dhcpclients(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If this object is set to 'dhcpclients', the router refuses
to exchange data with hosts which are not DHCP clients
on this interface. If this object is set to 'all',
the router accepts to exchange data with any host."
DEFVAL { all }
::= { ipExtIfEntry 37 }
ipExtIfNatFlush OBJECT-TYPE
SYNTAX INTEGER { off(1), on(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If this object in enabled NAT-Flushing is done else not.
NAT-Flushing means that the NAT Entries for this interface
will be deleted in the case of an OperStatus change to down or
dormant."
DEFVAL { on }
::= { ipExtIfEntry 38 }
ipExtIfHttpRedirect OBJECT-TYPE
SYNTAX INTEGER { disabled(1), local(2), proxy(3) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If not set to 'disabled' all HTTP requests on this interface
will be directed either to the local HTTP daemon or HTTP proxy."
DEFVAL { disabled }
::= { ipExtIfEntry 39 }
ipExtIfWolRuleIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the index of the first rule used for
Wake-On-LAN (WOL) that is applied for incoming and/or
outgoing traffic. If set to 0 or if there is no entry in
the ipWolRuleTable with this index no WOL-specific information
is applied for this interface."
DEFVAL { 0 }
::= { ipExtIfEntry 40 }
-- **********************************************************************
-- * ipLfiTable TABLE
-- **********************************************************************
ipLfiTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpLfiEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"."
::= { biboip 57 }
ipLfiEntry OBJECT-TYPE
SYNTAX IpLfiEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX { ipLfiIfIndex }
::= { ipLfiTable 1 }
IpLfiEntry ::=
SEQUENCE {
ipLfiIfIndex INTEGER,
ipLfiMode INTEGER,
ipLfiMaxFragSize INTEGER,
ipLfiMinFragSize INTEGER,
ipLfiCurrVoipCalls INTEGER
}
ipLfiIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the associated interface."
::= { ipLfiEntry 1 }
ipLfiMode OBJECT-TYPE
SYNTAX INTEGER {
enabled (1),
disabled (2),
delete (3),
controlled-only (4),
always (5)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object enables Link Framentation and Interleave (LFI)
mode on the associated interface."
DEFVAL { enabled }
::= { ipLfiEntry 2 }
ipLfiMaxFragSize OBJECT-TYPE
SYNTAX INTEGER
UNITS "bytes"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the current maximum fragment size used
for Link Fragmentation and Interleave (LFI) mode on the
associated interface."
::= { ipLfiEntry 10 }
ipLfiMinFragSize OBJECT-TYPE
SYNTAX INTEGER
UNITS "bytes"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the current minimum fragment size used
for Link Fragmentation and Interleave (LFI) mode on the
associated interface."
::= { ipLfiEntry 11 }
ipLfiCurrVoipCalls OBJECT-TYPE
SYNTAX INTEGER (0..64)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The current number of VoIP Calls routed via the associated
interface."
::= { ipLfiEntry 12 }
-- **********************************************************************
-- * ipExtRtTable TABLE
-- **********************************************************************
ipExtRtTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpExtRtEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ipExtRtTable can be used in addition (not instead of)
to the ipRouteTable to specify routing of IP datagrams.
The selection of datagram-types is more specific with
the ipExtRtTable, so routing of different services over
different pathes is possible. The specification of local
IP-addresses is not possible in the ipExtRtTable.
The ipExtRtTable will be searched before the ipRouteTable.
If a matching entry is found, it will be taken for routing
and no further lookup in the ipRouteTable will happen."
::= { biboip 4 }
ipExtRtEntry OBJECT-TYPE
SYNTAX IpExtRtEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the ipExtRtTable describes a set of IP
datagrams and the destination interface for that set.
Metric parameters allow for ordering of the different
specifications for overlapping sets."
INDEX { ipExtRtProtocol }
::= { ipExtRtTable 1 }
IpExtRtEntry ::=
SEQUENCE {
ipExtRtProtocol INTEGER,
ipExtRtSrcIfIndex INTEGER,
ipExtRtSrcAddr IpAddress,
ipExtRtSrcMask IpAddress,
ipExtRtSrcPort INTEGER,
ipExtRtSrcPortRange INTEGER,
ipExtRtDstAddr IpAddress,
ipExtRtDstMask IpAddress,
ipExtRtDstPort INTEGER,
ipExtRtDstPortRange INTEGER,
ipExtRtTos INTEGER,
ipExtRtTosMask INTEGER,
ipExtRtDstIfMode INTEGER,
ipExtRtDstIfIndex INTEGER,
ipExtRtNextHop IpAddress,
ipExtRtType INTEGER,
ipExtRtMetric1 INTEGER,
ipExtRtMetric2 INTEGER,
ipExtRtMetric3 INTEGER,
ipExtRtMetric4 INTEGER,
ipExtRtMetric5 INTEGER,
ipExtRtProto INTEGER,
ipExtRtAge TimeTicks,
ipExtRtDescription DisplayString
}
ipExtRtProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ggp(3),
tcp(6),
egp(8),
pup(12),
udp(17),
hmp(20),
xns-idp(22),
rdp(27),
rsvp(46),
ipv6(41),
gre(47),
esp(50),
ah(51),
igrp(88),
ospf(89),
pim(103),
l2tp(115),
dont-verify(256)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the value of the protocolfield in
the ip header for all IP-datagrams belonging to the set.
If this object is set to dont-verify, the value of the
protocol field is not specified and can take any value."
DEFVAL { dont-verify }
::= { ipExtRtEntry 1 }
ipExtRtSrcIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the source index of the IP-datagrams.
If this object has a value other than 0, only datagrams
received over the interface with the appropriate interface
index are considered to be part of the set. If this object
is set to 0, the source interface index for the datagrams
belonging to the set is not specified."
::= { ipExtRtEntry 2 }
ipExtRtSrcAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtSrcMask the
range of the source-addresses of the IP-datagrams belonging
to the set. If both objects are set to 0.0.0.0 the source-
addresses for the datagrams in the set is not specified
and can take any value."
::= { ipExtRtEntry 3 }
ipExtRtSrcMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtSrcAddr the
range of the source-addresses of the IP-datagrams belonging
to the set. If both objects are set to 0.0.0.0 the source-
addresses for the datagrams in the set is not specified
and can take any value."
::= { ipExtRtEntry 4 }
ipExtRtSrcPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtSrcPortRange the
range of source portnumbers of the IP-datagrams belonging to
the set. All portnumbers between and including the two
objects are within the range.
If both objects are the to -1, the value of the source
portnumber is not specified and can take any value."
DEFVAL { -1 }
::= { ipExtRtEntry 5 }
ipExtRtSrcPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtSrcPort the
range of source portnumbers of the IP-datagrams belonging to
the set. All portnumbers between and including the two
objects are within the range.
If both objects are the to -1, the value of the source
portnumber is not specified and can take any value."
DEFVAL { -1 }
::= { ipExtRtEntry 6 }
ipExtRtDstAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtDstMask the
range of the target-addresses of the IP-datagrams belonging
to the set. If both objects are set to 0.0.0.0 the target-
addresses for the datagrams in the set is not specified
and can take any value."
::= { ipExtRtEntry 7 }
ipExtRtDstMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtDstAddr the
range of the target-addresses of the IP-datagrams belonging
to the set. If both objects are set to 0.0.0.0 the target-
addresses for the datagrams in the set is not specified
and can take any value."
::= { ipExtRtEntry 8 }
ipExtRtDstPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtDstPortRange the
range of target-portnumbers of the IP-datagrams belonging to
the set. All portnumbers between and including the two
objects are within the range.
If both objects are the to -1, the value of the target
portnumber is not specified and can take any value."
DEFVAL { -1 }
::= { ipExtRtEntry 9 }
ipExtRtDstPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtDstPort the
range of target-portnumbers of the IP-datagrams belonging to
the set. All portnumbers between and including the two
objects are within the range.
If both objects are the to -1, the value of the target
portnumber is not specified and can take any value."
DEFVAL { -1 }
::= { ipExtRtEntry 10 }
ipExtRtTos OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtTosMask the
range of the Type of Service field (TOS) in the IP-header
of the IP-datagrams belonging to the set. A TOS value is
considered within the range, when the following equation
is valid:
(tos & ipExtRtTosMask) == (ipExtRtTos & ipExtRtTosMask)
If both objects are set to 0 the TOS value of the datagrams
in the set is not specified and can take any value."
::= { ipExtRtEntry 11 }
ipExtRtTosMask OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipExtRtTos the
range of the Type of Service field (TOS) in the IP-header
of the IP-datagrams belonging to the set. A TOS value is
considered within the range, when the following equation
is valid:
(tos & ipExtRtTosMask) == (ipExtRtTos & ipExtRtTosMask)
If both objects are set to 0 the TOS value of the datagrams
in the set is not specified and can take any value."
::= { ipExtRtEntry 12 }
ipExtRtDstIfMode OBJECT-TYPE
SYNTAX INTEGER {
dialup-wait(1),
dialup-continue(2),
up-only(3),
always(4) ,
dialup-always(5)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes different behavior depending on the
ifOperStatus of the destination interface:
dialup-wait:
The route matches, when the ifOperStatus of the
destination interface is either up or dormant.
If the status is dormant, the ifAdminStatus is
set to dialup to bring the interface to the up
state. The datagram will wait until the ifOperStatus
reaches the up state.
For all other states, the routing tables will be
searched for a different matching entry.
dialup-continue:
The route matches, if the ifOperStatus of the
destination interface is up. For all other states,
the routing tables are searched for different matching
entry. However, if the ifOperStatus was dormant and
no other extendend route (with different DstIfMode or
established link) is matching, the ifAdminStatus will
be set to dialup to bring the interface to the up state.
This setting can be used to establish a better
path for a specific service and to use an existing
path for that service as long as the better path
could not be established.
up-only:
The route matches, if the ifOperStatus of the
destination interface is up. For all other states,
the routing tables are searched for different matching
entry.
always:
The route matches independantly of the ifOperStatus
of the destination interface. If it is up, the
interface is used. If the state is dormant,
ifAdminStatus is set to dialup to bring the interface
in the up state. For all other states, the destination
is considered unreachable.
dialup-always:
Same as dialup-wait(1), however, if the ifOperStatus
was dormant, the ifAdminStatus will be set to dialup
to bring the interface to the up state if the value
of ipExtRtMetric1 is the lowest of all matching routes
in this table.
"
DEFVAL { dialup-wait }
::= { ipExtRtEntry 13 }
ipExtRtDstIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the destination interface for the
IP-datagrams belonging to the set. If the value of this
object is set to 0, the datagrams of the set are discarded
and an ICMP destination unreachable datagram is sent
back to the originator."
::= { ipExtRtEntry 14 }
ipExtRtNextHop OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is used on point-to-multipoint interfaces
with indirect routes (see ipExrRtType) to specify
the IP-address of the gateway on the network, where
the datagram should be routed to."
::= { ipExtRtEntry 15 }
ipExtRtType OBJECT-TYPE
SYNTAX INTEGER {
other(1), invalid(2),
direct(3), indirect(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies, on point-to-multipoint interface
whether the datagram shall be sent to the destination
IP address in the IP datagram header (direct) or
to a gateway (indirect). In the later case, the IP-addres
of the gateway is specified by ipExtRtNextHop.
If this object is set to other, the entry is not
used for routing.
The complete entry can also be deleted, by setting this
object to invalid.
"
DEFVAL { indirect }
::= { ipExtRtEntry 16 }
ipExtRtMetric1 OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is used to specify an order on the entries
in the ipExtRtTable. If a datagram is matching multiple
entries, the entry with the lowest value of ipExtRtMetric1
is choosen. The decision is undefined, when even after
interpreting the metric, there are still multiple entries
matching the IP-datagram."
::= { ipExtRtEntry 17 }
ipExtRtMetric2 OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Undefined yet; for further extension"
::= { ipExtRtEntry 18 }
ipExtRtMetric3 OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Undefined yet; for further extension"
::= { ipExtRtEntry 19 }
ipExtRtMetric4 OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Undefined yet; for further extension"
::= { ipExtRtEntry 20 }
ipExtRtMetric5 OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Undefined yet; for further extension"
::= { ipExtRtEntry 21 }
ipExtRtProto OBJECT-TYPE
SYNTAX INTEGER {
other(1),
local(2),
netmgmt(3),
icmp(4),
egp(5),
ggp(6),
hello(7),
rip(8),
is-is(9),
es-is(10),
ciscoIgrp(11),
bbnSpfIgp(12),
ospf(13),
bgp(14)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes, how the route has been gained.
This will normaly be netmgmt, because there is currently
no routing protocol, that is able to handle extended routes."
DEFVAL { netmgmt }
::= { ipExtRtEntry 22 }
ipExtRtAge OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the age of the route."
::= { ipExtRtEntry 23 }
ipExtRtDescription OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"A textual string describing this extended route."
::= { ipExtRtEntry 24 }
-- **********************************************************************
-- * ipNatTable TABLE
-- **********************************************************************
ipNatTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpNatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"If NAT is switched on for an interface, this table contains
an entry for each session running over the interface. Table
entries are creates by the system whenever a valid session
is established. A session may be either a tcp connection,
a udp connection or an icmp connection with icmp-echo messages
(ping). A valid session is either an outgoing session or
an incoming session specified in the ipNatPresetTable.
Everything behind an interface with NAT enabled is called
outside. The BRICK itself and all networks connected
to it via interfaces without NAT are called inside.
Table entries are removed after timeout. This timeout
is
specified by ipExtIfNatOtherTimeout for UDP
and ICMP sessions.
specified by ipExtIfTcpTimeout for TCP sessions
16 seconds for closed TCP-sessions (FIN has been
received and acknowledged in both directions).
"
::= { biboip 5 }
ipNatEntry OBJECT-TYPE
SYNTAX IpNatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX { ipNatIfIndex, ipNatProtocol, ipNatIntAddr, ipNatIntPort }
::= { ipNatTable 1 }
IpNatEntry ::=
SEQUENCE {
ipNatIfIndex INTEGER,
ipNatProtocol INTEGER,
ipNatIntAddr IpAddress,
ipNatIntPort INTEGER,
ipNatExtAddr IpAddress,
ipNatExtPort INTEGER,
ipNatRemoteAddr IpAddress,
ipNatRemotePort INTEGER,
ipNatDirection INTEGER,
ipNatAge TimeTicks,
ipNatContext INTEGER,
ipNatTimeout INTEGER,
ipNatState INTEGER,
ipNatCategory INTEGER
}
ipNatIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the interface, for which the session
is monitored."
::= { ipNatEntry 1 }
ipNatProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
tcp(6),
udp(17),
ipv6(41),
gre(47),
esp(50),
ah(51),
ospf(89),
l2tp(115)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the protocol, the session is using.
The value icmp specifies an icmp-echo (ping) session. ICMP
error messages are processed by the appropriate tcp or
udp session.
"
::= { ipNatEntry 2 }
ipNatIntAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the internal local IP Address used for
the session. The internal address is only visible to
inside networks and is translated to the external address,
when a packet is being sent outside.
"
::= { ipNatEntry 3 }
ipNatIntPort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the internal local portnumber used for
the session. The internal portnumber is only visible to
inside networks and is translated to the external portnumber
whenever a packet is being sent outside.
"
::= { ipNatEntry 4 }
ipNatExtAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the external local address used for
the session. This address is visible outside only and
will be translated to the internal address, whenever
a packet is received from outside.
"
::= { ipNatEntry 5 }
ipNatExtPort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the external local portnumber used for
the session. This address is visible outside only and is
translated to the internal portnumber, whenever a packet
is received from outside.
"
::= { ipNatEntry 6 }
ipNatRemoteAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the remote IP-address used for the
session. This is an outside address. However, it is visible
to outside networks and also to inside networks.
"
::= { ipNatEntry 7 }
ipNatRemotePort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the remote portnumber used for the
session. This is an outside portnumber. However, it is visible
to outside networks and also to inside networks.
"
::= { ipNatEntry 8 }
ipNatDirection OBJECT-TYPE
SYNTAX INTEGER { incoming(1), outgoing(2) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies, whether the session is incoming
(from outside to inside) or outgoing (from inside to
outside).
"
::= { ipNatEntry 9 }
ipNatAge OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies how long no packet has been
transferred for the session and is used internally
for timeout purposes.
"
::= { ipNatEntry 10 }
ipNatContext OBJECT-TYPE
SYNTAX INTEGER (0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object holds a protocol specific context needed
to identify sessions for ICMP unreachable address
mapping.
"
::= { ipNatEntry 11 }
ipNatTimeout OBJECT-TYPE
SYNTAX INTEGER (1..5184000)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When there is no traffic associated with a NAT entry, this
entry is discarded at the end of a timeout value. This object
holds this timeout value in seconds.
"
::= { ipNatEntry 12 }
ipNatState OBJECT-TYPE
SYNTAX INTEGER { delete(1), active(2) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Set this object to delete to remove this entry.
"
DEFVAL { active }
::= { ipNatEntry 13 }
ipNatCategory OBJECT-TYPE
SYNTAX INTEGER {
full-cone(1),
restricted-cone(2),
port-restricted-cone(3),
symmetric(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the NAT category according RFC 3489 and 5389
to be applied for UDP traffic matching with this entry."
DEFVAL { symmetric }
::= { ipNatEntry 14 }
-- **********************************************************************
-- * ipNatPresetTable TABLE
-- **********************************************************************
ipNatPresetTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpNatPresetEntry
MAX-ACCESS not-accessible
STATUS current
-- CNAT: modif: add ipNatPrIntMask
DESCRIPTION
"This table specifies the IP addresses and port numbers
for sessions requested from outside. If this table is
empty and NAT is enabled, only packets for sessions
initiated from inside are forwarded.
The IP address and the port number of the internal server
can be specified individually for each combination of
- protocol (udp/tcp/icmp)
- initiating hosts IP address (RemoteAddr, RemoteMask)
- destination address or network (ExtAddr, ExtMask)
- destination port number or range (ExtPort, ExtPortRange)
Entries in the table are created and removed manually
by network management."
::= { biboip 6 }
ipNatPresetEntry OBJECT-TYPE
SYNTAX IpNatPresetEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipNatPrIfIndex,
ipNatPrProtocol,
ipNatPrExtPort
}
::= { ipNatPresetTable 1 }
IpNatPresetEntry ::=
SEQUENCE {
ipNatPrIfIndex INTEGER,
ipNatPrProtocol INTEGER,
ipNatPrRemoteAddr IpAddress,
ipNatPrRemoteMask IpAddress,
ipNatPrExtAddr IpAddress,
ipNatPrExtMask IpAddress,
ipNatPrExtPort INTEGER,
ipNatPrExtPortRange INTEGER,
ipNatPrIntAddr IpAddress,
ipNatPrIntPort INTEGER,
ipNatPrIntMask IpAddress,
ipNatPrTimeout INTEGER,
ipNatPrDescr DisplayString
}
ipNatPrIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the interface index, for which the
table entry shall be valid. If set to 0, the entry will
be valid for all interfaces configured to use NAT."
::= { ipNatPresetEntry 1 }
ipNatPrProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ggp(3),
ip(4),
tcp(6),
egp(8),
igp(9),
pup(12),
chaos(16),
udp(17),
hmp(20),
xns-idp(22),
rdp(27),
ipv6(41),
rsvp(46),
gre(47),
esp(50),
ah(51),
tlsp(56),
skip(57),
kryptolan(65),
iso-ip(80),
igrp(88),
ospf(89),
ipinip(94),
ipx-in-ip(111),
vrrp(112),
l2tp(115),
any(255),
delete(256)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the protocol, for which the table
entry shall be valid."
DEFVAL { any }
::= { ipNatPresetEntry 2 }
ipNatPrRemoteAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrRemoteMask the
the set of IP addresses of remote hosts initiating a
session. The table entry will be valid for an incoming
packet, when the IP adress of the remote host initiating
the session lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any remote host."
::= { ipNatPresetEntry 3 }
ipNatPrRemoteMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrRemoteAddr
the set of IP addresses of remote hosts initiating the
session. The table entry will be valid for an incoming
packet, when the IP adress of the remote host initiating
the session lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any remote host."
::= { ipNatPresetEntry 4 }
ipNatPrExtAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrExtMask the
set of destination IP addresses, for which the table entry
shall be valid. The entry is valid, if the target IP
address of an incoming IP packet lies in the range specified
by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any IP address."
::= { ipNatPresetEntry 5 }
ipNatPrExtMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrExtAddr the
set of destination IP addresses, for which the table entry
shall be valid. The entry is valid, if the target IP
address of an incoming packet lies in the range specified by
both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any IP address."
::= { ipNatPresetEntry 6 }
ipNatPrExtPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrExtPortRange the
range of port numbers for incoming packets, for which the table
entry shall be valid. If both objects are set to -1, the
entry is valid for all portnumbers. If ipNatPrPortRange is
set to -1, the entry is only valid, when the destination port
of an incoming IP packet is equal to ipNatPrExtPort.
Otherwise, the entry is valid, if the destination port number
lies in the range ExtPort .. ExtPortRange."
DEFVAL { -1 }
::= { ipNatPresetEntry 7 }
ipNatPrExtPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrExtPort the
range of portnumbers for incoming packets, for which the table
entry shall be valid. If both objects are set to -1, the
entry is valid for all portnumbers. If ipNatPrPortRange
is set to -1, the entry is only valid, when the destination
portnumber of an incoming IP packet is equal to ipNatPrExtPort.
Otherwise, the entry is valid, if the portnumber lies in the
range ExtPort .. ExtPortRange."
DEFVAL { -1 }
::= { ipNatPresetEntry 8 }
ipNatPrIntAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"With ipNatPrIntMask, this object specifies the internal target
host's IP address for incoming packets matching the table
entry.
An incoming packet matching this entry will be routed to the
internal server specified by this object and ipNatPrIntMask.
If this object is set to 0.0.0.0, the target host will be
the original target host in the incoming packet.
No translation of the IP-addresses takes place in this case.
If ipNatPrIntMask is set to 255.255.255.255, the internal
server IP address is ipNatPrIntAddr.
If ipNatPrIntMask is a subnet mask, the internal server IP
address is the incoming one in which the NET part is mapped
according to 'ipNatPrIntAddr / ipNatPrIntMask'."
::= { ipNatPresetEntry 9 }
ipNatPrIntPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the internal target host's port-number
for incoming packets matching the table entry. If this
object is set to -1, the target portnumber will be
taken from the original incoming packet.
No translation of the portnumber will take place in this
case. If the set of portnumbers for this table entry is
a range instead of a single portnumber, this object will
specify the base of the target range of portnumbers. The
internal portnumber will be constructed as follows:
new-target-port := old-target-port
- ipNatPrExtPort
+ ipNatPrIntPort
"
DEFVAL { -1 }
::= { ipNatPresetEntry 10 }
ipNatPrIntMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"With ipNatPrIntAddr, this object specifies the internal target
host's IP address for incoming packets matching the table
entry.
An incoming packet matching this entry will be routed to the
internal server specified by this object and ipNatPrIntMask.
If this object is set to 255.255.255.255, the internal
server IP address is ipNatPrIntAddr.
If this object is a subnet mask, the internal server
IP address is the incoming one in which the NET part is mapped
according to 'ipNatPrIntAddr / ipNatPrIntMask'."
DEFVAL { 'ffffffff'h }
--DEFVAL { 4294967295 }
::= { ipNatPresetEntry 11 }
ipNatPrTimeout OBJECT-TYPE
SYNTAX INTEGER (0..5184000)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When there is no traffic associated with a NAT entry, this
entry is discarded at the end of a timeout value. This object
holds this timeout value in seconds. If set to the default
value of 0, the timeout will be set to the value specified
either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout,
depending on the protocol."
DEFVAL { 0 }
::= { ipNatPresetEntry 12 }
ipNatPrDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A textual string describing this NAT forwarding rule."
::= { ipNatPresetEntry 13 }
-- **********************************************************************
-- * ipSessionTable TABLE
-- **********************************************************************
ipSessionTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"."
::= { biboip 7 }
ipSessionEntry OBJECT-TYPE
SYNTAX IpSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipSessionProtocol,
ipSessionSrcAddr, ipSessionSrcPort,
ipSessionDstAddr, ipSessionDstPort
}
::= { ipSessionTable 1 }
IpSessionEntry ::=
SEQUENCE {
ipSessionSrcAddr IpAddress,
ipSessionSrcPort INTEGER,
ipSessionDstAddr IpAddress,
ipSessionDstPort INTEGER,
ipSessionOutPkts Counter32,
ipSessionOutOctets Counter32,
ipSessionInPkts Counter32,
ipSessionInOctets Counter32,
ipSessionProtocol INTEGER,
ipSessionAge TimeTicks,
ipSessionIdle TimeTicks,
ipSessionSrcIfIndex INTEGER,
ipSessionDstIfIndex INTEGER
}
ipSessionSrcAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"source address of IP session"
::= { ipSessionEntry 1 }
ipSessionSrcPort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"source port of IP session"
::= { ipSessionEntry 2 }
ipSessionDstAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"destination port of IP session"
::= { ipSessionEntry 3 }
ipSessionDstPort OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"destination port of IP session"
::= { ipSessionEntry 4 }
ipSessionOutPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"outgoing packets in IP session"
::= { ipSessionEntry 5 }
ipSessionOutOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"outgoing octets in IP session"
::= { ipSessionEntry 6 }
ipSessionInPkts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"incoming packets in IP session"
::= { ipSessionEntry 7 }
ipSessionInOctets OBJECT-TYPE
SYNTAX Counter32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"incoming octets in IP session"
::= { ipSessionEntry 8 }
ipSessionProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ggp(3),
tcp(6),
egp(8),
pup(12),
udp(17),
hmp(20),
xns-idp(22),
rdp(27),
ipv6(41),
rsvp(46),
gre(47),
esp(50),
ah(51),
igrp(88),
ospf(89),
pim(103),
l2tp(115),
reserved(255)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"protocol of IP session"
::= { ipSessionEntry 9 }
ipSessionAge OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"age of IP session"
::= { ipSessionEntry 10 }
ipSessionIdle OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"idle time of IP session"
::= { ipSessionEntry 11 }
ipSessionSrcIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"source interface index of IP session"
::= { ipSessionEntry 12 }
ipSessionDstIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"destination interface index of IP session"
::= { ipSessionEntry 13 }
-- **********************************************************************
-- * ipImportTable TABLE
-- **********************************************************************
ipImportTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpImportEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies how routes from one routing protocol
are imported into another routing protocol. The dummy
protocol default-route allows the generation of a default
route for the routing domain. Not all combinations of
source and destination protocols might be valid or
implemented."
::= { biboip 12 }
ipImportEntry OBJECT-TYPE
SYNTAX IpImportEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipImportSrcProto,
ipImportDstProto,
ipImportAddr
}
::= { ipImportTable 1 }
IpImportEntry ::=
SEQUENCE {
ipImportSrcProto INTEGER,
ipImportDstProto INTEGER,
ipImportMetric1 INTEGER,
ipImportType INTEGER,
ipImportAddr IpAddress,
ipImportMask IpAddress,
ipImportEffect INTEGER,
ipImportIfIndex INTEGER,
ipImportAssociatedAS INTEGER,
ipImportRouteMapName DisplayString
}
ipImportSrcProto OBJECT-TYPE
SYNTAX INTEGER {
default-route(1),
direct(2),
static(3),
rip(4),
ospf(5),
special(6),
radius(7),
bgp(8)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes the protocol that generated the route
and inserted it into the routing table."
::= { ipImportEntry 1 }
ipImportDstProto OBJECT-TYPE
SYNTAX INTEGER {
delete(1),
rip(2),
ospf(3),
bgp(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes the destination protocol into that the
routes should be imported."
::= { ipImportEntry 2 }
ipImportMetric1 OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the metric in the context of the
destination protocol the imported routes should get.
If set to -1 these routes get a protocol specific
default metric."
DEFVAL { -1 }
::= { ipImportEntry 3 }
ipImportType OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object might define protocol specific properties of
the imported routes in the context of the destination
protocol."
DEFVAL { 0 }
::= { ipImportEntry 4 }
ipImportAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipImportMask the range
of IP addresses for which the table entry should be valid.
The entry is valid if the destination IP address of the
route lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for destination."
::= { ipImportEntry 5 }
ipImportMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipImportAddr the range
of IP addresses for which the table entry should be valid.
The entry is valid if the destination IP address of the
route lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for destination."
::= { ipImportEntry 6 }
ipImportEffect OBJECT-TYPE
SYNTAX INTEGER { import (1), doNotImport(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object defines the effect this row should have. If set
to import, the importation from ipImportSrcProto to
ipImportDstProto takes place. If set to doNotImport the
importation is prevented."
DEFVAL { import }
::= { ipImportEntry 7 }
ipImportIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the interface index of the interface
for which the entry should be valid. If set to -1 it will be
valid for all interfaces."
DEFVAL { -1 }
::= { ipImportEntry 8 }
ipImportAssociatedAS OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies an optional Autonomous System
identifier for use with BGP."
::= { ipImportEntry 9 }
ipImportRouteMapName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies an optional route-map name
for use with BGP."
::= { ipImportEntry 10 }
-- **********************************************************************
-- * ipPriorityTable TABLE
-- **********************************************************************
ipPriorityTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpPriorityEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table defines the order, in which routes from different
protocols are being used to determine the destination of an
ip packet. The table will contain an entry for each type
of routing protocol including STATIC and DIRECT routes.
A priority-value can be configured for each of those protocols
to get an order between the different protocols. The table
contains a fixed number of entries. Only the priority may be
configured."
::= { biboip 13 }
ipPriorityEntry OBJECT-TYPE
SYNTAX IpPriorityEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX { ipPriorityProto }
::= { ipPriorityTable 1 }
IpPriorityEntry ::=
SEQUENCE {
ipPriorityProto INTEGER,
ipPriorityValue INTEGER
}
ipPriorityProto OBJECT-TYPE
SYNTAX INTEGER {
direct(1),
static(2),
rip(3), -- RIP routes
ospf(4), -- OSPF intra and inter area routes
ospf-ext(5), -- OSPF type 1 and 2 external routes
bgp(6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the routig-protocol, for which the
entry is valid."
::= { ipPriorityEntry 1 }
ipPriorityValue OBJECT-TYPE
SYNTAX INTEGER (0..63)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object contains the priority-value for a specific routing
protocol. Low values mean high precedence."
::= { ipPriorityEntry 2 }
-- **********************************************************************
-- * ipFilterTable TABLE
-- **********************************************************************
ipFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ipFilterTable defines filters that describe subsets
of IP packets. The filter matches if all conditions defined
are true when comparing with the header of an IP packet."
::= { biboip 15 }
ipFilterEntry OBJECT-TYPE
SYNTAX IpFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipFilterProtocol
}
::= { ipFilterTable 1 }
IpFilterEntry ::=
SEQUENCE {
ipFilterIndex INTEGER,
ipFilterDescr DisplayString,
ipFilterProtocol INTEGER,
ipFilterSrcAddr IpAddress,
ipFilterSrcMask IpAddress,
ipFilterSrcPort INTEGER,
ipFilterSrcPortRange INTEGER,
ipFilterDstAddr IpAddress,
ipFilterDstMask IpAddress,
ipFilterDstPort INTEGER,
ipFilterDstPortRange INTEGER,
ipFilterTcpConnState INTEGER,
ipFilterIcmpType INTEGER,
ipFilterTos INTEGER,
ipFilterTosMask INTEGER,
ipFilterLevel2Prio INTEGER,
ipFilterLevel2PrioMask INTEGER,
ipFilterSrcIfIndex INTEGER
}
ipFilterIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object uniquely references this filter. The index
value is generated automatically."
::= { ipFilterEntry 1 }
ipFilterDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A textual string describing this filter."
::= { ipFilterEntry 2 }
ipFilterProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ggp(3),
ip(4),
tcp(6),
egp(8),
igp(9),
pup(12),
chaos(16),
udp(17),
hmp(20),
xns-idp(22),
rdp(27),
ipv6(41),
rsvp(46),
gre(47),
esp(50),
ah(51),
tlsp(56),
skip(57),
kryptolan(65),
iso-ip(80),
igrp(88),
ospf(89),
ipip(94),
pim(103),
ipx-in-ip(111),
vrrp(112),
l2tp(115),
delete(255),
dont-verify(256)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the value of the protocol field in
the ip header for all IP-datagrams belonging to the set.
If this object is set to dont-verify, the value of the
protocol field is not specified and can take any value."
DEFVAL { dont-verify }
::= { ipFilterEntry 3 }
ipFilterSrcAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipFilterSrcMask
the set of IP addresses of datagrams that belong to the
subset defined by this entry. If both objects are set to
0.0.0.0 the source-addresses for the datagrams in the set
is not specified and can take any value."
::= { ipFilterEntry 4 }
ipFilterSrcMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipFilterSrcAddr
the set of IP addresses of datagrams that belong to the
subset defined by this entry. If both objects are set to
0.0.0.0 the source-addresses for the datagrams in the set
is not specified and can take any value."
::= { ipFilterEntry 5 }
ipFilterSrcPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterSrcPortRange the
range of source portnumbers of the IP-datagrams belonging to
the set. All portnumbers between and including the two
objects are within the range.
If both objects are the to -1, the value of the source
portnumber is not specified and can take any value."
DEFVAL { -1 }
::= { ipFilterEntry 6 }
ipFilterSrcPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterDstPort the
range of source portnumbers of the IP-datagrams belonging to
the set. All portnumbers between and including the two
objects are within the range.
If both objects are the to -1, the value of the source
portnumber is not specified and can take any value."
DEFVAL { -1 }
::= { ipFilterEntry 7 }
ipFilterDstAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterDstMask the
range of the target-addresses of the IP-datagrams belonging
to the set. If both objects are set to 0.0.0.0 the target-
addresses for the datagrams in the set is not specified
and can take any value."
::= { ipFilterEntry 8 }
ipFilterDstMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterDstAddr the
range of the target-addresses of the IP-datagrams belonging
to the set. If both objects are set to 0.0.0.0 the target-
addresses for the datagrams in the set is not specified
and can take any value."
::= { ipFilterEntry 9 }
ipFilterDstPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterDstPortRange the
range of target-portnumbers of the IP-datagrams belonging to
the set. All portnumbers between and including the two
objects are within the range.
If both objects are the to -1, the value of the target
portnumber is not specified and can take any value."
DEFVAL { -1 }
::= { ipFilterEntry 10 }
ipFilterDstPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterDstPort the
range of target-portnumbers of the IP-datagrams belonging to
the set. All portnumbers between and including the two
objects are within the range.
If both objects are the to -1, the value of the target
portnumber is not specified and can take any value."
DEFVAL { -1 }
::= { ipFilterEntry 11 }
ipFilterTcpConnState OBJECT-TYPE
SYNTAX INTEGER {
dont-verify(1),
established(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes the state of the TCP connection
associated with the packets belonging to the set.
If this object is set to established, the value of the TCP
flags of incoming packets is checked. Packets with flags
that initiate TCP connections are excluded from the set.
If this object is set to dont-verify, the TCP flags are
not checked and can be any value."
DEFVAL { dont-verify }
::= { ipFilterEntry 12 }
ipFilterIcmpType OBJECT-TYPE
SYNTAX INTEGER {
dont-verify(31),
echoRep(1),
destUnreach(4),
srcQuench(5),
redirect(6),
echo(9),
timeExcds(12),
parmProb(13),
timestamp(14),
timestampRep(15),
addrMask(16),
addrMaskRep(17)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes the ICMP type of the packets belonging
to the set. If this object is set to dont-verify, the value
of the ICMP type field is not specified and can take any
value."
DEFVAL { dont-verify }
::= { ipFilterEntry 13 }
ipFilterTos OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterTosMask the
range of the Type of Service field (TOS) in the IP-header
of the IP-datagrams belonging to the set. A TOS value is
considered within the range, when the following equation
is valid:
(tos & ipFilterTosMask) == (ipFilterTos & ipFilterTosMask)
If both objects are set to 0 the TOS value of the datagrams
in the set is not specified and can take any value."
::= { ipFilterEntry 14 }
ipFilterTosMask OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterTos the
range of the Type of Service field (TOS) in the IP-header
of the IP-datagrams belonging to the set. A TOS value is
considered within the range, when the following equation
is valid:
(tos & ipFilterTosMask) == (ipFilterTos & ipFilterTosMask)
If both objects are set to 0 the TOS value of the datagrams
in the set is not specified and can take any value."
::= { ipFilterEntry 15 }
ipFilterLevel2Prio OBJECT-TYPE
SYNTAX INTEGER (0..7)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterLevel2PrioMask
the range of the level 2 priority field associated with
the IP-datagrams belonging to the set. A priority value is
considered within the range, when the following equation
is valid:
(priority & ipFilterLevel2PrioMask) == (ipFilterLevel2Prio & ipFilterLevel2PrioMask)
If both objects are set to 0 the level 2 priority of the
datagrams in the set is not specified and can take any
value."
::= { ipFilterEntry 16 }
ipFilterLevel2PrioMask OBJECT-TYPE
SYNTAX INTEGER (0..7)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object describes together with ipFilterLevel2PrioMask
the range of the level 2 priority field associated with
the IP-datagrams belonging to the set. A priority value is
considered within the range, when the following equation
is valid:
(priority & ipFilterLevel2PrioMask) == (ipFilterLevel2Prio & ipFilterLevel2PrioMask)
If both objects are set to 0 the level 2 priority of the
datagrams in the set is not specified and can take any
value."
::= { ipFilterEntry 17 }
ipFilterSrcIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the source index of the IP-datagrams.
If this object has a value other than 0, only datagrams
received over the interface with the appropriate interface
index are considered to be part of the set. If this object
is set to 0, the source interface index for the datagrams
belonging to the set is not specified."
::= { ipFilterEntry 18 }
-- **********************************************************************
-- * ipRuleTable TABLE
-- **********************************************************************
ipRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ipRuleTable defines access rules for checking incoming
IP packets. The rules are processed in order, i.e. each rule
has a link to the next rule. The set of rules is processed
until a match occurs, that means the rule's associated filter
matches and the specified action is performed (either accept
or deny a packet). The last rule is implicitly a deny rule.
The set of rules to be processed can be defined for each
interface"
::= { biboip 16 }
ipRuleEntry OBJECT-TYPE
SYNTAX IpRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipRuleFilterIndex
}
::= { ipRuleTable 1 }
IpRuleEntry ::=
SEQUENCE {
ipRuleIndex INTEGER,
ipRuleFilterIndex INTEGER,
ipRuleAction INTEGER,
ipRuleNextRuleIndex INTEGER,
ipRuleDescr DisplayString
}
ipRuleIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Unique rule index."
::= { ipRuleEntry 1 }
ipRuleFilterIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"References the rule's associated filter."
::= { ipRuleEntry 2 }
ipRuleAction OBJECT-TYPE
SYNTAX INTEGER {
allow(1), -- allow if filter matches
allow-if-not(2),-- allow if filter not matches
deny(3), -- deny if filter matches
deny-if-not(4), -- deny if filter not matches
ignore(5), -- ignore rule and skip to next rule
delete(6) -- delete the entry from the table
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the action to be performed if the
rule's associated filter matches. If set to ignore the
filter is not consulted and the next rule is processed
immediately."
DEFVAL { allow }
::= { ipRuleEntry 3 }
ipRuleNextRuleIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the next rule to be processed if the rule's
associated filter does not match. The value 0 is used
to mark the end of the rule set."
DEFVAL { 0 }
::= { ipRuleEntry 4 }
ipRuleDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A textual string describing this access rule."
::= { ipRuleEntry 5 }
-- **********************************************************************
-- * ipNatOutTable TABLE
-- **********************************************************************
ipNatOutTable OBJECT-TYPE
-- CNAT: modif: add ipNatOutExtMask
SYNTAX SEQUENCE OF IpNatOutEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the IP address translation for
outgoing sessions. If no matching entry is found the
IP address is set to the IP address defined on the
interface configured for NAT. If a matching entry is
found, the source IP address of outgoing IP packets
is translated according to the couple 'ipNatOutExtAddr /
ipNatOutExtMask'.
- If external IP address is a 'host IP address', the
whole source IP address is mapped.
- If external IP address is a 'net IP address', only
the 'net part' of source IP address is affected.
This table is only used if the outgoing address
translation is activated (ipExtIfNatOutXlat).
Entries in the table are created and removed manually
by network management."
::= { biboip 18 }
ipNatOutEntry OBJECT-TYPE
SYNTAX IpNatOutEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipNatOutIfIndex,
ipNatOutIntAddr,
ipNatOutExtAddr
}
::= { ipNatOutTable 1 }
IpNatOutEntry ::=
SEQUENCE {
ipNatOutIfIndex INTEGER,
ipNatOutProtocol INTEGER,
ipNatOutRemoteAddr IpAddress,
ipNatOutRemoteMask IpAddress,
ipNatOutExtAddr IpAddress,
ipNatOutRemotePort INTEGER,
ipNatOutRemotePortRange INTEGER,
ipNatOutIntAddr IpAddress,
ipNatOutIntMask IpAddress,
ipNatOutIntPort INTEGER,
ipNatOutExtPort INTEGER,
ipNatOutExtMask IpAddress,
ipNatOutTimeout INTEGER,
ipNatOutDescr DisplayString,
ipNatOutNatCategory INTEGER,
ipNatOutIntPortRange INTEGER,
ipNatOutExtPortRange INTEGER
}
ipNatOutIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the interface index, for which the
table entry shall be valid. If set to 0, the entry will
be valid for all interfaces configured to use NAT."
::= { ipNatOutEntry 1 }
ipNatOutProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ggp(3),
ip(4),
tcp(6),
egp(8),
igp(9),
pup(12),
chaos(16),
udp(17),
hmp(20),
xns-idp(22),
rdp(27),
ipv6(41),
rsvp(46),
gre(47),
esp(50),
ah(51),
tlsp(56),
skip(57),
kryptolan(65),
iso-ip(80),
igrp(88),
ospf(89),
ipip(94),
ipx-in-ip(111),
vrrp(112),
l2tp(115),
any(255),
delete(256)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the protocol, for which the table
entry shall be valid."
DEFVAL { any }
::= { ipNatOutEntry 2 }
ipNatOutRemoteAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutRemoteMask the
set of target IP addresses for which the table entry is
valid. If both objects are set to 0.0.0.0, the table entry
will be valid for any target IP address."
::= { ipNatOutEntry 3 }
ipNatOutRemoteMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutRemoteAddr the
set of target IP addresses for which the table entry is
valid. If both objects are set to 0.0.0.0, the table entry
will be valid for any target IP address."
::= { ipNatOutEntry 4 }
ipNatOutExtAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"With ipNatOutExtMask, this object specifies the external
'IP address' or 'NET address' to which the internal IP address
is mapped.
- To map exactly to ipNatOutExtAddr (i.e. map to a single IP
address), ipNatOutExtMask MUST be set to 255.255.255.255
- To keep HOST part of source IP address and map only the
NET part, ipNatOutExtMask MUST be the related subnet mask
(and it should be the same as ipNatOutIntMask )."
::= { ipNatOutEntry 5 }
ipNatOutRemotePort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutRemotePortRange
the range of portnumbers for outgoing packets, for which the
table entry shall be valid. If both objects are set to -1, the
entry is valid for all portnumbers. If ipNatOutPortRange
is set to -1, the entry is only valid, when the portnumber
of an outgoing packet is equal to ipNatOutRemotePort.
Otherwise, the entry is valid, if the destination portnumber
lies in the range RemotePort .. RemotePortRange."
DEFVAL { -1 }
::= { ipNatOutEntry 6 }
ipNatOutRemotePortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutRemotePort
the range of portnumbers for outgoing packets, for which the
table entry shall be valid. If both objects are set to -1, the
entry is valid for all portnumbers. If ipNatOutPortRange
is set to -1, the entry is only valid, when the portnumber
of an outgoing packet is equal to ipNatOutRemotePort.
Otherwise, the entry is valid, if the destination portnumber
lies in the range RemotePort .. RemotePortRange."
DEFVAL { -1 }
::= { ipNatOutEntry 7 }
ipNatOutIntAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutIntMask
the internal hosts IP address for outgoing packets
matching the table entry. If both objects are set to
0.0.0.0, the table entry will be valid for any source
IP address."
::= { ipNatOutEntry 8 }
ipNatOutIntMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutIntAddr
the internal hosts IP address for outgoing packets
matching the table entry. If both objects are set to
0.0.0.0, the table entry will be valid for any source
IP address."
::= { ipNatOutEntry 9 }
ipNatOutIntPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the internal source port for which the
table entry shall be valid. If this object is set to -1,
any internal source port matches this entry."
DEFVAL { -1 }
::= { ipNatOutEntry 10 }
ipNatOutExtPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object may be used to specify a fixed external source
port to which the internal source port is mapped.
If this object is set to -1, the port is mapped to the next
free source port available."
DEFVAL { -1 }
::= { ipNatOutEntry 11 }
ipNatOutExtMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"With ipNatOutExtAddr, this object specifies the external
'IP address' or 'NET address' to which the internal IP address
is mapped.
- To map exactly to ipNatOutExtAddr (i.e. map to a single IP
address), ipNatOutExtMask MUST be set to 255.255.255.255
- To keep HOST part of source IP address and map only the
NET part, ipNatOutExtMask MUST be the related subnet mask
(and it should be the same as ipNatOutIntMask)."
DEFVAL { 'ffffffff'h }
--DEFVAL { 4294967295 }
::= { ipNatOutEntry 12 }
ipNatOutTimeout OBJECT-TYPE
SYNTAX INTEGER (0..5184000)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When there is no traffic associated with a NAT entry, this
entry is discarded at the end of a timeout value. This object
holds this timeout value in seconds. If set to the default
value of 0, the timeout will be set to the value specified
either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout,
depending on the protocol."
DEFVAL { 0 }
::= { ipNatOutEntry 13 }
ipNatOutDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A textual string describing this NAT translation rule."
::= { ipNatOutEntry 14 }
ipNatOutNatCategory OBJECT-TYPE
SYNTAX INTEGER {
full-cone(1),
restricted-cone(2),
port-restricted-cone(3),
symmetric(4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the NAT category according RFC 3489 and 5389
to be applied for UDP traffic matching with this entry."
DEFVAL { symmetric }
::= { ipNatOutEntry 15 }
ipNatOutIntPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutIntPort the
internal source port range for which the table entry shall
be valid. If this object is set to -1, only ipNatOutIntPort
is used as selector for this entry."
DEFVAL { -1 }
::= { ipNatOutEntry 16 }
ipNatOutExtPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object may be used together with ipNatOutExtPort to
specify a fixed external source port number range to which
the internal source port numbers are mapped. This mapping
depends on the position of the original source port number
within the range specified by ipNatOutIntPort and
ipNatOutIntPortRange. If this object is set to -1, only
ipNatOutExtPort is considered for this entry."
DEFVAL { -1 }
::= { ipNatOutEntry 17 }
-- **********************************************************************
-- * ipHostsAliveTable TABLE
-- **********************************************************************
ipHostsAliveTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpHostsAliveEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the watched IP addresses.
Entries in the table are created and removed manually
by network management."
::= { biboip 19 }
ipHostsAliveEntry OBJECT-TYPE
SYNTAX IpHostsAliveEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipHostsAliveIPAddress
}
::= { ipHostsAliveTable 1 }
IpHostsAliveEntry ::=
SEQUENCE {
ipHostsAliveGroup INTEGER,
ipHostsAliveIPAddress IpAddress,
ipHostsAliveState INTEGER,
ipHostsAliveInterval INTEGER,
ipHostsAliveDownAction INTEGER,
ipHostsAliveFirstIfIndex INTEGER,
ipHostsAliveRange INTEGER,
ipHostsAliveSrcIPAddress IpAddress,
ipHostsAliveTrials INTEGER,
ipHostsAliveBackups INTEGER
}
ipHostsAliveGroup OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The group of the watched IP-Addresses"
DEFVAL { 0 }
::= { ipHostsAliveEntry 1 }
ipHostsAliveIPAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The watched IP-Address. If set to zero, the default gateway is used."
::= { ipHostsAliveEntry 2 }
ipHostsAliveState OBJECT-TYPE
SYNTAX INTEGER {
alive(1),
down(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The State of the watched IP-Address"
DEFVAL { alive }
::= { ipHostsAliveEntry 3 }
ipHostsAliveInterval OBJECT-TYPE
SYNTAX INTEGER (1..65536)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This is the time interval for state verification"
DEFVAL { 300 }
::= { ipHostsAliveEntry 4 }
ipHostsAliveDownAction OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
delete(3),
none(4),
reset(5),
redial(6),
monitor(7)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Action be performed if the ipHostsAliveState changes to
down (2), If set to none (4) there is no action
specified, if set to monitor (7) this entry
just enables monitoring of this status in other
subsystem context like IP load balancing."
DEFVAL { down }
::= { ipHostsAliveEntry 5 }
ipHostsAliveFirstIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The first ifc"
DEFVAL { 10001 }
::= { ipHostsAliveEntry 6 }
ipHostsAliveRange OBJECT-TYPE
SYNTAX INTEGER (0..65536)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The range of all ifc's"
DEFVAL { 4999 }
::= { ipHostsAliveEntry 7 }
ipHostsAliveSrcIPAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The source IP-Address"
::= { ipHostsAliveEntry 8 }
ipHostsAliveTrials OBJECT-TYPE
SYNTAX INTEGER (1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"How many ping attempts until host is considered down.
Default value is 3."
DEFVAL { 3 }
::= { ipHostsAliveEntry 9 }
ipHostsAliveBackups OBJECT-TYPE
SYNTAX INTEGER (1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"How many successful pings until host is considered up.
Default value is 1."
DEFVAL { 1 }
::= { ipHostsAliveEntry 10 }
-- **********************************************************************
-- * ipBodRuleTable TABLE
-- **********************************************************************
ipBodRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpBodRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ipBodRuleTable defines access rules for checking incoming
IP packets. The rules are processed in order, i.e. each rule
has a link to the next rule. The set of rules is processed
until a match occurs, that means the rule's associated filter
matches and the specified action is performed (either request
or deny additional bandwidth). The last rule is implicitly a
deny rule. The set of rules to be processed can be defined
for each interface."
::= { biboip 21 }
ipBodRuleEntry OBJECT-TYPE
SYNTAX IpBodRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipBodRuleFilterIndex
}
::= { ipBodRuleTable 1 }
IpBodRuleEntry ::=
SEQUENCE {
ipBodRuleIndex INTEGER,
ipBodRuleFilterIndex INTEGER,
ipBodRuleAction INTEGER,
ipBodRuleDirection INTEGER,
ipBodRuleChannels INTEGER,
ipBodRuleNextRuleIndex INTEGER,
ipBodRuleIdleTime INTEGER
}
ipBodRuleIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Unique rule index."
::= { ipBodRuleEntry 1 }
ipBodRuleFilterIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"References the rule's associated filter."
::= { ipBodRuleEntry 2 }
ipBodRuleAction OBJECT-TYPE
SYNTAX INTEGER {
invoke(1), -- invoke bandwidth if filter matches
invoke-if-not(2), -- invoke if filter not matches
deny(3), -- deny BOD if filter matches
deny-if-not(4), -- deny BOD if filter not matches
ignore(5), -- ignore rule and skip to next rule
delete(6) -- delete the entry from the table
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the action to be performed if the
rule's associated filter matches. If set to ignore the
filter is not consulted and the next rule is processed
immediately."
DEFVAL { invoke }
::= { ipBodRuleEntry 3 }
ipBodRuleDirection OBJECT-TYPE
SYNTAX INTEGER {
outgoing(1), -- used for outgoing packets only
incoming(2), -- used for incoming packets only
both(3) -- used for both directions
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the direction of the packets for
which the rule is processed."
DEFVAL { outgoing }
::= { ipBodRuleEntry 4 }
ipBodRuleChannels OBJECT-TYPE
SYNTAX INTEGER (0..8)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number of B-channels to invoke if the rule's
associated filter matches."
DEFVAL { 1 }
::= { ipBodRuleEntry 5 }
ipBodRuleNextRuleIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the next rule to be processed if the rule's
associated filter does not match. The value 0 is used
to mark the end of the rule set."
DEFVAL { 0 }
::= { ipBodRuleEntry 6 }
ipBodRuleIdleTime OBJECT-TYPE
SYNTAX INTEGER (-1..3600)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the time in seconds the interface-specific
shorthold interval (see biboPPPTable) is extended if the
rule's associated filter matches. When set to zero this
setting is ignored. When set to -1 matching packets are
sent piggyback, they are not considered for shorthold mode."
DEFVAL { 0 }
::= { ipBodRuleEntry 7 }
-- **********************************************************************
-- * ipQoSTable TABLE
-- **********************************************************************
ipQoSTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpQoSEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ipQosTable defines the classifier rules that are applied
to IP traffic arriving this interface in a particular
direction. The rules are processed in order, i.e. each rule
has a link to the next rule. The set of rules is processed
until a match occurs, that means the rule's associated filter
matches and the specified action is performed (alter the IP
headers TOS field, alter associated level 2 priority, specify
a service class for QoS). The set of these rules to be
processed can be defined for each interface."
::= { biboip 22 }
ipQoSEntry OBJECT-TYPE
SYNTAX IpQoSEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipQoSFilterIndex
}
::= { ipQoSTable 1 }
IpQoSEntry ::=
SEQUENCE {
ipQoSIndex INTEGER,
ipQoSFilterIndex INTEGER,
ipQoSNextRuleIndex INTEGER,
ipQoSAction INTEGER,
ipQoSTos INTEGER,
-- ipQoSClassOfService INTEGER,
ipQoSTosSetRate INTEGER,
ipQoSTosSetBurst INTEGER,
ipQoSTosSetExceedAction INTEGER,
ipQoSTosRemark INTEGER,
ipQoSServiceClass INTEGER,
ipQoSClassId INTEGER,
ipQoSDirection INTEGER,
ipQoSTosSetRateLimitation INTEGER,
ipQoSTosSetRateBps INTEGER,
ipQoSTosSetBurstBps INTEGER,
ipQoSClassifyAction INTEGER,
ipQoSExceedRateLimitation INTEGER,
ipQoSExceedRate INTEGER,
ipQoSExceedBurst INTEGER,
ipQoSExceedRateBps INTEGER,
ipQoSExceedBurstBps INTEGER,
ipQoSTosAndMask INTEGER,
ipQoSTosOrMask INTEGER,
ipQoSLevel2PrioAndMask INTEGER,
ipQoSLevel2PrioOrMask INTEGER,
ipQoSTosAndMaskExceed INTEGER,
ipQoSTosOrMaskExceed INTEGER,
ipQoSLevel2PrioAndMaskExceed INTEGER,
ipQoSLevel2PrioOrMaskExceed INTEGER,
ipQoSDescr DisplayString
}
ipQoSIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Unique rule index."
::= { ipQoSEntry 1 }
ipQoSFilterIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"References the associated filter (see IpFilterTable)."
::= { ipQoSEntry 2 }
ipQoSNextRuleIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the next classifier rule to be processed if the
rule's associated filter does not match. The value 0 is used
to mark the end of the rule set."
DEFVAL { 0 }
::= { ipQoSEntry 3 }
ipQoSAction OBJECT-TYPE
SYNTAX INTEGER {
classify(1), -- filter matches, classify packet & set TOS
classify-if-not(2), -- classify & set TOS if filter doesn't match
disabled(3), -- ignore rule and skip to next rule
classify-keep-tos(4), -- filter matches, classify packet (keep TOS)
classify-keep-tos-if-not(5), -- classify (keep TOS) if filter doesn't match
delete(15) -- delete the entry from the table
}
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"WARNING: this object is obsolete and must not be used. It
exists in this table for configuration conversion purposes.
Below is its previous definition:
This object specifies the action to be performed if the
associated filter matches. If set to disabled the filter is
not consulted and the next rule is processed immediately,
possible values:
classify(1) = filter matches, classify packet & set TOS
classify-if-not(2) = classify & set TOS if filter doesn't match
disabled(3) = ignore rule and skip to next rule
classify-keep-tos(4) = filter matches, classify packet (keep TOS)
classify-keep-tos-if-not(5) = classify (keep TOS) if filter doesn't match
delete(15) = delete the entry from the table."
DEFVAL { classify }
::= { ipQoSEntry 4 }
ipQoSTos OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"WARNING: this object is obsolete and must not be used. It
exists in this table for configuration conversion purposes.
Below is its previous definition:
Value for TOS field inside IP header to be set."
DEFVAL { 0 }
::= { ipQoSEntry 5 }
-- ipQoSClassOfService OBJECT-TYPE
-- SYNTAX INTEGER (1..255)
-- ACCESS read-write
-- STATUS mandatory
--
-- DESCRIPTION
-- "Specifies the class of service used for the congestion
-- management, priorization and traffic shapping. If set to
-- 256 (high priority service class) the related traffic
-- will be always handled first."
-- DEFVAL { 1 }
-- ::= { ipQoSEntry 6 }
--
ipQoSTosSetRate OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"WARNING: this object is obsolete and must not be used. It
exists in this table for configuration conversion purposes.
Below is its previous definition:
Maximum amount of packets per second that should be TOS
changed."
DEFVAL { 0 }
::= { ipQoSEntry 7 }
ipQoSTosSetBurst OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"WARNING: this object is obsolete and must not be used. It
exists in this table for configuration conversion purposes.
Below is its previous definition:
Maximum amount of packets per second additional to the
ipQosSetRate that could be TOS changed."
DEFVAL { 0 }
::= { ipQoSEntry 8 }
ipQoSTosSetExceedAction OBJECT-TYPE
SYNTAX INTEGER {
none(1),
remark-tos(2),
ignore(3)
}
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"WARNING: this object is obsolete and must not be used. It
exists in this table for configuration conversion purposes.
Below is its previous definition:
This object specifies how to mark packets in excess of the
rate limitation defined for this entry. Possible values:
none(1) = the TOS field is unchanged, but the packet
is flagged as eligible for discard.
remark-tos(2) = the TOS field is set with the ipQosTosRemark
value.
ignore(3) = used internally for conversion between old
format and new format of this table."
DEFVAL { ignore }
::= { ipQoSEntry 9 }
ipQoSTosRemark OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"WARNING: this object is obsolete and must not be used. It
exists in this table for configuration conversion purposes.
Below is its previous definition:
Value for TOS field inside IP header to be set
when ipQoSTosSetExceedAction is set to remark-tos."
DEFVAL { 0 }
::= { ipQoSEntry 10 }
ipQoSServiceClass OBJECT-TYPE
SYNTAX INTEGER {
normal(1),
high-priority(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipQoSClassId the class
of service used for the congestion management, priorization
and traffic shapping. If set to high-priority(2) (high
priority service class) the related traffic will be always
handled first and ipQoSClassId is ignored."
DEFVAL { normal }
::= { ipQoSEntry 11 }
ipQoSClassId OBJECT-TYPE
SYNTAX INTEGER (1..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipQoSServiceClass
(normal(1) only) the class of service used for congestion
avoidance, congestion management, priorization and traffic
shapping. Note that this ID is not used to give a nominal
priority to the related IP traffic."
DEFVAL { 1 }
::= { ipQoSEntry 12 }
ipQoSDirection OBJECT-TYPE
SYNTAX INTEGER {
outgoing(1), -- used for outgoing packets only
incoming(2), -- used for incoming packets only
both(3) -- used for both directions
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the direction for witch this classifier
rule applies on this interface, possible values:
outgoing(1) = used for outgoing packets only
incoming(2) = used for incoming packets only
both(3) = used for both directions."
DEFVAL { outgoing }
::= { ipQoSEntry 13 }
ipQoSTosSetRateLimitation OBJECT-TYPE
SYNTAX INTEGER {
none(1),
packets(2),
throughput(3)
}
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"WARNING: this object is obsolete and must not be used. It
exists in this table for configuration conversion purposes.
Below is its previous definition:
This field specifies a rate limitation for the packets
to mark with the ipQosTos value. Possible values:
none(1) = no limitation is defined.
packets(2) = a limitation is defined in number
of packets per second.
throughput(3) = a limitation is defined in bits per second."
DEFVAL { packets }
::= { ipQoSEntry 14 }
ipQoSTosSetRateBps OBJECT-TYPE
SYNTAX INTEGER
UNITS "bps"
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"WARNING: this object is obsolete and must not be used. It
exists in this table for configuration conversion purposes.
Below is its previous definition:
Maximum amount of trafic in bits per second that should be
marked with TOS value ipQosTos."
DEFVAL { 0 }
::= { ipQoSEntry 15 }
ipQoSTosSetBurstBps OBJECT-TYPE
SYNTAX INTEGER
UNITS "bps"
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"WARNING: this object is obsolete and must not be used. It
exists in this table for configuration conversion purposes.
Below is its previous definition:
Maximum amount of additional trafic to the ipQoSTosSetRateBps
in bits per second that should be marked with TOS value
ipQosTos."
DEFVAL { 0 }
::= { ipQoSEntry 16 }
ipQoSClassifyAction OBJECT-TYPE
SYNTAX INTEGER {
classify(1), -- filter matches, classify packet & set TOS
classify-if-not(2), -- classify & set TOS if filter doesn't match
disabled(3), -- ignore rule and skip to next rule
delete(15) -- delete the entry from the table
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the action to be performed if the
associated filter matches. If set to disabled the filter is
not consulted and the next rule is processed immediately,
possible values:
classify(1) = filter matches, classify packet & set TOS
classify-if-not(2) = classify & set TOS if filter doesn't match
disabled(3) = ignore rule and skip to next rule
delete(15) = delete the entry from the table."
DEFVAL { classify }
::= { ipQoSEntry 17 }
ipQoSExceedRateLimitation OBJECT-TYPE
SYNTAX INTEGER {
none(1),
packets(2),
throughput(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This field specifies a rate limitation between in-profile and
out-profile datagrams. Possible values:
none(1) = no limitation is defined.
packets(2) = a limitation is defined in number
of packets per second.
throughput(3)= a limitation is defined in bits per second."
DEFVAL { packets }
::= { ipQoSEntry 18 }
ipQoSExceedRate OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Maximum amount of packets per second that are considered
in-profile. Packets in excess of (ipQosExceedRate +
ipQosExceedBurst) are considered out-profile."
DEFVAL { 0 }
::= { ipQoSEntry 19 }
ipQoSExceedBurst OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Maximum additional amount of packets per second that are
considered in-profile. Packets in excess of (ipQosExceedRate
+ ipQosExceedBurst) are considered out-profile."
DEFVAL { 0 }
::= { ipQoSEntry 20 }
ipQoSExceedRateBps OBJECT-TYPE
SYNTAX INTEGER
UNITS "bps"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Maximum amount of traffic in bits per second that is
considered in-profile. Traffic in excess of
(ipQosExceedRateBps + ipQosExceedBurstBps) is considered
out-profile."
DEFVAL { 0 }
::= { ipQoSEntry 21 }
ipQoSExceedBurstBps OBJECT-TYPE
SYNTAX INTEGER
UNITS "bps"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Maximum amount of additional traffic that is considered
in-profile. Traffic in excess of
(ipQosExceedRateBps + ipQosExceedBurstBps) is considered
out-profile."
DEFVAL { 0 }
::= { ipQoSEntry 22 }
ipQoSTosAndMask OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"AND mask applied to TOS field inside IP header of in-profile
datagrams."
DEFVAL { 255 }
::= { ipQoSEntry 23 }
ipQoSTosOrMask OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"OR mask applied to TOS field inside IP header of in-profile
datagrams."
DEFVAL { 0 }
::= { ipQoSEntry 24 }
ipQoSLevel2PrioAndMask OBJECT-TYPE
SYNTAX INTEGER (0..7)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"AND mask applied to level 2 priority associated with
in-profile datagrams."
DEFVAL { 7 }
::= { ipQoSEntry 25 }
ipQoSLevel2PrioOrMask OBJECT-TYPE
SYNTAX INTEGER (0..7)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"OR mask applied to level 2 priority associated with
in-profile datagrams."
DEFVAL { 0 }
::= { ipQoSEntry 26 }
ipQoSTosAndMaskExceed OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"AND mask applied to TOS field inside IP header of out-profile
datagrams."
DEFVAL { 255 }
::= { ipQoSEntry 27 }
ipQoSTosOrMaskExceed OBJECT-TYPE
SYNTAX INTEGER (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"OR mask applied to TOS field inside IP header of out-profile
datagrams."
DEFVAL { 0 }
::= { ipQoSEntry 28 }
ipQoSLevel2PrioAndMaskExceed OBJECT-TYPE
SYNTAX INTEGER (0..7)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"AND mask applied to level 2 priority associated with
out-profile datagrams."
DEFVAL { 7 }
::= { ipQoSEntry 29 }
ipQoSLevel2PrioOrMaskExceed OBJECT-TYPE
SYNTAX INTEGER (0..7)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"OR mask applied to level 2 priority associated with
out-profile datagrams."
DEFVAL { 0 }
::= { ipQoSEntry 30 }
ipQoSDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A textual string describing this classifier rules."
::= { ipQoSEntry 31 }
-- **********************************************************************
-- * ipRipTimerTable TABLE
-- **********************************************************************
-- Should be named 'ipRipStaticTable' instead
ipRipTimerTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpRipTimerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The 'ipRipTimerTable' contains the basic configuration
of the RIP protocol. Formerly created to define only
the 3 timers involved in RIP process (cf RFC 2453).
This set of timers is unique for the router. Values
should be the same on all the routers of the whole network."
::= { biboip 23 }
ipRipTimerEntry OBJECT-TYPE
SYNTAX IpRipTimerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX { ipRipVersion}
::= { ipRipTimerTable 1 }
IpRipTimerEntry ::=
SEQUENCE {
ipRipVersion INTEGER,
ipRipTimerUpdate INTEGER,
ipRipTimerTimeout INTEGER,
ipRipTimerGarbage INTEGER,
ipRipRfc2453Timer INTEGER,
ipRipRfc2091Timer INTEGER,
ipRipUpdatePacketRetryTimer INTEGER,
ipRipPoisonedReverse INTEGER,
ipRipDistributeDefaultRoutes INTEGER,
ipRipHoldDownTimer INTEGER
}
ipRipVersion OBJECT-TYPE
-- This member only needed to have a ReadOnly "index"
-- so avoiding "row creation" by EndUser.
SYNTAX INTEGER (1..3)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"RFC 2453, RIP Version 2."
DEFVAL { 2 }
::= { ipRipTimerEntry 1 }
ipRipTimerUpdate OBJECT-TYPE
SYNTAX INTEGER (1..65535)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An unsollicited RIP response is broadcast
every 'ipRipTimerUpdate' seconds."
DEFVAL { 30 }
::= { ipRipTimerEntry 2 }
ipRipTimerTimeout OBJECT-TYPE
SYNTAX INTEGER (1..65535)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If 'ipRipTimerTimeout' seconds elapse from the last time an
update message is received for this route, the route is dropped
but keeped in routing table. Then 'garbage process' is started."
DEFVAL { 180 }
::= { ipRipTimerEntry 3 }
ipRipTimerGarbage OBJECT-TYPE
SYNTAX INTEGER (1..65535)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If 'ipRipTimerGarbage' seconds elapse from the start of
'garbage process' (and if route is still 'dropped'),
the route is removed from the routing table."
DEFVAL { 120 }
::= { ipRipTimerEntry 4 }
ipRipRfc2453Timer OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The 'ipRipRfc2453Timer' enabled/disables variable
timer definition from RFC 2453."
DEFVAL { enabled }
::= { ipRipTimerEntry 5 }
ipRipRfc2091Timer OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The 'ipRipRfc2453Timer' enabled/disables variable
timer definition from RFC 2091."
DEFVAL { disabled }
::= { ipRipTimerEntry 6 }
ipRipUpdatePacketRetryTimer OBJECT-TYPE
SYNTAX INTEGER (1..10)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If 'ipRipTimerUpdatePacketRetry' seconds elapse since the
transmission of the last update packet without receiving
an acknowledge the update packet is resend."
DEFVAL { 5 }
::= { ipRipTimerEntry 7 }
ipRipPoisonedReverse OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable or disable the (currently unimplemented)
control over 'poisoned reverse' route distribution."
DEFVAL { disabled }
::= { ipRipTimerEntry 8 }
ipRipDistributeDefaultRoutes OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable or disable the distribution of 'default routes'."
DEFVAL { enabled }
::= { ipRipTimerEntry 9 }
ipRipHoldDownTimer OBJECT-TYPE
SYNTAX INTEGER (1..65535)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If 'ipRipHoldDownTimer' seconds elapse from the start of
'database timeout' (and if route is still 'dropped'),
the route is removed from the routing table."
DEFVAL { 120 }
::= { ipRipTimerEntry 10 }
-- **********************************************************************
-- * ipRipFilterTable TABLE
-- **********************************************************************
ipRipFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpRipFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ipRipFilterTable contains additional information related
to IP and the interfaces found on the system. Entries can only
be added or deleted by the system."
::= { biboip 33 }
ipRipFilterEntry OBJECT-TYPE
SYNTAX IpRipFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX { ipRipFilterIfIndex,
ipRipFilterIpAddr, ipRipFilterNetMask,
ipRipFilterPriority, ipRipFilterDirection }
::= { ipRipFilterTable 1 }
IpRipFilterEntry ::=
SEQUENCE {
ipRipFilterEntryState INTEGER,
ipRipFilterIfIndex INTEGER,
ipRipFilterIpAddr IpAddress,
ipRipFilterNetMask IpAddress,
ipRipFilterPriority INTEGER,
ipRipFilterDirection INTEGER,
ipRipFilterDistribution INTEGER,
ipRipFilterMetric1IfUpOffset INTEGER,
ipRipFilterMetric1IfDormantOffset INTEGER
}
ipRipFilterEntryState OBJECT-TYPE
SYNTAX INTEGER {
active(1),
delete(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"makes entry active"
DEFVAL { active }
::= { ipRipFilterEntry 1 }
ipRipFilterIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The index value which uniquely identifies the
local interface through which the next hop of this
route should be reached. The interface identified
by a particular value of this index is the same
interface as identified by the same value of ifIndex."
::= { ipRipFilterEntry 2 }
ipRipFilterIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The IP-Address range affected by the filter operation.
Ranges are separately defined for import and export.
IP-Address ranges which are not matched by any filters
pass the filter stage unmodified. If this isn't intended
an additional filter must be defined to disable the
unmatched IP-Address range(s)."
::= { ipRipFilterEntry 3 }
ipRipFilterNetMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicate the mask to be logical-ANDed with the
ip-address before being compared to the value in the
ipRipFilterIpAddr field. If a subnet mask is not specified,
it will be set automatically according to the following table:
Class A: 255.0.0.0
Class B: 255.255.0.0
Class C: 255.255.255.0
If the value of the ipRipFilterIpAddr is 0.0.0.0
(a default route) then a mask value of 0.0.0.0 matches
all IP-Addresses (normally used to disable all routes
as last rule in the chain).
An ipRipFilterIpAddr of 0.0.0.0 with a mask value of
255.255.255.255 matches (filters) the default route exactly.
Host routes are created by setting the subnet mask
to 255.255.255.255."
::= { ipRipFilterEntry 4 }
ipRipFilterPriority OBJECT-TYPE
SYNTAX INTEGER (1..16)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If more than one filter matches the IP-Address range
this priority decides which filter to apply. 1 indictes
highest priority and 16 lowest priority"
DEFVAL { 1 }
::= { ipRipFilterEntry 5 }
ipRipFilterDirection OBJECT-TYPE
SYNTAX INTEGER {
import(1),
export(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The direction the filter is defined for."
DEFVAL { import }
::= { ipRipFilterEntry 6 }
ipRipFilterDistribution OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Include or exclude the IP-Address range from distribution."
DEFVAL { enabled }
::= { ipRipFilterEntry 7 }
ipRipFilterMetric1IfUpOffset OBJECT-TYPE
SYNTAX INTEGER (-16..16)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Add 'ipRipFilterMetric1IfUpOffset' to metric1 during import
of this route if the operation status of this interface
is up. On export, add 'ipRipFilterMetric1IfUpOffset' to the
exported metric value if the operation status of this
interface is up."
DEFVAL { 0 }
::= { ipRipFilterEntry 8 }
ipRipFilterMetric1IfDormantOffset OBJECT-TYPE
SYNTAX INTEGER (-16..16)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Add 'ipRipFilterMetric1IfDormantOffset' to metric1 during
import of this route if the operation status of this interface
is dormant. On export, add 'ipRipFilterMetric1IfDormantOffset'
to the exported metric value if the operation status of this
interface is dormant."
DEFVAL { 0 }
::= { ipRipFilterEntry 9 }
-- **********************************************************************
-- * ipIcmpTable TABLE
-- **********************************************************************
-- The STATIC ipIcmp Table contains all extended configuration related to ICMP
ipIcmp OBJECT IDENTIFIER
::= { biboip 32 }
ipIcmpSourceQuench OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"enabled : If an IP packet is discarded due to congestion,
the system sends an ICMP 'Source-Quench' message
back to the originator of the packet.
For congestion-control/prevention, the system may
send ICMP 'Source-Quench' messages also.
This is the default behavior of the system.
The rate of ICMP 'Source Quench' messages is
limited to max. 1 message/s per originator.
disabled: system never sends ICMP 'Source-Quench' messages
(not for congestions nor for congestion-control).
"
DEFVAL { enabled }
::= { ipIcmp 1 }
ipIcmpTimeExceededTrans OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"enabled : If an IP packet could not be delivered/forwarded
to destination due to packet TTL (Time to live) or
dialup-interface timeout, the packet is discarded
and the system sends an ICMP 'Time-Exceeded/Trans'
message back to the originator of the packet.
This is the default behavior of the system.
disabled: If an IP packet could not be delivered/forwarded
to destination due to packet TTL (Time to live) or
dialup-interface timeout, the packet is silently
discarded.
ICMP 'Time Exceeded/Trans' messages should be
disabled with care (only if really necessary),
because some usefull external tools based on
this protocol (e.g. 'traceroute').
"
DEFVAL { enabled }
::= { ipIcmp 2 }
ipIcmpTimeExceededFrag OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"enabled : If an IP packet could not be delivered/forwarded
to destination due to fragment-reassembly timeout,
the system sends an ICMP 'Time-Exceeded/Fragment'
message back to the originator of the packet.
This is the default behavior of the system.
disabled: If an IP packet could not be delivered/forwarded
to destination due to fragment-reassembly timeout,
the IP packet is silently discarded.
ICMP 'Time Exceeded/Fragment' messages should be
disabled with care (only if really necessary).
"
DEFVAL { enabled }
::= { ipIcmp 3 }
ipIcmpDestUnreachFrag OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"enabled : If an IP packet could not be delivered/forwarded
to destination due to MTU/Dont-Fragment error
(packet must be fragmented due to interface-MTU
but Dont-Fragment (DF) bit is set in IP header),
the IP packet is discarded and the system sends an
ICMP 'Destination-Unreachable/Fragment' message
back to the originator of the packet.
This is the default behavior of the system.
disabled: If an IP packet could not be delivered/forwarded
to destination due to interface-MTU/DF-bit problem,
the packet is silently discarded.
ICMP 'Destination-UnreachableFragment' messages
should be disabled with care (only if really
necessary). Disabling of this ICMP messages
will make Path MTU Discovery impossible and
might lead to bad performance behaviours.
"
DEFVAL { enabled }
::= { ipIcmp 4 }
ipIcmpDestUnreachHost OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"enabled : If an IP packet could not be delivered/forwarded
to destination due to routing errors (e.g. no
matching route exists, interface down/blocked),
the packet is discarded and the system sends an
ICMP 'Destination-Unreachable/Host' message
back to the originator of the packet.
This is the default behavior of the system.
(see ipIcmpDestUnreachHostTcp also)
disabled: If an IP packet could not be delivered/forwarded
to destination due to routing errors (e.g. no
matching route exists, interface down/blocked),
the packet is silently discarded.
ICMP 'Destination-Unreachable/Host' messages
should be disabled with care (only if really
necessary).
The functionality of the virtual REFUSE-Interface
is NOT affected by this parameter - the system
will continue to send ICMP 'Dest-Unreachable/Host'
messages for all packets explicity routed to
this Interface (ifIndex 0).
The functionality of ipExtIfNatSilentDeny=disabled
is NOT affected by this parameter - the system
will continue to send ICMP 'Dest-Unreachable/Host'
messages for incoming IP-Packets that does not
pass the NAT barrier of NAT-enabled Interfaces.
"
DEFVAL { enabled }
::= { ipIcmp 5 }
ipIcmpDestUnreachHostTcp OBJECT-TYPE
SYNTAX INTEGER { tcp-rst(1), icmp(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Set ICMP (Dest Unreachable/Host) behavior for TCP packets.
tcp-rst : If a TCP packet can not be delivered/forwarded
to destination (e.g. no matching route exists,
interface down/blocked), the TCP-Connection
is terminated by sending a TCP-RST message
(a TCP packet with RST-bit set in TCP-header)
back to the originator of the packet.
This is the default behavior of the system.
The TCP RST message is send INSTEAD of an
ICMP 'Destination-Unreachable/Host' message.
If ipIcmpDestUnreachHost is set to disabled(2),
no TCP-RST message is sent back.
icmp : TCP traffic is handled like all other IP traffic.
(see description of ipIcmpDestUnreachHost)
"
DEFVAL { tcp-rst }
::= { ipIcmp 6 }
ipIcmpDestUnreachProto OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"enabled: If an IP packet addressed to local system could
not be handled due to unsupported protocol type
in IP packet-header (e.g. not TCP, UDP or ICMP),
the packet is discarded and the system sends an
ICMP 'Destination-Unreachable/Proto' message
back to the originator of the packet.
This is the default behavior of the system.
disabled: If an IP packet addressed to local system could
not be handled due to unsupported protocol type
in IP packet-header (e.g. not TCP, UDP or ICMP),
the packet is silently discarded.
ICMP 'Destination-Unreachable/Proto' messages
should be disabled with care (only if really
necessary).
"
DEFVAL { enabled }
::= { ipIcmp 7 }
ipIcmpEchoReply OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"enabled : each incoming ICMP 'Echo-Request' message
addressed to local system is answered with
an ICMP 'Echo-Reply' message.
This is the default behavior of the system.
disabled: incoming ICMP 'Echo-Request' messages addressed
to local system are silently discarded.
ICMP 'Echo-Reply' messages should be disabled
with care (only if really necessary), because
some usefull external tools based on this
protocol (e.g. 'ping').
local 'pings' to other system/routers are
not affected by this parameter.
"
DEFVAL { enabled }
::= { ipIcmp 8 }
ipIcmpMaskReply OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"enabled : each incoming ICMP 'Mask-Request' message
addressed to local system is answered with
an ICMP 'Mask-Reply' message.
This is the default behavior of the system.
disabled: incoming ICMP 'Mask-Request' messages addressed
to local system are silently discarded.
ICMP 'Echo-Mask' messages should be disabled
with care (only if really necessary), because
subnet-discovery based on this protocol.
"
DEFVAL { enabled }
::= { ipIcmp 9 }
ipIcmpTimestampReply OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled (2), extended (3) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"enabled : each incoming ICMP 'Timestamp' message
addressed to local system is answered with
an RFC792-compliant ICMP 'Timestamp-Reply'
message.
This is the default behavior of the system.
disabled: incoming ICMP 'Timestamp' messages addressed
to local system are silently discarded.
extended: if an incoming ICMP 'Timestamp' message
contains data appended after the three
timestamp fields (which is a deviation of
RFC792), the system replies with a modified
'Timestamp-Reply' message which contains a
copy of the received data appended after
the three timestamp fields. This behaviour
is not RFC792-compliant and should be reserved
for testing purposes.
"
DEFVAL { enabled }
::= { ipIcmp 10 }
-- **********************************************************************
-- * ipNatExpTable TABLE
-- **********************************************************************
ipNatExpTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpNatExpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"If NAT is switched on for an interface, this table contains
entries for expected sessions. Table entries are creates by
the system whenever there is a need for a new incoming session.
Table entries are removed after timeout or if the expected
session is established."
::= { biboip 34 }
ipNatExpEntry OBJECT-TYPE
SYNTAX IpNatExpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX { ipNatExpIfIndex }
::= { ipNatExpTable 1 }
IpNatExpEntry ::=
SEQUENCE {
ipNatExpIfIndex INTEGER,
ipNatExpProtocol INTEGER,
ipNatExpIntAddr IpAddress,
ipNatExpIntPort INTEGER,
ipNatExpExtAddr IpAddress,
ipNatExpExtPort INTEGER,
ipNatExpRemoteAddr IpAddress,
ipNatExpExtPortType INTEGER,
ipNatExpRemotePort INTEGER,
ipNatExpTimeout INTEGER
}
ipNatExpIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the interface, for which the session
is expected. A value of 0 means ANY interface."
::= { ipNatExpEntry 1 }
ipNatExpProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
tcp(6),
udp(17),
ipv6(41),
gre(47),
esp(50),
ah(51),
ospf(89),
l2tp(115)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the protocol, the expected session is using.
"
::= { ipNatExpEntry 2 }
ipNatExpIntAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the internal local IP Address used for
the expected session.
"
::= { ipNatExpEntry 3 }
ipNatExpIntPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the internal local port-number used for
the expected session. A value of -1 means to copy the related
external port-number without any NAT-translation.
"
::= { ipNatExpEntry 4 }
ipNatExpExtAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the external local address used for
the expected session. A value of 0.0.0.0 means ANY address.
"
::= { ipNatExpEntry 5 }
ipNatExpExtPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the external local port-number used for
the expected session. A value of -1 means ANY port-number.
"
::= { ipNatExpEntry 6 }
ipNatExpRemoteAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the remote IP-address used for the
expected session. A value of 0.0.0.0 means ANY address.
"
::= { ipNatExpEntry 7 }
ipNatExpExtPortType OBJECT-TYPE
SYNTAX INTEGER { supplied(1), pool(2) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This field is used for NAT-internal signalling. Applications
shall set it to <supplied>. For automatically generated,
NAT-out-triggered entries, the system sets this field to
<pool> temporarily when the related ExtPort-entry is taken
from one of the pools and must be released again later.
"
DEFVAL { supplied }
::= { ipNatExpEntry 8 }
ipNatExpRemotePort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the remote port-number used for the
expected session. A value of -1 means ANY port number.
"
::= { ipNatExpEntry 9 }
ipNatExpTimeout OBJECT-TYPE
SYNTAX INTEGER (0..86400)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Set a specific Timeout in seconds for a new expected session.
A value of 0 means UNSPECIFIED (default-value is taken).
"
DEFVAL { 0 }
::= { ipNatExpEntry 10 }
-- **********************************************************************
-- * mcastFwdTable TABLE
-- **********************************************************************
-- mcastFwdTable is used for simple multicast packet forwarding
mcastFwdTable OBJECT-TYPE
SYNTAX SEQUENCE OF McastFwdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entries in the Multicast Forwarding Table define a rule
where to forward packets with a specified multicast group address
to a dedicated destination interface."
::= { biboip 53 }
mcastFwdEntry OBJECT-TYPE
SYNTAX McastFwdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in the Multicast Forwarding Table."
INDEX { mcastFwdAddress }
::= { mcastFwdTable 1 }
McastFwdEntry ::= SEQUENCE {
mcastFwdAddress IpAddress,
mcastFwdSrcIfIndex INTEGER,
mcastFwdDestIfIndex INTEGER,
mcastFwdStatus INTEGER
}
mcastFwdAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The multicast forwarding group address which will be forwarded.
The group address 224.0.0.0 may be used as a wildcard matching all addresses."
::= { mcastFwdEntry 1 }
mcastFwdSrcIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The source interface of incoming multicast packets."
::= { mcastFwdEntry 2 }
mcastFwdDestIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The destination interface where to forward multicast packets."
::= { mcastFwdEntry 3 }
mcastFwdStatus OBJECT-TYPE
SYNTAX INTEGER {
active(1),
inactive(2),
delete(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The status of this entry."
DEFVAL { 1 }
::= { mcastFwdEntry 4 }
-- **********************************************************************
-- * ipNatExcludeTable TABLE
-- **********************************************************************
-- ipNatExcludeTable is used for excluding some traffics from NAT processing
ipNatExcludeTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpNatExcludeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the IP addresses and port numbers
for sessions that must not be processed by NAT.
Entries in the table are created and removed manually
by network management."
::= { biboip 60 }
ipNatExcludeEntry OBJECT-TYPE
SYNTAX IpNatExcludeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipNatExIfIndex,
ipNatExProtocol,
ipNatExLocalPort,
ipNatExRemotePort
}
::= { ipNatExcludeTable 1 }
IpNatExcludeEntry ::=
SEQUENCE {
ipNatExIfIndex INTEGER,
ipNatExProtocol INTEGER,
ipNatExLocalAddr IpAddress,
ipNatExLocalMask IpAddress,
ipNatExLocalPort INTEGER,
ipNatExLocalPortRange INTEGER,
ipNatExRemoteAddr IpAddress,
ipNatExRemoteMask IpAddress,
ipNatExRemotePort INTEGER,
ipNatExRemotePortRange INTEGER,
ipNatExDescr DisplayString,
ipNatExAction INTEGER
}
ipNatExIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the interface index, for which the
table entry shall be valid. If set to 0, the entry will
be valid for all interfaces configured to use NAT."
::= { ipNatExcludeEntry 1 }
ipNatExProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ggp(3),
ip(4),
tcp(6),
egp(8),
igp(9),
pup(12),
chaos(16),
udp(17),
hmp(20),
xns-idp(22),
rdp(27),
ipv6(41),
rsvp(46),
gre(47),
esp(50),
ah(51),
tlsp(56),
skip(57),
kryptolan(65),
iso-ip(80),
igrp(88),
ospf(89),
ipinip(94),
ipx-in-ip(111),
vrrp(112),
l2tp(115),
any(255),
delete(256)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the protocol, for which the table
entry shall be valid."
DEFVAL { any }
::= { ipNatExcludeEntry 2 }
ipNatExLocalAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatExLocalMask the set
of IP addresses of local hosts involved in the communication.
The table entry will be valid when the IP address of the
local host lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any local host."
::= { ipNatExcludeEntry 3 }
ipNatExLocalMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatExLocalAddr the set
of IP addresses of local hosts involved in the communication.
The table entry will be valid when the IP address of the
local host lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any local host."
::= { ipNatExcludeEntry 4 }
ipNatExLocalPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatExLocalPortRange
the range of local portnumbers, for which the table entry
shall be valid. If both objects are set to -1, the entry is
valid for all local portnumbers. If ipNatExLocalPortRange is
set to -1, the entry is only valid when the local portnumber
of a packet is equal to ipNatExLocalPort. Otherwise, the entry
is valid if the local portnumber lies in the range
ExLocalPort .. ExLocalPortRange."
DEFVAL { -1 }
::= { ipNatExcludeEntry 5 }
ipNatExLocalPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatExLocalPort
the range of local portnumbers, for which the table entry
shall be valid. If both objects are set to -1, the entry is
valid for all local portnumbers. If ipNatExLocalPortRange is
set to -1, the entry is only valid when the local portnumber
of a packet is equal to ipNatExLocalPort. Otherwise, the entry
is valid if the local portnumber lies in the range
ExLocalPort .. ExLocalPortRange."
DEFVAL { -1 }
::= { ipNatExcludeEntry 6 }
ipNatExRemoteAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatExRemoteMask the set
of IP addresses of remote hosts involved in the communication.
The table entry will be valid when the IP address of the
remote host lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any remote host."
::= { ipNatExcludeEntry 7 }
ipNatExRemoteMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatExRemoteAddr the set
of IP addresses of remote hosts involved in the communication.
The table entry will be valid when the IP address of the
remote host lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any remote host."
::= { ipNatExcludeEntry 8 }
ipNatExRemotePort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatExRemotePortRange
the range of remote portnumbers, for which the table entry
shall be valid. If both objects are set to -1, the entry is
valid for all remote portnumbers. If ipNatExRemotePortRange is
set to -1, the entry is only valid when the remote portnumber
of a packet is equal to ipNatExRemotePort. Otherwise, the entry
is valid if the remote portnumber lies in the range
ExRemotePort .. ExRemotePortRange."
DEFVAL { -1 }
::= { ipNatExcludeEntry 9 }
ipNatExRemotePortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies together with ipNatExRemotePort
the range of remote portnumbers, for which the table entry
shall be valid. If both objects are set to -1, the entry is
valid for all remote portnumbers. If ipNatExRemotePortRange is
set to -1, the entry is only valid when the remote portnumber
of a packet is equal to ipNatExRemotePort. Otherwise, the entry
is valid if the remote portnumber lies in the range
ExRemotePort .. ExRemotePortRange."
DEFVAL { -1 }
::= { ipNatExcludeEntry 10 }
ipNatExDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A textual string describing this NAT excluding rule."
::= { ipNatExcludeEntry 11 }
ipNatExAction OBJECT-TYPE
SYNTAX INTEGER {
exclude(1),
exclude-if-not(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies which packets will be excluded from NAT
processing. When set to 'exclude' (default value), any packet
matching the parameters of the entry will be excluded from NAT
processing. When set to 'exclude-if-not', any packet not
matching the parameters of the entry will be excluded from NAT
processing."
DEFVAL { exclude }
::= { ipNatExcludeEntry 12 }
-- **********************************************************************
-- * ipNatOutOperTable TABLE
-- **********************************************************************
-- ipNatOutOperTable contains all policies considered for IP address translation
ipNatOutOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpNatOutOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table displays all currently active IP address translation
policies in 'outgoing' direction. It's similar to the former
defined ipNatOutTable.
Table entries are created:
- either by the IP subsystem itself due to the
administratively-defined ipNatOutTable entries
(ipNatOutOperType_permanent(1))
- or by several subsystems whenever there is a need for such
non-static NAT policies (ipNatOutOperType_temporary(2))
Table entries are deleted:
- either by the IP subsystem itself due to the
administratively-defined ipNatOutTable entries
(ipNatOutOperType_permanent(1))
- or by several subsystems whenever there is a need for such
non-static NAT policies (ipNatOutOperType_temporary(2))
- or, in case of non-permanent entries, by the administrator
If no matching entry is found (neither in the IP address is
set to the IP address defined on the interface configured for
NAT. If a matching entry is found, the source IP address of
outgoing IP packets is translated according to the couple
'ipNatOutOperExtAddr /ipNatOutOperExtMask'.
- If external IP address is a 'host IP address', the
whole source IP address is mapped.
- If external IP address is a 'net IP address', only
the 'net part' of source IP address is affected.
This table is only used if the outgoing address
translation is activated (ipExtIfNatOutXlat)."
::= { biboip 61 }
ipNatOutOperEntry OBJECT-TYPE
SYNTAX IpNatOutOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipNatOutOperIfIndex,
ipNatOutOperIntAddr,
ipNatOutOperExtAddr
}
::= { ipNatOutOperTable 1 }
IpNatOutOperEntry ::=
SEQUENCE {
ipNatOutOperIfIndex INTEGER,
ipNatOutOperProtocol INTEGER,
ipNatOutOperRemoteAddr IpAddress,
ipNatOutOperRemoteMask IpAddress,
ipNatOutOperExtAddr IpAddress,
ipNatOutOperRemotePort INTEGER,
ipNatOutOperRemotePortRange INTEGER,
ipNatOutOperIntAddr IpAddress,
ipNatOutOperIntMask IpAddress,
ipNatOutOperIntPort INTEGER,
ipNatOutOperExtPort INTEGER,
ipNatOutOperExtMask IpAddress,
ipNatOutOperTimeout INTEGER,
ipNatOutOperType INTEGER,
ipNatOutOperNatCategory INTEGER,
ipNatOutOperParent INTEGER,
ipNatOutOperIntPortRange INTEGER,
ipNatOutOperExtPortRange INTEGER
}
ipNatOutOperIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the interface index, for which the
table entry shall be valid. If set to 0, the entry will
be valid for all interfaces configured to use NAT."
::= { ipNatOutOperEntry 1 }
ipNatOutOperProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ggp(3),
ip(4),
tcp(6),
egp(8),
igp(9),
pup(12),
chaos(16),
udp(17),
hmp(20),
xns-idp(22),
rdp(27),
ipv6(41),
rsvp(46),
gre(47),
esp(50),
ah(51),
tlsp(56),
skip(57),
kryptolan(65),
iso-ip(80),
igrp(88),
ospf(89),
ipip(94),
ipx-in-ip(111),
vrrp(112),
l2tp(115),
any(255)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the protocol, for which the table
entry shall be valid."
DEFVAL { any }
::= { ipNatOutOperEntry 2 }
ipNatOutOperRemoteAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutOperRemoteMask
the set of target IP addresses for which the table entry is
valid. If both objects are set to 0.0.0.0, the table entry
will be valid for any target IP address."
::= { ipNatOutOperEntry 3 }
ipNatOutOperRemoteMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutOperRemoteAddr
the set of target IP addresses for which the table entry is
valid. If both objects are set to 0.0.0.0, the table entry
will be valid for any target IP address."
::= { ipNatOutOperEntry 4 }
ipNatOutOperExtAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"With ipNatOutOperExtMask, this object specifies the external
'IP address' or 'NET address' to which the internal IP address
is mapped.
- To map exactly to ipNatOutOperExtAddr (i.e. map to a single IP
address), ipNatOutOperExtMask MUST be set to 255.255.255.255
- To keep HOST part of source IP address and map only the
NET part, ipNatOutOperExtMask MUST be the related subnet mask
(and it should be the same as ipNatOutOperIntMask )."
::= { ipNatOutOperEntry 5 }
ipNatOutOperRemotePort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutRemotePortRange
the range of portnumbers for outgoing packets, for which the
table entry shall be valid. If both objects are set to -1, the
entry is valid for all portnumbers. If ipNatOutOperPortRange
is set to -1, the entry is only valid, when the portnumber
of an outgoing packet is equal to ipNatOutOperRemotePort.
Otherwise, the entry is valid, if the destination portnumber
lies in the range RemotePort .. RemotePortRange."
DEFVAL { -1 }
::= { ipNatOutOperEntry 6 }
ipNatOutOperRemotePortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutOperRemotePort
the range of portnumbers for outgoing packets, for which the
table entry shall be valid. If both objects are set to -1, the
entry is valid for all portnumbers. If ipNatOutOperPortRange
is set to -1, the entry is only valid, when the portnumber
of an outgoing packet is equal to ipNatOutOperRemotePort.
Otherwise, the entry is valid, if the destination portnumber
lies in the range RemotePort .. RemotePortRange."
DEFVAL { -1 }
::= { ipNatOutOperEntry 7 }
ipNatOutOperIntAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutOperIntMask
the internal hosts IP address for outgoing packets
matching the table entry. If both objects are set to
0.0.0.0, the table entry will be valid for any source
IP address."
::= { ipNatOutOperEntry 8 }
ipNatOutOperIntMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutOperIntAddr
the internal hosts IP address for outgoing packets
matching the table entry. If both objects are set to
0.0.0.0, the table entry will be valid for any source
IP address."
::= { ipNatOutOperEntry 9 }
ipNatOutOperIntPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the internal source port for which the
table entry shall be valid. If this object is set to -1,
any internal source port matches this entry."
DEFVAL { -1 }
::= { ipNatOutOperEntry 10 }
ipNatOutOperExtPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object may be used to specify a fixed external source
port to which the internal source port is mapped.
If this object is set to -1, the port is mapped to the next
free source port available."
DEFVAL { -1 }
::= { ipNatOutOperEntry 11 }
ipNatOutOperExtMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"With ipNatOutOperExtAddr, this object specifies the external
'IP address' or 'NET address' to which the internal IP address
is mapped.
- To map exactly to ipNatOutOperExtAddr (i.e. map to a single IP
address), ipNatOutOperExtMask MUST be set to 255.255.255.255
- To keep HOST part of source IP address and map only the
NET part, ipNatOutOperExtMask MUST be the related subnet mask
(and it should be the same as ipNatOutOperIntMask)."
DEFVAL { 'ffffffff'h }
--DEFVAL { 4294967295 }
::= { ipNatOutOperEntry 12 }
ipNatOutOperTimeout OBJECT-TYPE
SYNTAX INTEGER (0..5184000)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When there is no traffic associated with a NAT entry, this
entry is discarded at the end of a timeout value. This object
holds this timeout value in seconds. If set to the default
value of 0, the timeout will be set to the value specified
either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout,
depending on the protocol."
DEFVAL { 0 }
::= { ipNatOutOperEntry 13 }
ipNatOutOperType OBJECT-TYPE
SYNTAX INTEGER {
permanent(1),
temporary(2),
delete(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies whether there is an associated ipNatOutTable entry
(permanent) or not (temporary). Note that entries with type
permanent (1) cannot be deleted by the administrator directly."
DEFVAL { temporary }
::= { ipNatOutOperEntry 14 }
ipNatOutOperNatCategory OBJECT-TYPE
SYNTAX INTEGER {
full-cone(1),
restricted-cone(2),
port-restricted-cone(3),
symmetric(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the NAT category according RFC 3489 and 5389
to be applied for UDP traffic matching with this entry."
DEFVAL { symmetric }
::= { ipNatOutOperEntry 16 }
ipNatOutOperParent OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Row number of the associated ipNatOutTable entry."
DEFVAL { 0 }
::= { ipNatOutOperEntry 15 }
ipNatOutOperIntPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatOutOperIntPort the
internal source port range for which the table entry shall
be valid. If this object is set to -1, only ipNatOutOperIntPort
is used as selector for this entry."
DEFVAL { -1 }
::= { ipNatOutOperEntry 17 }
ipNatOutOperExtPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object may be used together with ipNatOutOperExtPort to
specify a fixed external source port number range to which
the internal source port numbers are mapped. This mapping
depends on the position of the original source port number
within the range specified by ipNatOutOperIntPort and
ipNatOutOperIntPortRange. If this object is set to -1, only
ipNatOutExtPort is considered for this entry."
DEFVAL { -1 }
::= { ipNatOutOperEntry 18 }
-- **********************************************************************
-- * ipNatPresetOperTable TABLE
-- **********************************************************************
-- ipNatPresetOperTable contains all policies considered for IP address translation
ipNatPresetOperTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpNatPresetOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the IP addresses and port numbers
for sessions requested from outside. If this table is
empty and NAT is enabled, only packets for sessions
initiated from inside are forwarded.
It's similar to the former defined ipNatPresetTable.
The IP address and the port number of the internal server
can be specified individually for each combination of
- protocol (udp/tcp/icmp)
- initiating hosts IP address (RemoteAddr, RemoteMask)
- destination address or network (ExtAddr, ExtMask)
- destination port number or range (ExtPort, ExtPortRange)
Entries in the table are created:
- either by the IP subsystem itself due to the
administratively-defined ipNatPresetTable entries
(ipNatPresetOperType_permanent(1))
- or by several subsystems whenever there is a need for such
non-static NAT policies (ipNatPresetOperType_temporary(2))
Entries are deleted:
- either by the IP subsystem itself due to the
administratively-defined ipNatPresetTable entries
(ipNatPresetOperType_permanent(1))
- or by several subsystems whenever there is a need for such
non-static NAT policies (ipNatPresetOperType_temporary(2))
- or, in case of non-permanent entries, by the administrator."
::= { biboip 63 }
ipNatPresetOperEntry OBJECT-TYPE
SYNTAX IpNatPresetOperEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX {
ipNatPrOperIfIndex,
ipNatPrOperProtocol,
ipNatPrOperExtPort
}
::= { ipNatPresetOperTable 1 }
IpNatPresetOperEntry ::=
SEQUENCE {
ipNatPrOperIfIndex INTEGER,
ipNatPrOperProtocol INTEGER,
ipNatPrOperRemoteAddr IpAddress,
ipNatPrOperRemoteMask IpAddress,
ipNatPrOperExtAddr IpAddress,
ipNatPrOperExtMask IpAddress,
ipNatPrOperExtPort INTEGER,
ipNatPrOperExtPortRange INTEGER,
ipNatPrOperIntAddr IpAddress,
ipNatPrOperIntPort INTEGER,
ipNatPrOperIntMask IpAddress,
ipNatPrOperTimeout INTEGER,
ipNatPrOperTcpOption BITS,
ipNatPrOperType INTEGER,
ipNatPrOperParent INTEGER
}
ipNatPrOperIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the interface index, for which the
table entry shall be valid. If set to 0, the entry will
be valid for all interfaces configured to use NAT."
::= { ipNatPresetOperEntry 1 }
ipNatPrOperProtocol OBJECT-TYPE
SYNTAX INTEGER {
icmp(1),
igmp(2),
ggp(3),
ip(4),
tcp(6),
egp(8),
igp(9),
pup(12),
chaos(16),
udp(17),
hmp(20),
xns-idp(22),
rdp(27),
ipv6(41),
rsvp(46),
gre(47),
esp(50),
ah(51),
tlsp(56),
skip(57),
kryptolan(65),
iso-ip(80),
igrp(88),
ospf(89),
ipinip(94),
ipx-in-ip(111),
vrrp(112),
l2tp(115),
any(255),
delete(256)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the protocol, for which the table
entry shall be valid."
DEFVAL { any }
::= { ipNatPresetOperEntry 2 }
ipNatPrOperRemoteAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrOperRemoteMask the
the set of IP addresses of remote hosts initiating a
session. The table entry will be valid for an incoming
packet, when the IP adress of the remote host initiating
the session lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any remote host."
::= { ipNatPresetOperEntry 3 }
ipNatPrOperRemoteMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrOperRemoteAddr
the set of IP addresses of remote hosts initiating the
session. The table entry will be valid for an incoming
packet, when the IP adress of the remote host initiating
the session lies in the range specified by both objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any remote host."
::= { ipNatPresetOperEntry 4 }
ipNatPrOperExtAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrOperExtMask the
set of destination IP addresses, for which the table entry
shall be valid. The entry is valid, if the target IP address
of an incoming IP packet lies in the range specified by both
objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any IP address."
::= { ipNatPresetOperEntry 5 }
ipNatPrOperExtMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrOperExtAddr the
set of destination IP addresses, for which the table entry
shall be valid. The entry is valid, if the target IP address
of an incoming packet lies in the range specified by both
objects.
If both objects are set to 0.0.0.0, the table entry will
be valid for any IP address."
::= { ipNatPresetOperEntry 6 }
ipNatPrOperExtPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrOperExtPortRange
the range of portnumbers for incoming packets, for which the
table entry shall be valid. If both objects are set to -1, the
entry is valid for all portnumbers. If ipNatPrOperPortRange
is set to -1, the entry is only valid, when the destination
portnumber of an incoming packet is equal to ipNatPrOperExtPort.
Otherwise, the entry is valid, if the destination portnumber
lies in the range ExtPort .. ExtPortRange."
DEFVAL { -1 }
::= { ipNatPresetOperEntry 7 }
ipNatPrOperExtPortRange OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies together with ipNatPrOperExtPort the
range of portnumbers for incoming packets, for which the table
entry shall be valid. If both objects are set to -1, the
entry is valid for all portnumbers. If ipNatPrOperPortRange
is set to -1, the entry is only valid, when the destination
portnumber of an incoming packet is equal to ipNatPrOperExtPort.
Otherwise, the entry is valid, if the destination portnumber
lies in the range ExtPort .. ExtPortRange."
DEFVAL { -1 }
::= { ipNatPresetOperEntry 8 }
ipNatPrOperIntAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"With ipNatPrOperIntMask, this object specifies the internal
target host's IP address for incoming packets matching the table
entry.
An incoming packet matching this entry will be routed to the
internal server specified by this object and ipNatPrOperIntMask.
If this object is set to 0.0.0.0, the target host will be
the original target host in the incoming packet.
No translation of the IP-addresses takes place in this case.
If ipNatPrOperIntMask is set to 255.255.255.255, the internal
server IP address is ipNatPrOperIntAddr.
If ipNatPrOperIntMask is a subnet mask, the internal server
IP address is the incoming one in which the NET part is mapped
according to 'ipNatPrOperIntAddr / ipNatPrOperIntMask'."
::= { ipNatPresetOperEntry 9 }
ipNatPrOperIntPort OBJECT-TYPE
SYNTAX INTEGER (-1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the internal target host's port-number
for incoming packets matching the table entry. If this
object is set to -1, the target portnumber will be
taken from the original incoming packet.
No translation of the portnumber will take place in this
case. If the set of portnumbers for this table entry is
a range instead of a single portnumber, this object will
specify the base of the target range of portnumbers. The
internal portnumber will be constructed as follows:
new-target-port := old-target-port
- ipNatPrOperExtPort
+ ipNatPrOperIntPort
"
DEFVAL { -1 }
::= { ipNatPresetOperEntry 10 }
ipNatPrOperIntMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"With ipNatPrOperIntAddr, this object specifies the internal
target host's IP address for incoming packets matching the
table entry.
An incoming packet matching this entry will be routed to the
internal server specified by this object and ipNatPrOperIntMask.
If this object is set to 255.255.255.255, the internal
server IP address is ipNatPrOperIntAddr.
If this object is a subnet mask, the internal server
IP address is the incoming one in which the NET part is mapped
according to 'ipNatPrOperIntAddr / ipNatPrOperIntMask'."
DEFVAL { 'ffffffff'h }
--DEFVAL { 4294967295 }
::= { ipNatPresetOperEntry 11 }
ipNatPrOperTimeout OBJECT-TYPE
SYNTAX INTEGER (0..5184000)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When there is no traffic associated with a NAT entry, this
entry is discarded at the end of a timeout value. This object
holds this timeout value in seconds. If set to the default
value of 0, the timeout will be set to the value specified
either in ipExtIfNatTcpTimeout or ipExtIfNatOtherTimeout,
depending on the protocol."
DEFVAL { 0 }
::= { ipNatPresetOperEntry 12 }
ipNatPrOperTcpOption OBJECT-TYPE
SYNTAX BITS {
pathFinder(0)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Additional selector, increases the prossible granularity of
the TCP-related NAT preset rules. This parameter doesn't
matter if not set, in all other cases initial TCP SYN
messages without the associated TCP option will be ignored,
possible settings:
- pathFinder(0) proprietary NCP pathfinder option
"
DEFVAL { 0 }
::= { ipNatPresetOperEntry 13 }
ipNatPrOperType OBJECT-TYPE
SYNTAX INTEGER {
permanent(1),
temporary(2),
delete(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies whether there is an associated ipNatPrestTable
entry (permanent) or not (temporary). Note that entries
with type permanent (1) cannot be deleted by the
administrator directly."
DEFVAL { temporary }
::= { ipNatPresetOperEntry 14 }
ipNatPrOperParent OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Row number of the associated ipNatPresetTable entry."
DEFVAL { 0 }
::= { ipNatPresetOperEntry 15 }
ipWolRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpWolRuleEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"The ipWolRuleTable defines access rules for checking incoming
IP packets. The rules are processed in order, i.e. each rule
has a link to the next rule. The set of rules is processed
until a match occurs, that means the rule's associated filter
matches and the specified action is performed (either send a
Wake-On-LAN packet via Ethernet or via UDP). The last rule is
implicitly a deny rule. The set of rules to be processed can be
defined for each interface."
::= { biboip 67 }
ipWolRuleEntry OBJECT-TYPE
SYNTAX IpWolRuleEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
""
INDEX {
ipWolRuleFilterIndex
}
::= { ipWolRuleTable 1 }
IpWolRuleEntry ::=
SEQUENCE {
ipWolRuleIndex INTEGER,
ipWolRuleFilterIndex INTEGER,
ipWolRuleAction INTEGER,
ipWolRuleNextRuleIndex INTEGER,
ipWolRuleWolType INTEGER,
ipWolRuleTarget MacAddress,
ipWolRulePassword DisplayString,
ipWolRuleDescr DisplayString,
ipWolRuleTargetIfIndex INTEGER
}
ipWolRuleIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Unique rule index."
::= { ipWolRuleEntry 1 }
ipWolRuleFilterIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"References the rule's associated filter."
::= { ipWolRuleEntry 2 }
ipWolRuleAction OBJECT-TYPE
SYNTAX INTEGER {
invoke(1), -- invoke WoL if filter matches
invoke-if-not(2), -- invoke if filter not matches
deny(3), -- deny WoL if filter matches
deny-if-not(4), -- deny WoL if filter not matches
ignore(5), -- ignore rule and skip to next rule
delete(6) -- delete the entry from the table
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"This object specifies the action to be performed if the
rule's associated filter matches. If set to ignore the
filter is not consulted and the next rule is processed
immediately.
invoke, invoke WoL if filter matches
invoke-if-not, invoke if filter not matches
deny, deny WoL if filter matches
deny-if-not, deny WoL if filter not matches
ignore, ignore rule and skip to next rule
delete delete the entry from the table
"
DEFVAL { invoke }
::= { ipWolRuleEntry 3 }
ipWolRuleNextRuleIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Specifies the next rule to be processed. The value 0
is used to mark the end of the rule set."
::= { ipWolRuleEntry 4 }
ipWolRuleWolType OBJECT-TYPE
SYNTAX INTEGER {
ether(1),
udp(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Which Wake-On-LAN standard should be used."
DEFVAL { ether }
::= { ipWolRuleEntry 5 }
ipWolRuleTarget OBJECT-TYPE
SYNTAX MacAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The mac address of the interface to be woken up."
::= { ipWolRuleEntry 6 }
ipWolRulePassword OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..6))
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Wake-On-LAN password. The password length is either 0,
4 or 6."
::= { ipWolRuleEntry 7 }
ipWolRuleDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A textual string describing this Wake-On-LAN rule."
::= { ipWolRuleEntry 8 }
ipWolRuleTargetIfIndex OBJECT-TYPE
SYNTAX INTEGER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The index value which uniquely identifies Wake-On-LAN
outbound interface."
::= { ipWolRuleEntry 9 }
END
View Git Blame Copy Permalink