WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/enterasys/ENTERASYS-POLICY-PROFILE-MIB

4873 lines
189 KiB
Plaintext
Raw Blame History

ENTERASYS-POLICY-PROFILE-MIB DEFINITIONS ::= BEGIN
-- enterasys-policy-profile-mib.txt
--
-- Part Number:
--
--
-- This module provides authoritative definitions for Extreme
-- Networks' user policy profile functionality.
--
-- This module will be extended, as needed.
-- Extreme Networks reserves the right to make changes in this
-- specification and other information contained in this document
-- without prior notice. The reader should consult Extreme Networks
-- to determine whether any such changes have been made.
--
-- In no event shall Extreme Networks be liable for any incidental,
-- indirect, special, or consequential damages whatsoever (including
-- but not limited to lost profits) arising out of or related to this
-- document or the information contained in it, even if Extreme
-- Networks has been advised of, known, or should have known, the
-- possibility of such damages.
--
-- Extreme Networks grants vendors, end-users, and other interested
-- parties a non-exclusive license to use this Specification in
-- connection with the management of Extreme Networks products.
-- Copyright 2001-2016 Extreme Networks, Inc.
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Integer32, TimeTicks, Unsigned32,
Gauge32, Counter32, NOTIFICATION-TYPE
FROM SNMPv2-SMI
RowStatus, RowPointer, TEXTUAL-CONVENTION, TruthValue, StorageType
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
ifName, ifAlias
FROM IF-MIB
dot1dBasePort
FROM BRIDGE-MIB
PortList, VlanIndex
FROM Q-BRIDGE-MIB
EnabledStatus
FROM P-BRIDGE-MIB
StationAddressType, StationAddress
FROM ENTERASYS-UPN-TC-MIB
InetPortNumber
FROM INET-ADDRESS-MIB
Uri
FROM URI-TC-MIB
etsysModules
FROM ENTERASYS-MIB-NAMES;
etsysPolicyProfileMIB MODULE-IDENTITY
LAST-UPDATED "201604181821Z" -- Mon Apr 18 18:21 UTC 2016
ORGANIZATION "Extreme Networks, Inc"
CONTACT-INFO
"Postal: Extreme Networks, Inc.
145 Rio Robles
San Jose, CA 95134 USA
Phone: +1 408 579-2800
E-mail: support@extremenetworks.com
WWW: http://www.extremenetworks.com"
DESCRIPTION
"This MIB module defines a portion of the SNMP enterprise
MIBs under the Enterasys enterprise OID pertaining to the
mapping of per user policy profiles for Extreme network
edge devices or access products."
REVISION "201604181821Z" -- Mon Apr 18 18:21 UTC 2016
DESCRIPTION
"Added support for policy profile based port
authentication override."
REVISION "201501091557Z" -- Fri Jan 9 15:57 UTC 2015
DESCRIPTION
"Added the etsysPolicyEnabledState object to globally enable
and disable policy on a system."
REVISION "201403041224Z" -- Tue Mar 4 12:24 UTC 2014
DESCRIPTION
"Added a HTTP Redirect action for policy rules."
REVISION "201402271250Z" -- Thu Feb 27 12:50 UTC 2014
DESCRIPTION
"Remove individual adress, port and Uri255 leaves from the
etsysPolicyHttpRedirectServerEntry and replace with a single
URI."
REVISION "201401151624Z" -- Wed Jan 15 16:24 UTC 2014
DESCRIPTION
"Refined the SYNTAX and DESCRIPTION of the HTTP redirection
URI."
REVISION "201311131549Z" -- Wed Nov 13 15:49 UTC 2013
DESCRIPTION
"Added support for the 'supportsCounters' bit in
etsysPolicyCapabilities"
REVISION "201311071405Z" -- Thu Nov 7 14:05 UTC 2013
DESCRIPTION
"Added support for HTTP redirection via assignment of
a policy profile."
REVISION "201303051651Z" -- Tue Mar 5 16:51 UTC 2013
DESCRIPTION
"Modified the DESCRIPTION clause of etsysPolicyRuleOperPid
and etsysPolicyNonVolatileRuleOperPid so that -1 is returned
when the etsysPolicyRuleProfileIndex is not zero."
REVISION "201303041509Z" -- Mon Mar 4 15:09 UTC 2013
DESCRIPTION
"Modified the DESCRIPTION clause of etsysPolicyRuleOperPid."
REVISION "201303011227Z" -- Fri Mar 1 12:27 UTC 2013
DESCRIPTION
"Add etsysPolicyNonVolatileRuleTable to contain rules that
are configured administratively and stored persistently."
REVISION "201302141412Z" -- Thu Feb 14 14:12 UTC 2013
DESCRIPTION
"Update the CONTACT-INFO clause."
REVISION "201301221627Z" -- Tue Jan 22 16:27 UTC 2013
DESCRIPTION
"Add the application(29) enumeration to the
PolicyClassificationRuleType TEXTUAL-CONVENTION."
REVISION "201206131634Z" -- Wed Jun 17 16:34 UTC 2012
DESCRIPTION
"Add the etsysPolicyRuleQuarantineProfileIndex to allow for
the quarantining of sessions that match a specific rule."
REVISION "201202071701Z" -- Tue Feb 7 17:01 UTC 2012
DESCRIPTION
"Add the etsysPolicyProfileFstIndex to allow dynamic application of
Flow Setup Throttling on a per user basis."
REVISION "201008091511Z" -- Mon Aug 9 15:11 UTC 2010
DESCRIPTION
"Add controls for syslogEveryTime, profile visibility of syslog/trap
statistics, egress-policy controls.
ICMPv6 and ACL rule types added, tcp/udp rule types augmented to
support IPv6 addresses."
REVISION "200904101200Z" -- Wed Apr 10 12:00 UTC 2009
DESCRIPTION
"Added tri-state textual convention and modified the etsysPolicyRules
group to use this convention for actions which previously used
EnabledStatus.
Added syslog, trap, and disable-port actions to the
etsysPolicyProfileTable."
REVISION "200904011336Z" -- Wed Apr 01 13:36 UTC 2009
DESCRIPTION
"Modified the capabilities group to support both OverwriteTci
and Mirroring. A few other small corrections."
REVISION "200802191429Z" -- Tue Feb 19 14:29 UTC 2008
DESCRIPTION
"Capability has been added to define a packet mirroring index
for frames matching a policy profile or policy rule.
Further clarification is included in DESCRIPTION field of the
etsysPolicyProfileMirrorIndex and etsysPolicyRuleMirrorIndex
objects."
REVISION "200703212102Z" -- Wed Mar 21 21:02 GMT 2007
DESCRIPTION
"An additional scalar etsysPolicyRuleSylogExtendedFormat is
added to configure enabling/disabling the addition of extended
data to the rule-hit syslog messages.
Further clarifications are included in DESCRIPTION field of
the etsysPolicyRuleSylogExtendedFormat object."
REVISION "200606152040Z" -- Thu Jun 15 20:40 UTC 2006
DESCRIPTION
"Grammar and typographical corrections."
REVISION "200505182008Z" -- Wed May 18 20:08 GMT 2005
DESCRIPTION
"TEXTUAL-CONVENTION PolicyRFC3580MapRadiusResponseTC includes
an additional option vlanTunnelAttributeWithPolicyProfile.
An additional scalar etsysPolicyRFC3580MapInvalidMapping is
added to detect EtsysPolicyRFC3580MapEntry discrepancies.
Further clarifications are included in DESCRIPTION fields of
the etsysPolicyRFC3580Map objects."
REVISION "200503281535Z" -- Mon Mar 28 15:35 GMT 2005
DESCRIPTION
"Additional branch etsysPolicyNotifications properly contains
trap information."
REVISION "200503142134Z" -- Mon Mar 14 21:34 GMT 2005
DESCRIPTION
"etsysPolicyRuleStatsDroppedNotifications and
etsysPolicyRuleSylogMachineReadableFormat now allow the
managing entity to track missed syslog messages and to
format the messages in hexadecimal.
Additional capability table to detail policy rule type
lengths in bits and bytes and the maximum number of rules
of each rule type the agent supports.
See the description of the PolicyClassificationRuleType
textual convention for additional details relating to how
rule-type-lengths are to be specified."
REVISION "200408111517Z" -- Wed Aug 11 15:17 GMT 2004
DESCRIPTION
"Updated the range for etsysPolicyProfilePriority
to (0..4095).
Added objects and groups related to mapping RFC3580
vlan-tunnel-attributes to PolicyProfiles.
Added the etsysPolicyRuleAutoClearOnProfile,
etsysPolicyRuleStatsAutoClearInterval, and
etsysPolicyRuleStatsAutoClearPorts, objects.
Added etsysPolicyEnabledTable to the capabilities section,
in addition to reporting capabilities, it allows one
to disable policy on a given port."
REVISION "200405181702Z" -- Tue May 18 17:02 GMT 2004
DESCRIPTION
"Added the etsysPolicyRuleStatsAutoClearOnLink leaf."
REVISION "200404022035Z" -- Fri Apr 2 20:35 GMT 2004
DESCRIPTION
"Added the etsysPolicyRuleOperPid leaf to
etsysPolicyRuleTable."
REVISION "200403251803Z" -- Thu Mar 25 18:03 GMT 2004
DESCRIPTION
"Added capabilities objects, status for profile assignment
override, dynamic profile summary list, and notification
configuration for dynamic rules."
REVISION "200402032200Z" -- Tue Feb 3 22:00 GMT 2004
DESCRIPTION
"Replaced StationIdentifierType with StationAddressType
and StationIdentifier with StationAddress to match new
revision of ENTERASYS-UPN-TC-MIB."
REVISION "200402031533Z" -- Tue Feb 3 15:33 GMT 2004
DESCRIPTION
"Replaced StationIdentifierTypeTC with StationIdentifierType
and moved it to the ENTERASYS-UPN-TC-MIB, and replaced
InetAddress with StationIdentifier from the same MIB module."
REVISION "200401192143Z" -- Mon Jan 19 21:43 GMT 2004
DESCRIPTION
"Added PolicyClassificationRuleType TEXTUAL-CONVENTION.
Added the etsysPolicyProfileOverwriteTCI and
etsysPolicyProfileRulePrecedence leaves to the
EtsysPolicyProfileEntry. Added the etsysPolicyRules
group for accounting of policy usage. Additionally,
the range syntax of several objects has been clarified.
The etsysPolicyClassificationGroup and the
etsysPortPolicyProfileTable have been deprecated,
as they have been replaced by the etsysPolicyRulesGroup."
REVISION "200311041716Z" -- Tue Nov 4 17:16 GMT 2003
DESCRIPTION
"Added etsysPolicyMap object group in support of RFC 3580 and
Enterasys Technical Standard TS-07."
REVISION "200302062259Z" -- Thu Feb 6 22:59 GMT 2003
DESCRIPTION
"Added etsysDevicePolicyProfileDefault to provide managed
entities, that cannot support complete policies on a per
port basis, a global policy to augment what policies they
can provide on a per port basis.
Added etsysPolicyCapabilities to provide management agents
a straight forward method to ascertain the capabilities of
the managed entity."
REVISION "200209171453Z" -- Tue Sep 17 14:53 GMT 2002
DESCRIPTION
"Added Port ID information in the Station table, for
ease of cross reference."
REVISION "200207191337Z" -- Fri Jul 19 13:37 GMT 2002
DESCRIPTION
"This version incorporates enhancements to support Station
based policy provisioning, as well as other UPN related
enhancements."
REVISION "200106112000Z" -- Mon Jun 11 20:00 GMT 2001
DESCRIPTION
"This version modified the MODULE-IDENTITY statement to
resolve an issue importing this MIB into some older MIB Tools.
In the SEQUENCE for the etsysPortPolicyProfileTable the first
object was incorrectly defined as etsysPortPolicyProfileIndex,
this was corrected to read etsysPortPolicyProfileIndexType.
Several misspelled words were corrected.
Finally, the INDEX for the etsysPortPolicyProfileSummaryTable
was corrected to index the table by policy index as well as
the type of port for each entry in the table."
REVISION "200101090000Z"
DESCRIPTION
"The initial version of this MIB module."
::= { etsysModules 6 }
-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------
PolicyProfileIDTC ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"This textual convention maps out to the possible
policyProfileIndex values. It also allows for a value of
zero. A value of zero (0) indicates that the given port
should not follow any policy profile."
SYNTAX Integer32 (0|1..65535)
PortPolicyProfileIndexTypeTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention maps out to the possible port types
which can be used to populate the etsysPortPolicyProfileTable,
and of port IDs used in the etsysStationPolicyProfileTable."
SYNTAX INTEGER {
ifIndex(1),
dot1dBasePort(2)
}
PolicyRFC3580MapRadiusResponseTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention maps out to the possible, pertinent,
successful, responses which may be received from the RADIUS
server after a dynamic authentication attempt. PolicyProfile(1)
is returned as a proprietary filter-id and has historically
been used to assign a policy profile to the authenticated
entity. VlanTunnelAttribute(2) is the response defined in
RFC3580 and upon which further controls are applied by the
etsysPolicyRFC3580Map group. A value of -
vlanTunnelAttributeWithPolicyProfile(3) is an
indication that both attributes are to be used."
SYNTAX INTEGER {
policyProfile(1),
vlanTunnelAttribute(2),
vlanTunnelAttributeWithPolicyProfile(3)
}
VlanList ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Each octet within this value specifies a set of eight
VIDs, with the first octet specifying VID 1 through
8, the second octet specifying VID 9 through 16, etc.
Within each octet, the most significant bit represents
the lowest numbered VID, and the least significant bit
represents the highest numbered VID. Thus, each VID
is represented by a single bit within the
value of this object. If that bit has a value of '1'
then that VID is included in the set of VIDs; the VID
is not included if its bit has a value of '0'.
This OCTET STRING will always be 512 Octets in length
to accommodate all possible VIDs between (1..4094). The
default value of this object is a string of all zeros."
SYNTAX OCTET STRING (SIZE(512))
PolicyClassificationRuleType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Enumerates the possible types of classification rules which
may be referenced in the etsysPolicyRuleTable. Each
type has an implied length (in bytes) associated with it.
Octet-strings defined as representing one of these types will
be represented in Network-Byte-Order (Big Endian) if the native
representation is other than octets.
The managed entity MUST support sets in which the specified
rule length is less than that specified by the value the entity
reports in etsysPolicyRuleAttributeByteLength, so long as the
associated etsysPolicyRulePrefixBits does not imply the
existence of more etsysPolicyRuleData than is present (i.e. the
specified length MUST be >= ((etsysPolicyRulePrefixBits+7)/8).)
Additionally, the managed entity MUST return a
PolicyClassificationRuleType which carries the number of octets
specified by the associated etsysPolicyRuleAttributeByteLength,
regardless of the number etsysPolicyRulePrefixBits. This yields
a behavior in which, on some devices, a ip4Source rule may be
supported with only 4 bytes of rule data (excluding the TCP/UDP
source port information), while other devices may support the
full syntax using all 6 bytes.
macSource(1) The source MAC address in an Ethernet
frame. Length is 6 bytes.
macDestination(2) The destination MAC address in an
Ethernet frame. Length is 6 bytes.
ipxSource(3) The source address in an IPX header.
Length is 4 bytes (Network prefix).
ipxDestination(4) The destination address in an IPX
header. Length is 4 bytes (Network
prefix).
ipxSourcePort(5) The source IPX port(socket) in an IPX
header. Length is 2 bytes.
ipxDestinationPort(6) The destination IPX port(socket) in an
IPX header. Length is 2 bytes.
ipxCos(7) The CoS(HopCount) field in an IPX
header. Length is 1 byte.
ipxType(8) The protocol type in an IPX header.
Length is 1 byte.
ip6Source(9) The source address in an IPv6 header,
postfixed with the source port (for
TCP/UDP frames). Length is 18 bytes
for IPv6+TCP/UDP, or 16 bytes for
IPv6.
ip6Destination(10) The destination address in an IPv6
header, postfixed with the destination
port (for TCP/UDP frames). Length is 18
bytes for IPv6+TCP/UDP, or 16 bytes for
IPv6.
ip6FlowLabel(11) The flow label field (traffic class and
flow identifier) in an IPv6 header.
Length is 3 bytes, as only the first
20 bits are valid and mask-able, only
the data in the first 20 bits (the first
five nibbles) is considered.
ip4Source(12) The source address in an IPv4 header,
postfixed with the source port (for
TCP/UDP frames). Length is 6 bytes
for IPv4+TCP/UDP, or 4 bytes for
IPv4.
ip4Destination(13) The destination address in an IPv4
header, postfixed with the destination
port (for TCP/UDP frames). Length is 6
bytes for IPv4+TCP/UDP, or 4 bytes for
IPv4.
ipFragment(14) Truth value derived from the FLAGS and
FRAGMENTATION_OFFSET fields of an IP
header. If the MORE bit of the flags
field is set, or the
FRAGMENTATION_OFFSET is non-zero, the
frame is fragmented. Length is 0 bytes
(there is no data, only presence).
udpSourcePort(15) The source UDP port(socket) in a UDP
header, optionally postfixed with a
source IP address. Length is 2 bytes
for UDP, 6 bytes for UDP+IPv4, or 18
bytes for UDP+IPv6.
udpDestinationPort(16) The destination UDP port(socket) in a
UDP header, optionally postfixed with a
destination IP address. Length is 2
bytes for UDP, 6 bytes for UDP+IPv4, or
18 bytes for UDP+IPv6.
tcpSourcePort(17) The source TCP port(socket) in an TCP
header, optionally postfixed with a
source IPv4 address. Length is 2 bytes
for TCP, 6 bytes for TCP+IPv4, or 18
bytes for TCP+IPv6.
tcpDestinationPort(18) The destination TCP port(socket) in an
TCP header, optionally postfixed with a
destination IPv4 address. Length is 2
bytes for TCP, 6 bytes for TCP+IPv4, or
18 bytes for TCP+IPv6.
icmpTypeCode(19) The Type and Code fields from an ICMP
frame. These are encoded in 2 bytes,
network-byte-order, Type in the first
(left-most) byte, Code in the second
byte.
ipTtl(20) The TTL(HopCount) field in an IP header.
Length is 1 byte.
ipTos(21) The ToS(DSCP) field in an IP header.
Length is 1 byte.
ipType(22) The protocol type in an IP header.
Length is 1 byte.
icmpTypeCodeV6(23) The Type and Code fields from an ICMP
frame. These are encoded in 2 bytes,
network-byte-order, Type in the first
(left-most) byte, Code in the second
byte. For ICMPv6, which redefines the
types and codes.
etherType(25) The type field in an Ethernet II frame.
Length is 2 bytes.
llcDsapSsap(26) The DSAP/SSAP/CTRL field in an LLC
encapsulated frame, includes SNAP
encapsulated frames and the associated
Ethernet II type field. Length is 5
bytes.
vlanId(27) The 12 bit Virtual LAN ID field present
in an 802.1D Tagged frame.
Length is 2 bytes, the field is
represented in the FIRST (left-most,
big-endian) 12 bits of the 16 bit field.
A vlanId of 1 would be encoded as 00-10,
a vlanId of 4094 would be encoded as
FF-E0, and a vlanId of 100 would be
encoded as 06-40.
ieee8021dTci(28) The entire 16 bit TCI field present
in an 802.1D Tagged frame (include both
VLAN ID and Priority bits.
Length is 2 bytes.
application(29) 32 bit enumerated application types.
Specific applications may have extra data.
acl(30) A numbered ACL, represented by a 4 byte
integer value. This is not maskable.
bridgePort(31) The dot1dBasePort on which the frame was
received. Length is 2 bytes."
SYNTAX INTEGER {
macSource(1),
macDestination(2),
ipxSource(3),
ipxDestination(4),
ipxSourcePort(5),
ipxDestinationPort(6),
ipxCos(7),
ipxType(8),
ip6Source(9),
ip6Destination(10),
ip6FlowLabel(11),
ip4Source(12),
ip4Destination(13),
ipFragment(14),
udpSourcePort(15),
udpDestinationPort(16),
tcpSourcePort(17),
tcpDestinationPort(18),
icmpTypeCode(19),
ipTtl(20),
ipTos(21),
ipType(22),
icmpTypeCodeV6(23),
etherType(25),
llcDsapSsap(26),
vlanId(27),
ieee8021dTci(28),
application(29),
acl(30),
bridgePort(31)
}
PolicyRulesSupported ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Enumerates the possible types of classification rules which
may be supported.
macSource(1) The source MAC address in an Ethernet
frame.
macDestination(2) The destination MAC address in an
Ethernet frame.
ipxSource(3) The source address in an IPX header.
ipxDestination(4) The destination address in an IPX
header.
ipxSourcePort(5) The source IPX port(socket) in an IPX
header.
ipxDestinationPort(6) The destination IPX port(socket) in an
IPX header.
ipxCos(7) The CoS(HopCount) field in an IPX
header.
ipxType(8) The protocol type in an IPX header.
ip6Source(9) The source address in an IPv6 header,
postfixed with the source port (for
TCP/UDP frames).
ip6Destination(10) The destination address in an IPv6
header, postfixed with the destination
port (for TCP/UDP frames).
ip6FlowLabel(11) The flow label field (traffic class and
flow identifier) in an IPv6 header.
ip4Source(12) The source address in an IPv4 header,
postfixed with the source port (for
TCP/UDP frames).
ip4Destination(13) The destination address in an IPv4
header, postfixed with the destination
port (for TCP/UDP frames).
ipFragment(14) Truth value derived from the FLAGS and
FRAGMENTATION_OFFSET fields of an IP
header. If the MORE bit of the flags
field is set, or the
FRAGMENTATION_OFFSET is non-zero, the
frame is fragmented.
udpSourcePort(15) The source UDP port(socket) in a UDP
header.
udpDestinationPort(16) The destination UDP port(socket) in a
UDP header.
tcpSourcePort(17) The source TCP port(socket) in an TCP
header.
tcpDestinationPort(18) The destination TCP port(socket) in an
TCP header.
icmpTypeCode(19) The Type and Code fields from an ICMP
frame.
ipTtl(20) The TTL(HopCount) field in an IP header.
ipTos(21) The ToS(DSCP) field in an IP header.
ipType(22) The protocol type in an IP header.
icmpTypeCodeV6(23) The Type and Code fields from an ICMPv6
frame.
etherType(25) The type field in an Ethernet II frame.
llcDsapSsap(26) The DSAP/SSAP/CTRL field in an LLC
encapsulated frame, includes SNAP
encapsulated frames and the associated
Ethernet II type field.
vlanId(27) The 12 bit Virtual LAN ID field present
in an 802.1D Tagged frame.
ieee8021dTci(28) The entire 16 bit TCI field present
in an 802.1D Tagged frame (include both
VLAN ID and Priority bits.
application(29) Application based policy.
acl(30) A number ACL list to which the frame is applied.
bridgePort(31) The dot1dBasePort on which the frame was
received."
SYNTAX BITS {
macSource(1),
macDestination(2),
ipxSource(3),
ipxDestination(4),
ipxSourcePort(5),
ipxDestinationPort(6),
ipxCos(7),
ipxType(8),
ip6Source(9),
ip6Destination(10),
ip6FlowLabel(11),
ip4Source(12),
ip4Destination(13),
ipFragment(14),
udpSourcePort(15),
udpDestinationPort(16),
tcpSourcePort(17),
tcpDestinationPort(18),
icmpTypeCode(19),
ipTtl(20),
ipTos(21),
ipType(22),
icmpTypeCodeV6(23),
etherType(25),
llcDsapSsap(26),
vlanId(27),
ieee8021dTci(28),
application(29),
acl(30),
bridgePort(31)
}
TriStateStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A simple status value for the object.
enabled(1) indicates the action will occur
disabled(2) indicates no action will be asserted
prohibited(3) indicates the action will be prevented from
occurring
This is useful (over and above the standard EnabledStatus
TC) in the context of hierarchical decision trees,
whereby a decision to prevent an action may revoke another,
lower precedent decision to take the action."
SYNTAX INTEGER { enabled(1), disabled(2), prohibited(3) }
-- -------------------------------------------------------------
-- MIB groupings
-- -------------------------------------------------------------
etsysPolicyNotifications OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 0 }
etsysPolicyProfile OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 1 }
etsysPolicyClassification OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 2 }
etsysPortPolicyProfile OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 3 }
etsysPolicyVlanEgress OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 4 }
etsysStationPolicyProfile OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 5 }
etsysInvalidPolicyPolicy OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 6 }
etsysDevicePolicyProfile OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 8 }
etsysPolicyCapability OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 9 }
etsysPolicyMap OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 10 }
etsysPolicyRules OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 11 }
etsysPolicyRFC3580Map OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 12 }
etsysPolicyHttpRedirect OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 13 }
etsysPolicySystem OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 14 }
-- ---------------------------------------------------------- --
-- Notifications
-- ---------------------------------------------------------- --
etsysPolicyRulePortHitNotification NOTIFICATION-TYPE
OBJECTS { ifName, ifAlias, etsysPolicyRulePortHit,
etsysPolicyProfileName }
STATUS current
DESCRIPTION
"This notification indicates that a policy rule has matched
network traffic on a particular port."
::= { etsysPolicyNotifications 1 }
-- -------------------------------------------------------------
-- etsysPolicyProfile group
-- -------------------------------------------------------------
etsysPolicyProfileMaxEntries OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum number of entries allowed in the
etsysPolicyProfileTable."
::= { etsysPolicyProfile 1 }
etsysPolicyProfileNumEntries OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of entries in the
etsysPolicyProfileTable."
::= { etsysPolicyProfile 2 }
etsysPolicyProfileLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The sysUpTime at which the etsysPolicyProfileTable was last
modified."
::= { etsysPolicyProfile 3 }
etsysPolicyProfileTableNextAvailableIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the numerically lowest available
index within this entity, which may be used for the value
of etsysPolicyProfileIndex in the creation of a new entry
in the etsysPolicyProfileTable.
An index is considered available if the index value falls
within the range of 1 to 65535 and is not being used to
index an existing entry in the etsysPolicyProfileTable
contained within this entity.
This value should only be considered a guideline for
management creation of etsysPolicyProfileEntries, there is
no requirement on management to create entries based upon
this index value."
::= { etsysPolicyProfile 4 }
etsysPolicyProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing policy profiles. A policy is a group
of classification rules which may be applied on a per
user basis, to ports or to stations."
::= { etsysPolicyProfile 5 }
etsysPolicyProfileEntry OBJECT-TYPE
SYNTAX EtsysPolicyProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Conceptually defines a particular entry within the
etsysPolicyProfileTable. Entries within this table MUST be
considered non-volatile and MUST be maintained across
entity resets."
INDEX { etsysPolicyProfileIndex }
::= { etsysPolicyProfileTable 1 }
EtsysPolicyProfileEntry ::=
SEQUENCE {
etsysPolicyProfileIndex
Integer32,
etsysPolicyProfileName
SnmpAdminString,
etsysPolicyProfileRowStatus
RowStatus,
etsysPolicyProfilePortVidStatus
EnabledStatus,
etsysPolicyProfilePortVid
Unsigned32,
etsysPolicyProfilePriorityStatus
EnabledStatus,
etsysPolicyProfilePriority
Integer32,
etsysPolicyProfileEgressVlans
VlanList,
etsysPolicyProfileForbiddenVlans
VlanList,
etsysPolicyProfileUntaggedVlans
VlanList,
etsysPolicyProfileOverwriteTCI
EnabledStatus,
etsysPolicyProfileRulePrecedence
OCTET STRING,
etsysPolicyProfileVlanRFC3580Mappings
VlanList,
etsysPolicyProfileMirrorIndex
Integer32,
etsysPolicyProfileAuditSyslogEnable
EnabledStatus,
etsysPolicyProfileAuditTrapEnable
EnabledStatus,
etsysPolicyProfileDisablePort
EnabledStatus,
etsysPolicyProfileUsageList
PortList,
etsysPolicyProfileFstIndex
Integer32,
etsysPolicyProfileHttpRedirectIndex
Integer32,
etsysPolicyProfilePortAuthOverride
EnabledStatus
}
etsysPolicyProfileIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A unique arbitrary identifier for this Policy.
Since a policy will be applied to a user regardless of his
or her location in the network fabric policy names SHOULD
be unique within the entire network fabric. Policy IDs
and policy names MUST be unique within the scope of a single
managed entity."
::= { etsysPolicyProfileEntry 1 }
etsysPolicyProfileName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Administratively assigned textual description of this
Policy.
This object MUST NOT be modifiable while this entry's
RowStatus is active(1)."
::= { etsysPolicyProfileEntry 2 }
etsysPolicyProfileRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object allows for the dynamic creation and deletion
of entries within the etsysPolicyProfileTable as well as
the activation and deactivation of these entries.
When this object's value is active(1) the corresponding
row's etsysPolicyProfilePortVid, etsysPolicyProfilePriority,
and all entries within the etsysPolicyClassificationTable
indexed by this row's etsysPolicyProfileIndex are available
to be applied to network access ports or stations on the
managed entity.
All ports corresponding to rows within the
etsysPortPolicyProfileTable whose etsysPortPolicyProfileOperID
is equal to the etsysPolicyProfileIndex, shall have the
corresponding policy applied. Likewise, all stations
corresponding to rows within the etsysStationPolicyProfileTable
whose etsysStationPolicyProfileOperID is equal to the
etsysPolicyProfileIndex, shall have the corresponding policy
applied.
The value of etsysPortPolicyProfileOperID for each such row
in the etsysPortPolicyProfileTable will be equal to the
etsysPortPolicyProfileAdminID, unless the authorization
information from a source such as a RADIUS server indicates
to the contrary.
Refer to the specific objects within this MIB as well as
well as RFC2674, the CTRON-PRIORITY-CLASSIFY-MIB, the
CTRON-VLAN-CLASSIFY-MIB, and the CTRON-RATE-POLICING-MIB
for a complete explanation of the application and behavior
of these objects.
When this object's value is set to notInService(2) this
policy will not be applied to any rows within the
etsysPortPolicyProfileTable.
To allow policy profiles to be applied for security
implementations, setting this object's value from active(1)
to notInService(2) or destroy(6) SHALL fail if one or more
instances of etsysPortPolicyProfileOperID or
etsysStationPolicyProfileOperID currently reference
this entry's associated policy due to a set by an underlying
security protocol such as RADIUS.
For network functionality and clarity, setting this object
to destroy(6) SHALL fail if one or more instances of
etsysPortPolicyProfileOperID or etsysStationPolicyProfileOperID
currently references this entry's etsysPolicyProfileIndex.
Refer to the RowStatus convention for further details on
the behavior of this object."
REFERENCE
"RFC2579 (Textual Conventions for SMIv2)"
::= { etsysPolicyProfileEntry 3 }
etsysPolicyProfilePortVidStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether a PVID override should
be applied to ports which have this profile active.
enabled(1) means that any port with this policy active
will have this row's etsysPolicyProfilePortVid applied to
untagged frames or priority-tagged frames received on this
port.
disabled(2) means that etsysPolicyProfilePortVid will not
be applied. When this object is set to disabled(2) the
value of etsysPolicyProfilePortVid has no meaning."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 4 }
etsysPolicyProfilePortVid OBJECT-TYPE
SYNTAX Unsigned32 (0|1..4094|4095)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines the PVID of this profile.
If a port has an active policy and the policy's
etsysPolicyProfilePortVidStatus is set to enabled(1), the
etsysPolicyProfilePortVid will be applied to all untagged
frames arriving on the port that do not match any of the
policy classification rules.
Note that the 802.1Q PVID will still exist from a
management view but will NEVER be applied to traffic
arriving on a port that has an active policy and enabled
etsysPolicyProfilePortVid defined, since policy is applied
to traffic arriving on the port prior to the assignment of
a VLAN using the 802.1Q PVID.
The behavior of an enabled etsysPolicyProfilePortVid on
any associated port SHALL be identical to the behavior of
the dot1qPvid upon that port.
Note that two special, otherwise illegal, values of the
etsysPolicyProfilePortVid are used in defining the default
forwarding actions, to be used in conjunction with policy
classification rules, and do not result in packet tagging:
0 Indicates that the default forwarding action
is to drop all packets that do not match an
explicit rule.
4095 Indicates that the default forwarding action
is to forward any packets not matching any
explicit rules."
REFERENCE
"RFC2674 (Q-BRIDGE-MIB) - dot1qPortVlanTable"
DEFVAL { 1 }
::= { etsysPolicyProfileEntry 5 }
etsysPolicyProfilePriorityStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether a Class of Service
should be applied to ports which have this profile
active.
enabled(1) means that any port with this policy active
will have etsysPolicyProfilePriority applied to this port.
disabled(2) means that etsysPolicyProfilePriority will
not be applied. When this object is set to disabled(2)
the value of etsysPolicyProfilePriority has no meaning."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 6 }
etsysPolicyProfilePriority OBJECT-TYPE
SYNTAX Integer32 (0..4095)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines the default ingress Class of Service
of this profile.
If a port has an active policy and the policy's
etsysPolicyProfilePriorityStatus is set to enabled(1), the
etsysPolicyProfilePriority will be applied to all packets
arriving on the port that do not match any of the policy
classification rules.
Note that dot1dPortDefaultUserPriority will still exist
from a management view but will NEVER be applied to traffic
arriving on a port that has an active policy and enabled
etsysPolicyProfilePriority defined, since policy is applied
to traffic arriving on the port prior to the assignment of
a priority using dot1dPortDefaultUserPriority.
The behavior of an enabled etsysPolicyProfilePriority on
any associated port SHALL be identical to the behavior of
the dot1dPortDefaultUserPriority upon that port."
REFERENCE
"RFC2674 (P-BRIDGE-MIB) - dot1dPortPriorityTable"
DEFVAL { 0 }
::= { etsysPolicyProfileEntry 7 }
etsysPolicyProfileEgressVlans OBJECT-TYPE
SYNTAX VlanList
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The set of VLANs which are assigned by this policy to
egress on ports for which this policy is active. Changes
to a bit in this object affect the per-port per-VLAN
Registrar control for Registration Fixed for the relevant
GVRP state machine on each port for which this policy is
active. A VLAN may not be added in this set if it is
already a member of the set of VLANs in
etsysPolicyProfileForbiddenVlans. This object is
superseded on a per-port per-VLAN basis by any 'set' bits
in dot1qVlanStaticEgressPorts and
dot1qVlanForbiddenEgressPorts. The default value of this
object is a string of zeros."
::= { etsysPolicyProfileEntry 8 }
etsysPolicyProfileForbiddenVlans OBJECT-TYPE
SYNTAX VlanList
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The set of VLANs which are prohibited by this policy to
egress on ports for which this policy is active. Changes
to this object that cause a port to be included or
excluded affect the per-port per-VLAN Registrar control
for Registration Forbidden for the relevant GVRP state
machine on each port for which this policy is active. A
VLAN may not be added in this set if it is already a
member of the set of VLANs in etsysPolicyProfileEgressVlans.
This object is superseded on a per-port per-VLAN basis by
any 'set' bits in the dot1qVlanStaticEgressPorts and
dot1qVlanForbiddenEgressPorts. The default value of this
object is a string of zeros."
::= { etsysPolicyProfileEntry 9 }
etsysPolicyProfileUntaggedVlans OBJECT-TYPE
SYNTAX VlanList
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The set of VLANs which should transmit egress packets as
untagged on ports for which this policy is active. This
object is superseded on a per-port per-VLAN basis by any
'set' bits in dot1qVlanStaticUntaggedPorts."
::= { etsysPolicyProfileEntry 10 }
etsysPolicyProfileOverwriteTCI OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If set, the information contained within the TCI field of
inbound, tagged packets will not be used by the device after
the ingress classification stage of packet relay. The net
effect will be that the TCI information may be used to classify
the packet, but will be overwritten (and ignored) by subsequent
stages of packet relay."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 11 }
etsysPolicyProfileRulePrecedence OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Each octet will contain a single value representing the rule
type to be matched against, defined by the
PolicyClassificationRuleType textual convention. When read,
will return the currently operating rule matching precedence,
ordered from first consulted (in the first octet) to last
consulted (in the last octet). A set of a single octet of
0x00 will result in a reversion to the default precedence
ordering. A set of any other values will result in the
specified rule types being matched in the order specified,
followed by the remaining rules, in default precedence order."
::= { etsysPolicyProfileEntry 12 }
etsysPolicyProfileVlanRFC3580Mappings OBJECT-TYPE
SYNTAX VlanList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The set of VLANs which are currently being mapped onto this
policy profile by the etsysPolicyRFC3580MapTable. This only
refers to the mapping of vlan-tunnel-attributes returned from
RADIUS in an RFC3580 context."
::= { etsysPolicyProfileEntry 13 }
etsysPolicyProfileMirrorIndex OBJECT-TYPE
SYNTAX Integer32 (-1|0|1..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A reference to a packet mirror destination (defined elsewhere).
A value of (-1) indicates no mirror is specified, but a mirror is
not explicitly prohibited.
A value of (0) indicates that mirroring is explicitly prohibited,
unless a higher precedence source (a rule) has specified a mirror."
DEFVAL { -1 }
::= { etsysPolicyProfileEntry 14 }
etsysPolicyProfileAuditSyslogEnable OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enables the sending of a syslog message if no rule bound to this
profile has prohibited it."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 15 }
etsysPolicyProfileAuditTrapEnable OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Enables the sending of a SNMP NOTIFICATION if no rule bound to this
profile has prohibited it."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 16 }
etsysPolicyProfileDisablePort OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Will set the ifOperStatus of the port, on which the frame
which used this profile was received, to disable, if
if no rule bound to this profile has prohibited it."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 17 }
etsysPolicyProfileUsageList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When read, a set bit indicates that this profile was used to
send a syslog or trap message for corresponding port. When set,
the native PortList will be bit-wise AND'ed with the set PortList,
allowing the agent to clear the usage indication."
::= { etsysPolicyProfileEntry 18 }
etsysPolicyProfileFstIndex OBJECT-TYPE
SYNTAX Integer32 (0|1..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A reference to a Flow Setup Throttling (FST) class as defined by
the etsysFlowLimitingClassType object.
A value of (0) indicates no FST class is specified."
REFERENCE
"ENTERASYS-FLOW-LIMITING-MIB"
DEFVAL { 0 }
::= { etsysPolicyProfileEntry 19 }
etsysPolicyProfileHttpRedirectIndex OBJECT-TYPE
SYNTAX Integer32 (0|1..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A reference to a HTTP Redirect server group as specified by
the etsysPolicyHttpRedirectGroupIndex object.
A value of (0) indicates no HTTP Redirect group is specified
for this profile."
DEFVAL { 0 }
::= { etsysPolicyProfileEntry 20 }
etsysPolicyProfilePortAuthOverride OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If a port has an active policy and that policy's
etsysPolicyProfilePortAuthOverride is set to enabled(1),
all frames arriving on the port will have that policy applied.
In addition, any pre-existing entries with matching port
values in the etsysMultiAuthSessionStationTable tables
will change their authorization status to authTerminated(5).
No further authentication will occur on this port.
If disabled(2), the actions described above will not occur."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 21 }
-- -------------------------------------------------------------
-- etsysPolicyClassification group
-- -------------------------------------------------------------
etsysPolicyClassificationMaxEntries OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The maximum number of entries allowed in the
etsysPolicyClassificationTable."
::= { etsysPolicyClassification 1 }
etsysPolicyClassificationNumEntries OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The current number of entries in the
etsysPolicyClassificationTable."
::= { etsysPolicyClassification 2 }
etsysPolicyClassificationLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The sysUpTime at which the etsysPolicyClassificationTable
was last modified."
::= { etsysPolicyClassification 3 }
etsysPolicyClassificationTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyClassificationEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"A table containing reference OIDs to entries within the
classification tables.
These classification tables include but may not be limited
to:
ctPriClassifyTable
ctVlanClassifyTable
ctRatePolicyingConfigTable
This table is used to map a list of classification rules to
an instance of the etsysPolicyProfileTable."
REFERENCE
"CTRON-PRIORITY-CLASSIFY-MIB,
CTRON-VLAN-CLASSIFY-MIB,
CTRON-RATE-POLICING-MIB"
::= { etsysPolicyClassification 4 }
etsysPolicyClassificationEntry OBJECT-TYPE
SYNTAX EtsysPolicyClassificationEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"Describes a particular entry within the
etsysPolicyClassificationTable. Entries within this table
MUST be considered non-volatile and MUST be maintained
across entity resets."
INDEX { etsysPolicyProfileIndex,
etsysPolicyClassificationIndex }
::= { etsysPolicyClassificationTable 1 }
EtsysPolicyClassificationEntry ::=
SEQUENCE {
etsysPolicyClassificationIndex
Integer32,
etsysPolicyClassificationOID
RowPointer,
etsysPolicyClassificationRowStatus
RowStatus,
etsysPolicyClassificationIngressList
PortList
}
etsysPolicyClassificationIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"Administratively assigned unique value, greater than zero.
Each etsysPolicyClassificationIndex instance MUST be unique
within the scope of its associated etsysPolicyProfileIndex."
::= { etsysPolicyClassificationEntry 1 }
etsysPolicyClassificationOID OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"This object follows the RowPointer textual convention and
is an OID reference to a classification rule.
This object MUST NOT be modifiable while this entry's
etsysPolicyClassificationStatus object has a value of
active(1)."
::= { etsysPolicyClassificationEntry 2 }
etsysPolicyClassificationRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"The status of this row.
When set to active(1) this entry's classification rule, as
referenced by etsysPolicyClassificationOID, becomes one of
its associated policy's set of rules.
When this entry's associated policy, as defined by
etsysPolicyProfileIndex, is active and assigned to a port
through the etsysPortPolicyProfileTable or to a station
through the etsysStationPolicyProfileTabbe, this
classification rule will be applied to the port or station.
The exact behavior of this application depends upon the
classification rule.
When this object is set to notInService(2) or notReady(3)
this entry is not considered one of its associated policy's
set of rules and this classification rule will not be
applied.
An entry MAY NOT be set to active(1) unless this row's
etsysPolicyClassificationOID is set to a valid
classification rule."
::= { etsysPolicyClassificationEntry 3 }
etsysPolicyClassificationIngressList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The ports on which an active policy profile has defined
this classification rule applies."
::= { etsysPolicyClassificationEntry 4 }
-- -------------------------------------------------------------
-- etsysPortPolicyProfile group
-- -------------------------------------------------------------
etsysPortPolicyProfileLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"sysUpTime at which the etsysPortPolicyProfileTable
was last modified."
::= { etsysPortPolicyProfile 1 }
etsysPortPolicyProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPortPolicyProfileEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"This table allows for a one to one mapping between a
dot1dBasePort or an ifIndex and a Policy Profile."
::= { etsysPortPolicyProfile 2 }
etsysPortPolicyProfileEntry OBJECT-TYPE
SYNTAX EtsysPortPolicyProfileEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"Describes a particular entry within the
etsysPortPolicyProfileTable. Entries within this
table MUST be considered non-volatile and MUST be maintained
across entity resets."
INDEX { etsysPortPolicyProfileIndexType,
etsysPortPolicyProfileIndex }
::= { etsysPortPolicyProfileTable 1 }
EtsysPortPolicyProfileEntry ::=
SEQUENCE {
etsysPortPolicyProfileIndexType
PortPolicyProfileIndexTypeTC,
etsysPortPolicyProfileIndex
Integer32,
etsysPortPolicyProfileAdminID
PolicyProfileIDTC,
etsysPortPolicyProfileOperID
PolicyProfileIDTC
}
etsysPortPolicyProfileIndexType OBJECT-TYPE
SYNTAX PortPolicyProfileIndexTypeTC
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"This object defines the specific type of port this entry
represents."
::= { etsysPortPolicyProfileEntry 1 }
etsysPortPolicyProfileIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"An index value which represents a unique port of the type
defined by this entry's etsysPortPolicyProfileIndexType."
::= { etsysPortPolicyProfileEntry 2 }
etsysPortPolicyProfileAdminID OBJECT-TYPE
SYNTAX PolicyProfileIDTC
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"This object represents the desired Policy Profile for this
dot1dBasePort or this ifIndex.
Setting this object to any value besides zero (0) should,
if possible, immediately place this entry's dot1dBasePort
or ifIndex into the given Policy Profile.
This object and etsysPortPolicyProfileOperID may not be the
same if this object is set to a Policy (i.e. an instance of
the etsysPolicyProfileTable) which is not in an active state
or if the etsysPortPolicyProfileOperID has been set by an
underlying security protocol such as RADIUS."
DEFVAL { 0 }
::= { etsysPortPolicyProfileEntry 3 }
etsysPortPolicyProfileOperID OBJECT-TYPE
SYNTAX PolicyProfileIDTC
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"This object is the current policy which is being applied to
this entry's dot1dBasePort. A value of zero(0) indicates
there is no policy being applied to this dot1dBasePort or
this ifIndex.
If the value of this object has been set by an underlying
security protocol such as RADIUS, sets to this entry's
etsysPortPolicyProfileAdminID MUST NOT change the value
of this object until such time as the security protocol
releases this object by setting it to a value of zero (0)."
::= { etsysPortPolicyProfileEntry 4 }
etsysPortPolicyProfileSummaryTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPortPolicyProfileSummaryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides aggregate port information on a per
policy, per port type basis."
::= { etsysPortPolicyProfile 3 }
etsysPortPolicyProfileSummaryEntry OBJECT-TYPE
SYNTAX EtsysPortPolicyProfileSummaryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Conceptually defines a particular entry within the
etsysPortPolicyProfileSummaryTable."
INDEX { etsysPolicyProfileIndex,
etsysPortPolicyProfileSummaryIndexType }
::= { etsysPortPolicyProfileSummaryTable 1 }
EtsysPortPolicyProfileSummaryEntry ::=
SEQUENCE {
etsysPortPolicyProfileSummaryIndexType
PortPolicyProfileIndexTypeTC,
etsysPortPolicyProfileSummaryAdminID
PortList,
etsysPortPolicyProfileSummaryOperID
PortList,
etsysPortPolicyProfileSummaryDynamicID
PortList
}
etsysPortPolicyProfileSummaryIndexType OBJECT-TYPE
SYNTAX PortPolicyProfileIndexTypeTC
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object defines the specific type of port this entry
represents."
::= { etsysPortPolicyProfileSummaryEntry 1 }
etsysPortPolicyProfileSummaryAdminID OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An aggregate list of all Ports currently supporting
rules which assign this profileIndex through
administrative means. Rules of this type have a
valid etsysPolicyRuleResult2 action and a
profileIndex of 0."
::= { etsysPortPolicyProfileSummaryEntry 2 }
etsysPortPolicyProfileSummaryOperID OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An aggregate list of all Ports currently supporting
rules which assign this profileIndex through either
an administrative or dynamic means. The profileId
which will be assigned operationally, as frames are
handled are too be reported here."
::= { etsysPortPolicyProfileSummaryEntry 3 }
etsysPortPolicyProfileSummaryDynamicID OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An aggregate list of all Ports currently supporting
rules which assign this profileIndex through a
dynamic means. For example the profileIndex returned
via a successful 802.1X supplicant authentication."
::= { etsysPortPolicyProfileSummaryEntry 4 }
-- -------------------------------------------------------------
-- etsysStationPolicyProfile group
-- -------------------------------------------------------------
etsysStationPolicyProfileMaxEntries OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum number of entries allowed in the
etsysStationPolicyProfileTable. If this number is
exceeded, based on stations connecting to the edge
device, the oldest entries will be deleted."
::= { etsysStationPolicyProfile 1 }
etsysStationPolicyProfileNumEntries OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of entries in the
etsysStationPolicyProfileTable."
::= { etsysStationPolicyProfile 2 }
etsysStationPolicyProfileLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"sysUpTime at which the etsysStationPolicyProfileTable
was last modified."
::= { etsysStationPolicyProfile 3 }
etsysStationPolicyProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysStationPolicyProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table allows for a one to one mapping between a
station's identifying address and a Policy Profile."
::= { etsysStationPolicyProfile 4 }
etsysStationPolicyProfileEntry OBJECT-TYPE
SYNTAX EtsysStationPolicyProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes a particular entry within the
etsysStationPolicyProfileTable. Entries within this
table MUST be considered non-volatile and MUST be
maintained across entity resets."
INDEX { etsysStationPolicyProfileIndex }
::= { etsysStationPolicyProfileTable 1 }
EtsysStationPolicyProfileEntry ::=
SEQUENCE {
etsysStationPolicyProfileIndex
Integer32,
etsysStationIdentifierType
StationAddressType,
etsysStationIdentifier
StationAddress,
etsysStationPolicyProfileOperID
PolicyProfileIDTC,
etsysStationPolicyProfilePortType
PortPolicyProfileIndexTypeTC,
etsysStationPolicyProfilePortID
Integer32
}
etsysStationPolicyProfileIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An index value which represents a unique station entry."
::= { etsysStationPolicyProfileEntry 2 }
etsysStationIdentifierType OBJECT-TYPE
SYNTAX StationAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the type of station identifying address contained
in etsysStationIdentifier."
::= { etsysStationPolicyProfileEntry 3 }
etsysStationIdentifier OBJECT-TYPE
SYNTAX StationAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A value which represents a unique MAC Address, IP Address,
or other identifying address for a station, or other logical
and authenticatable sub-entity within a station, connected
to a port."
::= { etsysStationPolicyProfileEntry 4 }
etsysStationPolicyProfileOperID OBJECT-TYPE
SYNTAX PolicyProfileIDTC
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object is the current policy which is being applied to
this entry's MAC Address. A value of zero(0) indicates
there is no policy being applied to this MAC Address.
The value of this object reflects either the setting from an
underlying AAA service such as RADIUS, or the default setting
based on the etsysPortPolicyProfileAdminID for the port on
which the station is connected.
This object and the corresponding etsysPortPolicyProfileAdminID
will not be the same if this object has been set by an
underlying security protocol such as RADIUS."
::= { etsysStationPolicyProfileEntry 5 }
etsysStationPolicyProfilePortType OBJECT-TYPE
SYNTAX PortPolicyProfileIndexTypeTC
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A textual convention that defines the specific type of port
designator the corresponding entry represents."
::= { etsysStationPolicyProfileEntry 6 }
etsysStationPolicyProfilePortID OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A value which represents the physical port, of the type
defined by this entry's etsysStationPolicyProfilePortType,
on which the associated station entity is connected. This
object is for convenience in cross referencing stations to
ports."
::= { etsysStationPolicyProfileEntry 7 }
-- ---------------------------------------------------------- --
-- etsysInvalidPolicyPolicy group
-- ---------------------------------------------------------- --
etsysInvalidPolicyAction OBJECT-TYPE
SYNTAX INTEGER {
applyDefaultPolicy(1),
dropPackets(2),
forwardPackets(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the action that the edge device should take if asked
to apply an invalid or unknown policy.
applyDefaultPolicy(1) - Ignore the result and search for
the next policy assignment rule.
dropPackets(2) - Block traffic.
forwardPackets(3) - Forward traffic, as if no policy
had been assigned (via 802.1D/Q
rules).
Although dropPackets(2) is the most secure option, it may
not always be desirable."
DEFVAL { applyDefaultPolicy }
::= { etsysInvalidPolicyPolicy 1 }
etsysInvalidPolicyCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Increments to indicate the number of times the device has
detected an invalid/unknown policy."
::= { etsysInvalidPolicyPolicy 2 }
-- ---------------------------------------------------------- --
-- etsysDevicePolicyProfile group
-- ---------------------------------------------------------- --
etsysDevicePolicyProfileDefault OBJECT-TYPE
SYNTAX Integer32 (0|1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If this value is non-zero, the value indicates
the etsysPolicyProfileEntry (and its associated
etsysPolicyClassificationTable entries) which
should be used by the device if the device is
incapable of using the profile (or specific parts
of the profile) explicitly applied to an inbound
frame. A value of zero indicates that no default
profile is currently active."
DEFVAL { 0 }
::= { etsysDevicePolicyProfile 1 }
-- ---------------------------------------------------------- --
-- etsysPolicyCapability group
-- ---------------------------------------------------------- --
etsysPolicyCapabilities OBJECT-TYPE
SYNTAX BITS {
supportsVLANForwarding(0),
-- VLAN forwarding is supported on all
-- rule types supported by the device.
supportsPriority(1),
-- classification rules are supported for 802.1p
-- priorities.
supportsPermit(2),
-- permit capability is supported on all
-- rule types supported by the device
-- without having to specify a VLAN.
supportsDeny(3),
-- deny capability is supported on all rule
-- types supported by the device without
-- having to specify a VLAN.
supportsDeviceLevelPolicy(4),
-- a single device level policy is supported
-- to supplement any components of the per port
-- policy that cannot be applied by the device.
-- etsysDevicePolicyProfileDefault is used to
-- indicate the supplemental policy. This
-- capability should only exist on devices that
-- cannot apply complete per port policies.
supportsPrecedenceReordering(5),
-- supports the ability to change the evaluation
-- order of the respective classification rule
-- types.
supportsTciOverwrite(6),
-- supports the ability to overwrite the TCI
-- information found in inbound, tagged frames.
supportsRulesTable(7),
-- supports the etsysPolicyRulesTable.
supportsRuleUseAccounting(8),
-- supports the ability to track classification
-- rule use (and the etsysPolicyRuleUsageList).
supportsRuleUseNotification(9),
-- supports the ability to send audit information
-- the first time a rule is used to classify a
-- frame.
supportsCoSTable(10),
-- supports the <MIB_NAME> as an action (in the
-- stead of simple 802.1D Priority.
supportsLongestPrefixRules(11),
-- Some (or all) of the classification table
-- rules support Longest Prefix matching.
supportsPortDisableAction(12),
-- Supports the ability to disable a port based
-- on a rule in the etsysPolicyRulesTable.
supportsRuleUseAutoClearOnLink(13),
-- supports the "auto clear on link up" object
-- related to rule use accounting.
supportsRuleUseAutoClearOnInterval(14),
-- supports the "auto clear interval " objects
-- related to rule use accounting.
supportsRuleUseAutoClearOnProfile(15),
-- supports the "auto clear profile" objects
-- related to rule use accounting.
supportsPolicyRFC3580MapTable(16),
-- supports RFC 3580 and policy simultaneously,
-- and thus supports the etsysPolicyRFC3580Map
-- group.
supportsPolicyEnabledTable(17),
-- supports the etsysPolicyEnabledTable which
-- reports and controls the state of
-- PolicyProfile assignment on the device.
supportsMirror(18),
-- supports mirroring
supportsEgressPolicy(19),
-- supports the application of policy on egress.
supportsProfileFst(20),
-- supports per user Flow Setup Thresholding
-- via etsysPolicyProfileFstIndex
supportsQuarantine(21),
-- supports quarantine
supportsProfileHttpRedirect(22),
-- supports per profile HTTP redirect via
-- etsysPolicyProfileHttpRedirectIndex
supportsCounters(23),
-- supports counters
supportsProfilePortAuthOverride(24)
-- supports per profile port authentication
-- override via etsysPolicyProfilePortAuthOverride
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of capabilities related to policies.
A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 1 }
etsysPolicyDynaPIDRuleCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of dynamically assigning a profile to the
network traffic described by the bit.
A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 2 }
etsysPolicyAdminPIDRuleCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of administratively assigning a profile to the
network traffic described by the bit.
A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 3 }
etsysPolicyVlanRuleCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of assigning a VlanId to the network traffic
described by the bit.
A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 4 }
etsysPolicyCosRuleCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of assigning a CoS to the network traffic
described by the bit.
A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 5 }
etsysPolicyDropRuleCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of discarding the network traffic described by
the bit.
A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 6 }
etsysPolicyForwardRuleCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of forwarding the network traffic described by
the bit.
A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 7 }
etsysPolicySyslogRuleCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of issuing syslog messages when the rule is used
to identify the network traffic described by the bit.
A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 8 }
etsysPolicyTrapRuleCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of issuing an SNMP notify (trap) messages when the
rule is used to identify the network traffic described by the
bit. A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 9 }
etsysPolicyDisablePortRuleCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of disabling the ingress port identified when the
rule matches the network traffic described by the bit.
A set bit, with the value 1, indicates support for the
described functionality. A clear bit, with the value
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 10 }
etsysPolicySupportedPortList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The list ports which support policy profile assignment (i.e.
the ports which _do_ policy). This object may be useful to
management entities which desire to scope action to only those
ports which support policy. A port which appears in this list,
must support, at minimum, the assignment of a policy profile to
all traffic ingressing the port."
::= { etsysPolicyCapability 11 }
etsysPolicyEnabledTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyEnabledTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table allows for the configuration of policy profile
assignment methods, per port, including the ability to disable
policy profile assignment, per port. In addition, a ports
capabilities, with respect to policy profile assignment are
reported."
::= { etsysPolicyCapability 12 }
etsysPolicyEnabledTableEntry OBJECT-TYPE
SYNTAX EtsysPolicyEnabledTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes a particular entry within the
etsysPolicyEnabledTable."
INDEX { dot1dBasePort }
::= { etsysPolicyEnabledTable 1 }
EtsysPolicyEnabledTableEntry ::=
SEQUENCE {
etsysPolicyEnabledSupportedRuleTypes
PolicyRulesSupported,
etsysPolicyEnabledEnabledRuleTypes
PolicyRulesSupported,
etsysPolicyEnabledEgressEnabled
EnabledStatus
}
etsysPolicyEnabledSupportedRuleTypes OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The list of rule types which the devices supports for the
purpose of assigning policy profiles to network traffic
ingressing this dot1dBasePort."
::= { etsysPolicyEnabledTableEntry 1 }
etsysPolicyEnabledEnabledRuleTypes OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The list of rule types from which the device will assign policy
profiles to network traffic ingressing this dot1dBasePort.
Rules which have a type not enumerated here must not be used to
assign policy profiles, but must still be used to interrogate
the rule-set bound to the determined policy profile.
A set of all cleared bits will effectively disable policy in
the port."
::= { etsysPolicyEnabledTableEntry 2 }
etsysPolicyEnabledEgressEnabled OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls the enabling and disabling the application of policy
as packets egress the switching process on the dot1dBasePort
specified in the indexing."
DEFVAL { disabled }
::= { etsysPolicyEnabledTableEntry 3 }
etsysPolicyRuleAttributeTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyRuleAttributeTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table details each supported rule type attribute
for rule data length in bytes, rule data length in bits,
and the maximum number of rules that may use that type."
::= { etsysPolicyCapability 13 }
etsysPolicyRuleAttributeTableEntry OBJECT-TYPE
SYNTAX EtsysPolicyRuleAttributeTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes a particular entry within the
etsysPolicyRuleAttributeTable."
INDEX { etsysPolicyRuleType }
::= { etsysPolicyRuleAttributeTable 1 }
EtsysPolicyRuleAttributeTableEntry ::=
SEQUENCE {
etsysPolicyRuleAttributeByteLength
Integer32,
etsysPolicyRuleAttributeBitLength
Integer32,
etsysPolicyRuleAttributeMaxCreatable
Integer32
}
etsysPolicyRuleAttributeByteLength OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This rule type's maximum length, in bytes of the
etsysPolicyRuleData. Devices supporting this object MUST
allow sets for this rule data of any valid length up to and
including the length value represented by this object.
Management entities must also expect to read back the maximum
data length for each type regardless of the length the data
was set with."
::= { etsysPolicyRuleAttributeTableEntry 1 }
etsysPolicyRuleAttributeBitLength OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This rule type's maximum bit length for traffic data. This
value also represents the maximum mask that may be used for
rule data. The mask MUST NOT exceed the rule data size. Masks
that exceed the data size shall be considered invalid and
result in an SNMP set failure."
::= { etsysPolicyRuleAttributeTableEntry 2 }
etsysPolicyRuleAttributeMaxCreatable OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If this value is non-zero, the value indicates the maximum
number of rules of this type the agent can support."
::= { etsysPolicyRuleAttributeTableEntry 3 }
etsysPolicyRuleTciOverwriteCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device
for the purpose of overwriting the TCI in received packets described
by the bit. A set bit, with the value 1, indicates support
for the described functionality. A clear bit, with the
value 0, indicates the described functionality is not
supported."
::= { etsysPolicyCapability 14 }
etsysPolicyRuleMirrorCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device
for the purpose of mirroring the network traffic described
by the bit. A set bit, with the value 1, indicates support
for the described functionality. A clear bit, with the
value 0, indicates the described functionality is not
supported."
::= { etsysPolicyCapability 15 }
etsysPolicyRuleQuarantineCapabilities OBJECT-TYPE
SYNTAX PolicyRulesSupported
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A list of rule types which are supported by this device for
the purpose of quarantining the user to a specified profile id
when the rule is used to identify the network traffic described
by the bit. A set bit, with the value of 1, indicates support
for the described functionality. A clear bit, with the value of
0, indicates the described functionality is not supported."
::= { etsysPolicyCapability 16 }
-- -------------------------------------------------------------
-- etsysPolicyMap group
-- -------------------------------------------------------------
etsysPolicyMapMaxEntries OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMap 1 }
etsysPolicyMapNumEntries OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMap 2 }
etsysPolicyMapLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMap 3 }
etsysPolicyMapPvidOverRide OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMap 4 }
etsysPolicyMapUnknownPvidPolicy OBJECT-TYPE
SYNTAX INTEGER {
denyAccess(1),
applyDefaultPolicy(2),
applyPvid(3)
}
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMap 5 }
etsysPolicyMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyMapEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMap 6 }
etsysPolicyMapEntry OBJECT-TYPE
SYNTAX EtsysPolicyMapEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
INDEX { etsysPolicyMapIndex }
::= { etsysPolicyMapTable 1 }
EtsysPolicyMapEntry ::=
SEQUENCE {
etsysPolicyMapIndex
Integer32,
etsysPolicyMapRowStatus
RowStatus,
etsysPolicyMapStartVid
Unsigned32,
etsysPolicyMapEndVid
Unsigned32,
etsysPolicyMapPolicyIndex
Integer32
}
etsysPolicyMapIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMapEntry 1 }
etsysPolicyMapRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMapEntry 2 }
etsysPolicyMapStartVid OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMapEntry 3 }
etsysPolicyMapEndVid OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMapEntry 4 }
etsysPolicyMapPolicyIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"This has been obsoleted."
::= { etsysPolicyMapEntry 5 }
-- -------------------------------------------------------------
-- etsysPolicyRules group
-- -------------------------------------------------------------
etsysPolicyRulesMaxEntries OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum number of entries allowed in the
etsysPolicyRulesTable."
::= { etsysPolicyRules 1 }
etsysPolicyRulesNumEntries OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of entries in the
etsysPolicyRulesTable."
::= { etsysPolicyRules 2 }
etsysPolicyRulesLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The sysUpTime at which the etsysPolicyRulesTable
was last modified."
::= { etsysPolicyRules 3 }
etsysPolicyRulesAccountingEnable OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls the collection of rule usage statistics. If
disabled, no usage statistics are gathered and no auditing
messages will be sent. When enabled, rule will gather
usage statistics, and auditing messages will be sent, if
enabled for a given rule."
DEFVAL { disabled }
::= { etsysPolicyRules 4 }
etsysPolicyRulesPortDisabledList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A portlist containing bits representing the dot1dBridgePorts
which have been disabled via the mechanism described in the
etsysPolicyRuleDisablePort leaf. A set bit indicates a
disabled port.
Ports may be enabled by performing a set with the
corresponding bit cleared. Bits which are set will
be ignored during the set operation."
::= { etsysPolicyRules 5 }
-- -------------------------------------------------------------
-- etsysPolicyRuleTable
-- -------------------------------------------------------------
etsysPolicyRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing rules bound to individual policies. A
Rule is comprised of three components, a unique description
of the network traffic, an associated list of actions, and
an associated list of accounting and auditing controls and
information.
The unique description of the network traffic, defined by a
PolicyClassificationRuleType together with a length,
matching data and a relevant bits field, port type,
and port number (port number zero is reserved to mean any
port), and scoped by a etsysPolicyProfileIndex, is used
as the table index."
::= { etsysPolicyRules 6 }
etsysPolicyRuleEntry OBJECT-TYPE
SYNTAX EtsysPolicyRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes a particular entry within the
etsysPolicyRuleTable. Entries within this table
MUST be considered non-volatile and MUST be maintained
across entity resets."
INDEX { etsysPolicyRuleProfileIndex,
etsysPolicyRuleType,
etsysPolicyRuleData,
etsysPolicyRulePrefixBits,
etsysPolicyRulePortType,
etsysPolicyRulePort}
::= { etsysPolicyRuleTable 1 }
EtsysPolicyRuleEntry ::=
SEQUENCE {
etsysPolicyRuleProfileIndex
Integer32,
etsysPolicyRuleType
PolicyClassificationRuleType,
etsysPolicyRuleData
OCTET STRING,
etsysPolicyRulePrefixBits
Integer32,
etsysPolicyRulePortType
PortPolicyProfileIndexTypeTC,
etsysPolicyRulePort
Integer32,
etsysPolicyRuleRowStatus
RowStatus,
etsysPolicyRuleStorageType
StorageType,
etsysPolicyRuleUsageList
PortList,
etsysPolicyRuleResult1
Integer32,
etsysPolicyRuleResult2
Integer32,
etsysPolicyRuleAuditSyslogEnable
TriStateStatus,
etsysPolicyRuleAuditTrapEnable
TriStateStatus,
etsysPolicyRuleDisablePort
TriStateStatus,
etsysPolicyRuleOperPid
Integer32,
etsysPolicyRuleOverwriteTCI
TriStateStatus,
etsysPolicyRuleMirrorIndex
Integer32,
etsysPolicyRuleQuarantineProfileIndex
Integer32,
etsysPolicyRuleHttpRedirectIndex
Integer32
}
etsysPolicyRuleProfileIndex OBJECT-TYPE
SYNTAX Integer32 (0|1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The etsysPolicyProfileIndex for which the rule is defined.
A value of zero(0) has special meaning in that it scopes
rules which are used to determine the Policy Profile to
which the frame belongs. See the etsysPolicyRuleResult1
and etsysPolicyRuleResult2 descriptions for specifics of
how the results of a rule hit differ when the
etsysPolicyRuleProfileIndex is zero."
::= { etsysPolicyRuleEntry 1 }
etsysPolicyRuleType OBJECT-TYPE
SYNTAX PolicyClassificationRuleType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The type of network traffic reference by the
etsysPolicyRuleData."
::= { etsysPolicyRuleEntry 2 }
etsysPolicyRuleData OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..64))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The data pattern to match against, as defined by the
etsysPolicyRuleType, encoded in network-byte order."
::= { etsysPolicyRuleEntry 3 }
etsysPolicyRulePrefixBits OBJECT-TYPE
SYNTAX Integer32(0|1..2048)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The relevant number of bits defined by the
etsysPolicyRuleData, to be used when matching against a
frame, relevant bits are specified in longest-prefix-first
style (left to right). A value of zero carries the special
meaning of all bits are relevant."
::= { etsysPolicyRuleEntry 4 }
etsysPolicyRulePortType OBJECT-TYPE
SYNTAX PortPolicyProfileIndexTypeTC
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The port number on which the rule will be applied. Zero(0)
is a special case, indicating that the rule should be applied
to all ports."
::= { etsysPolicyRuleEntry 5 }
etsysPolicyRulePort OBJECT-TYPE
SYNTAX Integer32(0|1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The port number on which the rule will be applied. Zero(0)
is a special case, indicating that the rule should be applied
to all ports."
::= { etsysPolicyRuleEntry 6 }
etsysPolicyRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this row.
When set to active(1) this entry's classification rule, as
referenced by etsysPolicyRulesOID, becomes one of
its associated policy's set of rules.
When this entry's associated policy, as defined by
etsysPolicyRuleProfileIndex, is active and assigned to a port
through the etsysPortPolicyProfileTable or to a station
through the etsysStationPolicyProfileTabbe, this
classification rule will be applied to the port or station.
The exact behavior of this application depends upon the
classification rule.
When this object is set to notInService(2) or notReady(3)
this entry is not considered one of its associated policy's
set of rules and this classification rule will not be
applied."
::= { etsysPolicyRuleEntry 7 }
etsysPolicyRuleStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type of this row.
When set to volatile(1) this entry's classification rule, as
referenced by etsysPolicyRulesOID, will be removed (if
present) from non-volatile storage. Rows created dynamically
by the device will typically report this as their default
storage type.
When set to nonVolatile(1) this entry's classification rule, as
referenced by etsysPolicyRulesOID, will be added to non-
volatile storage. This is the default value for rows created
as the result of external management.
Values of other(0), permanent(4), and readOnly(5) may not be
set, although they may be returned for rows created by the
device."
DEFVAL { nonVolatile }
::= { etsysPolicyRuleEntry 8 }
etsysPolicyRuleUsageList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When read, a set bit indicates that this rule was used to
classify traffic on the corresponding port. When set, the
native PortList will be bit-wise AND'ed with the set PortList,
allowing the agent to clear the usage indication."
::= { etsysPolicyRuleEntry 9 }
etsysPolicyRuleResult1 OBJECT-TYPE
SYNTAX Integer32(-1|0|1..4094|4095)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If the etsysPolicyRuleProfileIndex is 0 then this field is
read-only and defines the profile ID which will be assigned
to frames matching this rule. This is the dynamically assigned
value and may differ from the administratively configured
value.
If the etsysPolicyRuleProfileIndex is not 0 then this field is
read-create and defines the VLAN ID with which to mark a frame
matching this PolicyRule.
Note that three special, otherwise illegal, values of the
etsysPolicyRuleVlan are used in defining the forwarding action.
-1 Indicates that no VLAN or forwarding behavior
modification is desired. A rule will not be matched
against for the purpose of determining a marking
VID if this value is set.
0 Indicates that the default forwarding action
is to drop the packets matching this rule.
4095 Indicates that the default forwarding action
is to forward any packets matching this rule."
DEFVAL { -1 }
::= { etsysPolicyRuleEntry 10 }
etsysPolicyRuleResult2 OBJECT-TYPE
SYNTAX Integer32(-1|0..4095)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If the etsysPolicyRuleProfileIndex is 0 then this field is
read-create and defines the profile ID which the managing
entity desires assigned to frames matching this rule. This
is the administrative value and may differ from the
dynamically assigned active value.
If the etsysPolicyRuleProfileIndex is not 0 then this field is
The CoS with which to mark a frame matching this
PolicyRule.
Note that one special, otherwise illegal, values of the
etsysPolicyRuleCoS are used in defining the forwarding
action.
-1 Indicates that no CoS or forwarding behavior
modification is desired. A rule will not be
matched against for the purpose of determining
a CoS if this value is set."
DEFVAL { -1 }
::= { etsysPolicyRuleEntry 11 }
etsysPolicyRuleAuditSyslogEnable OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Controls the sending of a syslog message when a bit in the
etsysPolicyRuleUsageList transitions from 0 to 1."
DEFVAL { disabled }
::= { etsysPolicyRuleEntry 12 }
etsysPolicyRuleAuditTrapEnable OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Controls the sending of an SNMP NOTIFICATION when a bit in the
etsysPolicyRuleUsageList transitions from 0 to 1."
DEFVAL { disabled }
::= { etsysPolicyRuleEntry 13 }
etsysPolicyRuleDisablePort OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Controls the disabling of a port (ifOperStatus of the
corresponding ifIndex will be down) when a bit in the
etsysPolicyRuleUsageList transitions from 0 to 1. When set to
enabled, the corresponding ifIndex will be disabled upon the
transition."
DEFVAL { disabled }
::= { etsysPolicyRuleEntry 14 }
etsysPolicyRuleOperPid OBJECT-TYPE
SYNTAX Integer32(-1|0..4095)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the etsysPolicyRuleProfileIndex is 0 then this field
contains the currently applied profile ID for frames
matching this rule. This may be either the administratively
applied value or the dynamically applied value.
If the etsysPolicyRuleProfileIndex is not 0, then this
object will return -1.
Note that one special value exists:
-1 Indicates that no profile ID is being applied
by this rule."
DEFVAL { -1 }
::= { etsysPolicyRuleEntry 15 }
etsysPolicyRuleOverwriteTCI OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If set, the information contained within the TCI field of
inbound, tagged packets will not be used by the device after
the ingress classification stage of packet relay. The net
effect will be that the TCI information may be used to classify
the packet, but will be overwritten (and ignored) by subsequent
stages of packet relay."
DEFVAL { disabled }
::= { etsysPolicyRuleEntry 16 }
etsysPolicyRuleMirrorIndex OBJECT-TYPE
SYNTAX Integer32 (-1|0|1..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A reference to a packet mirror destination (defined elsewhere).
A value of (-1) indicates no mirror is specified, but a mirror is
not explicitly prohibited.
A value of (0) indicates that mirroring is explicitly prohibited,
unless a higher precedence rule has specified a mirror."
DEFVAL { -1 }
::= { etsysPolicyRuleEntry 17 }
etsysPolicyRuleQuarantineProfileIndex OBJECT-TYPE
SYNTAX Integer32 (-1|0|1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If the etsysPolicyRuleProfileIndex is not 0 this field defines
the profile ID which will be used as the quarantine provisioning
agents mux response for the mac address and port whose frames
matched this rule.
A value of (-1) indicates no quarantine profile is specified,
but quarantine is not explicitly prohibited.
A value of (0) indicates that quarantine is explicitly prohibited.
If the etsysPolicyRuleProfileIndex is 0 this field is read only and
will always return -1 when read."
DEFVAL { -1 }
::= { etsysPolicyRuleEntry 18 }
etsysPolicyRuleHttpRedirectIndex OBJECT-TYPE
SYNTAX Integer32 (-1|0|1..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A reference to a HTTP Redirect server group as specified by
the etsysPolicyHttpRedirectGroupIndex object.
A value of (-1) indicates no HTTP Redirect is specified, but
HTTP redirection is not explicitly prohibited.
A value of (0) indicates that HTTP Redirect is explicitly
prohibited, unless a higher precedence rule has specified a
HTTP Redirect.
Packets are only subject to HTTP redirection if they are IP
frames with TCP port numbers matching an entry in
etsysPolicyHttpRedirectSocketTable."
DEFVAL { -1 }
::= { etsysPolicyRuleEntry 19 }
-- -------------------------------------------------------------
-- etsysPolicyRulePortTable
-- -------------------------------------------------------------
etsysPolicyRulePortTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyRulePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The purpose of this table is to provide an agent the
ability to easily determine which rules have been used
on a given bridge port. A row will only be present when
the rule which the instancing describes has been used.
The agent may remove a row (and clear the used status)
by setting the etsysPolicyRulePortHit leaf to False.
PolicyClassificationRuleType together with a length,
matching data and a relevant bits field, port type,
and port number (port number zero is reserved to mean any
port), scoped by a etsysPolicyRuleProfileIndex, and preceded by
a dot1dBasePort is used as the table index."
::= { etsysPolicyRules 7 }
etsysPolicyRulePortEntry OBJECT-TYPE
SYNTAX EtsysPolicyRulePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"."
INDEX { dot1dBasePort,
etsysPolicyRuleProfileIndex,
etsysPolicyRuleType,
etsysPolicyRuleData,
etsysPolicyRulePrefixBits,
etsysPolicyRulePortType,
etsysPolicyRulePort }
::= { etsysPolicyRulePortTable 1 }
EtsysPolicyRulePortEntry ::=
SEQUENCE {
etsysPolicyRulePortHit TruthValue
}
etsysPolicyRulePortHit OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Every row will report a value of True, indicating that the
Rule described by the instancing was used on the given
port. An agent may be set this leaf to False to clear
remove the row and clear the Rule Use bit for the
specified Rule, on the given bridgePort."
::= { etsysPolicyRulePortEntry 1 }
etsysPolicyRuleDynamicProfileAssignmentOverride OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If true, administratively assigned profile assignment
rules override dynamically assigned profiles assignments
for a given rule. If false, the dynamically assigned
value (typically created by a successful authentication
attempt) overrides the administratively configured value.
The agent may optionally implement this leaf as read-only."
DEFVAL { false }
::= { etsysPolicyRules 8 }
etsysPolicyRuleDefaultDynamicSyslogStatus OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If enabled(1), rules dynamically created will set
etsysPolicyRuleAuditSyslogEnable to enabled. If
disabled(2) a dynamically created rule will have
etsysPolicyRuleAuditSyslogEnable set to disabled.
The agent may optionally implement this leaf as read-only."
DEFVAL { disabled }
::= { etsysPolicyRules 9 }
etsysPolicyRuleDefaultDynamicTrapStatus OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If enabled(1), rules dynamically created will set
etsysPolicyRuleAuditTrapEnable to enabled. If
disabled(2) a dynamically created rule will have
etsysPolicyRuleAuditTrapEnable set to disabled.
The agent may optionally implement this leaf as read-only."
DEFVAL { disabled }
::= { etsysPolicyRules 10 }
etsysPolicyRuleStatsAutoClearOnLink OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If set to enabled(1), when operstatus up is detected on any
port the agent will clear the rule usage information
associated with that port.
This ability is further scoped to the list of ports defined by
etsysPolicyRuleStatsAutoClearPorts.
This leaf is optional and will have no effect on an agent
which has rule use accounting disabled or does not support
rule use accounting.
By default, the rule use accounting information will not be
modified by operstatus transitions."
DEFVAL { disabled }
::= { etsysPolicyRules 11 }
etsysPolicyRuleStatsAutoClearInterval OBJECT-TYPE
SYNTAX Integer32 (0|1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The interval at which the device will automatically clear rule
usage statistics, in minutes. This ability is disabled (usage
statistics will not be automatically cleared) if set to
zero(0).
This ability is further scoped to the list of ports defined by
etsysPolicyRuleStatsAutoClearPorts.
This leaf is optional and will have no effect on an agent which
has rule use accounting disabled or does not support rule use
accounting."
DEFVAL { 0 }
::= { etsysPolicyRules 12 }
etsysPolicyRuleStatsAutoClearPorts OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The list ports on which rule usage statistics will be
cleared by one of the AutoClear actions
(etsysPolicyRuleStatsAutoClearInterval,
etsysPolicyRuleStatsAutoClearOnProfile, or
etsysPolicyRuleStatsAutoClearOnLink).
By default, no ports will be set in this list.
This leaf is optional, unless the agent claims support for
one of the other 'autoclear' objects, and will have no effect
on an agent which has rule use accounting disabled or does
not support rule use accounting."
::= { etsysPolicyRules 13 }
etsysPolicyRuleStatsAutoClearOnProfile OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If set to enabled(1), when a rule assigning a PolicyProfile
(whose etsysPolicyRuleProfileIndex is zero(0)) is activated,
all the rule usage bits associated with the rules bound to the
PolicyProfile specified by the etsysPolicyRuleOperPid
and the port specified by the etsysPolicyRulePort are cleared
(if there is no port specified or no valid
etsysPolicyRuleProfileIndex specified, then no action follows).
This ability is further scoped to the list of ports defined by
etsysPolicyRuleStatsAutoClearPorts.
This leaf is optional and will have no effect on an agent
which has rule use accounting disabled or does not support
rule use accounting. By default, the rule use accounting
information will not be modified by the creation or activation
of PolicyProfile assignment rules."
DEFVAL { disabled }
::= { etsysPolicyRules 14 }
etsysPolicyRuleStatsDroppedNotifications OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A count of the number of times the agent has dropped
notification (syslog or trap) of a etsysPolicyRuleUsageList
bit transition. A management entity might use this leaf as
an indication to read the etsysPolicyRuleUsageList objects
for important rules. This count should be kept to the best of
the device's ability, and explicitly does not cover
notifications discarded by the network."
::= { etsysPolicyRules 15 }
etsysPolicyRuleSylogMachineReadableFormat OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If enabled, the device should format rule usage messages so
that they might be processed by a machine (scripting backend,
etc). If disabled, the messages should be formatted for human
consumption."
DEFVAL { disabled }
::= { etsysPolicyRules 16 }
etsysPolicyRuleSylogExtendedFormat OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If enabled, the device should provide additional information
in rule-hit syslog messages. This information MAY include what
actions may have been initiated by the rule (if any) or
data mined from the packet which matched the rule."
DEFVAL { disabled }
::= { etsysPolicyRules 17 }
etsysPolicyRuleSylogEveryTime OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If enabled, the device will syslog on every rule hit (or profile
hit) which specifies SYSLOG as the action, instead of only when
the associated bit in the etsysPolicyProfileUsageList or the
etsysPolicyRuleUsageList is clear. It should be noted that this may
cause MANY messages to be generated."
DEFVAL { disabled }
::= { etsysPolicyRules 18 }
-- -------------------------------------------------------------
-- etsysPolicyNonVolatileRuleTable
-- -------------------------------------------------------------
etsysPolicyNonVolatileRulesLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The sysUpTime at which the etsysPolicyNonVolatileRuleTable
was last modified."
::= { etsysPolicyRules 19 }
etsysPolicyNonVolatileRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyNonVolatileRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing rules bound to individual policies. The
rules here contained are representations of the non-volatile
rules contained in the etsysPolicyRuleTable defined in this MIB.
A Rule is comprised of three components, a unique description
of the network traffic, an associated list of actions, and
an associated list of accounting and auditing controls and
information.
The unique description of the network traffic, defined by a
PolicyClassificationRuleType together with a length,
matching data and a relevant bits field, port type,
and port number (port number zero is reserved to mean any
port), and scoped by a etsysPolicyProfileIndex, is used
as the table index."
::= { etsysPolicyRules 20 }
etsysPolicyNonVolatileRuleEntry OBJECT-TYPE
SYNTAX EtsysPolicyNonVolatileRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes a particular entry within the
etsysPolicyNonVolatileRuleTable. Entries within this table
are representations of the non-volatile entries found
in the etsysPolicyRuleTable."
INDEX { etsysPolicyRuleProfileIndex,
etsysPolicyRuleType,
etsysPolicyRuleData,
etsysPolicyRulePrefixBits,
etsysPolicyRulePortType,
etsysPolicyRulePort}
::= { etsysPolicyNonVolatileRuleTable 1 }
EtsysPolicyNonVolatileRuleEntry ::=
SEQUENCE {
etsysPolicyNonVolatileRuleRowStatus
RowStatus,
etsysPolicyNonVolatileRuleStorageType
StorageType,
etsysPolicyNonVolatileRuleUsageList
PortList,
etsysPolicyNonVolatileRuleResult1
Integer32,
etsysPolicyNonVolatileRuleResult2
Integer32,
etsysPolicyNonVolatileRuleAuditSyslogEnable
TriStateStatus,
etsysPolicyNonVolatileRuleAuditTrapEnable
TriStateStatus,
etsysPolicyNonVolatileRuleDisablePort
TriStateStatus,
etsysPolicyNonVolatileRuleOperPid
Integer32,
etsysPolicyNonVolatileRuleOverwriteTCI
TriStateStatus,
etsysPolicyNonVolatileRuleMirrorIndex
Integer32,
etsysPolicyNonVolatileRuleQuarantineProfileIndex
Integer32
}
etsysPolicyNonVolatileRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The status of this row.
When active(1) this entry's classification rule,
is one of its associated policy's set of rules.
When this entry's associated policy, as defined by
etsysPolicyRuleProfileIndex, is active and assigned to a port
through the etsysPortPolicyProfileTable or to a station
through the etsysStationPolicyProfileTable, this
classification rule will be applied to the port or station.
The exact behavior of this application depends upon the
classification rule.
When this object is notInService(2) or notReady(3)
this entry is not considered one of its associated policy's
set of rules and this classification rule will not be
applied."
::= { etsysPolicyNonVolatileRuleEntry 7 }
etsysPolicyNonVolatileRuleStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The storage type of this row.
For all entries in the table this is set to nonVolatile(1),
and as such, this entry's classification rule will be added
to non-volatile storage."
::= { etsysPolicyNonVolatileRuleEntry 8 }
etsysPolicyNonVolatileRuleUsageList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When read, a set bit indicates that this rule was used to
classify traffic on the corresponding port."
::= { etsysPolicyNonVolatileRuleEntry 9 }
etsysPolicyNonVolatileRuleResult1 OBJECT-TYPE
SYNTAX Integer32(-1|0|1..4094|4095)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the etsysPolicyRuleProfileIndex is 0 this field defines the
profile ID which will be assigned to frames matching this rule.
This is the dynamically assigned value and may differ from the
administratively configured value.
If the etsysPolicyRuleProfileIndex is not 0 then this field
defines the VLAN ID with which to mark a frame matching this
PolicyNonVolatileRule.
Note that three special, otherwise illegal, values of the
etsysPolicyNonVolatileRuleVlan are used in defining the
forwarding action.
-1 Indicates that no VLAN or forwarding behavior
modification is desired. A rule will not be matched
against for the purpose of determining a marking
VID if this value is set.
0 Indicates that the default forwarding action
is to drop the packets matching this rule.
4095 Indicates that the default forwarding action
is to forward any packets matching this rule."
::= { etsysPolicyNonVolatileRuleEntry 10 }
etsysPolicyNonVolatileRuleResult2 OBJECT-TYPE
SYNTAX Integer32(-1|0..4095)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the etsysPolicyRuleProfileIndex is 0 this field defines
the profile ID which the managing entity desires assigned to
frames matching this rule. This is the administrative value
and may differ from the dynamically assigned active value.
If the etsysPolicyRuleProfileIndex is not 0 then this field is
The CoS with which to mark a frame matching this
PolicyNonVolatileRule.
Note that one special, otherwise illegal, value of the
etsysPolicyNonVolatileRuleCoS is used in defining the
forwarding action.
-1 Indicates that no CoS or forwarding behavior
modification is desired. A rule will not be
matched against for the purpose of determining
a CoS if this value is set."
::= { etsysPolicyNonVolatileRuleEntry 11 }
etsysPolicyNonVolatileRuleAuditSyslogEnable OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If enabled, a syslog message is sent when a bit in the
etsysPolicyNonVolatileRuleUsageList transitions from 0 to 1."
::= { etsysPolicyNonVolatileRuleEntry 12 }
etsysPolicyNonVolatileRuleAuditTrapEnable OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If enabled, an SNMP NOTIFICATION is sent when a bit in the
etsysPolicyNonVolatileRuleUsageList transitions from 0 to 1."
::= { etsysPolicyNonVolatileRuleEntry 13 }
etsysPolicyNonVolatileRuleDisablePort OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If enabled, a port is disabled (ifOperStatus of the
corresponding ifIndex will be down) when a bit in the
etsysPolicyNonVolatileRuleUsageList transitions from 0 to 1."
::= { etsysPolicyNonVolatileRuleEntry 14 }
etsysPolicyNonVolatileRuleOperPid OBJECT-TYPE
SYNTAX Integer32(-1|0..4095)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the etsysPolicyRuleProfileIndex is 0 then this field
contains the currently applied profile ID for frames
matching this rule. This may be either the administratively
applied value or the dynamically applied value.
If the etsysPolicyRuleProfileIndex is not 0, then this
object will return -1.
Note that one special value exists:
-1 Indicates that no profile ID is being applied
by this rule."
::= { etsysPolicyNonVolatileRuleEntry 15 }
etsysPolicyNonVolatileRuleOverwriteTCI OBJECT-TYPE
SYNTAX TriStateStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If set, the information contained within the TCI field of
inbound, tagged packets will not be used by the device after
the ingress classification stage of packet relay. The net
effect will be that the TCI information may be used to classify
the packet, but will be overwritten (and ignored) by subsequent
stages of packet relay."
::= { etsysPolicyNonVolatileRuleEntry 16 }
etsysPolicyNonVolatileRuleMirrorIndex OBJECT-TYPE
SYNTAX Integer32 (-1|0|1..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A reference to a packet mirror destination (defined elsewhere).
A value of (-1) indicates no mirror is specified, but a mirror is
not explicitly prohibited.
A value of (0) indicates that mirroring is explicitly prohibited,
unless a higher precedence rule has specified a mirror."
::= { etsysPolicyNonVolatileRuleEntry 17 }
etsysPolicyNonVolatileRuleQuarantineProfileIndex OBJECT-TYPE
SYNTAX Integer32 (-1|0|1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the etsysPolicyRuleProfileIndex is not 0 this field defines
the profile ID which will be used as the quarantine provisioning
agents mux response for the mac address and port whose frames
matched this rule.
A value of (-1) indicates no quarantine profile is specified,
but quarantine is not explicitly prohibited.
A value of (0) indicates that quarantine is explicitly prohibited.
If the etsysPolicyRuleProfileIndex is 0 this field will always
return -1 when read."
::= { etsysPolicyNonVolatileRuleEntry 18 }
-- -------------------------------------------------------------
-- etsysPolicyRFC3580Map group
-- -------------------------------------------------------------
etsysPolicyRFC3580MapResolveReponseConflict OBJECT-TYPE
SYNTAX PolicyRFC3580MapRadiusResponseTC
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates which field to use in the application of the RADIUS
response in the event that both the proprietary filter-id
indicating a policy profile and the standard (RFC3580) vlan-
tunnel-attribute are present. If policyProfile(1) is selected,
then the filter-id will be used, if vlanTunnelAttribute(2) is
selected, then the vlan-tunnel-attribute will be used (and the
policy-map will be applied, if present). A value of
vlanTunnelAttributeWithPolicyProfile(3) indicates that both
attributes should be applied, in the following manner: the
policyProfile should be enforced, with the exception of the
etsysPolicyProfilePortVid (if present), the returned
vlan-tunnel-attribute will be used in its place. In this case,
the policy-map will be ignored (as the policyProfile was
explicitly assigned). VLAN classification rules will still
be applied, as defined by the assigned policyProfile.
Modifications of this value will not effect the current status
of any users currently authenticated. The new state will be
applied to new, successful authentications. The current status
of current authentication may be modified through the
individual agents or through the ENTERASYS-MULTI-AUTH-MIB, if
supported."
DEFVAL { policyProfile }
::= { etsysPolicyRFC3580Map 1 }
etsysPolicyRFC3580MapLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime when the etsysPolicyRFC3580MapTable was
last modified."
::= { etsysPolicyRFC3580Map 2 }
etsysPolicyRFC3580MapTableDefault OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If read as True, then the etsysPolicyRFC3580MapTable is in the
default state (no mappings have been created), if False, then
non-default mappings exist.
If set to True, then the etsysPolicyRFC3580MapTable will be put
into the default state (no mappings will exist). A set to
False is not valid and MUST fail."
::= { etsysPolicyRFC3580Map 3 }
etsysPolicyRFC3580MapTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyRFC3580MapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing VLAN ID to policy mappings. A policy is
a group of classification rules which may be applied on a
per user basis, to ports or to stations."
::= { etsysPolicyRFC3580Map 4 }
etsysPolicyRFC3580MapEntry OBJECT-TYPE
SYNTAX EtsysPolicyRFC3580MapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Conceptually defines a particular entry within the
etsysPolicyRFC3580MapTable. Entries within this table MUST be
considered non-volatile and MUST be maintained across
entity resets."
INDEX { etsysPolicyRFC3580MapVlanId }
::= { etsysPolicyRFC3580MapTable 1 }
EtsysPolicyRFC3580MapEntry ::=
SEQUENCE {
etsysPolicyRFC3580MapVlanId
VlanIndex,
etsysPolicyRFC3580MapPolicyIndex
PolicyProfileIDTC
}
etsysPolicyRFC3580MapVlanId OBJECT-TYPE
SYNTAX VlanIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The VlanIndex which will map to the policy profile specified
by the etsysPolicyRFC3580MapPolicyIndex of this row. This will
be used to map the VLAN returned by value from the Tunnel-
Private-Group-ID RADIUS attribute."
REFERENCE
"IEEE 802.1X RADIUS Usage Guidelines (RFC 3580)"
::= { etsysPolicyRFC3580MapEntry 1 }
etsysPolicyRFC3580MapPolicyIndex OBJECT-TYPE
SYNTAX PolicyProfileIDTC (0|1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The index of a Policy Profle as defined in the
etsysPolicyProfileTable.
A value of 0 indicates that the row is functionally non-
operational (no mapping exists). Devices which support the
ENTERASYS-VLAN-AUTHORIZATION-MIB, and for which the value of
etsysVlanAuthorizationEnable is Enabled and the value of
etsysVlanAuthorizationStatus is Enabled on the port referenced
by the authorization request, should then use the VlanIndex
provisioned (e.g. from the Tunnel-Private-Group-ID RADIUS
attribute) as defined by RFC3580, otherwise, the device should
treat the result as if no matching Policy Profile had been
found (e.g. as a simple success). In the case where a
Policy Profile is already being applied to the referenced
station, but no mapping exists, the device MUST treat the
Tunnel-Private-Group-ID as an override to the
etsysPolicyProfilePortVid defined by that profile (any matched
classification rules which explicit provision a VLAN MUST still
override both the etsysPolicyProfilePortVid and the
Tunnel-Private-Group-ID.)
A non-zero value of this object indicates that the VlanIndex
provisioned (e.g. from the Tunnel-Private-Group-ID RADIUS
attribute) should be mapped to a Policy Profile as defined in
the etsysPolicyProfileTable, and that policy applied as if
the Policy name had been provisioned instead (e.g, in the
Filter-ID RADIUS attribute). If the mapping references a
non-existent row of the etsysPolicyProfileTable, or the
referenced row has a etsysPolicyProfileRowStatus value other
than Active, the device MUST behave as if the mapping did not
exist (apply the vlan-tunnel-attribute). The
etsysPolicyRFC3580MapInvalidMapping MUST then be incremented."
REFERENCE
"IEEE 802.1X RADIUS Usage Guidelines (RFC 3580)"
DEFVAL { 0 }
::= { etsysPolicyRFC3580MapEntry 2 }
etsysPolicyRFC3580MapInvalidMapping OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Increments to indicate the number of times the device has
detected an invalid/unknown EtsysPolicyRFC3580MapEntry
(i.e. one that references an in-active or non-existent
etsysPolicyProfile)."
::= { etsysPolicyRFC3580Map 5 }
-- -------------------------------------------------------------
-- etsysPolicyHttpRedirect group
-- -------------------------------------------------------------
etsysPolicyHttpRedirectMaxNumSockets OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum number of TCP port numbers the device may
listen on simultaneously for HTTP redirection."
::= { etsysPolicyHttpRedirect 1 }
etsysPolicyHttpRedirectNumServerGroups OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of server groups in the
etsysPolicyHttpRedirectServerTable."
::= { etsysPolicyHttpRedirect 2 }
etsysPolicyHttpRedirectMaxNumServer OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of servers that may be configured per
server group in the etsysPolicyHttpRedirectServerTable."
::= { etsysPolicyHttpRedirect 3 }
etsysPolicyHttpRedirectSocketTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyHttpRedirectSocketEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing TCP sockets the device will listen on
for HTTP traffic to redirect. Entries within
this table MUST be considered non-volatile and MUST be
maintained across entity resets."
::= { etsysPolicyHttpRedirect 4 }
etsysPolicyHttpRedirectSocketEntry OBJECT-TYPE
SYNTAX EtsysPolicyHttpRedirectSocketEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Conceptually specifies a TCP socket the device will listen on
for HTTP traffic to redirect."
INDEX { etsysPolicyHttpRedirectSocketIndex }
::= { etsysPolicyHttpRedirectSocketTable 1 }
EtsysPolicyHttpRedirectSocketEntry ::=
SEQUENCE {
etsysPolicyHttpRedirectSocketIndex
Integer32,
etsysPolicyHttpRedirectListenSocket
InetPortNumber
}
etsysPolicyHttpRedirectSocketIndex OBJECT-TYPE
SYNTAX Integer32 (1..10)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary index from 1 to
etsysPolicyHttpRedirectMaxNumSockets."
::= { etsysPolicyHttpRedirectSocketEntry 1 }
etsysPolicyHttpRedirectListenSocket OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"TCP port number (1-65535) that the device will listen on for
HTTP traffic suitable for redirection. A value of 0 indicates
that this entry does not specify a TCP socket to listen on."
DEFVAL { 0 }
::= { etsysPolicyHttpRedirectSocketEntry 2 }
etsysPolicyHttpRedirectServerTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyHttpRedirectServerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing HTTP redirect server group entries."
::= { etsysPolicyHttpRedirect 5 }
etsysPolicyHttpRedirectServerEntry OBJECT-TYPE
SYNTAX EtsysPolicyHttpRedirectServerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Conceptually defines a HTTP redirect server group. Within each
group, one or more redirect servers may be defined. HTTP
redirects will be sent to different servers within a group
using a round-robin algorithm. Entries within this table MUST
be considered non-volatile and MUST be maintained across entity
resets."
INDEX { etsysPolicyHttpRedirectGroupIndex,
etsysPolicyHttpRedirectServerIndex }
::= { etsysPolicyHttpRedirectServerTable 1 }
EtsysPolicyHttpRedirectServerEntry ::=
SEQUENCE {
etsysPolicyHttpRedirectGroupIndex
Integer32,
etsysPolicyHttpRedirectServerIndex
Integer32,
etsysPolicyHttpRedirectServerUri
Uri,
etsysPolicyHttpRedirectServerStatus
EnabledStatus
}
etsysPolicyHttpRedirectGroupIndex OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index referenced by etsysPolicyProfileHttpRedirectIndex
to identify a particular HTTP redirect server group. The
maximum value of this index is specified by the
etsysPolicyHttpRedirectNumServerGroups object."
::= { etsysPolicyHttpRedirectServerEntry 1 }
etsysPolicyHttpRedirectServerIndex OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index for a particular server within the redirect
group. The maximum value of this index is specified by the
etsysPolicyHttpRedirectMaxNumServer object."
::= { etsysPolicyHttpRedirectServerEntry 2 }
etsysPolicyHttpRedirectServerUri OBJECT-TYPE
SYNTAX Uri
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The absolute URI on the redirect server to redirect the user to.
This object MUST specify the scheme, authority and path. The URI
may optionally include a query and/or fragment portions as well."
REFERENCE
"RFC3986 (Uniform Resource Identifier (URI): Generic Syntax)"
DEFVAL { ''H }
::= { etsysPolicyHttpRedirectServerEntry 3 }
etsysPolicyHttpRedirectServerStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A value of enabled(1) causes the entry to be made ready for use
in redirecting HTTP traffic. A set of enabled(1) will only
succeed if the the other entries with STATUS of read-write in
table have been set to appropriate non-default values."
DEFVAL { disabled }
::= { etsysPolicyHttpRedirectServerEntry 4 }
-- -------------------------------------------------------------
-- etsysPolicySystem group
-- -------------------------------------------------------------
etsysPolicyEnabledState OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Controls the enabling and disabling the entire Policy
application.
A value of enabled(1) indicates that all objects in this MIB
module are actively being applied on the device.
A value of disabled(2) indicates that none of the objects
in this MIB are actively being applied.
The agent may optionally implement this leaf as read-only.
All other objects in this MIB module MUST remain available and
configurable regardless of the current value of this object.
This object MUST be considered non-volatile and its value MUST
be maintained across entity resets."
::= { etsysPolicySystem 1 }
-- -------------------------------------------------------------
-- Conformance Information
-- -------------------------------------------------------------
etsysPolicyProfileConformance OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 7 }
etsysPolicyProfileGroups OBJECT IDENTIFIER
::= { etsysPolicyProfileConformance 1 }
etsysPolicyProfileCompliances OBJECT IDENTIFIER
::= { etsysPolicyProfileConformance 2 }
-- -------------------------------------------------------------
-- Units of Conformance
-- -------------------------------------------------------------
etsysPolicyProfileGroup OBJECT-GROUP
OBJECTS {
etsysPolicyProfileMaxEntries,
etsysPolicyProfileNumEntries,
etsysPolicyProfileLastChange,
etsysPolicyProfileTableNextAvailableIndex,
etsysPolicyProfileName,
etsysPolicyProfileRowStatus,
etsysPolicyProfilePortVidStatus,
etsysPolicyProfilePortVid,
etsysPolicyProfilePriorityStatus,
etsysPolicyProfilePriority,
etsysPolicyProfileEgressVlans,
etsysPolicyProfileForbiddenVlans,
etsysPolicyProfileUntaggedVlans,
etsysPolicyProfileOverwriteTCI,
etsysPolicyProfileRulePrecedence,
etsysPolicyProfileVlanRFC3580Mappings
}
STATUS deprecated
DESCRIPTION
"A collection of objects providing Policy Profile Creation."
::= { etsysPolicyProfileGroups 1 }
etsysPolicyClassificationGroup OBJECT-GROUP
OBJECTS {
etsysPolicyClassificationMaxEntries,
etsysPolicyClassificationNumEntries,
etsysPolicyClassificationLastChange,
etsysPolicyClassificationOID,
etsysPolicyClassificationRowStatus,
etsysPolicyClassificationIngressList
}
STATUS deprecated
DESCRIPTION
"A collection of objects providing a mapping between a set
of Classification Rules and a Policy Profile."
::= { etsysPolicyProfileGroups 2 }
etsysPortPolicyProfileGroup OBJECT-GROUP
OBJECTS {
etsysPortPolicyProfileLastChange,
etsysPortPolicyProfileAdminID,
etsysPortPolicyProfileOperID,
etsysPortPolicyProfileSummaryAdminID,
etsysPortPolicyProfileSummaryOperID
}
STATUS deprecated
DESCRIPTION
"A collection of objects providing a mapping from a
specific port to a Policy Profile instance. Only
the read-only portions of this group are now current.
They are listed under etsysPortPolicyProfileGroup2."
::= { etsysPolicyProfileGroups 3 }
etsysStationPolicyProfileGroup OBJECT-GROUP
OBJECTS {
etsysStationPolicyProfileMaxEntries,
etsysStationPolicyProfileNumEntries,
etsysStationPolicyProfileLastChange,
etsysStationIdentifierType,
etsysStationIdentifier,
etsysStationPolicyProfileOperID,
etsysStationPolicyProfilePortType,
etsysStationPolicyProfilePortID
}
STATUS current
DESCRIPTION
"A collection of objects providing a mapping from a
specific station to a Policy Profile instance."
::= { etsysPolicyProfileGroups 5 }
etsysInvalidPolicyPolicyGroup OBJECT-GROUP
OBJECTS {
etsysInvalidPolicyAction,
etsysInvalidPolicyCount
}
STATUS current
DESCRIPTION
"A collection of objects that help to define a mapping
from logical authorization services outcomes to access
control and policy actions."
::= { etsysPolicyProfileGroups 6 }
etsysDevicePolicyProfileGroup OBJECT-GROUP
OBJECTS {
etsysDevicePolicyProfileDefault
}
STATUS current
DESCRIPTION
"An object that provides a device level supplemental policy
for entities that are not able to apply portions of the
profile definition uniquely on individual ports."
::= { etsysPolicyProfileGroups 7 }
etsysPolicyCapabilitiesGroup OBJECT-GROUP
OBJECTS {
etsysPolicyCapabilities,
etsysPolicyVlanRuleCapabilities,
etsysPolicyCosRuleCapabilities,
etsysPolicyDropRuleCapabilities,
etsysPolicyForwardRuleCapabilities,
etsysPolicyDynaPIDRuleCapabilities ,
etsysPolicyAdminPIDRuleCapabilities,
etsysPolicySyslogRuleCapabilities,
etsysPolicyTrapRuleCapabilities,
etsysPolicyDisablePortRuleCapabilities,
etsysPolicySupportedPortList,
etsysPolicyEnabledSupportedRuleTypes,
etsysPolicyEnabledEnabledRuleTypes
}
STATUS deprecated
DESCRIPTION
"An object that indicates the capabilities of the managed
entity with respect to Policy Profiles."
::= { etsysPolicyProfileGroups 8 }
etsysPolicyMapGroup OBJECT-GROUP
OBJECTS {
etsysPolicyMapMaxEntries,
etsysPolicyMapNumEntries,
etsysPolicyMapLastChange,
etsysPolicyMapPvidOverRide,
etsysPolicyMapUnknownPvidPolicy,
etsysPolicyMapRowStatus,
etsysPolicyMapStartVid,
etsysPolicyMapEndVid,
etsysPolicyMapPolicyIndex
}
STATUS obsolete
DESCRIPTION
"This object group has been obsoleted."
::= { etsysPolicyProfileGroups 9 }
etsysPolicyRulesGroup OBJECT-GROUP
OBJECTS {
etsysPolicyRulesMaxEntries,
etsysPolicyRulesNumEntries,
etsysPolicyRulesLastChange,
etsysPolicyRulesAccountingEnable,
etsysPolicyRulesPortDisabledList,
etsysPolicyRuleRowStatus,
etsysPolicyRuleStorageType,
etsysPolicyRuleUsageList,
etsysPolicyRuleResult1,
etsysPolicyRuleResult2,
etsysPolicyRuleAuditSyslogEnable,
etsysPolicyRuleAuditTrapEnable,
etsysPolicyRuleDisablePort,
etsysPolicyRuleOperPid,
etsysPolicyRulePortHit,
etsysPolicyRuleDynamicProfileAssignmentOverride,
etsysPolicyRuleDefaultDynamicSyslogStatus,
etsysPolicyRuleDefaultDynamicTrapStatus,
etsysPolicyRuleStatsAutoClearOnLink,
etsysPolicyRuleStatsAutoClearInterval,
etsysPolicyRuleStatsAutoClearPorts,
etsysPolicyRuleStatsAutoClearOnProfile
}
STATUS deprecated
DESCRIPTION
"An object that indicates the capabilities of the managed
entity with respect to Policy Profiles."
::= { etsysPolicyProfileGroups 10 }
etsysPortPolicyProfileGroup2 OBJECT-GROUP
OBJECTS {
etsysPortPolicyProfileSummaryAdminID,
etsysPortPolicyProfileSummaryOperID,
etsysPortPolicyProfileSummaryDynamicID
}
STATUS current
DESCRIPTION
"A collection of objects providing a mapping from a
specific port to a Policy Profile instance."
::= { etsysPolicyProfileGroups 11 }
etsysPolicyRFC3580MapGroup OBJECT-GROUP
OBJECTS {
etsysPolicyRFC3580MapResolveReponseConflict,
etsysPolicyRFC3580MapLastChange,
etsysPolicyRFC3580MapTableDefault,
etsysPolicyRFC3580MapPolicyIndex,
etsysPolicyRFC3580MapInvalidMapping
}
STATUS current
DESCRIPTION
"An object group that provides support for mapping between RFC
3580 style VLAN-policy and Extreme UPN-policy based on named
roles."
::= { etsysPolicyProfileGroups 12 }
etsysPolicyCapabilitiesGroup2 OBJECT-GROUP
OBJECTS {
etsysPolicyCapabilities,
etsysPolicyVlanRuleCapabilities,
etsysPolicyCosRuleCapabilities,
etsysPolicyDropRuleCapabilities,
etsysPolicyForwardRuleCapabilities,
etsysPolicyDynaPIDRuleCapabilities ,
etsysPolicyAdminPIDRuleCapabilities,
etsysPolicySyslogRuleCapabilities,
etsysPolicyTrapRuleCapabilities,
etsysPolicyDisablePortRuleCapabilities,
etsysPolicySupportedPortList,
etsysPolicyEnabledSupportedRuleTypes,
etsysPolicyEnabledEnabledRuleTypes,
etsysPolicyRuleAttributeByteLength,
etsysPolicyRuleAttributeBitLength,
etsysPolicyRuleAttributeMaxCreatable
}
STATUS deprecated
DESCRIPTION
"An object that indicates the capabilities of
the managed entity with respect to Policy Profiles and
defines the characteristics of policy rule data by rule
type."
::= { etsysPolicyProfileGroups 13 }
etsysPolicyRulesGroup2 OBJECT-GROUP
OBJECTS {
etsysPolicyRulesMaxEntries,
etsysPolicyRulesNumEntries,
etsysPolicyRulesLastChange,
etsysPolicyRulesAccountingEnable,
etsysPolicyRulesPortDisabledList,
etsysPolicyRuleRowStatus,
etsysPolicyRuleStorageType,
etsysPolicyRuleUsageList,
etsysPolicyRuleResult1,
etsysPolicyRuleResult2,
etsysPolicyRuleAuditSyslogEnable,
etsysPolicyRuleAuditTrapEnable,
etsysPolicyRuleDisablePort,
etsysPolicyRuleOperPid,
etsysPolicyRulePortHit,
etsysPolicyRuleDynamicProfileAssignmentOverride,
etsysPolicyRuleDefaultDynamicSyslogStatus,
etsysPolicyRuleDefaultDynamicTrapStatus,
etsysPolicyRuleStatsAutoClearOnLink,
etsysPolicyRuleStatsAutoClearInterval,
etsysPolicyRuleStatsAutoClearPorts,
etsysPolicyRuleStatsAutoClearOnProfile,
etsysPolicyRuleStatsDroppedNotifications,
etsysPolicyRuleSylogMachineReadableFormat
}
STATUS deprecated
DESCRIPTION
"********* THIS GROUP IS DEPRECATED **********
An object that indicates the capabilities of the managed
entity with respect to Policy Profiles."
::= { etsysPolicyProfileGroups 14 }
etsysPolicyRulePortHitNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
etsysPolicyRulePortHitNotification
}
STATUS current
DESCRIPTION
"An object group that provides support for traps sent from the
etsysPolicyRulePortHit event."
::= { etsysPolicyProfileGroups 15 }
etsysPolicyRulesGroup3 OBJECT-GROUP
OBJECTS {
etsysPolicyRulesMaxEntries,
etsysPolicyRulesNumEntries,
etsysPolicyRulesLastChange,
etsysPolicyRulesAccountingEnable,
etsysPolicyRulesPortDisabledList,
etsysPolicyRuleRowStatus,
etsysPolicyRuleStorageType,
etsysPolicyRuleUsageList,
etsysPolicyRuleResult1,
etsysPolicyRuleResult2,
etsysPolicyRuleAuditSyslogEnable,
etsysPolicyRuleAuditTrapEnable,
etsysPolicyRuleDisablePort,
etsysPolicyRuleOperPid,
etsysPolicyRulePortHit,
etsysPolicyRuleDynamicProfileAssignmentOverride,
etsysPolicyRuleDefaultDynamicSyslogStatus,
etsysPolicyRuleDefaultDynamicTrapStatus,
etsysPolicyRuleStatsAutoClearOnLink,
etsysPolicyRuleStatsAutoClearInterval,
etsysPolicyRuleStatsAutoClearPorts,
etsysPolicyRuleStatsAutoClearOnProfile,
etsysPolicyRuleStatsDroppedNotifications,
etsysPolicyRuleSylogMachineReadableFormat,
etsysPolicyRuleSylogExtendedFormat
}
STATUS deprecated
DESCRIPTION
"An object that indicates the capabilities of the managed
entity with respect to Policy Profiles."
::= { etsysPolicyProfileGroups 16 }
etsysPolicyRulesGroup4 OBJECT-GROUP
OBJECTS {
etsysPolicyRulesMaxEntries,
etsysPolicyRulesNumEntries,
etsysPolicyRulesLastChange,
etsysPolicyRulesAccountingEnable,
etsysPolicyRulesPortDisabledList,
etsysPolicyRuleRowStatus,
etsysPolicyRuleStorageType,
etsysPolicyRuleUsageList,
etsysPolicyRuleResult1,
etsysPolicyRuleResult2,
etsysPolicyRuleAuditSyslogEnable,
etsysPolicyRuleAuditTrapEnable,
etsysPolicyRuleDisablePort,
etsysPolicyRuleOperPid,
etsysPolicyRulePortHit,
etsysPolicyRuleDynamicProfileAssignmentOverride,
etsysPolicyRuleDefaultDynamicSyslogStatus,
etsysPolicyRuleDefaultDynamicTrapStatus,
etsysPolicyRuleStatsAutoClearOnLink,
etsysPolicyRuleStatsAutoClearInterval,
etsysPolicyRuleStatsAutoClearPorts,
etsysPolicyRuleStatsAutoClearOnProfile,
etsysPolicyRuleStatsDroppedNotifications,
etsysPolicyRuleSylogMachineReadableFormat,
etsysPolicyRuleSylogExtendedFormat,
etsysPolicyRuleOverwriteTCI,
etsysPolicyRuleMirrorIndex
}
STATUS deprecated
DESCRIPTION
"An object that indicates the capabilities of the managed
entity with respect to Policy Profiles."
::= { etsysPolicyProfileGroups 17 }
etsysPolicyCapabilitiesGroup3 OBJECT-GROUP
OBJECTS {
etsysPolicyCapabilities,
etsysPolicyVlanRuleCapabilities,
etsysPolicyCosRuleCapabilities,
etsysPolicyDropRuleCapabilities,
etsysPolicyForwardRuleCapabilities,
etsysPolicyDynaPIDRuleCapabilities ,
etsysPolicyAdminPIDRuleCapabilities,
etsysPolicySyslogRuleCapabilities,
etsysPolicyTrapRuleCapabilities,
etsysPolicyDisablePortRuleCapabilities,
etsysPolicySupportedPortList,
etsysPolicyEnabledSupportedRuleTypes,
etsysPolicyEnabledEnabledRuleTypes,
etsysPolicyRuleAttributeByteLength,
etsysPolicyRuleAttributeBitLength,
etsysPolicyRuleAttributeMaxCreatable,
etsysPolicyRuleTciOverwriteCapabilities,
etsysPolicyRuleMirrorCapabilities
}
STATUS deprecated
DESCRIPTION
"An object that indicates the capabilities of
the managed entity with respect to Policy Profiles and
defines the characteristics of policy rule data by rule
type."
::= { etsysPolicyProfileGroups 18 }
etsysPolicyProfileGroup2 OBJECT-GROUP
OBJECTS {
etsysPolicyProfileMaxEntries,
etsysPolicyProfileNumEntries,
etsysPolicyProfileLastChange,
etsysPolicyProfileTableNextAvailableIndex,
etsysPolicyProfileName,
etsysPolicyProfileRowStatus,
etsysPolicyProfilePortVidStatus,
etsysPolicyProfilePortVid,
etsysPolicyProfilePriorityStatus,
etsysPolicyProfilePriority,
etsysPolicyProfileEgressVlans,
etsysPolicyProfileForbiddenVlans,
etsysPolicyProfileUntaggedVlans,
etsysPolicyProfileOverwriteTCI,
etsysPolicyProfileRulePrecedence,
etsysPolicyProfileVlanRFC3580Mappings,
etsysPolicyProfileMirrorIndex,
etsysPolicyProfileAuditSyslogEnable,
etsysPolicyProfileAuditTrapEnable,
etsysPolicyProfileDisablePort
}
STATUS deprecated
DESCRIPTION
"A collection of objects providing Policy Profile Creation."
::= { etsysPolicyProfileGroups 19 }
etsysPolicyRulesGroup5 OBJECT-GROUP
OBJECTS {
etsysPolicyRulesMaxEntries,
etsysPolicyRulesNumEntries,
etsysPolicyRulesLastChange,
etsysPolicyRulesAccountingEnable,
etsysPolicyRulesPortDisabledList,
etsysPolicyRuleRowStatus,
etsysPolicyRuleStorageType,
etsysPolicyRuleUsageList,
etsysPolicyRuleResult1,
etsysPolicyRuleResult2,
etsysPolicyRuleAuditSyslogEnable,
etsysPolicyRuleAuditTrapEnable,
etsysPolicyRuleDisablePort,
etsysPolicyRuleOperPid,
etsysPolicyRulePortHit,
etsysPolicyRuleDynamicProfileAssignmentOverride,
etsysPolicyRuleDefaultDynamicSyslogStatus,
etsysPolicyRuleDefaultDynamicTrapStatus,
etsysPolicyRuleStatsAutoClearOnLink,
etsysPolicyRuleStatsAutoClearInterval,
etsysPolicyRuleStatsAutoClearPorts,
etsysPolicyRuleStatsAutoClearOnProfile,
etsysPolicyRuleStatsDroppedNotifications,
etsysPolicyRuleSylogMachineReadableFormat,
etsysPolicyRuleSylogExtendedFormat,
etsysPolicyRuleSylogEveryTime,
etsysPolicyRuleOverwriteTCI,
etsysPolicyRuleMirrorIndex
}
STATUS deprecated
DESCRIPTION
"An object that indicates the capabilities of the managed
entity with respect to Policy Profiles."
::= { etsysPolicyProfileGroups 20 }
etsysPolicyCapabilitiesGroup4 OBJECT-GROUP
OBJECTS {
etsysPolicyCapabilities,
etsysPolicyVlanRuleCapabilities,
etsysPolicyCosRuleCapabilities,
etsysPolicyDropRuleCapabilities,
etsysPolicyForwardRuleCapabilities,
etsysPolicyDynaPIDRuleCapabilities ,
etsysPolicyAdminPIDRuleCapabilities,
etsysPolicySyslogRuleCapabilities,
etsysPolicyTrapRuleCapabilities,
etsysPolicyDisablePortRuleCapabilities,
etsysPolicySupportedPortList,
etsysPolicyEnabledSupportedRuleTypes,
etsysPolicyEnabledEnabledRuleTypes,
etsysPolicyEnabledEgressEnabled,
etsysPolicyRuleAttributeByteLength,
etsysPolicyRuleAttributeBitLength,
etsysPolicyRuleAttributeMaxCreatable,
etsysPolicyRuleTciOverwriteCapabilities,
etsysPolicyRuleMirrorCapabilities
}
STATUS deprecated
DESCRIPTION
"An object that indicates the capabilities of
the managed entity with respect to Policy Profiles and
defines the characteristics of policy rule data by rule
type."
::= { etsysPolicyProfileGroups 21 }
etsysPolicyProfileGroup3 OBJECT-GROUP
OBJECTS {
etsysPolicyProfileMaxEntries,
etsysPolicyProfileNumEntries,
etsysPolicyProfileLastChange,
etsysPolicyProfileTableNextAvailableIndex,
etsysPolicyProfileName,
etsysPolicyProfileRowStatus,
etsysPolicyProfilePortVidStatus,
etsysPolicyProfilePortVid,
etsysPolicyProfilePriorityStatus,
etsysPolicyProfilePriority,
etsysPolicyProfileEgressVlans,
etsysPolicyProfileForbiddenVlans,
etsysPolicyProfileUntaggedVlans,
etsysPolicyProfileOverwriteTCI,
etsysPolicyProfileRulePrecedence,
etsysPolicyProfileVlanRFC3580Mappings,
etsysPolicyProfileMirrorIndex,
etsysPolicyProfileAuditSyslogEnable,
etsysPolicyProfileAuditTrapEnable,
etsysPolicyProfileDisablePort,
etsysPolicyProfileUsageList
}
STATUS deprecated
DESCRIPTION
"********* THIS GROUP IS DEPRECATED **********
A collection of objects providing Policy Profile Creation."
::= { etsysPolicyProfileGroups 22 }
etsysPolicyProfileGroup4 OBJECT-GROUP
OBJECTS {
etsysPolicyProfileMaxEntries,
etsysPolicyProfileNumEntries,
etsysPolicyProfileLastChange,
etsysPolicyProfileTableNextAvailableIndex,
etsysPolicyProfileName,
etsysPolicyProfileRowStatus,
etsysPolicyProfilePortVidStatus,
etsysPolicyProfilePortVid,
etsysPolicyProfilePriorityStatus,
etsysPolicyProfilePriority,
etsysPolicyProfileEgressVlans,
etsysPolicyProfileForbiddenVlans,
etsysPolicyProfileUntaggedVlans,
etsysPolicyProfileOverwriteTCI,
etsysPolicyProfileRulePrecedence,
etsysPolicyProfileVlanRFC3580Mappings,
etsysPolicyProfileMirrorIndex,
etsysPolicyProfileAuditSyslogEnable,
etsysPolicyProfileAuditTrapEnable,
etsysPolicyProfileDisablePort,
etsysPolicyProfileUsageList,
etsysPolicyProfileFstIndex
}
STATUS deprecated
DESCRIPTION
"A collection of objects providing Policy Profile Creation."
::= { etsysPolicyProfileGroups 23 }
etsysPolicyRulesGroup6 OBJECT-GROUP
OBJECTS {
etsysPolicyRulesMaxEntries,
etsysPolicyRulesNumEntries,
etsysPolicyRulesLastChange,
etsysPolicyRulesAccountingEnable,
etsysPolicyRulesPortDisabledList,
etsysPolicyRuleRowStatus,
etsysPolicyRuleStorageType,
etsysPolicyRuleUsageList,
etsysPolicyRuleResult1,
etsysPolicyRuleResult2,
etsysPolicyRuleAuditSyslogEnable,
etsysPolicyRuleAuditTrapEnable,
etsysPolicyRuleDisablePort,
etsysPolicyRuleOperPid,
etsysPolicyRulePortHit,
etsysPolicyRuleDynamicProfileAssignmentOverride,
etsysPolicyRuleDefaultDynamicSyslogStatus,
etsysPolicyRuleDefaultDynamicTrapStatus,
etsysPolicyRuleStatsAutoClearOnLink,
etsysPolicyRuleStatsAutoClearInterval,
etsysPolicyRuleStatsAutoClearPorts,
etsysPolicyRuleStatsAutoClearOnProfile,
etsysPolicyRuleStatsDroppedNotifications,
etsysPolicyRuleSylogMachineReadableFormat,
etsysPolicyRuleSylogExtendedFormat,
etsysPolicyRuleSylogEveryTime,
etsysPolicyRuleOverwriteTCI,
etsysPolicyRuleMirrorIndex,
etsysPolicyRuleQuarantineProfileIndex
}
STATUS current
DESCRIPTION
"An object that indicates the capabilities of the managed
entity with respect to Policy Profiles."
::= { etsysPolicyProfileGroups 24 }
etsysPolicyCapabilitiesGroup5 OBJECT-GROUP
OBJECTS {
etsysPolicyCapabilities,
etsysPolicyVlanRuleCapabilities,
etsysPolicyCosRuleCapabilities,
etsysPolicyDropRuleCapabilities,
etsysPolicyForwardRuleCapabilities,
etsysPolicyDynaPIDRuleCapabilities ,
etsysPolicyAdminPIDRuleCapabilities,
etsysPolicySyslogRuleCapabilities,
etsysPolicyTrapRuleCapabilities,
etsysPolicyDisablePortRuleCapabilities,
etsysPolicySupportedPortList,
etsysPolicyEnabledSupportedRuleTypes,
etsysPolicyEnabledEnabledRuleTypes,
etsysPolicyEnabledEgressEnabled,
etsysPolicyRuleAttributeByteLength,
etsysPolicyRuleAttributeBitLength,
etsysPolicyRuleAttributeMaxCreatable,
etsysPolicyRuleTciOverwriteCapabilities,
etsysPolicyRuleMirrorCapabilities,
etsysPolicyRuleQuarantineCapabilities
}
STATUS current
DESCRIPTION
"An object that indicates the capabilities of
the managed entity with respect to Policy Profiles and
defines the characteristics of policy rule data by rule
type."
::= { etsysPolicyProfileGroups 25 }
etsysPolicyNonVolatileRulesGroup OBJECT-GROUP
OBJECTS {
etsysPolicyNonVolatileRulesLastChange,
etsysPolicyNonVolatileRuleRowStatus,
etsysPolicyNonVolatileRuleStorageType,
etsysPolicyNonVolatileRuleUsageList,
etsysPolicyNonVolatileRuleResult1,
etsysPolicyNonVolatileRuleResult2,
etsysPolicyNonVolatileRuleAuditSyslogEnable,
etsysPolicyNonVolatileRuleAuditTrapEnable,
etsysPolicyNonVolatileRuleDisablePort,
etsysPolicyNonVolatileRuleOperPid,
etsysPolicyNonVolatileRuleOverwriteTCI,
etsysPolicyNonVolatileRuleMirrorIndex,
etsysPolicyNonVolatileRuleQuarantineProfileIndex
}
STATUS current
DESCRIPTION
"An object that indicates the capabilities of the managed
entity with respect to Policy Non-Volatile Rules."
::= { etsysPolicyProfileGroups 26 }
etsysPolicyProfileGroup5 OBJECT-GROUP
OBJECTS {
etsysPolicyProfileMaxEntries,
etsysPolicyProfileNumEntries,
etsysPolicyProfileLastChange,
etsysPolicyProfileTableNextAvailableIndex,
etsysPolicyProfileName,
etsysPolicyProfileRowStatus,
etsysPolicyProfilePortVidStatus,
etsysPolicyProfilePortVid,
etsysPolicyProfilePriorityStatus,
etsysPolicyProfilePriority,
etsysPolicyProfileEgressVlans,
etsysPolicyProfileForbiddenVlans,
etsysPolicyProfileUntaggedVlans,
etsysPolicyProfileOverwriteTCI,
etsysPolicyProfileRulePrecedence,
etsysPolicyProfileVlanRFC3580Mappings,
etsysPolicyProfileMirrorIndex,
etsysPolicyProfileAuditSyslogEnable,
etsysPolicyProfileAuditTrapEnable,
etsysPolicyProfileDisablePort,
etsysPolicyProfileUsageList,
etsysPolicyProfileFstIndex,
etsysPolicyProfileHttpRedirectIndex
}
STATUS deprecated
DESCRIPTION
"A collection of objects providing Policy Profile Creation."
::= { etsysPolicyProfileGroups 27 }
etsysPolicyHttpRedirectGroup OBJECT-GROUP
OBJECTS {
etsysPolicyHttpRedirectMaxNumSockets,
etsysPolicyHttpRedirectNumServerGroups,
etsysPolicyHttpRedirectMaxNumServer,
etsysPolicyHttpRedirectListenSocket,
etsysPolicyHttpRedirectServerUri,
etsysPolicyHttpRedirectServerStatus,
etsysPolicyRuleHttpRedirectIndex
}
STATUS current
DESCRIPTION
"A collection of objects providing HTTP Redirect configuration
and status."
::= { etsysPolicyProfileGroups 28 }
etsysPolicySystemGroup OBJECT-GROUP
OBJECTS {
etsysPolicyEnabledState
}
STATUS current
DESCRIPTION
"A collection of objects pertaining to system level configuration
of the policy application."
::= { etsysPolicyProfileGroups 29 }
etsysPolicyProfileGroup6 OBJECT-GROUP
OBJECTS {
etsysPolicyProfileMaxEntries,
etsysPolicyProfileNumEntries,
etsysPolicyProfileLastChange,
etsysPolicyProfileTableNextAvailableIndex,
etsysPolicyProfileName,
etsysPolicyProfileRowStatus,
etsysPolicyProfilePortVidStatus,
etsysPolicyProfilePortVid,
etsysPolicyProfilePriorityStatus,
etsysPolicyProfilePriority,
etsysPolicyProfileEgressVlans,
etsysPolicyProfileForbiddenVlans,
etsysPolicyProfileUntaggedVlans,
etsysPolicyProfileOverwriteTCI,
etsysPolicyProfileRulePrecedence,
etsysPolicyProfileVlanRFC3580Mappings,
etsysPolicyProfileMirrorIndex,
etsysPolicyProfileAuditSyslogEnable,
etsysPolicyProfileAuditTrapEnable,
etsysPolicyProfileDisablePort,
etsysPolicyProfileUsageList,
etsysPolicyProfileFstIndex,
etsysPolicyProfileHttpRedirectIndex,
etsysPolicyProfilePortAuthOverride
}
STATUS current
DESCRIPTION
"A collection of objects providing Policy Profile Creation."
::= { etsysPolicyProfileGroups 30 }
-- -------------------------------------------------------------
-- compliance statements
-- -------------------------------------------------------------
etsysPolicyProfileCompliance MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles.
This compliance statement was deprecated to add
mandatory support for the etsysPolicyCapabilitiesGroup
and conditionally mandatory support for the
etsysDevicePolicyProfileGroup."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup,
etsysPortPolicyProfileGroup }
GROUP etsysPolicyClassificationGroup
DESCRIPTION
"The etsysPolicyClassification group is mandatory only
for agents which support advanced packet classification."
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
::= { etsysPolicyProfileCompliances 1 }
etsysPolicyProfileCompliance2 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles.
This compliance state was deprecated to remove the
conditional support of the etsysPolicyClassificationGroup,
and add support for the etsysPolicyRFC3580MapGroup and the
etsysPolicyRulesGroup."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup,
etsysPortPolicyProfileGroup,
etsysPolicyCapabilitiesGroup }
GROUP etsysPolicyClassificationGroup
DESCRIPTION
"The etsysPolicyClassification group is mandatory only
for agents which support advanced packet classification."
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
::= { etsysPolicyProfileCompliances 2 }
etsysPolicyProfileCompliance3 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
::= { etsysPolicyProfileCompliances 3 }
etsysPolicyProfileCompliance4 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup2 }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup2
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
GROUP etsysPolicyRulePortHitNotificationGroup
DESCRIPTION
"The etsysPolicyRulePortHitNotificationGroup is optional for
agents that support rule use accounting."
::= { etsysPolicyProfileCompliances 4 }
etsysPolicyProfileCompliance5 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup2 }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup3
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
GROUP etsysPolicyRulePortHitNotificationGroup
DESCRIPTION
"The etsysPolicyRulePortHitNotificationGroup is optional for
agents that support rule use accounting."
::= { etsysPolicyProfileCompliances 5 }
etsysPolicyProfileCompliance6 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup3 }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup4
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
GROUP etsysPolicyRulePortHitNotificationGroup
DESCRIPTION
"The etsysPolicyRulePortHitNotificationGroup is optional for
agents that support rule use accounting."
::= { etsysPolicyProfileCompliances 6 }
etsysPolicyProfileCompliance7 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup3,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup4 }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup5
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
GROUP etsysPolicyRulePortHitNotificationGroup
DESCRIPTION
"The etsysPolicyRulePortHitNotificationGroup is optional for
agents that support rule use accounting."
::= { etsysPolicyProfileCompliances 7 }
etsysPolicyProfileCompliance8 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup4,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup4 }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup5
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
GROUP etsysPolicyRulePortHitNotificationGroup
DESCRIPTION
"The etsysPolicyRulePortHitNotificationGroup is optional for
agents that support rule use accounting."
::= { etsysPolicyProfileCompliances 8 }
etsysPolicyProfileCompliance9 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup4,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup5 }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup6
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
GROUP etsysPolicyRulePortHitNotificationGroup
DESCRIPTION
"The etsysPolicyRulePortHitNotificationGroup is optional for
agents that support rule use accounting."
::= { etsysPolicyProfileCompliances 9 }
etsysPolicyNonVolatileRuleCompliances MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for devices that support the Policy
Non-Volatile Rule table."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyRulesGroup6 }
GROUP etsysPolicyNonVolatileRulesGroup
DESCRIPTION
"The etsysPolicyNonVolatileRulesGroup is optional
for agents that support Policy rule accounting and
usage reporting."
::= { etsysPolicyProfileCompliances 10 }
etsysPolicyProfileCompliance10 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup5,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup5 }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup6
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
GROUP etsysPolicyRulePortHitNotificationGroup
DESCRIPTION
"The etsysPolicyRulePortHitNotificationGroup is optional for
agents that support rule use accounting."
GROUP etsysPolicyHttpRedirectGroup
DESCRIPTION
"The etsysPolicyHttpRedirectGroup is mandantory for agents
that support HTTP redirect via the policy profile."
::= { etsysPolicyProfileCompliances 11 }
etsysPolicyProfileCompliance11 MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup5,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup5,
etsysPolicySystemGroup }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup6
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
GROUP etsysPolicyRulePortHitNotificationGroup
DESCRIPTION
"The etsysPolicyRulePortHitNotificationGroup is optional for
agents that support rule use accounting."
GROUP etsysPolicyHttpRedirectGroup
DESCRIPTION
"The etsysPolicyHttpRedirectGroup is mandantory for agents
that support HTTP redirect via the policy profile."
OBJECT etsysPolicyEnabledState
SYNTAX EnabledStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { etsysPolicyProfileCompliances 12 }
etsysPolicyProfileCompliance12 MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for devices that support Policy
Profiles."
MODULE -- this module
MANDATORY-GROUPS { etsysPolicyProfileGroup6,
etsysPortPolicyProfileGroup2,
etsysPolicyCapabilitiesGroup5,
etsysPolicySystemGroup }
GROUP etsysStationPolicyProfileGroup
DESCRIPTION
"The etsysStationPolicyProfileGroup is mandatory only
for agents which support station-based policy application."
GROUP etsysInvalidPolicyPolicyGroup
DESCRIPTION
"The etsysInvalidPolicyPolicyGroup is mandatory only
for agents which support provisioning of policy based on
AAA services such as RADIUS."
GROUP etsysDevicePolicyProfileGroup
DESCRIPTION
"The etsysDevicePolicyProfileGroup is mandatory for agents
that cannot support complete policies on a per port basis."
GROUP etsysPolicyRFC3580MapGroup
DESCRIPTION
"The etsysPolicyRFC3580MapGroup is mandatory for agents that
support RFC 3580 compliance."
GROUP etsysPolicyRulesGroup6
DESCRIPTION
"The etsysPolicyRulesGroup is mandatory for agents that
support Policy rule accounting and usage reporting."
GROUP etsysPolicyRulePortHitNotificationGroup
DESCRIPTION
"The etsysPolicyRulePortHitNotificationGroup is optional for
agents that support rule use accounting."
GROUP etsysPolicyHttpRedirectGroup
DESCRIPTION
"The etsysPolicyHttpRedirectGroup is mandantory for agents
that support HTTP redirect via the policy profile."
OBJECT etsysPolicyEnabledState
SYNTAX EnabledStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { etsysPolicyProfileCompliances 13 }
END
View Git Blame Copy Permalink