POLICY-MIB DEFINITIONS ::= BEGIN IMPORTS TimeTicks, IpAddress FROM RFC1155-SMI RowStatus FROM SNMPv2-TC OBJECT-TYPE FROM RFC-1212 xylanPolicy FROM XYLAN-BASE-MIB MODULE-IDENTITY FROM SNMPv2-SMI DisplayString FROM RFC1213-MIB; policyManager MODULE-IDENTITY LAST-UPDATED "0001110000Z" ORGANIZATION "Alcatel Internetworking, Inc." CONTACT-INFO "Alcatel Internetworking, Inc. 26801 W. Agoura Road Calabasas, CA 91301 USA Phone: +1 818-880-3500" DESCRIPTION "Initial version of the policy manager MIB for monitoring and controlling policy functions." ::= { xylanPolicy 1 } policyManagerObjects OBJECT IDENTIFIER ::= { policyManager 1 } serverPolicyDecision OBJECT-TYPE SYNTAX INTEGER { none(0), reapplyFlowPolicy(1) -- reapplyAuthenticationPolicy(2), } ACCESS read-write STATUS mandatory DESCRIPTION "This object allows an NMS application to influence the policy manager's treatment of existing policy decisions that were established by the policy manager. By setting reapplyFlowPolicy, an NMS can cause the policy manager to reevaluate all the existing flows against the current policy. In the event a flow is no longer valid, the flow will be terminated by the policy manager." DEFVAL { none } ::= { policyManagerObjects 1 } rsvpDefaultPolicy OBJECT-TYPE SYNTAX INTEGER { accept(1), deny(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object allows an NMS application to define the agent action when there are no policy servers available to a switch. When this object is set to accept(1), the policy manager in the switch will allow all RSVP control message requests. When set to deny(2), the policy manager will deny all RSVP control message requests." DEFVAL { accept } ::= { policyManagerObjects 2 } policyManagerEventTableSize OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the size of the policy manager event table. When this object is set, the subagent adjusts the event table to meet the size defined." DEFVAL { 50 } ::= { policyManagerObjects 3 } directoryServerTable OBJECT-TYPE SYNTAX SEQUENCE OF DirectoryServerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table contains information related to the LDAP-based directory server from the perspective of the policy manager." ::= { policyManagerObjects 4 } directoryServerEntry OBJECT-TYPE SYNTAX DirectoryServerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the directory server table. Each entry represents a directory server instance to the policy manager." INDEX {directoryServerIpAddress, directoryServerPort} ::= {directoryServerTable 1} DirectoryServerEntry ::= SEQUENCE { directoryServerIpAddress IpAddress, directoryServerPort INTEGER (0..2147483647), directoryServerPreference INTEGER (0..65535), directoryServerAuthenticationType INTEGER, directoryServerUserId DisplayString, directoryServerPassword DisplayString, directoryServerPublicKey INTEGER, directoryServerSearchbase DisplayString, directoryServerCacheChange INTEGER, directoryServerLastChange TimeTicks, directoryServerAdminStatus INTEGER, directoryServerOperStatus INTEGER, directoryServerRowStatus RowStatus } directoryServerIpAddress OBJECT-TYPE SYNTAX IpAddress ACCESS not-accessible STATUS mandatory DESCRIPTION "This object contains the IP Address representing an LDAP server. The policy manager uses this object combined with the directory server port number to uniquely identify an LDAP server to use for directory queries and updates." ::= {directoryServerEntry 1} directoryServerPort OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS not-accessible STATUS mandatory DESCRIPTION "This object contains the TCP port number, which, along with the directory server IP address, identifies the LDAP server." ::= {directoryServerEntry 2} directoryServerPreference OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object represents the relative preference of the server entry. The higher the value of this object, the greater the preference the policy manager places on using this server for LDAP queries. Tis object is used when the policy manager uses server selection based on the configured preference." DEFVAL { 0 } ::= {directoryServerEntry 3} directoryServerAuthenticationType OBJECT-TYPE SYNTAX INTEGER { none(0), simplePassword(1), kerberos(2), publicKey(3) } ACCESS read-write STATUS mandatory DESCRIPTION "The value of this object specifies what athentication mechanism the LDAP server expects. For simplePassword(1), the policy manager uses the directoryServerPassword object for each LDAP query. For kerberos and publicKey... The none(0) value directs the policy manager to use the 'anonymous' method for LDAP queries." DEFVAL { none } ::= {directoryServerEntry 4} directoryServerUserId OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "This object only has significance when the directoryServerAuthenticationType has a value of simplePassword(1). This simple display string is used by the policy manager in LDAP queries and updates." ::= {directoryServerEntry 5} directoryServerPassword OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "This object only has significance when the directoryServerAuthenticationType has a value of simplePassword(1). This simple display string is used by the policy manager in LDAP queries and updates." ::= {directoryServerEntry 6} directoryServerPublicKey OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object only has significance when the directoryServerAuthenticationType has a value of publicKey(3)." DEFVAL { 0 } ::= {directoryServerEntry 7} directoryServerSearchbase OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the base object required for LDAP search operations. This object represents, in distinguished name format, the point where server searches start. Generally, this object represents the base object of the organization." DEFVAL { "o=Xylan Coproration,c=US" } ::= {directoryServerEntry 8} directoryServerCacheChange OBJECT-TYPE SYNTAX INTEGER { none(0), recachePolicy(1), recacheAll(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object allows an NMS application to influence the policy manager's cache of policy-related data when this server becomes the primary LDAP server selected for the switch. Setting this object to recachePolicy(1) conveys to the policy manager that the policy class object should be obtained from the LDAP server represented by this table entry when this server becomes the primary LDAP server. By setting this object to 'none', the policy manager will use the existing policy and policy rule cache rather than reloading the policy data from this server. In the case where there is no policy cache (for instance, when the switch powers up) the policy manager will attempt to reload the policy class cache even if this object is set to 'none'. " DEFVAL { none } ::= {directoryServerEntry 9} directoryServerLastChange OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "This object contains the value of sysUpTime at the time of the last creation, deletion or modification of an object in this table entry." ::= {directoryServerEntry 10} directoryServerAdminStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the desired administrative state of the directory server. The up and down states control the policy manager's decision to user the server for LDAP queries and updates." DEFVAL { up } ::= {directoryServerEntry 11} directoryServerOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), unknown(3), testing(4) } ACCESS read-only STATUS mandatory DESCRIPTION "This object identifies the current operational state of the LDAP server. Semantics of this object closely resemble the ifOperStatus definition, however, the LDAP application layer is NOT modeled as an interface as defined by RFC2233." ::= {directoryServerEntry 12} directoryServerRowStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-write STATUS mandatory DESCRIPTION "This object is used to create a new table enmtry or modify or delete an existing table entry in this table." DEFVAL { createAndGo } ::= {directoryServerEntry 13} -- The policyEventTable entries, indexed by Policy Event Index, have the -- following attributes: policyEventTable OBJECT-TYPE SYNTAX SEQUENCE OF PolicyEventEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table contains significant events related to the operation of the policy manager. " ::= { policyManagerObjects 5} policyEventEntry OBJECT-TYPE SYNTAX PolicyEventEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the policy manager event table." INDEX { policyEventIndex } ::= {policyEventTable 1} PolicyEventEntry ::= SEQUENCE { policyEventIndex INTEGER, policyEventCode INTEGER, policyEventDetailString DisplayString, policyEventTime TimeTicks } policyEventIndex OBJECT-TYPE SYNTAX INTEGER ACCESS not-accessible STATUS mandatory DESCRIPTION "This object uniquely identifies the event record." ::= {policyEventEntry 1} policyEventCode OBJECT-TYPE SYNTAX INTEGER { eventInitLog(1), eventBadMessageType(2), eventBadMessageSystem(3), eventBadMessageSubtype(4), eventMessageProtocolError(5), eventPolicyRequest(6), eventPolicyResponse(7), eventLdapResponse(8), eventNullPacket(9), eventUnknownPacket(10), eventTooManyTasks(11), eventQosTestSend(12), eventMemoryError(13), eventLdapSend(14), eventTaskSpawnFail(15), eventLdapInit(16), eventLdapBind(17), eventLdapSearch(18), eventLdapResult(19), eventTooManyRequests(20), eventReportState(21), eventServerStateChange(22), eventLdapTimeOut(23), eventLdapSearchEnd(24), eventLdapSearchBegin(25), eventGeneralTimer1(26), eventGeneralTimer2(27), eventLdapUnexpectedMsg(28), eventStateEventUnknown(29), eventIllegalPortState(30), eventFlowNackByQosM(31), eventLdapSyntaxSourceAddr(32), eventReportStateBadFlow(33), eventLdapSyntaxDestAddr(34), eventLdapSyntaxBWShare(35), eventLdapSyntaxInDSByte(36), eventLdapSyntaxOutDSByte(37), eventLdapSyntaxRecDSByte(38), eventLdapSyntaxPVPMonth(39), eventLdapSyntaxPVPDoW(40), eventLdapSyntaxPVPToD(41), eventLdapSyntaxPVPTime(42), eventLdapSyntaxSPort(43), eventLdapSyntaxDPort(44), eventLdapSyntaxPVPTime2(45), eventLdapReferenceTP(46), eventLdapReferencePVP(47), eventLdapReferenceRSVPA(48), eventLdapReferenceDSA(49), eventLdapReferenceRGroup(50), eventInternalCodeError(51), eventLdapSelectError(52), eventLdapReferenceXYLAN(53), eventDebugMemoryAlloc(54), eventDebugMemoryFree(55), eventPolicyCacheFlushed(56), eventLdapServerDefined(57), eventPolicyCacheLoaded(58), eventEndFlowAggRateError(59), pyEventPolicyReapply(60), pyEventFlowCreated(61), pyEventFlowDeleted(62), pyEventFlowDeletedByPolicy(63), pyEventFlowRenegotiated(64), pyEventLdapSyntaxSourceMACAddr(65), pyEventLdapSyntaxDestMACAddr(66), pyEventTimeoutQosmInterface(67), pyEventLdapServerDeleted(68), pyEventOptimizedPvpMonth(69), pyEventOptimizedPvpDoW(70), pyEventPvpMonitorEnded(71), pyEventZeroPvpMonth(72), pyEventZeroPvpDoW(73), pyEventRuleScope(74), pyEventPolicyRulesFlushed(75), pyEventPolicyRulePushed(76), pyEventL3PolicyActivate(77), pyEventL3PolicyDeactivate(78) } ACCESS read-only STATUS mandatory DESCRIPTION "This object identifies the event that occurred. The internal protocol error and LDAP error events are rollup events that represent a collection of events with similar characteristics. The internal error event occurs due to software resource or logic problems; the LDAP error occurs because of LDAP init, search, format, protocol or other similar errors. The eventPolicyImplementationError(6) indicates that the policy manager provided a policy 'grant' decision that could not be implemented becuse of resource limitations." ::= {policyEventEntry 2} policyEventDetailString OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "This object gives details about the event that took place. Included in the string are (potentially) fields that provide more specific fault location and isolation, context resolution, and event (error) instance information." ::= {policyEventEntry 3} policyEventTime OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "This object contains the value of sysUpTime at the time the event ocurred." ::= {policyEventEntry 4} policyRuleNamesTable OBJECT-TYPE SYNTAX SEQUENCE OF PolicyRuleNamesEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table contains information that identifies the LDAP-based policy rules defined on a directory server that the policy manager will use for making policy decisions." ::= { policyManagerObjects 6} policyRuleNamesEntry OBJECT-TYPE SYNTAX PolicyRuleNamesEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the policy rules table. Each entry represents the name of a policy rule on the directory server. The policy manager uses these names to build the correct policy rules." INDEX {policyRuleNamesIndex} ::= {policyRuleNamesTable 1} PolicyRuleNamesEntry ::= SEQUENCE { policyRuleNamesIndex INTEGER, policyRuleNamesName DisplayString, policyRuleNamesRowStatus RowStatus } policyRuleNamesIndex OBJECT-TYPE SYNTAX INTEGER ACCESS not-accessible STATUS mandatory DESCRIPTION "This object is a unique index identifying the policyRuleNames entry." ::= { policyRuleNamesEntry 1 } policyRuleNamesName OBJECT-TYPE SYNTAX DisplayString ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the name of the policyRule that the policy manager will use to build a switch policy. The name coincides with the directory server class name equivalent." ::= { policyRuleNamesEntry 2 } policyRuleNamesRowStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-write STATUS mandatory DESCRIPTION "This object is used to create or delete a row in the policy rules table. Setting this value to 'destroy' removes a policyRule entry from the switch's search list while setting this value to 'create' allows an NMS to establish a policy rule for the switch. " ::= { policyRuleNamesEntry 3 } -- -- The following table defines the objects maintained by the policy -- manager representing statistics available on a per policy server instance. -- The objects in this table correspond directly to the similarly named -- objects in , except that the objects in -- the draft are scalars. -- policyStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF PolicyStatsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION " " ::= { policyManagerObjects 7 } policyStatsEntry OBJECT-TYPE SYNTAX PolicyStatsEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the policy manager stats table." INDEX { policyStatsIpAddress, policyStatsServerPort } ::= {policyStatsTable 1} PolicyStatsEntry ::= SEQUENCE { policyStatsIpAddress IpAddress, policyStatsServerPort INTEGER (0..2147483647), policyStatsQueryCount INTEGER, policyStatsAccessCount INTEGER, policyStatsSuccessAccessCount INTEGER, policyStatsNotFoundCount INTEGER } policyStatsIpAddress OBJECT-TYPE SYNTAX IpAddress ACCESS not-accessible STATUS mandatory DESCRIPTION "IP index to the policy server related to these statistics" ::= { policyStatsEntry 1 } policyStatsServerPort OBJECT-TYPE SYNTAX INTEGER (0..2147483647) ACCESS not-accessible STATUS mandatory DESCRIPTION "Port index to the policy server related to these statistics" ::= { policyStatsEntry 2 } policyStatsQueryCount OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The total number of times that a policy lookup occurred. This is the number of times that a reference was made to a policy definition at a system and includes the number of times that a policy repository was accessed, PolicyAccessCount. The object PolicyAccessCount should be less than PolicyQueryCount when policy definitions are cached at a system." ::= { policyStatsEntry 3 } policyStatsAccessCount OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Total number of times that a policy repository was accessed. The value of this object should be less than PolicyQueryCount, since typically policy entries are cached to minimize repository accesses." ::= { policyStatsEntry 4 } policyStatsSuccessAccessCount OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Total number of successful policy repository accesses." ::= { policyStatsEntry 5 } policyStatsNotFoundCount OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Total number of policy repository accesses that resulted in an entry not being located." ::= { policyStatsEntry 6 } -- The policyNotificationTable allows an NMS to control notifications produced -- by a switch subagent. policyNotificationTable OBJECT-TYPE SYNTAX SEQUENCE OF PolicyNotificationEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table contains an association between an event ID and the notification method that the policy manager uses to convey to an NMS that the event occurred. " ::= { policyManagerObjects 8 } policyNotificationEntry OBJECT-TYPE SYNTAX PolicyNotificationEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry in the policy manager notification table." INDEX { policyNotificationIndex } ::= {policyNotificationTable 1} PolicyNotificationEntry ::= SEQUENCE { policyNotificationIndex INTEGER, policyNotificationCode INTEGER } policyNotificationIndex OBJECT-TYPE SYNTAX INTEGER ACCESS not-accessible STATUS mandatory DESCRIPTION "This object is a unique index identifying the policyNotification entry. This index corresponds to the same value as the policyEvent." ::= { policyNotificationEntry 1 } policyNotificationCode OBJECT-TYPE SYNTAX INTEGER { noNotification(0), writeToLog(1), sendTrap(2), logAndTrap(3) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the notification method used to convey information about switch events to the NMS. The notification code allows for multiple notification methods, updated by an NMS by setting the appropriate method corresponding to the event index ." ::= { policyNotificationEntry 2 } END