--======================================================== -- -- MIB : Policy Lucent Ltd -- -- Version : 1.2.1 16 August 2000 -- -- RCS Id : -- --======================================================== -- -- Copyright 2000 LANNET, Ltd. -- All Rights Reserved. -- -- Reproduction of this document is authorized on condition -- that the foregoing copyright notice is included. -- -- This LANNET SNMP Management Information Base Specification -- (Specification) embodies LANNET confidential and -- Proprietary intellectual property. LANNET retains all -- Title and ownership in the Specification, including any revisions -- -- It is LANNET's intent to encourage the widespread use of this -- Specification in connection with the management of LANNET products. -- LANNET grants vendors, end-users, and other interested parties -- a non-exclusive license to use this Specification in connection -- with the management of LANNET products. -- -- This Specification is supplied "as is," and LANNET makes -- no warranty, either express or implied, as to the use, -- operation, condition, or performance of the Specification. -- --======================================================== -- -- RCS -- Version 1.0.2 - First version released - eyal Amitai -- -- Version 1.1.0 - Eyal Amitai, Benny Rodrig, Shada Al-nasser -- Add capability for automatic future support of new products by RNR -- Add some documentation MIB items (Owner etc;) -- Add ipDiffServControlTable -- Add support for identifying two lists are the same -- Enhance Query mechanism -- Add "validationInProgress" to "ipPolicyListValidityStatus" to support validation of -- very long/complex lists. -- Fix minor defintion problems + Cosmetic changes -- -- Version 1.1.1 - Eyal Amitai, Niv Hanigal -- Add def-val for ipPolicyDiffServControlTrustedFields, -- ipPolicyListDefaultOperation -- Change ipPolicyControlMaximalPolicyManagmentVersion to read-only -- Change description of ipPolicyListDefaultOperation -- Fix compilation errors. -- -- Version 1.1.2 - Eyal Amitai, Niv Hanigal -- Change ipPolicyListValidityStatus description -- Change prioirty specification from 1-8 to 0-7 -- in ipPolicyListDefaultOperation,ipPolicyRuleOperation, -- ipPolicyDiffServOperation & ipPolicyQueryOperation -- Add ipPolicyRuleDSCPOperation for DiffServ marking -- Add "unkwnown" value to ipPolicyRuleApplicabilityStatus -- Add "unkwnown" value to ipPolicyRuleApplicabilityType -- Add ipPolicyDiffServAggIndex -- Add ipPolicyQueryDSCPOperation to the query mechanism -- Add ipPolicyQueryPriority to to the query mechanism -- Change don't care value from -1 to 64 in ipPolicyQueryDSCP -- Add ipPolicyDiffServControlValidityStatus -- Add ipPolicyAccessControlViolationTable -- Minor other cosmetic changes to descriptions -- -- Version 1.1.3 - Eyal Amitai, Niv Hanigal -- Change prioirty enumeration from 0-7 to 1-8 in -- ipPolicyListDefaultOperation, ipPolicyRuleOperation, -- ipPolicyDiffServOperation, ipPolicyQueryOperation, -- and ipPolicyQueryPriority. -- -- Version 1.2.0 - Niv Hanigal -- Add ipPolicyListErrMsg. -- Change ipPolicyDiffServAggIndex to obsolete. -- Add in remarks ipPolicyDiffServApplicabilityPrecedence, -- ipPolicyDiffServApplicabilityStatus, -- ipPolicyDiffServApplicabilityType, ipPolicyDiffServErrMsg, -- and ipPolicyDiffServControlErrMsg. -- Version 1.2.1 - Lior Levinsky -- Remove remarks (from Version 1.2.0) -- ipPolicyDiffServApplicabilityPrecedence, -- ipPolicyDiffServApplicabilityStatus, -- ipPolicyDiffServApplicabilityType, -- ipPolicyDiffServErrMsg, -- and ipPolicyDiffServControlErrMsg. -- -- POLICY-MIB DEFINITIONS ::= BEGIN IMPORTS IpAddress FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212 PhysAddress, DisplayString FROM RFC1213-MIB lannet FROM GEN-MIB; RowStatus ::= INTEGER { active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6) } -- -- The IP Policy Tables -- This table contains parameters to define policy parameters -- ipPolicyMgmt OBJECT IDENTIFIER ::= { lannet 36 } -- -- Creation of Policy List Table -- ipPolicyListTable OBJECT-TYPE SYNTAX SEQUENCE OF IpPolicyListEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table is used to add/delete/monitor policy lists. This table maintains a list of policy lists in the system. Each POLICY list is made up of a group of policy rules. The policy rules are stored in the ipPolicyRuleTable. Number of lists in a device (both in run-time and in NVRAM) is not part of the syntax of this mib. This is a device issue that should be agreed between the device and the managment applications and should be specified in the device and/or managment Spec. RNR for example needs 3 lists : 1 for validation + 2 for activation" ::= { ipPolicyMgmt 1 } ipPolicyListEntry OBJECT-TYPE SYNTAX IpPolicyListEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The information concerning one of the IP policy lists" INDEX { ipPolicyListSlot, ipPolicyListID } ::= { ipPolicyListTable 1 } IpPolicyListEntry ::= SEQUENCE { ipPolicyListSlot INTEGER, ipPolicyListID INTEGER, ipPolicyListName DisplayString, ipPolicyListValidityStatus INTEGER, ipPolicyListChecksum INTEGER, ipPolicyListRowStatus RowStatus, ipPolicyListDefaultOperation INTEGER, ipPolicyListCookie INTEGER, ipPolicyListTrackChanges INTEGER, ipPolicyListOwner DisplayString, ipPolicyListErrMsg DisplayString } ipPolicyListSlot OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The slot-id (AKA module-id / box number) to which this list relates" ::= { ipPolicyListEntry 1 } ipPolicyListID OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The ID of the list. Lists 100-149 are for a local policy manager use (for example CLI or Routing Manager). Lists 150-199 are for a remote policy manager use (for example RNR)." ::= { ipPolicyListEntry 2 } ipPolicyListName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) ACCESS read-write STATUS mandatory DESCRIPTION "Name of this list. Default name is: list #N " ::= { ipPolicyListEntry 3 } ipPolicyListValidityStatus OBJECT-TYPE SYNTAX INTEGER { valid (1), partiallyValid(2), invalid (3), validationInProgress (4) } ACCESS read-only STATUS mandatory DESCRIPTION "Validity status of this list: valid - For all rules in the list: ipPolicyRuleApplicabilityStatus = applicable partiallyValid - in One or more rules in the list ipPolicyRuleApplicabilityPrecedence < 9999 (not mandatory) and ipPolicyRuleApplicabilityStatus != applicable In all other rules (if any) : ipPolicyRuleApplicabilityStatus=applicable invalid - In One or more rules in the list ipPolicyRuleApplicabilityPrecedence=9999 (mandatory) and ipPolicyRuleApplicabilityStatus != applicable validationInProgress - The current validity of the list is currently computed. Managment station should poll the device until one of the definitive values is returned." ::= { ipPolicyListEntry 4 } ipPolicyListChecksum OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS obsolete DESCRIPTION "Checksum of all the configurable (read/write) mib items that are part of this list or part of any rule that belongs to this list. Addition/deletion/modification of a rule in this list shall result in a checksum change. This field can be used by the management application to discover this list has changed (instead of polling all the rules of the list)." ::= { ipPolicyListEntry 5 } ipPolicyListRowStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-write STATUS mandatory DESCRIPTION "Used for creation/deletion of a list and for monitoring list status. Use CreateAndWait (5) to create a list. Destroy (6) to destroy a list. The active list can NOT be destroyed. Destroying a list automatically removes all the rules in this list. active (1) is returned when a list is the active list NotInService is returned when the list is not the active list" ::= { ipPolicyListEntry 6 } ipPolicyListDefaultOperation OBJECT-TYPE SYNTAX INTEGER { forwardPriority0(1), --Forward packet and set 802.1p priority forwardPriority1(2), forwardPriority2(3), forwardPriority3(4), forwardPriority4(5), forwardPriority5(6), forwardPriority6(7), forwardPriority7(8), forward(9), -- Forward packet according to 802.1p & DiffServ -- values in the packet. In case there are both 802.1p & -- DiffServ in the packet it is up to device to decide -- what to do. -- Note that in the case of DiffServ it may be also -- required to configure the ipPolicyDiffServTable deny(10), -- Drop the packet denyAndNotify(11), -- Deny packet and notify management application layer2Switching(12) -- Only in EZ2Route: Do not route in the device. -- Packet matching this rule shall be forward -- in layer 2 to the original router. } ACCESS read-write STATUS mandatory DESCRIPTION "The operation that should be applied to a packet in case the packet does not match any of the user specified rules. Some of the values are Access Control operations and some are priority operations." DEFVAL { forward } ::= { ipPolicyListEntry 7 } ipPolicyListCookie OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "A cookie to be associated with this list. This mib item can be used by the management application as a unique ID of the list. Note: The Agent is not aware of the contents of this cookie. Its only purpose is to help the managment application. Changing this cookie resets ipPolicyListTrackChanges to notChanged state. A value of 0 means Cookie not available." DEFVAL {0} ::= { ipPolicyListEntry 8 } ipPolicyListTrackChanges OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Counts the number of changes made to the configuration of the list including changes to the rules that are part of the list. This counters is set to 0 when the list is being created. It is also set to 0 when ipPolicyListCookie is changed. This mib item together with the ipPolicyListCookie can be used by the management application to determine if this policy list was changed, and if two instances of this list on different devices are the same." ::= { ipPolicyListEntry 9 } ipPolicyListOwner OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) ACCESS read-write STATUS mandatory DESCRIPTION "The entity that configured this list" DEFVAL { "other" } ::= { ipPolicyListEntry 10 } ipPolicyListErrMsg OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) ACCESS read-only STATUS mandatory DESCRIPTION "Free text describing the reason why the list is not valid. When the list is valid returns NULL string. The values returned for this MIB are not affected by the list status (active/inactive)." ::= { ipPolicyListEntry 11 } -- -- Rules creation Table -- ipPolicyRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF IpPolicyRuleEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table is used to add/delete/modify/monitor individual policy rules in a policy list." ::= { ipPolicyMgmt 2 } ipPolicyRuleEntry OBJECT-TYPE SYNTAX IpPolicyRuleEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Controls all the conditional fields and its parameters for a policy rule." INDEX { ipPolicyRuleSlot, ipPolicyRuleListID, ipPolicyRuleID } ::= { ipPolicyRuleTable 1 } IpPolicyRuleEntry ::= SEQUENCE { ipPolicyRuleSlot INTEGER, ipPolicyRuleListID INTEGER, ipPolicyRuleID INTEGER, ipPolicyRuleSrcAddr IpAddress, ipPolicyRuleSrcAddrWild IpAddress, ipPolicyRuleDstAddr IpAddress, ipPolicyRuleDstAddrWild IpAddress, ipPolicyRuleProtocol INTEGER, ipPolicyRuleL4SrcPortMin INTEGER, ipPolicyRuleL4SrcPortMax INTEGER, ipPolicyRuleL4DestPortMin INTEGER, ipPolicyRuleL4DestPortMax INTEGER, ipPolicyRuleEstablished INTEGER, ipPolicyRuleOperation INTEGER, ipPolicyRuleApplicabilityPrecedence INTEGER, ipPolicyRuleApplicabilityStatus INTEGER, ipPolicyRuleApplicabilityType INTEGER, ipPolicyRuleErrMsg DisplayString, ipPolicyRuleStatus RowStatus, ipPolicyRuleDSCPOperation INTEGER } -- -- The following 3 MIB items identify the rules -- ipPolicyRuleSlot OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The slot-id (AKA module-id / box number) to which this rule relates" ::= { ipPolicyRuleEntry 1 } ipPolicyRuleListID OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The ID of the list this rule is part of. Lists 150-199 are for RNR use." ::= { ipPolicyRuleEntry 2 } ipPolicyRuleID OBJECT-TYPE SYNTAX INTEGER (1..9999) ACCESS read-only STATUS mandatory DESCRIPTION "Number of rule within its list. Each list may contain many rule. Lists work in a First Match manner. A rule with a lower ID would be preferred over a rule with a higher ID." ::= { ipPolicyRuleEntry 3 } -- -- The following 10 MIB items define the packets that match this rule -- ipPolicyRuleSrcAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The IP address of the source station. A value of 255.255.255.255 in ipPolicyRuleSrcAddrWild indicates this is a DON'T CARE field." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { ipPolicyRuleEntry 4 } ipPolicyRuleSrcAddrWild OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This field specifies the wildcard of the source IP address. Note that a the mask for a single host is 0.0.0.0 and the mask for all hosts is 255.255.255.255. This field can has any combination of bits set allowing all kind of rules. For example ipPolicyRuleSrcAddr=192.168.0.254, ipPolicyRuleSrcAddrWild=0.0.255.0 matches all packets with source ip address 192.168.*.254" DEFVAL { 'FFFFFFFF'H } -- 255.255.255.255 ::= { ipPolicyRuleEntry 5 } ipPolicyRuleDstAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The IP address of the destination station. A value of 255.255.255.255 in ipPolicyRuleDstAddrWild indicates this is a DON'T CARE field." DEFVAL { '00000000'H } -- 0.0.0.0 ::= { ipPolicyRuleEntry 6 } ipPolicyRuleDstAddrWild OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This field specifies the wildcard of the destination IP address. Note that a the mask for a single host is 0.0.0.0 and the mask for all hosts is 255.255.255.255. This field can has any combination of bits set allowing all kind of rules. For example ipPolicyRuleDstAddr=192.168.0.254, ipPolicyRuleDstAddrWild=0.0.255.0 matches all packets with destination ip address 192.168.*.254" DEFVAL { 'FFFFFFFF'H } -- 255.255.255.255 ::= { ipPolicyRuleEntry 7 } ipPolicyRuleProtocol OBJECT-TYPE SYNTAX INTEGER (0..256) ACCESS read-write STATUS mandatory DESCRIPTION "The IP protocol to which this rule relates. Use 256 to specify IP (i.e. don't care)" DEFVAL { 256 } ::= { ipPolicyRuleEntry 8 } ipPolicyRuleL4SrcPortMin OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "The minimal source port number. This fields is applicable only when ipPolicyRuleProtocol is TCP(6) UDP(17). In all other cases its values is not used." DEFVAL { 0 } ::= { ipPolicyRuleEntry 9 } ipPolicyRuleL4SrcPortMax OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "The maximal source port number. This fields is applicable only when ipPolicyRuleProtocol is TCP(6) or UDP(17). In all other cases its values is not used." DEFVAL { 65535 } ::= { ipPolicyRuleEntry 10 } ipPolicyRuleL4DestPortMin OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "The minimal destination port number. This fields is applicable only when ipPolicyRuleProtocol is TCP(6) or UDP(17). In all other cases its values is not used." DEFVAL { 0 } ::= { ipPolicyRuleEntry 11 } ipPolicyRuleL4DestPortMax OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "The maximal destination port number. This fields is applicable only when ipPolicyRuleProtocol is TCP(6) or UDP(17). In all other cases its value is not used." DEFVAL { 65535 } ::= { ipPolicyRuleEntry 12 } ipPolicyRuleEstablished OBJECT-TYPE SYNTAX INTEGER { yes (1), dontCare (2) } ACCESS read-write STATUS mandatory DESCRIPTION "This field indicates the value of the established bit in the TCP header. If protocol is not TCP this values is not used." DEFVAL { dontCare } ::= { ipPolicyRuleEntry 13 } -- -- The following MIB item is the action that should be applied to -- the packet if the packet matches this rule. -- ipPolicyRuleOperation OBJECT-TYPE SYNTAX INTEGER { forwardPriority0(1), --Forward packet and set 802.1p priority forwardPriority1(2), forwardPriority2(3), forwardPriority3(4), forwardPriority4(5), forwardPriority5(6), forwardPriority6(7), forwardPriority7(8), forward(9), -- Forward packet according to 802.1p & DiffServ -- values in the packet. In case there are both 802.1p & -- DiffServ in the packet it is up to device to decide -- what to do. -- Note that in the case of DiffServ it may be also -- required to configure the ipPolicyDiffServTable deny(10), -- Drop the packet denyAndNotify(11), -- Deny packet and notify management application layer2Switching(12) -- Only in EZ2Route: Do not route in the device. -- Packet matching this rule shall be forward -- in layer 2 to the original router. } ACCESS read-write STATUS mandatory DESCRIPTION "The operation that should be applied to a packet in case the packet matches the rule. Some of the values are Access Control operations and some are priority operations." ::= { ipPolicyRuleEntry 14 } -- -- The following MIB items are used to manage and monitor rule status -- and state -- ipPolicyRuleApplicabilityPrecedence OBJECT-TYPE SYNTAX INTEGER (0..9999) ACCESS read-write STATUS mandatory DESCRIPTION "This field indicates how important is it to enforce this rule. The higher the number the more important it is to enforce this rule. The value 9999 has a special meaning of Mandatory which means this rule MUST be enforced. Note: Access control rules are probably Mandatory rule where as QoS rules might be configured by the user as optional rules in some cases. Device may choose to support only a subset of these values. P333R supports two values: 9999 - Mandatory rule 0 - Optional rule." DEFVAL { 9999 } ::= { ipPolicyRuleEntry 15 } ipPolicyRuleApplicabilityStatus OBJECT-TYPE SYNTAX INTEGER { applicable(1), partiallyApplicable(2), notApplicable(3), unknown(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Used to monitor if a rule is currently applicable (for the active list) or would be applicable (if the list becomes active). The values returned for this MIB are not affected by the list status active/inactive) applicable - This rule is/would be applicable partiallyApplicable - This rule is/would be applicable for some packets/sessions but might not be applicable for other packets/sessions notApplicable - This rule is NOT/would NOT be applicable unknown - Status is temporary unknown. This may be because the list validation is inProgress. Querying this item triggeres list validation if not already triggered." ::= { ipPolicyRuleEntry 16 } ipPolicyRuleApplicabilityType OBJECT-TYPE SYNTAX INTEGER { static (1), quasiStatic(2), dynamic (3), unknown (4) } ACCESS read-only STATUS mandatory DESCRIPTION "Used to monitor the ApplicabilityStatus of the rule in the context of this list. The values returned for this MIB are not affected by the list status (active/inactive) static - The applicabilityStatus of this rule is guaranteed regardless of the ApplicabilityPrecedence of this rule or of other rules in the list. quasiStatic - The applicability status of this rule is guaranteed if no configuration changes are made, BUT changes of ApplicabilityPrecedence of this rule or other rules in this list may change the applicabilityStatus of this rule. dynamic - The applicabilityStatus of this rule can change depending on network conditions (i.e. localization) or other conditions such as (but not limited to) changes of ApplicabilityPrecedence of this rule or other rules in this list. unknown - Status is temporary unknown. This may be because the list validation is inProgress. Querying this item triggeres list validation if not already triggered. The values returned for this MIB are not affected by the list status (active/inactive)" ::= { ipPolicyRuleEntry 17 } ipPolicyRuleErrMsg OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) ACCESS read-only STATUS mandatory DESCRIPTION "Free text describing the reason why the rule is not Applicable. When rule is Applicable returns NULL string. The values returned for this MIB are not affected by the list status (active/inactive)" ::= { ipPolicyRuleEntry 18 } ipPolicyRuleStatus OBJECT-TYPE SYNTAX RowStatus ACCESS read-write STATUS mandatory DESCRIPTION "Used to configure and monitor one rule. Use CreateAndWait (4) to create a rule. Destroy (6) to destroy a rule active (1) is returned when a rule is complete and is configured into device HW NotReady (3) is returned when not all mandatory fields in the rule have been configured or the rule is not valid. Not In Service (2) is returned when the rule is not active because the list is not active or device lacks resources to support the rule" ::= { ipPolicyRuleEntry 19} ipPolicyRuleDSCPOperation OBJECT-TYPE SYNTAX INTEGER (0..64) ACCESS read-write STATUS mandatory DESCRIPTION "The New DSCP value that should be applied to packets that meatch this rule. A value of 64 means no change." DEFVAL { 64 } ::= { ipPolicyRuleEntry 20 } -- -- Control of Policy activities Table -- ipPolicyControlTable OBJECT-TYPE SYNTAX SEQUENCE OF IpPolicyControlEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table activates & monitors the policy application" ::= { ipPolicyMgmt 3 } ipPolicyControlEntry OBJECT-TYPE SYNTAX IpPolicyControlEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Each entry relates to one slot (AKA module / box) in the stack" INDEX { ipPolicyControlSlot } ::= { ipPolicyControlTable 1 } IpPolicyControlEntry ::= SEQUENCE { ipPolicyControlSlot INTEGER, ipPolicyControlActiveGeneralList INTEGER, ipPolicyControlAllowedPolicyManagers INTEGER, ipPolicyControlCurrentChecksum INTEGER, ipPolicyControlMinimalPolicyManagmentVersion OCTET STRING, ipPolicyControlMaximalPolicyManagmentVersion OCTET STRING } ipPolicyControlSlot OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The slot-id (AKA module-id / box number) to which this control entry relates" ::= { ipPolicyControlEntry 1 } ipPolicyControlActiveGeneralList OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The ipPolicyListID of the Active general policy List on this slot. A value of Zero means there is no active list. If the new list can not be activated the old list continues to be active" ::= { ipPolicyControlEntry 2 } ipPolicyControlAllowedPolicyManagers OBJECT-TYPE SYNTAX INTEGER { local (1), remote (2) } ACCESS read-write STATUS mandatory DESCRIPTION "Specify if who is allowed to configure policy on the device. local - a local policy manager is allowed to configure (using CLI or SNMP) remote - A remote policy manger is allowed to configure (using CLI or SNMP) The distinction between local & remote managers is done according to the List ID. Local & Remote managers use different ranges. When changing the value of this item, device may choose from resources or other reasons to automatically remove all or some of the lists that were configured bt the previous type of manager." DEFVAL { remote } ::= { ipPolicyControlEntry 3 } ipPolicyControlCurrentChecksum OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Checksum of the entire CURRENT Policy Database including (but not limited to) the following : o ipPolicyControlActiveGeneralList o ipPolicyControlAllowedPolicyManagers o ipPolicyListCookie & ipPolicyListTrackChanges of the active list (if exists) o ipPolicyDiffServControlChecksum o routeGroupRouterMode additional configuration fields that are important enough to cause re-configuration by RNR. Any change in any of the above policy parmeters shall result in a change in the value of this field. Polling of this value shall reveal any change of policy configuration without the need for polling of the entire policy database." ::= { ipPolicyControlEntry 4 } ipPolicyControlMinimalPolicyManagmentVersion OBJECT-TYPE SYNTAX OCTET STRING (SIZE (25)) ACCESS read-only STATUS mandatory DESCRIPTION "The minimal policy management version that this device inter operates with as verified by actual testing. For example: The P330R/340/130 shall return 1.1 (if testing succeeds). The special value 'none' means that the device does not know of any RNR version with which it works (because there was no RNR release with which testing actually succeeded)." ::= { ipPolicyControlEntry 5 } ipPolicyControlMaximalPolicyManagmentVersion OBJECT-TYPE SYNTAX OCTET STRING (SIZE (25)) ACCESS read-only STATUS mandatory DESCRIPTION "The maximal policy management version that this device inter operates with as verified by actual testing. For example: The P330R/340/130 shall return 1.1 (if testing succeeds). P360 for example may return 2.0 because it shall support features that are only supported in RNR 2.0. The special value 'none' means that the device does not know of any RNR version with which it works (because there was no RNR release with which testing actually succeeded)." ::= { ipPolicyControlEntry 6 } -- -- Configuration of the differntiated services table -- ipPolicyDiffServTable OBJECT-TYPE SYNTAX SEQUENCE OF IpPolicyDiffServEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table is used to configure the policy that is associated with differntiated services. For each DSCP value the table contain the operation that should applied to packets that match this DSCP value. Note that in this version of this mib, allowed policies are restricted to prioirty levels and access control. Note: The ietf notion of PHB (per-hop forwarding behaviors) is not yet supported" ::= { ipPolicyMgmt 4 } ipPolicyDiffServEntry OBJECT-TYPE SYNTAX IpPolicyDiffServEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The information concerning one of the IP policy lists" INDEX { ipPolicyDiffServSlot, ipPolicyDiffServDSCP } ::= { ipPolicyDiffServTable 1 } IpPolicyDiffServEntry ::= SEQUENCE { ipPolicyDiffServSlot INTEGER, ipPolicyDiffServDSCP INTEGER, ipPolicyDiffServOperation INTEGER, ipPolicyDiffServName DisplayString, ipPolicyDiffServAggIndex INTEGER, ipPolicyDiffServApplicabilityPrecedence INTEGER, ipPolicyDiffServApplicabilityStatus INTEGER, ipPolicyDiffServApplicabilityType INTEGER, ipPolicyDiffServErrMsg DisplayString } ipPolicyDiffServSlot OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The slot-id (AKA module-id / box number) to which diff-serv table relates" ::= { ipPolicyDiffServEntry 1 } ipPolicyDiffServDSCP OBJECT-TYPE SYNTAX INTEGER (0..63) ACCESS read-only STATUS mandatory DESCRIPTION "The DSCP value to which this entry relates." ::= { ipPolicyDiffServEntry 2} ipPolicyDiffServOperation OBJECT-TYPE SYNTAX INTEGER { forwardPriority0(1), -- Forward packet and set 802.1p priority forwardPriority1(2), forwardPriority2(3), forwardPriority3(4), forwardPriority4(5), forwardPriority5(6), forwardPriority6(7), forwardPriority7(8), forwardNoChange(9), -- Forward packet but DO NOT change 802.1p priority deny(10), -- Drop the packet denyAndNotify(11) -- Deny packet and notify management application } ACCESS read-write STATUS mandatory DESCRIPTION "The operation that should be applied to a packet with the specified DSCP value. Some of the values are Access Control operations and some are priority operations." DEFVAL { forwardNoChange } ::= { ipPolicyDiffServEntry 3 } ipPolicyDiffServName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..40)) ACCESS read-write STATUS mandatory DESCRIPTION "Name of this DSCP entry. This fields is used only for documentation purposes. Default name is: DSCP #N " ::= { ipPolicyDiffServEntry 4 } ipPolicyDiffServAggIndex OBJECT-TYPE SYNTAX INTEGER (0..63) ACCESS read-write STATUS obsolete DESCRIPTION "Index of the aggregated group this DSCP entry belongs too. Management station may use this mib item to classify the DSCP entries to groups with the same behaviour. The defval for this mib item is device specific." ::= { ipPolicyDiffServEntry 5 } ipPolicyDiffServApplicabilityPrecedence OBJECT-TYPE SYNTAX INTEGER (0..9999) ACCESS read-write STATUS mandatory DESCRIPTION "This field indicates how important is it to enforce this entry. The higher the number the more important it is to enforce this entry. The value 9999 has a special meaning of Mandatory which means this entry MUST be enforced. Device may choose to support only a subset of these values.." DEFVAL { 9999 } ::= { ipPolicyDiffServEntry 6 } ipPolicyDiffServApplicabilityStatus OBJECT-TYPE SYNTAX INTEGER { applicable(1), partiallyApplicable(2), notApplicable(3), unknown(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Used to monitor if a DSCP entry is currently applicable or would be applicable (if the table becomes active). The values returned for this MIB are not affected by the table status active/inactive) applicable - This entry is/would be applicable partiallyApplicable - This entry is/would be applicable for some packets/sessions but might not be applicable for other packets/sessions notApplicable - This entry is NOT/would NOT be applicable unknown - Status is temporary unknown. This may be because the table validation is inProgress. Querying this item triggeres table validation if not already triggered." ::= { ipPolicyDiffServEntry 7 } ipPolicyDiffServApplicabilityType OBJECT-TYPE SYNTAX INTEGER { static (1), quasiStatic(2), dynamic (3), unknown (4) } ACCESS read-only STATUS mandatory DESCRIPTION "Used to monitor the ApplicabilityStatus of the entry in the context of this table. The values returned for this MIB are not affected by the table status (active/inactive). static - The applicabilityStatus of this entry is guaranteed regardless of the ApplicabilityPrecedence of this entry or of other entries in the list. quasiStatic - The applicability status of this entry is guaranteed if no configuration changes are made, BUT changes of ApplicabilityPrecedence of this entry or other entries in this table may change the applicabilityStatus of this entry. dynamic - The applicabilityStatus of this entry can change depending on network conditions (i.e. localization) or other conditions such as (but not limited to) changes of ApplicabilityPrecedence of this entry or other entries in this table. unknown - Status is temporary unknown. This may be because the table validation is inProgress. Querying this item triggeres table validation if not already triggered. The values returned for this MIB are not affected by the table status (active/inactive)" ::= { ipPolicyDiffServEntry 8 } ipPolicyDiffServErrMsg OBJECT-TYPE SYNTAX DisplayString (SIZE(0..80)) ACCESS read-only STATUS mandatory DESCRIPTION "Free text describing the reason why the entry is not Applicable. When entry is Applicable returns NULL string. The values returned for this MIB are not affected by the list status (active/inactive)" ::= { ipPolicyDiffServEntry 9 } -- -- Query table -- ipPolicyQueryTable OBJECT-TYPE SYNTAX SEQUENCE OF IpPolicyQueryEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table is used to query the policy application for different types of information. The first use is to query about the operation that would be applied to a given packet. This table can be used by a managment application to supply the user an interactive dialugue for looking ahead at the outcomes of the policy defined" ::= { ipPolicyMgmt 5 } ipPolicyQueryEntry OBJECT-TYPE SYNTAX IpPolicyQueryEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Each entry relates to one slot (AKA module / box) in the stack" INDEX { ipPolicyQuerySlot } ::= { ipPolicyQueryTable 1 } IpPolicyQueryEntry ::= SEQUENCE { ipPolicyQuerySlot INTEGER, ipPolicyQueryListID INTEGER, ipPolicyQuerySrcAddr IpAddress, ipPolicyQueryDstAddr IpAddress, ipPolicyQueryProtocol INTEGER, ipPolicyQueryL4SrcPort INTEGER, ipPolicyQueryL4DestPort INTEGER, ipPolicyQueryEstablished INTEGER, ipPolicyQueryDSCP INTEGER, ipPolicyQueryOperation INTEGER, ipPolicyQueryRuleID INTEGER, ipPolicyQueryDSCPOperation INTEGER, ipPolicyQueryPriority INTEGER } ipPolicyQuerySlot OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The slot-id (AKA module-id / box number) to which this rule relates" ::= { ipPolicyQueryEntry 1 } ipPolicyQueryListID OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The ID of the list used to check the simulated packet. " ::= { ipPolicyQueryEntry 2 } -- -- The following 7 define the packets that match this rule -- ipPolicyQuerySrcAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The IP address of the source station in the packet" ::= { ipPolicyQueryEntry 3 } ipPolicyQueryDstAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The IP address of the destination station in the packet" ::= { ipPolicyQueryEntry 4 } ipPolicyQueryProtocol OBJECT-TYPE SYNTAX INTEGER (0..256) ACCESS read-write STATUS mandatory DESCRIPTION "The IP protocol in the packet. Use 256 to specify IP (i.e. don't care)" DEFVAL { 256 } ::= { ipPolicyQueryEntry 5 } ipPolicyQueryL4SrcPort OBJECT-TYPE SYNTAX INTEGER (0..65536) ACCESS read-write STATUS mandatory DESCRIPTION "The source port of the packet. This fields is applicable only when ipPolicyQueryProtocol is TCP(6) or UDP(17). In all other cases its values is not used." ::= { ipPolicyQueryEntry 6 } ipPolicyQueryL4DestPort OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "The destination port of the packet. This fields is applicable only when ipPolicyRuleProtocol is TCP(6) or UDP(17). In all other cases its values is not used." ::= { ipPolicyQueryEntry 7 } ipPolicyQueryEstablished OBJECT-TYPE SYNTAX INTEGER { yes (1), no (2) } ACCESS read-write STATUS mandatory DESCRIPTION "The value of the TCP Establish bit in simulated packet. This fields is applicable only when ipPolicyQueryProtocol is TCP(6)" DEFVAL { no } ::= { ipPolicyQueryEntry 8 } ipPolicyQueryDSCP OBJECT-TYPE SYNTAX INTEGER (0..64) ACCESS read-write STATUS mandatory DESCRIPTION "The DSCP value in the simulated packet. The value 64 is used to specify DONT CARE. In this case the result maybe forwardNoChange If a specifc value is specified the result would be the exact prioirty associated with the packet after consulting the DSCP table." DEFVAL { 64 } ::= { ipPolicyQueryEntry 9} -- -- The following MIB items are the result of the simulation -- ipPolicyQueryOperation OBJECT-TYPE SYNTAX INTEGER { forwardPriority0(1), -- Forward packet and set 802.1p priority forwardPriority1(2), forwardPriority2(3), forwardPriority3(4), forwardPriority4(5), forwardPriority5(6), forwardPriority6(7), forwardPriority7(8), forwardNoChange(9), -- Forward packet according to 802.1p & -- DiffServ values in the packet deny(10), -- Drop the packet denyAndNotify(11), -- Deny packet and notify management -- application layer2Switching(12), -- Only in EZ2Route: Do not route in the -- device. Packet matching this rules -- shall be forward in layer 2 to the -- original router. notEnoughInfo(13), -- Needs more info on the simulated packet -- (i.e. TCP/UDP ports) error(99) -- Could not execute the query. For example -- list not exist or not valid. } ACCESS read-only STATUS mandatory DESCRIPTION "The operation that would be applied to the simulated packet. Some of the values are Access Control operations and some are priority operations." ::= { ipPolicyQueryEntry 10 } ipPolicyQueryRuleID OBJECT-TYPE SYNTAX INTEGER (0..9999) ACCESS read-only STATUS mandatory DESCRIPTION "ID of the rule of the list that resulted in the ipPolicyQueryOperation for the query. A value of 0 means that ipPolicyQueryOperation is a result of the ipPolicyListDefaultOperation" ::= { ipPolicyQueryEntry 11} ipPolicyQueryDSCPOperation OBJECT-TYPE SYNTAX INTEGER (0..64) ACCESS read-write STATUS mandatory DESCRIPTION "The New DSCP value that of the simulated packet A value of 64 means the DSCP field will not be changed." DEFVAL { 64 } ::= { ipPolicyQueryEntry 12} ipPolicyQueryPriority OBJECT-TYPE SYNTAX INTEGER { forwardPriority0(1), -- Forward packet and set 802.1p priority forwardPriority1(2), forwardPriority2(3), forwardPriority3(4), forwardPriority4(5), forwardPriority5(6), forwardPriority6(7), forwardPriority7(8), dontCare(99) } ACCESS read-write STATUS mandatory DESCRIPTION "The 802.1p priority in the simulated packet. When the priority is dontCare, the result maybe forwardNoChange." DEFVAL { dontCare } ::= { ipPolicyQueryEntry 13} -- -- Diff Serv control table -- ipPolicyDiffServControlTable OBJECT-TYPE SYNTAX SEQUENCE OF IpPolicyDiffServControlEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table activates & monitors the Diff Serv application" ::= { ipPolicyMgmt 6 } ipPolicyDiffServControlEntry OBJECT-TYPE SYNTAX IpPolicyDiffServControlEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Each entry relates to one slot (AKA module / box) in the stack" INDEX { ipPolicyDiffServControlSlot } ::= { ipPolicyDiffServControlTable 1 } IpPolicyDiffServControlEntry ::= SEQUENCE { ipPolicyDiffServControlSlot INTEGER, ipPolicyDiffServControlChecksum INTEGER, ipPolicyDiffServControlTrustedFields INTEGER, ipPolicyDiffServControlValidityStatus INTEGER, ipPolicyDiffServControlErrMsg DisplayString } ipPolicyDiffServControlSlot OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The slot-id (AKA module-id / box number) to which this control entry relates" ::= { ipPolicyDiffServControlEntry 1 } ipPolicyDiffServControlChecksum OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Checksum of all the configurable (read/write) DiffServ mib items including the Diff Serv table. This field can be used by the management application to discover that Diff Serv configuration has changed (instead of polling all the Diff Serv mib items)." ::= { ipPolicyDiffServControlEntry 2 } ipPolicyDiffServControlTrustedFields OBJECT-TYPE SYNTAX INTEGER { cos (1), dscp (2), cos-dscp (3), untrust(4) } ACCESS read-write STATUS mandatory DESCRIPTION "Specify which fields in the incoming packet might be trausted when the policy decision should be based in the incoming packet itself. Policy decision depend on the active policy list. In cases that there is no active policy list or that the result of the active policy list is Permit, then the outgoing packet prioirty may be based on the incoming packet instead of an the user specification. Trusting COS (802.1p) means that the outgoing packet prioirty (802.1p) should equal the incoming packet prioirty. Trusting DSCP means that the outgoing packet prioirty (802.1p) should be taken from ipPolicyDiffServTable using the incoming packet DSCP value. Trusting COS + DSCP means that both fields should be used. The behavior of the device when both COS + DSCP should be trusted is outside the scope of the current version of the MIB. (Note: P333R uses the max between incoming COS & DSCP-to-COS mapping) Some devices might support only a subset of the values." DEFVAL { dscp } ::= { ipPolicyDiffServControlEntry 3 } ipPolicyDiffServControlValidityStatus OBJECT-TYPE SYNTAX INTEGER { valid (1), invalid (2) } ACCESS read-only STATUS mandatory DESCRIPTION "Validity status of the DSCP table: valid - All the entries in the DSCP table can be executed invalid - One or more of the entries in the DSCP table can NOT be EXECUTED." ::= { ipPolicyDiffServControlEntry 4 } ipPolicyDiffServControlErrMsg OBJECT-TYPE SYNTAX DisplayString (SIZE (0..80)) ACCESS read-only STATUS mandatory DESCRIPTION "Free text describing the reason why the table is not valid. When the table is valid returns NULL string. The values returned for this MIB are not affected by the table status (active/inactive)." ::= { ipPolicyDiffServControlEntry 5 } -- -- Access control violation table -- ipPolicyAccessControlViolationTable OBJECT-TYPE SYNTAX SEQUENCE OF IpPolicyAccessControlViolationEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table contains infomations raerding the last packet (per module) for which ipPolicyAccessControlViolationTrap was sent." ::= { ipPolicyMgmt 7 } ipPolicyAccessControlViolationEntry OBJECT-TYPE SYNTAX IpPolicyAccessControlViolationEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry conatins the information regarding the last packet for which ipPolicyAccessControlViolationTrap was sent by the specific module." INDEX { ipPolicyAccessControlViolationSlot } ::= { ipPolicyAccessControlViolationTable 1 } IpPolicyAccessControlViolationEntry ::= SEQUENCE { ipPolicyAccessControlViolationSlot INTEGER, ipPolicyAccessControlViolationSrcAddr IpAddress, ipPolicyAccessControlViolationDstAddr IpAddress, ipPolicyAccessControlViolationProtocol INTEGER, ipPolicyAccessControlViolationL4SrcPort INTEGER, ipPolicyAccessControlViolationL4DstPort INTEGER, ipPolicyAccessControlViolationEstablished INTEGER } ipPolicyAccessControlViolationSlot OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The slot-id (AKA module-id / box number) for which the trap was vsent" ::= { ipPolicyAccessControlViolationEntry 1 } ipPolicyAccessControlViolationSrcAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the source station in the packet" ::= { ipPolicyAccessControlViolationEntry 2 } ipPolicyAccessControlViolationDstAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address of the destination station in the packet" ::= { ipPolicyAccessControlViolationEntry 3 } ipPolicyAccessControlViolationProtocol OBJECT-TYPE SYNTAX INTEGER (0..256) ACCESS read-only STATUS mandatory DESCRIPTION "The IP protocol in the packet. Use 256 to specify IP (i.e. don't care)" ::= { ipPolicyAccessControlViolationEntry 4 } ipPolicyAccessControlViolationL4SrcPort OBJECT-TYPE SYNTAX INTEGER (0..65536) ACCESS read-only STATUS mandatory DESCRIPTION "The source port of the packet. This fields is applicable only when ipPolicyAccessControlViolationProtocol is TCP(6) or UDP(17). In all other cases its values is not used." ::= { ipPolicyAccessControlViolationEntry 5 } ipPolicyAccessControlViolationL4DstPort OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "The destination port of the packet. This fields is applicable only when ipPolicyAccessControlViolationProtocol is TCP(6) or UDP(17). In all other cases its values is not used." ::= { ipPolicyAccessControlViolationEntry 6 } ipPolicyAccessControlViolationEstablished OBJECT-TYPE SYNTAX INTEGER { yes (1), dontCare(2), no (3) } ACCESS read-only STATUS mandatory DESCRIPTION "This field indicates the value of the established bit in the TCP header of the packet. This fields is applicable only when \ ipPolicyAccessControlViolationProtocol is TCP(6) or UDP(17). In all other cases its values is not used." ::= { ipPolicyAccessControlViolationEntry 7 } END