IP-ACCESS-LIST-MIB DEFINITIONS ::= BEGIN -- Referencing the parent branch. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, IpAddress FROM SNMPv2-SMI RowStatus FROM SNMPv2-TC TruthValue FROM SNMPv2-TC cjnMgmt FROM Cajun-ROOT; cjnIpAListMgmt MODULE-IDENTITY LAST-UPDATED "9902110000Z" -- Wednesday Feb 10, 1999" ORGANIZATION "Lucent's Concord Technology Center (CTC)" CONTACT-INFO "Tim Lai -- twlai@lucent.com Raj Duggal (Group Leader) -- rduggal@lucent.com Ira Steckler -- isteckler@lucent.com" DESCRIPTION "The IP Access List Table for the Cajun Router." ::= { cjnMgmt 5 } -- This table contains parameters to define access control statements -- IP Access List Table -- ipACListCtlTable OBJECT-TYPE SYNTAX SEQUENCE OF IpACListCtlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to add/delete access list. This table maintain a list of access lists in the system. Each access list is made up of a group of access rule. The access rules are stored in the ipACRuleTable." ::= { cjnIpAListMgmt 1 } ipACListCtlEntry OBJECT-TYPE SYNTAX IpACListCtlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information concerning one of the IP access list." INDEX { ipACListCtlName } ::= { ipACListCtlTable 1 } IpACListCtlEntry ::= SEQUENCE { ipACListCtlName OCTET STRING, ipACListCtlType INTEGER, ipACListCtlStatus RowStatus } ipACListCtlName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..25)) MAX-ACCESS read-write STATUS current DESCRIPTION "Entry Name. Access List Name. If this instance is a string that represent a number, the following rules applies: 1 to 99 - ipACListCtlType must set to standard 101 to 199 - ipACListCtlType must set to extended others - cannot be created If this instance is a string that does not represent a number, the ipACListCtlType must be set before ipACListCtlStatus becomes active." ::= { ipACListCtlEntry 1 } ipACListCtlType OBJECT-TYPE SYNTAX INTEGER (0..2) MAX-ACCESS read-write STATUS current DESCRIPTION "Type of Access List: unset (0) standard (1) extended (2) This instance cannot be changed once ipACListCtlStatus becomes active. The value of this instance must compile with the rule listed in the ipACListCtlName instance." ::= { ipACListCtlEntry 2 } ipACListCtlStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "For creation/deletion of IP access control statement. active (1) -- is set when both ipACListCtlName and ipACListCtlType is set. notInService (2) -- is set when ipACListCtlName or ipACListCtlType is not set. notReady (3) createAndGo (4) -- is set on creating new access list. createAndWait (5) destroy (6) -- is set on destroying an existed access list. The management should inspect the ipACRuleTable and delete all the related entries. An entry in the ipACRuleTable is related to this entry if ipACListCtlName equals ipACRuleName." ::= { ipACListCtlEntry 3 } ipACRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF IpACRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to add/delete individual access rule statement in an access list." ::= { cjnIpAListMgmt 2 } ipACRuleEntry OBJECT-TYPE SYNTAX IpACRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ipAccessRuleEntry control all the conditional fields and its parameters for an access rule." INDEX { ipACRuleName, ipACRuleSubIndex } ::= { ipACRuleTable 1 } IpACRuleEntry ::= SEQUENCE { ipACRuleName OCTET STRING, ipACRuleSubIndex INTEGER, ipACRuleOwner INTEGER, ipACRuleSrcAddr IpAddress, ipACRuleSrcAddrWild IpAddress, ipACRuleSrcMask IpAddress, ipACRuleSrcMaskWild IpAddress, ipACRuleDstAddr IpAddress, ipACRuleDstAddrWild IpAddress, ipACRuleDstMask IpAddress, ipACRuleDstMaskWild IpAddress, ipACRuleOperation INTEGER, ipACRuleProtocol INTEGER, ipACRuleL4SrcPortMin INTEGER, ipACRuleL4SrcPortMax INTEGER, ipACRuleL4DestPortMin INTEGER, ipACRuleL4DestPortMax INTEGER, ipACRuleStatus RowStatus, ipACRuleEstablished TruthValue, ipACRuleLog TruthValue } ipACRuleName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..25)) MAX-ACCESS read-write STATUS current DESCRIPTION "Entry Name. Access List Name. This object identifies which access list this access rule belongs to. This object shall identify the instance of the ipACListCtlEntry object. " ::= { ipACRuleEntry 1 } ipACRuleSubIndex OBJECT-TYPE SYNTAX INTEGER (1..128) MAX-ACCESS read-write STATUS current DESCRIPTION "Entry sub index. Each access list entry may has multiple rules. This sub index identified each rule." ::= { ipACRuleEntry 2 } ipACRuleOwner OBJECT-TYPE SYNTAX INTEGER { local (1), external (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The string identifies the media which was used to create/modify this access rule. Local indicates creation via web, cli or snmp. external indicates an external client (ie. CajunRules)" DEFVAL { local } ::= { ipACRuleEntry 3 } ipACRuleSrcAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The IP address of the source address. A value of 0 in ipACListSrcMask indicates this is a DON'T CARE field." ::= { ipACRuleEntry 4 } ipACRuleSrcAddrWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This field specifies the wildcard of the source IP address." ::= { ipACRuleEntry 5 } ipACRuleSrcMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. The MASK address of the source address. A value of 0 indicates this field and ipACListSrcAddr are DON'T CARE" ::= { ipACRuleEntry 6 } ipACRuleSrcMaskWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. This field specifies the wildcard of the source IP mask." ::= { ipACRuleEntry 7 } ipACRuleDstAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. The IP address of the destination address. A value of 0 in ipAccessListDstMask indicates this is a DON'T CARE field." ::= { ipACRuleEntry 8 } ipACRuleDstAddrWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. This field specifies the wildcard of the destination IP address." ::= { ipACRuleEntry 9 } ipACRuleDstMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. The MASK address of the destination address. A value of 0 indicates this field and ipACListDstAddr are DON'T CARE" ::= { ipACRuleEntry 10 } ipACRuleDstMaskWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. This field specifies the wildcard of the destination IP mask." ::= { ipACRuleEntry 11 } ipACRuleOperation OBJECT-TYPE SYNTAX INTEGER { filter(1), forwardPriority1(2), forwardPriority2(3), forwardPriority3(4), forwardPriority4(5), forwardPriority5(6), forwardPriority6(7), forwardPriority7(8), forwardPriority8(9), forwardNoChange(10) } MAX-ACCESS read-write STATUS current DESCRIPTION "How to operate the IP ACCESS CONTROL statement, on the receiving packet." ::= { ipACRuleEntry 12 } ipACRuleProtocol OBJECT-TYPE SYNTAX INTEGER (0..65537) MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. Over which protocol does the IP ACCESS CONTROL statement activate. A value of 65536 is don't care. A value of 65537 means both TCP and UDP. Note: Cajun P550 does not allow ipACListProtocol equal to TCP or UDP because of hardware limitation. This limitation will be lift in the future." ::= { ipACRuleEntry 13 } ipACRuleL4SrcPortMin OBJECT-TYPE SYNTAX INTEGER (0..65536) MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. If ipACRuleProtocol is TCP(6), UDP(17), or TCP & UDP(65536), this field and ipACListL4SrcPortMax specifies a range of source ports. This field specifies the lower bound of the port range for the access rule. A value of 65536 is don't care. This field has no meaning if ipACRuleProtocol is not TCP(6), UDP(17), or TCP & UDP(65536), and it should be 65536. " ::= { ipACRuleEntry 14 } ipACRuleL4SrcPortMax OBJECT-TYPE SYNTAX INTEGER (0..65536) MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. If ipACRuleProtocol is TCP(6), UDP(17), or TCP & UDP(65536), this field and ipACListL4SrcPortMin specifies a range of source ports. This field specifies the upper bound of the port range for the access rule. A value of 65536 is don't care. This field has no meaning if ipACRuleProtocol is not TCP(6), UDP(17), or TCP & UDP(65536), and it should be 65536. " ::= { ipACRuleEntry 15 } ipACRuleL4DestPortMin OBJECT-TYPE SYNTAX INTEGER (0..65536) MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. If ipACRuleProtocol is TCP(6), UDP(17), or TCP & UDP(65536), this field and ipACListL4DestPortMax specifies a range of destination ports. This field specifies the lower bound of the port range for the access rule. A value of 65536 is don't care. This field has no meaning if ipACRuleProtocol is not TCP(6), UDP(17), or TCP & UDP(65536), and it should be 65536. " ::= { ipACRuleEntry 16 } ipACRuleL4DestPortMax OBJECT-TYPE SYNTAX INTEGER (0..65536) MAX-ACCESS read-write STATUS current DESCRIPTION "The instance is not writable if the corresponding ipACListCtlType is standard. If ipACRuleProtocol is TCP(6), UDP(17), or TCP & UDP(65536), this field and ipACListL4DestPortMin specifies a range of destination ports. This field specifies the upper bound of the port range for the access rule. A value of 65536 is don't care. This field has no meaning if ipACRuleProtocol is not TCP(6), UDP(17), or TCP & UDP(65536), and it should be 65536. " ::= { ipACRuleEntry 17 } ipACRuleStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "For create/delete of a IP access rule statement. active (1) notInService (2) notReady (3) createAndGo (4) createAndWait (5) destroy (6) createAndWait and createAndGo is set on creating new access list. destory is set on destroying access rule. active is set when all the required instance is set in the entry." ::= { ipACRuleEntry 18 } ipACRuleEstablished OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This field indicates an established TCP connection." DEFVAL { false } ::= { ipACRuleEntry 19 } ipACRuleLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This field indicates whether the access-list should log information." DEFVAL { false } ::= { ipACRuleEntry 20 } -- The IP Forwarding Control for P550 -- This table contains parameters to define IP forwarding control -- IP FORWARDING CONTROL cjnIpForwardCtlMgt OBJECT IDENTIFIER ::= { cjnMgmt 6 } -- IP Forwarding Control ipForwardCtlEnabled OBJECT-TYPE SYNTAX INTEGER { enabled (1), disabled (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The object control the enable or disable the forwarding control mechanism in the system." ::= { cjnIpForwardCtlMgt 1 } ipForwardCtlACName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..25)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object identifies which access list to use for IP forward control. This object shall identify the instance of the ipACListCtlEntry object. " ::= { cjnIpForwardCtlMgt 2 } END