-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathENTERASYS-POLICY-PROFILE-MIB
3131 lines (2739 loc) · 122 KB
/
ENTERASYS-POLICY-PROFILE-MIB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ENTERASYS-POLICY-PROFILE-MIB DEFINITIONS ::= BEGIN
-- enterasys-policy-profile-mib.txt
--
-- Part Number:
--
--
-- This module provides authoritative definitions for Enterasys
-- Networks' user policy profile functionality.
--
-- This module will be extended, as needed.
-- Enterasys Networks reserves the right to make changes in this
-- specification and other information contained in this document
-- without prior notice. The reader should consult Enterasys Networks
-- to determine whether any such changes have been made.
--
-- In no event shall Enterasys Networks be liable for any incidental,
-- indirect, special, or consequential damages whatsoever (including
-- but not limited to lost profits) arising out of or related to this
-- document or the information contained in it, even if Enterasys
-- Networks has been advised of, known, or should have known, the
-- possibility of such damages.
--
-- Enterasys Networks grants vendors, end-users, and other interested
-- parties a non-exclusive license to use this Specification in
-- connection with the management of Enterasys Networks products.
-- Copyright 2001-2005 Enterasys Networks, Inc.
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Integer32, TimeTicks, Unsigned32,
Gauge32, Counter32, NOTIFICATION-TYPE
FROM SNMPv2-SMI
RowStatus, RowPointer, TEXTUAL-CONVENTION, TruthValue, StorageType
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
ifName, ifAlias
FROM IF-MIB
dot1dBasePort
FROM BRIDGE-MIB
PortList, VlanIndex
FROM Q-BRIDGE-MIB
EnabledStatus
FROM P-BRIDGE-MIB
StationAddressType, StationAddress
FROM ENTERASYS-UPN-TC-MIB
etsysModules
FROM ENTERASYS-MIB-NAMES;
etsysPolicyProfileMIB MODULE-IDENTITY
LAST-UPDATED "200606152040Z" -- Thu Jun 15 20:40 UTC 2006
ORGANIZATION "Enterasys Networks, Inc"
CONTACT-INFO
"Postal: Enterasys Networks
50 Minuteman Rd.
Andover, MA 01810-1008
USA
Phone: +1 978 684 1000
E-mail: [email protected]
WWW: http://www.enterasys.com"
DESCRIPTION
"This MIB module defines a portion of the SNMP enterprise
MIBs under the Enterasys enterprise OID pertaining to the
mapping of per user policy profiles for Enterasys network
edge devices or access products."
REVISION "200606152040Z" -- Thu Jun 15 20:40 UTC 2006
DESCRIPTION
"Grammar and typographical corrections."
REVISION "200505182008Z" -- Wed May 18 20:08 GMT 2005
DESCRIPTION
"TEXTUAL-CONVENTION PolicyRFC3580MapRadiusResponseTC includes
an additional option vlanTunnelAttributeWithPolicyProfile.
An additional scalar etsysPolicyRFC3580MapInvalidMapping is
added to detect EtsysPolicyRFC3580MapEntry discrepancies.
Further clarifications are included in DESCRIPTION fields of
the etsysPolicyRFC3580Map objects."
REVISION "200503281535Z" -- Mon Mar 28 15:35 GMT 2005
DESCRIPTION
"Additional branch etsysPolicyNotifications properly contains
trap information."
REVISION "200503142134Z" -- Mon Mar 14 21:34 GMT 2005
DESCRIPTION
"etsysPolicyRuleStatsDroppedNotifications and
etsysPolicyRuleSylogMachineReadableFormat now allow the
managing entity to track missed syslog messages and to
format the messages in hexadecimal.
Additional capability table to detail policy rule type
lengths in bits and bytes and the maximum number of rules
of each rule type the agent supports.
See the description of the PolicyClassificationRuleType
textual convention for additional details relating to how
rule-type-lengths are to be specified."
REVISION "200408111517Z" -- Wed Aug 11 15:17 GMT 2004
DESCRIPTION
"Updated the range for etsysPolicyProfilePriority
to (0..4095).
Added objects and groups related to mapping RFC3580
vlan-tunnel-attributes to PolicyProfiles.
Added the etsysPolicyRuleAutoClearOnProfile,
etsysPolicyRuleStatsAutoClearInterval, and
etsysPolicyRuleStatsAutoClearPorts, objects.
Added etsysPolicyEnabledTable to the capabilities section,
in addition to reporting capabilities, it allows one
to disable policy on a given port."
REVISION "200405181702Z" -- Tue May 18 17:02 GMT 2004
DESCRIPTION
"Added the etsysPolicyRuleStatsAutoClearOnLink leaf."
REVISION "200404022035Z" -- Fri Apr 2 20:35 GMT 2004
DESCRIPTION
"Added the etsysPolicyRuleOperPid leaf to
etsysPolicyRuleTable."
REVISION "200403251803Z" -- Thu Mar 25 18:03 GMT 2004
DESCRIPTION
"Added capabilities objects, status for profile assignment
override, dynamic profile summary list, and notification
configuration for dynamic rules."
REVISION "200402032200Z" -- Tue Feb 3 22:00 GMT 2004
DESCRIPTION
"Replaced StationIdentifierType with StationAddressType
and StationIdentifier with StationAddress to match new
revision of ENTERASYS-UPN-TC-MIB."
REVISION "200402031533Z" -- Tue Feb 3 15:33 GMT 2004
DESCRIPTION
"Replaced StationIdentifierTypeTC with StationIdentifierType
and moved it to the ENTERASYS-UPN-TC-MIB, and replaced
InetAddress with StationIdentifier from the same MIB module."
REVISION "200401192143Z" -- Mon Jan 19 21:43 GMT 2004
DESCRIPTION
"Added PolicyClassificationRuleType TEXTUAL-CONVENTION.
Added the etsysPolicyProfileOverwriteTCI and
etsysPolicyProfileRulePrecedence leaves to the
EtsysPolicyProfileEntry. Added the etsysPolicyRules
group for accounting of policy usage. Additionally,
the range syntax of several objects has been clarified.
The etsysPolicyClassificationGroup and the
etsysPortPolicyProfileTable have been deprecated,
as they have been replaced by the etsysPolicyRulesGroup."
REVISION "200311041716Z" -- Tue Nov 4 17:16 GMT 2003
DESCRIPTION
"Added etsysPolicyMap object group in support of RFC 3580 and
Enterasys Technical Standard TS-07."
REVISION "200302062259Z" -- Thu Feb 6 22:59 GMT 2003
DESCRIPTION
"Added etsysDevicePolicyProfileDefault to provide managed
entities, that cannot support complete policies on a per
port basis, a global policy to augment what policies they
can provide on a per port basis.
Added etsysPolicyCapabilities to provide management agents
a straight forward method to ascertain the capabilities of
the managed entity."
REVISION "200209171453Z" -- Tue Sep 17 14:53 GMT 2002
DESCRIPTION
"Added Port ID information in the Station table, for
ease of cross reference."
REVISION "200207191337Z" -- Fri Jul 19 13:37 GMT 2002
DESCRIPTION
"This version incorporates enhancements to support Station
based policy provisioning, as well as other UPN related
enhancements."
REVISION "200106112000Z" -- Mon Jun 11 20:00 GMT 2001
DESCRIPTION
"This version modified the MODULE-IDENTITY statement to
resolve an issue importing this MIB into some older MIB Tools.
In the SEQUENCE for the etsysPortPolicyProfileTable the first
object was incorrectly defined as etsysPortPolicyProfileIndex,
this was corrected to read etsysPortPolicyProfileIndexType.
Several misspelled words were corrected.
Finally, the INDEX for the etsysPortPolicyProfileSummaryTable
was corrected to index the table by policy index as well as
the type of port for each entry in the table."
REVISION "200101090000Z"
DESCRIPTION
"The initial version of this MIB module."
::= { etsysModules 6 }
-- -------------------------------------------------------------
-- Textual Conventions
-- -------------------------------------------------------------
PolicyProfileIDTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention maps out to the possible
policyProfileIndex values. It also allows for a value of
zero. A value of zero (0) indicates that the given port
should not follow any policy profile."
SYNTAX Integer32 (0|1..65535)
PortPolicyProfileIndexTypeTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention maps out to the possible port types
which can be used to populate the etsysPortPolicyProfileTable,
and of port IDs used in the etsysStationPolicyProfileTable."
SYNTAX INTEGER {
ifIndex(1),
dot1dBasePort(2)
}
PolicyRFC3580MapRadiusResponseTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention maps out to the possible, pertinent,
successful, responses which may be received from the RADIUS
server after a dynamic authentication attempt. PolicyProfile(1)
is returned as a proprietary filter-id and has historically
been used to assign a policy profile to the authenticated
entity. VlanTunnelAttribute(2) is the response defined in
RFC3580 and upon which further controls are applied by the
etsysPolicyRFC3580Map group. A value of -
vlanTunnelAttributeWithPolicyProfile(3) is an
indication that both attributes are to be used."
SYNTAX INTEGER {
policyProfile(1),
vlanTunnelAttribute(2),
vlanTunnelAttributeWithPolicyProfile(3)
}
VlanList ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Each octet within this value specifies a set of eight
VIDs, with the first octet specifying VID 1 through
8, the second octet specifying VID 9 through 16, etc.
Within each octet, the most significant bit represents
the lowest numbered VID, and the least significant bit
represents the highest numbered VID. Thus, each VID
is represented by a single bit within the
value of this object. If that bit has a value of '1'
then that VID is included in the set of VIDs; the VID
is not included if its bit has a value of '0'.
This OCTET STRING will always be 512 Octets in length
to accommodate all possible VIDs between (1..4094). The
default value of this object is a string of all zeros."
SYNTAX OCTET STRING (SIZE(512))
PolicyClassificationRuleType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Enumerates the possible types of classification rules which
may be referenced in the etsysPolicyRuleTable. Each
type has an implied length (in bytes) associated with it.
Octet-strings defined as representing one of these types will
be represented in Network-Byte-Order (Big Endian) if the native
representation is other than octets.
The managed entity MUST support sets in which the specified
rule length is less than that specified by the value the entity
reports in etsysPolicyRuleAttributeByteLength, so long as the
associated etsysPolicyRulePrefixBits does not imply the
existence of more etsysPolicyRuleData than is present (i.e. the
specified length MUST be >= ((etsysPolicyRulePrefixBits+7)/8).)
Additionally, the managed entity MUST return a
PolicyClassificationRuleType which carries the number of octets
specified by the associated etsysPolicyRuleAttributeByteLength,
regardless of the number etsysPolicyRulePrefixBits. This yields
a behavior in which, on some devices, a ip4Source rule may be
supported with only 4 bytes of rule data (excluding the TCP/UDP
source port information), while other devices may support the
full syntax using all 6 bytes.
macSource(1) The source MAC address in an Ethernet
frame. Length is 6 bytes.
macDestination(2) The destination MAC address in an
Ethernet frame. Length is 6 bytes.
ipxSource(3) The source address in an IPX header.
Length is 4 bytes (Network prefix).
ipxDestination(4) The destination address in an IPX
header. Length is 4 bytes (Network
prefix).
ipxSourcePort(5) The source IPX port(socket) in an IPX
header. Length is 2 bytes.
ipxDestinationPort(6) The destination IPX port(socket) in an
IPX header. Length is 2 bytes.
ipxCos(7) The CoS(HopCount) field in an IPX
header. Length is 1 byte.
ipxType(8) The protocol type in an IPX header.
Length is 1 byte.
ip6Source(9) The source address in an IPv6 header,
postfixed with the source port (for
TCP/UDP frames). Length is 18 bytes.
ip6Destination(10) The destination address in an IPv6
header, postfixed with the destination
port (for TCP/UDP frames). Length is 18
bytes.
ip6FlowLabel(11) The flow label field (traffic class and
flow identifier) in an IPv6 header.
Length is 4 bytes.
ip4Source(12) The source address in an IPv4 header,
postfixed with the source port (for
TCP/UDP frames). Length is 6 bytes.
ip4Destination(13) The destination address in an IPv4
header, postfixed with the destination
port (for TCP/UDP frames). Length is 6
bytes.
ipFragment(14) Truth value derived from the FLAGS and
FRAGMENTATION_OFFSET fields of an IP
header. If the MORE bit of the flags
field is set, or the
FRAGMENTATION_OFFSET is non-zero, the
frame is fragmented. Length is 0 bytes
(there is no data, only presence).
udpSourcePort(15) The source UDP port(socket) in a UDP
header, postfixed with a source IPv4
address. Length is 6 bytes.
udpDestinationPort(16) The destination UDP port(socket) in a
UDP header, postfixed with a destination
IPv4 address. Length is 6 bytes.
tcpSourcePort(17) The source TCP port(socket) in an TCP
header, postfixed with a source IPv4
address. Length is 6 bytes.
tcpDestinationPort(18) The destination TCP port(socket) in an
TCP header, postfixed with a destination
IPv4 address. Length is 6 bytes.
icmpTypeCode(19) The Type and Code fields from an ICMP
frame. These are encoded in 2 bytes,
network-byte-order, Type in the first
(left-most) byte, Code in the second
byte.
ipTtl(20) The TTL(HopCount) field in an IP header.
Length is 1 byte.
ipTos(21) The ToS(DSCP) field in an IP header.
Length is 1 byte.
ipType(22) The protocol type in an IP header.
Length is 1 byte.
etherType(25) The type field in an Ethernet II frame.
Length is 2 bytes.
llcDsapSsap(26) The DSAP/SSAP/CTRL field in an LLC
encapsulated frame, includes SNAP
encapsulated frames and the associated
Ethernet II type field. Length is 5
bytes.
vlanId(27) The 12 bit Virtual LAN ID field present
in an 802.1D Tagged frame.
Length is 2 bytes, the field is
represented in the FIRST (left-most,
big-endian) 12 bits of the 16 bit field.
A vlanId of 1 would be encoded as 00-10,
a vlanId of 4094 would be encoded as
FF-E0, and a vlanId of 100 would be
encoded as 06-40.
ieee8021dTci(28) The entire 16 bit TCI field present
in an 802.1D Tagged frame (include both
VLAN ID and Priority bits.
Length is 2 bytes.
bridgePort(31) The dot1dBasePort on which the frame was
received. Length is 2 bytes."
SYNTAX INTEGER {
macSource(1),
macDestination(2),
ipxSource(3),
ipxDestination(4),
ipxSourcePort(5),
ipxDestinationPort(6),
ipxCos(7),
ipxType(8),
ip6Source(9),
ip6Destination(10),
ip6FlowLabel(11),
ip4Source(12),
ip4Destination(13),
ipFragment(14),
udpSourcePort(15),
udpDestinationPort(16),
tcpSourcePort(17),
tcpDestinationPort(18),
icmpTypeCode(19),
ipTtl(20),
ipTos(21),
ipType(22),
etherType(25),
llcDsapSsap(26),
vlanId(27),
ieee8021dTci(28),
bridgePort(31)
}
PolicyRulesSupported ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Enumerates the possible types of classification rules which
may be supported.
macSource(1) The source MAC address in an Ethernet
frame.
macDestination(2) The destination MAC address in an
Ethernet frame.
ipxSource(3) The source address in an IPX header.
ipxDestination(4) The destination address in an IPX
header.
ipxSourcePort(5) The source IPX port(socket) in an IPX
header.
ipxDestinationPort(6) The destination IPX port(socket) in an
IPX header.
ipxCos(7) The CoS(HopCount) field in an IPX
header.
ipxType(8) The protocol type in an IPX header.
ip6Source(9) The source address in an IPv6 header,
postfixed with the source port (for
TCP/UDP frames).
ip6Destination(10) The destination address in an IPv6
header, postfixed with the destination
port (for TCP/UDP frames).
ip6FlowLabel(11) The flow label field (traffic class and
flow identifier) in an IPv6 header.
ip4Source(12) The source address in an IPv4 header,
postfixed with the source port (for
TCP/UDP frames).
ip4Destination(13) The destination address in an IPv4
header, postfixed with the destination
port (for TCP/UDP frames).
ipFragment(14) Truth value derived from the FLAGS and
FRAGMENTATION_OFFSET fields of an IP
header. If the MORE bit of the flags
field is set, or the
FRAGMENTATION_OFFSET is non-zero, the
frame is fragmented.
udpSourcePort(15) The source UDP port(socket) in a UDP
header.
udpDestinationPort(16) The destination UDP port(socket) in a
UDP header.
tcpSourcePort(17) The source TCP port(socket) in an TCP
header.
tcpDestinationPort(18) The destination TCP port(socket) in an
TCP header.
icmpTypeCode(19) The Type and Code fields from an ICMP
frame.
ipTtl(20) The TTL(HopCount) field in an IP header.
ipTos(21) The ToS(DSCP) field in an IP header.
ipType(22) The protocol type in an IP header.
etherType(25) The type field in an Ethernet II frame.
llcDsapSsap(26) The DSAP/SSAP/CTRL field in an LLC
encapsulated frame, includes SNAP
encapsulated frames and the associated
Ethernet II type field.
vlanId(27) The 12 bit Virtual LAN ID field present
in an 802.1D Tagged frame.
ieee8021dTci(28) The entire 16 bit TCI field present
in an 802.1D Tagged frame (include both
VLAN ID and Priority bits.
bridgePort(31) The dot1dBasePort on which the frame was
received."
SYNTAX BITS {
macSource(1),
macDestination(2),
ipxSource(3),
ipxDestination(4),
ipxSourcePort(5),
ipxDestinationPort(6),
ipxCos(7),
ipxType(8),
ip6Source(9),
ip6Destination(10),
ip6FlowLabel(11),
ip4Source(12),
ip4Destination(13),
ipFragment(14),
udpSourcePort(15),
udpDestinationPort(16),
tcpSourcePort(17),
tcpDestinationPort(18),
icmpTypeCode(19),
ipTtl(20),
ipTos(21),
ipType(22),
etherType(25),
llcDsapSsap(26),
vlanId(27),
ieee8021dTci(28),
bridgePort(31)
}
-- -------------------------------------------------------------
-- MIB groupings
-- -------------------------------------------------------------
etsysPolicyNotifications OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 0 }
etsysPolicyProfile OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 1 }
etsysPolicyClassification OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 2 }
etsysPortPolicyProfile OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 3 }
etsysPolicyVlanEgress OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 4 }
etsysStationPolicyProfile OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 5 }
etsysInvalidPolicyPolicy OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 6 }
etsysDevicePolicyProfile OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 8 }
etsysPolicyCapability OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 9 }
etsysPolicyMap OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 10 }
etsysPolicyRules OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 11 }
etsysPolicyRFC3580Map OBJECT IDENTIFIER
::= { etsysPolicyProfileMIB 12 }
-- ---------------------------------------------------------- --
-- Notifications
-- ---------------------------------------------------------- --
etsysPolicyRulePortHitNotification NOTIFICATION-TYPE
OBJECTS { ifName, ifAlias, etsysPolicyRulePortHit,
etsysPolicyProfileName }
STATUS current
DESCRIPTION
"This notification indicates that a policy rule has matched
network traffic on a particular port."
::= { etsysPolicyNotifications 1 }
-- -------------------------------------------------------------
-- etsysPolicyProfile group
-- -------------------------------------------------------------
etsysPolicyProfileMaxEntries OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum number of entries allowed in the
etsysPolicyProfileTable."
::= { etsysPolicyProfile 1 }
etsysPolicyProfileNumEntries OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of entries in the
etsysPolicyProfileTable."
::= { etsysPolicyProfile 2 }
etsysPolicyProfileLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The sysUpTime at which the etsysPolicyProfileTable was last
modified."
::= { etsysPolicyProfile 3 }
etsysPolicyProfileTableNextAvailableIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the numerically lowest available
index within this entity, which may be used for the value
of etsysPolicyProfileIndex in the creation of a new entry
in the etsysPolicyProfileTable.
An index is considered available if the index value falls
within the range of 1 to 65535 and is not being used to
index an existing entry in the etsysPolicyProfileTable
contained within this entity.
This value should only be considered a guideline for
management creation of etsysPolicyProfileEntries, there is
no requirement on management to create entries based upon
this index value."
::= { etsysPolicyProfile 4 }
etsysPolicyProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF EtsysPolicyProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing policy profiles. A policy is a group
of classification rules which may be applied on a per
user basis, to ports or to stations."
::= { etsysPolicyProfile 5 }
etsysPolicyProfileEntry OBJECT-TYPE
SYNTAX EtsysPolicyProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Conceptually defines a particular entry within the
etsysPolicyProfileTable. Entries within this table MUST be
considered non-volatile and MUST be maintained across
entity resets."
INDEX { etsysPolicyProfileIndex }
::= { etsysPolicyProfileTable 1 }
EtsysPolicyProfileEntry ::=
SEQUENCE {
etsysPolicyProfileIndex
Integer32,
etsysPolicyProfileName
SnmpAdminString,
etsysPolicyProfileRowStatus
RowStatus,
etsysPolicyProfilePortVidStatus
EnabledStatus,
etsysPolicyProfilePortVid
Unsigned32,
etsysPolicyProfilePriorityStatus
EnabledStatus,
etsysPolicyProfilePriority
Integer32,
etsysPolicyProfileEgressVlans
VlanList,
etsysPolicyProfileForbiddenVlans
VlanList,
etsysPolicyProfileUntaggedVlans
VlanList,
etsysPolicyProfileOverwriteTCI
EnabledStatus,
etsysPolicyProfileRulePrecedence
OCTET STRING,
etsysPolicyProfileVlanRFC3580Mappings
VlanList
}
etsysPolicyProfileIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A unique arbitrary identifier for this Policy.
Since a policy will be applied to a user regardless of his
or her location in the network fabric policy names SHOULD
be unique within the entire network fabric. Policy IDs
and policy names MUST be unique within the scope of a single
managed entity."
::= { etsysPolicyProfileEntry 1 }
etsysPolicyProfileName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Administratively assigned textual description of this
Policy.
This object MUST NOT be modifiable while this entry's
RowStatus is active(1)."
::= { etsysPolicyProfileEntry 2 }
etsysPolicyProfileRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object allows for the dynamic creation and deletion
of entries within the etsysPolicyProfileTable as well as
the activation and deactivation of these entries.
When this object's value is active(1) the corresponding
row's etsysPolicyProfilePortVid, etsysPolicyProfilePriority,
and all entries within the etsysPolicyClassificationTable
indexed by this row's etsysPolicyProfileIndex are available
to be applied to network access ports or stations on the
managed entity.
All ports corresponding to rows within the
etsysPortPolicyProfileTable whose etsysPortPolicyProfileOperID
is equal to the etsysPolicyProfileIndex, shall have the
corresponding policy applied. Likewise, all stations
corresponding to rows within the etsysStationPolicyProfileTable
whose etsysStationPolicyProfileOperID is equal to the
etsysPolicyProfileIndex, shall have the corresponding policy
applied.
The value of etsysPortPolicyProfileOperID for each such row
in the etsysPortPolicyProfileTable will be equal to the
etsysPortPolicyProfileAdminID, unless the authorization
information from a source such as a RADIUS server indicates
to the contrary.
Refer to the specific objects within this MIB as well as
well as RFC2674, the CTRON-PRIORITY-CLASSIFY-MIB, the
CTRON-VLAN-CLASSIFY-MIB, and the CTRON-RATE-POLICING-MIB
for a complete explanation of the application and behavior
of these objects.
When this object's value is set to notInService(2) this
policy will not be applied to any rows within the
etsysPortPolicyProfileTable.
To allow policy profiles to be applied for security
implementations, setting this object's value from active(1)
to notInService(2) or destroy(6) SHALL fail if one or more
instances of etsysPortPolicyProfileOperID or
etsysStationPolicyProfileOperID currently reference
this entry's associated policy due to a set by an underlying
security protocol such as RADIUS.
For network functionality and clarity, setting this object
to destroy(6) SHALL fail if one or more instances of
etsysPortPolicyProfileOperID or etsysStationPolicyProfileOperID
currently references this entry's etsysPolicyProfileIndex.
Refer to the RowStatus convention for further details on
the behavior of this object."
REFERENCE
"RFC2579 (Textual Conventions for SMIv2)"
::= { etsysPolicyProfileEntry 3 }
etsysPolicyProfilePortVidStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether a PVID override should
be applied to ports which have this profile active.
enabled(1) means that any port with this policy active
will have this row's etsysPolicyProfilePortVid applied to
untagged frames or priority-tagged frames received on this
port.
disabled(2) means that etsysPolicyProfilePortVid will not
be applied. When this object is set to disabled(2) the
value of etsysPolicyProfilePortVid has no meaning."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 4 }
etsysPolicyProfilePortVid OBJECT-TYPE
SYNTAX Unsigned32 (0|1..4094|4095)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines the PVID of this profile.
If a port has an active policy and the policy's
etsysPolicyProfilePortVidStatus is set to enabled(1), the
etsysPolicyProfilePortVid will be applied to all untagged
frames arriving on the port that do not match any of the
policy classification rules.
Note that the 802.1Q PVID will still exist from a
management view but will NEVER be applied to traffic
arriving on a port that has an active policy and enabled
etsysPolicyProfilePortVid defined, since policy is applied
to traffic arriving on the port prior to the assignment of
a VLAN using the 802.1Q PVID.
The behavior of an enabled etsysPolicyProfilePortVid on
any associated port SHALL be identical to the behavior of
the dot1qPvid upon that port.
Note that two special, otherwise illegal, values of the
etsysPolicyProfilePortVid are used in defining the default
forwarding actions, to be used in conjunction with policy
classification rules, and do not result in packet tagging:
0 Indicates that the default forwarding action
is to drop all packets that do not match an
explicit rule.
4095 Indicates that the default forwarding action
is to forward any packets not matching any
explicit rules."
REFERENCE
"RFC2674 (Q-BRIDGE-MIB) - dot1qPortVlanTable"
DEFVAL { 1 }
::= { etsysPolicyProfileEntry 5 }
etsysPolicyProfilePriorityStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines whether a Class of Service
should be applied to ports which have this profile
active.
enabled(1) means that any port with this policy active
will have etsysPolicyProfilePriority applied to this port.
disabled(2) means that etsysPolicyProfilePriority will
not be applied. When this object is set to disabled(2)
the value of etsysPolicyProfilePriority has no meaning."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 6 }
etsysPolicyProfilePriority OBJECT-TYPE
SYNTAX Integer32 (0..4095)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object defines the default ingress Class of Service
of this profile.
If a port has an active policy and the policy's
etsysPolicyProfilePriorityStatus is set to enabled(1), the
etsysPolicyProfilePriority will be applied to all packets
arriving on the port that do not match any of the policy
classification rules.
Note that dot1dPortDefaultUserPriority will still exist
from a management view but will NEVER be applied to traffic
arriving on a port that has an active policy and enabled
etsysPolicyProfilePriority defined, since policy is applied
to traffic arriving on the port prior to the assignment of
a priority using dot1dPortDefaultUserPriority.
The behavior of an enabled etsysPolicyProfilePriority on
any associated port SHALL be identical to the behavior of
the dot1dPortDefaultUserPriority upon that port."
REFERENCE
"RFC2674 (P-BRIDGE-MIB) - dot1dPortPriorityTable"
DEFVAL { 0 }
::= { etsysPolicyProfileEntry 7 }
etsysPolicyProfileEgressVlans OBJECT-TYPE
SYNTAX VlanList
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The set of VLANs which are assigned by this policy to
egress on ports for which this policy is active. Changes
to a bit in this object affect the per-port per-VLAN
Registrar control for Registration Fixed for the relevant
GVRP state machine on each port for which this policy is
active. A VLAN may not be added in this set if it is
already a member of the set of VLANs in
etsysPolicyProfileForbiddenVlans. This object is
superseded on a per-port per-VLAN basis by any 'set' bits
in dot1qVlanStaticEgressPorts and
dot1qVlanForbiddenEgressPorts. The default value of this
object is a string of zeros."
::= { etsysPolicyProfileEntry 8 }
etsysPolicyProfileForbiddenVlans OBJECT-TYPE
SYNTAX VlanList
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The set of VLANs which are prohibited by this policy to
egress on ports for which this policy is active. Changes
to this object that cause a port to be included or
excluded affect the per-port per-VLAN Registrar control
for Registration Forbidden for the relevant GVRP state
machine on each port for which this policy is active. A
VLAN may not be added in this set if it is already a
member of the set of VLANs in etsysPolicyProfileEgressVlans.
This object is superseded on a per-port per-VLAN basis by
any 'set' bits in the dot1qVlanStaticEgressPorts and
dot1qVlanForbiddenEgressPorts. The default value of this
object is a string of zeros."
::= { etsysPolicyProfileEntry 9 }
etsysPolicyProfileUntaggedVlans OBJECT-TYPE
SYNTAX VlanList
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The set of VLANs which should transmit egress packets as
untagged on ports for which this policy is active. This
object is superseded on a per-port per-VLAN basis by any
'set' bits in dot1qVlanStaticUntaggedPorts."
::= { etsysPolicyProfileEntry 10 }
etsysPolicyProfileOverwriteTCI OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If set, the information contained within the TCI field of
inbound, tagged packets will not be used by the device after
the ingress classification stage of packet relay. The net
effect will be that the TCI information may be used to classify
the packet, but will be overwritten (and ignored) by subsequent
stages of packet relay."
DEFVAL { disabled }
::= { etsysPolicyProfileEntry 11 }
etsysPolicyProfileRulePrecedence OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Each octet will contain a single value representing the rule
type to be matched against, defined by the
PolicyClassificationRuleType textual convention. When read,
will return the currently operating rule matching precedence,
ordered from first consulted (in the first octet) to last
consulted (in the last octet). A set of a single octet of
0x00 will result in a reversion to the default precedence
ordering. A set of any other values will result in the
specified rule types being matched in the order specified,
followed by the remaining rules, in default precedence order."
::= { etsysPolicyProfileEntry 12 }
etsysPolicyProfileVlanRFC3580Mappings OBJECT-TYPE
SYNTAX VlanList
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The set of VLANs which are currently being mapped onto this
policy profile by the etsysPolicyRFC3580MapTable. This only
refers to the mapping of vlan-tunnel-attributes returned from
RADIUS in an RFC3580 context."
::= { etsysPolicyProfileEntry 13 }
-- -------------------------------------------------------------
-- etsysPolicyClassification group
-- -------------------------------------------------------------
etsysPolicyClassificationMaxEntries OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The maximum number of entries allowed in the
etsysPolicyClassificationTable."
::= { etsysPolicyClassification 1 }
etsysPolicyClassificationNumEntries OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The current number of entries in the