NORTEL-SECURE-NETWORK-ACCESS-MIB DEFINITIONS ::= BEGIN IMPORTS OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE, Integer32 FROM SNMPv2-SMI TEXTUAL-CONVENTION, TruthValue, RowStatus, MacAddress FROM SNMPv2-TC InterfaceIndex FROM IF-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB VlanId FROM Q-BRIDGE-MIB InetAddressType, InetAddress, InetAddressPrefixLength, InetPortNumber FROM INET-ADDRESS-MIB bayStackMibs FROM SYNOPTICS-ROOT-MIB; IdList ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An identifier for a list of Ids." SYNTAX OCTET STRING (SIZE(0..8192)) nortelSecureNetworkAccessMib MODULE-IDENTITY LAST-UPDATED "200508180000Z" ORGANIZATION "Nortel Networks" CONTACT-INFO "Nortel Networks" DESCRIPTION "Nortel Networks NSNA MIB Copyright 2004 Nortel Networks, Inc. All rights reserved. This Nortel Networks SNMP Management Information Base Specification embodies Nortel Networks' confidential and proprietary intellectual property. Nortel Networks retains all title and ownership in the Specification, including any revisions. This Specification is supplied 'AS IS,' and Nortel Networks makes no warranty, either express or implied, as to the use, operation, condition, or performance of the Specification." REVISION "200508180000Z" -- 18 August 2005 DESCRIPTION "v10: Changes for sscp negotiation of timer intervals." REVISION "200508100000Z" -- 10 August 2005 DESCRIPTION "v9: Clarify meaning of maximum status-quo interval value. Added objects for current SSCP connection status. Expanded range of nsnaVlanFilterSetName to 0..255." REVISION "200507280000Z" -- 28 July 2005 DESCRIPTION "v8: Add notification types." REVISION "200507180000Z" -- 18 July 2005 DESCRIPTION "v7: Add IMPLIED to index of IP phone signature string table." REVISION "200507070000Z" -- 7 July 2005 DESCRIPTION "v6: Added support for IP phone signature string configuration." REVISION "200506220000Z" -- 22 June 2005 DESCRIPTION "v5: Fixed naming of nsnaNsnasTable." REVISION "200506020000Z" -- 02 June 2005 DESCRIPTION "v4: Changed range of nsnaVlanFilterSetId to 0..1024. Changed nsnsPortGreenVlanId from VlanId to VlanIdOrNone." REVISION "200505040000Z" -- 05 May 2005 DESCRIPTION "v3: Fixed MAX-ACCESS for nsnaStatusQuoInterval." REVISION "200504210000Z" -- 21 April 2005 DESCRIPTION "v2: Added nsnaStatusQuoInterval. Changed DEFVAL for hello interval to 60 seconds." REVISION "200504190000Z" -- 19 April 2005 DESCRIPTION "v1: Initial version." ::= { bayStackMibs 10 } nsnaNotifications OBJECT IDENTIFIER ::= { nortelSecureNetworkAccessMib 0 } nsnaObjects OBJECT IDENTIFIER ::= { nortelSecureNetworkAccessMib 1 } -- ------------------------------------------------------------- -- NSNA Textual Conventions -- ------------------------------------------------------------- -- -- NOTE: This TC is a clone of the new VlanIdOrNone TC that will soon be -- available in the update of RFC 2674. When that update becomes -- an RFC, this TC should be removed, and instances of it should be -- changed to the official TC. -- NsnaVlanIdOrNone ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The VLAN ID that uniquely identifies a specific VLAN, or no VLAN. The special value of zero is used to indicate that no VLAN ID is present or used. This can be used in any situation where an object or a table entry must refer either to a specific VLAN, or to no VLAN. Note that a MIB object that is defined using this TEXTUAL-CONVENTION should clarify the meaning of 'no VLAN' (i.e., the special value 0)." SYNTAX Integer32 (0 | 1..4094) -- ------------------------------------------------------------- -- NSNA Scalar Objects -- ------------------------------------------------------------- nsnaScalars OBJECT IDENTIFIER ::= { nsnaObjects 1 } nsnaEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether NSNA is globally enabled for the system." ::= { nsnaScalars 1 } nsnaNsnasConnectionState OBJECT-TYPE SYNTAX INTEGER { notConnected(1), connected(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether a NSNAS is currently connected to the switch." ::= { nsnaScalars 3 } nsnaNsnasInetAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "If a NSNAS is currently connected to the switch, this indicates the type of the internet address from which the NSNAS connected. The contents of nsnaSnasInetAddress will be of this type. If there is not currently a NSNAS connected, the value will be unknown(0)." ::= { nsnaScalars 4 } nsnaNsnasInetAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "If a NSNAS is currently connected to the switch, this indicates the internet address from which the NSNAS connected. If there is not currently a NSNAS connected, this will be an empty string." ::= { nsnaScalars 5 } nsnaNsnasSendHelloInterval OBJECT-TYPE SYNTAX Integer32 (0..65535) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The interval for sending SSCP Hello messages for the current SSCP connection. If this period of time passes without any SSCP messages being sent, a Hello message will be generated. If there is not curently an NSNAS connected, this value will be zero, otherwise it will be non-zero." ::= { nsnaScalars 6 } nsnaNsnasInactivityInterval OBJECT-TYPE SYNTAX Integer32 (0..65535) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The inactivity interval for the current SSCP connection. If this period of time passes without any SSCP messages being received, the SSCP connection will be closed. If there is not curently an NSNAS connected, this value will be zero, otherwise it will be non-zero." ::= { nsnaScalars 7 } nsnaNsnasStatusQuoInterval OBJECT-TYPE SYNTAX Integer32 (0..65535) UNITS "seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The status-quo interval for the current or last SSCP connection. If the NSNAS is disconnected from the switch for any reason, the switch will wait this period of time before moving all NSNA enabled ports to the red VLAN. The maximum value, 65535, indicates that no status quo interval is used, and SSA enabled ports will not be moved to the red VLAN. If the NSNAS has disconnected and the status-quo interval timer is running, this value will reflect the remaining time until the status-quo timer will expire." ::= { nsnaScalars 8 } -- ------------------------------------------------------------- -- NSNA NSNAS Table -- ------------------------------------------------------------- nsnaNsnasTable OBJECT-TYPE SYNTAX SEQUENCE OF NsnaNsnasEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of subnets from which NSNASs will connect." ::= { nsnaObjects 2 } nsnaNsnasEntry OBJECT-TYPE SYNTAX NsnaNsnasEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A set of objects that specify a subnet from which NSNASs will connect, along with related configuration parameters." INDEX { nsnaNsnasAddressType, nsnaNsnasAddress, nsnaNsnasAddressMask } ::= { nsnaNsnasTable 1 } NsnaNsnasEntry ::= SEQUENCE { nsnaNsnasAddressType InetAddressType, nsnaNsnasAddress InetAddress, nsnaNsnasAddressMask InetAddressPrefixLength, nsnaNsnasPort InetPortNumber, nsnaNsnasRowStatus RowStatus } nsnaNsnasAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of internet address contained in nsnaNsnasAddress." ::= { nsnaNsnasEntry 1 } nsnaNsnasAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The internet address portion of the NSNAS subnet. This combined with the value of nsnaNsnasAddressMask specifies the subnet of the NSNAS." ::= { nsnaNsnasEntry 2 } nsnaNsnasAddressMask OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS not-accessible STATUS current DESCRIPTION "The address mask portion of the NSNAS subnet. This combined with the value of nsnaNsnasAddress specifies the subnet of the NSNAS." ::= { nsnaNsnasEntry 3 } nsnaNsnasPort OBJECT-TYPE SYNTAX InetPortNumber (1024..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The port on which NSNASs connecting from this subnet will connect." DEFVAL { 5000 } ::= { nsnaNsnasEntry 4 } nsnaNsnasRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object is used for row create/deletion." ::= { nsnaNsnasEntry 5 } -- ------------------------------------------------------------- -- NSNA Port Table -- ------------------------------------------------------------- nsnaPortTable OBJECT-TYPE SYNTAX SEQUENCE OF NsnaPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of per-port NSNA configuration parameters. There must be an entry in this table for each NSNA-capable port." ::= { nsnaObjects 3 } nsnaPortEntry OBJECT-TYPE SYNTAX NsnaPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "NSNA configuration parameters for a port." INDEX { nsnaPortIfIndex } ::= { nsnaPortTable 1 } NsnaPortEntry ::= SEQUENCE { nsnaPortIfIndex InterfaceIndex, nsnaPortMode INTEGER, nsnaPortGreenVlanId NsnaVlanIdOrNone, nsnaPortVoipVlans IdList, nsnaPortUplinkVlans IdList, nsnaPortState INTEGER, nsnaPortDhcpState INTEGER } nsnaPortIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ifIndex corresponding to the port." ::= { nsnaPortEntry 1 } nsnaPortMode OBJECT-TYPE SYNTAX INTEGER { disabled(1), static(2), dynamic(3), uplink(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "The NSNA mode of the port." ::= { nsnaPortEntry 2 } nsnaPortGreenVlanId OBJECT-TYPE SYNTAX NsnaVlanIdOrNone MAX-ACCESS read-write STATUS current DESCRIPTION "The green VLAN ID of the port. This value is only used when the corresponding value of nsnaPortMode is static(2). Otherwise, the value will be 0." ::= { nsnaPortEntry 3 } nsnaPortVoipVlans OBJECT-TYPE SYNTAX IdList MAX-ACCESS read-write STATUS current DESCRIPTION "The set of VOIP VLANs to which this port belongs. This value is only used when the corresponding value of nsnaPortMode is static(2) or dynamic(3)." ::= { nsnaPortEntry 4 } nsnaPortUplinkVlans OBJECT-TYPE SYNTAX IdList MAX-ACCESS read-write STATUS current DESCRIPTION "The set of uplink VLANs to which this port belongs. This value is only used when the corresponding value of nsnaPortMode is uplink(4)." ::= { nsnaPortEntry 5 } nsnaPortState OBJECT-TYPE SYNTAX INTEGER { none(1), red(2), green(3), yellow(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current NSNA color of the port." ::= { nsnaPortEntry 6 } nsnaPortDhcpState OBJECT-TYPE SYNTAX INTEGER { blocked(1), unblocked(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The DHCP state of the port." ::= { nsnaPortEntry 7 } -- ------------------------------------------------------------- -- NSNA VLAN Table -- ------------------------------------------------------------- nsnaVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF NsnaVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of per-Vlan NSNA configuration parameters. There must be an entry in this table for every Vlan." ::= { nsnaObjects 4 } nsnaVlanEntry OBJECT-TYPE SYNTAX NsnaVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "NSNA configuration parameters for a Vlan." INDEX { nsnaVlanId } ::= { nsnaVlanTable 1 } NsnaVlanEntry ::= SEQUENCE { nsnaVlanId VlanId, nsnaVlanColor INTEGER, nsnaVlanFilterSetName SnmpAdminString, nsnaVlanFilterSetId Integer32, nsnaVlanYellowSubnetType InetAddressType, nsnaVlanYellowSubnet InetAddress, nsnaVlanYellowSubnetMask InetAddressPrefixLength } nsnaVlanId OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ID of the Vlan." ::= { nsnaVlanEntry 1 } nsnaVlanColor OBJECT-TYPE SYNTAX INTEGER { none(1), red(2), green(3), yellow(4), voip(5) } MAX-ACCESS read-write STATUS current DESCRIPTION "The NSNA color of the Vlan." ::= { nsnaVlanEntry 2 } nsnaVlanFilterSetName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..255)) MAX-ACCESS read-write STATUS current DESCRIPTION "The name of the filter set associated with the VLAN. An empty value means that no filter set is associated with the VLAN." ::= { nsnaVlanEntry 3 } nsnaVlanFilterSetId OBJECT-TYPE SYNTAX Integer32 (0..1024) MAX-ACCESS read-write STATUS current DESCRIPTION "The ID of the filter set associated with the VLAN. A value of 0 means that no filter set is associated with the VLAN." ::= { nsnaVlanEntry 4 } nsnaVlanYellowSubnetType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION "The type of internet address contained in the corresponding instance of nsnaVlanYellowSubnet." ::= { nsnaVlanEntry 5 } nsnaVlanYellowSubnet OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The yellow subnet address of the VLAN. This value is only used when the corresponding value of nsnaVlanColor is yellow(4)." ::= { nsnaVlanEntry 6 } nsnaVlanYellowSubnetMask OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-write STATUS current DESCRIPTION "The number of bits in the network mask of the yellow subnet address of the VLAN. This value is only used when the corresponding value of nsnaVlanColor is yellow(4)." ::= { nsnaVlanEntry 7 } -- ------------------------------------------------------------- -- NSNA Client Table -- ------------------------------------------------------------- nsnaClientTable OBJECT-TYPE SYNTAX SEQUENCE OF NsnaClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of per-client NSNA state information. There must be an entry in this table for every NSNA client." ::= { nsnaObjects 5 } nsnaClientEntry OBJECT-TYPE SYNTAX NsnaClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "State information for an NSNA client." INDEX { nsnaClientIfIndex, nsnaClientMacAddress } ::= { nsnaClientTable 1 } NsnaClientEntry ::= SEQUENCE { nsnaClientIfIndex InterfaceIndex, nsnaClientMacAddress MacAddress, nsnaClientDeviceType INTEGER, nsnaClientVlanId VlanId, nsnaClientAddressType InetAddressType, nsnaClientAddress InetAddress, nsnaClientExpired TruthValue } nsnaClientIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ifIndex of the port on which the client is attached." ::= { nsnaClientEntry 1 } nsnaClientMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MAC address of the client." ::= { nsnaClientEntry 2 } nsnaClientDeviceType OBJECT-TYPE SYNTAX INTEGER { unknown(0), pc(1), ipPhone(2), passive(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of device of the client." ::= { nsnaClientEntry 3 } nsnaClientVlanId OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "The Vlan ID of the client." ::= { nsnaClientEntry 4 } nsnaClientAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of address contained in the corresponding instance of nsnaClientAddress." ::= { nsnaClientEntry 5 } nsnaClientAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the client." ::= { nsnaClientEntry 6 } nsnaClientExpired OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether this client has been aged-out." ::= { nsnaClientEntry 7 } -- ------------------------------------------------------------- -- NSNA Static Client Table -- ------------------------------------------------------------- nsnaStaticClientTable OBJECT-TYPE SYNTAX SEQUENCE OF NsnaStaticClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of static NSNA client configuration. This is used for authenticating clients on static NSNA ports." ::= { nsnaObjects 6 } nsnaStaticClientEntry OBJECT-TYPE SYNTAX NsnaStaticClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Static NSNA client configuration." INDEX { nsnaStaticClientVlanId, nsnaStaticClientMacAddress } ::= { nsnaStaticClientTable 1 } NsnaStaticClientEntry ::= SEQUENCE { nsnaStaticClientVlanId VlanId, nsnaStaticClientMacAddress MacAddress, nsnaStaticClientDeviceType INTEGER, nsnaStaticClientAddressType InetAddressType, nsnaStaticClientAddress InetAddress, nsnaStaticClientRowStatus RowStatus } nsnaStaticClientVlanId OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The VLAN ID in which a client is allowed." ::= { nsnaStaticClientEntry 1 } nsnaStaticClientMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The MAC address of an allowed client." ::= { nsnaStaticClientEntry 2 } nsnaStaticClientDeviceType OBJECT-TYPE SYNTAX INTEGER { pc(1), ipPhone(2), printer(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The type of device of the allowed client." ::= { nsnaStaticClientEntry 3 } nsnaStaticClientAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of address contained in the corresponding instance of nsnaStaticClientAddress." ::= { nsnaStaticClientEntry 4 } nsnaStaticClientAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address to be used for the allowed client." ::= { nsnaStaticClientEntry 5 } nsnaStaticClientRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Used for row creation/deletion. When creating a row, the corresponding instances of nsnaStaticClientDeviceType, nsnaStaticClientAddressType, and nsnaStaticClientAddress must be set before this object can be made active(1)." ::= { nsnaStaticClientEntry 6 } -- ------------------------------------------------------------- -- NSNA IP Phone Signature String Table -- ------------------------------------------------------------- nsnaIpPhoneSignatureTable OBJECT-TYPE SYNTAX SEQUENCE OF NsnaIpPhoneSignatureEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of IP phone signature string configuration. This is used for recognizing IP phones." ::= { nsnaObjects 7 } nsnaIpPhoneSignatureEntry OBJECT-TYPE SYNTAX NsnaIpPhoneSignatureEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "IP phone signature string configuration." INDEX { IMPLIED nsnaIpPhoneSignatureString } ::= { nsnaIpPhoneSignatureTable 1 } NsnaIpPhoneSignatureEntry ::= SEQUENCE { nsnaIpPhoneSignatureString OCTET STRING, nsnaIpPhoneSignatureRowStatus RowStatus } nsnaIpPhoneSignatureString OBJECT-TYPE SYNTAX OCTET STRING (SIZE(1..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The signature string of an IP phone." ::= { nsnaIpPhoneSignatureEntry 1 } nsnaIpPhoneSignatureRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Used for row creation/deletion." ::= { nsnaIpPhoneSignatureEntry 2 } -- ------------------------------------------------------------- -- NSNA Notification Objects -- ------------------------------------------------------------- nsnaNotificationObjects OBJECT IDENTIFIER ::= { nsnaObjects 8 } nsnaClosedConnectionReason OBJECT-TYPE SYNTAX INTEGER { unknown(1), snasClosedConnection(2), dataStreamCorrupted(3), bufferAllocationFailure(4), messageProcessingFailure(5), inactivityIntervalExpired(6), nsnaAdministrativelyDown(7) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Indicates the reason why the connection to the NSNAS was closed." ::= { nsnaNotificationObjects 1 } nsnaInvalidMessageHeader OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..8)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The header of an invalid message from the NSNAS. Note that if an entire header is not available, only the portion that is available will be provided in this object." ::= { nsnaNotificationObjects 2 } -- ------------------------------------------------------------- -- NSNA Notifications -- ------------------------------------------------------------- nsnaClosedConnectionToSnas NOTIFICATION-TYPE OBJECTS { nsnaClosedConnectionReason } STATUS current DESCRIPTION "This notification is generated whenever the device closes the connection to the NSNAS. The reason why the connection is closed is indicated in nsnaClosedConnectionReason." ::= { nsnaNotifications 1 } nsnaStatusQuoIntervalExpired NOTIFICATION-TYPE STATUS current DESCRIPTION "This notification is generated whenever the status-quo interval expires after the connection to the NSNAS has closed. Note that if the configured status-quo interval is 0 (indicating no status quo interval), this notification will be generated at the same time as the corresponding nsnaClosedConnectionToSnas notification." ::= { nsnaNotifications 2 } nsnaInvalidMessageFromSnas NOTIFICATION-TYPE OBJECTS { nsnaInvalidMessageHeader } STATUS current DESCRIPTION "This notification is generated whenever the device receives an invalid message from the NSNAS. This generally means that the received message is corrupted. As much of the message header as is available will be included in nsnaInvalidMessageHeader." ::= { nsnaNotifications 3 } END