mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
579 lines
18 KiB
Plaintext
579 lines
18 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-ADMISSION-POLICY-MIB.my
|
|
--
|
|
-- April 2008, Edward Pham
|
|
--
|
|
-- Copyright (c) 2008 by cisco Systems Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
|
|
CISCO-ADMISSION-POLICY-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Gauge32,
|
|
Integer32,
|
|
Counter32
|
|
FROM SNMPv2-SMI
|
|
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
|
|
TEXTUAL-CONVENTION,
|
|
MacAddress
|
|
FROM SNMPv2-TC
|
|
|
|
InetAddressType,
|
|
InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
|
|
InterfaceIndex
|
|
FROM IF-MIB
|
|
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
ciscoAdmissionPolicyMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200806110000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel: +1 800 553-NETS
|
|
|
|
E-mail: cs-snmp@cisco.com"
|
|
DESCRIPTION
|
|
"This MIB module defines managed objects that facilitate
|
|
the management of policies upon host(s) admission to
|
|
a network.
|
|
|
|
The information available through this MIB includes:
|
|
|
|
o Statistics information such as number of total and
|
|
active sessions.
|
|
|
|
o Session information such as IP and MAC address of
|
|
host, client type, and session state.
|
|
|
|
o QoS and Security policy applied to host traffic upon
|
|
host admission to a network.
|
|
|
|
The following terms are used throughout this MIB:
|
|
|
|
QoS (Quality of Service) is the method which attempts
|
|
to ensure that the network requirements of different
|
|
applications can be met by giving preferential forwarding
|
|
treatment to some traffic.
|
|
|
|
ACL (Access Control List) which contains filters used
|
|
to identify traffic flows with certain characteristics.
|
|
|
|
Downloadable ACL is a set of filters, configured on the
|
|
RADIUS server which are downloaded during authorization
|
|
phase of admission features like dot1x, authProxy, etc.
|
|
|
|
SGT (Security Group Tag) is a unique 16 bits value assigned
|
|
to every security group and used by network devices to
|
|
enforce network policies.
|
|
|
|
URL: Universal Resource Locator.
|
|
|
|
URL-Redirect ACL is used for URL redirection feature. Any
|
|
ingress HTTP from the host that matches the ACL content
|
|
is subjected to redirection to the URL address specified by
|
|
the URL-Redirect string.
|
|
|
|
URL redirect string is the URL to which HTTP traffic to
|
|
the host would be redirected."
|
|
REVISION "200806110000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 653 }
|
|
|
|
--
|
|
-- Definitions of textual convention
|
|
--
|
|
|
|
CapSessionId ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An octet string describes an unique session identification."
|
|
SYNTAX OCTET STRING (SIZE (1..64))
|
|
|
|
CapQosPolicy ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "255a"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An octet string, preferably in human-readable form,
|
|
describes a QoS policy."
|
|
SYNTAX OCTET STRING (SIZE (0..255))
|
|
|
|
CapAclName ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "255a"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An octet string, preferably in human-readable form,
|
|
describes the name of an ACL."
|
|
SYNTAX OCTET STRING (SIZE (0..255))
|
|
|
|
CapURLString ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention defines the URL string.
|
|
The Universal Resource Locator (URL). The URL strings
|
|
are compact string representation for a resource
|
|
available via internet. This is the address location
|
|
of the page to load. The string should represent a
|
|
fully qualifying string with the format
|
|
'protocol:/server/page'. In general the string should
|
|
point to any value that can be saved/loaded.
|
|
Any limitation for the URL must be defined as part of
|
|
the description of any object which uses this syntax.
|
|
The description of any object which uses this syntax
|
|
must specifically describe the meaning of zero length
|
|
value."
|
|
REFERENCE
|
|
"Uniform Resource Locators. RFC 1738."
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
|
|
CapPolicyState ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This textual convention indicates the current state
|
|
of a policy applied to host traffic.
|
|
|
|
'notApplicable' indicates that the policy is not applicable.
|
|
|
|
'success' indicates that the policy is applied successfully.
|
|
|
|
'failure' indicates that the policy is failed to apply.
|
|
|
|
'inProgress' indicates that the policy application is
|
|
in progress.
|
|
|
|
'ipWait' indicates that the policy is waiting for IP
|
|
address assignment. "
|
|
SYNTAX INTEGER {
|
|
notApplicable(1),
|
|
success(2),
|
|
failure(3),
|
|
inProgress(4),
|
|
ipWait(5)
|
|
}
|
|
--
|
|
-- Objects definition
|
|
--
|
|
|
|
ciscoAdmissionPolicyMIBNotifs OBJECT IDENTIFIER
|
|
::= { ciscoAdmissionPolicyMIB 0 }
|
|
|
|
ciscoAdmissionPolicyMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoAdmissionPolicyMIB 1 }
|
|
|
|
ciscoAdmissionPolicyMIBConformance OBJECT IDENTIFIER
|
|
::= { ciscoAdmissionPolicyMIB 2 }
|
|
|
|
capSessions
|
|
OBJECT IDENTIFIER ::= { ciscoAdmissionPolicyMIBObjects 1 }
|
|
|
|
|
|
--
|
|
-- capSessions
|
|
--
|
|
|
|
capTotalSessions OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the total numbers of sessions
|
|
created in the device since the last system reset."
|
|
::= { capSessions 1 }
|
|
|
|
capActiveSessions OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the currently active sessions
|
|
in the device."
|
|
::= { capSessions 2 }
|
|
|
|
--
|
|
-- Session Information Table
|
|
--
|
|
|
|
capSidSessionInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CapSidSessionInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists admission policy sessions based on unique
|
|
session identifier.
|
|
|
|
An entry is created by the agent when an admission policy
|
|
session has successfully registered to the system.
|
|
|
|
An entry is deleted by the agent upon de-registration of the
|
|
admission policy session with system."
|
|
::= { capSessions 3 }
|
|
|
|
capSidSessionInfoEntry OBJECT-TYPE
|
|
SYNTAX CapSidSessionInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each row contains the management information of a particular
|
|
active session based on unique session identifier."
|
|
INDEX { IMPLIED capSidSessionIndex }
|
|
::= { capSidSessionInfoTable 1 }
|
|
|
|
CapSidSessionInfoEntry ::= SEQUENCE {
|
|
capSidSessionIndex CapSessionId,
|
|
capSidSessionIfIndex InterfaceIndex,
|
|
capSidSessionMacAddress MacAddress,
|
|
capSidSessionAddressType InetAddressType,
|
|
capSidSessionAddress InetAddress,
|
|
capSidSessionFeatureType BITS
|
|
}
|
|
|
|
capSidSessionIndex OBJECT-TYPE
|
|
SYNTAX CapSessionId
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object uniquely identifies a session."
|
|
::= { capSidSessionInfoEntry 1 }
|
|
|
|
capSidSessionIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the ifIndex value of the interface
|
|
on which the session is established."
|
|
::= { capSidSessionInfoEntry 2 }
|
|
|
|
capSidSessionMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the MAC address of the host."
|
|
::= { capSidSessionInfoEntry 3 }
|
|
|
|
capSidSessionAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of Internet address
|
|
assigned for the host."
|
|
::= { capSidSessionInfoEntry 4 }
|
|
|
|
capSidSessionAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Internet address assigned for
|
|
the host. The type of this address is determined by
|
|
the value of capSidSessionAddressType object."
|
|
::= { capSidSessionInfoEntry 5 }
|
|
|
|
capSidSessionFeatureType OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
dot1x(0),
|
|
mab(1),
|
|
eou(2),
|
|
authProxy(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the admission features associated
|
|
with the session.
|
|
|
|
'dot1x' indicates that the admission feature is
|
|
802.1x feature.
|
|
|
|
'mab' indicates that the admission feature is
|
|
Mac Authentication Bypass feature.
|
|
|
|
'eou' indicates that the admission feature is
|
|
Extensible Authentication Protocol over UDP feature.
|
|
|
|
'authProxy' indicates that the admission feature is
|
|
Authentication Proxy feature."
|
|
::= { capSidSessionInfoEntry 6 }
|
|
|
|
--
|
|
-- Session Policy Table
|
|
--
|
|
|
|
capSidSessionPolicyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CapSidSessionPolicyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists the policies that will be enforced
|
|
per session per admission feature. The session in this
|
|
table should have a corresponding entry in
|
|
capSidSessionInfoTable."
|
|
::= { capSessions 4 }
|
|
|
|
capSidSessionPolicyEntry OBJECT-TYPE
|
|
SYNTAX CapSidSessionPolicyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each row contains the management information of a
|
|
particular admission feature of a session."
|
|
INDEX { capSidSessionIndex, capSidSessionPolicyIndex }
|
|
::= { capSidSessionPolicyTable 1 }
|
|
|
|
CapSidSessionPolicyEntry ::= SEQUENCE {
|
|
capSidSessionPolicyIndex INTEGER,
|
|
capSidIngressQosPolicy CapQosPolicy,
|
|
capSidIngressQosPolicyState CapPolicyState,
|
|
capSidEgressQosPolicy CapQosPolicy,
|
|
capSidEgressQosPolicyState CapPolicyState,
|
|
capSidDownloadableAclName CapAclName,
|
|
capSidDownloadableAclState CapPolicyState,
|
|
capSidUrlRedirectAclName CapAclName,
|
|
capSidUrlRedirectAclState CapPolicyState,
|
|
capSidRedirectUrlString CapURLString,
|
|
capSidRedirectUrlStringState CapPolicyState,
|
|
capSidSecurityGroupTag Integer32
|
|
}
|
|
|
|
capSidSessionPolicyIndex OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
dot1x(1),
|
|
mab(2),
|
|
eou(3),
|
|
authProxy(4)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the admission feature which
|
|
a host is subjected to in a session.
|
|
|
|
'dot1x' indicates that the admission feature is
|
|
802.1x feature.
|
|
|
|
'mab' indicates that the admission feature is
|
|
Mac Authentication Bypass feature.
|
|
|
|
'eou' indicates that the admission feature is
|
|
Extensible Authentication Protocol over UDP feature.
|
|
|
|
'authProxy' indicates that the admission feature is
|
|
Authentication Proxy feature."
|
|
::= { capSidSessionPolicyEntry 1 }
|
|
|
|
capSidIngressQosPolicy OBJECT-TYPE
|
|
SYNTAX CapQosPolicy
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the name of an existing QoS
|
|
policy which will be applied to incoming traffic
|
|
in this session. An empty string indicates that no such
|
|
policy is applied."
|
|
::= { capSidSessionPolicyEntry 2 }
|
|
|
|
capSidIngressQosPolicyState OBJECT-TYPE
|
|
SYNTAX CapPolicyState
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the current state of the
|
|
QoS policy which will be applied to incoming traffic
|
|
in this session."
|
|
::= { capSidSessionPolicyEntry 3 }
|
|
|
|
capSidEgressQosPolicy OBJECT-TYPE
|
|
SYNTAX CapQosPolicy
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the name of an existing QoS
|
|
policy which will be applied to outgoing traffic
|
|
in this session. An empty string indicates that no
|
|
such policy is applied."
|
|
::= { capSidSessionPolicyEntry 4 }
|
|
|
|
capSidEgressQosPolicyState OBJECT-TYPE
|
|
SYNTAX CapPolicyState
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the current state of the QoS
|
|
policy which will be applied to outgoing traffic
|
|
in this session."
|
|
::= { capSidSessionPolicyEntry 5 }
|
|
|
|
capSidDownloadableAclName OBJECT-TYPE
|
|
SYNTAX CapAclName
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the name of a Downloadable
|
|
ACL which will be applied to the host traffic.
|
|
An empty string indicates that no such ACL is
|
|
applied."
|
|
::= { capSidSessionPolicyEntry 6 }
|
|
|
|
capSidDownloadableAclState OBJECT-TYPE
|
|
SYNTAX CapPolicyState
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the state of this session
|
|
downloadable ACL policy."
|
|
::= { capSidSessionPolicyEntry 7 }
|
|
|
|
capSidUrlRedirectAclName OBJECT-TYPE
|
|
SYNTAX CapAclName
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the ACL name that redirected traffic
|
|
from the host will be subjected to. An empty string indicates
|
|
that no such ACL is applied."
|
|
::= { capSidSessionPolicyEntry 8 }
|
|
|
|
capSidUrlRedirectAclState OBJECT-TYPE
|
|
SYNTAX CapPolicyState
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the state of this session
|
|
URL-Redirect ACL policy."
|
|
::= { capSidSessionPolicyEntry 9 }
|
|
|
|
capSidRedirectUrlString OBJECT-TYPE
|
|
SYNTAX CapURLString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the URL that traffic from
|
|
the host will be redirected to. An empty string indicates
|
|
that no such URL is applied."
|
|
::= { capSidSessionPolicyEntry 10 }
|
|
|
|
capSidRedirectUrlStringState OBJECT-TYPE
|
|
SYNTAX CapPolicyState
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the state of this session
|
|
URL-Redirect string policy."
|
|
::= { capSidSessionPolicyEntry 11 }
|
|
|
|
capSidSecurityGroupTag OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the SGT value assigned to the
|
|
host that initiated this session. Value of -1 indicates
|
|
that there is no SGT value assigned."
|
|
::= { capSidSessionPolicyEntry 12 }
|
|
|
|
--
|
|
-- Conformance
|
|
--
|
|
|
|
ciscoAdmissionPolicyMIBCompliances
|
|
OBJECT IDENTIFIER ::= { ciscoAdmissionPolicyMIBConformance 1 }
|
|
|
|
ciscoAdmissionPolicyMIBGroups
|
|
OBJECT IDENTIFIER ::= { ciscoAdmissionPolicyMIBConformance 2 }
|
|
|
|
ciscoAdmissionPolicyMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for the CISCO-ADMISSION-POLICY-MIB"
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
capSessionStatisticsGroup
|
|
}
|
|
|
|
GROUP capSidSessionPolicyGroup
|
|
DESCRIPTION
|
|
"This group is mandatory only for platforms which support
|
|
policy information for a session based on unique session
|
|
identifier."
|
|
|
|
GROUP capSidSessionInfoGroup
|
|
DESCRIPTION
|
|
"This group is mandatory only for platforms which provide
|
|
session information based on unique session identifier."
|
|
|
|
::= { ciscoAdmissionPolicyMIBCompliances 1 }
|
|
|
|
--
|
|
-- Units of Conformance
|
|
--
|
|
|
|
capSessionStatisticsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
capTotalSessions,
|
|
capActiveSessions
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of object which provides session statistics
|
|
information in the device."
|
|
::= { ciscoAdmissionPolicyMIBGroups 1 }
|
|
|
|
capSidSessionInfoGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
capSidSessionAddressType,
|
|
capSidSessionAddress,
|
|
capSidSessionIfIndex,
|
|
capSidSessionMacAddress,
|
|
capSidSessionFeatureType
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects which provides managed information
|
|
of a session based on unique session identifier."
|
|
::= { ciscoAdmissionPolicyMIBGroups 2 }
|
|
|
|
capSidSessionPolicyGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
capSidIngressQosPolicy,
|
|
capSidIngressQosPolicyState,
|
|
capSidEgressQosPolicy,
|
|
capSidEgressQosPolicyState,
|
|
capSidDownloadableAclName,
|
|
capSidDownloadableAclState,
|
|
capSidRedirectUrlString,
|
|
capSidRedirectUrlStringState,
|
|
capSidUrlRedirectAclName,
|
|
capSidUrlRedirectAclState,
|
|
capSidSecurityGroupTag
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects which provides policy information
|
|
in a session based on unique session identifier."
|
|
::= { ciscoAdmissionPolicyMIBGroups 3 }
|
|
|
|
END
|
|
|
|
|
|
|