mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
224 lines
7.6 KiB
Plaintext
224 lines
7.6 KiB
Plaintext
-- *****************************************************************
|
|
-- CISCO-USER-CONNECTION-TAP-MIB.my: Cisco intercept extension MIB
|
|
-- for user connections
|
|
-- November 2003,Srinivas Dhulipala
|
|
--
|
|
-- Copyright (c) 2003-2005, 2007 by Cisco Systems Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- ****************************************************************
|
|
|
|
CISCO-USER-CONNECTION-TAP-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
RowStatus
|
|
FROM SNMPv2-TC
|
|
cTap2MediationContentId,
|
|
cTap2StreamIndex
|
|
FROM CISCO-TAP2-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoUserConnectionTapMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200708090000Z"
|
|
ORGANIZATION "Cisco Systems, Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
|
|
Postal:170 W. Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
|
|
Tel:+1 800 553-NETS
|
|
|
|
E-mail:cs-li@cisco.com"
|
|
DESCRIPTION
|
|
"This module manages Cisco's intercept feature for
|
|
user connections.
|
|
|
|
This MIB is used along with CISCO-TAP2-MIB to
|
|
intercept user traffic. CISCO-TAP2-MIB along with
|
|
specific filter MIBs like this MIB replace
|
|
CISCO-TAP-MIB.
|
|
|
|
To create an user connection intercept, an entry
|
|
cuctTapStreamEntry is created which contains the filter
|
|
details. An entry cTap2StreamEntry of CISCO-TAP2-MIB
|
|
is created, which is the common stream information
|
|
for all kinds of intercepts and type of the specific
|
|
stream is set to userconnection in this entry."
|
|
REVISION "200708090000Z"
|
|
DESCRIPTION
|
|
"Correct the DESCRIPTION clause of cutcTapStreamTable."
|
|
REVISION "200403110000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 400 }
|
|
|
|
|
|
cUserConnectionTapMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoUserConnectionTapMIB 1 }
|
|
|
|
cUserConnectionTapMIBConform OBJECT IDENTIFIER
|
|
::= { ciscoUserConnectionTapMIB 2 }
|
|
|
|
cuctTapStreamEncodePacket OBJECT IDENTIFIER
|
|
::= { cUserConnectionTapMIBObjects 1 }
|
|
|
|
|
|
-- The filter specifics for intercepting user connection traffic
|
|
|
|
cuctTapStreamCapabilities OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
tapEnable(0),
|
|
acctSessionId(1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object displays the types of intercepts supported on
|
|
this device. This may be dependent on hardware capabilities
|
|
or software capabilities. The value of this object is non
|
|
zero, if the device supports interception of user connection
|
|
traffic. A device may support both types of intercepts at
|
|
the same time.
|
|
The following fields may be supported:
|
|
acctSessonId: packets belonging to a user connection
|
|
identified by RADIUS attribute
|
|
account-session-ID may be intercepted.
|
|
tapEnable: set if table entries with
|
|
cTap2StreamInterceptEnable set to 'false'
|
|
are used to pre-screen packets for intercept;
|
|
otherwise these entries are ignored."
|
|
::= { cuctTapStreamEncodePacket 1 }
|
|
-- The 'access list' for intercepting data belonging to a user
|
|
-- connection
|
|
|
|
cuctTapStreamTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CuctTapStreamEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Intercept Stream Connection Table lists the user
|
|
connections (sessions) to be intercepted. The same data
|
|
stream may be required by multiple taps, and one might
|
|
assume that often the intercepted stream is a small
|
|
subset of the traffic that could be intercepted.
|
|
|
|
|
|
This essentially provides options for packet selection.
|
|
The only option available is RADIUS attribute 44,
|
|
account session ID. When a user tries to use a service
|
|
provided by a Network Access Server(NAS) such as PPP,
|
|
NAS authenticates the user with RADIUS server. Upon
|
|
successful authentication of the user, the user is
|
|
provided with the requested service and NAS creates an
|
|
accounting record with RADIUS accounting server for
|
|
the user. The NAS assigns a unique account session id
|
|
for the user session in the accounting record created
|
|
with the RADIUS server. The account session ID may be
|
|
used to intercept traffic belonging to the user session.
|
|
|
|
|
|
The value of first index is that of an entry in the
|
|
cTap2MediationTable, which identifies the application
|
|
to which intercepted traffic will be sent to. The second
|
|
index permits connection classifiers to be used to
|
|
identify traffic to be intercepted. The value of the
|
|
second index is that of the stream's counter entry
|
|
in the cTap2StreamTable."
|
|
::= { cuctTapStreamEncodePacket 2 }
|
|
|
|
cuctTapStreamEntry OBJECT-TYPE
|
|
SYNTAX CuctTapStreamEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A stream entry indicates a single data stream to be
|
|
intercepted to a Mediation Device. Many selected data
|
|
streams may go to the same application interface, and
|
|
many application interfaces are supported."
|
|
INDEX {
|
|
cTap2MediationContentId,
|
|
cTap2StreamIndex
|
|
}
|
|
::= { cuctTapStreamTable 1 }
|
|
|
|
CuctTapStreamEntry ::= SEQUENCE {
|
|
cuctTapStreamAcctSessID Unsigned32,
|
|
cuctTapStreamStatus RowStatus
|
|
}
|
|
|
|
cuctTapStreamAcctSessID OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..4294967295 )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This is the RADIUS attribute 44 acct-session-ID. It
|
|
identifies a user connection. It is used to specify
|
|
a user connection to intercept."
|
|
REFERENCE "RFC 2059, RFC 2865"
|
|
DEFVAL { 0 }
|
|
::= { cuctTapStreamEntry 1 }
|
|
|
|
cuctTapStreamStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of this conceptual row. This object manages
|
|
creation, modification, and deletion of rows in this
|
|
table. When any rows must be changed,
|
|
cuctTapStreamStatus must be first set to
|
|
'notInService'."
|
|
::= { cuctTapStreamEntry 2 }
|
|
|
|
|
|
-- conformance information
|
|
|
|
cUserConnectionTapMIBCompliances OBJECT IDENTIFIER
|
|
::= { cUserConnectionTapMIBConform 1 }
|
|
|
|
cUserConnectionTapMIBGroups OBJECT IDENTIFIER
|
|
::= { cUserConnectionTapMIBConform 2 }
|
|
|
|
|
|
-- compliance statement
|
|
|
|
cUserConnectionTapMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement the
|
|
Cisco Intercept MIB for user connections."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { cuctTapStreamComplianceGroup }
|
|
::= { cUserConnectionTapMIBCompliances 1 }
|
|
|
|
-- units of conformance
|
|
|
|
cuctTapStreamComplianceGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
cuctTapStreamCapabilities,
|
|
cuctTapStreamAcctSessID,
|
|
cuctTapStreamStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"These objects are necessary for a description of user
|
|
traffic packets to select for interception."
|
|
::= { cUserConnectionTapMIBGroups 1 }
|
|
|
|
END
|
|
|
|
|
|
|