CISCO-POLICY-GROUP-MIB.my

-- *****************************************************************
-- CISCO-POLICY-GROUP-MIB
--
-- January 2006, Edward Pham
--
-- Copyright (c) 2006 by cisco Systems, Inc.
-- All rights reserved.
-- *****************************************************************

CISCO-POLICY-GROUP-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, 
    OBJECT-TYPE, 
    Unsigned32
        FROM SNMPv2-SMI

    MODULE-COMPLIANCE,
    OBJECT-GROUP
        FROM SNMPv2-CONF

    TEXTUAL-CONVENTION,
    RowStatus
        FROM SNMPv2-TC

    InetAddressType,
    InetAddress
        FROM INET-ADDRESS-MIB

    ciscoMgmt
        FROM CISCO-SMI;

ciscoPolicyGroupMIB MODULE-IDENTITY
    LAST-UPDATED "200601131600Z"
    ORGANIZATION "Cisco Systems, Inc."
    CONTACT-INFO
        "        Cisco Systems
                 Customer Service

         Postal: 170 W Tasman Drive
                 San Jose, CA 95134
                 USA

            Tel: +1 800 553-NETS

         E-mail: cs-lan-switch-snmp@cisco.com"
    DESCRIPTION
        "The MIB module is for configuration of policy and
         policy group. A policy group can be described as a set 
         of entities identified by IP addresses or other means.
         Members of a policy group will be subjected to the same policy.
         In this MIB, user can apply a policy to policy group(s)
         as well as configure and retrieve the group membership." 
    REVISION    "200601131600Z"
    DESCRIPTION
        "Initial revision of this MIB module."
    ::= { ciscoMgmt 507 } 

--
--  Definitions of textual convention
--

CpgPolicyName ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "128a"
    STATUS  current
    DESCRIPTION
        "An octet string, preferably in human-readable form,
        describes the name of a policy."
    SYNTAX  OCTET STRING (SIZE (1..128))

CpgPolicyNameOrEmpty ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "128a"
    STATUS  current
    DESCRIPTION
        "This textual convention is an extension of the
        CpgPolicyName convention. The latter defines a non-empty
        policy name. This extension permits the additional value
        of empty string."
    SYNTAX  OCTET STRING (SIZE (0..128))

CpgGroupName ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "128a"
    STATUS  current
    DESCRIPTION
        "An octet string, preferably in human-readable form,
        describes the name of a policy group."
    SYNTAX  OCTET STRING (SIZE (1..128))

--
--     MIB object definitions
--

ciscoPolicyGroupMIBNotifs
    OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIB 0 }
ciscoPolicyGroupMIBObjects
    OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIB 1 }
ciscoPolicyGroupMIBConformance
    OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIB 2 }

cpgGroup
    OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIBObjects 1 }

cpgPolicy
    OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIBObjects 2 }

--
--  cpgGroupTable
--

cpgGroupTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF CpgGroupEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
          "A table indicates the policy groups in the device."
        ::= { cpgGroup 1 }
 
cpgGroupEntry OBJECT-TYPE
    SYNTAX       CpgGroupEntry 
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "A row instance contains the name of a policy group,
         the source method which creates this group, the number
         of IP addresses contained in the group and the status
         of this instance. A row instance can be created or removed
         by the system or by setting the appropriate value
         of the RowStatus object." 
    INDEX { IMPLIED cpgGroupName }
    ::= { cpgGroupTable 1 }

CpgGroupEntry ::= SEQUENCE {
    cpgGroupName          CpgGroupName, 
    cpgGroupSourceType    INTEGER,
    cpgGroupIpAddrCount   Unsigned32,
    cpgGroupRowStatus     RowStatus
}
 
cpgGroupName OBJECT-TYPE
    SYNTAX      CpgGroupName 
    MAX-ACCESS  not-accessible 
    STATUS      current
    DESCRIPTION
        "Indicates the name of a policy group in the device."
    ::= { cpgGroupEntry 1 }

cpgGroupSourceType OBJECT-TYPE
    SYNTAX      INTEGER { 
                    unknown(1), 
                    accessList(2),
                    configured(3)
                } 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the source i.e. the method used to create this
         group.

         unknown(1) indicates that the source of this group cannot
         be identified.

         accessList(2) indicates that this group is added via
         the ACL (Access Control List) feature.

         configured(3) indicates that this group is added via 
         this policy group configuration."
    ::= { cpgGroupEntry 2 }

cpgGroupIpAddrCount OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the number of IP address(es) contained in 
         this group. This is the number of entries for this group
         in the cpgGroupIpTable. The initial value of this object
         in a row created via cpgGroupRowStatus object is zero." 
    ::= { cpgGroupEntry 3 }

cpgGroupRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object is used to manage the creation and deletion
        of rows in this table."
    ::= { cpgGroupEntry 4 }

--
-- The cpgGroupIpTable
--

cpgGroupIpTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF CpgGroupIpEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "A table provides management information for policy group
        and its IP address(es) membership in the device."
    ::= { cpgGroup 2 }
 
cpgGroupIpEntry OBJECT-TYPE
    SYNTAX       CpgGroupIpEntry 
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "A row instance contains the IP address mask, source type
        and its status. A row instance can be created or removed
        by the system or by setting the appropriate value of its
        RowStatus object.

        A row instance is indexed by a group name, type and value
        of an IP address. The group name index must exist in the
        cpgGroupTable. If a group name is deleted from cpgGroupTable,
        entries in this table using this group as an index will also be
        automatically removed."
    INDEX { cpgGroupIpGroupName,
            cpgGroupIpAddrType,
            cpgGroupIpAddress 
          }
    ::= { cpgGroupIpTable 1 }

CpgGroupIpEntry ::= SEQUENCE {
    cpgGroupIpGroupName       CpgGroupName, 
    cpgGroupIpAddrType        InetAddressType,
    cpgGroupIpAddress         InetAddress,
    cpgGroupIpMask            InetAddress,
    cpgGroupIpSourceType      INTEGER, 
    cpgGroupIpRowStatus       RowStatus
}
 
cpgGroupIpGroupName OBJECT-TYPE
    SYNTAX      CpgGroupName 
    MAX-ACCESS  not-accessible 
    STATUS      current
    DESCRIPTION
        "Indicates the policy group name. This group should exist in
         cpgGroupTable." 
    ::= { cpgGroupIpEntry 1 }

cpgGroupIpAddrType OBJECT-TYPE
    SYNTAX      InetAddressType
    MAX-ACCESS  not-accessible 
    STATUS      current
    DESCRIPTION
        "The type of Internet address of a group member." 
    ::= { cpgGroupIpEntry 2 }

cpgGroupIpAddress OBJECT-TYPE
    SYNTAX      InetAddress (SIZE (1..64))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The Internet address of a group member.
         The type of this address is determined by
         the value of the cpgGroupIpAddrType object.
         The cpgGroupIpAddress may not be empty due to the SIZE
         restriction."
    ::= { cpgGroupIpEntry 3 }

cpgGroupIpMask OBJECT-TYPE
    SYNTAX      InetAddress
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Specifies the mask to be logical-ANDed with the IP address
        denoted in cpgGroupIpAddress object to indicate IP address
        group membership. The type of this mask is determined by
        the value of the cpgGroupIpAddrType object.

        Value of this object can not be modified when the corresponding
        instance of cpgGroupIpRowStatus is 'active'."
    DEFVAL { 'FFFFFFFF'H } -- 255.255.255.255
    ::= { cpgGroupIpEntry 4 }

cpgGroupIpSourceType OBJECT-TYPE
    SYNTAX      INTEGER {
                    other(1),
                    configured(2),
                    dot1x(3),
                    nac(4),
                    webAuth(5),
                    macAuth(6)
                } 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the source of this IP address.

         other(1) indicates the source of this IP address is
         not one of the following types.

         configured(2) indicates this IP address is configured 
         via this policy group and IP address configuration.

         dot1x(3) indicates this IP address is added by 
         802.1x feature.

         nac(4) indicates this IP address is added by 
         NAC (network admission control) feature.

         webAuth(5) indicates this IP address is added 
         by Web-Proxy Authentication feature.

         macAuth(6) indicatest this IP address is added 
         by MAC Authentication Bypass feature."
    ::= { cpgGroupIpEntry 5 }

cpgGroupIpRowStatus OBJECT-TYPE
    SYNTAX      RowStatus 
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object is used to manage the creation and deletion
        of rows in this table. Once a row becomes active, values
        within this row cannot be modified, except by setting this 
        object value to 'notInService' first, or deleting and
        re-creating it.

        A conceptual row can be removed by setting this object
        value to 'destroy' if and only if the value of corresponding
        instance of cpgGroupIpSourceType is 'configured'."
    ::= { cpgGroupIpEntry 6 }

--
-- Policy group  
-- 

cpgPolicyTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF CpgPolicyEntry
        MAX-ACCESS   not-accessible
        STATUS       current
        DESCRIPTION
          "A table describes the policies in the device."
        ::= { cpgPolicy 1 }
 
cpgPolicyEntry OBJECT-TYPE
    SYNTAX       CpgPolicyEntry 
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "A row instance contains the name of a policy
         in the device." 
    INDEX { IMPLIED cpgPolicyName }
    ::= { cpgPolicyTable 1 }

CpgPolicyEntry ::= SEQUENCE {
    cpgPolicyName        CpgPolicyName,
    cpgPolicyGroupCount  Unsigned32 
}
 
cpgPolicyName OBJECT-TYPE
    SYNTAX     CpgPolicyName 
    MAX-ACCESS  not-accessible 
    STATUS      current
    DESCRIPTION
        "Indicates a policy name in the device."
    ::= { cpgPolicyEntry 1 }

cpgPolicyGroupCount OBJECT-TYPE
    SYNTAX      Unsigned32 
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Indicates the number of policy group(s) associated with 
         this policy. This is the number of entries for this policy 
         in the cpgPolicyGroupTable."
    ::= { cpgPolicyEntry 2 }

-- 
-- The Policy Group Table
--

cpgPolicyGroupTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF CpgPolicyGroupEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "A table provides the mechanism to configure association
        between a policy and a policy group. When a policy associates
        with a policy group, this policy is applied to all the
        members of the group. A policy can associate with
        multiple groups and vice versa." 
    ::= { cpgPolicy 2 }
 
cpgPolicyGroupEntry OBJECT-TYPE
    SYNTAX       CpgPolicyGroupEntry 
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
        "A row instance contains the RowStatus object to configure
        the association between a policy and a policy group. A row
        instance can be created or removed by the system or by setting
        the appropriate value of the RowStatus object.

        A row instance is indexed by a policy name and a policy group
        name.  The policy name index must exist in cpgPolicyTable. The
        policy group name index must exist in cpgGroupTable. If a policy
        group is removed from cpgGroupTable, entries in this table
        using this group as an index will be automatically removed."
    INDEX { cpgPolicyGroupPolicyName, 
            IMPLIED cpgPolicyGroupGroupName } 
    ::= { cpgPolicyGroupTable 1 }

CpgPolicyGroupEntry ::= SEQUENCE {
    cpgPolicyGroupPolicyName         CpgPolicyName, 
    cpgPolicyGroupGroupName          CpgGroupName, 
    cpgPolicyGroupRowStatus          RowStatus
}
 
cpgPolicyGroupPolicyName OBJECT-TYPE
    SYNTAX      CpgPolicyName 
    MAX-ACCESS  not-accessible 
    STATUS      current
    DESCRIPTION
        "This object indicates the policy name used to associate
        to the group denoted by cpgPolicyGroupGroupName. This policy 
        must exist in cpgPolicyTable." 
    ::= { cpgPolicyGroupEntry 1 }

cpgPolicyGroupGroupName OBJECT-TYPE
    SYNTAX      CpgGroupName 
    MAX-ACCESS  not-accessible 
    STATUS      current
    DESCRIPTION
        "This object indicates the group name used to associate
        to the policy denoted by cpgPolicyGroupPolicyName. This
        group must exist in cpgGroupTable." 
    ::= { cpgPolicyGroupEntry 2 }

cpgPolicyGroupRowStatus OBJECT-TYPE
    SYNTAX      RowStatus 
    MAX-ACCESS  read-create 
    STATUS      current
    DESCRIPTION
        "This object is used to manage the creation and deletion
        of rows in this table."
    ::= { cpgPolicyGroupEntry 3 }

--
-- Conformance
--

ciscoPolicyGroupMIBCompliances
    OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIBConformance 1 }

ciscoPolicyGroupMIBGroups
    OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIBConformance 2 }

ciscoPolicyGroupMIBCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "The compliance statement for the CISCO-POLICY-GROUP-MIB"
    MODULE
    MANDATORY-GROUPS { 
            ciscoCpgPolicyInfoGroup,
            ciscoCpgGroupInfoGroup,
            ciscoCpgGroupIpInfoGroup,
            ciscoCpgPolicyGroupInfoGroup
    }

    OBJECT   cpgGroupIpRowStatus
    SYNTAX   INTEGER { active(1), createAndGo(4), destroy(6) }
    DESCRIPTION
        "Support for 'createAndWait' is not required."

    OBJECT   cpgPolicyGroupRowStatus
    SYNTAX   INTEGER { active(1), createAndGo(4), destroy(6) }
    DESCRIPTION
        "Support for 'createAndWait' is not required."

    ::= { ciscoPolicyGroupMIBCompliances 1 }

-- Units of Conformance

ciscoCpgGroupInfoGroup OBJECT-GROUP
    OBJECTS {
        cpgGroupSourceType,
        cpgGroupIpAddrCount,
        cpgGroupRowStatus
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides information on
         policy groups in the device." 
    ::= { ciscoPolicyGroupMIBGroups 1 }

ciscoCpgGroupIpInfoGroup OBJECT-GROUP
    OBJECTS {
        cpgGroupIpMask,
        cpgGroupIpSourceType,
        cpgGroupIpRowStatus
    }
    STATUS current
    DESCRIPTION
        "A collection of objects which provides information on
         policy group and IP addresses membership." 
    ::= { ciscoPolicyGroupMIBGroups 2 }

ciscoCpgPolicyInfoGroup OBJECT-GROUP
    OBJECTS {
        cpgPolicyGroupCount
    } 
    STATUS current
    DESCRIPTION
        "A collection of objects which provides the policies data 
         in the device." 
    ::= { ciscoPolicyGroupMIBGroups 3 }

ciscoCpgPolicyGroupInfoGroup OBJECT-GROUP
    OBJECTS {
        cpgPolicyGroupRowStatus
    }
    STATUS current
    DESCRIPTION
        "A collection of object which provides information on
        group and policy association." 
    ::= { ciscoPolicyGroupMIBGroups 4 }

END
OID .1.3.6.1.4.1.9.9.507OID .1.3.6.1.4.1.9.9.507.0OID .1.3.6.1.4.1.9.9.507.1OID .1.3.6.1.4.1.9.9.507.1.1OID .1.3.6.1.4.1.9.9.507.1.1.1OID .1.3.6.1.4.1.9.9.507.1.1.1.1OID .1.3.6.1.4.1.9.9.507.1.1.1.1.1OID .1.3.6.1.4.1.9.9.507.1.1.1.1.2OID .1.3.6.1.4.1.9.9.507.1.1.1.1.3OID .1.3.6.1.4.1.9.9.507.1.1.1.1.4OID .1.3.6.1.4.1.9.9.507.1.1.2OID .1.3.6.1.4.1.9.9.507.1.1.2.1OID .1.3.6.1.4.1.9.9.507.1.1.2.1.1OID .1.3.6.1.4.1.9.9.507.1.1.2.1.2OID .1.3.6.1.4.1.9.9.507.1.1.2.1.3OID .1.3.6.1.4.1.9.9.507.1.1.2.1.4OID .1.3.6.1.4.1.9.9.507.1.1.2.1.5OID .1.3.6.1.4.1.9.9.507.1.1.2.1.6OID .1.3.6.1.4.1.9.9.507.1.2OID .1.3.6.1.4.1.9.9.507.1.2.1OID .1.3.6.1.4.1.9.9.507.1.2.1.1OID .1.3.6.1.4.1.9.9.507.1.2.1.1.1OID .1.3.6.1.4.1.9.9.507.1.2.1.1.2OID .1.3.6.1.4.1.9.9.507.1.2.2OID .1.3.6.1.4.1.9.9.507.1.2.2.1OID .1.3.6.1.4.1.9.9.507.1.2.2.1.1OID .1.3.6.1.4.1.9.9.507.1.2.2.1.2OID .1.3.6.1.4.1.9.9.507.1.2.2.1.3OID .1.3.6.1.4.1.9.9.507.2OID .1.3.6.1.4.1.9.9.507.2.1OID .1.3.6.1.4.1.9.9.507.2.1.1OID .1.3.6.1.4.1.9.9.507.2.2OID .1.3.6.1.4.1.9.9.507.2.2.1OID .1.3.6.1.4.1.9.9.507.2.2.2OID .1.3.6.1.4.1.9.9.507.2.2.3OID .1.3.6.1.4.1.9.9.507.2.2.4