-- *****************************************************************
-- CISCO-USER-CONNECTION-TAP-MIB.my: Cisco intercept extension MIB
-- for user connections
-- November 2003,Srinivas Dhulipala
--
-- Copyright (c) 2003-2006 by Cisco Systems, Inc.
-- All rights reserved.
--
-- *****************************************************************
--CISCO-USER-CONNECTION-TAP-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,Unsigned32FROM SNMPv2-SMI
MODULE-COMPLIANCE,OBJECT-GROUPFROM SNMPv2-CONF
RowStatusFROM SNMPv2-TC
cTap2MediationContentId, cTap2StreamIndex
FROM CISCO-TAP2-MIB
ciscoMgmt
FROM CISCO-SMI;ciscoUserConnectionTapMIB MODULE-IDENTITY
LAST-UPDATED"200403110000Z"ORGANIZATION"Cisco Systems, Inc."CONTACT-INFO" Cisco Systems
Customer Service
Postal:170 W. Tasman Drive
San Jose, CA 95134
USA
Tel:+1 800 553-NETS
E-mail:cs-li@cisco.com"DESCRIPTION"This module manages Cisco's intercept feature for
user connections.
This MIB is used along with CISCO-TAP2-MIB to
intercept user traffic. CISCO-TAP2-MIB along with
specific filter MIBs like this MIB replace
CISCO-TAP-MIB.
To create an user connection intercept, an entry
cuctTapStreamEntry is created which contains the filter
details. An entry cTap2StreamEntry of CISCO-TAP2-MIB
is created, which is the common stream information
for all kinds of intercepts and type of the specific
stream is set to userconnection in this entry."REVISION"200403110000Z"DESCRIPTION"Initial version of this MIB module."::={ ciscoMgmt 400}cUserConnectionTapMIBObjects OBJECTIDENTIFIER::={ ciscoUserConnectionTapMIB 1}cUserConnectionTapMIBConform OBJECTIDENTIFIER::={ ciscoUserConnectionTapMIB 2}cuctTapStreamEncodePacket OBJECTIDENTIFIER::={ cUserConnectionTapMIBObjects 1}--
-- The filter specifics for intercepting user connection traffic
--cuctTapStreamCapabilities OBJECT-TYPESYNTAXBITS{tapEnable(0),acctSessionId(1)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"This object displays the types of intercepts supported on
this device. This may be dependent on hardware capabilities
or software capabilities. The value of this object is non
zero, if the device supports interception of user connection
traffic. A device may support both types of intercepts at
the same time.
The following fields may be supported:
acctSessonId: packets belonging to a user connection
identified by RADIUS attribute
account-session-ID may be intercepted.
tapEnable: set if table entries with
cTap2StreamInterceptEnable set to 'false'
are used to pre-screen packets for intercept;
otherwise these entries are ignored."::={ cuctTapStreamEncodePacket 1}--
-- The 'access list' for intercepting data belonging to a user
-- connection
--cuctTapStreamTable OBJECT-TYPESYNTAXSEQUENCEOF CuctTapStreamEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The Intercept Stream Connection Table lists the user
connections (sessions) to be intercepted. The same data
stream may be required by multiple taps, and one might
assume that often the intercepted stream is a small
subset of the traffic that could be intercepted.
This essentially provides options for packet selection.
The only option available is RADIUS attribute 44,
account session ID. When a user tries to use a service
provided by a Network Access Server(NAS) such as PPP,
NAS authenticates the user with RADIUS server. Upon
successful authentication of the user, the user is
provided with the requested service and NAS creates an
accounting record with RADIUS accounting server for
the user. RADIUS accounting server assigns a unique
account session id for the user session. The account
session ID may be used to intercept traffic belonging
to the user session.
The value of first index is that of an entry in the
cTap2MediationTable, which identifies the application
to which intercepted traffic will be sent to. The second
index permits connection classifiers to be used to
identify traffic to be intercepted. The value of the
second index is that of the stream's counter entry
in the cTap2StreamTable."::={ cuctTapStreamEncodePacket 2}cuctTapStreamEntry OBJECT-TYPESYNTAX CuctTapStreamEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"A stream entry indicates a single data stream to be
intercepted to a Mediation Device. Many selected data
streams may go to the same application interface, and
many application interfaces are supported."INDEX{ cTap2MediationContentId, cTap2StreamIndex }::={ cuctTapStreamTable 1}
CuctTapStreamEntry ::=SEQUENCE{
cuctTapStreamAcctSessID Unsigned32,
cuctTapStreamStatus RowStatus}cuctTapStreamAcctSessID OBJECT-TYPESYNTAXUnsigned32(0..4294967295)MAX-ACCESSread-createSTATUScurrentDESCRIPTION
"This is the RADIUS attribute 44 acct-session-ID. It
identifies a user connection. It is used to specify
a user connection to intercept."REFERENCE"RFC 2059, RFC 2865"DEFVAL{0}::={ cuctTapStreamEntry 1}cuctTapStreamStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The status of this conceptual row. This object manages
creation, modification, and deletion of rows in this
table. When any rows must be changed,
cuctTapStreamStatus must be first set to
'notInService'."::={ cuctTapStreamEntry 2}-- conformance informationcUserConnectionTapMIBCompliances OBJECTIDENTIFIER::={ cUserConnectionTapMIBConform 1}cUserConnectionTapMIBGroups OBJECTIDENTIFIER::={ cUserConnectionTapMIBConform 2}-- compliance statementcUserConnectionTapMIBCompliance MODULE-COMPLIANCESTATUScurrent
DESCRIPTION"The compliance statement for entities which implement the
Cisco Intercept MIB for user connections."MODULE-- this moduleMANDATORY-GROUPS{
cuctTapStreamComplianceGroup
}::={ cUserConnectionTapMIBCompliances 1}-- units of conformancecuctTapStreamComplianceGroup OBJECT-GROUPOBJECTS{
cuctTapStreamCapabilities,
cuctTapStreamAcctSessID,
cuctTapStreamStatus
}STATUScurrentDESCRIPTION"These objects are necessary for a description of user
traffic packets to select for interception."::={ cUserConnectionTapMIBGroups 1}END