-- *****************************************************************
-- REDSTONE-IP-POLICY-MIB
--
-- Redstone Communications Inc. Enterprise MIB
-- Extensions for IP Policy management
--
-- Copyright 1998-2000 Redstone Communications, Incorporated.
-- All Rights Reserved.
-- *****************************************************************REDSTONE-IP-POLICY-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE,Integer32,IpAddressFROM SNMPv2-SMI
RowStatus
FROM SNMPv2-TC
MODULE-COMPLIANCE,OBJECT-GROUPFROM SNMPv2-CONF
rsMgmt
FROM REDSTONE-SMI;rsIpPolicyMIB MODULE-IDENTITYLAST-UPDATED"200007200000Z"ORGANIZATION"Redstone Communications, Inc."CONTACT-INFO"
Redstone Communications, Inc.
5 Carlisle Road
Westford MA 01886
USA
Tel: +1-978-692-1999
Email: mib@redstonecom.com
"DESCRIPTION"The IP Policy MIB for the
Redstone Communications Inc. enterprise."REVISION"200007200000Z"DESCRIPTION"Expanded (numbered) Access List index range from 199 to 10000."REVISION"200005020000Z"DESCRIPTION"Added Named Access List support."REVISION"9801010000Z"DESCRIPTION"Initial version of this MIB module."::={ rsMgmt 13}-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Textual conventions
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Type definitionsAccessListName ::=TEXTUAL-CONVENTIONSTATUScurrentDESCRIPTION"IP access list name."SYNTAXOCTETSTRING(SIZE(0..32))-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Managed objects
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++rsIpPolicyObjects OBJECTIDENTIFIER::={ rsIpPolicyMIB 1}
rsIpAccessList OBJECTIDENTIFIER::={ rsIpPolicyObjects 1}rsIpNamedAccessList OBJECTIDENTIFIER::={ rsIpPolicyObjects 2}-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- IP Access Lists
-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
-- The IP Access List Table
--rsIpAccessListTable OBJECT-TYPESYNTAXSEQUENCEOF RsIpAccessListEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table contains entries for elements of IP access lists.
Entries belonging to the same access list are ordered, and
comparisons to those entries are performed in that order until
a match is detected. If no match is found, the default action
is to 'deny'."::={ rsIpAccessList 1}rsIpAccessListEntry OBJECT-TYPESYNTAX RsIpAccessListEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION
"Each entry describes the characteristics of an IP access list element."INDEX{ rsIpAccessListId, rsIpAccessListElemId }::={ rsIpAccessListTable 1}
RsIpAccessListEntry ::=SEQUENCE{
rsIpAccessListId
Integer32,
rsIpAccessListElemId
Integer32,
rsIpAccessListRowStatus
RowStatus,
rsIpAccessListAction
INTEGER,
rsIpAccessListSrc
IpAddress,
rsIpAccessListSrcMask
IpAddress,
rsIpAccessListDst
IpAddress,
rsIpAccessListDstMask
IpAddress,
rsIpAccessListProtocol
Integer32}rsIpAccessListId OBJECT-TYPESYNTAXInteger32(1..10000)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The number of the access list to which this entry belongs."::={ rsIpAccessListEntry 1}
rsIpAccessListElemId OBJECT-TYPESYNTAXInteger32(0..10000)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The relative position of this entry within its access list.
Access list entries are searched in this sequence (low to
high values) until a match is found.
NOTE:
The value zero is reserved for use with SET operations
to perform special-purpose table entry creations/deletions;
see the DESCRIPTION of rsIpAccessListRowStatus for details.
Get/GetNext/GetBulk retrievals never return an entry for which
this object is zero-valued."::={ rsIpAccessListEntry 2}rsIpAccessListRowStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"Controls creation/deletion of entries in this table
according to the RowStatus textual convention,
constrained to support the following values only:
createAndGo
destroy
Two configuration levels are defined, limited and full.
EARLY IMPLEMENTATIONS MIGHT PROVIDE ONLY THE LIMITED LEVEL
OF CONFIGURATION CAPABILITY.
*** LIMITED ACCESS LIST CONFIGURATION LEVEL ***
1) RowStatus createAndGo/destroy operations directed to a
target table entry for which rsIpAccessListElemId is ZERO,
have the following special-purpose semantics:
createAndGo Create an entry having the specified
configuration and append it to the
target list, i.e. assign it a value
of rsIpAccessListElemId that is one
greater than the current last element
in the list.
destroy Destroy the specified list and all of
its constituent elements.
2) RowStatus createAndGo/destroy operations directed to a
target table entry for which rsIpAccessListElemId is NONZERO
are disallowed.
*** FULL ACCESS LIST CONFIGURATION LEVEL ***
Permit conventional RowStatus-based management of table
entries having a nonzero value for rsIpAccessListElemId,
IN ADDITION TO the special RowStatus semantics applied
to entries having a zero value for rsIpAccessListElemId.
To create an entry in this table, the following
entry objects MUST be explicitly configured:
rsIpAccessListRowStatus
In addition, when creating an entry the following
conditions must hold:
The value of rsIpAccessListElemId is nonzero.
Once created, element attributes cannot be modified
except by a RowStatus destroy operation to delete the
list element."::={ rsIpAccessListEntry 3}rsIpAccessListAction OBJECT-TYPE
SYNTAXINTEGER{permit(0),deny(1)}MAX-ACCESSread-createSTATUScurrentDESCRIPTION"Specifies the disposition of an item that matches the comparison
criteria described by this entry."DEFVAL{ permit }::={ rsIpAccessListEntry 4}rsIpAccessListSrc OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"A source IP address. A subject IP address is first masked with the
value of rsIpAccessListSrcMask, then the result is compared to this value.
Setting both this object and its corresponding mask to 0.0.0.0 acts as
a wildcard, matching any source IP address."DEFVAL{ '00000000'H }-- 0.0.0.0::={ rsIpAccessListEntry 5}rsIpAccessListSrcMask OBJECT-TYPE
SYNTAXIpAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The IP address mask to be applied to a subject source IP address before
comparing it to rsIpAccessListSrc. Ones in the mask identify which bits
in the subject IP address are significant for the comparison.
To be considered valid, a nonzero value for this object must contain a
single contiguous string of ones, beginning with the most significant bit
of the mask."DEFVAL{ '00000000'H }-- 0.0.0.0::={ rsIpAccessListEntry 6}
rsIpAccessListDst OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"A destination IP address. A subject IP address is first masked with the
value of rsIpAccessListDstMask, then the result is compared to this value.
Setting both this object and its corresponding mask to 0.0.0.0 acts as
a wildcard, matching any destination IP address."DEFVAL{ '00000000'H }-- 0.0.0.0::={ rsIpAccessListEntry 7}
rsIpAccessListDstMask OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The IP address mask to be applied to a subject destination IP address before
comparing it to rsIpAccessListDst. Ones in the mask identify which bits
in the IP address are significant for the comparison.
To be considered valid, a nonzero value for this object must contain a
single contiguous string of ones, beginning with the most significant bit
of the mask."DEFVAL{ '00000000'H }-- 0.0.0.0::={ rsIpAccessListEntry 8}
rsIpAccessListProtocol OBJECT-TYPESYNTAXInteger32(0..255)MAX-ACCESSread-createSTATUScurrentDESCRIPTION"An IP Protocol value. Nonzero values match a specific IP Protocol value
(e.g. 6 for TCP) carried in an IP packet; a value of zero acts as a wildcard,
matching any IP Protocol."DEFVAL{0}::={ rsIpAccessListEntry 9}
--
-- The IP Named Access List Table
--rsIpNamedAccessListTable OBJECT-TYPESYNTAXSEQUENCEOF RsIpNamedAccessListEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"This table contains entries for elements of IP access lists.
Entries belonging to the same access list are ordered, and
comparisons to those entries are performed in that order until
a match is detected. If no match is found, the default action
is to 'deny'."::={ rsIpNamedAccessList 1}
rsIpNamedAccessListEntry OBJECT-TYPESYNTAX RsIpNamedAccessListEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"Each entry describes the characteristics of an IP access list element."INDEX{ rsIpNamedAccessListName, rsIpNamedAccessListElemId }::={ rsIpNamedAccessListTable 1}
RsIpNamedAccessListEntry ::=SEQUENCE{
rsIpNamedAccessListName
AccessListName,
rsIpNamedAccessListElemId
Integer32,
rsIpNamedAccessListRowStatus
RowStatus,
rsIpNamedAccessListAction
INTEGER,
rsIpNamedAccessListSrc
IpAddress,
rsIpNamedAccessListSrcMask
IpAddress,
rsIpNamedAccessListDst
IpAddress,
rsIpNamedAccessListDstMask
IpAddress,
rsIpNamedAccessListProtocol
Integer32}rsIpNamedAccessListName OBJECT-TYPESYNTAX AccessListName
MAX-ACCESSnot-accessible
STATUScurrentDESCRIPTION"The name of the access list to which this entry belongs."::={ rsIpNamedAccessListEntry 1}rsIpNamedAccessListElemId OBJECT-TYPESYNTAXInteger32(0..10000)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The relative position of this entry within its access list.
Access list entries are searched in this sequence (low to
high values) until a match is found.
NOTE:
The value zero is reserved for use with SET operations
to perform special-purpose table entry creations/deletions;
see the DESCRIPTION of rsIpNamedAccessListRowStatus for details.
Get/GetNext/GetBulk retrievals never return an entry for which
this object is zero-valued."::={ rsIpNamedAccessListEntry 2}rsIpNamedAccessListRowStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"Controls creation/deletion of entries in this table
according to the RowStatus textual convention,
constrained to support the following values only:
createAndGo
destroy
Two configuration levels are defined, limited and full.
EARLY IMPLEMENTATIONS MIGHT PROVIDE ONLY THE LIMITED LEVEL
OF CONFIGURATION CAPABILITY.
*** LIMITED ACCESS LIST CONFIGURATION LEVEL ***
1) RowStatus createAndGo/destroy operations directed to a
target table entry for which rsIpNamedAccessListElemId is ZERO,
have the following special-purpose semantics:
createAndGo Create an entry having the specified
configuration and append it to the
target list, i.e. assign it a value
of rsIpNamedAccessListElemId that is one
greater than the current last element
in the list.
destroy Destroy the specified list and all of
its constituent elements.
2) RowStatus createAndGo/destroy operations directed to a
target table entry for which rsIpNamedAccessListElemId is NONZERO
are disallowed.
*** FULL ACCESS LIST CONFIGURATION LEVEL ***
Permit conventional RowStatus-based management of table
entries having a nonzero value for rsIpNamedAccessListElemId,
IN ADDITION TO the special RowStatus semantics applied
to entries having a zero value for rsIpNamedAccessListElemId.
To create an entry in this table, the following
entry objects MUST be explicitly configured:
rsIpNamedAccessListRowStatus
In addition, when creating an entry the following
conditions must hold:
The value of rsIpNamedAccessListElemId is nonzero.
Once created, element attributes cannot be modified
except by a RowStatus destroy operation to delete the
list element."::={ rsIpNamedAccessListEntry 3}rsIpNamedAccessListAction OBJECT-TYPESYNTAXINTEGER{permit(0),deny(1)}MAX-ACCESSread-createSTATUScurrent
DESCRIPTION"Specifies the disposition of an item that matches the comparison
criteria described by this entry."DEFVAL{ permit }::={ rsIpNamedAccessListEntry 4}rsIpNamedAccessListSrc OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"A source IP address. A subject IP address is first masked with the
value of rsIpNamedAccessListSrcMask, then the result is compared to this value.
Setting both this object and its corresponding mask to 0.0.0.0 acts as
a wildcard, matching any source IP address."DEFVAL{ '00000000'H }-- 0.0.0.0::={ rsIpNamedAccessListEntry 5}rsIpNamedAccessListSrcMask OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The IP address mask to be applied to a subject source IP address before
comparing it to rsIpNamedAccessListSrc. Ones in the mask identify which bits
in the subject IP address are significant for the comparison.
To be considered valid, a nonzero value for this object must contain a
single contiguous string of ones, beginning with the most significant bit
of the mask."DEFVAL{ '00000000'H }-- 0.0.0.0::={ rsIpNamedAccessListEntry 6}rsIpNamedAccessListDst OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"A destination IP address. A subject IP address is first masked with the
value of rsIpNamedAccessListDstMask, then the result is compared to this value.
Setting both this object and its corresponding mask to 0.0.0.0 acts as
a wildcard, matching any destination IP address."DEFVAL{ '00000000'H }-- 0.0.0.0::={ rsIpNamedAccessListEntry 7}rsIpNamedAccessListDstMask OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The IP address mask to be applied to a subject destination IP address before
comparing it to rsIpNamedAccessListDst. Ones in the mask identify which bits
in the IP address are significant for the comparison.
To be considered valid, a nonzero value for this object must contain a
single contiguous string of ones, beginning with the most significant bit
of the mask."DEFVAL{ '00000000'H }-- 0.0.0.0::={ rsIpNamedAccessListEntry 8}rsIpNamedAccessListProtocol OBJECT-TYPESYNTAXInteger32(0..255)MAX-ACCESSread-create
STATUScurrentDESCRIPTION"An IP Protocol value. Nonzero values match a specific IP Protocol value
(e.g. 6 for TCP) carried in an IP packet; a value of zero acts as a wildcard,
matching any IP Protocol."DEFVAL{0}::={ rsIpNamedAccessListEntry 9}-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Notification control
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- No notifications are defined in this MIB. Placeholders follow.--rsIpPolicyTrapEnables OBJECT IDENTIFIER ::= { rsIpPolicyMIB 2 }
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Notifications
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- No notifications are defined in this MIB. Placeholders follow.-- The following two OBJECT IDENTIFIERS are used to define SNMPv2
-- Notifications that are easily translated into SNMPv1 Traps.-- rsIpPolicyTraps OBJECT IDENTIFIER ::= { rsIpPolicyMIB 3 }
-- rsIpPolicyTrapPrefix OBJECT IDENTIFIER ::= { rsIpPolicyTraps 0 }-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- Conformance information
-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++rsIpPolicyConformance OBJECTIDENTIFIER::={ rsIpPolicyMIB 4}
rsIpPolicyCompliances OBJECTIDENTIFIER::={ rsIpPolicyConformance 1}rsIpPolicyGroups OBJECTIDENTIFIER::={ rsIpPolicyConformance 2}-- compliance statementsrsIpPolicyCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The compliance statement for entities which implement
the Redstone IP Policy MIB."
MODULE-- this moduleMANDATORY-GROUPS{ rsIpAccessListGroup,
rsIpNamedAccessListGroup }::={ rsIpPolicyCompliances 1}-- units of conformancersIpAccessListGroup OBJECT-GROUPOBJECTS{
rsIpAccessListRowStatus,
rsIpAccessListAction,
rsIpAccessListSrc,
rsIpAccessListSrcMask,
rsIpAccessListDst,
rsIpAccessListDstMask,
rsIpAccessListProtocol
}STATUScurrentDESCRIPTION"A collection of objects for managing IP access list
capabilities in a Redstone product."::={ rsIpPolicyGroups 1}rsIpNamedAccessListGroup OBJECT-GROUPOBJECTS{
rsIpNamedAccessListRowStatus,
rsIpNamedAccessListAction,
rsIpNamedAccessListSrc,
rsIpNamedAccessListSrcMask,
rsIpNamedAccessListDst,
rsIpNamedAccessListDstMask,
rsIpNamedAccessListProtocol
}STATUScurrentDESCRIPTION"A named collection of objects for managing IP access list
capabilities in a Redstone product."::={ rsIpPolicyGroups 2}END