-- extracted from draft-ietf-pana-snmp-02.txt -- at Sat Oct 23 06:23:54 2004 PANA-EP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32 FROM SNMPv2-SMI RowStatus, PhysAddress, StorageType, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB InterfaceIndex FROM IF-MIB spdMIB, spdActionExecuted, spdIPInterfaceType, spdIPInterfaceAddress, spdIPSourceType, spdIPSourceAddress, spdIPDestinationType, spdIPDestinationAddress, spdPacketDirection FROM IPSEC-SPD-MIB; -- Module identity -- panaMIB MODULE-IDENTITY LAST-UPDATED "200410220000Z" -- 22 October 2004 ORGANIZATION "IETF PANA Working Group" CONTACT-INFO "Yacine El Mghazli Alcatel 91460 Marcoussis, France Phone: +33 1 69 63 41 87 Email: yacine.el_mghazli@alcatel.fr" DESCRIPTION "The MIB module for defining additional PANA-specific objects to the IPSec SPD MIB. Copyright (C) The Internet Society (2003). This version of this MIB module is part of RFC XXXX, see the RFC itself for full legal notices." -- Revision History REVISION "200410220000Z" -- 22 October 2004 DESCRIPTION "Version 02, draft-ietf-pana-snmp-02.txt" REVISION "200402050000Z" -- 05 February 2004 DESCRIPTION "Version 01, draft-yacine-pana-paa2ep-snmp-01.txt" REVISION "200310310000Z" -- 31 October 2003 DESCRIPTION "Initial version, draft-yacine-pana-paa2ep-snmp-00.txt" ::= { spdMIB 99999999 } -- XXX to be assigned by IANA -- -- groups of related objects -- panaConfigObjects OBJECT IDENTIFIER ::= { panaMIB 1 } panaNotificationObjects OBJECT IDENTIFIER ::= { panaMIB 2} panaConformanceObjects OBJECT IDENTIFIER ::= { panaMIB 3 } -- -- Textual Conventions -- -- TBD. -- -- PANA Additional Filters Objects -- -- -- The Link-layer Filter Table -- panaL2FilterTable OBJECT-TYPE SYNTAX SEQUENCE OF PanaL2FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Link-layer filter definitions." ::= { panaConfigObjects 1 } panaL2FilterEntry OBJECT-TYPE SYNTAX PanaL2FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the Link-layer filter table." INDEX { panaL2FiltEpIfIndex } ::= { panaL2FilterTable 1 } PanaL2FilterEntry ::= SEQUENCE { panaL2FiltEpIfIndex InterfaceIndex, panaL2FiltAddr PhysAddress, panaL2FiltLastChanged TimeStamp, panaL2FiltStorageType StorageType, panaL2FiltRowStatus RowStatus } panaL2FiltEpIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-create STATUS current DESCRIPTION "The index identifying the EP interface where the filter policy must be enforced on." ::= { panaL2FilterEntry 1 } panaL2FiltAddr OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The authorized device Link-layer address (DI). For example, for a 802.x interface, this object normally contains a MAC address. For interfaces which do not have such an address (e.g., a serial line), this object should contain an octet string of zero length." ::= { panaL2FilterEntry 2 } panaL2FiltLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means." ::= { panaL2FilterEntry 3 } panaL2FiltStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent." DEFVAL { nonVolatile } ::= { panaL2FilterEntry 4 } panaL2FiltRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row." ::= { panaL2FilterEntry 5 } -- -- -- Notification objects information -- -- panaNotificationVariables OBJECT IDENTIFIER ::= { panaNotificationObjects 1 } panaNotifications OBJECT IDENTIFIER ::= { panaNotificationObjects 0 } panaEpIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Contains the interface index on which the packet triggered the notification in question." ::= { panaNotificationVariables 1 } panaL2SourceAddress OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Contains the source Link layer address of the packet which triggered the notification in question. For example, for a 802.x frame, this object normally contains a MAC address. For interfaces which do not have such an address (e.g., a serial line), this object should contain an octet string of zero length. " ::= { panaNotificationVariables 2 } panaNewPacIPNotification NOTIFICATION-TYPE OBJECTS { spdActionExecuted, spdIPInterfaceType, spdIPInterfaceAddress, spdIPSourceType, spdIPSourceAddress, spdIPDestinationType, spdIPDestinationAddress} STATUS current DESCRIPTION "Notification that EP detected IP traffic coming from an unauthorized source." ::= { panaNotifications 1 } panaNewPacL2Notification NOTIFICATION-TYPE OBJECTS { spdActionExecuted, panaEpIfIndex, panaL2SourceAddress } STATUS current DESCRIPTION "Notification that EP detected L2 traffic coming from an unauthorized source. " ::= { panaNotifications 2 } -- -- -- Conformance information -- -- panaGroups OBJECT IDENTIFIER ::= { panaConformanceObjects 1 } panaCompliances OBJECT IDENTIFIER ::= { panaConformanceObjects 2 } -- -- Compliance Groups Definitions -- panaL2FilterGroup OBJECT-GROUP OBJECTS { panaL2FiltAddr, panaL2FiltLastChanged, panaL2FiltStorageType, panaL2FiltRowStatus } STATUS current DESCRIPTION "The Link-layer Filter Group." ::= { panaGroups 1 } panaNewPacL2NotificationObjectsGroup OBJECT-GROUP OBJECTS { panaEpIfIndex, panaL2SourceAddress} STATUS current DESCRIPTION "PaC Presence Notification Objects Group." ::= { panaGroups 2 } panaNewPacNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { panaNewPacIPNotification, panaNewPacL2Notification} STATUS current DESCRIPTION "PaC Presence Notification Group." ::= { panaGroups 3 } -- -- Compliance statements -- panaFilterCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities that support PANA DI-based filtering." MODULE -- This Module MANDATORY-GROUPS { panaL2FilterGroup } OBJECT panaL2FiltRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT panaL2FiltLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." MODULE IPSEC-SPD-MIB MANDATORY-GROUPS { spdEndpointGroup, spdGroupContentsGroup, spdRuleDefinitionGroup, spdIPHeaderFilterGroup, spdStaticFilterGroup, spdStaticActionGroup } GROUP spdIpsecSystemPolicyNameGroup DESCRIPTION "This group is mandatory for IPsec Policy implementations which support a system policy group name." GROUP spdCompoundFilterGroup DESCRIPTION "This group is mandatory for IPsec Policy implementations which support compound filters." GROUP spdCompoundActionGroup DESCRIPTION "This group is mandatory for IPsec Policy implementations which support compound actions." OBJECT spdEndGroupRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdEndGroupLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdGroupContComponentType SYNTAX INTEGER { rule(2) } DESCRIPTION "Support of the value group(1) is only required for implementations which support Policy Groups within Policy Groups." OBJECT spdGroupContRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdGroupContLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdRuleDefRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdRuleDefLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdCompFiltRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdCompFiltLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdSubFiltRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdSubFiltLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdIpHeadFiltIPVersion SYNTAX InetAddressType { ipv4(1), ipv6(2) } DESCRIPTION "Only the ipv4 and ipv6 values make sense for this object." OBJECT spdIpHeadFiltRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdIpHeadFiltLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdCompActRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdCompActLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdSubActRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdSubActLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." ::= { panaCompliances 1 } panaNewPacNotificationCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities that support new PaC presence Notification." MODULE -- This Module MANDATORY-GROUPS { panaNewPacL2NotificationObjectsGroup, panaNewPacNotificationGroup } MODULE IPSEC-SPD-MIB MANDATORY-GROUPS { spdActionLoggingObjectGroup } ::= { panaCompliances 2 } END -- -- Copyright (C) The Internet Society (2004). This document is subject -- to the rights, licenses and restrictions contained in BCP 78, and -- except as set forth therein, the authors retain all their rights. -- -- -- Acknowledgment -- -- Funding for the RFC Editor function is currently provided by the -- Internet Society.