-- extracted from draft-ietf-pana-snmp-04.txt -- at Wed Jul 6 06:34:06 2005 PANA-EP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32 FROM SNMPv2-SMI RowStatus, PhysAddress, StorageType, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB InterfaceIndex FROM IF-MIB spdMIB, spdActionExecuted, spdIPInterfaceType, spdIPInterfaceAddress, spdIPSourceType, spdIPSourceAddress, spdIPDestinationType, spdIPDestinationAddress, spdPacketDirection FROM IPSEC-SPD-MIB; -- -- Module identity -- panaMIB MODULE-IDENTITY LAST-UPDATED "200506280000Z" -- 28 Juin 2004 ORGANIZATION "IETF PANA Working Group" CONTACT-INFO "Yacine El Mghazli Alcatel Route de Nozay 91460 Marcoussis France Email: yacine.el_mghazli@alcatel.fr Yoshihiro Ohba Toshiba America Research, Inc. 1, Telcordia Drive Piscataway, NJ 08854 USA Email: yohba@tari.toshiba.com" DESCRIPTION "The MIB module for defining additional PANA-specific objects to the IPSec SPD MIB. Copyright (C) The Internet Society (2003). This version of this MIB module is part of RFC XXXX, see the RFC itself for full legal notices." -- Revision History REVISION "200506280000Z" -- 28 Juin 2004 DESCRIPTION "L2 protection generic parameters" REVISION "200502050000Z" -- 05 February 2004 DESCRIPTION "L2 generic filters" REVISION "200410220000Z" -- 22 October 2004 DESCRIPTION "Version 02, draft-ietf-pana-snmp-02.txt" REVISION "200402050000Z" -- 05 February 2004 DESCRIPTION "Version 01, draft-yacine-pana-paa2ep-snmp-01.txt" REVISION "200310310000Z" -- 31 October 2003 DESCRIPTION "Initial version, draft-yacine-pana-paa2ep-snmp-00.txt" ::= { spdMIB XXX } -- XXX to be assigned by IANA -- -- groups of related objects -- panaConfigObjects OBJECT IDENTIFIER ::= { panaMIB 1 } panaNotificationObjects OBJECT IDENTIFIER ::= { panaMIB 2} panaConformanceObjects OBJECT IDENTIFIER ::= { panaMIB 3 } -- -- Textual Conventions -- PanaKey ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The PanaKey is used to carry a key. When the key does not exist, the length of the key becomes zero." SYNTAX OCTET STRING (SIZE(0..255)) PanaKeyName ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The PanaKeyName is used to carry the name of a PanaKey. When the key name does not exist, the length of the key name becomes zero." SYNTAX OCTET STRING (SIZE(0..255)) -- -- PANA Additional Filters Objects -- -- -- The Link-layer Filter Table -- panaL2FilterTable OBJECT-TYPE SYNTAX SEQUENCE OF PanaL2FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Link-layer filter definitions." ::= { panaConfigObjects 1 } panaL2FilterEntry OBJECT-TYPE SYNTAX PanaL2FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the Link-layer filter table." INDEX { panaL2FiltEpIfIndex } ::= { panaL2FilterTable 1 } PanaL2FilterEntry ::= SEQUENCE { panaL2FiltEpIfIndex InterfaceIndex, panaL2FiltAddr PhysAddress, panaL2FiltPmk PanaKey, panaL2FiltPmkName PanaKeyName, panaL2FiltPmkLifetime TimeInterval, panaL2FiltLastChanged TimeStamp, panaL2FiltStorageType StorageType, panaL2FiltRowStatus RowStatus } panaL2FiltEpIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-create STATUS current DESCRIPTION "The index identifying the EP interface where the filter policy must be enforced on." ::= { panaL2FilterEntry 1 } panaL2FiltAddr OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The authorized device Link-layer address (DI). For example, for a 802.x interface, this object normally contains a MAC address. For interfaces which do not have such an address (e.g., a serial line), this object should contain an octet string of zero length." ::= { panaL2FilterEntry 2 } panaL2FiltPmk OBJECT-TYPE SYNTAX PanaKey MAX-ACCESS read-create STATUS current DESCRIPTION "This is PMK (Pairwise Master Key) used for bootstraping link-layer ciphers." ::= { panaL2FilterEntry 3 } panaL2FiltPmkName OBJECT-TYPE SYNTAX PanaKeyName MAX-ACCESS read-create STATUS current DESCRIPTION "This is the name of the panaL2Pmk." ::= { panaConfigObjects 4 } panaL2FiltPmkLifetime OBJECT-TYPE SYNTAX TimeInterval MAX-ACCESS read-create STATUS current DESCRIPTION "This is the lifetime of panaL2Pmk." ::= { panaConfigObjects 5 } panaL2FiltLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when this row was last modified or created either through SNMP SETs or by some other external means." ::= { panaL2FilterEntry 6 } panaL2FiltStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this row. Rows in this table which were created through an external process may have a storage type of readOnly or permanent." DEFVAL { nonVolatile } ::= { panaL2FilterEntry 7 } panaL2FiltRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the conceptual status of this row." ::= { panaL2FilterEntry 8 } -- -- -- Notification objects information -- -- panaNotificationVariables OBJECT IDENTIFIER ::= { panaNotificationObjects 1 } panaNotifications OBJECT IDENTIFIER ::= { panaNotificationObjects 0 } panaEpIfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Contains the interface index on which the packet triggered the notification in question." ::= { panaNotificationVariables 1 } panaL2SourceAddress OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Contains the source Link layer address of the packet which triggered the notification in question. For example, for a 802.x frame, this object normally contains a MAC address. For interfaces which do not have such an address (e.g., a serial line), this object should contain an octet string of zero length. " ::= { panaNotificationVariables 2 } panaNewPacIPNotification NOTIFICATION-TYPE OBJECTS { spdActionExecuted, spdIPInterfaceType, spdIPInterfaceAddress, spdIPSourceType, spdIPSourceAddress, spdIPDestinationType, spdIPDestinationAddress} STATUS current DESCRIPTION "Notification that EP detected IP traffic coming from an unauthorized source." ::= { panaNotifications 1 } panaNewPacL2Notification NOTIFICATION-TYPE OBJECTS { spdActionExecuted, panaEpIfIndex, panaL2SourceAddress } STATUS current DESCRIPTION "Notification that EP detected L2 traffic coming from an unauthorized source. " ::= { panaNotifications 2 } -- -- -- Conformance information -- -- panaGroups OBJECT IDENTIFIER ::= { panaConformanceObjects 1 } panaCompliances OBJECT IDENTIFIER ::= { panaConformanceObjects 2 } -- -- Compliance Groups Definitions -- panaL2FilterGroup OBJECT-GROUP OBJECTS { panaL2FiltAddr, panaL2FiltPmk, panaL2FiltPmkName, panaL2FiltPmkLifetime, panaL2FiltLastChanged, panaL2FiltStorageType, panaL2FiltRowStatus } STATUS current DESCRIPTION "The Link-layer Filter Group." ::= { panaGroups 1 } panaNewPacL2NotificationObjectsGroup OBJECT-GROUP OBJECTS { panaEpIfIndex, panaL2SourceAddress} STATUS current DESCRIPTION "PaC Presence Notification Objects Group." ::= { panaGroups 2 } panaNewPacNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { panaNewPacIPNotification, panaNewPacL2Notification} STATUS current DESCRIPTION "PaC Presence Notification Group." ::= { panaGroups 3 } -- -- Compliance statements -- panaFilterCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities that support PANA DI-based filtering." MODULE -- This Module MANDATORY-GROUPS { panaL2FilterGroup } OBJECT panaL2FiltRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT panaL2FiltLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." MODULE IPSEC-SPD-MIB MANDATORY-GROUPS { spdEndpointGroup, spdGroupContentsGroup, spdRuleDefinitionGroup, spdStaticFilterGroup, spdStaticActionGroup } OBJECT spdEndGroupRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdEndGroupLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdGroupContComponentType SYNTAX INTEGER { rule(2) } DESCRIPTION "Support of the value group(1) is only required for implementations which support Policy Groups within Policy Groups." OBJECT spdGroupContRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdGroupContLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdRuleDefRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdRuleDefLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdCompFiltRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdCompFiltLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdSubFiltRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdSubFiltLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdCompActRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdCompActLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." OBJECT spdSubActRowStatus SYNTAX RowStatus { active(1), createAndGo(4), destroy(6) } DESCRIPTION "Support of the values notInService(2), notReady(3), and createAndWait(5) is not required." OBJECT spdSubActLastChanged MIN-ACCESS not-accessible DESCRIPTION "This object not required for compliance." ::= { panaCompliances 1 } panaNewPacNotificationCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities that support new PaC presence Notification." MODULE -- This Module MANDATORY-GROUPS { panaNewPacL2NotificationObjectsGroup, panaNewPacNotificationGroup } MODULE IPSEC-SPD-MIB MANDATORY-GROUPS { spdActionLoggingObjectGroup } ::= { panaCompliances 2 } END -- -- Copyright (C) The Internet Society (2005). This document is subject -- to the rights, licenses and restrictions contained in BCP 78, and -- except as set forth therein, the authors retain all their rights. -- -- -- Acknowledgment -- -- Funding for the RFC Editor function is currently provided by the -- Internet Society.