You are here:

MonitorTools.com > Technical documentation > SNMP > MIB > 3Com > A3Com-IPSO-r1-MIB
ActiveXperts Network Monitor 2019##AdminFavorites

A3Com-IPSO-r1-MIB by vendor 3Com

A3Com-IPSO-r1-MIB file content

The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.

Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.

Use ActiveXperts Network Monitor 2019 to import vendor-specific MIB files, inclusing A3Com-IPSO-r1-MIB.


Vendor: 3Com
Mib: A3Com-IPSO-r1-MIB  [download]  [view objects]
Tool: ActiveXperts Network Monitor 2019 [download]    (ships with advanced SNMP/MIB tools)
-- Copyright 1995 by 3Com Corporation.  All rights reserved.
-- MIB file name:  a3Com-ipso
-- available in these 3Com devices:  NETBuilder bridge/routers
-- For support or more info, check 3Com's web page at http://www.3com.com

      A3Com-IPSO-r1-MIB DEFINITIONS ::= BEGIN

      IMPORTS
              enterprises
                  FROM RFC1155-SMI
              OBJECT-TYPE
                      FROM RFC-1212;

      --
      -- This MIB is for 3Com systems that support IP security options 
      --
      --

      a3Com          OBJECT IDENTIFIER ::= { enterprises 43 }
      brouterMIB     OBJECT IDENTIFIER ::= { a3Com 2 }
      a3ComIPSO      OBJECT IDENTIFIER ::= { brouterMIB 12 }

      RowStatus ::= INTEGER {
                         -- the following two values are states
                         -- these values can be read or written
                         active(1),
                         notInService(2),

                         -- the following value is a state:         
                         -- this value may be read, but not written 
                         notReady(3),                               

                         -- the following three values are actions
                         -- these values can be written, but are never read
                         createAndGo(4),
                         createAndWait(5),
                         destroy(6)
      }

      --This data type, which has the same semantics as the RowStatus
      --textual convention used in SNMPv2, is used to add and 
      --delete entries from a table.
      --      
      --The tables in this MIB allow a subset of the functionality
      --provided by the RowStatus textual convention.  In particular
      --row creation is allowed using only the createAndGo method.
      --
      --That is, when adding entries to this table, this object
      --must be set to createAndGo(4).  The instance identifier
      --for this object will define the values of the columns 
      --that make up the index.  
      --
      --In the same PDU, the appropriate remaining columns
      --of that row must be set as well.  The agent
      --will immediately set the value of this object to
      --active(1) if the row is correct.  If not, the agent
      --will refuse the SET request and return an
      --error code.
      --
      --To modify an existing entry, it must be removed
      --an another entry with the desired changes added. 
      --
      --To remove an entry, set the value of this object
      --to destroy(6).



      a3IPsecureCtl  OBJECT-TYPE
          SYNTAX  INTEGER {
                      security1108  (1),
                      security1038  (2),
                      noSecurity    (3)
                  }
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "This object determines whether this system checks
              for IP security options.  If this object has the value 
              security1108 (1), then the system checks for IP security
              options (per rfc1108) in each received IP packet and handles 
              them accordingly.  If this object has the value security1038 (2),
              then the system checks and acts on IP security options per 
              rfc1038.  If this object has the value noSecurity (3), the 
              system does not check for IP security options." 
          DEFVAL { noSecurity }
          ::= { a3ComIPSO 1 }

      a3IPsecureFileServer  OBJECT-TYPE
          SYNTAX  INTEGER {
                     yes   (1),
                     no    (2)
                  }
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "This determines whether security options are processed
              when talking to the host identified by the UI parameter
              FileServerAddr.  If set to yes (1), the File Server is 
              treated like any other host on the network.  If set to 
              no (2), the File Server is treated specially.  Any security
              options received from this IP address are ignored.  Also, all
              basic security options are stripped before sending a packet
              to the File Server."
          DEFVAL { no }
          ::= { a3ComIPSO 2 }

--
-- This next table contains port specific IP security parameters
--

     a3IPsecureParamTable  OBJECT-TYPE
          SYNTAX  SEQUENCE OF A3IPsecureParamEntry
          ACCESS  not-accessible
          STATUS  mandatory
          DESCRIPTION
              "This table contains a set of parameters relating
              to the configuration of IP security options."
          REFERENCE
             "RFC 1108, Security Options for the Internet Protocol."
          ::= { a3ComIPSO 3 }

     a3IPsecureParamEntry  OBJECT-TYPE
          SYNTAX  A3IPsecureParamEntry
          ACCESS  not-accessible
          STATUS  mandatory
          DESCRIPTION
              "Each entry in this table contains a set of IP security
              parameters specific to a particular port."
          INDEX { a3IPsecureParamPortIndex }
          ::= { a3IPsecureParamTable 1 }

     A3IPsecureParamEntry ::= 
          SEQUENCE {     
              a3IPsecureParamPortIndex      INTEGER,
              a3IPsecureParamCtl            INTEGER,
              a3IPsecureLabelDefaultLevel   INTEGER,
              a3IPsecureLabelDefaultAuth    INTEGER,
              a3IPsecureLabelSysLevel       INTEGER,
              a3IPsecureLabelSysAuth        INTEGER,
              a3IPsecureMinLevel            INTEGER,
              a3IPsecureMaxLevel            INTEGER
          }

     a3IPsecureParamPortIndex  OBJECT-TYPE
          SYNTAX  INTEGER
          ACCESS  read-only
          STATUS  mandatory
          DESCRIPTION
              "This identifies the IP port to which the security
              parameters in this entry apply."
          ::= { a3IPsecureParamEntry 1 }

     a3IPsecureParamCtl  OBJECT-TYPE
          SYNTAX  INTEGER
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "This object controls a number of parameters associated
              with IP security.  Each parameter is represented by
              a specific bit.  If the bit is set, the parameter is
              turned on.  If the bit is not set, the parameter is
              turned off.  The state of all the parameters is represented
              by a sum of all the bits, the value of each bit being
              multiplied by 2 raised to the power of the position
              of the bit in the integer.

              With bit 0 being the least significant bit, the table
              below defines the mapping of security parameters to bits.

                 bit #               Parameter
                  0                  Extended
                  1                  BasicFirst
                  2                  LabelAdd
                  3                  LabelStrip

              If bit 0 is set, the Extended parameter is turned on.  
              This allows datagrams with extended security options to be
              received and/or transmitted from this port.

              If bit 1 is set, the BasicFirst parameter is turned on.  This
              indicates that the basic security option is always transmitted
              as the first option in the datagram, even if the packet
              has to be rearranged.  If this bit is not set, the datagram
              options are sent as is.
                        
              If bit 2 is set, the LabelAdd parameter is turned on.  This
              ensures that all datagrams leaving this port have a label
              attached to them.  If an outgoing datagram does not have
              a label, the default label, computed for the datagram
              on receipt, is attached to it before transmission.  If this
              parameter is turned off, then datagrams without labels are
              allowed to be transmitted, and the default label is not 
              attached to the datagram.

              If bit 3 is set, the LabelStrip parameter is turned on.  In 
              this case, any basic security option present in the datagram
              is stripped before transmission through this port.  The
              stripping is done after all the security processing has been 
              done.  If this parameter is turned off, the label is transmitted
              as is."
          DEFVAL { 0 }
          ::= { a3IPsecureParamEntry 2 }

     a3IPsecureLabelDefaultLevel  OBJECT-TYPE
          SYNTAX  INTEGER {
                     none         (1),
                     topSecret    (2),
                     secret       (3),
                     confidential (4),
                     unclassified (5)
                  }
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "This parameter applies to packets received over this port
              that have no classification level or authority flags.  
              When such packets are received, the value of this parameter 
              determines the IP security level that is attached to the 
              packet before any processing is done.  

              If this is set to none (1), any packet that is received 
              without a security level defined in the IP header options
              is discarded.

              If this is set to any other value, any packet received
              without a security level defined in the IP header options
              will have one added according to the value of this object.
              A Protection Authority field will also be added to these
              packets.  The contents of the field is determined by the
              value of a3IPsecureLabelDefaultAuth.

              Note, this does not imply that the label will be automatically
              attached to the packet on transmission.  This is controlled
              by the value of a3IPsecureParamCtl -- specifically, the value
              of the LabelAdd bit"
          DEFVAL { none }
          ::= { a3IPsecureParamEntry 3 }
               
      a3IPsecureLabelDefaultAuth  OBJECT-TYPE
          SYNTAX  INTEGER
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "Like a3IPsecureLabelDefaultLevel, this parameter applies
              only to packets received over this port that have no 
              classification level or authority flags.  When such
              packets are received, the value of this parameter determines
              the Protection Authority flag field that is attached to 
              the packet before any processing is done.

              The individual Protection Authority flags that are included
              are determined by the individual bits that are set
              in the value of this object, with the two least significant
              bytes being of interest.  Starting from bit 7 of the
              INTEGER (with the least significant bit being numbered 0), 
              the mapping of bits to Protection Authority flags is as 
              follows (note: rfc1108 labels the most significant bit '0', 
              the next most significant bit '1', etc),

                 bit#                Prot. Auth. Flag
                  7                  GENSER
                  6                  SIOP
                  5                  SCI
                  4                  NSA
                  3                  DOE

              While only bits 7 through 3 have specific Protection Authority
              flags assigned to them, any 2 byte combination of bits may be 
              set as long as that combination is allowed by rfc1108.  The 
              same 1 or 2 byte pattern of bits identified by the value of this 
              object will be placed in the Protection Authority field of 
              received packets with no IP security options present.  (note: 
              this is conditioned on a3IPsecureLabelDefaultLevel for this 
              port having a value other than none (1).)

              If this object has the value 0, then no Protection Authority
              field will be added to any received packets, regardless of the
              value of a3IPsecureLabelDefaultLevel."
          DEFVAL { 0 }
          ::= { a3IPsecureParamEntry 4 }

     a3IPsecureLabelSysLevel  OBJECT-TYPE
          SYNTAX  INTEGER {
                     none         (1),
                     topSecret    (2),
                     secret       (3),
                     confidential (4),
                     unclassified (5)
                  }
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "This parameter applies to packets originated by this system
              and sent over this port.  When such packets are sent, the 
              value of this parameter determines the IP security level that 
              is attached to the packet before any processing is done.  

              If this is set to none (1), no IP security information
              is added to these packets.

              If this is set to any other value, any packet originated
              by this system and sent over this port will have an IP security
              level added according to the value of this object.
              A Protection Authority field will also be added to these
              packets.  The contents of the field is determined by the
              value of a3IPsecureLabelSysAuth.

              The security level and Protection Authority flag field
              must form a label which is legal for transmission on this
              port.  The range of legal values for the security level is 
              defined by a3IPsecureMaxLevel and a3IPsecureMinLevel.
              The set of legal Protection Authority flags is determined
              by the entries in a3IPsecureAuthOutTable."
          DEFVAL { unclassified }
          ::= { a3IPsecureParamEntry 5 }

      a3IPsecureLabelSysAuth  OBJECT-TYPE
          SYNTAX  INTEGER 
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "Like a3IPsecureLabelSysLevel, this parameter applies
              only to packets originated by this system and sent over 
              this port.  When such packets are sent, the value of this 
              parameter determines the Protection Authority flag field 
              that is attached to the packet before any processing is 
              done.  Note, this is assuming a3IPsecureLabelSysLevel has 
              a value other than none (1).

              The individual Protection Authority flags that are included
              are determined by the individual bits that are set
              in the value of this object, with the two least significant
              bytes being of interest.  Starting from bit 7 of the
              INTEGER (with the least significant bit being numbered 0), 
              the mapping of bits to Protection Authority flags is as 
              follows (note: rfc1108 labels the most significant bit '0', 
              the next most significant bit '1', etc),

                 bit#                Prot. Auth. Flag
                  7                  GENSER
                  6                  SIOP
                  5                  SCI
                  4                  NSA
                  3                  DOE

              While only bits 7 through 3 have specific Protection Authority
              flags assigned to them, any 2 byte combination of bits may be 
              set as long as that combination is allowed by rfc1108.  The 
              same 1 or 2 byte pattern of bits identified by the value of this 
              object will be placed in the Protection Authority field of 
              received packets with no IP security options present.  (note: 
              this is conditioned on a3IPsecureLabelDefaultLevel for this 
              port having a value other than none (1).)

              If this object has the value 0, then no Protection Authority
              field will be added to any received packets, regardless of the
              value of a3IPsecureLabelDefaultLevel."
          DEFVAL { 128 }
          ::= { a3IPsecureParamEntry 6 }

      a3IPsecureMinLevel  OBJECT-TYPE
          SYNTAX  INTEGER {
                     topSecret    (1),
                     secret       (2),
                     confidential (3),
                     unclassified (4)
                  }
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "This defines the minimum classification level which
              is acceptable by this port.  This applies to any packet
              which is entering or leaving this port.  If the
              classification level is outside the range defined by
              the value of this object and the value of a3IPsecureMaxLevel,
              the packet is discarded.

              If a3IPsecureMaxLevel is set to level less than the level
              indicated by this object, the value of this object will
              be shifted so it is equal to a3IPsecureMaxLevel.  This
              will ensure that the range of security levels identified
              by these two objects makes sense."
          DEFVAL { unclassified }
          ::= { a3IPsecureParamEntry 7 }

      a3IPsecureMaxLevel  OBJECT-TYPE
          SYNTAX  INTEGER {
                     topSecret    (1),
                     secret       (2),
                     confidential (3),
                     unclassified (4)
                  }
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "This define the maximum classification level which
              is acceptable by this port.  This applies to any packet
              which is entering or leaving this port.  If the
              classification level is outside the range defined by
              the value of this object and the value of a3IPsecureMinLevel,
              the packet is discarded.

              If a3IPsecureMinLevel is set to a level greater than the
              level identified by this object, the value of this object
              will be shifted so it is equal to a3IPsecureMinLevel."
          DEFVAL { unclassified }
          ::= { a3IPsecureParamEntry 8 }

--
-- This next table defines all combinations of Protection Authority flags which
-- are allowed to be present in any packet received by a particular port.
--

      a3IPsecureAuthInTable  OBJECT-TYPE
          SYNTAX  SEQUENCE OF A3IPsecureAuthInEntry
          ACCESS  not-accessible
          STATUS  mandatory
          DESCRIPTION
              "This table enumerates all the combinations of Protection 
              Authority flags that may be present in packets received
              over any of this system's ports."
          ::= { a3ComIPSO 4 }

      a3IPsecureAuthInEntry  OBJECT-TYPE
          SYNTAX  A3IPsecureAuthInEntry
          ACCESS  not-accessible
          STATUS  mandatory
          DESCRIPTION
              "Each entry in this table contains a specific combination
              of Protection Authority flags that are acceptable in packets
              received over a specific port."
          INDEX { a3IPsecureAuthInPort, 
                  a3IPsecureAuthInFlags }
          ::= { a3IPsecureAuthInTable 1 }

      A3IPsecureAuthInEntry ::= SEQUENCE {
          a3IPsecureAuthInPort     INTEGER,
          a3IPsecureAuthInFlags    INTEGER,
          a3IPsecureAuthInMatch    INTEGER,
          a3IPsecureAuthInStatus   RowStatus
      }

      a3IPsecureAuthInPort  OBJECT-TYPE
          SYNTAX  INTEGER
          ACCESS  read-only
          STATUS  mandatory
          DESCRIPTION
              "This identifies the port to which this entry applies."
          ::= { a3IPsecureAuthInEntry 1 }

      a3IPsecureAuthInFlags  OBJECT-TYPE
          SYNTAX  INTEGER
          ACCESS  read-only
          STATUS  mandatory
          DESCRIPTION
              "This identifies one combination of Protection Authority
              flags that is allowed to be present in any packet 
              received by this port.  

              The combination of Protection Authority flags that is 
              allowed is determined by the individual bits that are set
              in the value of this object, with the two least significant
              bytes being of interest.  Starting from bit 7 of the
              INTEGER (with the least significant bit being numbered 0), 
              the mapping of bits to Protection Authority flags is as 
              follows (note: rfc1108 labels the most significant bit '0', 
              the next most significant bit '1', etc),

                 bit#                Prot. Auth. Flag
                  7                  GENSER
                  6                  SIOP
                  5                  SCI
                  4                  NSA
                  3                  DOE

              While only bits 7 through 3 have specific Protection Authority
              flags assigned to them, any 2 byte combination of bits may be 
              set as long as that combination is allowed by rfc1108.  The 
              same 1 or 2 byte pattern of bits identified by the value of this 
              object must be present in any received IP packet.

              If the value of this object is zero, packets with no
              Protection Authority flags are accepted by this port."
          ::= { a3IPsecureAuthInEntry 2 }

      a3IPsecureAuthInMatch  OBJECT-TYPE
          SYNTAX  INTEGER {
                   exact (1),
                   any   (2)
          }
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "The value of this object determines whether the
              Protection Authority flags in a received packet
              must match the flags identified by the corresponding
              instance of a3IPsecureAuthInFlags exactly, or if they
              only have to match a subset of those flags. 

              If the value of this object is exact (1), the match must
              be exact.  If this object has the value any (2), only
              a subset of the flags has to match."
          DEFVAL { any }
          ::= { a3IPsecureAuthInEntry 3 }

      a3IPsecureAuthInStatus  OBJECT-TYPE
              SYNTAX  RowStatus
              ACCESS  read-write
              STATUS  mandatory
              DESCRIPTION
                   "This object is used to add and delete entries
                   in this table.  See the notes describing
                   RowStatus at the beginning of this MIB."
          ::= { a3IPsecureAuthInEntry 4 }

--
-- This next table defines all combinations of Protection Authority flags which
-- are allowed to be present in any packet sent by a particular port.
--

      a3IPsecureAuthOutTable  OBJECT-TYPE
          SYNTAX  SEQUENCE OF A3IPsecureAuthOutEntry
          ACCESS  not-accessible
          STATUS  mandatory
          DESCRIPTION
              "This table enumerates all the combinations of Protection 
              Authority flags that are allowed to be present in packets 
              transmitted over any of this system's ports.  This does not
              apply to packets generated by this system."
          ::= { a3ComIPSO 5 }

      a3IPsecureAuthOutEntry  OBJECT-TYPE
          SYNTAX  A3IPsecureAuthOutEntry
          ACCESS  not-accessible
          STATUS  mandatory
          DESCRIPTION
              "Each entry in this table contains a specific combination
              of Protection Authority flags that are acceptable in packets
              transmitted over a specific port."
          INDEX { a3IPsecureAuthOutPort, 
                  a3IPsecureAuthOutFlags }
          ::= { a3IPsecureAuthOutTable 1 }

      A3IPsecureAuthOutEntry ::= SEQUENCE {
          a3IPsecureAuthOutPort     INTEGER,
          a3IPsecureAuthOutFlags    INTEGER,
          a3IPsecureAuthOutMatch    INTEGER,
          a3IPsecureAuthOutStatus   RowStatus
      }

      a3IPsecureAuthOutPort  OBJECT-TYPE
          SYNTAX  INTEGER
          ACCESS  read-only
          STATUS  mandatory
          DESCRIPTION
              "This identifies the port to which this entry applies."
          ::= { a3IPsecureAuthOutEntry 1 }

      a3IPsecureAuthOutFlags  OBJECT-TYPE
          SYNTAX  INTEGER
          ACCESS  read-only
          STATUS  mandatory
          DESCRIPTION
              "This identifies one combination of Protection Authority
              flags that is allowed to be present in any packet 
              transmitted by this port.  

              The combination of Protection Authority flags that is 
              allowed is determined by the individual bits that are set
              in the value of this object, with the two least significant
              bytes being of interest.  Starting from bit 7 of the
              INTEGER (with the least significant bit being numbered 0), 
              the mapping of bits to Protection Authority flags is as 
              follows (note: rfc1108 labels the most significant bit '0', 
              the next most significant bit '1', etc),

                 bit#                Prot. Auth. Flag
                  7                  GENSER
                  6                  SIOP
                  5                  SCI
                  4                  NSA
                  3                  DOE

              While only bits 7 through 3 have specific Protection Authority
              flags assigned to them, any 2 byte combination of bits may be 
              set as long as that combination is allowed by rfc1108.  The 
              same 1 or 2 byte pattern of bits identified by the value of this 
              object is allowed to be present in any transmitted IP packet.

              If the value of this object is zero, packets with no
              Protection Authority flags are allowed to be transmitted
              by this port."
          ::= { a3IPsecureAuthOutEntry 2 }

      a3IPsecureAuthOutMatch  OBJECT-TYPE
          SYNTAX  INTEGER {
                   exact (1),
                   any   (2)
          }
          ACCESS  read-write
          STATUS  mandatory
          DESCRIPTION
              "The value of this object determines whether the
              Protection Authority flags in a received packet
              must match the flags identified by the corresponding
              instance of a3IPsecureAuthOutFlags exactly, or if they
              only have to match a subset of those flags. 

              If the value of this object is exact (1), the match must
              be exact.  If this object has the value any (2), only
              a subset of the flags have to match."
          DEFVAL { any }
          ::= { a3IPsecureAuthOutEntry 3 }

      a3IPsecureAuthOutStatus  OBJECT-TYPE
              SYNTAX  RowStatus
              ACCESS  read-write
              STATUS  mandatory
              DESCRIPTION
                   "This object is used to add and delete entries
                   in this table.  See the notes describing
                   RowStatus at the beginning of this MIB."
          ::= { a3IPsecureAuthOutEntry 4 }

END