| cippfIpProfileName |
.1.3.6.1.4.1.9.9.278.1.1.1.1.1 |
|
This is the unique IP protocol filter profile
identifier. If this value is the same as the
cippfIpProfileName in the cippfIpFilterTable
and the cippfIfIpProfileName in
cippfIfIpFilterTable, they are all referring
to the same filter profile.
|
| cippfIpProfileType |
.1.3.6.1.4.1.9.9.278.1.1.1.1.2 |
|
This object determines the usage type this filter
profile. This usage type cannot be changed after
the profile has been created.
The usage type simple(1) implies that the valid
objects of each filter entry in the profile in
the cippfIpFilterTable only include:
cippfIpFilterIndex,
cippfIpFilterOrderPosition,
cippfIpFilterAction,
cippfIpFilterAddressType,
cippfIpFilterSrcAddress,
cippfIpFilterSrcMask,
cippfIpFilterLogEnabled,
cippfIpFilterStatus.
This means that only the above objects will be
used to create the protocol filter, and all
other objects will be ignored during filter
creation.
The usage extended(2) implies that all objects
defined in the cippfIpFilterTable are valid
for any filter entry in the corresponding
profile.
|
| cippfIpProfileLastFilterIndex |
.1.3.6.1.4.1.9.9.278.1.1.1.1.3 |
|
This value is the same as the last
cippfIpFilterIndex value assigned to a filter of
this profile.
|
| cippfIpProfileStatus |
.1.3.6.1.4.1.9.9.278.1.1.1.1.4 |
|
This object controls and reflects the status of rows
in this table. To create a filter profile of a
particular usage type, the NMS must do a multivarbind
set containing both cippfIpProfileStatus and
cippfIpProfileType.
Creation of rows must be done via 'createAndGo' for
all profiles. When the agent successfully creates the
filter profile, this object is set to 'active' by the
agent.
To delete a row, set this object value to 'destroy'.
|
| cippfIfIpProfileDirection |
.1.3.6.1.4.1.9.9.278.1.1.2.1.1 |
|
This object determines whether this filter
profile is applied to inbound(1) traffic or
outbound(2) traffic of a particular interface.
|
| cippfIfIpProfileName |
.1.3.6.1.4.1.9.9.278.1.1.2.1.2 |
|
This is the unique IP protocol filter profile
identifier. This value must be the same as one of
the existing cippfIpProfileName object values
in the cippfIpProfileTable for this profile and the
cippfIfIpProfileStatus of value 'createAndGo' to
become 'active'.
If this object value does not match any existing
cippfIpProfileName, an entry of this table
can only be created with cippfIfIpProfileStatus in
'createAndWait' state. The entry can only be made
'active' by the agent when the corresponding
cippfIpProfileName is added to the
cippfIpProfileTable.
|
| cippfIfIpProfileStatus |
.1.3.6.1.4.1.9.9.278.1.1.2.1.3 |
|
This object controls and reflects the status of rows
in this table. To apply this filter profile or remove
this filter profile, the NMS must do a multivarbind
set containing both cippfIfIpProfileStatus and
cippfIfIpProfileName.
Creation of rows may be done via 'createAndGo' for
profiles already exist in the cippfIpProfileTable,
and the filter profile will only be effective when this
object is set to 'active' by the agent.
Creation of rows may also be done via 'createAndWait'
for profiles do not exist in the cippfIpProfileTable.
This object will be set by the agent to 'notReady', and
the filter profile will not participate in IP filtering.
This object will only be set to 'active' when there is
a corresponding 'active' profile in the
cippfIpProfileTable.
To remove a row, set this object value to 'destroy'.
|
| cippfIpFilterIndex |
.1.3.6.1.4.1.9.9.278.1.1.3.1.1 |
|
This index uniquely identifies the IP protocol filters
within this table and among all filter profiles. When
a new filter is added and if this value is '0', the
filter will be appended as the last entry for the
corresponding profile in this table.
For any set operation, the cippfIpFilterIndex value
must match the index of an existing 'active' filter
for the set operation to be successful.
|
| cippfIpFilterOrderPosition |
.1.3.6.1.4.1.9.9.278.1.1.3.1.2 |
|
This object is used to order the IP protocol filters
within a filter profile. The filter with the lowest
order position number is applied first, that is
cippfIpFilterOrderPosition '1'. The order position
number among all filters of a profile is always
consecutive. The agent will automatically arrange
the order position to a consecutive manner for the
filter entries within the profile after each addition
(when the created entry moves to 'active' state) and
modification or deletion (when the active entry moves
out from 'active' state) of any filter.
For example, a new filter is added to an empty
profile with the cippfIpFilterOrderPosition '2' ,
the filter will be actually positioned to
cippfIpFilterOrderPosition '1' by the agent.
Moreover, if there are 3 filters in the profile
and their order positions are 1, 2, and 3. Adding
a new filter with any cippfIpFilterOrderPosition
greater than '3' will produce the same effect. The
new filter will actually be in position '4' because
the agent maintains the filters in consecutive order.
When a filter is removed from a profile, the filters
following this filter will be moved forward and
decrement their order position numbers. For example,
if there are 6 filters in the profile and their
order positions are 1, 2, 3, 4, 5, 6. Deleting
the filter of cippfIpFilterOrderPosition '4' will
cause the existing filters of
cippfIpFilterOrderPosition '5' and '6' to change
to '4' and '5' respectively.
When a filter is added to the order position of an
existing filter of the same profile, the existing
filter entry and all subsequent entries following it
will increment their cippfIpFilterOrderPosition.
This essentially move the existing filters towards
the end of the filter profile.
For example, if there are 6 filters in the profile,
and their cippfIpFilterOrderPosition values are 1,
2, 3, 4, 5, 6. If the user would like to add a new
one and specifies '4' to be the
cippfIpFilterOrderPosition of the new filter, the
existing filters of cippfIpFilterOrderPosition
values 4, 5, 6 will become 5, 6, 7.
The cippfIpFilterOrderPosition value '0' is a
special number meaning to append the filter
to the last filter of the profile. Continue with
our previous example, if another new filter is added
and the user specifies the cippfIpFilterOrderPosition
to be '0'. The new filter will actually be created
with cippfIpFilterOrderPosition equal to 8.
Finally, moving a filter within a profile will have
the same effect of first deleting and then adding the
filter to the new position. For example, if the
filter of cippfIpFilterOrderPosition 2 is moved to 4,
the filters originally at the
cippfIpFilterOrderPosition 3 and 4 will be moved
forward to 2 and 3 respectively and filters of all
other cippfIpFilterOrderPosition values will remain
unchanged.
|
| cippfIpFilterAction |
.1.3.6.1.4.1.9.9.278.1.1.3.1.3 |
|
If it is set to deny(1), all packets matching
this filter will be discarded and scanning of the
remainder of the filter list will be aborted. If
it is set to permit(2), all packets matching this
filter will be allowed for further bridging or
routing processing.
|
| cippfIpFilterAddressType |
.1.3.6.1.4.1.9.9.278.1.1.3.1.4 |
|
This is the IP address type of for the
cippfIpFilterSrcAddress, cippfIpFilterSrcMask,
cippfIpFilterDestAddress, and cippfIpFilterDestMask.
|
| cippfIpFilterSrcAddress |
.1.3.6.1.4.1.9.9.278.1.1.3.1.5 |
|
The source IP address to be matched for this filter.
A value of zero causes all source address to match.
The object value has to be consistent with the type
specified in cippfIpFilterAddressType.
|
| cippfIpFilterSrcMask |
.1.3.6.1.4.1.9.9.278.1.1.3.1.6 |
|
This is the wildcard mask for the
cippfIpFilterSrcAddress bits that must match. 0 bits
in the mask indicate the corresponding bits in the
cippfIpFilterSrcAddress must match in order for the
matching to be successful, and 1 bits are don't care
bits in the matching. A value of zero causes only IP
packets of source address the same as
cippfIpFilterSrcAddress to match. This object value
has to be consistent with the type specified in
cippfIpFilterAddressType.
|
| cippfIpFilterDestAddress |
.1.3.6.1.4.1.9.9.278.1.1.3.1.7 |
|
The destination IP address to be matched for this
filter. A value of zero causes all source address
to match. The object value has to be consistent
with the type specified in cippfIpFilterAddressType.
|
| cippfIpFilterDestMask |
.1.3.6.1.4.1.9.9.278.1.1.3.1.8 |
|
This is the wildcard mask for the
cippfIpFilterDestAddress bits that must match. 0
bits in the mask indicate the corresponding bits
in the cippfIpFilterDestAddress must match in order
for the matching to be successful, and 1 bits are
don't care bits in the matching. A value of zero
causes only IP packets of source address the same as
cippfIpFilterSrcAddress to match. This object value
has to be consistent with the type specified in
cippfIpFilterAddressType.
|
| cippfIpFilterProtocol |
.1.3.6.1.4.1.9.9.278.1.1.3.1.9 |
|
This filter protocol object matches the Internet
Protocol Number in the packets. These IP numbers
are defined in the Network Working Group Request
for Comments (RFC) documents. For example,
Cisco commonly used protocol includes:
1 - Internet Control Message Protocol
2 - Internet Gateway Message Protocol
4 - IP in IP tunneling
6 - Transmission Control Protocol
9 - Cisco's IGRP routing protocol
17 - User Datagram Protocol
47 - Cisco's GRE tunneling
50 - Encapsulation Security Payload
51 - Authentication Header Protocol
88 - Cisco's EIGRP routing protocol
89 - OSPF routing protocol
94 - KA9Q NOS compatible IP over IP tunneling
103 - Protocol Independent Multicast
108 - Payload Compression Protocol
Setting this object to '-1' will make the
filtering match any IP number.
|
| cippfIpFilterSrcPortLow |
.1.3.6.1.4.1.9.9.278.1.1.3.1.10 |
|
If cippfIpFilterProtocol is udp or tcp, this is
the inclusive lower bound of the transport-layer
source port range that is to be matched, otherwise
it is ignored during matching. This value must be
equal to or less than the value specified for this
entry in cippfIpFilterSrcPortHigh.
|
| cippfIpFilterSrcPortHigh |
.1.3.6.1.4.1.9.9.278.1.1.3.1.11 |
|
If cippfIpFilterProtocol is udp or tcp, this is
the inclusive upper bound of the transport-layer
source port range that is to be matched, otherwise
it is ignored during matching. This value must be
equal to or greater than the value specified for
this entry in cippfIpFilterSrcPortLow. If this
value is '0', the udp or tcp port number is
ignored during matching.
|
| cippfIpFilterDestPortLow |
.1.3.6.1.4.1.9.9.278.1.1.3.1.12 |
|
If cippfIpFilterProtocol is udp or tcp, this is
the inclusive lower bound of the transport-layer
destination port range that is to be matched,
otherwise it is ignored during matching. This
value must be equal to or less than the value
specified for this entry in
cippfIpFilterDestPortHigh.
|
| cippfIpFilterDestPortHigh |
.1.3.6.1.4.1.9.9.278.1.1.3.1.13 |
|
If cippfIpFilterProtocol is udp or tcp, this is
the inclusive upper bound of the transport-layer
destination port range that is to be matched,
otherwise it is ignored during matching. This
value must be equal to or greater than the value
specified for this entry in
cippfIpFilterDestPortLow. If this value is '0',
the udp or tcp port number is ignored during
matching.
|
| cippfIpFilterPrecedence |
.1.3.6.1.4.1.9.9.278.1.1.3.1.14 |
|
The IP traffic precedence parameters in each packet
are used to guide the selection of the actual
service parameters when transmitting a datagram
through a particular network. Most network treats
high precedence traffic as more important than other
traffic. The IP Precedence value ranges from '0' to
'7', with '7' the highest precedence and '0' the
lowest precedence.
This object sets criteria for matching the IP packet
precedence parameter. The object value '-1' means to
match packets of any IP precedence. In other words,
the IP precedence parameter will not to checked if
this object is '-1'. The precedence level are:
routine(0) - Routine traffic precedence
priority(1) - Priority traffic precedence
immediate(2) - Immediate traffic precedence
flash(3) - Flash traffic precedence
flashOverride(4) - Flash-override traffic
precedence
critical(5) - Critical precedence
internet(6) - Internetwork control traffic
precedence
network(7) - Network control traffic precedence.
|
| cippfIpFilterTos |
.1.3.6.1.4.1.9.9.278.1.1.3.1.15 |
|
This is the value to match to the Type of
Service (TOS) of the packet. The TOS values
ranges from '0' to '15'. The value '-1' matches
any TOS value.
|
| cippfIpFilterLogEnabled |
.1.3.6.1.4.1.9.9.278.1.1.3.1.16 |
|
This object specifies whether filtered packets
will be logged by the filtering subsystem or not.
If it is true(1), then all packets will be logged.
If it is false(2), then no packet will be logged.
|
| cippfIpFilterStatus |
.1.3.6.1.4.1.9.9.278.1.1.3.1.17 |
|
This object controls and reflects the status of
rows in this table. Creation of rows must be done
via 'createAndGo' and this object will become 'active'
if the NMS performs a multivarbind set containing
this object and the cippfIpFilterOrderPosition. The
default matching action of a new filter is deny(1).
Any object in a row can be modified any time when
the row is in the 'active' state.
Removal of a row can be done via setting this
object to 'destroy'.
|
| cippfIpFilterICMPType |
.1.3.6.1.4.1.9.9.278.1.1.3.1.18 |
|
This filter specifies the ICMP message type to be
matched. Setting this object to '-1' will make the
filtering match any ICMP message type.
|
| cippfIpFilterTCPEstablished |
.1.3.6.1.4.1.9.9.278.1.1.3.1.19 |
|
This filter if 'true' specifies that for TCP protocol,
in an established connection, a match occurs if the TCP
datagram has the ACK,FIN,PSH,RST,SYN or URG control
bits set. If 'false' a match will occur for any TCP
datagram.
|
| cippfIpFilterFragments |
.1.3.6.1.4.1.9.9.278.1.1.3.1.20 |
|
If 'true', this filter applies only to the second
and further fragments of fragmented packets.
If 'false', the filter will only match head
fragments or unfragmented packets.
Note: Second and subsequent fragments do not contain
source or destination ports info, therefore cannot
be filtered on that basis.
|
| cippfIpFilterICMPCode |
.1.3.6.1.4.1.9.9.278.1.1.3.1.21 |
|
This filter specifies the ICMP message code to be
matched. Setting this object to '-1' will make the
filtering match any ICMP code.
|
