ENTERASYS-POLICY-PROFILE-MIB device MIB details by Enterasys Networks
ENTERASYS-POLICY-PROFILE-MIB file content
The SNMP protocol is used to for conveying information and commands between agents and managing entities. SNMP uses the User Datagram Protocol (UDP) as the transport protocol for passing data between managers and agents. The reasons for using UDP for SNMP are, firstly it has low overheads in comparison to TCP, which uses a 3-way hand shake for connection. Secondly, in congested networks, SNMP over TCP is a bad idea because TCP in order to maintain reliability will flood the network with retransmissions.
Management information (MIB) is represented as a collection of managed objects. These objects together form a virtual information base called MIB. An agent may implement many MIBs, but all agents must implement a particular MIB called MIB-II [16]. This standard defines variables for things such as interface statistics (interface speeds, MTU, octets sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.). The main goal of MIB-II is to provide general TCP/IP management information.
Use ActiveXperts Network Monitor 2024 to import vendor-specific MIB files, inclusing ENTERASYS-POLICY-PROFILE-MIB.
Vendor: | Enterasys Networks |
---|---|
Mib: | ENTERASYS-POLICY-PROFILE-MIB [download] [view objects] |
Tool: | ActiveXperts Network Monitor 2024 [download] (ships with advanced SNMP/MIB tools) |
ENTERASYS-POLICY-PROFILE-MIB DEFINITIONS ::= BEGIN -- enterasys-policy-profile-mib.txt -- -- Part Number: -- -- -- This module provides authoritative definitions for Enterasys -- Networks' user policy profile functionality. -- -- This module will be extended, as needed. -- Enterasys Networks reserves the right to make changes in this -- specification and other information contained in this document -- without prior notice. The reader should consult Enterasys Networks -- to determine whether any such changes have been made. -- -- In no event shall Enterasys Networks be liable for any incidental, -- indirect, special, or consequential damages whatsoever (including -- but not limited to lost profits) arising out of or related to this -- document or the information contained in it, even if Enterasys -- Networks has been advised of, known, or should have known, the -- possibility of such damages. -- -- Enterasys Networks grants vendors, end-users, and other interested -- parties a non-exclusive license to use this Specification in -- connection with the management of Enterasys Networks products. -- Copyright 2001-2004 Enterasys Networks, Inc. IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, TimeTicks, Unsigned32, Gauge32, Counter32 FROM SNMPv2-SMI RowStatus, RowPointer, TEXTUAL-CONVENTION, TruthValue, StorageType FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB dot1dBasePort FROM BRIDGE-MIB PortList FROM Q-BRIDGE-MIB EnabledStatus FROM P-BRIDGE-MIB StationAddressType, StationAddress FROM ENTERASYS-UPN-TC-MIB etsysModules FROM ENTERASYS-MIB-NAMES; etsysPolicyProfileMIB MODULE-IDENTITY LAST-UPDATED "200404022035Z" -- Fri Apr 2 20:35 GMT 2004 ORGANIZATION "Enterasys Networks, Inc" CONTACT-INFO "Postal: Enterasys Networks 50 Minuteman Rd. Andover, MA 01810-1008 USA Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com" DESCRIPTION "This MIB module defines a portion of the SNMP enterprise MIBs under the Enterasys enterprise OID pertaining to the mapping of per user policy profiles for Enterasys network edge devices or access products." REVISION "200404022035Z" -- Fri Apr 2 20:35 GMT 2004 DESCRIPTION "Added the etsysPolicyRuleOperPid leaf to etsysPolicyRuleTable." REVISION "200403251803Z" -- Thu Mar 25 18:03 GMT 2004 DESCRIPTION "Added capabilities objects, status for profile assignment override, dynamic profile summary list, and notification configuration for dynamic rules." REVISION "200402032200Z" -- Tue Feb 3 22:00 GMT 2004 DESCRIPTION "Replaced StationIdentifierType with StationAddressType and StationIdentifier with StationAddress to match new revision of ENTERASYS-UPN-TC-MIB." REVISION "200402031533Z" -- Tue Feb 3 15:33 GMT 2004 DESCRIPTION "Replaced StationIdentifierTypeTC with StationIdentifierType and moved it to the ENTERASYS-UPN-TC-MIB, and replaced InetAddress with StationIdentifier from the same MIB module." REVISION "200401192143Z" -- Mon Jan 19 21:43 GMT 2004 DESCRIPTION "Added PolicyClassificationRuleType TEXTUAL-CONVENTION. Added the etsysPolicyProfileOverwriteTCI and etsysPolicyProfileRulePrecedence leaves to the EtsysPolicyProfileEntry. Added the etsysPolicyRules group for accounting of policy usage. Additionally, the range syntax of several objects has been clarified. The etsysPolicyClassificationGroup and the etsysPortPolicyProfileTable have been deprecated, as they have been replaced by the etsysPolicyRulesGroup." REVISION "200311041716Z" -- Tue Nov 4 17:16 GMT 2003 DESCRIPTION "Added etsysPolicyMap object group in support of RFC 3580 and Enterasys Technical Standard TS-07." REVISION "200302062259Z" -- Thu Feb 6 22:59 GMT 2003 DESCRIPTION "Added etsysDevicePolicyProfileDefault to provide managed entities, that cannot support complete policies on a per port basis, a global policy to augment what policies they can provide on a per port basis. Added etsysPolicyCapabilities to provide management agents a straight forward method to ascertain the capabilities of the managed entity." REVISION "200209171453Z" -- Tue Sep 17 14:53 GMT 2002 DESCRIPTION "Added Port ID information in the Station table, for ease of cross reference." REVISION "200207191337Z" -- Fri Jul 19 13:37 GMT 2002 DESCRIPTION "This version incorporates enhancements to support Station based policy provisioning, as well as other UPN related enhancements." REVISION "200106112000Z" -- Mon Jun 11 20:00 GMT 2001 DESCRIPTION "This version modified the MODULE-IDENTITY statement to resolve an issue importing this MIB into some older MIB Tools. In the SEQUENCE for the etsysPortPolicyProfileTable the first object was incorrectly defined as etsysPortPolicyProfileIndex, this was corrected to read etsysPortPolicyProfileIndexType. Several misspelled words were corrected. Finally, the INDEX for the etsysPortPolicyProfileSummaryTable was corrected to index the table by policy index as well as the type of port for each entry in the table." REVISION "200101090000Z" DESCRIPTION "The initial version of this MIB module." ::= { etsysModules 6 } -- ------------------------------------------------------------- -- Textual Conventions -- ------------------------------------------------------------- PolicyProfileIDTC ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention maps out to the possible policyProfileIndex values. It also allows for a value of zero. A value of zero (0) indicates that the given port should not follow any policy profile." SYNTAX Integer32 (0|1..65535) PortPolicyProfileIndexTypeTC ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This textual convention maps out to the possible port types which can be used to populate the etsysPortPolicyProfileTable, and of port IDs used in the etsysStationPolicyProfileTable." SYNTAX INTEGER { ifIndex(1), dot1dBasePort(2) } VlanList ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Each octet within this value specifies a set of eight VIDs, with the first octet specifying VID 1 through 8, the second octet specifying VID 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered VID, and the least significant bit represents the highest numbered VID. Thus, each VID is represented by a single bit within the value of this object. If that bit has a value of '1' then that VID is included in the set of VIDs; the VID is not included if its bit has a value of '0'. This OCTET STRING will always be 512 Octets in length to accommodate all possible VIDs between (1..4094). The default value of this object is a string of all zeros." SYNTAX OCTET STRING (SIZE(512)) PolicyClassificationRuleType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerates the possible types of classification rules which may be referenced in the <CLASSIFICATION_TABLE_NAME>. Each type as an implied length (in bytes) associated with it. Octet-strings defined as representing one of these types will be represented in Network-Byte-Order (Big Endian) if the native representation is other than octets. macSource(1) The source MAC address in an Ethernet frame. Length is 6 bytes. macDestination(2) The destination MAC address in an Ethernet frame. Length is 6 bytes. ipxSource(3) The source address in an IPX header. Length is 4 bytes (Network prefix). ipxDestination(4) The destination address in an IPX header. Length is 4 bytes (Network prefix). ipxSourcePort(5) The source IPX port(socket) in an IPX header. Length is 2 bytes. ipxDestinationPort(6) The destination IPX port(socket) in an IPX header. Length is 2 bytes. ipxCos(7) The CoS(HopCount) field in an IPX header. Length is 1 byte. ipxType(8) The protocol type in an IPX header. Length is 1 byte. ip6Source(9) The source address in an IPv6 header, postfixed with the source port (for TCP/UDP frames). Length is 18 bytes. ip6Destination(10) The destination address in an IPv6 header, postfixed with the destination port (for TCP/UDP frames). Length is 18 bytes. ip6FlowLabel(11) The flow label field (traffic class and flow identifier) in an IPv6 header. Length is 4 bytes. ip4Source(12) The source address in an IPv4 header, postfixed with the source port (for TCP/UDP frames). Length is 6 bytes. ip4Destination(13) The destination address in an IPv4 header, postfixed with the destination port (for TCP/UDP frames). Length is 6 bytes. ipFragment(14) Truth value derived from the FLAGS and FRAGMENTATION_OFFSET fields of an IP header. If the MORE bit of the flags field is set, or the FRAGMENTATION_OFFSET is non-zero, the frame is fragmented. Length is 0 bytes (there is no data, only presence). udpSourcePort(15) The source UDP port(socket) in an UDP header. Length is 2 bytes. udpDestinationPort(16) The destination UDP port(socket) in an UDP header. Length is 2 bytes. tcpSourcePort(17) The source TCP port(socket) in an TCP header. Length is 2 bytes. tcpDestinationPort(18) The destination TCP port(socket) in an TCP header. Length is 2 bytes. icmpTypeCode(19) The Type and Code fields from an ICMP frame. These are encoded in 2 bytes, network-byte- order, Type in the first (left-most) byte, Code in the second byte. ipTtl(20) The TTL(HopCount) field in an IP header. Length is 1 byte. ipTos(21) The ToS(DSCP) field in an IP header. Length is 1 byte. ipType(22) The protocol type in an IP header. Length is 1 byte. etherType(25) The type field in an Ethernet II frame. Length is 2 bytes. llcDsapSsap(26) The DSAP/SSAP/CTRL field in an LLC encapsulated frame, includes SNAP encapsulated frames and the associated Ethernet II type field. Length is 5 bytes. vlanId(27) The 12 bit Virtual LAN ID field present in an 802.1D Tagged frame. Length is 2 bytes, the field is represented in the FIRST (left-most, big-endian)12 bits of the 16 bit field. A vlanId of 1 would be encoded as 00-10, a vlanId of 4094 would be encoded as FF-E0, and a vlanId of 100 would be encoded as 06-40. ieee8021dTci(28) The entire 16 bit TCI field present in an 802.1D Tagged frame (include both VLAN ID and Priority bits. Length is 2 bytes. bridgePort(31) The dot1dBridgePort on which the frame was received. Length is 2 bytes." SYNTAX INTEGER { macSource(1), macDestination(2), ipxSource(3), ipxDestination(4), ipxSourcePort(5), ipxDestinationPort(6), ipxCos(7), ipxType(8), ip6Source(9), ip6Destination(10), ip6FlowLabel(11), ip4Source(12), ip4Destination(13), ipFragment(14), udpSourcePort(15), udpDestinationPort(16), tcpSourcePort(17), tcpDestinationPort(18), icmpTypeCode(19), ipTtl(20), ipTos(21), ipType(22), etherType(25), llcDsapSsap(26), vlanId(27), ieee8021dTci(28), bridgePort(31) } PolicyRulesSupported ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Enumerates the possible types of classification rules which may be supported. macSource(1) The source MAC address in an Ethernet frame. macDestination(2) The destination MAC address in an Ethernet frame. ipxSource(3) The source address in an IPX header. ipxDestination(4) The destination address in an IPX header. ipxSourcePort(5) The source IPX port(socket) in an IPX header. ipxDestinationPort(6) The destination IPX port(socket) in an IPX header. ipxCos(7) The CoS(HopCount) field in an IPX header. ipxType(8) The protocol type in an IPX header. ip6Source(9) The source address in an IPv6 header, postfixed with the source port (for TCP/UDP frames). ip6Destination(10) The destination address in an IPv6 header, postfixed with the destination port (for TCP/UDP frames). ip6FlowLabel(11) The flow label field (traffic class and flow identifier) in an IPv6 header. ip4Source(12) The source address in an IPv4 header, postfixed with the source port (for TCP/UDP frames). ip4Destination(13) The destination address in an IPv4 header, postfixed with the destination port (for TCP/UDP frames). ipFragment(14) Truth value derived from the FLAGS and FRAGMENTATION_OFFSET fields of an IP header. If the MORE bit of the flags field is set, or the FRAGMENTATION_OFFSET is non-zero, the frame is fragmented. udpSourcePort(15) The source UDP port(socket) in an UDP header. udpDestinationPort(16) The destination UDP port(socket) in an UDP header. tcpSourcePort(17) The source TCP port(socket) in an TCP header. tcpDestinationPort(18) The destination TCP port(socket) in an TCP header. icmpTypeCode(19) The Type and Code fields from an ICMP frame. ipTtl(20) The TTL(HopCount) field in an IP header. ipTos(21) The ToS(DSCP) field in an IP header. ipType(22) The protocol type in an IP header. etherType(25) The type field in an Ethernet II frame. llcDsapSsap(26) The DSAP/SSAP/CTRL field in an LLC encapsulated frame, includes SNAP encapsulated frames and the associated Ethernet II type field. vlanId(27) The 12 bit Virtual LAN ID field present in an 802.1D Tagged frame. ieee8021dTci(28) The entire 16 bit TCI field present in an 802.1D Tagged frame (include both VLAN ID and Priority bits. bridgePort(31) The dot1dBridgePort on which the frame was received." SYNTAX BITS { macSource(1), macDestination(2), ipxSource(3), ipxDestination(4), ipxSourcePort(5), ipxDestinationPort(6), ipxCos(7), ipxType(8), ip6Source(9), ip6Destination(10), ip6FlowLabel(11), ip4Source(12), ip4Destination(13), ipFragment(14), udpSourcePort(15), udpDestinationPort(16), tcpSourcePort(17), tcpDestinationPort(18), icmpTypeCode(19), ipTtl(20), ipTos(21), ipType(22), etherType(25), llcDsapSsap(26), vlanId(27), ieee8021dTci(28), bridgePort(31) } -- ------------------------------------------------------------- -- MIB groupings -- ------------------------------------------------------------- etsysPolicyProfile OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 1 } etsysPolicyClassification OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 2 } etsysPortPolicyProfile OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 3 } etsysPolicyVlanEgress OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 4 } etsysStationPolicyProfile OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 5 } etsysInvalidPolicyPolicy OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 6 } etsysDevicePolicyProfile OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 8 } etsysPolicyCapability OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 9 } etsysPolicyMap OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 10 } etsysPolicyRules OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 11 } -- ------------------------------------------------------------- -- etsysPolicyProfile group -- ------------------------------------------------------------- etsysPolicyProfileMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysPolicyProfileTable." ::= { etsysPolicyProfile 1 } etsysPolicyProfileNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysPolicyProfileTable." ::= { etsysPolicyProfile 2 } etsysPolicyProfileLastChange OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysPolicyProfileTable was last modified." ::= { etsysPolicyProfile 3 } etsysPolicyProfileTableNextAvailableIndex OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the numerically lowest available index within this entity, which may be used for the value of etsysPolicyProfileIndex in the creation of a new entry in the etsysPolicyProfileTable. An index is considered available if the index value falls within the range of 1 to 65535 and is not being used to index an existing entry in the etsysPolicyProfileTable contained within this entity. This value should only be considered a guideline for management creation of etsysPolicyProfileEntries, there is no requirement on management to create entries based upon this index value." ::= { etsysPolicyProfile 4 } etsysPolicyProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPolicyProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing policy profiles. A policy is a group of classification rules which may be applied on a per user basis, to ports or to stations." ::= { etsysPolicyProfile 5 } etsysPolicyProfileEntry OBJECT-TYPE SYNTAX EtsysPolicyProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Conceptually defines a particular entry within the etsysPolicyProfileTable. Entries within this table MUST be considered non-volatile and MUST be maintained across entity resets." INDEX { etsysPolicyProfileIndex } ::= { etsysPolicyProfileTable 1 } EtsysPolicyProfileEntry ::= SEQUENCE { etsysPolicyProfileIndex Integer32, etsysPolicyProfileName SnmpAdminString, etsysPolicyProfileRowStatus RowStatus, etsysPolicyProfilePortVidStatus EnabledStatus, etsysPolicyProfilePortVid Unsigned32, etsysPolicyProfilePriorityStatus EnabledStatus, etsysPolicyProfilePriority Integer32, etsysPolicyProfileEgressVlans VlanList, etsysPolicyProfileForbiddenVlans VlanList, etsysPolicyProfileUntaggedVlans VlanList, etsysPolicyProfileOverwriteTCI EnabledStatus, etsysPolicyProfileRulePrecedence OCTET STRING } etsysPolicyProfileIndex OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique arbitrary identifier for this Policy. Since a policy will be applied to a user regardless of his or her location in the network fabric policy names SHOULD be unique within the entire network fabric. Policy IDs and policy names MUST be unique within the scope of a single managed entity." ::= { etsysPolicyProfileEntry 1 } etsysPolicyProfileName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..64)) MAX-ACCESS read-create STATUS current DESCRIPTION "Administratively assigned textual description of this Policy. This object MUST NOT be modifiable while this entry's RowStatus is active(1)." ::= { etsysPolicyProfileEntry 2 } etsysPolicyProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object allows for the dynamic creation and deletion of entries within the etsysPolicyProfileTable as well as the activation and deactivation of these entries. When this object's value is active(1) the corresponding row's etsysPolicyProfilePortVid, etsysPolicyProfilePriority, and all entries within the etsysPolicyClassificationTable indexed by this row's etsysPolicyProfileIndex are available to be applied to network access ports or stations on the managed entity. All ports corresponding to rows within the etsysPortPolicyProfileTable whose etsysPortPolicyProfileOperID is equal to the etsysPolicyProfileIndex, shall have the corresponding policy applied. Likewise, all stations corresponding to rows within the etsysStationPolicyProfileTable whose etsysStationPolicyProfileOperID is equal to the etsysPolicyProfileIndex, shall have the corresponding policy applied. The value of etsysPortPolicyProfileOperID for each such row in the etsysPortPolicyProfileTable will be equal to the etsysPortPolicyProfileAdminID, unless the authorization information from a source such as a RADIUS server indicates to the contrary. Refer to the specific objects within this MIB as well as well as RFC2674, the CTRON-PRIORITY-CLASSIFY-MIB, the CTRON-VLAN-CLASSIFY-MIB, and the CTRON-RATE-POLICING-MIB for a complete explanation of the application and behavior of these objects. When this object's value is set to notInService(2) this policy will not be applied to any rows within the etsysPortPolicyProfileTable. To allow policy profiles to be applied for security implementations, setting this object's value from active(1) to notInService(2) or destroy(6) SHALL fail if one or more instances of etsysPortPolicyProfileOperID or etsysStationPolicyProfileOperID currently reference this entry's associated policy due to a set by an underlying security protocol such as RADIUS. For network functionality and clarity, setting this object to destroy(6) SHALL fail if one or more instances of etsysPortPolicyProfileOperID or etsysStationPolicyProfileOperID currently references this entry's etsysPolicyProfileIndex. Refer to the RowStatus convention for further details on the behavior of this object." REFERENCE "RFC2579 (Textual Conventions for SMIv2)" ::= { etsysPolicyProfileEntry 3 } etsysPolicyProfilePortVidStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether a PVID override should be applied to ports which have this profile active. enabled(1) means that any port with this policy active will have this row's etsysPolicyProfilePortVid applied to untagged frames or priority-tagged frames received on this port. disabled(2) means that etsysPolicyProfilePortVid will not be applied. When this object is set to disabled(2) the value of etsysPolicyProfilePortVid has no meaning." DEFVAL { disabled } ::= { etsysPolicyProfileEntry 4 } etsysPolicyProfilePortVid OBJECT-TYPE SYNTAX Unsigned32 (0|1..4094|4095) MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the PVID of this profile. If a port has an active policy and the policy's etsysPolicyProfilePortVidStatus is set to enabled(1), the etsysPolicyProfilePortVid will be applied to all untagged frames arriving on the port that do not match any of the policy classification rules. Note that the 802.1Q PVID will still exist from a management view but will NEVER be applied to traffic arriving on a port that has an active policy and enabled etsysPolicyProfilePortVid defined, since policy is applied to traffic arriving on the port prior to the assignment of a VLAN using the 802.1Q PVID. The behavior of an enabled etsysPolicyProfilePortVid on any associated port SHALL be identical to the behavior of the dot1qPvid upon that port. Note that two special, otherwise illegal, values of the etsysPolicyProfilePortVid are used in defining the default forwarding actions, to be used in conjunction with policy classification rules, and do not result in packet tagging: 0 Indicates that the default forwarding action is to drop all packets that do not match an explicit rule. 4095 Indicates that the default forwarding action is to forward any packets not matching any explicit rules." REFERENCE "RFC2674 (Q-BRIDGE-MIB) - dot1qPortVlanTable" DEFVAL { 1 } ::= { etsysPolicyProfileEntry 5 } etsysPolicyProfilePriorityStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines whether a priority override should be applied to ports which have this profile active. enabled(1) means that any port with this policy active will have etsysPolicyProfilePriority applied to this port. disabled(2) means that etsysPolicyProfilePriority will not be applied. When this object is set to disabled(2) the value of etsysPolicyProfilePriority has no meaning." DEFVAL { disabled } ::= { etsysPolicyProfileEntry 6 } etsysPolicyProfilePriority OBJECT-TYPE SYNTAX Integer32 (0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the default ingress priority of this profile. If a port has an active policy and the policy's etsysPolicyProfilePriorityStatus is set to enabled(1), the etsysPolicyProfilePriority will be applied to all packets arriving on the port that do not match any of the policy classification rules. Note that dot1dPortDefaultUserPriority will still exist from a management view but will NEVER be applied to traffic arriving on a port that has an active policy and enabled etsysPolicyProfilePriority defined, since policy is applied to traffic arriving on the port prior to the assignment of a priority using dot1dPortDefaultUserPriority. The behavior of an enabled etsysPolicyProfilePriority on any associated port SHALL be identical to the behavior of the dot1dPortDefaultUserPriority upon that port." REFERENCE "RFC2674 (P-BRIDGE-MIB) - dot1dPortPriorityTable" DEFVAL { 0 } ::= { etsysPolicyProfileEntry 7 } etsysPolicyProfileEgressVlans OBJECT-TYPE SYNTAX VlanList MAX-ACCESS read-create STATUS current DESCRIPTION "The set of VLANs which are assigned by this policy to egress on ports for which this policy is active. Changes to a bit in this object affect the per-port per-VLAN Registrar control for Registration Fixed for the relevant GVRP state machine on each port for which this policy is active. A VLAN may not be added in this set if it is already a member of the set of VLANs in etsysPolicyProfileForbiddenVlans. This object is superseded on a per-port per-VLAN basis by any 'set' bits in dot1qVlanStaticEgressPorts and dot1qVlanForbiddenEgressPorts. The default value of this object is a string of zeros." ::= { etsysPolicyProfileEntry 8 } etsysPolicyProfileForbiddenVlans OBJECT-TYPE SYNTAX VlanList MAX-ACCESS read-create STATUS current DESCRIPTION "The set of VLANs which are prohibited by this policy to egress on ports for which this policy is active. Changes to this object that cause a port to be included or excluded affect the per-port per-VLAN Registrar control for Registration Forbidden for the relevant GVRP state machine on each port for which this policy is active. A VLAN may not be added in this set if it is already a member of the set of VLANs in etsysPolicyProfileEgressVlans. This object is superseded on a per-port per-VLAN basis by any 'set' bits in the dot1qVlanStaticEgressPorts and dot1qVlanForbiddenEgressPorts. The default value of this object is a string of zeros." ::= { etsysPolicyProfileEntry 9 } etsysPolicyProfileUntaggedVlans OBJECT-TYPE SYNTAX VlanList MAX-ACCESS read-create STATUS current DESCRIPTION "The set of VLANs which should transmit egress packets as untagged on ports for which this policy is active. This object is superseded on a per-port per-VLAN basis by any 'set' bits in dot1qVlanStaticUntaggedPorts." ::= { etsysPolicyProfileEntry 10 } etsysPolicyProfileOverwriteTCI OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-create STATUS current DESCRIPTION "If set, the information contained within the TCI field of inbound, tagged packets will not be used by the device after the ingress classification stage of packet relay. The net effect will be that the TCI information may be used to classify the packet, but will be overwritten (and ignored) by subsequent stages of packet relay." DEFVAL { disabled } ::= { etsysPolicyProfileEntry 11 } etsysPolicyProfileRulePrecedence OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "Each octet will contain a single value representing the rule type to be matched against, defined by the PolicyClassificationRuleType textual convention. When read, will return the currently operating rule matching precedence, ordered from first consulted (in the first octet) to last consulted (in the last octet). A set of a single octet of 0x00 will result in a reversion to the default precedence ordering. A set of any other values will result in the specified rule types being matched in the order specified, followed by the remaining rules, in default precedence order." ::= { etsysPolicyProfileEntry 12 } -- ------------------------------------------------------------- -- etsysPolicyClassification group -- ------------------------------------------------------------- etsysPolicyClassificationMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The maximum number of entries allowed in the etsysPolicyClassificationTable." ::= { etsysPolicyClassification 1 } etsysPolicyClassificationNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The current number of entries in the etsysPolicyClassificationTable." ::= { etsysPolicyClassification 2 } etsysPolicyClassificationLastChange OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The sysUpTime at which the etsysPolicyClassificationTable was last modified." ::= { etsysPolicyClassification 3 } etsysPolicyClassificationTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPolicyClassificationEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "A table containing reference OIDs to entries within the classification tables. These classification tables include but may not be limited to: ctPriClassifyTable ctVlanClassifyTable ctRatePolicyingConfigTable This table is used to map a list of classification rules to an instance of the etsysPolicyProfileTable." REFERENCE "CTRON-PRIORITY-CLASSIFY-MIB, CTRON-VLAN-CLASSIFY-MIB, CTRON-RATE-POLICING-MIB" ::= { etsysPolicyClassification 4 } etsysPolicyClassificationEntry OBJECT-TYPE SYNTAX EtsysPolicyClassificationEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Describes a particular entry within the etsysPolicyClassificationTable. Entries within this table MUST be considered non-volatile and MUST be maintained across entity resets." INDEX { etsysPolicyProfileIndex, etsysPolicyClassificationIndex } ::= { etsysPolicyClassificationTable 1 } EtsysPolicyClassificationEntry ::= SEQUENCE { etsysPolicyClassificationIndex Integer32, etsysPolicyClassificationOID RowPointer, etsysPolicyClassificationRowStatus RowStatus, etsysPolicyClassificationIngressList PortList } etsysPolicyClassificationIndex OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Administratively assigned unique value, greater than zero. Each etsysPolicyClassificationIndex instance MUST be unique within the scope of its associated etsysPolicyProfileIndex." ::= { etsysPolicyClassificationEntry 1 } etsysPolicyClassificationOID OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS deprecated DESCRIPTION "This object follows the RowPointer textual convention and is an OID reference to a classification rule. This object MUST NOT be modifiable while this entry's etsysPolicyClassificationStatus object has a value of active(1)." ::= { etsysPolicyClassificationEntry 2 } etsysPolicyClassificationRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS deprecated DESCRIPTION "The status of this row. When set to active(1) this entry's classification rule, as referenced by etsysPolicyClassificationOID, becomes one of its associated policy's set of rules. When this entry's associated policy, as defined by etsysPolicyProfileIndex, is active and assigned to a port through the etsysPortPolicyProfileTable or to a station through the etsysStationPolicyProfileTabbe, this classification rule will be applied to the port or station. The exact behavior of this application depends upon the classification rule. When this object is set to notInService(2) or notReady(3) this entry is not considered one of its associated policy's set of rules and this classification rule will not be applied. An entry MAY NOT be set to active(1) unless this row's etsysPolicyClassificationOID is set to a valid classification rule." ::= { etsysPolicyClassificationEntry 3 } etsysPolicyClassificationIngressList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The ports on which an active policy profile has defined this classification rule applies." ::= { etsysPolicyClassificationEntry 4 } -- ------------------------------------------------------------- -- etsysPortPolicyProfile group -- ------------------------------------------------------------- etsysPortPolicyProfileLastChange OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS deprecated DESCRIPTION "sysUpTime at which the etsysPortPolicyProfileTable was last modified." ::= { etsysPortPolicyProfile 1 } etsysPortPolicyProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPortPolicyProfileEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "This table allows for a one to one mapping between a dot1dBasePort or an ifIndex and a Policy Profile." ::= { etsysPortPolicyProfile 2 } etsysPortPolicyProfileEntry OBJECT-TYPE SYNTAX EtsysPortPolicyProfileEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "Describes a particular entry within the etsysPortPolicyProfileTable. Entries within this table MUST be considered non-volatile and MUST be maintained across entity resets." INDEX { etsysPortPolicyProfileIndexType, etsysPortPolicyProfileIndex } ::= { etsysPortPolicyProfileTable 1 } EtsysPortPolicyProfileEntry ::= SEQUENCE { etsysPortPolicyProfileIndexType PortPolicyProfileIndexTypeTC, etsysPortPolicyProfileIndex Integer32, etsysPortPolicyProfileAdminID PolicyProfileIDTC, etsysPortPolicyProfileOperID PolicyProfileIDTC } etsysPortPolicyProfileIndexType OBJECT-TYPE SYNTAX PortPolicyProfileIndexTypeTC MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "This object defines the specific type of port this entry represents." ::= { etsysPortPolicyProfileEntry 1 } etsysPortPolicyProfileIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "An index value which represents a unique port of the type defined by this entry's etsysPortPolicyProfileIndexType." ::= { etsysPortPolicyProfileEntry 2 } etsysPortPolicyProfileAdminID OBJECT-TYPE SYNTAX PolicyProfileIDTC MAX-ACCESS read-write STATUS deprecated DESCRIPTION "This object represents the desired Policy Profile for this dot1dBasePort or this ifIndex. Setting this object to any value besides zero (0) should, if possible, immediately place this entry's dot1dBasePort or ifIndex into the given Policy Profile. This object and etsysPortPolicyProfileOperID may not be the same if this object is set to a Policy (i.e. an instance of the etsysPolicyProfileTable) which is not in an active state or if the etsysPortPolicyProfileOperID has been set by an underlying security protocol such as RADIUS." DEFVAL { 0 } ::= { etsysPortPolicyProfileEntry 3 } etsysPortPolicyProfileOperID OBJECT-TYPE SYNTAX PolicyProfileIDTC MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This object is the current policy which is being applied to this entry's dot1dBasePort. A value of zero(0) indicates there is no policy being applied to this dot1dBasePort or this ifIndex. If the value of this object has been set by an underlying security protocol such as RADIUS, sets to this entry's etsysPortPolicyProfileAdminID MUST NOT change the value of this object until such time as the security protocol releases this object by setting it to a value of zero (0)." ::= { etsysPortPolicyProfileEntry 4 } etsysPortPolicyProfileSummaryTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPortPolicyProfileSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides aggregate port information on a per policy, per port type basis." ::= { etsysPortPolicyProfile 3 } etsysPortPolicyProfileSummaryEntry OBJECT-TYPE SYNTAX EtsysPortPolicyProfileSummaryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Conceptually defines a particular entry within the etsysPortPolicyProfileSummaryTable." INDEX { etsysPolicyProfileIndex, etsysPortPolicyProfileSummaryIndexType } ::= { etsysPortPolicyProfileSummaryTable 1 } EtsysPortPolicyProfileSummaryEntry ::= SEQUENCE { etsysPortPolicyProfileSummaryIndexType PortPolicyProfileIndexTypeTC, etsysPortPolicyProfileSummaryAdminID PortList, etsysPortPolicyProfileSummaryOperID PortList, etsysPortPolicyProfileSummaryDynamicID PortList } etsysPortPolicyProfileSummaryIndexType OBJECT-TYPE SYNTAX PortPolicyProfileIndexTypeTC MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object defines the specific type of port this entry represents." ::= { etsysPortPolicyProfileSummaryEntry 1 } etsysPortPolicyProfileSummaryAdminID OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-only STATUS current DESCRIPTION "An aggregate list of all Ports currently supporting rules which assign this profileIndex through administrative means. Rules of this type have a valid etsysPolicyRuleResult2 action and a profileIndex of 0." ::= { etsysPortPolicyProfileSummaryEntry 2 } etsysPortPolicyProfileSummaryOperID OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-only STATUS current DESCRIPTION "An aggregate list of all Ports currently supporting rules which assign this profileIndex through either an administrative or dynamic means. The profileId which will be assigned operationally, as frames are handled are too be reported here." ::= { etsysPortPolicyProfileSummaryEntry 3 } etsysPortPolicyProfileSummaryDynamicID OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-only STATUS current DESCRIPTION "An aggregate list of all Ports currently supporting rules which assign this profileIndex through a dynamic means. For example the profileIndex returned via a successful 802.1X supplicant authentication." ::= { etsysPortPolicyProfileSummaryEntry 4 } -- ------------------------------------------------------------- -- etsysStationPolicyProfile group -- ------------------------------------------------------------- etsysStationPolicyProfileMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysStationPolicyProfileTable. If this number is exceeded, based on stations connecting to the edge device, the oldest entries will be deleted." ::= { etsysStationPolicyProfile 1 } etsysStationPolicyProfileNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysStationPolicyProfileTable." ::= { etsysStationPolicyProfile 2 } etsysStationPolicyProfileLastChange OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "sysUpTime at which the etsysStationPolicyProfileTable was last modified." ::= { etsysStationPolicyProfile 3 } etsysStationPolicyProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysStationPolicyProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table allows for a one to one mapping between a station's identifying address and a Policy Profile." ::= { etsysStationPolicyProfile 4 } etsysStationPolicyProfileEntry OBJECT-TYPE SYNTAX EtsysStationPolicyProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a particular entry within the etsysStationPolicyProfileTable. Entries within this table MUST be considered non-volatile and MUST be maintained across entity resets." INDEX { etsysStationPolicyProfileIndex } ::= { etsysStationPolicyProfileTable 1 } EtsysStationPolicyProfileEntry ::= SEQUENCE { etsysStationPolicyProfileIndex Integer32, etsysStationIdentifierType StationAddressType, etsysStationIdentifier StationAddress, etsysStationPolicyProfileOperID PolicyProfileIDTC, etsysStationPolicyProfilePortType PortPolicyProfileIndexTypeTC, etsysStationPolicyProfilePortID Integer32 } etsysStationPolicyProfileIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index value which represents a unique station entry." ::= { etsysStationPolicyProfileEntry 2 } etsysStationIdentifierType OBJECT-TYPE SYNTAX StationAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the type of station identifying address contained in etsysStationIdentifier." ::= { etsysStationPolicyProfileEntry 3 } etsysStationIdentifier OBJECT-TYPE SYNTAX StationAddress MAX-ACCESS read-only STATUS current DESCRIPTION "A value which represents a unique MAC Address, IP Address, or other identifying address for a station, or other logical and authenticatable sub-entity within a station, connected to a port." ::= { etsysStationPolicyProfileEntry 4 } etsysStationPolicyProfileOperID OBJECT-TYPE SYNTAX PolicyProfileIDTC MAX-ACCESS read-only STATUS current DESCRIPTION "This object is the current policy which is being applied to this entry's MAC Address. A value of zero(0) indicates there is no policy being applied to this MAC Address. The value of this object reflects either the setting from an underlying AAA service such as RADIUS, or the default setting based on the etsysPortPolicyProfileAdminID for the port on which the station is connected. This object and the corresponding etsysPortPolicyProfileAdminID will not be the same if this object has been set by an underlying security protocol such as RADIUS." ::= { etsysStationPolicyProfileEntry 5 } etsysStationPolicyProfilePortType OBJECT-TYPE SYNTAX PortPolicyProfileIndexTypeTC MAX-ACCESS read-only STATUS current DESCRIPTION "A textual convention that defines the specific type of port designator the corresponding entry represents." ::= { etsysStationPolicyProfileEntry 6 } etsysStationPolicyProfilePortID OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "A value which represents the physical port, of the type defined by this entry's etsysStationPolicyProfilePortType, on which the associated station entity is connected. This object is for convenience in cross referencing stations to ports." ::= { etsysStationPolicyProfileEntry 7 } -- ---------------------------------------------------------- -- -- etsysInvalidPolicyPolicy group -- ---------------------------------------------------------- -- etsysInvalidPolicyAction OBJECT-TYPE SYNTAX INTEGER { applyDefaultPolicy(1), dropPackets(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the action that the edge device should take if asked to apply an invalid or unknown policy. applyDefaultPolicy(1) - Apply the default policy for the port. dropPackets(2) - Block traffic. Although dropPackets(2) is the most secure option, it may not always be desirable." DEFVAL { applyDefaultPolicy } ::= { etsysInvalidPolicyPolicy 1 } etsysInvalidPolicyCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Increments to indicate the number of times the switch has detected an invalid/unknown policy." ::= { etsysInvalidPolicyPolicy 2 } -- ---------------------------------------------------------- -- -- etsysDevicePolicyProfile group -- ---------------------------------------------------------- -- etsysDevicePolicyProfileDefault OBJECT-TYPE SYNTAX Integer32 (0|1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "If this value is non-zero, the value indicates the etsysPolicyProfileEntry (and its associated etsysPolicyClassificationTable entries) which should be used by the device if the device is incapable of using the profile (or specific parts of the profile) explicitly applied to an inbound frame. A value of zero indicates that no default profile is currently active." DEFVAL { 0 } ::= { etsysDevicePolicyProfile 1 } -- ---------------------------------------------------------- -- -- etsysPolicyCapability group -- ---------------------------------------------------------- -- etsysPolicyCapabilities OBJECT-TYPE SYNTAX BITS { supportsVLANForwarding(0), -- VLAN forwarding is supported on all -- rule types supported by the device. supportsPriority(1), -- classification rules are supported for 802.1p -- priorities. supportsPermit(2), -- permit capability is supported on all -- rule types supported by the device -- without having to specify a VLAN. supportsDeny(3), -- deny capability is supported on all rule -- types supported by the device without -- having to specify a VLAN. supportsDeviceLevelPolicy(4), -- a single device level policy is supported -- to supplement any components of the per port -- policy that cannot be applied by the device. -- etsysDevicePolicyProfileDefault is used to -- indicate the supplemental policy. This -- capability should only exist on devices that -- cannot apply complete per port policies. supportsPrecedenceReordering(5), -- supports the ability to change the evaluation -- order of the respective classification rule -- types. supportsTciOverwrite(6), -- supports the ability to overwrite the TCI -- information found in inbound, tagged frames. supportsRulesTable(7), -- supports the etsysPolicyRulesTable. supportsRuleUseAccounting(8), -- supports the ability to track classification -- rule use (and the etsysPolicyRuleUsageList). supportsRuleUseNotification(9), -- supports the ability to send audit information -- the first time a rule is used to classify a -- frame. supportsCoSTable(10), -- supports the <MIB_NAME> as an action (in the -- stead of simple 802.1D Priority. supportsLongestPrefixRules(11), -- Some (or all) of the classification table -- rules support Longest Prefix matching. supportsPortDisableAction(12) -- Supports the ability to disable a port based -- on a rule in the etsysPolicyRulesTable. } MAX-ACCESS read-only STATUS current DESCRIPTION "A list of capabilities related to policies. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 1 } etsysPolicyDynaPIDRuleCapabilities OBJECT-TYPE SYNTAX PolicyRulesSupported MAX-ACCESS read-only STATUS current DESCRIPTION "A list of rule types which are supported by this device for the purpose of dynamically assigning a profile to the network traffic described by the bit. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 2 } etsysPolicyAdminPIDRuleCapabilities OBJECT-TYPE SYNTAX PolicyRulesSupported MAX-ACCESS read-only STATUS current DESCRIPTION "A list of rule types which are supported by this device for the purpose of administratively assigning a profile to the network traffic described by the bit. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 3 } etsysPolicyVlanRuleCapabilities OBJECT-TYPE SYNTAX PolicyRulesSupported MAX-ACCESS read-only STATUS current DESCRIPTION "A list of rule types which are supported by this device for the purpose of assigning a VlanId to the network traffic described by the bit. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 4 } etsysPolicyCosRuleCapabilities OBJECT-TYPE SYNTAX PolicyRulesSupported MAX-ACCESS read-only STATUS current DESCRIPTION "A list of rule types which are supported by this device for the purpose of assigning a CoS to the network traffic described by the bit. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 5 } etsysPolicyDropRuleCapabilities OBJECT-TYPE SYNTAX PolicyRulesSupported MAX-ACCESS read-only STATUS current DESCRIPTION "A list of rule types which are supported by this device for the purpose of discarding the network traffic described by the bit. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 6 } etsysPolicyForwardRuleCapabilities OBJECT-TYPE SYNTAX PolicyRulesSupported MAX-ACCESS read-only STATUS current DESCRIPTION "A list of rule types which are supported by this device for the purpose of forwarding the network traffic described by the bit. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 7 } etsysPolicySyslogRuleCapabilities OBJECT-TYPE SYNTAX PolicyRulesSupported MAX-ACCESS read-only STATUS current DESCRIPTION "A list of rule types which are supported by this device for the purpose of issuing syslog messages when the rule is used to identify the network traffic described by the bit. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 8 } etsysPolicyTrapRuleCapabilities OBJECT-TYPE SYNTAX PolicyRulesSupported MAX-ACCESS read-only STATUS current DESCRIPTION "A list of rule types which are supported by this device for the purpose of issuing an SNMP notify (trap) messages when the rule is used to identify the network traffic described by the bit. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 9 } etsysPolicyDisablePortRuleCapabilities OBJECT-TYPE SYNTAX PolicyRulesSupported MAX-ACCESS read-only STATUS current DESCRIPTION "A list of rule types which are supported by this device for the purpose of disabling the ingress port identified when the rule matches the network traffic described by the bit. A set bit, with the value 1, indicates support for the described functionality. A clear bit, with the value 0, indicates the described functionality is not supported." ::= { etsysPolicyCapability 10 } -- ------------------------------------------------------------- -- etsysPolicyMap group -- ------------------------------------------------------------- etsysPolicyMapMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysPolicyMapTable." ::= { etsysPolicyMap 1 } etsysPolicyMapNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysPolicyMapTable." ::= { etsysPolicyMap 2 } etsysPolicyMapLastChange OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the etsysPolicyMapTable was last modified." ::= { etsysPolicyMap 3 } etsysPolicyMapPvidOverRide OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object defines whether the PVID specified in a RADIUS Tunnel-Private-Group-ID attribute for an Authenticated user shall override any statically configured PVID which may be provisioned as the default station-based policy may be applied. true(1) means that any port or station authorized with the RADIUS Tunnel-Private-Group-ID as PVID, will use the RADIUS- provisioned PVID value, when no matching entry for said PVID is found in the etsysPolicyMapTable. false(2) means that the RADIUS-provisioned PVID value will be applied only when no statically configured default PVID of the corresponding physical port exists and no matching entry for said PVID is found in the etsysPolicyMapTable. This mode provides backward compatibility with pre RFC 3580 UPN implementations." DEFVAL { true } ::= { etsysPolicyMap 4 } etsysPolicyMapUnknownPvidPolicy OBJECT-TYPE SYNTAX INTEGER { denyAccess(1), applyDefaultPolicy(2), applyPvid(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Describes the selected behavior of the managed entity if the PVID specified in a RADIUS Tunnel-Private-Group-ID attribute is not found in the etsysPolicyMapTable." DEFVAL { applyPvid } ::= { etsysPolicyMap 5 } etsysPolicyMapTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPolicyMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing VLAN ID to policy mappings. A policy is a group of classification rules which may be applied on a per user basis, to ports or to stations." ::= { etsysPolicyMap 6 } etsysPolicyMapEntry OBJECT-TYPE SYNTAX EtsysPolicyMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Conceptually defines a particular entry within the etsysPolicyMapTable. Entries within this table MUST be considered non-volatile and MUST be maintained across entity resets." INDEX { etsysPolicyMapIndex } ::= { etsysPolicyMapTable 1 } EtsysPolicyMapEntry ::= SEQUENCE { etsysPolicyMapIndex Integer32, etsysPolicyMapRowStatus RowStatus, etsysPolicyMapStartVid Unsigned32, etsysPolicyMapEndVid Unsigned32, etsysPolicyMapPolicyIndex Integer32 } etsysPolicyMapIndex OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A unique arbitrary identifier for this mapping entry." ::= { etsysPolicyMapEntry 1 } etsysPolicyMapRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object allows for the dynamic creation and deletion of entries within the etsysPolicyMapTable as well as the activation and deactivation of these entries." REFERENCE "RFC2579 (Textual Conventions for SMIv2)" ::= { etsysPolicyMapEntry 2 } etsysPolicyMapStartVid OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the PVID of this profile or the starting PVID of a PVID range. This value is typically determined by authorization information, such as the PVID value from the Tunnel-Private-Group-ID RADIUS attribute. This value, together with the ending value of the range, in any, is typically used as the look-up key for a PVID to Policy Index mapping operation." REFERENCE "IEEE 802.1X RADIUS Usage Guidelines (RFC 3580)" DEFVAL { 1 } ::= { etsysPolicyMapEntry 3 } etsysPolicyMapEndVid OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "This object defines the ending PVID of a PVID range. If the value of this object is identical to the value of etsysPolicyMapStartVid within the same conceptual table row, then the entry corresponds to a single PVID value." REFERENCE "IEEE 802.1X RADIUS Usage Guidelines (RFC 3580)" DEFVAL { 1 } ::= { etsysPolicyMapEntry 4 } etsysPolicyMapPolicyIndex OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The index of a Policy as defined in the etsysPolicyProfileTable. A value of 0 indicates that the mapping defined by this row entry is the NULL mapping, and that the PVID is to be applied as a traditional PVID. A non-zero value of this object indicates that the PVID provisioned (e.g. from the Tunnel-Private-Group-ID RADIUS attribute) should be mapped to a Policy as defined in the etsysPolicyProfileTable, and that policy applied as if the Policy name had been provisioned instead (e.g, in the Filter-ID RADIUS attribute), providing, of course, that the etsysPolicyProfileRowStatus value of the table row so indexed is active (1)." REFERENCE "IEEE 802.1X RADIUS Usage Guidelines (RFC 3580)" DEFVAL { 0 } ::= { etsysPolicyMapEntry 5 } -- ------------------------------------------------------------- -- etsysPolicyRules group -- ------------------------------------------------------------- etsysPolicyRulesMaxEntries OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries allowed in the etsysPolicyRulesTable." ::= { etsysPolicyRules 1 } etsysPolicyRulesNumEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of entries in the etsysPolicyRulesTable." ::= { etsysPolicyRules 2 } etsysPolicyRulesLastChange OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the etsysPolicyRulesTable was last modified." ::= { etsysPolicyRules 3 } etsysPolicyRulesAccountingEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Controls the collection of rule usage statistics. If disabled, no usage statistics are gathered and no auditing messages will be sent. When enabled, rule will gather usage statistics, and auditing messages will be sent, if enabled for a given rule." DEFVAL { disabled } ::= { etsysPolicyRules 4 } etsysPolicyRulesPortDisabledList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "A portlist containing bits representing the dot1dBridgePorts which have been disabled via the mechanism described in the etsysPolicyRuleDisablePort leaf. A set bit indicates a disabled port. Ports may be enabled by performing a set with the corresponding bit cleared. Bits which are set will be ignored during the set operation." ::= { etsysPolicyRules 5 } -- ------------------------------------------------------------- -- etsysPolicyRuleTable -- ------------------------------------------------------------- etsysPolicyRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPolicyRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table containing rules bound to individual policies. A Rule is comprised of three components, a unique description of the network traffic, an associated list of actions, and an associated list of accounting and auditing controls and information. The unique description of the network traffic, defined by a PolicyClassificationRuleType together with a length, matching data and a relevant bits field, port type, and port number (port number zero is reserved to mean any port), and scoped by a etsysPolicyProfileIndex, is used as the table index." ::= { etsysPolicyRules 6 } etsysPolicyRuleEntry OBJECT-TYPE SYNTAX EtsysPolicyRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a particular entry within the etsysPolicyRuleTable. Entries within this table MUST be considered non-volatile and MUST be maintained across entity resets." INDEX { etsysPolicyRuleProfileIndex, etsysPolicyRuleType, etsysPolicyRuleData, etsysPolicyRulePrefixBits, etsysPolicyRulePortType, etsysPolicyRulePort} ::= { etsysPolicyRuleTable 1 } EtsysPolicyRuleEntry ::= SEQUENCE { etsysPolicyRuleProfileIndex Integer32, etsysPolicyRuleType PolicyClassificationRuleType, etsysPolicyRuleData OCTET STRING, etsysPolicyRulePrefixBits Integer32, etsysPolicyRulePortType PortPolicyProfileIndexTypeTC, etsysPolicyRulePort Integer32, etsysPolicyRuleRowStatus RowStatus, etsysPolicyRuleStorageType StorageType, etsysPolicyRuleUsageList PortList, etsysPolicyRuleResult1 Integer32, etsysPolicyRuleResult2 Integer32, etsysPolicyRuleAuditSyslogEnable EnabledStatus, etsysPolicyRuleAuditTrapEnable EnabledStatus, etsysPolicyRuleDisablePort EnabledStatus, etsysPolicyRuleOperPid Integer32 } etsysPolicyRuleProfileIndex OBJECT-TYPE SYNTAX Integer32 (0|1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The etsysPolicyProfileIndex for which the rule is defined. A value of zero(0) has special meaning in that it scopes rules which are used to determine the Policy Profile to which the frame belongs. See the etsysPolicyRuleResult1 and etsysPolicyRuleResult2 descriptions for specifics of how the results of a rule hit differ when the etsysPolicyRuleProfileIndex is zero." ::= { etsysPolicyRuleEntry 1 } etsysPolicyRuleType OBJECT-TYPE SYNTAX PolicyClassificationRuleType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of network traffic reference by the etsysPolicyRuleData." ::= { etsysPolicyRuleEntry 2 } etsysPolicyRuleData OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..64)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The data pattern to match against, as defined by the etsysPolicyRuleType, encoded in network-byte order." ::= { etsysPolicyRuleEntry 3 } etsysPolicyRulePrefixBits OBJECT-TYPE SYNTAX Integer32(0|1..2048) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The relevant number of bits defined by the etsysPolicyRuleData, to be used when matching against a frame, relevant bits are specified in longest-prefix-first style (left to right). A value of zero carries the special meaning of all bits are relevant." ::= { etsysPolicyRuleEntry 4 } etsysPolicyRulePortType OBJECT-TYPE SYNTAX PortPolicyProfileIndexTypeTC MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number on which the rule will be applied. Zero(0) is a special case, indicating that the rule should be applied to all ports." ::= { etsysPolicyRuleEntry 5 } etsysPolicyRulePort OBJECT-TYPE SYNTAX Integer32(0|1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number on which the rule will be applied. Zero(0) is a special case, indicating that the rule should be applied to all ports." ::= { etsysPolicyRuleEntry 6 } etsysPolicyRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this row. When set to active(1) this entry's classification rule, as referenced by etsysPolicyRulesOID, becomes one of its associated policy's set of rules. When this entry's associated policy, as defined by etsysPolicyRuleProfileIndex, is active and assigned to a port through the etsysPortPolicyProfileTable or to a station through the etsysStationPolicyProfileTabbe, this classification rule will be applied to the port or station. The exact behavior of this application depends upon the classification rule. When this object is set to notInService(2) or notReady(3) this entry is not considered one of its associated policy's set of rules and this classification rule will not be applied." ::= { etsysPolicyRuleEntry 7 } etsysPolicyRuleStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type of this row. When set to volatile(1) this entry's classification rule, as referenced by etsysPolicyRulesOID, will be removed (if present) from non-volatile storage. Rows created dynamically by the device will typically report this as their default storage type. When set to nonVolatile(1) this entry's classification rule, as referenced by etsysPolicyRulesOID, will be added to non-volatile storage. This is the default value for rows created as the result of external management. Values of other(0), permanent(4), and readOnly(5) may not be set, although they may be returned for rows created by the device." DEFVAL { nonVolatile } ::= { etsysPolicyRuleEntry 8 } etsysPolicyRuleUsageList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "When read, a set bit indicates that this rule was used to classify traffic on the corresponding port. When set, the native PortList will be bit-wise AND'ed with the set PortList, allowing the agent to clear the usage indication." ::= { etsysPolicyRuleEntry 9 } etsysPolicyRuleResult1 OBJECT-TYPE SYNTAX Integer32(-1|0|1..4094|4095) MAX-ACCESS read-create STATUS current DESCRIPTION "If the etsysPolicyRuleProfileIndex is 0 then this field is read-only and defines the profile ID which will assigned to frames matching this rule. This is the dynamically assigned value and may differ from the administratively configured value. If the etsysPolicyRuleProfileIndex is not 0 then this field is read-create and defines the VLAN ID with which to mark a frame matching this PolicyRule. Note that three special, otherwise illegal, values of the etsysPolicyRuleVlan are used in defining the forwarding action. -1 Indicates that no VLAN or forwarding behavior modification is desired. A rule will not be matched against for the purpose of determining a marking VID if this value is set. 0 Indicates that the default forwarding action is to drop the packets matching this rule. 4095 Indicates that the default forwarding action is to forward any packets matching this rule." DEFVAL { -1 } ::= { etsysPolicyRuleEntry 10 } etsysPolicyRuleResult2 OBJECT-TYPE SYNTAX Integer32(-1|0..4095) MAX-ACCESS read-create STATUS current DESCRIPTION "If the etsysPolicyRuleProfileIndex is 0 then this field is read-create and defines the profile ID which the managing entity desires assigned to frames matching this rule. This is the administrative value and may differ from the dynamically assigned active value. If the etsysPolicyRuleProfileIndex is not 0 then this field is The CoS with which to mark a frame matching this PolicyRule. Note that one special, otherwise illegal, values of the etsysPolicyRuleCoS are used in defining the forwarding action. -1 Indicates that no CoS or forwarding behavior modification is desired. A rule will not be matched against for the purpose of determining a CoS if this value is set." DEFVAL { -1 } ::= { etsysPolicyRuleEntry 11 } etsysPolicyRuleAuditSyslogEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls the sending of a syslog message when a bit in the etsysPolicyRuleUsageList transitions from 0 to 1." DEFVAL { disabled } ::= { etsysPolicyRuleEntry 12 } etsysPolicyRuleAuditTrapEnable OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls the sending of an SNMP NOTIFICATION when a bit in the etsysPolicyRuleUsageList transitions from 0 to 1." DEFVAL { disabled } ::= { etsysPolicyRuleEntry 13 } etsysPolicyRuleDisablePort OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls the disabling of a port (ifOperStatus of the corresponding ifIndex will be down) when a bit in the etsysPolicyRuleUsageList transitions from 0 to 1. When set to enabled, the corresponding ifIndex will be disabled upon the transition." DEFVAL { disabled } ::= { etsysPolicyRuleEntry 14 } etsysPolicyRuleOperPid OBJECT-TYPE SYNTAX Integer32(-1|0..4095) MAX-ACCESS read-only STATUS current DESCRIPTION "If the etsysPolicyRuleProfileIndex is 0 then this field contains the currently applied profile ID for frames matching this rule. This may be either the administratively applied value or the dynamically applied value. If the etsysPolicyRuleProfileIndex is not 0, then this object does not exist and will not be returned. Note that one special, otherwise illegal, values of the etsysPolicyRuleCoS are used in defining the forwarding action. -1 Indicates that no profile ID is being applied by this rule." DEFVAL { -1 } ::= { etsysPolicyRuleEntry 15 } -- ------------------------------------------------------------- -- etsysPolicyRulePortTable -- ------------------------------------------------------------- etsysPolicyRulePortTable OBJECT-TYPE SYNTAX SEQUENCE OF EtsysPolicyRulePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The purpose of this table is to provide an agent the ability to easily determine which rules have been used on a given bridge port. A row will only be present when the rule which the instancing describes has been used. The agent may remove a row (and clear the used status) by setting the etsysPolicyRulePortHit leaf to False. PolicyClassificationRuleType together with a length, matching data and a relevant bits field, port type, and port number (port number zero is reserved to mean any port), scoped by a etsysPolicyRuleProfileIndex, and preceded by a dot1dBasePort is used as the table index." ::= { etsysPolicyRules 7 } etsysPolicyRulePortEntry OBJECT-TYPE SYNTAX EtsysPolicyRulePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." INDEX { dot1dBasePort, etsysPolicyRuleProfileIndex, etsysPolicyRuleType, etsysPolicyRuleData, etsysPolicyRulePrefixBits, etsysPolicyRulePortType, etsysPolicyRulePort } ::= { etsysPolicyRulePortTable 1 } EtsysPolicyRulePortEntry ::= SEQUENCE { etsysPolicyRulePortHit TruthValue } etsysPolicyRulePortHit OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Every row will report a value of True, indicating that the Rule described by the instancing was used on the given port. An agent may be set this leaf to False to clear remove the row and clear the Rule Use bit for the specified Rule, on the given bridgePort." ::= { etsysPolicyRulePortEntry 1 } etsysPolicyRuleDynamicProfileAssignmentOverride OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If true, administratively assigned profile assignment rules override dynamically assigned profiles assignments for a given rule. If false, the dynamically assigned value (typically created by a successful authentication attempt) overrides the administratively configured value. The agent may optionally implement this leaf as read-only." DEFVAL { false } ::= { etsysPolicyRules 8 } etsysPolicyRuleDefaultDynamicSyslogStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "If enabled(1), rules dynamically created will set etsysPolicyRuleAuditSyslogEnable to enabled. If disabled(2) a dynamically created rule will have etsysPolicyRuleAuditSyslogEnable set to disabled. The agent may optionally implement this leaf as read-only." DEFVAL { disabled } ::= { etsysPolicyRules 9 } etsysPolicyRuleDefaultDynamicTrapStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "If enabled(1), rules dynamically created will set etsysPolicyRuleAuditTrapEnable to enabled. If disabled(2) a dynamically created rule will have etsysPolicyRuleAuditTrapEnable set to disabled. The agent may optionally implement this leaf as read-only." DEFVAL { disabled } ::= { etsysPolicyRules 10 } -- ------------------------------------------------------------- -- Conformance Information -- ------------------------------------------------------------- etsysPolicyProfileConformance OBJECT IDENTIFIER ::= { etsysPolicyProfileMIB 7 } etsysPolicyProfileGroups OBJECT IDENTIFIER ::= { etsysPolicyProfileConformance 1 } etsysPolicyProfileCompliances OBJECT IDENTIFIER ::= { etsysPolicyProfileConformance 2 } -- ------------------------------------------------------------- -- Units of Conformance -- ------------------------------------------------------------- etsysPolicyProfileGroup OBJECT-GROUP OBJECTS { etsysPolicyProfileMaxEntries, etsysPolicyProfileNumEntries, etsysPolicyProfileLastChange, etsysPolicyProfileTableNextAvailableIndex, etsysPolicyProfileName, etsysPolicyProfileRowStatus, etsysPolicyProfilePortVidStatus, etsysPolicyProfilePortVid, etsysPolicyProfilePriorityStatus, etsysPolicyProfilePriority, etsysPolicyProfileEgressVlans, etsysPolicyProfileForbiddenVlans, etsysPolicyProfileUntaggedVlans, etsysPolicyProfileOverwriteTCI, etsysPolicyProfileRulePrecedence } STATUS current DESCRIPTION "A collection of objects providing Policy Profile Creation." ::= { etsysPolicyProfileGroups 1 } etsysPolicyClassificationGroup OBJECT-GROUP OBJECTS { etsysPolicyClassificationMaxEntries, etsysPolicyClassificationNumEntries, etsysPolicyClassificationLastChange, etsysPolicyClassificationOID, etsysPolicyClassificationRowStatus, etsysPolicyClassificationIngressList } STATUS deprecated DESCRIPTION "A collection of objects providing a mapping between a set of Classification Rules and a Policy Profile." ::= { etsysPolicyProfileGroups 2 } etsysPortPolicyProfileGroup OBJECT-GROUP OBJECTS { etsysPortPolicyProfileLastChange, etsysPortPolicyProfileAdminID, etsysPortPolicyProfileOperID, etsysPortPolicyProfileSummaryAdminID, etsysPortPolicyProfileSummaryOperID } STATUS deprecated DESCRIPTION "A collection of objects providing a mapping from a specific port to a Policy Profile instance. Only the read-only portions of this group are now current. They are listed under etsysPortPolicyProfileGroup2." ::= { etsysPolicyProfileGroups 3 } etsysStationPolicyProfileGroup OBJECT-GROUP OBJECTS { etsysStationPolicyProfileMaxEntries, etsysStationPolicyProfileNumEntries, etsysStationPolicyProfileLastChange, etsysStationIdentifierType, etsysStationIdentifier, etsysStationPolicyProfileOperID, etsysStationPolicyProfilePortType, etsysStationPolicyProfilePortID } STATUS current DESCRIPTION "A collection of objects providing a mapping from a specific station to a Policy Profile instance." ::= { etsysPolicyProfileGroups 5 } etsysInvalidPolicyPolicyGroup OBJECT-GROUP OBJECTS { etsysInvalidPolicyAction, etsysInvalidPolicyCount } STATUS current DESCRIPTION "A collection of objects that help to define a mapping from logical authorization services outcomes to access control and policy actions." ::= { etsysPolicyProfileGroups 6 } etsysDevicePolicyProfileGroup OBJECT-GROUP OBJECTS { etsysDevicePolicyProfileDefault } STATUS current DESCRIPTION "An object that provides a device level supplemental policy for entities that are not able to apply portions of the profile definition uniquely on individual ports." ::= { etsysPolicyProfileGroups 7 } etsysPolicyCapabilitiesGroup OBJECT-GROUP OBJECTS { etsysPolicyCapabilities, etsysPolicyVlanRuleCapabilities, etsysPolicyCosRuleCapabilities, etsysPolicyDropRuleCapabilities, etsysPolicyForwardRuleCapabilities, etsysPolicyDynaPIDRuleCapabilities , etsysPolicyAdminPIDRuleCapabilities, etsysPolicySyslogRuleCapabilities, etsysPolicyTrapRuleCapabilities, etsysPolicyDisablePortRuleCapabilities } STATUS current DESCRIPTION "An object that indicates the capabilities of the managed entity with respect to Policy Profiles." ::= { etsysPolicyProfileGroups 8 } etsysPolicyMapGroup OBJECT-GROUP OBJECTS { etsysPolicyMapMaxEntries, etsysPolicyMapNumEntries, etsysPolicyMapLastChange, etsysPolicyMapPvidOverRide, etsysPolicyMapUnknownPvidPolicy, etsysPolicyMapRowStatus, etsysPolicyMapStartVid, etsysPolicyMapEndVid, etsysPolicyMapPolicyIndex } STATUS current DESCRIPTION "An object group that provides support for mapping between RFC 3580 style VLAN-policy and Enterasys UPN-policy based on named roles." ::= { etsysPolicyProfileGroups 9 } etsysPolicyRulesGroup OBJECT-GROUP OBJECTS { etsysPolicyRulesMaxEntries, etsysPolicyRulesNumEntries, etsysPolicyRulesLastChange, etsysPolicyRulesAccountingEnable, etsysPolicyRulesPortDisabledList, etsysPolicyRuleRowStatus, etsysPolicyRuleStorageType, etsysPolicyRuleUsageList, etsysPolicyRuleResult1, etsysPolicyRuleResult2, etsysPolicyRuleAuditSyslogEnable, etsysPolicyRuleAuditTrapEnable, etsysPolicyRuleDisablePort, etsysPolicyRuleOperPid, etsysPolicyRulePortHit, etsysPolicyRuleDynamicProfileAssignmentOverride, etsysPolicyRuleDefaultDynamicSyslogStatus, etsysPolicyRuleDefaultDynamicTrapStatus } STATUS current DESCRIPTION "An object that indicates the capabilities of the managed entity with respect to Policy Profiles." ::= { etsysPolicyProfileGroups 10 } etsysPortPolicyProfileGroup2 OBJECT-GROUP OBJECTS { etsysPortPolicyProfileSummaryAdminID, etsysPortPolicyProfileSummaryOperID, etsysPortPolicyProfileSummaryDynamicID } STATUS current DESCRIPTION "A collection of objects providing a mapping from a specific port to a Policy Profile instance." ::= { etsysPolicyProfileGroups 11 } -- ------------------------------------------------------------- -- compliance statements -- ------------------------------------------------------------- etsysPolicyProfileCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for devices that support Policy Profiles. This compliance statement was deprecated to add mandatory support for the etsysPolicyCapabilitiesGroup and conditionally mandatory support for the etsysDevicePolicyProfileGroup." MODULE -- this module MANDATORY-GROUPS { etsysPolicyProfileGroup, etsysPortPolicyProfileGroup } GROUP etsysPolicyClassificationGroup DESCRIPTION "The etsysPolicyClassification group is mandatory only for agents which support advanced packet classification." GROUP etsysStationPolicyProfileGroup DESCRIPTION "The etsysStationPolicyProfileGroup is mandatory only for agents which support station-based policy application." GROUP etsysInvalidPolicyPolicyGroup DESCRIPTION "The etsysInvalidPolicyPolicyGroup is mandatory only for agents which support provisioning of policy based on AAA services such as RADIUS." ::= { etsysPolicyProfileCompliances 1 } etsysPolicyProfileCompliance2 MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for devices that support Policy Profiles. This compliance state was deprecated to remove the conditional support of the etsysPolicyClassificationGroup, and add support for the etsysPolicyMapGroup and the etsysPolicyRulesGroup." MODULE -- this module MANDATORY-GROUPS { etsysPolicyProfileGroup, etsysPortPolicyProfileGroup, etsysPolicyCapabilitiesGroup } GROUP etsysPolicyClassificationGroup DESCRIPTION "The etsysPolicyClassification group is mandatory only for agents which support advanced packet classification." GROUP etsysStationPolicyProfileGroup DESCRIPTION "The etsysStationPolicyProfileGroup is mandatory only for agents which support station-based policy application." GROUP etsysInvalidPolicyPolicyGroup DESCRIPTION "The etsysInvalidPolicyPolicyGroup is mandatory only for agents which support provisioning of policy based on AAA services such as RADIUS." GROUP etsysDevicePolicyProfileGroup DESCRIPTION "The etsysDevicePolicyProfileGroup is mandatory for agents that cannot support complete policies on a per port basis." GROUP etsysPolicyMapGroup DESCRIPTION "The etsysPolicyMapGroup is mandatory for agents that support RFC 3580 compliance." ::= { etsysPolicyProfileCompliances 2 } etsysPolicyProfileCompliance3 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for devices that support Policy Profiles." MODULE -- this module MANDATORY-GROUPS { etsysPolicyProfileGroup, etsysPortPolicyProfileGroup2, etsysPolicyCapabilitiesGroup } GROUP etsysStationPolicyProfileGroup DESCRIPTION "The etsysStationPolicyProfileGroup is mandatory only for agents which support station-based policy application." GROUP etsysInvalidPolicyPolicyGroup DESCRIPTION "The etsysInvalidPolicyPolicyGroup is mandatory only for agents which support provisioning of policy based on AAA services such as RADIUS." GROUP etsysDevicePolicyProfileGroup DESCRIPTION "The etsysDevicePolicyProfileGroup is mandatory for agents that cannot support complete policies on a per port basis." GROUP etsysPolicyMapGroup DESCRIPTION "The etsysPolicyMapGroup is mandatory for agents that support RFC 3580 compliance." GROUP etsysPolicyRulesGroup DESCRIPTION "The etsysPolicyRulesGroup is mandatory for agents that support Policy rule accounting and usage reporting." ::= { etsysPolicyProfileCompliances 3 } END