1-- ***************************************************************** 2-- CISCO-POLICY-GROUP-MIB 3-- 4-- January 2006, Edward Pham 5-- 6-- Copyright (c) 2006 by cisco Systems, Inc. 7-- All rights reserved. 8-- ***************************************************************** 9 10CISCO-POLICY-GROUP-MIB DEFINITIONS ::= BEGIN 11 12IMPORTS 13 MODULE-IDENTITY, 14 OBJECT-TYPE, 15 Unsigned32 16 FROM SNMPv2-SMI 17 18 MODULE-COMPLIANCE, 19 OBJECT-GROUP 20 FROM SNMPv2-CONF 21 22 TEXTUAL-CONVENTION, 23 RowStatus 24 FROM SNMPv2-TC 25 26 InetAddressType, 27 InetAddress 28 FROM INET-ADDRESS-MIB 29 30 ciscoMgmt 31 FROM CISCO-SMI; 32 33ciscoPolicyGroupMIB MODULE-IDENTITY 34 LAST-UPDATED "200601131600Z" 35 ORGANIZATION "Cisco Systems, Inc." 36 CONTACT-INFO 37 " Cisco Systems 38 Customer Service 39 40 Postal: 170 W Tasman Drive 41 San Jose, CA 95134 42 USA 43 44 Tel: +1 800 553-NETS 45 46 E-mail: cs-lan-switch-snmp@cisco.com" 47 DESCRIPTION 48 "The MIB module is for configuration of policy and 49 policy group. A policy group can be described as a set 50 of entities identified by IP addresses or other means. 51 Members of a policy group will be subjected to the same policy. 52 In this MIB, user can apply a policy to policy group(s) 53 as well as configure and retrieve the group membership." 54 REVISION "200601131600Z" 55 DESCRIPTION 56 "Initial revision of this MIB module." 57 ::= { ciscoMgmt 507 } 58 59-- 60-- Definitions of textual convention 61-- 62 63CpgPolicyName ::= TEXTUAL-CONVENTION 64 DISPLAY-HINT "128a" 65 STATUS current 66 DESCRIPTION 67 "An octet string, preferably in human-readable form, 68 describes the name of a policy." 69 SYNTAX OCTET STRING (SIZE (1..128)) 70 71CpgPolicyNameOrEmpty ::= TEXTUAL-CONVENTION 72 DISPLAY-HINT "128a" 73 STATUS current 74 DESCRIPTION 75 "This textual convention is an extension of the 76 CpgPolicyName convention. The latter defines a non-empty 77 policy name. This extension permits the additional value 78 of empty string." 79 SYNTAX OCTET STRING (SIZE (0..128)) 80 81CpgGroupName ::= TEXTUAL-CONVENTION 82 DISPLAY-HINT "128a" 83 STATUS current 84 DESCRIPTION 85 "An octet string, preferably in human-readable form, 86 describes the name of a policy group." 87 SYNTAX OCTET STRING (SIZE (1..128)) 88 89-- 90-- MIB object definitions 91-- 92 93ciscoPolicyGroupMIBNotifs 94 OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIB 0 } 95ciscoPolicyGroupMIBObjects 96 OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIB 1 } 97ciscoPolicyGroupMIBConformance 98 OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIB 2 } 99 100cpgGroup 101 OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIBObjects 1 } 102 103cpgPolicy 104 OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIBObjects 2 } 105 106-- 107-- cpgGroupTable 108-- 109 110cpgGroupTable OBJECT-TYPE 111 SYNTAX SEQUENCE OF CpgGroupEntry 112 MAX-ACCESS not-accessible 113 STATUS current 114 DESCRIPTION 115 "A table indicates the policy groups in the device." 116 ::= { cpgGroup 1 } 117 118cpgGroupEntry OBJECT-TYPE 119 SYNTAX CpgGroupEntry 120 MAX-ACCESS not-accessible 121 STATUS current 122 DESCRIPTION 123 "A row instance contains the name of a policy group, 124 the source method which creates this group, the number 125 of IP addresses contained in the group and the status 126 of this instance. A row instance can be created or removed 127 by the system or by setting the appropriate value 128 of the RowStatus object." 129 INDEX { IMPLIED cpgGroupName } 130 ::= { cpgGroupTable 1 } 131 132CpgGroupEntry ::= SEQUENCE { 133 cpgGroupName CpgGroupName, 134 cpgGroupSourceType INTEGER, 135 cpgGroupIpAddrCount Unsigned32, 136 cpgGroupRowStatus RowStatus 137} 138 139cpgGroupName OBJECT-TYPE 140 SYNTAX CpgGroupName 141 MAX-ACCESS not-accessible 142 STATUS current 143 DESCRIPTION 144 "Indicates the name of a policy group in the device." 145 ::= { cpgGroupEntry 1 } 146 147cpgGroupSourceType OBJECT-TYPE 148 SYNTAX INTEGER { 149 unknown(1), 150 accessList(2), 151 configured(3) 152 } 153 MAX-ACCESS read-only 154 STATUS current 155 DESCRIPTION 156 "Indicates the source i.e. the method used to create this 157 group. 158 159 unknown(1) indicates that the source of this group cannot 160 be identified. 161 162 accessList(2) indicates that this group is added via 163 the ACL (Access Control List) feature. 164 165 configured(3) indicates that this group is added via 166 this policy group configuration." 167 ::= { cpgGroupEntry 2 } 168 169cpgGroupIpAddrCount OBJECT-TYPE 170 SYNTAX Unsigned32 171 MAX-ACCESS read-only 172 STATUS current 173 DESCRIPTION 174 "Indicates the number of IP address(es) contained in 175 this group. This is the number of entries for this group 176 in the cpgGroupIpTable. The initial value of this object 177 in a row created via cpgGroupRowStatus object is zero." 178 ::= { cpgGroupEntry 3 } 179 180cpgGroupRowStatus OBJECT-TYPE 181 SYNTAX RowStatus 182 MAX-ACCESS read-create 183 STATUS current 184 DESCRIPTION 185 "This object is used to manage the creation and deletion 186 of rows in this table." 187 ::= { cpgGroupEntry 4 } 188 189-- 190-- The cpgGroupIpTable 191-- 192 193cpgGroupIpTable OBJECT-TYPE 194 SYNTAX SEQUENCE OF CpgGroupIpEntry 195 MAX-ACCESS not-accessible 196 STATUS current 197 DESCRIPTION 198 "A table provides management information for policy group 199 and its IP address(es) membership in the device." 200 ::= { cpgGroup 2 } 201 202cpgGroupIpEntry OBJECT-TYPE 203 SYNTAX CpgGroupIpEntry 204 MAX-ACCESS not-accessible 205 STATUS current 206 DESCRIPTION 207 "A row instance contains the IP address mask, source type 208 and its status. A row instance can be created or removed 209 by the system or by setting the appropriate value of its 210 RowStatus object. 211 212 A row instance is indexed by a group name, type and value 213 of an IP address. The group name index must exist in the 214 cpgGroupTable. If a group name is deleted from cpgGroupTable, 215 entries in this table using this group as an index will also be 216 automatically removed." 217 INDEX { cpgGroupIpGroupName, 218 cpgGroupIpAddrType, 219 cpgGroupIpAddress 220 } 221 ::= { cpgGroupIpTable 1 } 222 223CpgGroupIpEntry ::= SEQUENCE { 224 cpgGroupIpGroupName CpgGroupName, 225 cpgGroupIpAddrType InetAddressType, 226 cpgGroupIpAddress InetAddress, 227 cpgGroupIpMask InetAddress, 228 cpgGroupIpSourceType INTEGER, 229 cpgGroupIpRowStatus RowStatus 230} 231 232cpgGroupIpGroupName OBJECT-TYPE 233 SYNTAX CpgGroupName 234 MAX-ACCESS not-accessible 235 STATUS current 236 DESCRIPTION 237 "Indicates the policy group name. This group should exist in 238 cpgGroupTable." 239 ::= { cpgGroupIpEntry 1 } 240 241cpgGroupIpAddrType OBJECT-TYPE 242 SYNTAX InetAddressType 243 MAX-ACCESS not-accessible 244 STATUS current 245 DESCRIPTION 246 "The type of Internet address of a group member." 247 ::= { cpgGroupIpEntry 2 } 248 249cpgGroupIpAddress OBJECT-TYPE 250 SYNTAX InetAddress (SIZE (1..64)) 251 MAX-ACCESS not-accessible 252 STATUS current 253 DESCRIPTION 254 "The Internet address of a group member. 255 The type of this address is determined by 256 the value of the cpgGroupIpAddrType object. 257 The cpgGroupIpAddress may not be empty due to the SIZE 258 restriction." 259 ::= { cpgGroupIpEntry 3 } 260 261cpgGroupIpMask OBJECT-TYPE 262 SYNTAX InetAddress 263 MAX-ACCESS read-create 264 STATUS current 265 DESCRIPTION 266 "Specifies the mask to be logical-ANDed with the IP address 267 denoted in cpgGroupIpAddress object to indicate IP address 268 group membership. The type of this mask is determined by 269 the value of the cpgGroupIpAddrType object. 270 271 Value of this object can not be modified when the corresponding 272 instance of cpgGroupIpRowStatus is 'active'." 273 DEFVAL { 'FFFFFFFF'H } -- 255.255.255.255 274 ::= { cpgGroupIpEntry 4 } 275 276cpgGroupIpSourceType OBJECT-TYPE 277 SYNTAX INTEGER { 278 other(1), 279 configured(2), 280 dot1x(3), 281 nac(4), 282 webAuth(5), 283 macAuth(6) 284 } 285 MAX-ACCESS read-only 286 STATUS current 287 DESCRIPTION 288 "Indicates the source of this IP address. 289 290 other(1) indicates the source of this IP address is 291 not one of the following types. 292 293 configured(2) indicates this IP address is configured 294 via this policy group and IP address configuration. 295 296 dot1x(3) indicates this IP address is added by 297 802.1x feature. 298 299 nac(4) indicates this IP address is added by 300 NAC (network admission control) feature. 301 302 webAuth(5) indicates this IP address is added 303 by Web-Proxy Authentication feature. 304 305 macAuth(6) indicatest this IP address is added 306 by MAC Authentication Bypass feature." 307 ::= { cpgGroupIpEntry 5 } 308 309cpgGroupIpRowStatus OBJECT-TYPE 310 SYNTAX RowStatus 311 MAX-ACCESS read-create 312 STATUS current 313 DESCRIPTION 314 "This object is used to manage the creation and deletion 315 of rows in this table. Once a row becomes active, values 316 within this row cannot be modified, except by setting this 317 object value to 'notInService' first, or deleting and 318 re-creating it. 319 320 A conceptual row can be removed by setting this object 321 value to 'destroy' if and only if the value of corresponding 322 instance of cpgGroupIpSourceType is 'configured'." 323 ::= { cpgGroupIpEntry 6 } 324 325-- 326-- Policy group 327-- 328 329cpgPolicyTable OBJECT-TYPE 330 SYNTAX SEQUENCE OF CpgPolicyEntry 331 MAX-ACCESS not-accessible 332 STATUS current 333 DESCRIPTION 334 "A table describes the policies in the device." 335 ::= { cpgPolicy 1 } 336 337cpgPolicyEntry OBJECT-TYPE 338 SYNTAX CpgPolicyEntry 339 MAX-ACCESS not-accessible 340 STATUS current 341 DESCRIPTION 342 "A row instance contains the name of a policy 343 in the device." 344 INDEX { IMPLIED cpgPolicyName } 345 ::= { cpgPolicyTable 1 } 346 347CpgPolicyEntry ::= SEQUENCE { 348 cpgPolicyName CpgPolicyName, 349 cpgPolicyGroupCount Unsigned32 350} 351 352cpgPolicyName OBJECT-TYPE 353 SYNTAX CpgPolicyName 354 MAX-ACCESS not-accessible 355 STATUS current 356 DESCRIPTION 357 "Indicates a policy name in the device." 358 ::= { cpgPolicyEntry 1 } 359 360cpgPolicyGroupCount OBJECT-TYPE 361 SYNTAX Unsigned32 362 MAX-ACCESS read-only 363 STATUS current 364 DESCRIPTION 365 "Indicates the number of policy group(s) associated with 366 this policy. This is the number of entries for this policy 367 in the cpgPolicyGroupTable." 368 ::= { cpgPolicyEntry 2 } 369 370-- 371-- The Policy Group Table 372-- 373 374cpgPolicyGroupTable OBJECT-TYPE 375 SYNTAX SEQUENCE OF CpgPolicyGroupEntry 376 MAX-ACCESS not-accessible 377 STATUS current 378 DESCRIPTION 379 "A table provides the mechanism to configure association 380 between a policy and a policy group. When a policy associates 381 with a policy group, this policy is applied to all the 382 members of the group. A policy can associate with 383 multiple groups and vice versa." 384 ::= { cpgPolicy 2 } 385 386cpgPolicyGroupEntry OBJECT-TYPE 387 SYNTAX CpgPolicyGroupEntry 388 MAX-ACCESS not-accessible 389 STATUS current 390 DESCRIPTION 391 "A row instance contains the RowStatus object to configure 392 the association between a policy and a policy group. A row 393 instance can be created or removed by the system or by setting 394 the appropriate value of the RowStatus object. 395 396 A row instance is indexed by a policy name and a policy group 397 name. The policy name index must exist in cpgPolicyTable. The 398 policy group name index must exist in cpgGroupTable. If a policy 399 group is removed from cpgGroupTable, entries in this table 400 using this group as an index will be automatically removed." 401 INDEX { cpgPolicyGroupPolicyName, 402 IMPLIED cpgPolicyGroupGroupName } 403 ::= { cpgPolicyGroupTable 1 } 404 405CpgPolicyGroupEntry ::= SEQUENCE { 406 cpgPolicyGroupPolicyName CpgPolicyName, 407 cpgPolicyGroupGroupName CpgGroupName, 408 cpgPolicyGroupRowStatus RowStatus 409} 410 411cpgPolicyGroupPolicyName OBJECT-TYPE 412 SYNTAX CpgPolicyName 413 MAX-ACCESS not-accessible 414 STATUS current 415 DESCRIPTION 416 "This object indicates the policy name used to associate 417 to the group denoted by cpgPolicyGroupGroupName. This policy 418 must exist in cpgPolicyTable." 419 ::= { cpgPolicyGroupEntry 1 } 420 421cpgPolicyGroupGroupName OBJECT-TYPE 422 SYNTAX CpgGroupName 423 MAX-ACCESS not-accessible 424 STATUS current 425 DESCRIPTION 426 "This object indicates the group name used to associate 427 to the policy denoted by cpgPolicyGroupPolicyName. This 428 group must exist in cpgGroupTable." 429 ::= { cpgPolicyGroupEntry 2 } 430 431cpgPolicyGroupRowStatus OBJECT-TYPE 432 SYNTAX RowStatus 433 MAX-ACCESS read-create 434 STATUS current 435 DESCRIPTION 436 "This object is used to manage the creation and deletion 437 of rows in this table." 438 ::= { cpgPolicyGroupEntry 3 } 439 440-- 441-- Conformance 442-- 443 444ciscoPolicyGroupMIBCompliances 445 OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIBConformance 1 } 446 447ciscoPolicyGroupMIBGroups 448 OBJECT IDENTIFIER ::= { ciscoPolicyGroupMIBConformance 2 } 449 450ciscoPolicyGroupMIBCompliance MODULE-COMPLIANCE 451 STATUS current 452 DESCRIPTION 453 "The compliance statement for the CISCO-POLICY-GROUP-MIB" 454 MODULE 455 MANDATORY-GROUPS { 456 ciscoCpgPolicyInfoGroup, 457 ciscoCpgGroupInfoGroup, 458 ciscoCpgGroupIpInfoGroup, 459 ciscoCpgPolicyGroupInfoGroup 460 } 461 462 OBJECT cpgGroupIpRowStatus 463 SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } 464 DESCRIPTION 465 "Support for 'createAndWait' is not required." 466 467 OBJECT cpgPolicyGroupRowStatus 468 SYNTAX INTEGER { active(1), createAndGo(4), destroy(6) } 469 DESCRIPTION 470 "Support for 'createAndWait' is not required." 471 472 ::= { ciscoPolicyGroupMIBCompliances 1 } 473 474-- Units of Conformance 475 476ciscoCpgGroupInfoGroup OBJECT-GROUP 477 OBJECTS { 478 cpgGroupSourceType, 479 cpgGroupIpAddrCount, 480 cpgGroupRowStatus 481 } 482 STATUS current 483 DESCRIPTION 484 "A collection of objects which provides information on 485 policy groups in the device." 486 ::= { ciscoPolicyGroupMIBGroups 1 } 487 488ciscoCpgGroupIpInfoGroup OBJECT-GROUP 489 OBJECTS { 490 cpgGroupIpMask, 491 cpgGroupIpSourceType, 492 cpgGroupIpRowStatus 493 } 494 STATUS current 495 DESCRIPTION 496 "A collection of objects which provides information on 497 policy group and IP addresses membership." 498 ::= { ciscoPolicyGroupMIBGroups 2 } 499 500ciscoCpgPolicyInfoGroup OBJECT-GROUP 501 OBJECTS { 502 cpgPolicyGroupCount 503 } 504 STATUS current 505 DESCRIPTION 506 "A collection of objects which provides the policies data 507 in the device." 508 ::= { ciscoPolicyGroupMIBGroups 3 } 509 510ciscoCpgPolicyGroupInfoGroup OBJECT-GROUP 511 OBJECTS { 512 cpgPolicyGroupRowStatus 513 } 514 STATUS current 515 DESCRIPTION 516 "A collection of object which provides information on 517 group and policy association." 518 ::= { ciscoPolicyGroupMIBGroups 4 } 519 520END 521