1 FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN
4 Unsigned32, Integer32, MODULE-IDENTITY,
5 MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib
9 RoleCombination, PrcIdentifierOid, AttrIdentifierOrZero,
10 ClientType, ClientHandle
12 InetAddress, InetAddressType,
13 InetAddressPrefixLength, InetPortNumber
19 TruthValue, PhysAddress
22 FROM SNMP-FRAMEWORK-MIB;
24 frameworkPib MODULE-IDENTITY
25 SUBJECT-CATEGORIES { all }
26 LAST-UPDATED "200302130000Z" -- 13 Feb 2003
27 ORGANIZATION "IETF RAP WG"
31 170 West Tasman Drive,
32 San Jose, CA 95134-1706 USA
33 Phone: +1 408 526 5260
38 4401 Great America Parkway
39 Santa Clara, CA 95054 USA
40 Phone: +1 408 495 2992
41 Email: jseligso@nortelnetworks.com
50 Hillsboro, OR 97124 USA
51 Phone: +1 503 712 1554
52 Email: ravi.sahita@intel.com
54 RAP WG Mailing list: rap@ops.ietf.org"
57 "A PIB module containing the base set of PRCs that
58 provide support for management of multiple PIB contexts,
59 association of roles to device capabilities and other
60 reusable PRCs. PEPs are required for to implement this
61 PIB if the above features are desired. This PIB defines
62 PRCs applicable to 'all' subject-categories.
64 Copyright (C) The Internet Society (2003). This version
65 of this PIB module is part of RFC 3318; see the RFC
66 itself for full legal notices."
67 REVISION "200302130000Z" -- 13 Feb 2003
69 "Initial version, published in RFC 3318."
74 -- The root OID for PRCs in the Framework PIB
78 OBJECT IDENTIFIER ::= { frameworkPib 1 }
96 frwkPrcSupportTable OBJECT-TYPE
97 SYNTAX SEQUENCE OF FrwkPrcSupportEntry
101 "Each instance of this PRC specifies a PRC that the device
102 supports and a bit string to indicate the attributes of the
103 class that are supported. These PRIs are sent to the PDP to
104 indicate to the PDP which PRCs, and which attributes of
105 these PRCs, the device supports.
107 All install and install-notify PRCs supported by the device
108 must be represented in this PRC. Notify PRCs may be
109 represented for informational purposes."
111 ::= { frwkBasePibClasses 1 }
113 frwkPrcSupportEntry OBJECT-TYPE
114 SYNTAX FrwkPrcSupportEntry
117 "An instance of the frwkPrcSupport class that identifies a
118 specific PRC and associated attributes as supported
121 PIB-INDEX { frwkPrcSupportPrid }
122 UNIQUENESS { frwkPrcSupportSupportedPrc }
124 ::= { frwkPrcSupportTable 1 }
126 FrwkPrcSupportEntry ::= SEQUENCE {
127 frwkPrcSupportPrid InstanceId,
128 frwkPrcSupportSupportedPrc PrcIdentifierOid,
129 frwkPrcSupportSupportedAttrs OCTET STRING
132 frwkPrcSupportPrid OBJECT-TYPE
136 "An arbitrary integer index that uniquely identifies an
137 instance of the frwkPrcSupport class."
139 ::= { frwkPrcSupportEntry 1 }
146 frwkPrcSupportSupportedPrc OBJECT-TYPE
147 SYNTAX PrcIdentifierOid
150 "The object identifier of a supported PRC. The value is the
151 OID of the Entry object of the PRC definition. The Entry
152 Object definition of a PRC has an OID with value XxxTable.1
153 Where, XxxTable is the OID assigned to the PRC Table
154 Object definition. There may not be more than one instance
155 of the frwkPrcSupport class with the same value of
156 frwkPrcSupportSupportedPrc."
158 ::= { frwkPrcSupportEntry 2 }
160 frwkPrcSupportSupportedAttrs OBJECT-TYPE
164 "A bit string representing the supported attributes of the
165 class that is identified by the frwkPrcSupportSupportedPrc
168 Each bit of this bit string corresponds to a class
169 attribute, with the most significant bit of the i-th octet
170 of this octet string corresponding to the (8*i - 7)-th
171 attribute, and the least significant bit of the i-th octet
172 corresponding to the (8*i)-th class attribute. Each bit
173 specifies whether or not the corresponding class attribute
174 is currently supported, with a '1' indicating support and a
175 '0' indicating no support.
177 If the value of this bit string is N bits long and there are
178 more than N class attributes then the bit string is
179 logically extended with 0's to the required length.
180 On the other hand, If the PDP receives a bit string of
181 length N and there are less that N class attributes then the
182 PDP should ignore the extra bits in the bit string, i.e.,
183 assume those attributes are unsupported."
185 "COPS Usage for Policy Provisioning. RFC 3084, section
188 ::= { frwkPrcSupportEntry 3 }
191 -- PIB Incarnation Table
197 frwkPibIncarnationTable OBJECT-TYPE
198 SYNTAX SEQUENCE OF FrwkPibIncarnationEntry
199 PIB-ACCESS install-notify
202 "This PRC contains a single PRovisioning Instance per
203 installed context that identifies the current incarnation
204 of the PIB and the PDP or network manager that installed
205 this incarnation. The instance of this PRC is reported to
206 the PDP in the REQ message so that the PDP can (attempt to)
207 ascertain the current state of the PIB. A network manager
208 may use the instance to determine the state of the device."
210 ::= { frwkBasePibClasses 2 }
212 frwkPibIncarnationEntry OBJECT-TYPE
213 SYNTAX FrwkPibIncarnationEntry
216 "An instance of the frwkPibIncarnation class. Only
217 one instance of this PRC is ever instantiated per context"
219 PIB-INDEX { frwkPibIncarnationPrid }
221 ::= { frwkPibIncarnationTable 1 }
223 FrwkPibIncarnationEntry ::= SEQUENCE {
224 frwkPibIncarnationPrid InstanceId,
225 frwkPibIncarnationName SnmpAdminString,
226 frwkPibIncarnationId OCTET STRING,
227 frwkPibIncarnationLongevity INTEGER,
228 frwkPibIncarnationTtl Unsigned32,
229 frwkPibIncarnationInCtxtSet TruthValue,
230 frwkPibIncarnationActive TruthValue,
231 frwkPibIncarnationFullState TruthValue
234 frwkPibIncarnationPrid OBJECT-TYPE
238 "An index to uniquely identify an instance of this PRC."
240 ::= { frwkPibIncarnationEntry 1 }
248 frwkPibIncarnationName OBJECT-TYPE
249 SYNTAX SnmpAdminString (SIZE (0..255))
252 "The name of the PDP that installed the current incarnation
253 of the PIB into the device. A zero-length string value for
254 this type implies the PDP has not assigned this type any
255 value. By default, it is the zero length string."
257 ::= { frwkPibIncarnationEntry 2 }
259 frwkPibIncarnationId OBJECT-TYPE
260 SYNTAX OCTET STRING (SIZE (0..255))
263 "An ID to identify the current incarnation. It has meaning
264 to the PDP/manager that installed the PIB and perhaps its
265 standby PDPs/managers. A zero-length string value for
266 this type implies the PDP has not assigned this type any
267 value. By default, it is the zero-length string."
269 ::= { frwkPibIncarnationEntry 3 }
271 frwkPibIncarnationLongevity OBJECT-TYPE
279 "This attribute controls what the PEP does with the
280 downloaded policy on a Client Close message or a loss of
281 connection to the PDP.
283 If set to expireNever, the PEP continues to operate with the
284 installed policy indefinitely. If set to expireImmediate,
285 the PEP immediately expires the policy obtained from the PDP
286 and installs policy from local configuration. If set to
287 expireOnTimeout, the PEP continues to operate with the
288 policy installed by the PDP for a period of time specified
289 by frwkPibIncarnationTtl. After this time (and it has not
290 reconnected to the original or new PDP) the PEP expires this
291 policy and reverts to local configuration.
293 For all cases, it is the responsibility of the PDP to check
294 the incarnation and download new policy, if necessary, on a
295 reconnect. On receiving a Remove-State for the active
299 context, this attribute value MUST be ignored and the PEP
300 should expire the policy in that active context immediately.
301 Policy enforcement timing only applies to policies that have
302 been installed dynamically (e.g., by a PDP via COPS)."
304 "COPS Usage for Policy Provisioning. RFC 3084."
306 ::= { frwkPibIncarnationEntry 4 }
308 frwkPibIncarnationTtl OBJECT-TYPE
313 "The number of seconds after a Client Close or TCP timeout
314 for which the PEP continues to enforce the policy in the
315 PIB. After this interval, the PIB is considered expired and
316 the device no longer enforces the policy installed in the
319 This attribute is only meaningful if
320 frwkPibIncarnationLongevity is set to expireOnTimeout."
322 ::= { frwkPibIncarnationEntry 5 }
324 frwkPibIncarnationInCtxtSet OBJECT-TYPE
328 "When the PDP installs a PRI with this flag set to 'true' it
329 implies this context belongs to the set of contexts out of
330 which at the most one context can be active at a given time.
331 If this attribute is set to 'false' this context is one of
332 the outsourcing (simultaneous active) contexts on the PEP.
334 This attribute is 'true' for all contexts belong to the set
335 of configuration contexts. Within the configuration context
336 set, one context can be active identified by the
337 frwkPibIncarnationActive attribute."
339 "TruthValue Textual Convention, defined in RFC 2579."
340 ::= { frwkPibIncarnationEntry 6 }
350 frwkPibIncarnationActive OBJECT-TYPE
354 "When the PDP installs a PRI on the PEP with this attribute
355 set to 'true' and if this context belongs to the
356 'configuration contexts' set, i.e., the
357 frwkPibIncarnationInCtxtSet is set to 'true', then the PIB
358 instance to which this PRI belongs must become the active
359 PIB instance. In this case, the previous active instance
360 from this set MUST become inactive and the
361 frwkPibIncarnationActive attribute in that PIB instance MUST
364 When the PDP installs an attribute frwkPibIncarnationActive
365 on the PEP that is 'true' in one PIB instance and if the
366 context belongs to the 'configuration contexts' set, the PEP
367 must ensure, re-setting the attribute if necessary, that the
368 frwkPibIncarnationActive attribute is 'false' in all other
369 contexts which belong to the 'configuration contexts' set."
371 ::= { frwkPibIncarnationEntry 7 }
373 frwkPibIncarnationFullState OBJECT-TYPE
377 "This attribute is interpreted only when sent in a COPS
378 request message from the PEP to the PDP. It does not have
379 any meaning when sent from the PDP to the PEP.
381 If this attribute is set to 'true' by the PEP, then the
382 request that the PEP sends to the PDP must be interpreted as
383 the complete configuration request for the PEP. The PDP must
384 in this case refresh the request information for the
385 handle that the request containing this PRI was received on.
386 If this attribute is set to 'false', then the
387 request PRIs sent in the request must be interpreted as
388 updates to the previous request PRIs sent using that handle.
389 See section 3.3 for details on updating request state
392 "RFC 3318 Section 2.3"
394 ::= { frwkPibIncarnationEntry 8 }
397 -- Device Identification Table
403 frwkDeviceIdTable OBJECT-TYPE
405 SYNTAX SEQUENCE OF FrwkDeviceIdEntry
409 "This PRC contains a single PRovisioning Instance that
410 contains general purpose device-specific information that is
411 used to facilitate efficient policy communication by a PDP.
412 The instance of this PRC is reported to the PDP in a COPS
413 request message so that the PDP can take into account
414 certain device characteristics during policy installation."
416 ::= { frwkBasePibClasses 3 }
418 frwkDeviceIdEntry OBJECT-TYPE
419 SYNTAX FrwkDeviceIdEntry
422 "An instance of the frwkDeviceId class. Only one instance of
423 this PRC is ever instantiated."
425 PIB-INDEX { frwkDeviceIdPrid }
427 ::= { frwkDeviceIdTable 1 }
429 FrwkDeviceIdEntry ::= SEQUENCE {
430 frwkDeviceIdPrid InstanceId,
431 frwkDeviceIdDescr SnmpAdminString,
432 frwkDeviceIdMaxMsg Unsigned32,
433 frwkDeviceIdMaxContexts Unsigned32
436 frwkDeviceIdPrid OBJECT-TYPE
440 "An index to uniquely identify an instance of this PRC."
442 ::= { frwkDeviceIdEntry 1 }
452 frwkDeviceIdDescr OBJECT-TYPE
453 SYNTAX SnmpAdminString (SIZE (1..255))
456 "A textual description of the PEP. This value should include
457 the name and version identification of the PEP's hardware
460 ::= { frwkDeviceIdEntry 2 }
462 frwkDeviceIdMaxMsg OBJECT-TYPE
463 SYNTAX Unsigned32 (64..4294967295)
467 "The maximum COPS-PR message size, in octets, that the
468 device is capable of processing. Received messages with a
469 size in excess of this value must cause the PEP to return an
470 error to the PDP containing the global error code
471 'maxMsgSizeExceeded'. This is an additional error-avoidance
472 mechanism to allow the administrator to know the maximum
473 message size supported so that they have the ability to
474 control the message size of messages sent to the device.
475 This attribute must have a non-zero value. The device should
476 send the MAX value for Unsigned32 for this attribute if it
478 DEFVAL { 4294967295 }
480 ::= { frwkDeviceIdEntry 3 }
482 frwkDeviceIdMaxContexts OBJECT-TYPE
483 SYNTAX Unsigned32 (1..4294967295)
487 "The maximum number of unique contexts supported by
488 the device. This is an additional error-avoidance mechanism
489 to allow the administrators to have the ability to know the
490 maximum number of contexts supported so that they can
491 control the number of configuration contexts they install on
492 the device. This attribute must have a non-zero value. The
493 device should send the MAX value for Unsigned32 for this
494 attribute if it not defined."
495 DEFVAL { 4294967295 }
497 ::= { frwkDeviceIdEntry 4 }
503 -- Component Limitations Table
506 frwkCompLimitsTable OBJECT-TYPE
507 SYNTAX SEQUENCE OF FrwkCompLimitsEntry
511 "This PRC supports the ability to export information
512 detailing PRC/attribute implementation limitations to the
513 policy management system. Instances of this PRC apply only
514 for PRCs with access type 'install' or 'install-notify'.
516 Each instance of this PRC identifies a PRovisioning Class
517 or attribute and a limitation related to the implementation
518 of the class/attribute in the device. Additional information
519 providing guidance related to the limitation may also be
520 present. These PRIs are sent to the PDP to indicate which
521 PRCs or PRC attributes the device supports in a restricted
524 ::= { frwkBasePibClasses 4 }
526 frwkCompLimitsEntry OBJECT-TYPE
527 SYNTAX FrwkCompLimitsEntry
530 "An instance of the frwkCompLimits class that identifies
531 a PRC or PRC attribute and a limitation related to the PRC
532 or PRC attribute implementation supported by the device.
533 COPS-PR lists the error codes that MUST be returned (if
534 applicable)for policy installation that don't abide by the
535 restrictions indicated by the limitations exported. [SPPI]
536 defines an INSTALL-ERRORS clause that allows PIB designers
537 to define PRC specific error codes that can be returned for
538 policy installation. This allows efficient debugging of PIB
541 "COPS Usage for Policy Provisioning. RFC 3084."
543 PIB-INDEX { frwkCompLimitsPrid }
544 UNIQUENESS { frwkCompLimitsComponent,
545 frwkCompLimitsAttrPos,
546 frwkCompLimitsNegation,
548 frwkCompLimitsSubType,
549 frwkCompLimitsGuidance }
554 ::= { frwkCompLimitsTable 1 }
556 FrwkCompLimitsEntry ::= SEQUENCE {
557 frwkCompLimitsPrid InstanceId,
558 frwkCompLimitsComponent PrcIdentifierOid,
559 frwkCompLimitsAttrPos AttrIdentifierOrZero,
560 frwkCompLimitsNegation TruthValue,
561 frwkCompLimitsType INTEGER,
562 frwkCompLimitsSubType INTEGER,
563 frwkCompLimitsGuidance OCTET STRING
566 frwkCompLimitsPrid OBJECT-TYPE
570 "An arbitrary integer index that uniquely identifies an
571 instance of the frwkCompLimits class."
573 ::= { frwkCompLimitsEntry 1 }
575 frwkCompLimitsComponent OBJECT-TYPE
576 SYNTAX PrcIdentifierOid
579 "The value is the OID of a PRC (the table entry) which is
580 supported in some limited fashion or contains an attribute
581 that is supported in some limited fashion with regard to
582 it's definition in the associated PIB module. The same OID
583 may appear in the table several times, once for each
584 implementation limitation acknowledged by the device."
586 ::= { frwkCompLimitsEntry 2 }
588 frwkCompLimitsAttrPos OBJECT-TYPE
589 SYNTAX AttrIdentifierOrZero
592 "The relative position of the attribute within the PRC
593 specified by the frwkCompLimitsComponent. A value of 1 would
594 represent the first columnar object in the PRC and a value
595 of N would represent the Nth columnar object in the PRC. A
596 value of zero (0) indicates that the limit applies to the
597 PRC itself and not to a specific attribute."
599 ::= { frwkCompLimitsEntry 3 }
605 frwkCompLimitsNegation OBJECT-TYPE
609 "A boolean value ,if 'true', negates the component limit
612 ::= { frwkCompLimitsEntry 4 }
614 frwkCompLimitsType OBJECT-TYPE
617 attrValueSupLimited(2),
618 attrEnumSupLimited(3),
619 attrLengthLimited(4),
624 "A value describing an implementation limitation for the
625 device related to the PRC or PRC attribute identified by
626 the frwkCompLimitsComponent and the frwkCompLimitsAttrPos
629 Values for this object are one of the following:
631 priSpaceLimited(1) - No more instances than that specified
632 by the guidance value may be installed in the given class.
633 The component identified MUST be a valid PRC. The SubType
634 used MUST be valueOnly(9).
636 attrValueSupLimited(2) - Limited values are acceptable for
637 the identified component. The component identified MUST be a
638 valid PRC attribute. The guidance OCTET STRING will be
639 decoded according to the attribute type.
641 attrEnumSupLimited(3) - Limited enumeration values are legal
642 for the identified component. The attribute identified MUST
643 be a valid enum type.
645 attrLengthLimited(4) - The length of the specified
646 value for the identified component is limited. The component
647 identified MUST be a valid PRC attribute of base-type OCTET
650 prcLimitedNotify (5) - The component is currently limited
651 for use by request or report messages prohibiting decision
652 installation. The component identified must be a valid PRC."
656 ::= { frwkCompLimitsEntry 5 }
658 frwkCompLimitsSubType OBJECT-TYPE
673 "This object indicates the type of guidance related
674 to the noted limitation (as indicated by the
675 frwkCompLimitsType attribute) that is provided
676 in the frwkCompLimitsGuidance attribute.
678 A value of 'none(1)' means that no additional
679 guidance is provided for the noted limitation type.
681 A value of 'lengthMin(2)' means that the guidance
682 attribute provides data related to the minimum
683 acceptable length for the value of the identified
684 component. A corresponding class instance
685 specifying the 'lengthMax(3)' value is required
686 in conjunction with this sub-type.
688 A value of 'lengthMax(3)' means that the guidance
689 attribute provides data related to the maximum
690 acceptable length for the value of the identified
691 component. A corresponding class instance
692 specifying the 'lengthMin(2)' value is required
693 in conjunction with this sub-type.
695 A value of 'rangeMin(4)' means that the guidance
696 attribute provides data related to the lower bound
697 of the range for the value of the identified
698 component. A corresponding class instance
699 specifying the 'rangeMax(5)' value is required
700 in conjunction with this sub-type.
702 A value of 'rangeMax(5)' means that the guidance
703 attribute provides data related to the upper bound
707 of the range for the value of the identified
708 component. A corresponding class instance
709 specifying the 'rangeMin(4)' value is required
710 in conjunction with this sub-type.
712 A value of 'enumMin(6)' means that the guidance
713 attribute provides data related to the lowest
714 enumeration acceptable for the value of the
715 identified component. A corresponding
716 class instance specifying the 'enumMax(7)'
717 value is required in conjunction with this sub-type.
719 A value of 'enumMax(7)' means that the guidance
720 attribute provides data related to the largest
721 enumeration acceptable for the value of the
722 identified component. A corresponding
723 class instance specifying the 'enumMin(6)'
724 value is required in conjunction with this sub-type.
726 A value of 'enumOnly(8)' means that the guidance
727 attribute provides data related to a single
728 enumeration acceptable for the value of the
729 identified component.
731 A value of 'valueOnly(9)' means that the guidance
732 attribute provides data related to a single
733 value that is acceptable for the identified
736 A value of 'bitMask(10)' means that the guidance
737 attribute is a bit mask such that all the combinations of
738 bits set in the bitmask are acceptable values for the
739 identified component which should be an attribute of type
743 For example, an implementation of the frwkIpFilter class may
744 be limited in several ways, such as address mask, protocol
745 and Layer 4 port options. These limitations could be
746 exported using this PRC with the following instances:
748 Component Type Sub-Type Guidance
749 ------------------------------------------------------------
750 DstPrefixLength attrValueSupLimited valueOnly 24
751 SrcPrefixLength attrValueSupLimited valueOnly 24
752 Protocol attrValueSupLimited rangeMin 10
753 Protocol attrValueSupLimited rangeMax 20
758 The above entries describe a number of limitations that
759 may be in effect for the frwkIpFilter class on a given
760 device. The limitations include restrictions on acceptable
761 values for certain attributes.
763 Also, an implementation of a PRC may be limited in the ways
764 it can be accessed. For instance, for a fictitious PRC
765 dscpMapEntry, which has a PIB-ACCESS of 'install-notify':
767 Component Type SubType Guidance
768 ------------------------------------------------------------
769 dscpMapEntry prcLimitedNotify none zero-length string."
771 ::= { frwkCompLimitsEntry 6 }
773 frwkCompLimitsGuidance OBJECT-TYPE
777 "A value used to convey additional information related
778 to the implementation limitation. Note that a guidance
779 value will not necessarily be provided for all exported
780 limitations. If a guidance value is not provided, the
781 value must be a zero-length string.
783 The format of the guidance value, if one is present as
784 indicated by the frwkCompLimitsSubType attribute,
785 is described by the following table. Note that the
786 format of guidance value is dictated by the base-type of
787 the component whose limitation is being exported,
788 interpreted in the context of the frwkCompLimitsType and
789 frwkCompLimitsSubType values. Any other restrictions
790 (such as size/range/enumerated value) on the guidance
791 value MUST be complied with according to the definition
792 of the component for which guidance is being specified.
794 Note that numbers are encoded in network byte order.
798 Unsigned32/Integer32/INTEGER 32-bit value.
799 Unsigned64/Integer64 64-bit Value.
800 OCTET STRING octets of data.
801 OID 32-bit OID components.
802 BITS Binary octets of length
803 same as Component specified."
805 ::= { frwkCompLimitsEntry 7 }
810 -- Complete Reference specification table
813 frwkReferenceTable OBJECT-TYPE
814 SYNTAX SEQUENCE OF FrwkReferenceEntry
815 PIB-ACCESS install-notify
818 "Each instance of this PRC specifies a reference to a PRI
819 in a specific PIB context (handle) for a specific client-
820 type. This table gives the PDP the ability to set up
821 policies that span installed contexts and the PEP the
822 ability to reference instances in another, perhaps
823 configured context. The PEP must send a
824 'attrReferenceUnknown' COPS-PR error to the PDP if it
825 encounters an invalid reference. "
827 "COPS Usage for Policy Provisioning. RFC 3084, error
830 ::= { frwkBasePibClasses 5 }
832 frwkReferenceEntry OBJECT-TYPE
833 SYNTAX FrwkReferenceEntry
836 "Entry specification for the frwkReferenceTable."
838 PIB-INDEX { frwkReferencePrid }
841 ::= { frwkReferenceTable 1 }
843 FrwkReferenceEntry ::= SEQUENCE {
844 frwkReferencePrid InstanceId,
845 frwkReferenceClientType ClientType,
846 frwkReferenceClientHandle ClientHandle,
847 frwkReferenceInstance Prid
850 frwkReferencePrid OBJECT-TYPE
854 "An arbitrary integer index that uniquely identifies an
855 instance of the frwkReference class."
860 ::= { frwkReferenceEntry 1 }
862 frwkReferenceClientType OBJECT-TYPE
866 "Is unused if set to zero else specifies a client-type for
867 which the reference is to be interpreted. This non-zero
868 client-type must be activated explicitly via a separate
869 COPS client-open else this attribute is not valid."
871 ::= { frwkReferenceEntry 2 }
873 frwkReferenceClientHandle OBJECT-TYPE
877 "Must be set to specify a valid client-handle in the scope
878 of the client-type specified."
880 ::= { frwkReferenceEntry 3 }
882 frwkReferenceInstance OBJECT-TYPE
886 "References a PRI in the context identified by
887 frwkReferenceClientHandle for client-type identified by
888 frwkReferenceClientType."
890 ::= { frwkReferenceEntry 4 }
893 -- Error specification table
896 frwkErrorTable OBJECT-TYPE
897 SYNTAX SEQUENCE OF FrwkErrorEntry
901 "Each instance of this PRC specifies a class specific
902 error object. Instances of this PRC are transient, i.e.,
903 instances received in a COPS decision message must not be
904 maintained by the PEP in its copy of the PIB instances. This
905 PRC allows a PDP to send error information to the PEP if the
906 PDP cannot process updates to a Request successfully."
911 ::= { frwkBasePibClasses 6 }
913 frwkErrorEntry OBJECT-TYPE
914 SYNTAX FrwkErrorEntry
917 "Entry specification for the frwkErrorTable."
919 PIB-INDEX { frwkErrorPrid }
927 ::= { frwkErrorTable 1 }
929 FrwkErrorEntry ::= SEQUENCE {
930 frwkErrorPrid InstanceId,
931 frwkErrorCode Unsigned32,
932 frwkErrorSubCode Unsigned32,
933 frwkErrorPrc PrcIdentifierOid,
934 frwkErrorInstance InstanceId
937 frwkErrorPrid OBJECT-TYPE
941 "An arbitrary integer index that uniquely identifies an
942 instance of the frwkError class."
944 ::= { frwkErrorEntry 1 }
946 frwkErrorCode OBJECT-TYPE
947 SYNTAX Unsigned32 (0..65535)
950 "Error code defined in COPS-PR CPERR object."
952 "COPS Usage for Policy Provisioning. RFC 3084."
954 ::= { frwkErrorEntry 2 }
956 frwkErrorSubCode OBJECT-TYPE
957 SYNTAX Unsigned32 (0..65535)
963 "The class-specific error object is used to communicate
964 errors relating to specific PRCs."
966 ::= { frwkErrorEntry 3 }
968 frwkErrorPrc OBJECT-TYPE
969 SYNTAX PrcIdentifierOid
972 "The PRC due to which the error specified by codes
973 (frwkErrorCode , frwkErrorSubCode) occurred."
975 ::= { frwkErrorEntry 4 }
977 frwkErrorInstance OBJECT-TYPE
981 "The PRI of the identified PRC (frwkErrorPrc) due to which
982 the error specified by codes (frwkErrorCode ,
983 frwkErrorSubCode) occurred. Must be set to zero if unused."
985 ::= { frwkErrorEntry 5 }
988 -- The device capabilities and role combo classes group
992 OBJECT IDENTIFIER ::= { frameworkPib 2 }
994 -- Capability Set Table
997 frwkCapabilitySetTable OBJECT-TYPE
998 SYNTAX SEQUENCE OF FrwkCapabilitySetEntry
1003 "This PRC describes the capability sets that exist on the
1004 interfaces on the device. The capability set is given a
1005 unique name that identifies a set. These capability set
1006 names are used by the PDP to determine policy information to
1007 be associated with interfaces that possess similar sets of
1013 ::= { frwkDeviceCapClasses 1 }
1015 frwkCapabilitySetEntry OBJECT-TYPE
1016 SYNTAX FrwkCapabilitySetEntry
1019 "An instance of this PRC describes a particular set of
1020 capabilities and associates a unique name with the set."
1022 PIB-INDEX { frwkCapabilitySetPrid }
1023 UNIQUENESS { frwkCapabilitySetName,
1024 frwkCapabilitySetCapability }
1026 ::= { frwkCapabilitySetTable 1 }
1028 FrwkCapabilitySetEntry ::= SEQUENCE {
1029 frwkCapabilitySetPrid InstanceId,
1030 frwkCapabilitySetName SnmpAdminString,
1031 frwkCapabilitySetCapability Prid
1034 frwkCapabilitySetPrid OBJECT-TYPE
1038 "An arbitrary integer index that uniquely identifies a
1039 instance of the class."
1041 ::= { frwkCapabilitySetEntry 1 }
1043 frwkCapabilitySetName OBJECT-TYPE
1044 SYNTAX SnmpAdminString (SIZE (1..255))
1047 "The name for the capability set. This name is the unique
1048 identifier of a set of capabilities. This attribute must not
1049 be assigned a zero-length string."
1051 ::= { frwkCapabilitySetEntry 2 }
1053 frwkCapabilitySetCapability OBJECT-TYPE
1058 "The complete PRC OID and instance identifier specifying the
1059 capability PRC instance for the interface. This attribute
1060 references a specific instance of a capability table. The
1064 capability table whose instance is referenced must be
1065 defined in the client type specific PIB that this PIB is
1066 used with. The referenced capability instance becomes a part
1067 of the set of capabilities associated with the specified
1068 frwkCapabilitySetName."
1070 ::= { frwkCapabilitySetEntry 3 }
1073 -- Interface and Role Combination Tables
1076 frwkRoleComboTable OBJECT-TYPE
1077 SYNTAX SEQUENCE OF FrwkRoleComboEntry
1078 PIB-ACCESS install-notify
1081 "This is an abstract PRC that may be extended or referenced
1082 to enumerate the role combinations, capability set names
1083 assigned to any interface on a PEP. The identification of
1084 the interface is to be defined by its extensions or
1087 ::= { frwkDeviceCapClasses 2 }
1089 frwkRoleComboEntry OBJECT-TYPE
1090 SYNTAX FrwkRoleComboEntry
1093 "An instance of this PRC describes one association of an
1094 interface to a role-combination and capability set name .
1095 Note that an interface can have multiple associations. This
1096 constraint is controlled by the extending or referencing
1097 PRC's uniqueness clause."
1099 PIB-INDEX { frwkRoleComboPrid }
1102 ::= { frwkRoleComboTable 1 }
1104 FrwkRoleComboEntry ::= SEQUENCE {
1105 frwkRoleComboPrid InstanceId,
1106 frwkRoleComboRoles RoleCombination,
1107 frwkRoleComboCapSetName SnmpAdminString
1110 frwkRoleComboPrid OBJECT-TYPE
1117 "An arbitrary integer index that uniquely identifies an
1118 instance of the class."
1120 ::= { frwkRoleComboEntry 1 }
1122 frwkRoleComboRoles OBJECT-TYPE
1123 SYNTAX RoleCombination
1126 "The role combination assigned to a specific interface."
1128 ::= { frwkRoleComboEntry 2 }
1130 frwkRoleComboCapSetName OBJECT-TYPE
1131 SYNTAX SnmpAdminString (SIZE (0..255))
1134 "The name of the capability set associated with
1135 the Role Combination specified in frwkRoleComboRoles. If
1136 this is a zero length string it implies the PEP is not
1137 exporting any capability set information for this
1138 RoleCombination. The PDP must then use the RoleCombinations
1139 provided as the only means of assigning policies
1140 If a non-zero length string is specified, the name must
1141 exist in frwkCapabilitySetTable."
1143 ::= { frwkRoleComboEntry 3 }
1146 -- Interface, Role Combination association via IfIndex
1149 frwkIfRoleComboTable OBJECT-TYPE
1150 SYNTAX SEQUENCE OF FrwkIfRoleComboEntry
1151 PIB-ACCESS install-notify
1154 "This PRC enumerates the interface to role combination and
1155 frwkRoleComboCapSetName mapping for all policy managed
1156 interfaces of a device. Policy for an interface depends not
1157 only on the capability set of an interface but also on its
1158 roles. This table specifies all the <interface index,
1159 interface capability set name, role combination> tuples
1160 currently on the device"
1162 ::= { frwkDeviceCapClasses 3 }
1166 frwkIfRoleComboEntry OBJECT-TYPE
1167 SYNTAX FrwkIfRoleComboEntry
1170 "An instance of this PRC describes the association of
1171 a interface to an capability set name and a role
1173 Note that a capability set name can have multiple role
1174 combinations assigned to it, but an IfIndex can have only
1175 one role combination associated."
1177 EXTENDS { frwkRoleComboEntry }
1178 UNIQUENESS { frwkIfRoleComboIfIndex,
1179 frwkRoleComboCapSetName }
1181 ::= { frwkIfRoleComboTable 1 }
1183 FrwkIfRoleComboEntry ::= SEQUENCE {
1184 frwkIfRoleComboIfIndex InterfaceIndex
1187 frwkIfRoleComboIfIndex OBJECT-TYPE
1188 SYNTAX InterfaceIndex
1191 "The value of this attribute is the ifIndex which is
1192 associated with the specified RoleCombination and interface
1193 capability set name."
1195 ::= { frwkIfRoleComboEntry 1 }
1198 -- The Classification classes group
1201 frwkClassifierClasses
1202 OBJECT IDENTIFIER ::= { frameworkPib 3 }
1204 -- The Base Filter Table
1207 frwkBaseFilterTable OBJECT-TYPE
1208 SYNTAX SEQUENCE OF FrwkBaseFilterEntry
1218 "The Base Filter class. A packet has to match all
1219 fields in an Filter. Wildcards may be specified for those
1220 fields that are not relevant."
1222 ::= { frwkClassifierClasses 1 }
1224 frwkBaseFilterEntry OBJECT-TYPE
1225 SYNTAX FrwkBaseFilterEntry
1228 "An instance of the frwkBaseFilter class."
1230 PIB-INDEX { frwkBaseFilterPrid }
1232 ::= { frwkBaseFilterTable 1 }
1234 FrwkBaseFilterEntry ::= SEQUENCE {
1235 frwkBaseFilterPrid InstanceId,
1236 frwkBaseFilterNegation TruthValue
1239 frwkBaseFilterPrid OBJECT-TYPE
1243 "An integer index to uniquely identify this Filter among all
1246 ::= { frwkBaseFilterEntry 1 }
1248 frwkBaseFilterNegation OBJECT-TYPE
1252 "This attribute behaves like a logical NOT for the filter.
1253 If the packet matches this filter and the value of this
1254 attribute is 'true', the action associated with this filter
1255 is not applied to the packet. If the value of this
1256 attribute is 'false', then the action is applied to the
1259 ::= { frwkBaseFilterEntry 2 }
1262 -- The IP Filter Table
1268 frwkIpFilterTable OBJECT-TYPE
1269 SYNTAX SEQUENCE OF FrwkIpFilterEntry
1273 "Filter definitions. A packet has to match all fields in a
1274 filter. Wildcards may be specified for those fields that
1278 invalidDstL4PortData(1),
1279 invalidSrcL4PortData(2)
1281 ::= { frwkClassifierClasses 2 }
1283 frwkIpFilterEntry OBJECT-TYPE
1284 SYNTAX FrwkIpFilterEntry
1287 "An instance of the frwkIpFilter class."
1289 EXTENDS { frwkBaseFilterEntry }
1290 UNIQUENESS { frwkBaseFilterNegation,
1291 frwkIpFilterAddrType,
1292 frwkIpFilterDstAddr,
1293 frwkIpFilterDstPrefixLength,
1294 frwkIpFilterSrcAddr,
1295 frwkIpFilterSrcPrefixLength,
1298 frwkIpFilterProtocol,
1299 frwkIpFilterDstL4PortMin,
1300 frwkIpFilterDstL4PortMax,
1301 frwkIpFilterSrcL4PortMin,
1302 frwkIpFilterSrcL4PortMax }
1304 ::= { frwkIpFilterTable 1 }
1306 FrwkIpFilterEntry ::= SEQUENCE {
1307 frwkIpFilterAddrType InetAddressType,
1308 frwkIpFilterDstAddr InetAddress,
1309 frwkIpFilterDstPrefixLength InetAddressPrefixLength,
1310 frwkIpFilterSrcAddr InetAddress,
1311 frwkIpFilterSrcPrefixLength InetAddressPrefixLength,
1312 frwkIpFilterDscp DscpOrAny,
1313 frwkIpFilterFlowId Integer32,
1314 frwkIpFilterProtocol Unsigned32,
1315 frwkIpFilterDstL4PortMin InetPortNumber,
1319 frwkIpFilterDstL4PortMax InetPortNumber,
1320 frwkIpFilterSrcL4PortMin InetPortNumber,
1321 frwkIpFilterSrcL4PortMax InetPortNumber
1324 frwkIpFilterAddrType OBJECT-TYPE
1326 SYNTAX InetAddressType
1329 "The address type enumeration value to specify the type of
1330 the packet's IP address.
1332 While other types of addresses are defined in the
1333 InetAddressType textual convention, an IP filter can only
1334 use IPv4 and IPv6 addresses directly to classify traffic.
1335 All other InetAddressTypes require mapping to the
1336 corresponding Ipv4 or IPv6 address before being used to
1337 classify traffic. Therefore, this object as such is not
1338 limited to IPv4 and IPv6 addresses, i.e., it can be assigned
1339 any of the valid values defined in the InetAddressType TC,
1340 but the mapping of the address values to IPv4 or IPv6
1341 addresses for the address attributes (frwkIpFilterDstAddr
1342 and frwkIpFilterSrcAddr) must be done by the PEP. For
1343 example when dns (16) is used, the PEP must resolve
1344 the address to IPv4 or IPv6 at install time."
1346 "Textual Conventions for Internet Network Addresses.
1349 ::= { frwkIpFilterEntry 1 }
1351 frwkIpFilterDstAddr OBJECT-TYPE
1356 "The IP address to match against the packet's
1357 destination IP address. If the address type is 'ipv4',
1358 'ipv6', 'ipv4z' or 'ipv6z' then, the attribute
1359 frwkIpFilterDstPrefixLength indicates the number of bits
1360 that are relevant. "
1362 "Textual Conventions for Internet Network Addresses.
1365 ::= { frwkIpFilterEntry 2 }
1370 frwkIpFilterDstPrefixLength OBJECT-TYPE
1371 SYNTAX InetAddressPrefixLength
1374 "The length of a mask for the matching of the destination
1375 IP address. This attribute is interpreted only if the
1376 InetAddressType is 'ipv4', 'ipv4z', 'ipv6' or 'ipv6z'.
1377 Masks are constructed by setting bits in sequence from the
1378 most-significant bit downwards for
1379 frwkIpFilterDstPrefixLength bits length. All other bits in
1380 the mask, up to the number needed to fill the length of
1381 the address frwkIpFilterDstAddr are cleared to zero. A zero
1382 bit in the mask then means that the corresponding bit in
1383 the address always matches.
1385 In IPv4 addresses, a length of 0 indicates a match of any
1386 address; a length of 32 indicates a match of a single host
1387 address, and a length between 0 and 32 indicates the use of
1388 a CIDR Prefix. IPv6 is similar, except that prefix lengths
1391 "Textual Conventions for Internet Network Addresses.
1395 ::= { frwkIpFilterEntry 3 }
1397 frwkIpFilterSrcAddr OBJECT-TYPE
1401 "The IP address to match against the packet's source IP
1402 address. If the address type is 'ipv4', 'ipv6', 'ipv4z' or
1403 'ipv6z' then, the attribute frwkIpFilterSrcPrefixLength
1404 indicates the number of bits that are relevant."
1406 "Textual Conventions for Internet Network Addresses.
1409 ::= { frwkIpFilterEntry 4 }
1411 frwkIpFilterSrcPrefixLength OBJECT-TYPE
1412 SYNTAX InetAddressPrefixLength
1416 "The length of a mask for the matching of the source IP
1417 address. This attribute is interpreted only if the
1421 InetAddressType is 'ipv4', 'ipv4z', 'ipv6' or 'ipv6z'.
1422 Masks are constructed by setting bits in sequence from the
1423 most-significant bit downwards for
1424 frwkIpFilterSrcPrefixLength bits length. All other bits in
1425 the mask, up to the number needed to fill the length of
1426 the address frwkIpFilterSrcAddr are cleared to zero. A
1427 zero bit in the mask then means that the corresponding bit
1428 in the address always matches.
1430 In IPv4 addresses, a length of 0 indicates a match of any
1431 address; a length of 32 indicates a match of a single host
1432 address, and a length between 0 and 32 indicates the use of
1433 a CIDR Prefix. IPv6 is similar, except that prefix lengths
1436 "Textual Conventions for Internet Network Addresses.
1440 ::= { frwkIpFilterEntry 5 }
1442 frwkIpFilterDscp OBJECT-TYPE
1446 "The value that the DSCP in the packet can have and
1447 match this filter. A value of -1 indicates that a specific
1448 DSCP value has not been defined and thus all DSCP values
1449 are considered a match."
1451 "Management Information Base for the Differentiated Services
1452 Architecture. RFC 3289."
1455 ::= { frwkIpFilterEntry 6 }
1457 frwkIpFilterFlowId OBJECT-TYPE
1458 SYNTAX Integer32 (-1 | 0..1048575)
1461 "The flow label or flow identifier in an IPv6 header
1462 that may be used to discriminate traffic flows.
1463 The value of -1 for this attribute MUST imply that
1464 any flow label value in the IPv6 header will match,
1465 resulting in the flow label field of the IPv6 header
1466 being ignored for matching this filter entry."
1468 ::= { frwkIpFilterEntry 7 }
1473 frwkIpFilterProtocol OBJECT-TYPE
1474 SYNTAX Unsigned32 (0..255)
1477 "The layer-4 protocol Id to match against the IPv4 protocol
1478 number or the IPv6 Next-Header number in the packet. A value
1479 of 255 means match all. Note the protocol number of 255 is
1480 reserved by IANA, and Next-Header number of 0 is used in
1484 ::= { frwkIpFilterEntry 8 }
1486 frwkIpFilterDstL4PortMin OBJECT-TYPE
1487 SYNTAX InetPortNumber
1490 "The minimum value that the packet's layer 4 destination
1491 port number can have and match this filter. This value must
1492 be equal to or lesser that the value specified for this
1493 filter in frwkIpFilterDstL4PortMax.
1495 COPS-PR error code 'attrValueInvalid' must be returned if
1496 the frwkIpFilterSrcL4PortMin is greater than
1497 frwkIpFilterSrcL4PortMax"
1499 "COPS Usage for Policy Provisioning. RFC 3084, error
1503 ::= { frwkIpFilterEntry 9 }
1505 frwkIpFilterDstL4PortMax OBJECT-TYPE
1506 SYNTAX InetPortNumber
1509 "The maximum value that the packet's layer 4 destination
1510 port number can have and match this filter. This value must
1511 be equal to or greater that the value specified for this
1512 filter in frwkIpFilterDstL4PortMin.
1514 COPS-PR error code 'attrValueInvalid' must be returned if
1515 the frwkIpFilterDstL4PortMax is less than
1516 frwkIpFilterDstL4PortMin"
1518 "COPS Usage for Policy Provisioning. RFC 3084, error
1525 ::= { frwkIpFilterEntry 10 }
1527 frwkIpFilterSrcL4PortMin OBJECT-TYPE
1528 SYNTAX InetPortNumber
1531 "The minimum value that the packet's layer 4 source port
1532 number can have and match this filter. This value must
1533 be equal to or lesser that the value specified for this
1534 filter in frwkIpFilterSrcL4PortMax.
1536 COPS-PR error code 'attrValueInvalid' must be returned if
1537 the frwkIpFilterSrcL4PortMin is greated than
1538 frwkIpFilterSrcL4PortMax"
1540 "COPS Usage for Policy Provisioning. RFC 3084, error
1544 ::= { frwkIpFilterEntry 11 }
1546 frwkIpFilterSrcL4PortMax OBJECT-TYPE
1547 SYNTAX InetPortNumber
1550 "The maximum value that the packet's layer 4 source port
1551 number can have and match this filter. This value must be
1552 equal to or greater that the value specified for this filter
1553 in frwkIpFilterSrcL4PortMin.
1555 COPS-PR error code 'attrValueInvalid' must be returned if
1556 the frwkIpFilterSrcL4PortMax is less than
1557 frwkIpFilterSrcL4PortMin"
1559 "COPS Usage for Policy Provisioning. RFC error codes
1563 ::= { frwkIpFilterEntry 12 }
1566 -- The IEEE 802 Filter Table
1569 frwk802FilterTable OBJECT-TYPE
1570 SYNTAX SEQUENCE OF Frwk802FilterEntry
1577 "IEEE 802-based filter definitions. A class that contains
1578 attributes of IEEE 802 (e.g., 802.3) traffic that form
1579 filters that are used to perform traffic classification."
1581 "IEEE Standards for Local and Metropolitan Area Networks.
1582 Overview and Architecture, ANSI/IEEE Std 802, 1990."
1583 ::= { frwkClassifierClasses 3 }
1585 frwk802FilterEntry OBJECT-TYPE
1586 SYNTAX Frwk802FilterEntry
1589 "IEEE 802-based filter definitions. An entry specifies
1590 (potentially) several distinct matching components. Each
1591 component is tested against the data in a frame
1592 individually. An overall match occurs when all of the
1593 individual components match the data they are compared
1594 against in the frame being processed. A failure of any
1595 one test causes the overall match to fail.
1597 Wildcards may be specified for those fields that are not
1600 EXTENDS { frwkBaseFilterEntry }
1601 UNIQUENESS { frwkBaseFilterNegation,
1602 frwk802FilterDstAddr,
1603 frwk802FilterDstAddrMask,
1604 frwk802FilterSrcAddr,
1605 frwk802FilterSrcAddrMask,
1606 frwk802FilterVlanId,
1607 frwk802FilterVlanTagRequired,
1608 frwk802FilterEtherType,
1609 frwk802FilterUserPriority }
1611 ::= { frwk802FilterTable 1 }
1613 Frwk802FilterEntry ::= SEQUENCE {
1614 frwk802FilterDstAddr PhysAddress,
1615 frwk802FilterDstAddrMask PhysAddress,
1616 frwk802FilterSrcAddr PhysAddress,
1617 frwk802FilterSrcAddrMask PhysAddress,
1618 frwk802FilterVlanId Integer32,
1619 frwk802FilterVlanTagRequired INTEGER,
1620 frwk802FilterEtherType Integer32,
1621 frwk802FilterUserPriority BITS
1627 frwk802FilterDstAddr OBJECT-TYPE
1631 "The 802 address against which the 802 DA of incoming
1632 traffic streams will be compared. Frames whose 802 DA
1633 matches the physical address specified by this object,
1634 taking into account address wildcarding as specified by the
1635 frwk802FilterDstAddrMask object, are potentially subject to
1636 the processing guidelines that are associated with this
1637 entry through the related action class."
1639 "Textual Conventions for SMIv2, RFC 2579."
1641 ::= { frwk802FilterEntry 1 }
1643 frwk802FilterDstAddrMask OBJECT-TYPE
1647 "This object specifies the bits in a 802 destination address
1648 that should be considered when performing a 802 DA
1649 comparison against the address specified in the
1650 frwk802FilterDstAddr object.
1652 The value of this object represents a mask that is logically
1653 and'ed with the 802 DA in received frames to derive the
1654 value to be compared against the frwk802FilterDstAddr
1655 address. A zero bit in the mask thus means that the
1656 corresponding bit in the address always matches. The
1657 frwk802FilterDstAddr value must also be masked using this
1658 value prior to any comparisons.
1660 The length of this object in octets must equal the length in
1661 octets of the frwk802FilterDstAddr. Note that a mask with no
1662 bits set (i.e., all zeroes) effectively wildcards the
1663 frwk802FilterDstAddr object."
1665 ::= { frwk802FilterEntry 2 }
1667 frwk802FilterSrcAddr OBJECT-TYPE
1671 "The 802 MAC address against which the 802 MAC SA of
1672 incoming traffic streams will be compared. Frames whose 802
1676 MAC SA matches the physical address specified by this
1677 object, taking into account address wildcarding as specified
1678 by the frwk802FilterSrcAddrMask object, are potentially
1679 subject to the processing guidelines that are associated
1680 with this entry through the related action class."
1682 ::= { frwk802FilterEntry 3 }
1684 frwk802FilterSrcAddrMask OBJECT-TYPE
1688 "This object specifies the bits in a 802 MAC source address
1689 that should be considered when performing a 802 MAC SA
1690 comparison against the address specified in the
1691 frwk802FilterSrcAddr object.
1693 The value of this object represents a mask that is logically
1694 and'ed with the 802 MAC SA in received frames to derive the
1695 value to be compared against the frwk802FilterSrcAddr
1696 address. A zero bit in the mask thus means that the
1697 corresponding bit in the address always matches. The
1698 frwk802FilterSrcAddr value must also be masked using this
1699 value prior to any comparisons.
1701 The length of this object in octets must equal the length in
1702 octets of the frwk802FilterSrcAddr. Note that a mask with no
1703 bits set (i.e., all zeroes) effectively wildcards the
1704 frwk802FilterSrcAddr object."
1706 ::= { frwk802FilterEntry 4 }
1708 frwk802FilterVlanId OBJECT-TYPE
1709 SYNTAX Integer32 (-1 | 1..4094)
1712 "The VLAN ID (VID) that uniquely identifies a VLAN
1713 within the device. This VLAN may be known or unknown
1714 (i.e., traffic associated with this VID has not yet
1715 been seen by the device) at the time this entry
1718 Setting the frwk802FilterVlanId object to -1 indicates that
1719 VLAN data should not be considered during traffic
1722 ::= { frwk802FilterEntry 5 }
1727 frwk802FilterVlanTagRequired OBJECT-TYPE
1730 priorityTaggedPlus(2),
1736 "This object indicates whether the presence of an
1737 IEEE 802.1Q VLAN tag in data link layer frames must
1738 be considered when determining if a given frame
1739 matches this 802 filter entry.
1741 A value of 'taggedOnly(1)' means that only frames
1742 containing a VLAN tag with a non-Null VID (i.e., a
1743 VID in the range 1..4094) will be considered a match.
1745 A value of 'priorityTaggedPlus(2)' means that only
1746 frames containing a VLAN tag, regardless of the value
1747 of the VID, will be considered a match.
1749 A value of 'untaggedOnly(3)' indicates that only
1750 untagged frames will match this filter component.
1752 The presence of a VLAN tag is not taken into
1753 consideration in terms of a match if the value is
1756 ::= { frwk802FilterEntry 6 }
1758 frwk802FilterEtherType OBJECT-TYPE
1759 SYNTAX Integer32 (-1 | 0..'ffff'h)
1762 "This object specifies the value that will be compared
1763 against the value contained in the EtherType field of an
1764 IEEE 802 frame. Example settings would include 'IP'
1765 (0x0800), 'ARP' (0x0806) and 'IPX' (0x8137).
1767 Setting the frwk802FilterEtherTypeMin object to -1 indicates
1768 that EtherType data should not be considered during traffic
1771 Note that the position of the EtherType field depends on
1772 the underlying frame format. For Ethernet-II encapsulation,
1773 the EtherType field follows the 802 MAC source address. For
1774 802.2 LLC/SNAP encapsulation, the EtherType value follows
1778 the Organization Code field in the 802.2 SNAP header. The
1779 value that is tested with regard to this filter component
1780 therefore depends on the data link layer frame format being
1781 used. If this 802 filter component is active when there is
1782 no EtherType field in a frame (e.g., 802.2 LLC), a match is
1785 ::= { frwk802FilterEntry 7 }
1787 frwk802FilterUserPriority OBJECT-TYPE
1800 "The set of values, representing the potential range
1801 of user priority values, against which the value contained
1802 in the user priority field of a tagged 802.1 frame is
1803 compared. A test for equality is performed when determining
1804 if a match exists between the data in a data link layer
1805 frame and the value of this 802 filter component. Multiple
1806 values may be set at one time such that potentially several
1807 different user priority values may match this 802 filter
1810 Setting all of the bits that are associated with this
1811 object causes all user priority values to match this
1812 attribute. This essentially makes any comparisons
1813 with regard to user priority values unnecessary. Untagged
1814 frames are treated as an implicit match."
1816 ::= { frwk802FilterEntry 8 }
1819 -- The Internal label filter extension
1822 frwkILabelFilterTable OBJECT-TYPE
1823 SYNTAX SEQUENCE OF FrwkILabelFilterEntry
1830 "Internal label filter Table. This PRC is used to achieve
1831 classification based on the internal flow label set by the
1832 PEP possibly after ingress classification to avoid
1833 re-classification at the egress interface on the same PEP."
1835 ::= { frwkClassifierClasses 4 }
1837 frwkILabelFilterEntry OBJECT-TYPE
1838 SYNTAX FrwkILabelFilterEntry
1841 "Internal label filter entry definition."
1843 EXTENDS { frwkBaseFilterEntry }
1844 UNIQUENESS { frwkBaseFilterNegation,
1845 frwkILabelFilterILabel }
1847 ::= { frwkILabelFilterTable 1 }
1849 FrwkILabelFilterEntry ::= SEQUENCE {
1850 frwkILabelFilterILabel OCTET STRING
1853 frwkILabelFilterILabel OBJECT-TYPE
1857 "The Label that this flow uses for differentiating traffic
1858 flows. The flow labeling is meant for network device
1859 internal usage. A value of zero length string matches all
1861 ::= { frwkILabelFilterEntry 1 }
1864 -- The Marker classes group
1868 OBJECT IDENTIFIER ::= { frameworkPib 4 }
1870 -- The 802 Marker Table
1873 frwk802MarkerTable OBJECT-TYPE
1874 SYNTAX SEQUENCE OF Frwk802MarkerEntry
1881 "The 802 Marker class. An 802 packet can be marked with the
1882 specified VLAN id, priority level."
1884 ::= { frwkMarkerClasses 1 }
1886 frwk802MarkerEntry OBJECT-TYPE
1887 SYNTAX Frwk802MarkerEntry
1890 "frwk802Marker entry definition."
1892 PIB-INDEX { frwk802MarkerPrid }
1893 UNIQUENESS { frwk802MarkerVlanId,
1894 frwk802MarkerPriority }
1896 ::= { frwk802MarkerTable 1 }
1898 Frwk802MarkerEntry::= SEQUENCE {
1899 frwk802MarkerPrid InstanceId,
1900 frwk802MarkerVlanId Unsigned32,
1901 frwk802MarkerPriority Unsigned32
1904 frwk802MarkerPrid OBJECT-TYPE
1908 "An integer index to uniquely identify this 802 Marker."
1910 ::= { frwk802MarkerEntry 1 }
1912 frwk802MarkerVlanId OBJECT-TYPE
1913 SYNTAX Unsigned32 (1..4094)
1916 "The VLAN ID (VID) that uniquely identifies a VLAN within
1919 ::= { frwk802MarkerEntry 2 }
1921 frwk802MarkerPriority OBJECT-TYPE
1922 SYNTAX Unsigned32 (0..7)
1925 "The user priority field of a tagged 802.1 frame."
1927 ::= { frwk802MarkerEntry 3 }
1933 -- The Internal Label Marker Table
1936 frwkILabelMarkerTable OBJECT-TYPE
1937 SYNTAX SEQUENCE OF FrwkILabelMarkerEntry
1941 "The Internal Label Marker class. A flow in a PEP can be
1942 marked with an internal label using this PRC."
1944 ::= { frwkMarkerClasses 2 }
1946 frwkILabelMarkerEntry OBJECT-TYPE
1947 SYNTAX FrwkILabelMarkerEntry
1950 "frwkILabelkMarker entry definition."
1952 PIB-INDEX { frwkILabelMarkerPrid }
1953 UNIQUENESS { frwkILabelMarkerILabel }
1955 ::= { frwkILabelMarkerTable 1 }
1957 FrwkILabelMarkerEntry::= SEQUENCE {
1958 frwkILabelMarkerPrid InstanceId,
1959 frwkILabelMarkerILabel OCTET STRING
1962 frwkILabelMarkerPrid OBJECT-TYPE
1966 "An integer index to uniquely identify this Label Marker."
1968 ::= { frwkILabelMarkerEntry 1 }
1970 frwkILabelMarkerILabel OBJECT-TYPE
1974 "This internal label is implementation specific and may be
1975 used for other policy related functions like flow
1976 accounting purposes and/or other data path treatments."
1978 ::= { frwkILabelMarkerEntry 2 }
1984 -- Conformance Section
1987 frwkBasePibConformance
1988 OBJECT IDENTIFIER ::= { frameworkPib 5 }
1990 frwkBasePibCompliances
1991 OBJECT IDENTIFIER ::= { frwkBasePibConformance 1 }
1994 OBJECT IDENTIFIER ::= { frwkBasePibConformance 2 }
1996 frwkBasePibCompliance MODULE-COMPLIANCE
1999 "Describes the requirements for conformance to the
2002 MODULE -- this module
2003 MANDATORY-GROUPS { frwkPrcSupportGroup,
2004 frwkPibIncarnationGroup,
2006 frwkCompLimitsGroup,
2007 frwkCapabilitySetGroup,
2009 frwkIfRoleComboGroup }
2011 OBJECT frwkPibIncarnationLongevity
2012 PIB-MIN-ACCESS notify
2014 "Install support is required if policy expiration is to
2017 OBJECT frwkPibIncarnationTtl
2018 PIB-MIN-ACCESS notify
2020 "Install support is required if policy expiration is to
2023 OBJECT frwkPibIncarnationInCtxtSet
2024 PIB-MIN-ACCESS notify
2026 "Install support is required if configuration contexts
2027 and outsourcing contexts are both to be supported."
2029 OBJECT frwkPibIncarnationFullState
2033 PIB-MIN-ACCESS notify
2035 "Install support is required if incremental updates to
2036 request states is to be supported."
2038 GROUP frwkReferenceGroup
2040 "The frwkReferenceGroup is mandatory if referencing
2041 across PIB contexts for specific client-types is to be
2044 GROUP frwkErrorGroup
2046 "The frwkErrorGroup is mandatory sending errors in
2047 decisions is to be supported."
2049 GROUP frwkBaseFilterGroup
2051 "The frwkBaseFilterGroup is mandatory if filtering
2052 based on traffic components is to be supported."
2054 GROUP frwkIpFilterGroup
2056 "The frwkIpFilterGroup is mandatory if filtering
2057 based on IP traffic components is to be supported."
2059 GROUP frwk802FilterGroup
2061 "The frwk802FilterGroup is mandatory if filtering
2062 based on 802 traffic criteria is to be supported."
2064 GROUP frwkILabelFilterGroup
2066 "The frwkILabelFilterGroup is mandatory if filtering
2067 based on PEP internal label is to be supported."
2069 GROUP frwk802MarkerGroup
2071 "The frwk802MarkerGroup is mandatory if marking a packet
2072 with 802 traffic criteria is to be supported."
2074 GROUP frwkILabelMarkerGroup
2076 "The frwkILabelMarkerGroup is mandatory if marking a
2077 flow with internal labels is to be supported."
2079 ::= { frwkBasePibCompliances 1 }
2084 frwkPrcSupportGroup OBJECT-GROUP
2087 frwkPrcSupportSupportedPrc,
2088 frwkPrcSupportSupportedAttrs }
2091 "Objects from the frwkPrcSupportTable."
2093 ::= { frwkBasePibGroups 1 }
2095 frwkPibIncarnationGroup OBJECT-GROUP
2097 frwkPibIncarnationPrid,
2098 frwkPibIncarnationName,
2099 frwkPibIncarnationId,
2100 frwkPibIncarnationLongevity,
2101 frwkPibIncarnationTtl,
2102 frwkPibIncarnationInCtxtSet,
2103 frwkPibIncarnationActive,
2104 frwkPibIncarnationFullState
2108 "Objects from the frwkDevicePibIncarnationTable."
2110 ::= { frwkBasePibGroups 2 }
2112 frwkDeviceIdGroup OBJECT-GROUP
2117 frwkDeviceIdMaxContexts }
2120 "Objects from the frwkDeviceIdTable."
2122 ::= { frwkBasePibGroups 3 }
2124 frwkCompLimitsGroup OBJECT-GROUP
2127 frwkCompLimitsComponent,
2128 frwkCompLimitsAttrPos,
2129 frwkCompLimitsNegation,
2131 frwkCompLimitsSubType,
2135 frwkCompLimitsGuidance }
2138 "Objects from the frwkCompLimitsTable."
2140 ::= { frwkBasePibGroups 4 }
2142 frwkReferenceGroup OBJECT-GROUP
2145 frwkReferenceClientType,
2146 frwkReferenceClientHandle,
2147 frwkReferenceInstance }
2150 "Objects from the frwkReferenceTable."
2152 ::= { frwkBasePibGroups 5 }
2154 frwkErrorGroup OBJECT-GROUP
2163 "Objects from the frwkErrorTable."
2165 ::= { frwkBasePibGroups 6 }
2167 frwkCapabilitySetGroup OBJECT-GROUP
2169 frwkCapabilitySetPrid,
2170 frwkCapabilitySetName,
2171 frwkCapabilitySetCapability }
2174 "Objects from the frwkCapabilitySetTable."
2176 ::= { frwkBasePibGroups 7 }
2178 frwkRoleComboGroup OBJECT-GROUP
2182 frwkRoleComboCapSetName }
2188 "Objects from the frwkRoleComboTable."
2190 ::= { frwkBasePibGroups 8 }
2192 frwkIfRoleComboGroup OBJECT-GROUP
2193 OBJECTS { frwkIfRoleComboIfIndex }
2196 "Objects from the frwkIfRoleComboTable."
2198 ::= { frwkBasePibGroups 9 }
2200 frwkBaseFilterGroup OBJECT-GROUP
2203 frwkBaseFilterNegation }
2206 "Objects from the frwkBaseFilterTable."
2208 ::= { frwkBasePibGroups 10 }
2210 frwkIpFilterGroup OBJECT-GROUP
2212 frwkIpFilterAddrType,
2213 frwkIpFilterDstAddr,
2214 frwkIpFilterDstPrefixLength,
2215 frwkIpFilterSrcAddr,
2216 frwkIpFilterSrcPrefixLength,
2219 frwkIpFilterProtocol,
2220 frwkIpFilterDstL4PortMin,
2221 frwkIpFilterDstL4PortMax,
2222 frwkIpFilterSrcL4PortMin,
2223 frwkIpFilterSrcL4PortMax }
2226 "Objects from the frwkIpFilterTable."
2228 ::= { frwkBasePibGroups 11 }
2230 frwk802FilterGroup OBJECT-GROUP
2232 frwk802FilterDstAddr,
2233 frwk802FilterDstAddrMask,
2237 frwk802FilterSrcAddr,
2238 frwk802FilterSrcAddrMask,
2239 frwk802FilterVlanId,
2240 frwk802FilterVlanTagRequired,
2241 frwk802FilterEtherType,
2242 frwk802FilterUserPriority }
2245 "Objects from the frwk802FilterTable."
2247 ::= { frwkBasePibGroups 12 }
2249 frwkILabelFilterGroup OBJECT-GROUP
2250 OBJECTS { frwkILabelFilterILabel }
2253 "Objects from the frwkILabelFilterTable."
2255 ::= { frwkBasePibGroups 13 }
2257 frwk802MarkerGroup OBJECT-GROUP
2260 frwk802MarkerVlanId,
2261 frwk802MarkerPriority }
2264 "Objects from the frwk802MarkerTable."
2266 ::= { frwkBasePibGroups 14 }
2268 frwkILabelMarkerGroup OBJECT-GROUP
2270 frwkILabelMarkerPrid,
2271 frwkILabelMarkerILabel }
2274 "Objects from the frwkILabelMarkerTable."
2276 ::= { frwkBasePibGroups 15 }