-- This file is corresponding to Release 6.3.1.100 from 2003/03/10 00:00:00 -- (C)opyright 1991-2002 BinTec Communications AG, All Rights Reserved -- $RCSfile: mibip,v $ -- $Revision: 1.66 $ BIANCA-BRICK-IP-MIB DEFINITIONS ::= BEGIN IMPORTS IpAddress, Counter, TimeTicks FROM RFC1155-SMI OBJECT-TYPE FROM RFC-1212; org OBJECT IDENTIFIER ::= { iso 3 } dod OBJECT IDENTIFIER ::= { org 6 } internet OBJECT IDENTIFIER ::= { dod 1 } private OBJECT IDENTIFIER ::= { internet 4 } enterprises OBJECT IDENTIFIER ::= { private 1 } bintec OBJECT IDENTIFIER ::= { enterprises 272 } bibo OBJECT IDENTIFIER ::= { bintec 4 } biboip OBJECT IDENTIFIER ::= { bibo 5 } -- IP Group -- Management Information for the IP Subsystem of the BIANCA/BRICK -- old access list tables, don't reuse these OIDs -- ipAllowTable OBJECT-TYPE ::= { biboip 1 } -- ipDenyTable OBJECT-TYPE ::= { biboip 2 } ipExtIfTable OBJECT-TYPE SYNTAX SEQUENCE OF IpExtIfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The ipExtIfTable contains extended information related to IP and the interfaces found on the system. Entries can only be added or deleted by the system." ::= { biboip 3} ipExtIfEntry OBJECT-TYPE SYNTAX IpExtIfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipExtIfIndex } ::= { ipExtIfTable 1 } IpExtIfEntry ::= SEQUENCE { ipExtIfIndex INTEGER, ipExtIfRipSend INTEGER, ipExtIfRipReceive INTEGER, ipExtIfNat INTEGER, ipExtIfNatRmvFin INTEGER, ipExtIfNatTcpTimeout INTEGER, ipExtIfNatOtherTimeout INTEGER, ipExtIfNatOutXlat INTEGER, ipExtIfAccounting INTEGER, ipExtIfTcpSpoofing INTEGER, ipExtIfOspf INTEGER, ipExtIfOspfMetric INTEGER, ipExtIfTcpCksum INTEGER, ipExtIfBackRtVerify INTEGER, ipExtIfRuleIndex INTEGER, ipExtIfAuthentication INTEGER, ipExtIfAuthMode INTEGER, ipExtIfAuthLifeTime INTEGER, ipExtIfAuthKeepalive INTEGER, ipExtIfRouteAnnounce INTEGER, ipExtIfIpFragmentation INTEGER, ipExtIfRerouting INTEGER, ipExtIfBodRuleIndex INTEGER, ipExtIfQoSRuleIndex INTEGER, ipExtIfIpsecAccounting INTEGER, ipExtIfMulticast INTEGER, ipExtIfNatSilentDeny INTEGER, -- ipExtIfNetMeetingTunnel INTEGER ipExtIfNatPPTPXlat INTEGER, ipExtIfTcpMssClamping INTEGER } ipExtIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Unique interface index" ::= { ipExtIfEntry 1 } ipExtIfRipSend OBJECT-TYPE SYNTAX INTEGER { ripV1 (1), -- send RIP V1 messages ripV2 (2), -- send RIP V2 messages both(3), -- send RIP V1 and RIP V2 messages none(4), -- don't send RIP messages ripV2mcast(5), -- send RIP V2 messages as multicast ripV1trig(6), -- send Triggered RIP V1 messages (RFC 2091) ripV2trig(7) -- send Triggered RIP V2 messages (RFC 2091) } ACCESS read-write STATUS mandatory DESCRIPTION "specifies which versions of RIP messages are sent to that interface. Usually RIP messages are sent as broadcast, except this object is set to ripV2mcast. In this case RIP V2 messages are sent to the multicast address 224.0.0.9 ." ::= { ipExtIfEntry 3 } ipExtIfRipReceive OBJECT-TYPE SYNTAX INTEGER { ripV1 (1), -- accept only RIP V1 messages ripV2 (2), -- accept only RIP V2 messages both(3), -- accept RIP V1 and RIP V2 messages none(4), -- don't accept any RIP messages ripV1trig(5), -- accept only Triggered RIP V1 msg's(RFC 2091) ripV2trig(6) -- accept only Triggered RIP V2 msg's(RFC 2091) } ACCESS read-write STATUS mandatory DESCRIPTION "specifies which versions of RIP messages are accepted from that interface. RIP V2 messages are received regardless if they are sent as broadcast or multicast." ::= { ipExtIfEntry 4 } ipExtIfProxyArp OBJECT-TYPE SYNTAX INTEGER { off(1), -- proxy arp switched off on(2), -- if operational status of the destination -- interface is up or dormant up-only(3) -- if operational status of the destination -- interface is up } ACCESS read-write STATUS mandatory DESCRIPTION "Switch for Proxy ARP on this interface." ::= { ipExtIfEntry 5 } ipExtIfNat OBJECT-TYPE SYNTAX INTEGER { off(1), on(2), reverse(3) } ACCESS read-write STATUS mandatory DESCRIPTION "This object can be used to switch NAT on and off for a specific interface. " ::= { ipExtIfEntry 6 } ipExtIfNatRmvFin OBJECT-TYPE SYNTAX INTEGER { no(1), yes(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies, whether entries in the IpNatTable shall be removed, when TCP-FINS have been received and acknowledged in both directions, a TCP-RST has been received or a ICMP-ERROR message has been received for the entry." ::= { ipExtIfEntry 7 } ipExtIfNatTcpTimeout OBJECT-TYPE SYNTAX INTEGER (1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "TCP NAT entries vanish unconditionally after not being used for the amount of time specified by this object in seconds." ::= { ipExtIfEntry 8 } ipExtIfNatOtherTimeout OBJECT-TYPE SYNTAX INTEGER (1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "Non-TCP NAT entries vanish unconditionally after not being used for the amount of time specified by this object in seconds." ::= { ipExtIfEntry 9 } ipExtIfNatOutXlat OBJECT-TYPE SYNTAX INTEGER { on(1), off(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object can be used to switch the outgoing address translation off. Then, all addresses are passed instead of being translated. The session mechanism remains active and implements a security mechanism. " ::= { ipExtIfEntry 10 } ipExtIfAccounting OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Switch for accounting on the specified interface. An IP packet is being accounted, when this object is set to on for either the source or the destination interface." ::= { ipExtIfEntry 11 } ipExtIfTcpSpoofing OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Switch for TCP spoofing on this interface. TCP keepalive polls are answered by the BRICK to prevent unnecessary ISDN connections. Set this object to on for ISDN dialup interfaces." ::= { ipExtIfEntry 12 } ipExtIfAccessAction OBJECT-TYPE SYNTAX INTEGER { ignore(1), refuse(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object describes the action, that is done, when a packet received from the interface has been filtered out. When set to ignore, no action takes place. When set to refuse, an ICMP unreachable message is being sent to the originator of the packet." ::= { ipExtIfEntry 13 } ipExtIfAccessReport OBJECT-TYPE SYNTAX INTEGER { none(1), info(2), dump(3) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies, how a packed filtered by accesslists should be logged. When set to none, no logging takes place. When set to info, protocol, ip-addresses and portnumbers are logged. When set to dump, a dump of the first 64 bytes of the packet will be written to the syslog table." ::= { ipExtIfEntry 14 } ipExtIfOspf OBJECT-TYPE SYNTAX INTEGER { passive(1), active(2), off(3) } ACCESS read-write STATUS mandatory DESCRIPTION "Configure the OSPF status of this interface. Routing information about routes on passive and active interfaces is propagated on active interfaces. Only active interfaces run the OSPF protocol. When set to off the interface and its associated routes are invisible to the OSPF protocol." ::= { ipExtIfEntry 15 } ipExtIfOspfMetric OBJECT-TYPE SYNTAX INTEGER { auto(1), -- based on ifSpeed fixed(2), -- user configured auto-adjust(3), -- auto + metric adjustment fixed-adjust(4) -- fixed + metric adjustment } ACCESS read-write STATUS mandatory DESCRIPTION "Configure the metric calculation of OSPF interfaces. If set to auto the metric is calculated based on ifSpeed. If set to fixed the metric is taken from the ospfIfMetricTable. Additionaly the metric adjustment for dialup interfaces can be configured. If set to auto-adjust or fixed-adjust the basic metric value is reduced if the operational status of the dialup interface is up." ::= { ipExtIfEntry 16 } ipExtIfTcpCksum OBJECT-TYPE SYNTAX INTEGER { check(1), dont-check(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Enable or disable the TCP checksum check for local packets received on the corresponding interface. Disabling the check may improve performance for some local applications (i.e. remote CAPI). This object should only be set to dont-check on interfaces for LANs without further routers. Packets received from routers may have a corrupted TCP checksum and TCP will no longer be able to detect those packets. The TCP checksum must be checked by the receiving TCP under any circumstances, when TCP header compression is used on any router." ::= { ipExtIfEntry 17 } ipExtIfBackRtVerify OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object activates an additional check for incoming packets. If set to on, incoming packets are only accepted if return packets sent back to their source IP address would be sent over the same interface. This prevents packets being passed from untrusted interfaces to this interface." ::= { ipExtIfEntry 18 } ipExtIfRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the index of the first access rule that is applied for incoming packets. If set to 0 or if there is no access rule with this index no access rules are applied for this interface." ::= { ipExtIfEntry 19 } ipExtIfAuthentication OBJECT-TYPE SYNTAX INTEGER { off(1), securID(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the authentication scheme used for incoming packets." ::= { ipExtIfEntry 20 } ipExtIfAuthMode OBJECT-TYPE SYNTAX INTEGER { strict(1), loose(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the authentication mode. If set to strict each source IP address must be authenticated. If set to loose all source IP addresses are allowed if at least one IP address is successfully authenticated." ::= { ipExtIfEntry 21 } ipExtIfAuthLifeTime OBJECT-TYPE SYNTAX INTEGER (180..36000) ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the time in seconds a successful authentication is valid since the IP partner was authenticated." ::= { ipExtIfEntry 22 } ipExtIfAuthKeepalive OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the period between short authentications that are invisible to the user" ::= { ipExtIfEntry 23 } ipExtIfRouteAnnounce OBJECT-TYPE SYNTAX INTEGER { up-only(1), up-dormant(2), always(3) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the condition when routes on this interface are propagated by routing protocols. If set to up-only routes are only propagated if the operational status of the interface is up. If set to up-dormant routes are propagated if the status is up or dormant. If set to always routes are propagated independent of the operational status." ::= { ipExtIfEntry 24 } ipExtIfIpFragmentation OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2), equal(3), reverse(4) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines different modes used for fragmentation of IP datagrams greater than the MTU of the destination interface. If set to enabled (1) each IP datagram will be splitted into a first fragment MTU sized and the last one smaller than the first. If set to disabled (2) an ICMP unreachable message will be performed. The equal (3) mode defines a fragmentation technique wich generates fragments having approximately the same size whereon the reverse (4) mode starts with a small fragment followed by MTU sized fragment(s)." ::= { ipExtIfEntry 25 } ipExtIfRerouting OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object enables or disables rerouting on this interface. The default value is enabled. If set to disabled, then only the better one route from two or more possible routes is chosen, even if the ifOperStatus of the interface for this route is dormant." ::= { ipExtIfEntry 26 } ipExtIfBodRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the index of the first rule used for Bandwidth on Demand (BOD) that is applied for incoming and/or outgoing traffic. If set to 0 or if there is no entry in the ipBodRuleTable with this index no BOD-specific information is applied for this interface." ::= { ipExtIfEntry 27 } ipExtIfQosRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the index of the first rule used for Qos (Qualtiy of Service) rules applied for IP traffic. If set to 0 or if there is no entry in the ipQoSTable with this index no QoS-specific information is applied for this interface." ::= { ipExtIfEntry 28 } ipExtIfIpsecAccounting OBJECT-TYPE SYNTAX INTEGER { ipsec(1), clear(2), both(3) } ACCESS read-write STATUS mandatory DESCRIPTION "This object determines, whether packets which are en- or decapsulated by IPSec should be accounted with encapsulation header(ipsec) or without the encapsulation header (clear), or even twice (both)." ::= { ipExtIfEntry 29 } ipExtIfMulticast OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Enable that multicast frames are accepted from that interface." ::= { ipExtIfEntry 30 } ipExtIfNatSilentDeny OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies - if NAT is enabled (see ipExtIfNat) - whether incoming IP packets not passed by the NAT barrier should answered with an ICMP Host Unreachable or TCP RST message addressed to to packet originator. If set to enabled(2), such incoming IP packets will be silently discarded." ::= { ipExtIfEntry 31 } -- ipExtIfNetMeetingTunnel OBJECT-TYPE -- SYNTAX INTEGER { -- off(1), -- on(2) -- } -- ACCESS read-write -- STATUS mandatory -- -- DESCRIPTION -- "This object controls the replacement of ip address -- information exchanged by two NetMeeting clients -- if NAT is enabled on this interface." -- ::= { ipExtIfEntry 32 } ipExtIfNatPPTPXlat OBJECT-TYPE SYNTAX INTEGER { disabled(1), enabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies - if NAT is enabled (see ipExtIfNat) - whether PPTP (point to point protocol) connections are translated. This is needed if there are more than one PPTP client behind NAT." ::= { ipExtIfEntry 33 } ipExtIfTcpMssClamping OBJECT-TYPE SYNTAX INTEGER (-1..32000) ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies whether TCP MSS clamping is enabled on the interface. -1 disables clamping, 0 clamps the MSS depending on the interface MTU. A value > 0 will be used as clamping size." ::= { ipExtIfEntry 34 } ipExtRtTable OBJECT-TYPE SYNTAX SEQUENCE OF IpExtRtEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The ipExtRtTable can be used in addition (not instead of) to the ipRouteTable to specify routing of IP datagrams. The selection of datagram-types is more specific with the ipExtRtTable, so routing of different services over different pathes is possible. The specification of local IP-addresses is not possible in the ipExtRtTable. The ipExtRtTable will be searched before the ipRouteTable. If a matching entry is found, it will be taken for routing and no further lookup in the ipRouteTable will happen." ::= { biboip 4 } ipExtRtEntry OBJECT-TYPE SYNTAX IpExtRtEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Each entry in the ipExtRtTable describes a set of IP datagrams and the destination interface for that set. Metric parameters allow for ordering of the different specifications for overlapping sets." INDEX { ipExtRtProtocol } ::= { ipExtRtTable 1 } IpExtRtEntry ::= SEQUENCE { ipExtRtProtocol INTEGER, ipExtRtSrcIfIndex INTEGER, ipExtRtSrcAddr IpAddress, ipExtRtSrcMask IpAddress, ipExtRtSrcPort INTEGER, ipExtRtSrcPortRange INTEGER, ipExtRtDstAddr IpAddress, ipExtRtDstMask IpAddress, ipExtRtDstPort INTEGER, ipExtRtDstPortRange INTEGER, ipExtRtTos INTEGER, ipExtRtTosMask INTEGER, ipExtRtDstIfMode INTEGER, ipExtRtDstIfIndex INTEGER, ipExtRtNextHop IpAddress, ipExtRtType INTEGER, ipExtRtMetric1 INTEGER, ipExtRtMetric2 INTEGER, ipExtRtMetric3 INTEGER, ipExtRtMetric4 INTEGER, ipExtRtMetric5 INTEGER, ipExtRtProto INTEGER, ipExtRtAge TimeTicks } ipExtRtProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), ggp(3), tcp(6), egp(8), pup(12), udp(17), hmp(20), xns-idp(22), rdp(27), rsvp(46), gre(47), esp(50), ah(51), igrp(88), ospf(89), l2tp(115), dont-verify(256) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the value of the protocolfield in the ip header for all IP-datagrams belonging to the set. If this object is set to dont-verify, the value of the protocol field is not specified and can take any value." ::= { ipExtRtEntry 1 } ipExtRtSrcIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the source index of the IP-datagrams. If this object has a value other than 0, only datagrams received over the interface with the appropriate interface index are considered to be part of the set. If this object is set to 0, the source interface index for the datagrams belonging to the set is not specified." ::= { ipExtRtEntry 2 } ipExtRtSrcAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtSrcMask the range of the source-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the source- addresses for the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 3 } ipExtRtSrcMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtSrcAddr the range of the source-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the source- addresses for the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 4 } ipExtRtSrcPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtSrcPortRange the range of source portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the source portnumber is not specified and can take any value." ::= { ipExtRtEntry 5 } ipExtRtSrcPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtSrcPort the range of source portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the source portnumber is not specified and can take any value." ::= { ipExtRtEntry 6 } ipExtRtDstAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtDstMask the range of the target-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the target- addresses for the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 7 } ipExtRtDstMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtDstAddr the range of the target-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the target- addresses for the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 8 } ipExtRtDstPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtDstPortRange the range of target-portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the target portnumber is not specified and can take any value." ::= { ipExtRtEntry 9 } ipExtRtDstPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtDstPort the range of target-portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the target portnumber is not specified and can take any value." ::= { ipExtRtEntry 10 } ipExtRtTos OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtTosMask the range of the Type of Service field (TOS) in the IP-header of the IP-datagrams belonging to the set. A TOS value is considered within the range, when the following equation is valid: (tos & ipExtRtTosMask) == (ipExtRtTos & ipExtRtTosMask) If both objects are set to 0 the TOS value of the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 11 } ipExtRtTosMask OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipExtRtTos the range of the Type of Service field (TOS) in the IP-header of the IP-datagrams belonging to the set. A TOS value is considered within the range, when the following equation is valid: (tos & ipExtRtTosMask) == (ipExtRtTos & ipExtRtTosMask) If both objects are set to 0 the TOS value of the datagrams in the set is not specified and can take any value." ::= { ipExtRtEntry 12 } ipExtRtDstIfMode OBJECT-TYPE SYNTAX INTEGER { dialup-wait(1), dialup-continue(2), up-only(3), always(4) , dialup-always(5) } ACCESS read-write STATUS mandatory DESCRIPTION "This object describes different behavior depending on the ifOperStatus of the destination interface: dialup-wait: The route matches, when the ifOperStatus of the destination interface is either up or dormant. If the status is dormant, the ifAdminStatus is set to dialup to bring the interface to the up state. The datagram will wait until the ifOperStatus reaches the up state. For all other states, the routing tables will be searched for a different matching entry. dialup-continue: The route matches, if the ifOperStatus of the destination interface is up. For all other states, the routing tables are searched for different matching entry. However, if the ifOperStatus was dormant, the ifAdminStatus will be set to dialup to bring the interface to the up state. This setting can be used to establish a better path for a specific service and to use an existing path for that service as long as the better path could not be established. up-only: The route matches, if the ifOperStatus of the destination interface is up. For all other states, the routing tables are searched for different matching entry. always: The route matches independantly of the ifOperStatus of the destination interface. If it is up, the interface is used. If the state is dormant, ifAdminStatus is set to dialup to bring the interface in the up state. For all other states, the destination is considered unreachable. dialup-always: Same as dialup-wait(1), however, if the ifOperStatus was dormant, the ifAdminStatus will be set to dialup to bring the interface to the up state if the value of ipExtRtMetric1 is the lowest of all matching routes in this table. " ::= { ipExtRtEntry 13 } ipExtRtDstIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the destination interface for the IP-datagrams belonging to the set. If the value of this object is set to 0, the datagrams of the set are discarded and an ICMP destination unreachable datagram is sent back to the originator." ::= { ipExtRtEntry 14 } ipExtRtNextHop OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object is used on point-to-multipoint interfaces with indirect routes (see ipExrRtType) to specify the IP-address of the gateway on the network, where the datagram should be routed to." ::= { ipExtRtEntry 15 } ipExtRtType OBJECT-TYPE SYNTAX INTEGER { other(1), invalid(2), direct(3), indirect(4) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies, on point-to-multipoint interface whether the datagram shall be sent to the destination IP address in the IP datagram header (direct) or to a gateway (indirect). In the later case, the IP-addres of the gateway is specified by ipExtRtNextHop. If this object is set to other, the entry is not used for routing. The complete entry can also be deleted, by setting this object to invalid. " ::= { ipExtRtEntry 16 } ipExtRtMetric1 OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object is used to specify an order on the entries in the ipExtRtTable. If a datagram is matching multiple entries, the entry with the lowest value of ipExtRtMetric1 is choosen. The decision is undefined, when even after interpreting the metric, there are still multiple entries matching the IP-datagram." ::= { ipExtRtEntry 17 } ipExtRtMetric2 OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Undefined yet; for further extension" ::= { ipExtRtEntry 18 } ipExtRtMetric3 OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Undefined yet; for further extension" ::= { ipExtRtEntry 19 } ipExtRtMetric4 OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Undefined yet; for further extension" ::= { ipExtRtEntry 20 } ipExtRtMetric5 OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Undefined yet; for further extension" ::= { ipExtRtEntry 21 } ipExtRtProto OBJECT-TYPE SYNTAX INTEGER { other(1), local(2), netmgmt(3), icmp(4), egp(5), ggp(6), hello(7), rip(8), is-is(9), es-is(10), ciscoIgrp(11), bbnSpfIgp(12), ospf(13), bgp(14) } ACCESS read-write STATUS mandatory DESCRIPTION "This object describes, how the route has been gained. This will normaly be netmgmt, because there is currently no routing protocol, that is able to handle extended routes." ::= { ipExtRtEntry 22 } ipExtRtAge OBJECT-TYPE SYNTAX TimeTicks ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the age of the route." ::= { ipExtRtEntry 23 } ipNatTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNatEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "If NAT is switched on for an interface, this table contains an entry for each session running over the interface. Table entries are creates by the system whenever a valid session is established. A session may be either a tcp connection, a udp connection or an icmp connection with icmp-echo messages (ping). A valid session is either an outgoing session or an incoming session specified in the ipNatPresetTable. Everything behind an interface with NAT enabled is called outside. The BRICK itself and all networks connected to it via interfaces without NAT are called inside. Table entries are removed after timeout. This timeout is specified by ipExtIfNatOtherTimeout for UDP and ICMP sessions. specified by ipExtIfTcpTimeout for TCP sessions 16 seconds for closed TCP-sessions (FIN has been received and acknowledged in both directions. " ::= { biboip 5 } ipNatEntry OBJECT-TYPE SYNTAX IpNatEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipNatIfIndex, ipNatProtocol, ipNatIntAddr, ipNatIntPort } ::= { ipNatTable 1 } IpNatEntry ::= SEQUENCE { ipNatIfIndex INTEGER, ipNatProtocol INTEGER, ipNatIntAddr IpAddress, ipNatIntPort INTEGER, ipNatExtAddr IpAddress, ipNatExtPort INTEGER, ipNatRemoteAddr IpAddress, ipNatRemotePort INTEGER, ipNatDirection INTEGER, ipNatAge TimeTicks, ipNatContext UINT } ipNatIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the interface, for which the session is monitored." ::= { ipNatEntry 1 } ipNatProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), tcp(6), udp(17), gre(47), esp(50), ah(51), ospf(89), l2tp(115) } ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the protocol, the session is using. The value icmp specifies an icmp-echo (ping) session. ICMP error messages are processed by the appropriate tcp or udp session. " ::= { ipNatEntry 2 } ipNatIntAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the internal local IP Address used for the session. The internal address is only visible to inside networks and is translated to the external address, when a packet is being sent outside. " ::= { ipNatEntry 3 } ipNatIntPort OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the internal local portnumber used for the session. The internal portnumber is only visible to inside networks and is translated to the external portnumber whenever a packet is being sent outside. " ::= { ipNatEntry 4 } ipNatExtAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the external local address used for the session. This address is visible outside only and will be translated to the internal address, whenever a packet is received from outside. " ::= { ipNatEntry 5 } ipNatExtPort OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the external local portnumber used for the session. This address is visible outside only and is translated to the internal portnumber, whenever a packet is received from outside. " ::= { ipNatEntry 6 } ipNatRemoteAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the remote IP-address used for the session. This is an outside address. However, it is visible to outside networks and also to inside networks. " ::= { ipNatEntry 7 } ipNatRemotePort OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the remote portnumber used for the session. This is an outside portnumber. However, it is visible to outside networks and also to inside networks. " ::= { ipNatEntry 8 } ipNatDirection OBJECT-TYPE SYNTAX INTEGER { incoming(1), outgoing(2) } ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies, whether the session is incoming (from outside to inside) or outgoing (from inside to outside). " ::= { ipNatEntry 9 } ipNatAge OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies how long no packet has been transferred for the session and is used internally for timeout purposes. " ::= { ipNatEntry 10 } ipNatContext OBJECT-TYPE SYNTAX UINT ACCESS read-only STATUS mandatory DESCRIPTION "This object holds a protocol specific context needed to identify sessions for ICMP unreachable address mapping. " ::= { ipNatEntry 11 } ipNatPresetTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNatPresetEntry ACCESS not-accessible STATUS mandatory -- CNAT: modif: add ipNatPrIntMask DESCRIPTION "This table specifies the IP addresses and port numbers for sessions requested from outside. If this table is empty and NAT is enabled, only packets for sessions initiated from inside are forwarded. The IP address and the port number of the internal server can be specified individually for each combination of - protocol (udp/tcp/icmp) - initiating hosts IP address (RemoteAddr, RemoteMask) - called hosts IP address (ExtAddr, ExtMask) - called port number (ExtPort, ExtPortRange) Entries in the table are created and removed manually by network management." ::= { biboip 6 } ipNatPresetEntry OBJECT-TYPE SYNTAX IpNatPresetEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipNatPrIfIndex, ipNatPrProtocol, ipNatPrExtPort } ::= { ipNatPresetTable 1 } IpNatPresetEntry ::= SEQUENCE { ipNatPrIfIndex INTEGER, ipNatPrProtocol INTEGER, ipNatPrRemoteAddr IpAddress, ipNatPrRemoteMask IpAddress, ipNatPrExtAddr IpAddress, ipNatPrExtMask IpAddress, ipNatPrExtPort INTEGER, ipNatPrExtPortRange INTEGER, ipNatPrIntAddr IpAddress, ipNatPrIntPort INTEGER, ipNatPrIntMask IpAddress } ipNatPrIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the interface index, for which the table entry shall be valid. If set to 0, the entry will be valid for all interfaces configured to use NAT." ::= { ipNatPresetEntry 1 } ipNatPrProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), tcp(6), udp(17), gre(47), esp(50), ah(51), ospf(89), ipinip(94), l2tp(115), any(255), delete(256) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the protocol, for which the table entry shall be valid." ::= { ipNatPresetEntry 2 } ipNatPrRemoteAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatPrRemoteMask the the set of IP addresses of remote hosts initiating the connection. The table entry will be valid for an incoming call, when the IP adress of the remote host initiating the connection lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any remote host." ::= { ipNatPresetEntry 3 } ipNatPrRemoteMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatPrRemoteAddr the the set of IP addresses of remote hosts initiating the connection. The table entry will be valid for an incoming call, when the IP adress of the remote host initiating the connection lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any remote host." ::= { ipNatPresetEntry 4 } ipNatPrExtAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatPrExtMask the the set of called IP addresses, for which the table entry shall be valid. The entry is valid, if the called IP address of an incoming calls setup packet lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any called IP address." ::= { ipNatPresetEntry 5 } ipNatPrExtMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatPrExtAddr the the set of called IP addresses, for which the table entry shall be valid. The entry is valid, if the called IP address of an incoming calls setup packet lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for any called IP address." ::= { ipNatPresetEntry 6 } ipNatPrExtPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatPrExtPortRange the range of portnumbers for incoming call, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatPrPortRange is set to -1, the entry is only valid, when the called portnumber of an incoming call is equal to ipNatPrExtPort. Otherwise, the entry is valid, if the called portnumber lies in the range ExtPort .. ExtPortRange." ::= { ipNatPresetEntry 7 } ipNatPrExtPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatPrExtPort the range of portnumbers for incoming call, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatPrPortRange is set to -1, the entry is only valid, when the called portnumber of an incoming call is equal to ipNatPrExtPort. Otherwise, the entry is valid, if the called portnumber lies in the range ExtPort .. ExtPortRange." ::= { ipNatPresetEntry 8 } ipNatPrIntAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "With ipNatPrIntMask, this object specifies the internal target hosts IP address for incoming calls matching the table entry. An incoming call matching this entry will be routed to the internal server specified by this object and ipNatPrIntMask. If this object is set to 0.0.0.0, the target host will be the original target host in the incoming calls setup packet. No translation of the IP-addresses take place in this case. If ipNatPrIntMask is set to 255.255.255.255, the internal server IP address is ipNatPrIntAddr. If ipNatPrIntMask is a subnet mask, the internal server IP address is the incoming one in which the NET part is mapped according to 'ipNatPrIntAddr / ipNatPrIntMask'." ::= { ipNatPresetEntry 9 } ipNatPrIntPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the internal target hosts port-number for incoming calls matching the table entry. If this object is set to -1, the target portnumber will be taken from the original incoming calls setup packet. No translation of the portnumber will take place in this case. If the set of portnumbers for this table entry is a range instead of a single portnumber, this object will specify the base of the target range of portnumbers. The internal portnumber will be constructed as follows: new-target-port := old-target-port - ipNatPrExtPort + ipNatPrIntPort " ::= { ipNatPresetEntry 10 } ipNatPrIntMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "With ipNatPrIntAddr, this object specifies the internal target hosts IP address for incoming calls matching the table entry. An incoming call matching this entry will be routed to the internal server specified by this object and ipNatPrIntMask. If this object is set to 255.255.255.255, the internal server IP address is ipNatPrIntAddr. If this object is a subnet mask, the internal server IP address is the incoming one in which the NET part is mapped according to 'ipNatPrIntAddr / ipNatPrIntMask'." ::= { ipNatPresetEntry 11 } ipSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF IpSessionEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" ::= { biboip 7 } ipSessionEntry OBJECT-TYPE SYNTAX IpSessionEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipSessionProtocol, ipSessionSrcAddr, ipSessionSrcPort, ipSessionDstAddr, ipSessionDstPort } ::= { ipSessionTable 1 } IpSessionEntry ::= SEQUENCE { ipSessionSrcAddr IpAddress, ipSessionSrcPort INTEGER, ipSessionDstAddr IpAddress, ipSessionDstPort INTEGER, ipSessionOutPkts Counter, ipSessionOutOctets Counter, ipSessionInPkts Counter, ipSessionInOctets Counter, ipSessionProtocol INTEGER, ipSessionAge TimeTicks, ipSessionIdle TimeTicks, ipSessionSrcIfIndex INTEGER, ipSessionDstIfIndex INTEGER } ipSessionSrcAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 1 } ipSessionSrcPort OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 2 } ipSessionDstAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 3 } ipSessionDstPort OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 4 } ipSessionOutPkts OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 5 } ipSessionOutOctets OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 6 } ipSessionInPkts OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 7 } ipSessionInOctets OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 8 } ipSessionProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), ggp(3), tcp(6), egp(8), pup(12), udp(17), hmp(20), xns-idp(22), rdp(27), rsvp(46), gre(47), esp(50), ah(51), igrp(88), ospf(89), l2tp(115) } ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 9 } ipSessionAge OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 10 } ipSessionIdle OBJECT-TYPE SYNTAX TimeTicks ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 11 } ipSessionSrcIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 12 } ipSessionDstIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "" ::= { ipSessionEntry 13 } ipImportTable OBJECT-TYPE SYNTAX SEQUENCE OF ipImportEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table specifies how routes from one routing protocol are imported into another routing protocol. The dummy protocol default-route allows the generation of a default route for the routing domain. Not all combinations of source and destination protocols might be valid or implemented." ::= { biboip 12 } ipImportEntry OBJECT-TYPE SYNTAX ipImportEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipImportSrcProto, ipImportDstProto } ::= { ipImportTable 1 } ipImportEntry ::= SEQUENCE { ipImportSrcProto INTEGER, ipImportDstProto INTEGER, ipImportMetric1 INTEGER, ipImportType INTEGER, ipImportAddr IpAddress, ipImportMask IpAddress, ipImportIfIndex INTEGER } ipImportSrcProto OBJECT-TYPE SYNTAX INTEGER { default-route(1), direct(2), static(3), rip(4), ospf(5), special(6), radius(7) } ACCESS read-write STATUS mandatory DESCRIPTION "This object describes the protocol that generated the route and inserted it into the routing table." ::= { ipImportEntry 1 } ipImportDstProto OBJECT-TYPE SYNTAX INTEGER { delete(1), rip(2), ospf(3) } ACCESS read-write STATUS mandatory DESCRIPTION "This object describes the destination protocol into that the routes should be imported." ::= { ipImportEntry 2 } ipImportMetric1 OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the metric in the context of the destination protocol the imported routes should get. If set to -1 these routes get a protocol specific default metric." ::= { ipImportEntry 3 } ipImportType OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object might define protocol specific properties of the imported routes in the context of the destination protocol." ::= { ipImportEntry 4 } ipImportAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipImportMask the range of IP addresses for which the table entry should be valid. The entry is valid if the destination IP address of the route lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for destination." ::= { ipImportEntry 5 } ipImportMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipImportAddr the range of IP addresses for which the table entry should be valid. The entry is valid if the destination IP address of the route lies in the range specified by both objects. If both objects are set to 0.0.0.0, the table entry will be valid for destination." ::= { ipImportEntry 6 } ipImportEffect OBJECT-TYPE SYNTAX INTEGER { import (1), doNotImport(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object defines the effect this row should have. If set to import, the importation from ipImportSrcProto to ipImportDstProto takes place. If set to doNotImport the importation is prevented." ::= { ipImportEntry 7 } ipImportIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the interface index of the interface for which the entry should be valid. If set to 0 it will be valid for all interfaces." ::= { ipImportEntry 8 } ipPriorityTable OBJECT-TYPE SYNTAX SEQUENCE OF ipPriorityEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table defines the order, in which routes from different protocols are being used to determine the destination of an ip packet. The table will contain an entry for each type of routing protocol including STATIC and DIRECT routes. A priority-value can be configured for each of those protocols to get an order between the different protocols. The table contains a fixed number of entries. Only the priority may be configured." ::= { biboip 13 } ipPriorityEntry OBJECT-TYPE SYNTAX ipPriorityEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipPriorityProto } ::= { ipPriorityTable 1 } ipPriorityEntry ::= SEQUENCE { ipPriorityProto INTEGER, ipPriorityValue INTEGER } ipPriorityProto OBJECT-TYPE SYNTAX INTEGER { direct(1), static(2), rip(3), -- RIP routes ospf(4), -- OSPF intra and inter area routes ospf-ext(5) -- OSPF type 1 and 2 external routes } ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the routig-protocol, for which the entry is valid." ::= { ipPriorityEntry 1 } ipPriorityValue OBJECT-TYPE SYNTAX INTEGER (0..63) ACCESS read-write STATUS mandatory DESCRIPTION "This object contains the priority-value for a specific routing protocol. Low values mean high precedence." ::= { ipPriorityEntry 2 } ipFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF ipFilterEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The ipFilterTable defines filters that describe subsets of IP packets. The filter matches if all conditions defined are true when comparing with the header of an IP packet." ::= { biboip 15 } ipFilterEntry OBJECT-TYPE SYNTAX ipFilterEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipFilterProtocol } ::= { ipFilterTable 1 } ipFilterEntry ::= SEQUENCE { ipFilterIndex INTEGER, ipFilterDescr DisplayString, ipFilterProtocol INTEGER, ipFilterSrcAddr IpAddress, ipFilterSrcMask IpAddress, ipFilterSrcPort INTEGER, ipFilterSrcPortRange INTEGER, ipFilterDstAddr IpAddress, ipFilterDstMask IpAddress, ipFilterDstPort INTEGER, ipFilterDstPortRange INTEGER, ipFilterTcpConnState INTEGER, ipFilterIcmpType INTEGER, ipFilterTos INTEGER, ipFilterTosMask INTEGER } ipFilterIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "This object uniquely references this filter. The index value is generated automatically." ::= { ipFilterEntry 1 } ipFilterDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-write STATUS mandatory DESCRIPTION "A textual string describing this filter." ::= { ipFilterEntry 2 } ipFilterProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), ggp(3), ip(4), tcp(6), egp(8), igp(9), pup(12), chaos(16), udp(17), hmp(20), xns-idp(22), rdp(27), rsvp(46), gre(47), esp(50), ah(51), tlsp(56), skip(57), kryptolan(65), iso-ip(80), igrp(88), ospf(89), ipip(94), ipx-in-ip(111), vrrp(112), l2tp(115), delete(255), dont-verify(256) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the value of the protocol field in the ip header for all IP-datagrams belonging to the set. If this object is set to dont-verify, the value of the protocol field is not specified and can take any value." ::= { ipFilterEntry 3 } ipFilterSrcAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipFilterSrcMask the set of IP addresses of datagrams that belong to the subset defined by this entry. If both objects are set to 0.0.0.0 the source-addresses for the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 4 } ipFilterSrcMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipFilterSrcAddr the set of IP addresses of datagrams that belong to the subset defined by this entry. If both objects are set to 0.0.0.0 the source-addresses for the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 5 } ipFilterSrcPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipFilterSrcPortRange the range of source portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the source portnumber is not specified and can take any value." ::= { ipFilterEntry 6 } ipFilterSrcPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipFilterDstPort the range of source portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the source portnumber is not specified and can take any value." ::= { ipFilterEntry 7 } ipFilterDstAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipFilterDstMask the range of the target-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the target- addresses for the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 8 } ipFilterDstMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipFilterDstAddr the range of the target-addresses of the IP-datagrams belonging to the set. If both objects are set to 0.0.0.0 the target- addresses for the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 9 } ipFilterDstPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipFilterDstPortRange the range of target-portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the target portnumber is not specified and can take any value." ::= { ipFilterEntry 10 } ipFilterDstPortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipFilterDstPort the range of target-portnumbers of the IP-datagrams belonging to the set. All portnumbers between and including the two objects are within the range. If both objects are the to -1, the value of the target portnumber is not specified and can take any value." ::= { ipFilterEntry 11 } ipFilterTcpConnState OBJECT-TYPE SYNTAX INTEGER { dont-verify(1), established(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object describes the state of the TCP connection associated with the packets belonging to the set. If this object is set to established, the value of the TCP flags of incoming packets is checked. Packets with flags that initiate TCP connections are excluded from the set. If this object is set to dont-verify, the TCP flags are not checked and can be any value." ::= { ipFilterEntry 12 } ipFilterIcmpType OBJECT-TYPE SYNTAX INTEGER { dont-verify(31), echoRep(1), destUnreach(4), srcQuench(5), redirect(6), echo(9), timeExcds(12), parmProb(13), timestamp(14), timestampRep(15), addrMask(16), addrMaskRep(17) } ACCESS read-write STATUS mandatory DESCRIPTION "This object describes the ICMP type of the packets belonging to the set. If this object is set to dont-verify, the value of the ICMP type field is not specified and can take any value." ::= { ipFilterEntry 13 } ipFilterTos OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipFilterTosMask the range of the Type of Service field (TOS) in the IP-header of the IP-datagrams belonging to the set. A TOS value is considered within the range, when the following equation is valid: (tos & ipFilterTosMask) == (ipFilterTos & ipFilterTosMask) If both objects are set to 0 the TOS value of the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 14 } ipFilterTosMask OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-write STATUS mandatory DESCRIPTION "This object describes together with ipFilterTos the range of the Type of Service field (TOS) in the IP-header of the IP-datagrams belonging to the set. A TOS value is considered within the range, when the following equation is valid: (tos & ipFilterTosMask) == (ipFilterTos & ipFilterTosMask) If both objects are set to 0 the TOS value of the datagrams in the set is not specified and can take any value." ::= { ipFilterEntry 15 } ipRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF ipRuleEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The ipRuleTable defines access rules for checking incoming IP packets. The rules are processed in order, i.e. each rule has a link to the next rule. The set of rules is processed until a match occurs, that means the rule's associated filter matches and the specified action is performed (either accept or deny a packet). The last rule is implicitly a deny rule. The set of rules to be processed can be defined for each interface" ::= { biboip 16 } ipRuleEntry OBJECT-TYPE SYNTAX ipRuleEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipRuleFilterIndex } ::= { ipRuleTable 1 } ipRuleEntry ::= SEQUENCE { ipRuleIndex INTEGER, ipRuleFilterIndex INTEGER, ipRuleAction INTEGER, ipRuleNextRuleIndex INTEGER } ipRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Unique rule index." ::= { ipRuleEntry 1 } ipRuleFilterIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "References the rule's associated filter." ::= { ipRuleEntry 2 } ipRuleAction OBJECT-TYPE SYNTAX INTEGER { allow(1), -- allow if filter matches allow-if-not(2),-- allow if filter not matches deny(3), -- deny if filter matches deny-if-not(4), -- deny if filter not matches ignore(5), -- ignore rule and skip to next rule delete(6) -- delete the entry from the table } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the action to be performed if the rule's associated filter matches. If set to ignore the filter is not consulted and the next rule is processed immediately." ::= { ipRuleEntry 3 } ipRuleNextRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Specifies the next rule to be processed if the rule's associated filter does not match. The value 0 is used to mark the end of the rule set." ::= { ipRuleEntry 4 } ipNatOutTable OBJECT-TYPE -- CNAT: modif: add ipNatOutExtMask SYNTAX SEQUENCE OF IpNatOutEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table specifies the IP address translation for outgoing sessions. If no matching entry is found the IP address is set to the IP address defined on the interface configured for NAT. If a matching entry is found, the source IP address of outgoing IP packets is translated according to the couple 'ipNatOutExtAddr / ipNatOutExtMask'. - If external IP address is a 'host IP address', the whole source IP address is mapped. - If external IP address is a 'net IP address', only the 'net part' of source IP address is affected. This table is only used if the outgoing address translation is activated (ipExtIfNatOutXlat). Entries in the table are created and removed manually by network management." ::= { biboip 18 } ipNatOutEntry OBJECT-TYPE SYNTAX IpNatOutEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipNatOutIfIndex, ipNatOutIntAddr, ipNatOutExtAddr } ::= { ipNatOutTable 1 } IpNatOutEntry ::= SEQUENCE { ipNatOutIfIndex INTEGER, ipNatOutProtocol INTEGER, ipNatOutRemoteAddr IpAddress, ipNatOutRemoteMask IpAddress, ipNatOutExtAddr IpAddress, ipNatOutRemotePort INTEGER, ipNatOutRemotePortRange INTEGER, ipNatOutIntAddr IpAddress, ipNatOutIntMask IpAddress, ipNatOutIntPort INTEGER, ipNatOutExtPort INTEGER, ipNatOutExtMask IpAddress } ipNatOutIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the interface index, for which the table entry shall be valid. If set to 0, the entry will be valid for all interfaces configured to use NAT." ::= { ipNatOutEntry 1 } ipNatOutProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), tcp(6), udp(17), gre(47), esp(50), ah(51), l2tp(115), any(255), delete(256) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the protocol, for which the table entry shall be valid." ::= { ipNatOutEntry 2 } ipNatOutRemoteAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatOutRemoteMask the set of target IP addresses for which the table entry is valid. If both objects are set to 0.0.0.0, the table entry will be valid for any target IP address." ::= { ipNatOutEntry 3 } ipNatOutRemoteMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatOutRemoteAddr the set of target IP addresses for which the table entry is valid. If both objects are set to 0.0.0.0, the table entry will be valid for any target IP address." ::= { ipNatOutEntry 4 } ipNatOutExtAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "With ipNatOutExtMask, this object specifies the external 'IP address' or 'NET address' to which the internal IP address is mapped. - To map exactly to ipNatOutExtAddr (i.e. map to a single IP address), ipNatOutExtMask MUST be set to 255.255.255.255 - To keep HOST part of source IP address and map only the NET part, ipNatOutExtMask MUST be the related subnet mask (and it should be the same as ipNatOutIntMask )." ::= { ipNatOutEntry 5 } ipNatOutRemotePort OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatOutRemotePortRange the range of portnumbers for outgoing calls, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatOutPortRange is set to -1, the entry is only valid, when the portnumber of an outgoing call is equal to ipNatOutRemotePort. Otherwise, the entry is valid, if the called portnumber lies in the range RemotePort .. RemotePortRange." ::= { ipNatOutEntry 6 } ipNatOutRemotePortRange OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatOutRemotePort the range of portnumbers for outgoing calls, for which the table entry shall be valid. If both objects are set to -1, the entry is valid for all portnumbers. If ipNatOutPortRange is set to -1, the entry is only valid, when the portnumber of an outgoing call is equal to ipNatOutRemotePort. Otherwise, the entry is valid, if the called portnumber lies in the range RemotePort .. RemotePortRange." ::= { ipNatOutEntry 7 } ipNatOutIntAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatOutIntMask the internal hosts IP address for outgoing calls matching the table entry. If both objects are set to 0.0.0.0, the table entry will be valid for any source IP address." ::= { ipNatOutEntry 8 } ipNatOutIntMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipNatOutIntAddr the internal hosts IP address for outgoing calls matching the table entry. If both objects are set to 0.0.0.0, the table entry will be valid for any source IP address." ::= { ipNatOutEntry 9 } ipNatOutIntPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the internal source port for which the table entry shall be valid. If this object is set to -1, any internal source port matches this entry." ::= { ipNatOutEntry 10 } ipNatOutExtPort OBJECT-TYPE SYNTAX INTEGER (-1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "This object may be used to specify a fixed external source port to which the internal source port is mapped. If this object is set to -1, the port is mapped to the next free source port available." ::= { ipNatOutEntry 11 } ipNatOutExtMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "With ipNatOutExtAddr, this object specifies the external 'IP address' or 'NET address' to which the internal IP address is mapped. - To map exactly to ipNatOutExtAddr (i.e. map to a single IP address), ipNatOutExtMask MUST be set to 255.255.255.255 - To keep HOST part of source IP address and map only the NET part, ipNatOutExtMask MUST be the related subnet mask (and it should be the same as ipNatOutIntMask)." ::= { ipNatOutEntry 12 } ipHostsAliveTable OBJECT-TYPE SYNTAX SEQUENCE OF IpHostsAliveEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table specifies the watched IP addresses. Entries in the table are created and removed manually by network management." ::= { biboip 19 } ipHostsAliveEntry OBJECT-TYPE SYNTAX IpHostsAliveEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipHostsAliveIPAddress } ::= { ipHostsAliveTable 1 } IpHostsAliveEntry ::= SEQUENCE { ipHostsAliveGroup INTEGER, ipHostsAliveIPAddress IpAddress, ipHostsAliveState INTEGER, ipHostsAliveInterval INTEGER, ipHostsAliveDownAction INTEGER, ipHostsAliveFirstIfIndex INTEGER, ipHostsAliveRange INTEGER, ipHostsAliveSrcIPAddress IpAddress } ipHostsAliveGroup OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-write STATUS mandatory DESCRIPTION "The group of the watched IP-Addresses" ::= { ipHostsAliveEntry 1 } ipHostsAliveIPAddress OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The watched IP-Address" ::= { ipHostsAliveEntry 2 } ipHostsAliveState OBJECT-TYPE SYNTAX INTEGER { alive(1), down(2) } ACCESS read-only STATUS mandatory DESCRIPTION "The State of the watched IP-Address" ::= { ipHostsAliveEntry 3 } ipHostsAliveInterval OBJECT-TYPE SYNTAX INTEGER (1..65536) ACCESS read-write STATUS mandatory DESCRIPTION "This is the timeinterval for state verification" ::= { ipHostsAliveEntry 4 } ipHostsAliveDownAction OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), delete(3), none(4) } ACCESS read-write STATUS mandatory DESCRIPTION "This action must be perform, if the hosts do not answer " ::= { ipHostsAliveEntry 5 } ipHostsAliveFirstIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The first ifc" ::= { ipHostsAliveEntry 6 } ipHostsAliveRange OBJECT-TYPE SYNTAX INTEGER (0..65536) ACCESS read-write STATUS mandatory DESCRIPTION "The range of all ifc's" ::= { ipHostsAliveEntry 7 } ipHostsAliveSrcIPAddress OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The source IP-Address" ::= { ipHostsAliveEntry 8 } ipBodRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF ipBodRuleEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The ipBodRuleTable defines access rules for checking incoming IP packets. The rules are processed in order, i.e. each rule has a link to the next rule. The set of rules is processed until a match occurs, that means the rule's associated filter matches and the specified action is performed (either request or deny additional bandwidth). The last rule is implicitly a deny rule. The set of rules to be processed can be defined for each interface." ::= { biboip 21 } ipBodRuleEntry OBJECT-TYPE SYNTAX ipBodRuleEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipBodRuleFilterIndex } ::= { ipBodRuleTable 1 } ipBodRuleEntry ::= SEQUENCE { ipBodRuleIndex INTEGER, ipBodRuleFilterIndex INTEGER, ipBodRuleAction INTEGER, ipBodRuleDirection INTEGER, ipBodRuleNextRuleIndex INTEGER, ipBodRuleIdleTime INTEGER } ipBodRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Unique rule index." ::= { ipBodRuleEntry 1 } ipBodRuleFilterIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "References the rule's associated filter." ::= { ipBodRuleEntry 2 } ipBodRuleAction OBJECT-TYPE SYNTAX INTEGER { invoke(1), -- invoke bandwidth if filter matches invoke-if-not(2), -- invoke if filter not matches deny(3), -- deny BOD if filter matches deny-if-not(4), -- deny BOD if filter not matches ignore(5), -- ignore rule and skip to next rule delete(6) -- delete the entry from the table } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the action to be performed if the rule's associated filter matches. If set to ignore the filter is not consulted and the next rule is processed immediately." ::= { ipBodRuleEntry 3 } ipBodRuleDirection OBJECT-TYPE SYNTAX INTEGER { outgoing(1), -- used for outgoing packets only incoming(2), -- used for incoming packets only both(3) -- used for both directions } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the direction of the packets for which the rule is processed." ::= { ipBodRuleEntry 4 } ipBodRuleChannels OBJECT-TYPE SYNTAX INTEGER (0..8) ACCESS read-write STATUS mandatory DESCRIPTION "The number of B-channels to invoke if the rule's associated filter matches." ::= { ipBodRuleEntry 5 } ipBodRuleNextRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Specifies the next rule to be processed if the rule's associated filter does not match. The value 0 is used to mark the end of the rule set." ::= { ipBodRuleEntry 6 } ipBodRuleIdleTime OBJECT-TYPE SYNTAX INTEGER (-1..3600) ACCESS read-write STATUS mandatory DESCRIPTION "Specifies the time in seconds the interface-specific shorthold interval (see biboPPPTable) is extended if the rule's associated filter matches. When set to zero this setting is ignored. When set to -1 matching packets are sent piggyback, they are not considered for shorthold mode." ::= { ipBodRuleEntry 7 } ipQoSTable OBJECT-TYPE SYNTAX SEQUENCE OF ipQoSEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The ipQosTable defines the classifier rules that are applied to IP traffic arriving this interface in a particular direction. The rules are processed in order, i.e. each rule has a link to the next rule. The set of rules is processed until a match occurs, that means the rule's associated filter matches and the specified action is performed (set the IP headers TOS field, specify a service class for QoS). The set of these rules to be processed can be defined for each interface." ::= { biboip 22 } ipQoSEntry OBJECT-TYPE SYNTAX ipQoSEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipQoSFilterIndex } ::= { ipQoSTable 1 } ipQoSEntry ::= SEQUENCE { ipQoSIndex INTEGER, ipQoSFilterIndex INTEGER, ipQoSNextRuleIndex INTEGER, ipQoSAction INTEGER, ipQoSTos INTEGER, -- ipQoSClassOfService INTEGER, ipQosTosSetRate INTEGER, ipQosTosSetBurst INTEGER, -- ipQosTosSetExceedAction INTEGER, ipQoSServiceClass INTEGER, ipQoSClassId INTEGER, ipQoSDirection INTEGER } ipQoSIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Unique rule index." ::= { ipQoSEntry 1 } ipQoSFilterIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "References the associated filter (see IpFilterTable)." ::= { ipQoSEntry 2 } ipQoSNextRuleIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "Specifies the next classifier rule to be processed if the rule's associated filter does not match. The value 0 is used to mark the end of the rule set." ::= { ipQoSEntry 3 } ipQoSAction OBJECT-TYPE SYNTAX INTEGER { classify(1), -- filter matches, set TOS & classify packet classify-if-not(2), -- classify if filter not matches disabled(3), -- ignore rule and skip to next rule delete(4) -- delete the entry from the table } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the action to be performed if the associated filter matches. If set to ignore the filter is not consulted and the next rule is processed immediately, possible values: classify(1) = filter matches, set TOS & classify packet classify-if-not(2) = classify if filter doesn't match disabled(3) = ignore rule and skip to next rule delete(4) = delete the entry from the table." ::= { ipQoSEntry 4 } ipQoSTos OBJECT-TYPE SYNTAX INTEGER (0..255) ACCESS read-write STATUS mandatory DESCRIPTION "Value for TOS field inside IP header to be set." ::= { ipQoSEntry 5 } -- ipQoSClassOfService OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- ACCESS read-write -- STATUS mandatory -- -- DESCRIPTION -- "Specifies the class of service used for the congestion -- management, priorization and traffic shapping. If set to -- 256 (high priority service class) the related traffic -- will be always handled first." -- ::= { ipQoSEntry 6 } -- ipQoSTosSetRate OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "Maximum amount of packets per second that should be TOS changed." ::= { ipQoSEntry 7 } ipQoSTosSetBurst OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-write STATUS mandatory DESCRIPTION "Maximum amount of packets per second additional to the ipQosSetRate that could be TOS changed." ::= { ipQoSEntry 8 } -- ipQoSTosSetExceedAction OBJECT-TYPE -- SYNTAX INTEGER { -- none(1), -- map-to-default(2), -- remark-tos(3), -- drop(4) -- } -- ACCESS read-write -- STATUS mandatory -- -- DESCRIPTION -- "This object specifies the action to be done if the maximum -- amount of TOS changed IP packets per second is reached. -- When set to none(1) exceeding packets are attached to the -- class defined by ipQoSClassId, when set to map-to-default(2) -- these packets will be attached to the default class." -- ::= { ipQoSEntry 10 } -- ipQoSServiceClass OBJECT-TYPE SYNTAX INTEGER { normal(1), high-priority(2) } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipQoSClassId the class of service used for the congestion management, priorization and traffic shapping. If set to high-priority(2) (high priority service class) the related traffic will be always handled first and ipQoSClassId is ignored." ::= { ipQoSEntry 11 } ipQoSClassId OBJECT-TYPE SYNTAX INTEGER (1..255) ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies together with ipQoSServiceClass (normal(1) only) the class of service used for congestion avoidance, congestion management, priorization and traffic shapping. Note that this ID is not used to give a nominal priority to the related IP traffic." ::= { ipQoSEntry 12 } ipQoSDirection OBJECT-TYPE SYNTAX INTEGER { outgoing(1), -- used for outgoing packets only incoming(2), -- used for incoming packets only both(3) -- used for both directions } ACCESS read-write STATUS mandatory DESCRIPTION "This object specifies the direction for witch this classifier rule applies on this interface, possible values: outgoing(1) = used for outgoing packets only incoming(2) = used for incoming packets only both(3) = used for both directions." ::= { ipQoSEntry 13 } -- RIPTIM: add ---------------------------------------------------- -- Should be named 'ipRipStaticTable' instead ipRipTimerTable OBJECT-TYPE SYNTAX SEQUENCE OF IpRipTimerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The 'ipRipTimerTable' contains the basic configuration of the RIP protocol. Formerly created to define only the 3 timers involved in RIP process (cf RFC 2453). This set of timers is unique for the router. Values should be the same on all the routers of the whole network." ::= { biboip 23 } ipRipTimerEntry OBJECT-TYPE SYNTAX IpRipTimerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipRipVersion} ::= { ipRipTimerTable 1 } IpRipTimerEntry ::= SEQUENCE { ipRipVersion INTEGER, ipRipTimerUpdate INTEGER, ipRipTimerTimeout INTEGER, ipRipTimerGarbage INTEGER, ipRipRfc2453Timer INTEGER, ipRipRfc2091Timer INTEGER, ipRipUpdatePacketRetryTimer INTEGER, ipRipPoisonedReverse INTEGER, ipRipDistributeDefaultRoutes INTEGER, ipRipHoldDownTimer INTEGER } ipRipVersion OBJECT-TYPE -- This member only needed to have a ReadOnly "index" -- so avoiding "row creation" by EndUser. SYNTAX INTEGER (1..3) ACCESS read-only STATUS mandatory DESCRIPTION "RFC 2453, RIP Version 2." ::= { ipRipTimerEntry 1 } ipRipTimerUpdate OBJECT-TYPE SYNTAX INTEGER (1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "An unsollicited RIP response is broadcast every 'ipRipTimerUpdate' seconds." ::= { ipRipTimerEntry 2 } ipRipTimerTimeout OBJECT-TYPE SYNTAX INTEGER (1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "If 'ipRipTimerTimeout' seconds elapse from the last time an update message is received for this route, the route is dropped but keeped in routing table. Then 'garbage process' is started." ::= { ipRipTimerEntry 3 } ipRipTimerGarbage OBJECT-TYPE SYNTAX INTEGER (1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "If 'ipRipTimerGarbage' seconds elapse from the start of 'garbage process' (and if route is still 'dropped'), the route is removed from the routing table." ::= { ipRipTimerEntry 4 } ipRipRfc2453Timer OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The 'ipRipRfc2453Timer' enabled/disables variable timer definition from RFC 2453." ::= { ipRipTimerEntry 5 } ipRipRfc2091Timer OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The 'ipRipRfc2453Timer' enabled/disables variable timer definition from RFC 2091." ::= { ipRipTimerEntry 6 } ipRipUpdatePacketRetryTimer OBJECT-TYPE SYNTAX INTEGER (1..10) ACCESS read-write STATUS mandatory DESCRIPTION "If 'ipRipTimerUpdatePacketRetry' seconds elapse since the transmission of the last update packet without receiving an acknowledge the update packet is resend." ::= { ipRipTimerEntry 7 } ipRipPoisonedReverse OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Enable or disable the (currently unimplemented) control over 'poisoned reverse' route distribution." ::= { ipRipTimerEntry 8 } ipRipDistributeDefaultRoutes OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Enable or disable the distribution of 'default routes'." ::= { ipRipTimerEntry 9 } ipRipHoldDownTimer OBJECT-TYPE SYNTAX INTEGER (1..65535) ACCESS read-write STATUS mandatory DESCRIPTION "If 'ipRipHoldDownTimer' seconds elapse from the start of 'database timeout' (and if route is still 'dropped'), the route is removed from the routing table." ::= { ipRipTimerEntry 10 } -- Additional RIP filter table ------------------------------------------------ ipRipFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF IpRipFilterEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The ipRipFilterTable contains additional information related to IP and the interfaces found on the system. Entries can only be added or deleted by the system." ::= { biboip 33 } ipRipFilterEntry OBJECT-TYPE SYNTAX IpRipFilterEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipRipFilterIfIndex, ipRipFilterIpAddr, ipRipFilterNetMask, ipRipFilterPriority, ipRipFilterDirection } ::= { ipRipFilterTable 1 } IpRipFilterEntry ::= SEQUENCE { ipRipFilterEntryState INTEGER, ipRipFilterIfIndex INTEGER, ipRipFilterIpAddr IpAddress, ipRipFilterNetMask IpAddress, ipRipFilterPriority INTEGER, ipRipFilterDirection INTEGER, ipRipFilterDistribution INTEGER, ipRipFilterMetric1IfUpOffset INTEGER, ipRipFilterMetric1IfDormantOffset INTEGER } ipRipFilterEntryState OBJECT-TYPE SYNTAX INTEGER { active(1), delete(2) } ACCESS read-write STATUS mandatory DESCRIPTION "makes entry active" ::= { ipRipFilterEntry 1 } ipRipFilterIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory DESCRIPTION "The index value which uniquely identifies the local interface through which the next hop of this route should be reached. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex." ::= { ipRipFilterEntry 2 } ipRipFilterIpAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "The IP-Address range affected by the filter operation. Ranges are seperately defined for import and export." ::= { ipRipFilterEntry 3 } ipRipFilterNetMask OBJECT-TYPE SYNTAX IpAddress ACCESS read-write STATUS mandatory DESCRIPTION "Indicate the mask to be logical-ANDed with the ip-address before being compared to the value in the ipRipFilterIpAddr field. The BRICK is able to use arbitrary subnet-masks. If the subnet mask is not specified, it will be set automatically according to the following table: 0.0.0.0 default route 255.0.0.0 class-A 255.255.0.0 class-B 255.255.255.0 class-C If the value of the ipRipFilterIpAddr is 0.0.0.0 (a default route) then the mask value is also 0.0.0.0. It should be noted that all IP routing subsystems implicitly use this mechanism. Host routes are created by setting the subnet mask to 255.255.255.255." ::= { ipRipFilterEntry 4 } ipRipFilterPriority OBJECT-TYPE SYNTAX INTEGER (1..16) ACCESS read-write STATUS mandatory DESCRIPTION "If more than one filter matches the IP-Address range this priority decides which filter to apply. 1 indictes highest priority and 16 lowest priority" ::= { ipRipFilterEntry 5 } ipRipFilterDirection OBJECT-TYPE SYNTAX INTEGER { import(1), export(2) } ACCESS read-write STATUS mandatory DESCRIPTION "The direction the filter is defined for." ::= { ipRipFilterEntry 6 } ipRipFilterDistribution OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Include or exclude the IP-Address range from distribution." ::= { ipRipFilterEntry 7 } ipRipFilterMetric1IfUpOffset OBJECT-TYPE SYNTAX INTEGER (-16..16) ACCESS read-write STATUS mandatory DESCRIPTION "Add 'ipRipFilterMetric1IfUpOffset' to metric1 during import of this route if the operation status of this interface is up. On export, add 'ipRipFilterMetric1IfUpOffset' to the exported metric value if the operation status of this interface is up." ::= { ipRipFilterEntry 8 } ipRipFilterMetric1IfDormantOffset OBJECT-TYPE SYNTAX INTEGER (-16..16) ACCESS read-write STATUS mandatory DESCRIPTION "Add 'ipRipFilterMetric1IfDormantOffset' to metric1 during import of this route if the operation status of this interface is dormant. On export, add 'ipRipFilterMetric1IfDormantOffset' to the exported metric value if the operation status of this interface is dormant." ::= { ipRipFilterEntry 9 } -- The STATIC ipIcmp Table contains all extended configuration related to ICMP ipIcmp OBJECT IDENTIFIER ::= { biboip 32 } ipIcmpSourceQuench OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } ACCESS read-write STATUS mandatory DESCRIPTION "enabled : If an IP packet is discarded due to congestion, the system sends an ICMP 'Source-Quench' message back to the originator of the packet. For congestion-control/prevention, the system may send ICMP 'Source-Quench' messages also. This is the default behavior of the system. The rate of ICMP 'Source Quench' messages is limited to max. 1 message/s per originator. disabled: system never sends ICMP 'Source-Quench' messages (not for congestions nor for congestion-control). " ::= { ipIcmp 1 } ipIcmpTimeExceededTrans OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } ACCESS read-write STATUS mandatory DESCRIPTION "enabled : If an IP packet could not be delivered/forwarded to destination due to packet TTL (Time to live) or dialup-interface timeout, the packet is discarded and the system sends an ICMP 'Time-Exceeded/Trans' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet could not be delivered/forwarded to destination due to packet TTL (Time to live) or dialup-interface timeout, the packet is silently discarded. ICMP 'Time Exceeded/Trans' messages should be disabled with care (only if really necessary), because some usefull external tools based on this protocol (e.g. 'traceroute'). " ::= { ipIcmp 2 } ipIcmpTimeExceededFrag OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } ACCESS read-write STATUS mandatory DESCRIPTION "enabled : If an IP packet could not be delivered/forwarded to destination due to fragment-reassembly timeout, the system sends an ICMP 'Time-Exceeded/Fragment' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet could not be delivered/forwarded to destination due to fragment-reassembly timeout, the IP packet is silently discarded. ICMP 'Time Exceeded/Fragment' messages should be disabled with care (only if really necessary). " ::= { ipIcmp 3 } ipIcmpDestUnreachFrag OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } ACCESS read-write STATUS mandatory DESCRIPTION "enabled : If an IP packet could not be delivered/forwarded to destination due to MTU/Dont-Fragment error (packet must be fragmented due to interface-MTU but Dont-Fragment (DF) bit is set in IP header), the IP packet is discarded and the system sends an ICMP 'Destination-Unreachable/Fragment' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet could not be delivered/forwarded to destination due to interface-MTU/DF-bit problem, the packet is silently discarded. ICMP 'Destination-UnreachableFragment' messages should be disabled with care (only if really necessary). Disabling of this ICMP messages will make Path MTU Discovery impossible and might lead to bad performance behaviours. " ::= { ipIcmp 4 } ipIcmpDestUnreachHost OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } ACCESS read-write STATUS mandatory DESCRIPTION "enabled : If an IP packet could not be delivered/forwarded to destination due to routing errors (e.g. no matching route exists, interface down/blocked), the packet is discarded and the system sends an ICMP 'Destination-Unreachable/Host' message back to the originator of the packet. This is the default behavior of the system. (see ipIcmpDestUnreachHostTcp also) disabled: If an IP packet could not be delivered/forwarded to destination due to routing errors (e.g. no matching route exists, interface down/blocked), the packet is silently discarded. ICMP 'Destination-Unreachable/Host' messages should be disabled with care (only if really necessary). The functionality of the virtual REFUSE-Interface is NOT affected by this parameter - the system will continue to send ICMP 'Dest-Unreachable/Host' messages for all packets explicity routed to this Interface (ifIndex 0). The functionality of ipExtIfNatSilentDeny=disabled is NOT affected by this parameter - the system will continue to send ICMP 'Dest-Unreachable/Host' messages for incoming IP-Packets that does not pass the NAT barrier of NAT-enabled Interfaces. " ::= { ipIcmp 5 } ipIcmpDestUnreachHostTcp OBJECT-TYPE SYNTAX INTEGER { tcp-rst(1), icmp(2) } ACCESS read-write STATUS mandatory DESCRIPTION "Set ICMP (Dest Unreachable/Host) behavior for TCP packets. tcp-rst : If a TCP packet can not be delivered/forwarded to destination (e.g. no matching route exists, interface down/blocked), the TCP-Connection is terminated by sending a TCP-RST message (a TCP packet with RST-bit set in TCP-header) back to the originator of the packet. This is the default behavior of the system. The TCP RST message is send INSTEAD of an ICMP 'Destination-Unreachable/Host' message. If ipIcmpDestUnreachHost is set to disabled(2), no TCP-RST message is sent back. icmp : TCP traffic is handled like all other IP traffic. (see description of ipIcmpDestUnreachHost) " ::= { ipIcmp 6 } ipIcmpDestUnreachProto OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } ACCESS read-write STATUS mandatory DESCRIPTION "enabled: If an IP packet addressed to local system could not be handled due to unsupported protocol type in IP packet-header (e.g. not TCP, UDP or ICMP), the packet is discarded and the system sends an ICMP 'Destination-Unreachable/Proto' message back to the originator of the packet. This is the default behavior of the system. disabled: If an IP packet addressed to local system could not be handled due to unsupported protocol type in IP packet-header (e.g. not TCP, UDP or ICMP), the packet is silently discarded. ICMP 'Destination-Unreachable/Proto' messages should be disabled with care (only if really necessary). " ::= { ipIcmp 7 } ipIcmpEchoReply OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } ACCESS read-write STATUS mandatory DESCRIPTION "enabled : each incoming ICMP 'Echo-Request' message addressed to local system is answered with an ICMP 'Echo-Reply' message. This is the default behavior of the system. disabled: incoming ICMP 'Echo-Request' messages addressed to local system are silently discarded. ICMP 'Echo-Reply' messages should be disabled with care (only if really necessary), because some usefull external tools based on this protocol (e.g. 'ping'). local 'pings' to other system/routers are not affected by this parameter. " ::= { ipIcmp 8 } ipIcmpMaskReply OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled (2) } ACCESS read-write STATUS mandatory DESCRIPTION "enabled : each incoming ICMP 'Mask-Request' message addressed to local system is answered with an ICMP 'Mask-Reply' message. This is the default behavior of the system. disabled: incoming ICMP 'Mask-Request' messages addressed to local system are silently discarded. ICMP 'Echo-Mask' messages should be disabled with care (only if really necessary), because subnet-discovery based on this protocol. " ::= { ipIcmp 9 } ipNatExpTable OBJECT-TYPE SYNTAX SEQUENCE OF IpNatExpEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "If NAT is switched on for an interface, this table contains entries for expected sessions. Table entries are creates by the system whenever there is a need for a new incoming session. Table entries are removed after timeout or if the expected session is established. " ::= { biboip 34 } ipNatExpEntry OBJECT-TYPE SYNTAX IpNatExpEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "" INDEX { ipNatIfIndex } ::= { ipNatExpTable 1 } IpNatExpEntry ::= SEQUENCE { ipNatExpIfIndex INTEGER, ipNatExpProtocol INTEGER, ipNatExpIntAddr IpAddress, ipNatExpIntPort INTEGER, ipNatExpExtAddr IpAddress, ipNatExpExtPort INTEGER, ipNatExpRemoteAddr IpAddress } ipNatExpIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the interface, for which the session is expected." ::= { ipNatExpEntry 1 } ipNatExpProtocol OBJECT-TYPE SYNTAX INTEGER { icmp(1), tcp(6), udp(17), gre(47), esp(50), ah(51), ospf(89), l2tp(115) } ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the protocol, the expected session is using. " ::= { ipNatExpEntry 2 } ipNatExpIntAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the internal local IP Address used for the expected session. " ::= { ipNatExpEntry 3 } ipNatExpIntPort OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the internal local portnumber used for the expected session. " ::= { ipNatExpEntry 4 } ipNatExpExtAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the external local address used for the expected session. " ::= { ipNatExpEntry 5 } ipNatExpExtPort OBJECT-TYPE SYNTAX INTEGER (0..65535) ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the external local portnumber used for the expetcted session. " ::= { ipNatExpEntry 6 } ipNatExpRemoteAddr OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "This object specifies the remote IP-address used for the expected session. " ::= { ipNatExpEntry 7 } END -- of BIANCA-BRICK definitions