CISCO-FILTER-GROUP-MIB
File:
CISCO-FILTER-GROUP-MIB.mib (29685 bytes)
Imported modules
Imported symbols
Defined Types
CfgFilterGroupName |
|
This textual convention defines the filter
group. Filter group provides a name for
combining multiple types of objects of
same category. The object value shall be
an alphanumeric string. |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(0..64) |
|
CfgFilterGroupEntry |
|
SEQUENCE |
|
|
|
|
cfgFilterGroupName |
CfgFilterGroupName |
|
|
cfgFilterGroupType |
INTEGER |
|
|
cfgFilterGroupDescription |
SnmpAdminString |
|
|
cfgFilterGroupStorageType |
StorageType |
|
|
cfgFilterGroupRowStatus |
RowStatus |
|
CfgFilterNetworkGroupEntry |
|
SEQUENCE |
|
|
|
|
cfgFilterNetworkGroupIndex |
Unsigned32 |
|
|
cfgFilterNetworkAddressType |
InetAddressType |
|
|
cfgFilterNetworkAddress |
InetAddress |
|
|
cfgFilterNetworkMask |
InetAddress |
|
|
cfgFilterNetworkStorageType |
StorageType |
|
|
cfgFilterNetworkRowStatus |
RowStatus |
|
CfgFilterIpProtocolGroupEntry |
|
SEQUENCE |
|
|
|
|
cfgFilterIpProtocolGroupIndex |
Unsigned32 |
|
|
cfgFilterIpProtocolNumber |
CiscoIpProtocol |
|
|
cfgFilterIpProtocolStorageType |
StorageType |
|
|
cfgFilterIpProtocolGroupRowStatus |
RowStatus |
|
CfgFilterIpServiceGroupEntry |
|
SEQUENCE |
|
|
|
|
cfgFilterIpServiceGroupIndex |
Unsigned32 |
|
|
cfgFilterIpServiceType |
INTEGER |
|
|
cfgFilterIpServicePortLow |
InetPortNumber |
|
|
cfgFilterIpServicePortHigh |
InetPortNumber |
|
|
cfgFilterIpServiceStorageType |
StorageType |
|
|
cfgFilterIpServiceGroupRowStatus |
RowStatus |
|
CfgFilterICMPGroupEntry |
|
SEQUENCE |
|
|
|
|
cfgFilterICMPGroupIndex |
Unsigned32 |
|
|
cfgFilterICMPType |
Integer32 |
|
|
cfgFilterICMPCode |
Integer32 |
|
|
cfgFilterICMPStorageType |
StorageType |
|
|
cfgFilterICMPGroupRowStatus |
RowStatus |
|
CfgFilterNestedGroupEntry |
|
SEQUENCE |
|
|
|
|
cfgFilterParentGroupName |
CfgFilterGroupName |
|
|
cfgFilterNestedGroupName |
CfgFilterGroupName |
|
|
cfgFilterNestedStorageType |
StorageType |
|
|
cfgFilterNestedGroupRowStatus |
RowStatus |
|
Defined Values
ciscoFilterGroupMIB |
1.3.6.1.4.1.9.9.474 |
The MIB module is for creating and configuring
object groups to support packet filtering and
access control on IP and other protocols.
The cfgFilterGroupTable allows users to create
delete, and get information about filter groups.
Filter groups are uniquely identified by the
group names. Filter groups can either be of
network, protocol, service and icmp and filter
group type cannot be changed once it has been created.
The cfgFilterNetworkGroupTable is used for managing
information about IP Addresses.
The cfgFilterIpProtocolGroupTable is used for managing
information about protocols.
The cfgFilterIpServiceGroupTable is used for managing
information about services(ports).
The cfgFilterICMPGroupTable is used for managing
information about ICMP protocol.
The cfgFilterNestedGroupTable is used for supporting
nesting of filter groups(i.e configuring filter groups
inside the other filter groups).
Terminologies used:
ICMP - Internet Control Message Protocol. |
MODULE-IDENTITY |
|
|
|
cfgFilterGroupTable |
1.3.6.1.4.1.9.9.474.1.1.1 |
This table is used for creating/deleting
filter groups. A filter group allows grouping
of filter objects of same type. Filter group
is identified by a name and this group can be
used in other tables to simplify filter creation.
Filter objects are Internet addresses, Internet
Address masks, protocols, ports(services)
and ICMP types. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CfgFilterGroupEntry |
|
cfgFilterGroupEntry |
1.3.6.1.4.1.9.9.474.1.1.1.1 |
An entry in filter group table. Each entry
contains information such as filter group type,
filter description. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CfgFilterGroupEntry |
|
|
cfgFilterGroupType |
1.3.6.1.4.1.9.9.474.1.1.1.1.2 |
This object identifies the type of the filter group.
The possible values are:
network (1) : specifies network group.
This group contains information on
the IP address and address mask.
This information is available in
cfgFilterNetworkGroupTable.
ipProtocol (2) : specifies IP protocol group.
This group contains protocol value.
This information is available in
cfgFilterIpProtocolGroupTable.
ipService (3) : specifies IP service group.
This group contains information on
UDP/TCP port. This information is
available in cfgFilterIpServiceGroupTable.
icmp (4) : specifies the ICMP group.
This group contains information on ICMP
Message Type and ICMP message code.
This information is available in
cfgFilterICMPGroupTable.
The value of this object cannot be changed
when cfgFilterGroupRowStatus is 'active'. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
network(1), ipProtocol(2), ipService(3), icmp(4) |
|
cfgFilterGroupRowStatus |
1.3.6.1.4.1.9.9.474.1.1.1.1.5 |
This object is used for adding/deleting
entries in this table. This object can be
set to 'active' only if cfgFilterGroupType
is configured for the row. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
cfgFilterNetworkGroupTable |
1.3.6.1.4.1.9.9.474.1.1.2 |
This table is used for adding/deleting network
filter group. A network filter group is used to
specify host IP addresses or subnet ranges.
This is applicable only for the cfgFilterGroupType
value of 'network'. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CfgFilterNetworkGroupEntry |
|
cfgFilterNetworkGroupEntry |
1.3.6.1.4.1.9.9.474.1.1.2.1 |
An entry in network filter group table.
Each entry contains information on the
IP address and the mask value that can be
used in filtering the packet. Multiple entries
with the same value of cfgFilterGroupName belong
to the same network filter group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CfgFilterNetworkGroupEntry |
|
|
cfgFilterNetworkGroupIndex |
1.3.6.1.4.1.9.9.474.1.1.2.1.1 |
This object identifies an unique entry
for a network filter group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
cfgFilterNetworkAddressType |
1.3.6.1.4.1.9.9.474.1.1.2.1.2 |
This is the internet address type of for the
cfgFilterNetworkAddress and cfgFilterNetworkMask.
The value of this object cannot be changed
when cfgFilterGroupRowStatus is 'active'. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddressType |
|
|
cfgFilterNetworkAddress |
1.3.6.1.4.1.9.9.474.1.1.2.1.3 |
The source/destination internet address to be
configured. A value of zero causes all source/destination
address to match in an IP filter where this group is used.
The object value has to be consistent with the type
specified in cfgFilterNetworkAddressType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
cfgFilterNetworkMask |
1.3.6.1.4.1.9.9.474.1.1.2.1.4 |
This is the wild card mask for the
cfgFilterNetworkAddress bits that must match.
Presence of 0 bits in the mask indicate that
corresponding bits in the cfgFilterNetworkAddress
must match in order for the matching to be successful,
and 1 bits are don't care bits in the matching.
A value of zero causes only IP packets of source
and destination address the same as
cfgFilterNetworkAddress to match.
This object value has to be consistent with the type
specified in cfgFilterNetworkAddressType. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
cfgFilterNetworkRowStatus |
1.3.6.1.4.1.9.9.474.1.1.2.1.6 |
This object is used for adding/deleting
entries in this table. This object can be
set to 'active' only with valid value
for cfgFilterNetworkAddressType object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
cfgFilterIpProtocolGroupTable |
1.3.6.1.4.1.9.9.474.1.1.3 |
This table is used for adding/deleting protocol
filter group. A protocol filter group is used to
specify protocol(s). This is applicable only for
the cfgFilterGroupType value of 'ipProtocol'. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CfgFilterIpProtocolGroupEntry |
|
cfgFilterIpProtocolGroupEntry |
1.3.6.1.4.1.9.9.474.1.1.3.1 |
Each entry is an IP Protocol traffic filter within
an IP filter profile. Entries with the same
cfgFilterGroupName belong to the same protocol
filter group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CfgFilterIpProtocolGroupEntry |
|
|
cfgFilterIpProtocolNumber |
1.3.6.1.4.1.9.9.474.1.1.3.1.2 |
This object identifies the internet protocol number
in the packets. These IP protocol numbers are defined
in the Network Group Request For Comments(RFC) documents.
For example, Cisco commonly used protocol includes:
1 - Internet Control Message Protocol (ICMP)
2 - Internet Gateway Message Protocol (IGMP)
4 - IP in IP tunneling
6 - Transmission Control Protocol (TCP)
9 - Cisco's IGRP routing protocol (IGRP)
17 - User Datagram Protocol (UDP)
47 - Cisco's GRE tunneling (GRE)
50 - Encapsulation Security Payload
51 - Authentication Header Protocol
88 - Cisco's EIGRP routing protocol
89 - OSPF routing protocol
94 - KA9Q NOS compatible IP over IP tunneling
103 - Protocol Independent Multicast
108 - Payload Compression Protocol. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
CiscoIpProtocol |
|
|
cfgFilterIpProtocolGroupRowStatus |
1.3.6.1.4.1.9.9.474.1.1.3.1.4 |
This object is used for adding/deleting
entries in this table. This object can be
set to 'active' only with valid value
for cfgFilterIpProtocolNumber object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
cfgFilterIpServiceGroupTable |
1.3.6.1.4.1.9.9.474.1.1.4 |
This table is used for adding/deleting service
filter group. A service filter group is used to
specify specific or ranges of TCP/UDP ports to
be defined. This filter group can be used as
either the source port(s) or destination port(s)
in the associated cfgFilterExtTable. This is
applicable only for the cfgFilterGroupType
value of 'ipService'. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CfgFilterIpServiceGroupEntry |
|
cfgFilterIpServiceGroupEntry |
1.3.6.1.4.1.9.9.474.1.1.4.1 |
Each entry is an IP Protocol traffic filter within
an IP filter profile. Entries with the same
cfgFilterGroupName belong to the same protocol
filter group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CfgFilterIpServiceGroupEntry |
|
|
cfgFilterIpServiceType |
1.3.6.1.4.1.9.9.474.1.1.4.1.2 |
This object identifies the protocol type
of the port for this group.
The possible value(s) are :
tcp(1) : TCP port.
udp(2) : UDP port.
tcpUdp(3) : TCP/UDP port. This value is
applicable for a port which is
same for both TCP and UDP. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
INTEGER |
tcp(1), udp(2), tcpUdp(3) |
|
cfgFilterIpServicePortLow |
1.3.6.1.4.1.9.9.474.1.1.4.1.3 |
This object identifies the source or destination
port number. This is the inclusive lower bound of
the transport-layer source/destination port range
that is to be matched in the filter where this group
is defined. This value must be equal to or less than
the value specified for this entry in
cfgFilterServicePortHigh. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
cfgFilterIpServicePortHigh |
1.3.6.1.4.1.9.9.474.1.1.4.1.4 |
This object identifies the source or destination
port number. This is the inclusive upper bound of
the transport-layer source/destination port range
that is to be matched in the filter where this group
is defined. This value must be equal to or greater
than the value specified for this entry in
cfgFilterServicePortLow. If this value is '0',
the udp or tcp port number is ignored during matching. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
cfgFilterIpServiceGroupRowStatus |
1.3.6.1.4.1.9.9.474.1.1.4.1.6 |
This object is used for adding/deleting
entries in this table. This object can be
set to 'active' only with valid value
for cfgFilterIpServiceType object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
cfgFilterICMPGroupTable |
1.3.6.1.4.1.9.9.474.1.1.5 |
This table contains lists of filters for
ICMP Type filter group. An ICMP Type filter
group can be configured with multiple entries
each representing the ICMP message types and
ICMP message code. This is applicable only for
the cfgFilterGroupType value of 'icmp'. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CfgFilterICMPGroupEntry |
|
cfgFilterICMPGroupEntry |
1.3.6.1.4.1.9.9.474.1.1.5.1 |
An entry in ICMP filter group table.
Each entry contains information on the
ICMP message type and ICMP code.
Multiple Entries with the same value of
cfgFilterGroupName belong to the same
ICMP filter group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CfgFilterICMPGroupEntry |
|
|
cfgFilterICMPGroupIndex |
1.3.6.1.4.1.9.9.474.1.1.5.1.1 |
This index identifies an unique entry in
this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
cfgFilterICMPType |
1.3.6.1.4.1.9.9.474.1.1.5.1.2 |
This object specifies the ICMP message type to be
configured in ICMP filter group. Setting this object
to '-1' will make the filtering match any ICMP message
type.
Some of the commonly used ICMP Message types are:
0 - Echo Reply
3 - Destination Unreachable
4 - Source Quench
5 - Redirect
8 - Echo
11 - Time Exceeded
12 - Parameter Problem
13 - Timestamp
14 - Timestamp Reply
15 - Information Request
16 - Information Reply
17 - Mask Request
18 - Mask Reply
31 - Conversion Error
32 - Mobile Redirect. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
-1..255 |
|
cfgFilterICMPCode |
1.3.6.1.4.1.9.9.474.1.1.5.1.3 |
This object specifies the ICMP message code to be
configured in ICMP filter group. Setting this object to
'-1' will make the filtering match any ICMP code. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
Integer32 |
-1..255 |
|
cfgFilterICMPGroupRowStatus |
1.3.6.1.4.1.9.9.474.1.1.5.1.5 |
This object is used for adding/deleting
entries in this table. This object can be
set to 'active' only with valid value
for cfgFilterICMPType object. |
Status: current |
Access: read-create |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
cfgFilterNestedGroupTable |
1.3.6.1.4.1.9.9.474.1.1.6 |
This table contains lists of filter groups
that are configured in other filter group.
This table is used for configuring a group
as member of another group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CfgFilterNestedGroupEntry |
|
cfgFilterNestedGroupEntry |
1.3.6.1.4.1.9.9.474.1.1.6.1 |
An entry in nested filter group table.
Each entry contains information on the
a group that is configured in another group. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CfgFilterNestedGroupEntry |
|
|
cfgFilterParentGroupName |
1.3.6.1.4.1.9.9.474.1.1.6.1.1 |
This object identifies the filter group that is
previously created and to which another filter
group identified by cfgFilterNestedGroupName
will be added. The value for this object
must correspond to entry in cfgFilterGroupTable. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CfgFilterGroupName |
|
|
cfgFilterNestedGroupName |
1.3.6.1.4.1.9.9.474.1.1.6.1.2 |
This object identifies the filter group that is
previously created and is being added to another
filter group identified by cfgFilterParentGroupName.
The value for this object must correspond to entry
in cfgFilterGroupTable. The value for this object
should not be same as the value of cfgFilterParentGroupName.
The value for this object must be unique amongst the
multiple instances with the same value of
cfgFilterParentGroupName. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CfgFilterGroupName |
|
|
ciscoFilterGroupConfigMIBCompliance |
1.3.6.1.4.1.9.9.474.2.1.1 |
The compliance statement for entities implementing
the Cisco IP Protocol Filter MIB. |
Status: current |
Access: read-create |
MODULE-COMPLIANCE |
|
|
|
ciscoFilterObjectGroup |
1.3.6.1.4.1.9.9.474.1.2 |
Configuration parameters for filter groups. |
Status: current |
Access: read-create |
OBJECT-GROUP |
|
|
|
ciscoFilterNetworkGroup |
1.3.6.1.4.1.9.9.474.1.3 |
Configuration parameters for network filters. |
Status: current |
Access: read-create |
OBJECT-GROUP |
|
|
|
ciscoFilterIpProtocolGroup |
1.3.6.1.4.1.9.9.474.1.4 |
Configuration parameters for protocol filters. |
Status: current |
Access: read-create |
OBJECT-GROUP |
|
|
|
ciscoFilterIpServiceGroup |
1.3.6.1.4.1.9.9.474.1.5 |
Configuration parameters for port filters. |
Status: current |
Access: read-create |
OBJECT-GROUP |
|
|
|
ciscoFilterICMPGroup |
1.3.6.1.4.1.9.9.474.1.6 |
Configuration parameters related to
ICMP filter group. |
Status: current |
Access: read-create |
OBJECT-GROUP |
|
|
|
ciscoFilterNestedGroup |
1.3.6.1.4.1.9.9.474.1.7 |
Configuration parameters related to
nesting of filter group. |
Status: current |
Access: read-create |
OBJECT-GROUP |
|
|
|