CISCO-TAP-MIB
File:
CISCO-TAP-MIB.mib (45803 bytes)
Imported modules
Imported symbols
Defined Types
CTapStreamIpEntry |
|
SEQUENCE |
|
|
|
|
cTapStreamIpIndex |
INTEGER |
|
|
cTapStreamIpInterface |
INTEGER |
|
|
cTapStreamIpAddrType |
InetAddressType |
|
|
cTapStreamIpDestinationAddress |
InetAddress |
|
|
cTapStreamIpDestinationLength |
InetAddressPrefixLength |
|
|
cTapStreamIpSourceAddress |
InetAddress |
|
|
cTapStreamIpSourceLength |
InetAddressPrefixLength |
|
|
cTapStreamIpTosByte |
INTEGER |
|
|
cTapStreamIpTosByteMask |
INTEGER |
|
|
cTapStreamIpFlowId |
INTEGER |
|
|
cTapStreamIpProtocol |
INTEGER |
|
|
cTapStreamIpDestL4PortMin |
InetPortNumber |
|
|
cTapStreamIpDestL4PortMax |
InetPortNumber |
|
|
cTapStreamIpSourceL4PortMin |
InetPortNumber |
|
|
cTapStreamIpSourceL4PortMax |
InetPortNumber |
|
|
cTapStreamIpInterceptEnable |
TruthValue |
|
|
cTapStreamIpInterceptedPackets |
Counter |
|
|
cTapStreamIpInterceptDrops |
Counter |
|
|
cTapStreamIpStatus |
RowStatus |
|
CTapStream802Entry |
|
SEQUENCE |
|
|
|
|
cTapStream802Index |
INTEGER |
|
|
cTapStream802Fields |
OCTET STRING |
|
|
cTapStream802Interface |
INTEGER |
|
|
cTapStream802DestinationAddress |
MacAddress |
|
|
cTapStream802SourceAddress |
MacAddress |
|
|
cTapStream802EthernetPid |
INTEGER |
|
|
cTapStream802SourceLlcSap |
INTEGER |
|
|
cTapStream802DestinationLlcSap |
INTEGER |
|
|
cTapStream802InterceptEnable |
TruthValue |
|
|
cTapStream802InterceptedPackets |
Counter |
|
|
cTapStream802InterceptDrops |
Counter |
|
|
cTapStream802Status |
RowStatus |
|
CTapDebugEntry |
|
SEQUENCE |
|
|
|
|
cTapDebugIndex |
Gauge |
|
|
cTapDebugMessage |
SnmpAdminString |
|
Defined Values
cTapMIB |
1.3.6.1.4.1.9.9.252 |
OBJECT IDENTIFIER |
|
|
|
cTapMediationEntry |
1.3.6.1.4.1.9.9.252.1.1.2.1 |
The entry describes a single session maintained with an
application on a Mediation Device. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CTapMediationEntry |
|
|
cTapMediationContentId |
1.3.6.1.4.1.9.9.252.1.1.2.1.1 |
cTapMediationContentId is a session identifier, from the
intercept application's perspective, and a content identifier
from the Mediation Device's perspective. The Mediation Device
is responsible for making sure these are unique, although the
SNMP RowStatus row creation process will help by not allowing
it to create conflicting entries. Before creating a new entry,
a value for this variable may be obtained by reading
cTapMediationNewIndex to reduce the probability of a value
collision. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..2147483647 |
|
cTapStreamCapabilities |
1.3.6.1.4.1.9.9.252.1.2.1 |
This object displays what types of intercept streams can be
configured on this type of device. This may be dependent on
hardware capabilities, software capabilities. The following
fields may be supported:
interface: SNMP ifIndex Value may be used to select
interception of all data crossing an
interface or set of interfaces.
tapEnable: set if table entries with
cTapStreamIpInterceptEnable set to 'false'
are used to pre-screen packets for intercept;
otherwise these entries are ignored.
ipV4: IPv4 Address or prefix may be used to select
traffic to be intercepted.
ipV6: IPv6 Address or prefix may be used to select
traffic to be intercepted.
l4Port: TCP/UDP Ports may be used to select traffic
to be intercepted.
dscp: DSCP may be used to select traffic to be
intercepted.
dstMacAddr: Destination MAC Address may be used to select
traffic to be intercepted.
srcMacAddr: Source MAC Address may be used to select
traffic to be intercepted.
ethernetPid: Ethernet Protocol Identifier may be used to
select traffic to be intercepted.
dstLlcSap: IEEE 802.2 Destination SAP may be used to
select traffic to be intercepted.
srcLlcSap: IEEE 802.2 Source SAP may be used to select
traffic to be intercepted. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..2) |
|
cTapStreamIpTable |
1.3.6.1.4.1.9.9.252.1.2.2 |
The Intercept Stream IP Table lists the IPv4 and IPv6 streams
to be intercepted. The same data stream may be required by
multiple taps, and one might assume that often the intercepted
stream is a small subset of the traffic that could be
intercepted.
This essentially provides options for packet selection, only
some of which might be used. For example, if all traffic to or
from a given interface is to be intercepted, one would
configure an entry which lists the interface, and wild-card
everything else. If all traffic to or from a given IP Address
is to be intercepted, one would configure two such entries
listing the IP Address as source and destination respectively,
and wild-card everything else. If a particular voice on a
teleconference is to be intercepted, on the other hand, one
would extract the multicast (destination) IP address, the
source IP Address, the protocol (UDP), and the source and
destination ports from the call control exchange and list all
necessary information.
The first index indicates which Mediation Device the
intercepted traffic will be diverted to. The second index
permits multiple classifiers to be used together, such as
having an IP address as source or destination. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CTapStreamIpEntry |
|
cTapStreamIpEntry |
1.3.6.1.4.1.9.9.252.1.2.2.1 |
A stream entry indicates a single data stream to be
intercepted to a Mediation Device. Many selected data
streams may go to the same application interface, and many
application interfaces are supported. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CTapStreamIpEntry |
|
|
cTapStreamIpIndex |
1.3.6.1.4.1.9.9.252.1.2.2.1.1 |
The index of the stream itself. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..2147483647 |
|
cTapStreamIpInterface |
1.3.6.1.4.1.9.9.252.1.2.2.1.2 |
The ifIndex value of the interface over which traffic to be
intercepted is received or transmitted. The interface may be
physical or virtual. If this is the only parameter specified,
and it is other than -1 or 0, all traffic on the selected
interface will be chosen.
If the value is zero, matching traffic may be received or
transmitted on any interface. Additional selection parameters
must be selected to limit the scope of traffic intercepted.
This is most useful on non-routing platforms or on intercepts
placed elsewhere than a subscriber interface.
If the value is -1, one or both of
cTapStreamIpDestinationAddress and cTapStreamIpSourceAddress
must be specified with prefix length greater than zero.
Matching traffic on the interface pointed to by ipRouteIfIndex
or ipCidrRouteIfIndex values associated with those values is
intercepted, whichever is specified to be more focused than a
default route. If routing changes, either by operator action
or by routing protocol events, the interface will change with
it. This is primarily intended for use on subscriber interfaces
and other places where routing is guaranteed to be
symmetrical.
In both of these cases, it is possible to have the same packet
selected for intersection on both its ingress and egress
interface. Nonetheless, only one instance of the packet is
sent to the Mediation Device.
This value must be set when creating a stream entry, either to
select an interface, to select all interfaces, or to select the
interface that routing chooses. Some platforms may not
implement the entire range of options. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
-1 | 0 | 1..2147483647 |
|
cTapStreamIpDestinationAddress |
1.3.6.1.4.1.9.9.252.1.2.2.1.4 |
The Destination address or prefix used in packet selection.
This address will be of the type specified in
cTapStreamIpAddrType. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
cTapStreamIpDestinationLength |
1.3.6.1.4.1.9.9.252.1.2.2.1.5 |
The length of the Destination Prefix. A value of zero causes
all addresses to match. This prefix length will be consistent
with the type specified in cTapStreamIpAddrType. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
InetAddressPrefixLength |
|
|
cTapStreamIpSourceAddress |
1.3.6.1.4.1.9.9.252.1.2.2.1.6 |
The Source Address used in packet selection. This address will
be of the type specified in cTapStreamIpAddrType. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
InetAddress |
|
|
cTapStreamIpSourceLength |
1.3.6.1.4.1.9.9.252.1.2.2.1.7 |
The length of the Source Prefix. A value of zero causes all
addresses to match. This prefix length will be consistent with
the type specified in cTapStreamIpAddrType. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
InetAddressPrefixLength |
|
|
cTapStreamIpTosByte |
1.3.6.1.4.1.9.9.252.1.2.2.1.8 |
The value of the TOS byte, when masked with
cTapStreamIpTosByteMask, of traffic to be intercepted.
If cTapStreamIpTosByte & (~cTapStreamIpTosByteMask) != 0,
configuration is rejected. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
0..255 |
|
cTapStreamIpTosByteMask |
1.3.6.1.4.1.9.9.252.1.2.2.1.9 |
The value of the TOS byte in an IPv4 or IPv6 header is ANDed
with cTapStreamIpTosByteMask and compared with
cTapStreamIpTosByte.
If the values are equal, the comparison is equal. If the mask
is zero and the TosByte value is zero, the result is to always
accept. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
0..255 |
|
cTapStreamIpFlowId |
1.3.6.1.4.1.9.9.252.1.2.2.1.10 |
The flow identifier in an IPv6 header. -1 indicates that the
Flow Id is unused. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
-1 | 0..1048575 |
|
cTapStreamIpProtocol |
1.3.6.1.4.1.9.9.252.1.2.2.1.11 |
The IP protocol to match against the IPv4 protocol number or
the IPv6 Next- Header number in the packet. -1 means 'any IP
protocol'. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
-1 | 0..255 |
|
cTapStreamIpDestL4PortMin |
1.3.6.1.4.1.9.9.252.1.2.2.1.12 |
The minimum value that the layer-4 destination port number in
the packet must have in order to match. This value must be
equal to or less than the value specified for this entry in
cTapStreamIpDestL4PortMax.
If both cTapStreamIpDestL4PortMin and cTapStreamIpDestL4PortMax
are at their default values, the port number is effectively
unused. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
cTapStreamIpDestL4PortMax |
1.3.6.1.4.1.9.9.252.1.2.2.1.13 |
The maximum value that the layer-4 destination port number in
the packet must have in order to match this classifier entry.
This value must be equal to or greater than the value specified
for this entry in cTapStreamIpDestL4PortMin.
If both cTapStreamIpDestL4PortMin and cTapStreamIpDestL4PortMax
are at their default values, the port number is effectively
unused. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
cTapStreamIpSourceL4PortMin |
1.3.6.1.4.1.9.9.252.1.2.2.1.14 |
The minimum value that the layer-4 destination port number in
the packet must have in order to match. This value must be
equal to or less than the value specified for this entry in
cTapStreamIpSourceL4PortMax.
If both cTapStreamIpSourceL4PortMin and
cTapStreamIpSourceL4PortMax are at their default values, the
port number is effectively unused. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
cTapStreamIpSourceL4PortMax |
1.3.6.1.4.1.9.9.252.1.2.2.1.15 |
The maximum value that the layer-4 destination port number in
the packet must have in order to match this classifier entry.
This value must be equal to or greater than the value specified
for this entry in cTapStreamIpSourceL4PortMin.
If both cTapStreamIpSourceL4PortMin and
cTapStreamIpSourceL4PortMax are at their default values, the
port number is effectively unused. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
InetPortNumber |
|
|
cTapStreamIpInterceptEnable |
1.3.6.1.4.1.9.9.252.1.2.2.1.16 |
If 'true', the tap should intercept matching traffic.
If 'false', this entry is used to pre-screen packets for
intercept. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
cTapStreamIpInterceptedPackets |
1.3.6.1.4.1.9.9.252.1.2.2.1.17 |
The number of packets matching this data stream specification
that have been intercepted. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter |
|
|
cTapStreamIpInterceptDrops |
1.3.6.1.4.1.9.9.252.1.2.2.1.18 |
The number of packets matching this data stream specification
that, having been intercepted, were dropped in the lawful
intercept process. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter |
|
|
cTapStreamIpStatus |
1.3.6.1.4.1.9.9.252.1.2.2.1.19 |
The status of this conceptual row. This object manages
creation, modification, and deletion of rows in this table.
cTapStreamIpInterceptEnable may be modified any time even the
value of this entry rowStatus object is 'active'. When other
rows must be changed, cTapStreamIpStatus must be first set to
'notInService'. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
cTapStream802Table |
1.3.6.1.4.1.9.9.252.1.2.3 |
The Intercept Stream 802 Table lists the IEEE 802 data streams
to be intercepted. The same data stream may be required by
multiple taps, and one might assume that often the intercepted
stream is a small subset of the traffic that could be
intercepted.
This essentially provides options for packet selection, only
some of which might be used. For example, if all traffic to or
from a given interface is to be intercepted, one would
configure an entry which lists the interface, and wild-card
everything else. If all traffic to or from a given MAC Address
is to be intercepted, one would configure two such entries
listing the MAC Address as source and destination respectively,
and wild-card everything else.
The first index indicates which Mediation Device the
intercepted traffic will be diverted to. The second index
permits multiple classifiers to be used together, such as
having a MAC address as source or destination. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CTapStream802Entry |
|
cTapStream802Entry |
1.3.6.1.4.1.9.9.252.1.2.3.1 |
A stream entry indicates a single data stream to be
intercepted to a Mediation Device. Many selected data
streams may go to the same application interface, and many
application interfaces are supported. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CTapStream802Entry |
|
|
cTapStream802Index |
1.3.6.1.4.1.9.9.252.1.2.3.1.1 |
The index of the stream itself. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
INTEGER |
1..2147483647 |
|
cTapStream802Fields |
1.3.6.1.4.1.9.9.252.1.2.3.1.2 |
This object displays what attributes must be tested to
identify traffic which requires interception. The packet
matches if all flagged fields match.
interface: indicates that traffic on the stated
interface is to be intercepted
dstMacAddress: indicates that traffic destined to a
given address should be intercepted
srcMacAddress: indicates that traffic sourced from a
given address should be intercepted
ethernetPid: indicates that traffic with a stated
Ethernet Protocol Identifier should be
intercepted
dstLlcSap: indicates that traffic with an certain
802.2 LLC Destination SAP should be
intercepted
srcLlcSap: indicates that traffic with an certain
802.2 LLC Source SAP should be
intercepted
At least one of the bits has to be set in order to activate an
entry. If the bit is not on, the corresponding MIB object
value has no effect, and need not be specified when creating
the entry. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(1..2) |
|
cTapStream802Interface |
1.3.6.1.4.1.9.9.252.1.2.3.1.3 |
The ifIndex value of the interface over which traffic to be
intercepted is received or transmitted. The interface may be
physical or virtual. If this is the only parameter specified,
and it is other than -1 or 0, all traffic on the selected
interface will be chosen.
If the value is zero, matching traffic may be received or
transmitted on any interface. Additional selection parameters
must be selected to limit the scope of traffic intercepted.
This is most useful on non-routing platforms or on intercepts
placed elsewhere than a subscriber interface.
If the value is -1, one or both of
cTapStream802DestinationAddress and cTapStream802SourceAddress
must be specified. Matching traffic on the interface pointed
to by the dot1dTpFdbPort values associated with those values is
intercepted, whichever is specified. If dot1dTpFdbPort
changes, either by operator action or by protocol events, the
interface will change with it. This is primarily intended for
use on subscriber interfaces and other places where routing is
guaranteed to be symmetrical.
In both of these cases, it is possible to have the same packet
selected for intersection on both its ingress and egress
interface. Nonetheless, only one instance of the packet is
sent to the Mediation Device.
This value must be set when creating a stream entry, either to
select an interface, to select all interfaces, or to select the
interface that bridging learns. Some platforms may not
implement the entire range of options. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
-1 | 0 | 1..2147483647 |
|
cTapStream802EthernetPid |
1.3.6.1.4.1.9.9.252.1.2.3.1.6 |
The value of the Ethernet Protocol Identifier, which may be
found on Ethernet traffic or IEEE 802.2 SNAP traffic. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
0..65535 |
|
cTapStream802DestinationLlcSap |
1.3.6.1.4.1.9.9.252.1.2.3.1.7 |
The value of the IEEE 802.2 Destination SAP. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
0..65535 |
|
cTapStream802SourceLlcSap |
1.3.6.1.4.1.9.9.252.1.2.3.1.8 |
The value of the IEEE 802.2 Source SAP. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
0..65535 |
|
cTapStream802InterceptEnable |
1.3.6.1.4.1.9.9.252.1.2.3.1.9 |
If 'true', the tap enables interception of matching traffic.
If cTapStreamCapabilities flag tapEnable is zero, this may not
be set to 'false'. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
cTapStream802InterceptedPackets |
1.3.6.1.4.1.9.9.252.1.2.3.1.10 |
The number of packets matching this data stream specification
that have been intercepted. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter |
|
|
cTapStream802InterceptDrops |
1.3.6.1.4.1.9.9.252.1.2.3.1.11 |
The number of packets matching this data stream specification
that, having been intercepted, were dropped in the lawful
intercept process. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Counter |
|
|
cTapStream802Status |
1.3.6.1.4.1.9.9.252.1.2.3.1.12 |
The status of this conceptual row. This object manages
creation, modification, and deletion of rows in this table.
cTapStream802InterceptEnable can be modified any time even the
value of this entry rowStatus object is active. When other
rows must be changed, cTapStream802Status must be first set to
'notInService'. |
Status: mandatory |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
RowStatus |
|
|
cTapDebugTable |
1.3.6.1.4.1.9.9.252.1.3.1 |
A table that contains Lawful Intercept debug information
available on this device. This table is used to map an error
code to a text message for further information. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
CTapDebugEntry |
|
cTapDebugEntry |
1.3.6.1.4.1.9.9.252.1.3.1.1 |
A list of the debug messages. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
CTapDebugEntry |
|
|
cTapDebugIndex |
1.3.6.1.4.1.9.9.252.1.3.1.1.1 |
Indicates an error code. |
Status: mandatory |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
Gauge |
|
|
cTapDebugMessage |
1.3.6.1.4.1.9.9.252.1.3.1.1.2 |
A text string contains the description of an error code. |
Status: mandatory |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
cTapMIBActive |
1 |
This Notification is sent when an intercepting router or
switch is first capable of intercepting a packet corresponding
to a configured data stream. If the configured data stream is
an IP one, the value of the corresponding cTapStreamIpStatus
is included in this notification. If the configured data stream
is an IEEE 802 one, the value of the corresponding
cTapStream802Status is included in this notification.
This notification may be generated in conjunction with the
intercept application, which is designed to expect the
notification to be sent as reliably as possible, e.g., through
the use of a finite number of retransmissions until
acknowledged, as and when such mechanisms are available; for
example, with SNMPv3, this would be an InformRequest. Filter
installation can take a long period of time, during which call
progress may be delayed. |
TRAP-TYPE |
|
|
|
cTapStreamIpDebug |
4 |
When there is intervention needed due to some events related
to entries configured in cTapStreamIpTable, the device
notifies the manager of the event.
This notification may be generated in conjunction with the
intercept application, which is designed to expect the
notification to be sent as reliably as possible, e.g., through
the use of a finite number of retransmissions until
acknowledged, as and when such mechanisms are available; for
example, with SNMPv3, this would be an InformRequest. |
TRAP-TYPE |
|
|
|