CISCO-IP-PROTOCOL-FILTER-MIB Table View
Table-centric layout grouping table, row, and column objects.
Tables
5
Rows
5
Columns
38
cippfIpProfileTable
table.1.3.6.1.4.1.9.9.278.1.1.1
·
1 row entry
·
4 columns
This table lists all the existing IP protocol
filter profiles. These filter profiles contain
protocol filters used to filter IP traffic
through the device interfaces. The IP protocol
filters associated with these profiles are
defined in the cippfIpFilterTable.
For profiles to be associated with filters, the
object value of the cippfIpProfileName of a
profile must matches that of the cippfIpProfileName
of a filter entry in the cippfIpFilterTable.
Filters of the same profile name belong to a
common filter profile and are of the same usage
type of the profile.
This table can only be used to create or delete
filter profiles. Deleting any profile in this
table will also delete all the associated filters
in the cippfIpFilterTable and cause the state of
the associated 'active' filter profile in the
cippfIfIpProfileTable to be changed to 'notReady'.
All of these deleted or changed entries are
associated by virtue of the same profile name.
Each entry defines the type, state, and the last
object index assigned to a filter of the filter
profile.
object index assigned to a filter of the filter
profile.
Indexes
cippfIpProfileName
| Column | Syntax | OID | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
cippfIpProfileName
This is the unique IP protocol filter profile
identifier. If this value is the same as the cippfIpProfileName in the cippfIpFilterTable and the cippfIfIpProfileName in cippfIfIpFilterTable, they are all referring to… |
CippfIpFilterProfileName Textual Convention: CippfIpFilterProfileName OctetStringType Constraints: range: 1..64 |
.1.3.6.1.4.1.9.9.278.1.1.1.1.1 |
||||||||||||
|
cippfIpProfileType
This object determines the usage type this filter
profile. This usage type cannot be changed after the profile has been created. The usage type simple(1) implies that the valid objects of each filter … |
Enumerationr/w Enumerated Values:
|
.1.3.6.1.4.1.9.9.278.1.1.1.1.2 |
||||||||||||
|
cippfIpProfileLastFilterIndex
This value is the same as the last
cippfIpFilterIndex value assigned to a filter of this profile. |
Unsigned32 Constraints: range: 0-2147483647 |
.1.3.6.1.4.1.9.9.278.1.1.1.1.3 |
||||||||||||
|
cippfIpProfileStatus
This object controls and reflects the status of rows
in this table. To create a filter profile of a particular usage type, the NMS must do a multivarbind set containing both cippfIpProfileStatus and cippfIpProfileTyp… |
SNMPv2-TCRowStatusr/w Textual Convention: SNMPv2-TCRowStatus EnumerationType Values:
|
.1.3.6.1.4.1.9.9.278.1.1.1.1.4 |
cippfIfIpProfileTable
table.1.3.6.1.4.1.9.9.278.1.1.2
·
1 row entry
·
3 columns
This table lists all the IP protocol filter
profiles being applied to IP traffic on the
device interfaces. An IP protocol filter profile
can be shared by multiple interfaces. The filter
profiles are defined in the cippfIpProfileTable,
and filters of these profiles are defined in the
cippfIpFilterTable.
Protocol filter profiles and their associated
filters can be 'attached to' or 'removed from'
in-bound or out-bound interfaces. Both existing
and non-existing protocol filter profiles can be
'attached to' the interfaces. However, the
cippfIfIpProfileStatus will only become 'active'
if the filter profile exists in the
cippfIpProfileTable, and the filters will then
be applied to the IP traffic through the interface.
Modification of any filters associated with a
shared profile will affect all interfaces sharing
that profile.
Each interface can only be attached with one protocol
filter profile on the in-bound direction and one on
the out-bound direction.
Each entry attaches an IP traffic filter profile
to a particular device interface and a specific
traffic direction. The interface can be of any
ifType supporting and running IP.
to a particular device interface and a specific
traffic direction. The interface can be of any
ifType supporting and running IP.
Indexes
IF-MIBifIndex cippfIfIpProfileDirection
| Column | Syntax | OID | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
cippfIfIpProfileDirection
This object determines whether this filter
profile is applied to inbound or outbound traffic of a particular interface. The possible value(s) are: inbound - inbound traffic. outbound - outbound traffic. … |
Enumeration Enumerated Values:
|
.1.3.6.1.4.1.9.9.278.1.1.2.1.1 |
||||||||||||
|
cippfIfIpProfileName
This is the unique IP protocol filter profile
identifier. This value must be the same as one of the existing cippfIpProfileName object values in the cippfIpProfileTable for this profile and the cippfIfIpProfileStatu… |
CippfIpFilterProfileNamer/w Textual Convention: CippfIpFilterProfileName OctetStringType Constraints: range: 1..64 |
.1.3.6.1.4.1.9.9.278.1.1.2.1.2 |
||||||||||||
|
cippfIfIpProfileStatus
This object controls and reflects the status of rows
in this table. To apply this filter profile or remove this filter profile, the NMS must do a multivarbind set containing both cippfIfIpProfileStatus and cippfIfIpPr… |
SNMPv2-TCRowStatusr/w Textual Convention: SNMPv2-TCRowStatus EnumerationType Values:
|
.1.3.6.1.4.1.9.9.278.1.1.2.1.3 |
cippfIpFilterTable
table.1.3.6.1.4.1.9.9.278.1.1.3
·
1 row entry
·
27 columns
This table contains ordered lists of filters for
all the IP protocol filter profiles. Device traffic
filtering system applies filters of a filter profile
according to the filter order position. IP packets
matching any filter will be processed according to
the matching action specified by the filter or they
will be discarded if they do not match any filters.
Any IP packet through an interface can theoretically
match multiple filters or rows of this table of the
same filter profile. When applying a filter to a
packet, the cippfIfIpProfileTable is used to first
identify the filter profile to use, then this table
is scanned according to filter profile name and
filter order position. If the packet matches all
criteria for that row, the action defined in the
cippfIpFilterAction object of the row will be taken.
If the action for the matching filter is deny(1),
the packet is discarded and the processing is
completed. If the action for the matching filter is
permit(2), the packet is accepted and permitted to
be processed by the bridging or routing logic. If
the packet matches no filter in this table, the
packet is always deny(1) and will be dropped.
To create a filter, the cippfIpProfileName must
already exists in the cippfIpProfileTable. No filter
can be created without an existing filter in the
cippfIpProfileTable. If the filter profile is
deleted from the cippfIpProfileTable, all the
associated filters in this table will also be
deleted.
Each entry is an IP Protocol traffic filter within
an IP filter profile. Entries with the same
cippfIpProfileName belong to the same IP filter
profile.
an IP filter profile. Entries with the same
cippfIpProfileName belong to the same IP filter
profile.
Indexes
cippfIpProfileName cippfIpFilterIndex
| Column | Syntax | OID | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
cippfIpFilterIndex
This index uniquely identifies the IP protocol filters
within this table and among all filter profiles. When a new filter is added and if this value is '0', the filter will be appended as the last entry for the corre… |
Unsigned32 Constraints: range: 0-2147483647 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.1 |
||||||||||||||||||
|
cippfIpFilterOrderPosition
This object is used to order the IP protocol filters
within a filter profile. The filter with the lowest order position number is applied first, that is cippfIpFilterOrderPosition '1'. The order position number amon… |
Unsigned32r/w Constraints: range: 0-65535 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.2 |
||||||||||||||||||
|
cippfIpFilterAction
If it is set to deny(1), all packets matching
this filter will be discarded and scanning of the remainder of the filter list will be aborted. If it is set to permit(2), all packets matching this filter will be allow… |
Enumerationr/w Enumerated Values:
|
.1.3.6.1.4.1.9.9.278.1.1.3.1.3 |
||||||||||||||||||
|
cippfIpFilterAddressType
This is the IP address type of for the
cippfIpFilterSrcAddress, cippfIpFilterSrcMask, cippfIpFilterDestAddress, and cippfIpFilterDestMask. |
INET-ADDRESS-MIBInetAddressTyper/w Textual Convention: INET-ADDRESS-MIBInetAddressType EnumerationType Values:
|
.1.3.6.1.4.1.9.9.278.1.1.3.1.4 |
||||||||||||||||||
|
cippfIpFilterSrcAddress
The source IP address to be matched for this filter.
A value of zero causes all source address to match. The object value has to be consistent with the type specified in cippfIpFilterAddressType. |
INET-ADDRESS-MIBInetAddressr/w Textual Convention: INET-ADDRESS-MIBInetAddress OctetStringType Constraints: range: 0..255 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.5 |
||||||||||||||||||
|
cippfIpFilterSrcMask
This is the wildcard mask for the
cippfIpFilterSrcAddress bits that must match. 0 bits in the mask indicate the corresponding bits in the cippfIpFilterSrcAddress must match in order for the matching to be successful,… |
INET-ADDRESS-MIBInetAddressr/w Textual Convention: INET-ADDRESS-MIBInetAddress OctetStringType Constraints: range: 0..255 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.6 |
||||||||||||||||||
|
cippfIpFilterDestAddress
The destination IP address to be matched for this
filter. A value of zero causes all source address to match. The object value has to be consistent with the type specified in cippfIpFilterAddressType. |
INET-ADDRESS-MIBInetAddressr/w Textual Convention: INET-ADDRESS-MIBInetAddress OctetStringType Constraints: range: 0..255 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.7 |
||||||||||||||||||
|
cippfIpFilterDestMask
This is the wildcard mask for the
cippfIpFilterDestAddress bits that must match. 0 bits in the mask indicate the corresponding bits in the cippfIpFilterDestAddress must match in order for the matching to be success… |
INET-ADDRESS-MIBInetAddressr/w Textual Convention: INET-ADDRESS-MIBInetAddress OctetStringType Constraints: range: 0..255 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.8 |
||||||||||||||||||
|
cippfIpFilterProtocol
This filter protocol object matches the Internet
Protocol Number in the packets. These IP numbers are defined in the Network Working Group Request for Comments (RFC) documents. For example, Cisco commonly used prot… |
Integer32r/w Constraints: range: -1-255 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.9 |
||||||||||||||||||
|
cippfIpFilterSrcPortLow
If cippfIpFilterProtocol is udp or tcp, this is
the inclusive lower bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching. This value must be equal to or less … |
INET-ADDRESS-MIBInetPortNumberr/w Textual Convention: INET-ADDRESS-MIBInetPortNumber Unsigned32Type Constraints: range: 0..65535 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.10 |
||||||||||||||||||
|
cippfIpFilterSrcPortHigh
If cippfIpFilterProtocol is udp or tcp, this is
the inclusive upper bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching. This value must be equal to or greate… |
INET-ADDRESS-MIBInetPortNumberr/w Textual Convention: INET-ADDRESS-MIBInetPortNumber Unsigned32Type Constraints: range: 0..65535 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.11 |
||||||||||||||||||
|
cippfIpFilterDestPortLow
If cippfIpFilterProtocol is udp or tcp, this is
the inclusive lower bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching. This value must be equal to or … |
INET-ADDRESS-MIBInetPortNumberr/w Textual Convention: INET-ADDRESS-MIBInetPortNumber Unsigned32Type Constraints: range: 0..65535 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.12 |
||||||||||||||||||
|
cippfIpFilterDestPortHigh
If cippfIpFilterProtocol is udp or tcp, this is
the inclusive upper bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching. This value must be equal to or … |
INET-ADDRESS-MIBInetPortNumberr/w Textual Convention: INET-ADDRESS-MIBInetPortNumber Unsigned32Type Constraints: range: 0..65535 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.13 |
||||||||||||||||||
|
cippfIpFilterPrecedence
The IP traffic precedence parameters in each packet
are used to guide the selection of the actual service parameters when transmitting a datagram through a particular network. Most network treats high precedence tra… |
Enumerationr/w Enumerated Values:
|
.1.3.6.1.4.1.9.9.278.1.1.3.1.14 |
||||||||||||||||||
|
cippfIpFilterTos
This is the value to match to the Type of
Service (TOS) of the packet. The TOS values ranges from '0' to '15'. The value '-1' matches any TOS value. |
Integer32r/w Constraints: range: -1-15 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.15 |
||||||||||||||||||
|
cippfIpFilterLogEnabled
This object specifies whether filtered packets
will be logged by the filtering subsystem or not. If it is true(1), then all packets will be logged. If it is false(2), then no packet will be logged. |
SNMPv2-TCTruthValuer/w Textual Convention: SNMPv2-TCTruthValue EnumerationType Values:
|
.1.3.6.1.4.1.9.9.278.1.1.3.1.16 |
||||||||||||||||||
|
cippfIpFilterStatus
This object controls and reflects the status of
rows in this table. Creation of rows must be done via 'createAndGo' and this object will become 'active' if the NMS performs a multivarbind set containing this object … |
SNMPv2-TCRowStatusr/w Textual Convention: SNMPv2-TCRowStatus EnumerationType Values:
|
.1.3.6.1.4.1.9.9.278.1.1.3.1.17 |
||||||||||||||||||
|
cippfIpFilterICMPType
This filter specifies the ICMP message type to be
matched. Setting this object to '-1' will make the filtering match any ICMP message type. |
Integer32r/w Constraints: range: -1-255 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.18 |
||||||||||||||||||
|
cippfIpFilterTCPEstablished
This filter if 'true' specifies that for TCP protocol,
in an established connection, a match occurs if the TCP datagram has the ACK,FIN,PSH,RST,SYN or URG control bits set. If 'false' a match will occur for any TCP data… |
SNMPv2-TCTruthValuer/w Textual Convention: SNMPv2-TCTruthValue EnumerationType Values:
|
.1.3.6.1.4.1.9.9.278.1.1.3.1.19 |
||||||||||||||||||
|
cippfIpFilterFragments
If 'true', this filter applies only to the second
and further fragments of fragmented packets. If 'false', the filter will only match head fragments or unfragmented packets. Note: Second and subsequent fragments do n… |
SNMPv2-TCTruthValuer/w Textual Convention: SNMPv2-TCTruthValue EnumerationType Values:
|
.1.3.6.1.4.1.9.9.278.1.1.3.1.20 |
||||||||||||||||||
|
cippfIpFilterICMPCode
This filter specifies the ICMP message code to be
matched. Setting this object to '-1' will make the filtering match any ICMP code. |
Integer32r/w Constraints: range: -1-255 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.21 |
||||||||||||||||||
|
cippfIpFilterSrcIPGroupName
This object identifies the filter group
containing information about source IP addresses and masks that need to be matched for this filter. This value must match an entry in cfgFilterGroupTable whose cfgFilterGroupT… |
CISCO-FILTER-GROUP-MIBCfgFilterGroupNamer/w Textual Convention: CISCO-FILTER-GROUP-MIBCfgFilterGroupName OctetStringType Constraints: range: 0..64 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.22 |
||||||||||||||||||
|
cippfIpFilterDstIPGroupName
This object identifies the filter group
containing information about destination IP addresses and masks that need to be matched for this filter. This value must match an entry in cfgFilterGroupTable whose cfgFilterGr… |
CISCO-FILTER-GROUP-MIBCfgFilterGroupNamer/w Textual Convention: CISCO-FILTER-GROUP-MIBCfgFilterGroupName OctetStringType Constraints: range: 0..64 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.23 |
||||||||||||||||||
|
cippfIpFilterProtocolGroupName
This object identifies the filter group
containing information about internet protocol numbers. This value must match an entry in cfgFilterGroupTable whose cfgFilterGroupType value is set to 'service' and must match a… |
CISCO-FILTER-GROUP-MIBCfgFilterGroupNamer/w Textual Convention: CISCO-FILTER-GROUP-MIBCfgFilterGroupName OctetStringType Constraints: range: 0..64 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.24 |
||||||||||||||||||
|
cippfIpFilterSrcServiceGroupName
This object identifies the filter group
containing information about port(TCP/UDP) numbers. This value must match an entry in cfgFilterGroupTable whose cfgFilterGroupType value is set to 'service' and must match an en… |
CISCO-FILTER-GROUP-MIBCfgFilterGroupNamer/w Textual Convention: CISCO-FILTER-GROUP-MIBCfgFilterGroupName OctetStringType Constraints: range: 0..64 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.25 |
||||||||||||||||||
|
cippfIpFilterDstServiceGroupName
This object identifies the filter group
containing information about port(TCP/UDP) numbers. This value must match an entry in cfgFilterGroupTable whose cfgFilterGroupType value is set to 'service' and must match an en… |
CISCO-FILTER-GROUP-MIBCfgFilterGroupNamer/w Textual Convention: CISCO-FILTER-GROUP-MIBCfgFilterGroupName OctetStringType Constraints: range: 0..64 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.26 |
||||||||||||||||||
|
cippfIpFilterICMPGroupName
This object identifies the filter group containing
information about ICMP message. This value must match an entry in cfgFilterGroupTable whose cfgFilterGroupType value is set to 'icmp' and must match an entry in cfg… |
CISCO-FILTER-GROUP-MIBCfgFilterGroupNamer/w Textual Convention: CISCO-FILTER-GROUP-MIBCfgFilterGroupName OctetStringType Constraints: range: 0..64 |
.1.3.6.1.4.1.9.9.278.1.1.3.1.27 |
cippfIpFilterExtTable
table.1.3.6.1.4.1.9.9.278.1.1.4
·
1 row entry
·
3 columns
This table is an extension to cippfIpFilterTable. This table is used for configuring the objects that are used for reporting the information about filters and reporting the logs. These objects do not change the match criteria for the filter but assist in troubleshooting the matched criteria.
An entry in filter extension table. Each entry
contains information on the description of the
filter and logging related objects.
contains information on the description of the
filter and logging related objects.
Indexes
No indexes recorded
| Column | Syntax | OID | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
cippfIpFilterExtDescription
This object is used for configuring
description of the filter. |
SNMP-FRAMEWORK-MIBSnmpAdminStringr/w Textual Convention: SNMP-FRAMEWORK-MIBSnmpAdminString OctetStringType Constraints: range: 0..255 |
.1.3.6.1.4.1.9.9.278.1.1.4.1.1 |
||||||||||||||||
|
cippfIpFilterExtLogLevel
This object is used for specifying the log level
(severity) used in syslog for this filter. |
CISCO-SYSLOG-MIBSyslogSeverityr/w Textual Convention: CISCO-SYSLOG-MIBSyslogSeverity EnumerationType Values:
|
.1.3.6.1.4.1.9.9.278.1.1.4.1.2 |
||||||||||||||||
|
cippfIpFilterExtLogInterval
This object is used for configuring the time
interval at which the syslog message for this filter to be generated. |
secondsSNMPv2-SMIUnsigned32r/w Textual Convention: SNMPv2-SMIUnsigned32 Unsigned32Type Constraints: range: 0..4294967295 |
.1.3.6.1.4.1.9.9.278.1.1.4.1.3 |
cippfIpFilterStatsTable
table.1.3.6.1.4.1.9.9.278.1.2.1
·
1 row entry
·
1 columns
This table defines a set of statistics related to packet filter. The statistics related to matched filters are available here.
An entry in IP Filter stats table. An entry exists
in this table for every entry in cippfIpFilterTable.
in this table for every entry in cippfIpFilterTable.
Indexes
cippfIpProfileName cippfIpFilterIndex
| Column | Syntax | OID |
|---|---|---|
|
cippfIpFilterHits
This object specifies the number of packets that
are matched the packet filter configuration in cippfIpFilterTable. |
SNMPv2-SMICounter64 Textual Convention: SNMPv2-SMICounter64 Unsigned64Type Constraints: range: 0..18446744073709551615 |
.1.3.6.1.4.1.9.9.278.1.2.1.1.1 |