IPSEC-SPD-MIB
This MIB module defines configuration objects for managing
IPsec Security Policies. In general, this MIB can be
implemented anywhere IPsec security services exist (e.g.,
bump-in-the-wire, host, gateway, firewall, router, etc.).
Copyright (C) The IETF Trust (2007). This version of
this MIB module is part of RFC 4807; see the RFC itself for
full legal notices.
spdMIB
1.3.6.1.2.1.153
Imported Objects
| DIFFSERV-MIB | diffServMIBMultiFieldClfrGroup diffServMultiFieldClfrNextFree IfDirection |
| IF-MIB | InterfaceIndex |
| INET-ADDRESS-MIB | InetAddress InetAddressType |
| SNMP-FRAMEWORK-MIB | SnmpAdminString |
| SNMPv2-CONF | MODULE-COMPLIANCE NOTIFICATION-GROUP OBJECT-GROUP |
| SNMPv2-SMI | Integer32 mib-2 MODULE-IDENTITY NOTIFICATION-TYPE OBJECT-TYPE Unsigned32 |
| SNMPv2-TC | RowStatus StorageType TEXTUAL-CONVENTION TimeStamp TruthValue VariablePointer |
Type Definitions (4)
| SpdAdminStatus | Enumeration |
enabled(1)disabled(2) |
| SpdBooleanOperator | Enumeration |
or(1)and(2) |
| SpdIPPacketLogging | Integer32 |
range: -1..65535 |
| SpdTimePeriod | OctetString |
range: 0..31 |
Objects (117)
spdMIB
|
.1.3.6.1.2.1.153 |
|
|
spdConfigObjects
|
.1.3.6.1.2.1.153.1 |
|
|
spdLocalConfigObjects
|
.1.3.6.1.2.1.153.1.1 |
|
spdIngressPolicyGroupName
r/w
|
OctetString | .1.3.6.1.2.1.153.1.1.1 |
|
spdEgressPolicyGroupName
r/w
|
OctetString | .1.3.6.1.2.1.153.1.1.2 |
spdIpsoHeaderFilterTable
|
.1.3.6.1.2.1.153.1.10 |
|
spdIpsoHeaderFilterEntry
|
spdIpsoHeadFiltName | .1.3.6.1.2.1.153.1.10.1 |
spdIpsoHeadFiltName
|
OctetString | .1.3.6.1.2.1.153.1.10.1.1 |
|
spdIpsoHeadFiltType
r/w
|
Bits | .1.3.6.1.2.1.153.1.10.1.2 |
|
spdIpsoHeadFiltClassification
r/w
|
Enumeration | .1.3.6.1.2.1.153.1.10.1.3 |
|
spdIpsoHeadFiltProtectionAuth
r/w
|
Enumeration | .1.3.6.1.2.1.153.1.10.1.4 |
|
spdIpsoHeadFiltLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.10.1.5 |
|
spdIpsoHeadFiltStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.10.1.6 |
|
spdIpsoHeadFiltRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.10.1.7 |
|
spdCompoundActionTable
|
.1.3.6.1.2.1.153.1.11 |
|
|
spdCompoundActionEntry
|
spdCompActName | .1.3.6.1.2.1.153.1.11.1 |
|
spdCompActName
|
OctetString | .1.3.6.1.2.1.153.1.11.1.1 |
|
spdCompActExecutionStrategy
r/w
|
Enumeration | .1.3.6.1.2.1.153.1.11.1.2 |
|
spdCompActLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.11.1.3 |
|
spdCompActStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.11.1.4 |
|
spdCompActRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.11.1.5 |
|
spdSubactionsTable
|
.1.3.6.1.2.1.153.1.12 |
|
|
spdSubactionsEntry
|
spdCompActNamespdSubActPriority | .1.3.6.1.2.1.153.1.12.1 |
|
spdSubActPriority
|
Integer32 | .1.3.6.1.2.1.153.1.12.1.1 |
|
spdSubActSubActionName
r/w
|
SNMPv2-TCVariablePointer | .1.3.6.1.2.1.153.1.12.1.2 |
|
spdSubActLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.12.1.3 |
|
spdSubActStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.12.1.4 |
|
spdSubActRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.12.1.5 |
|
spdStaticActions
|
.1.3.6.1.2.1.153.1.13 |
|
|
spdDropAction
|
Integer32 | .1.3.6.1.2.1.153.1.13.1 |
|
spdDropActionLog
|
Integer32 | .1.3.6.1.2.1.153.1.13.2 |
|
spdAcceptAction
|
Integer32 | .1.3.6.1.2.1.153.1.13.3 |
|
spdAcceptActionLog
|
Integer32 | .1.3.6.1.2.1.153.1.13.4 |
|
spdEndpointToGroupTable
|
.1.3.6.1.2.1.153.1.2 |
|
|
spdEndpointToGroupEntry
|
spdEndGroupDirectionspdEndGroupInterface | .1.3.6.1.2.1.153.1.2.1 |
|
spdEndGroupDirection
|
DIFFSERV-MIBIfDirection | .1.3.6.1.2.1.153.1.2.1.1 |
|
spdEndGroupInterface
|
IF-MIBInterfaceIndex | .1.3.6.1.2.1.153.1.2.1.2 |
|
spdEndGroupName
r/w
|
OctetString | .1.3.6.1.2.1.153.1.2.1.3 |
|
spdEndGroupLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.2.1.4 |
|
spdEndGroupStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.2.1.5 |
|
spdEndGroupRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.2.1.6 |
|
spdGroupContentsTable
|
.1.3.6.1.2.1.153.1.3 |
|
|
spdGroupContentsEntry
|
spdGroupContNamespdGroupContPriority | .1.3.6.1.2.1.153.1.3.1 |
|
spdGroupContName
|
OctetString | .1.3.6.1.2.1.153.1.3.1.1 |
|
spdGroupContPriority
|
Integer32 | .1.3.6.1.2.1.153.1.3.1.2 |
|
spdGroupContFilter
r/w
|
SNMPv2-TCVariablePointer | .1.3.6.1.2.1.153.1.3.1.3 |
|
spdGroupContComponentType
r/w
|
Enumeration | .1.3.6.1.2.1.153.1.3.1.4 |
|
spdGroupContComponentName
r/w
|
OctetString | .1.3.6.1.2.1.153.1.3.1.5 |
|
spdGroupContLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.3.1.6 |
|
spdGroupContStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.3.1.7 |
|
spdGroupContRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.3.1.8 |
|
spdRuleDefinitionTable
|
.1.3.6.1.2.1.153.1.4 |
|
|
spdRuleDefinitionEntry
|
spdRuleDefName | .1.3.6.1.2.1.153.1.4.1 |
|
spdRuleDefName
|
OctetString | .1.3.6.1.2.1.153.1.4.1.1 |
|
spdRuleDefDescription
r/w
|
SNMP-FRAMEWORK-MIBSnmpAdminString | .1.3.6.1.2.1.153.1.4.1.2 |
|
spdRuleDefFilter
r/w
|
SNMPv2-TCVariablePointer | .1.3.6.1.2.1.153.1.4.1.3 |
|
spdRuleDefFilterNegated
r/w
|
SNMPv2-TCTruthValue | .1.3.6.1.2.1.153.1.4.1.4 |
|
spdRuleDefAction
r/w
|
SNMPv2-TCVariablePointer | .1.3.6.1.2.1.153.1.4.1.5 |
|
spdRuleDefAdminStatus
r/w
|
SpdAdminStatus | .1.3.6.1.2.1.153.1.4.1.6 |
|
spdRuleDefLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.4.1.7 |
|
spdRuleDefStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.4.1.8 |
|
spdRuleDefRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.4.1.9 |
|
spdCompoundFilterTable
|
.1.3.6.1.2.1.153.1.5 |
|
|
spdCompoundFilterEntry
|
spdCompFiltName | .1.3.6.1.2.1.153.1.5.1 |
|
spdCompFiltName
|
OctetString | .1.3.6.1.2.1.153.1.5.1.1 |
|
spdCompFiltDescription
r/w
|
SNMP-FRAMEWORK-MIBSnmpAdminString | .1.3.6.1.2.1.153.1.5.1.2 |
|
spdCompFiltLogicType
r/w
|
SpdBooleanOperator | .1.3.6.1.2.1.153.1.5.1.3 |
|
spdCompFiltLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.5.1.4 |
|
spdCompFiltStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.5.1.5 |
|
spdCompFiltRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.5.1.6 |
|
spdSubfiltersTable
|
.1.3.6.1.2.1.153.1.6 |
|
|
spdSubfiltersEntry
|
spdCompFiltNamespdSubFiltPriority | .1.3.6.1.2.1.153.1.6.1 |
|
spdSubFiltPriority
|
Integer32 | .1.3.6.1.2.1.153.1.6.1.1 |
|
spdSubFiltSubfilter
r/w
|
SNMPv2-TCVariablePointer | .1.3.6.1.2.1.153.1.6.1.2 |
|
spdSubFiltSubfilterIsNegated
r/w
|
SNMPv2-TCTruthValue | .1.3.6.1.2.1.153.1.6.1.3 |
|
spdSubFiltLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.6.1.4 |
|
spdSubFiltStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.6.1.5 |
|
spdSubFiltRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.6.1.6 |
|
spdStaticFilters
|
.1.3.6.1.2.1.153.1.7 |
|
|
spdTrueFilter
|
Integer32 | .1.3.6.1.2.1.153.1.7.1 |
|
spdTrueFilterInstance
|
.1.3.6.1.2.1.153.1.7.1.0 |
|
|
spdIpOffsetFilterTable
|
.1.3.6.1.2.1.153.1.8 |
|
|
spdIpOffsetFilterEntry
|
spdIpOffFiltName | .1.3.6.1.2.1.153.1.8.1 |
|
spdIpOffFiltName
|
OctetString | .1.3.6.1.2.1.153.1.8.1.1 |
|
spdIpOffFiltOffset
r/w
|
Unsigned32 | .1.3.6.1.2.1.153.1.8.1.2 |
|
spdIpOffFiltType
r/w
|
Enumeration | .1.3.6.1.2.1.153.1.8.1.3 |
|
spdIpOffFiltValue
r/w
|
OctetString | .1.3.6.1.2.1.153.1.8.1.4 |
|
spdIpOffFiltLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.8.1.5 |
|
spdIpOffFiltStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.8.1.6 |
|
spdIpOffFiltRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.8.1.7 |
|
spdTimeFilterTable
|
.1.3.6.1.2.1.153.1.9 |
|
|
spdTimeFilterEntry
|
spdTimeFiltName | .1.3.6.1.2.1.153.1.9.1 |
|
spdTimeFiltName
|
OctetString | .1.3.6.1.2.1.153.1.9.1.1 |
|
spdTimeFiltPeriod
r/w
|
SpdTimePeriod | .1.3.6.1.2.1.153.1.9.1.2 |
|
spdTimeFiltMonthOfYearMask
r/w
|
Bits | .1.3.6.1.2.1.153.1.9.1.3 |
|
spdTimeFiltDayOfMonthMask
r/w
|
OctetString | .1.3.6.1.2.1.153.1.9.1.4 |
|
spdTimeFiltDayOfWeekMask
r/w
|
Bits | .1.3.6.1.2.1.153.1.9.1.5 |
|
spdTimeFiltTimeOfDayMask
r/w
|
SpdTimePeriod | .1.3.6.1.2.1.153.1.9.1.6 |
|
spdTimeFiltLastChanged
|
SNMPv2-TCTimeStamp | .1.3.6.1.2.1.153.1.9.1.7 |
|
spdTimeFiltStorageType
r/w
|
SNMPv2-TCStorageType | .1.3.6.1.2.1.153.1.9.1.8 |
|
spdTimeFiltRowStatus
r/w
|
SNMPv2-TCRowStatus | .1.3.6.1.2.1.153.1.9.1.9 |
|
spdNotificationObjects
|
.1.3.6.1.2.1.153.2 |
|
|
spdNotifications
|
.1.3.6.1.2.1.153.2.0 |
|
|
spdNotificationVariables
|
.1.3.6.1.2.1.153.2.1 |
|
|
spdActionExecuted
|
SNMPv2-TCVariablePointer | .1.3.6.1.2.1.153.2.1.1 |
|
spdIPEndpointAddType
|
INET-ADDRESS-MIBInetAddressType | .1.3.6.1.2.1.153.2.1.2 |
|
spdIPEndpointAddress
|
INET-ADDRESS-MIBInetAddress | .1.3.6.1.2.1.153.2.1.3 |
|
spdIPSourceType
|
INET-ADDRESS-MIBInetAddressType | .1.3.6.1.2.1.153.2.1.4 |
|
spdIPSourceAddress
|
INET-ADDRESS-MIBInetAddress | .1.3.6.1.2.1.153.2.1.5 |
|
spdIPDestinationType
|
INET-ADDRESS-MIBInetAddressType | .1.3.6.1.2.1.153.2.1.6 |
|
spdIPDestinationAddress
|
INET-ADDRESS-MIBInetAddress | .1.3.6.1.2.1.153.2.1.7 |
|
spdPacketDirection
|
DIFFSERV-MIBIfDirection | .1.3.6.1.2.1.153.2.1.8 |
|
spdPacketPart
|
OctetString | .1.3.6.1.2.1.153.2.1.9 |
|
spdConformanceObjects
|
.1.3.6.1.2.1.153.3 |
|
|
spdCompliances
|
.1.3.6.1.2.1.153.3.1 |
|
|
spdGroups
|
.1.3.6.1.2.1.153.3.2 |
|
|
spdActions
|
.1.3.6.1.2.1.153.4 |
Notifications / Traps (2)
| Name | OID | Description |
|---|---|---|
spdActionNotification
|
.1.3.6.1.2.1.153.2.0.1 |
Notification that an action was executed by a rule.
Only actions with logging enabled will result in this
notification getting sent. The object includes the
spdActionExecuted object, which will indicate which action
was executed within the scope of the rule. Additionally,
the spdIPSourceType, spdIPSourceAddress,
spdIPDestinationType, and spdIPDestinationAddress objects
are included to indicate the packet source and destination
of the packet that triggered the action. Finally, the
spdIPEndpointAddType, spdIPEndpointAddress, and
spdPacketDirection objects indicate which interface the
executed action was associated with, and if the packet was
ingress or egress through the endpoint.
A spdActionNotification SHOULD be limited to a maximum of
one notification sent per minute for any action
notifications that do not have any other configuration
controlling their send rate.
Note that compound actions with multiple executed
sub-actions may result in multiple notifications being sent
from a single rule execution.
|
|
spdPacketNotification
|
.1.3.6.1.2.1.153.2.0.2 |
Notification that a packet passed through a Security
Association (SA). Only SAs created by actions with packet
logging enabled will result in this notification getting
sent. The objects sent MUST include the spdActionExecuted,
which will indicate which action was executed within the
scope of the rule. Additionally, the spdIPSourceType,
spdIPSourceAddress, spdIPDestinationType, and
spdIPDestinationAddress objects MUST be included to
indicate the packet source and destination of the packet
that triggered the action. The spdIPEndpointAddType,
spdIPEndpointAddress, and spdPacketDirection objects are
included to indicate which endpoint the packet was
associated with. Finally, spdPacketPart is included to
enable sending a variable sized part of the front of the
packet with the size dependent on the value of the object of
TC syntax 'SpdIPPacketLogging', which indicated that logging
should be done.
A spdPacketNotification SHOULD be limited to a maximum of
one notification sent per minute for any action
notifications that do not have any other configuration
controlling their send rate.
An action notification SHOULD be limited to a maximum of
one notification sent per minute for any action
notifications that do not have any other configuration
controlling their send rate.
|