POLICY-FRAMEWORK-PIB
File:
POLICY-FRAMEWORK-PIB.mib (24190 bytes)
Imported modules
Imported symbols
Defined Types
Role |
|
A role represents a functionality characteristic or
capability of a resource to which policies are applied.
The only valid character set is US-ASCII. Valid characters
are a-z, A-Z, 0-9, period, hyphen and underscore. A role
must always start with a letter (a-z or A-Z). |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(1..32) |
|
RoleCombination |
|
An octet string containing concatenated Roles. For the
format specification of roles, refer to the 'Role' TEXTUAL-
CONVENTION. A valid Role Combination must be formed by a set
of valid Roles, concatenated by the US-ASCII character '+',
where the roles are in lexicographic order from minimum to
maximum. For example, 'a+b' and 'b+a' are NOT different
role-combinations; rather, they are different formatting of
the same (one) role-combination.
Notice the roles within a role-combination are in
Lexicographic order from minimum to maximum, hence, we
declare:
'a+b' is the valid formatting of the role-combination,
'b+a' is an invalid formatting of the role-combination.
Notice the need of zero-length role-combination as the role-
combination of interfaces to which no roles have been
assigned. This role-combination is also known as the 'null'
role-combination. (Note the deliberate use of lower case
letters to avoid confusion with the US-ASCII NULL character
which has a value of zero but length of one). |
TEXTUAL-CONVENTION |
|
|
|
|
OCTET STRING |
Size(0..255) |
|
PolicyInstanceId |
|
The textual convention for use by an attribute which is used
as the instance-identifying index of a PRC, i.e., an attribute
named in an INDEX clause. The value of an attribute with this
syntax is always greater than zero.
PRIs of the same PRC need not have contiguous values for their
instance-identifying attribute. |
TEXTUAL-CONVENTION |
|
|
|
|
Unsigned32 |
1..4294967295 |
|
PolicyPrcSupportEntry |
|
SEQUENCE |
|
|
|
|
policyPrcSupportPrid |
PolicyInstanceId |
|
|
policyPrcSupportSupportedPrc |
OBJECT IDENTIFIER |
|
|
policyPrcSupportSupportedAttrs |
OCTET STRING |
|
|
policyPrcSupportMaxPris |
Unsigned32 |
|
PolicyPibIncarnationEntry |
|
SEQUENCE |
|
|
|
|
policyPibIncarnationPrid |
PolicyInstanceId |
|
|
policyPibIncarnationName |
SnmpAdminString |
|
|
policyPibIncarnationId |
OCTET STRING |
|
|
policyPibIncarnationLongevity |
INTEGER |
|
|
policyPibIncarnationTtl |
Unsigned32 |
|
|
policyPibIncarnationActive |
TruthValue |
|
PolicyDeviceIdentificationEntry |
|
SEQUENCE |
|
|
|
|
policyDeviceIdentificationPrid |
PolicyInstanceId |
|
|
policyDeviceIdentificationDescr |
SnmpAdminString |
|
|
policyDeviceIdentificationMaxMsg |
Unsigned32 |
|
PolicyCompLimitsEntry |
|
SEQUENCE |
|
|
|
|
policyCompLimitsPrid |
PolicyInstanceId |
|
|
policyCompLimitsComponent |
OBJECT IDENTIFIER |
|
|
policyCompLimitsType |
Integer32 |
|
|
policyCompLimitsGuidance |
OCTET STRING |
|
Defined Values
policyFrameworkPib |
1.3.6.1.4.1.45.4.1 |
A PIB module containing the base set of policy
rule classes that are required for support of
all policies. |
MODULE-IDENTITY |
|
|
|
policyPrcSupportTable |
1.3.6.1.4.1.45.4.1.1.1 |
Each instance of this class specifies a PRC that the device
supports and a bit string to indicate the attributes of the
class that are supported. These PRIs are sent to the PDP to
indicate to the PDP which PRCs, and which attributes of these
PRCs, the device supports. This table can also be downloaded
by a network manager when static configuration is used.
All install and install-notify PRCs supported by the device
must be represented in this table. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
PolicyPrcSupportEntry |
|
policyPrcSupportEntry |
1.3.6.1.4.1.45.4.1.1.1.1 |
An instance of the policyPrcSupport class that identifies a
specific policy class and associated attributes as supported
by the device. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PolicyPrcSupportEntry |
|
|
policyPrcSupportPrid |
1.3.6.1.4.1.45.4.1.1.1.1.1 |
An arbitrary integer index that uniquely identifies an
instance of the policyPrcSupport class. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PolicyInstanceId |
|
|
policyPrcSupportSupportedPrc |
1.3.6.1.4.1.45.4.1.1.1.1.2 |
The object identifier of a supported PRC. There may not
be more than one instance of the policyPrcSupport class with
the same value of policyPrcSupportSupportedPrc. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
policyPrcSupportSupportedAttrs |
1.3.6.1.4.1.45.4.1.1.1.1.3 |
A bit string representing the supported attributes of the
class that is identified by the policyPrcSupportSupportedPrc
object.
Each bit of this bit mask corresponds to a class attribute,
with the most significant bit of the i-th octet of this octet
string corresponding to the (8*i - 7)-th attribute, and the
least significant bit of the i-th octet corresponding to the
(8*i)-th class attribute. Each bit of this bit mask specifies
whether or not the corresponding class attribute is currently
supported, with a '1' indicating support and a '0' indicating
no support. If the value of this bit mask is N bits long and
there are more than N class attributes then the bit mask is
logically extended with 0's to the required length. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
|
|
policyPrcSupportMaxPris |
1.3.6.1.4.1.45.4.1.1.1.1.4 |
A non-negative value indicating the maximum numbers of
policy rule instances that can be installed in the identified
policy rule class. Note that actual number of PRIs that can
be installed in a PRC at any given time may be less than
this value based on the current operational state (e.g.,
resources currently consumed) of the device. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
policyPibIncarnationTable |
1.3.6.1.4.1.45.4.1.1.2 |
This class contains a single policy rule instance that
identifies the current incarnation of the PIB and the PDP
or network manager that installed this incarnation. The
instance of this class is reported to the PDP at client
connect time so that the PDP can (attempt to) ascertain the
current state of the PIB. A network manager may use the
instance to determine the state of the device with regard
to existing NMS interactions. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
PolicyPibIncarnationEntry |
|
policyPibIncarnationEntry |
1.3.6.1.4.1.45.4.1.1.2.1 |
An instance of the policyPibIncarnation class. Only
one instance of this policy class is ever instantiated. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PolicyPibIncarnationEntry |
|
|
policyPibIncarnationName |
1.3.6.1.4.1.45.4.1.1.2.1.2 |
The name of the entity that installed the current
incarnation of the PIB into the device. The name may
reference a PDP when dynamic configuration is being
used or a network manager when static configuration
is being used. By default, it is the zero length
string. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
|
|
policyPibIncarnationId |
1.3.6.1.4.1.45.4.1.1.2.1.3 |
An ID to identify the current incarnation. It has meaning
to the PDP/manager that installed the PIB and perhaps its
standby PDPs/managers. By default, it is the zero-length
string. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
|
|
policyPibIncarnationLongevity |
1.3.6.1.4.1.45.4.1.1.2.1.4 |
This attribute controls what the PEP does with the
downloaded policy on receipt of a Client Close message or a
loss of connection to the PDP.
If set to expireNever, the PEP continues to operate with the
installed policy indefinitely. If set to expireImmediate, the
PEP immediately expires the policy obtained from the PDP and
installs policy from local configuration. If set to
expireOnTimeout, the PEP continues to operate with the
policy installed by the PDP for a period of time specified by
policyPibIncarnationTtl. After this time (and it has not
reconnected to the original or new PDP) the PEP expires this
policy and reverts to local configuration.
For all cases, it is the responsibility of the PDP to check
the incarnation and download new policy, if necessary, on a
reconnect.
Policy enforcement timing only applies to policies that have
been installed dynamically (e.g., by a PDP via COPS). |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
INTEGER |
expireNever(1), expireImmediate(2), expireOnTimeout(3) |
|
policyPibIncarnationTtl |
1.3.6.1.4.1.45.4.1.1.2.1.5 |
The number of seconds after a Client Close or TCP timeout
for which the PEP continues to enforce the policy in the PIB.
After this interval, the PIB is considered expired and the
device no longer enforces the policy installed in the PIB.
This attribute is only meaningful if
policyPibIncarnationLongevity is set to expireOnTimeout. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
policyPibIncarnationActive |
1.3.6.1.4.1.45.4.1.1.2.1.6 |
If this attribute is set to TRUE, then the PIB instance
to which this PRI belongs becomes the active PIB instance.
The previous active instance becomes inactive and the
policyPibIncarnationActive attribute in that PIB instance is
automatically set to false. |
Status: current |
Access: read-write |
OBJECT-TYPE |
|
|
|
|
TruthValue |
|
|
policyDeviceIdentificationTable |
1.3.6.1.4.1.45.4.1.1.3 |
This class contains a single policy rule instance that
contains device-specific information that is used to
facilitate efficient policy installation by a PDP. The
instance of this class is reported to the PDP at client
connect time so that the PDP can take into account certain
device characteristics during policy installation. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
PolicyDeviceIdentificationEntry |
|
policyDeviceIdentificationEntry |
1.3.6.1.4.1.45.4.1.1.3.1 |
An instance of the policyDeviceIdentification class. Only
one instance of this policy class is ever instantiated. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PolicyDeviceIdentificationEntry |
|
|
policyDeviceIdentificationDescr |
1.3.6.1.4.1.45.4.1.1.3.1.2 |
A textual description of the PEP. This
value should include the name and version
identification of the PEP's hardware and
software. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
SnmpAdminString |
Size(0..255) |
|
policyDeviceIdentificationMaxMsg |
1.3.6.1.4.1.45.4.1.1.3.1.3 |
The maximum message size, in octets, that the device
is capable of processing. Received messages with a
size in excess of this value must cause the PEP to return an
error to the PDP containing the global error code
'maxMsgSizeExceeded'. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Unsigned32 |
|
|
policyCompLimitsTable |
1.3.6.1.4.1.45.4.1.1.4 |
Each instance of this class identifies a policy class or
attribute and a limitation related to the implementaion of
the class/attribute in the device. Additional information
providing guidance related to the limitation may also be
present. These PRIs are sent to the PDP to indicate which
PRCs or PRC attributes the device supports in a restricted
manner. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
SEQUENCE OF |
|
|
|
|
PolicyCompLimitsEntry |
|
policyCompLimitsEntry |
1.3.6.1.4.1.45.4.1.1.4.1 |
An instance of the policyCompLimits class that identifies
a PRC or PRC attribute and a limitation related to the PRC
or PRC attribute implementation supported by the device.
All PRIs of this class represent errors that would be
returned in relation to the identified component for policy
installation requests that don't abide by the restrictions
indicated by the error code and, possibly, a provided
guidance value. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PolicyCompLimitsEntry |
|
|
policyCompLimitsPrid |
1.3.6.1.4.1.45.4.1.1.4.1.1 |
An arbitrary integer index that uniquely identifies an
instance of the policyCompLimits class. |
Status: current |
Access: not-accessible |
OBJECT-TYPE |
|
|
|
|
PolicyInstanceId |
|
|
policyCompLimitsComponent |
1.3.6.1.4.1.45.4.1.1.4.1.2 |
The object identifier of a PRC or PRC attribute that
is supported in some limited fashion with regard to it's
definition in the associated PIB module. The same PRC or
PRC attribute identifier may appear in the table several
times, once for each implementation limitation
acknowledged by the device. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OBJECT IDENTIFIER |
|
|
policyCompLimitsType |
1.3.6.1.4.1.45.4.1.1.4.1.3 |
A value describing an implementation limitation for the
device related to the PRC or PRC attribute identified by
the policyCompLimitsComponent data in this class instance.
Values for this object are derived from the defined
error values associated with the PRC of the identified
attribute or the PRC itself. All genericPrc and specificPrc
(defined in a PRC INSTALL-ERRORS clause) error codes
represent valid limitation type values.
For example, an implementation of the qosIpAce class may
be limited in several ways, such as address mask, protocol
and Layer 4 port options. These limitations could be
exported using this table with the following instances:
Prid Component Type Guidance
1 'qosIpAceDstAddrMask' 'valueSupLimited' 0xFFFFFFFF
2 'qosIpAceSrcAddrMask' 'valueSupLimited' 0xFFFFFFFF
3 'qosIpAceProtocol' 'valueSupLimited' 0x06 -- TCP
4 'qosIpAceProtocol' 'valueSupLimited' 0x17 -- UDP
5 'qosIpAceDstL4PortMin' 'invalidDstL4PortData'
6 'qosIpAceDstL4PortMax' 'invalidDstL4PortData'
7 'qosIpAcePermit' 'enumSupLimited' 'true'
The above entries describe a number of limitations that
may be in effect for the qosIpAce class on a given device.
The limitations include restrictions on acceptable values
for certain attributes and indications of the relationship
between related attributes. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
Integer32 |
|
|
policyCompLimitsGuidance |
1.3.6.1.4.1.45.4.1.1.4.1.4 |
A value used to convey additional information related
to the implementation limitation noted by the
policyCompLimitsType attribute. The value of this
attribute must interpreted in the context of the
policyCompLimitsType value. Note that a guidance value
will not necessarily be provided for all exported
limitations.
Well-known genericPrc error codes that are applicable
to all PRCs, such as 'attrValueSupLimited' and
'attrEnumSupLimited', have guidance value semantics
as follows:
genericPrc Guidance Semantics
attrValueSupLimited Integer32 (4 octets) with supported
value
attrEnumSupLimited Integer32 (4 octets) with supported
enumeration
attrMaxLengthExceeded Integer32 (4 octets) with maximum
supported length for attribute
The specificPrc error codes have the semantics of the
associated guidance value specified where the
installation error is defined if appropriate. Errors
for which the semantics of the guidance value are not
specified require this value to be treated in an
implementation dependent manner. |
Status: current |
Access: read-only |
OBJECT-TYPE |
|
|
|
|
OCTET STRING |
Size(0..64) |
|
policyBasePibCompliance |
1.3.6.1.4.1.45.4.1.2.1.1 |
Describes the requirements for conformance to the
Policy Framework PIB. |
Status: current |
Access: read-only |
MODULE-COMPLIANCE |
|
|
|
policyPrcSupportGroup |
1.3.6.1.4.1.45.4.1.2.2.1 |
Objects from the policyPrcSupportTable. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
policyPibIncarnationGroup |
1.3.6.1.4.1.45.4.1.2.2.2 |
Objects from the policyPibIncarnationTable. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|
policyCompLimitsGroup |
1.3.6.1.4.1.45.4.1.2.2.4 |
Objects from the policyCompLimitsTable. |
Status: current |
Access: read-only |
OBJECT-GROUP |
|
|
|