idnits 2.17.1 draft-ietf-rmonmib-smon-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 43 longer pages, the longest (page 2) being 60 lines == It seems as if not all pages are separated by form feeds - found 0 form feeds but 44 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There is 1 instance of too long lines in the document, the longest one being 1 character in excess of 72. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 229 has weird spacing: '...tecture or by...' == Line 324 has weird spacing: '...ty than copy ...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '21' is defined on line 1950, but no explicit reference was found in the text == Unused Reference: '24' is defined on line 1964, but no explicit reference was found in the text == Unused Reference: '25' is defined on line 1967, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2271 (ref. '1') (Obsoleted by RFC 2571) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '4') ** Obsolete normative reference: RFC 1902 (ref. '5') (Obsoleted by RFC 2578) ** Obsolete normative reference: RFC 1903 (ref. '6') (Obsoleted by RFC 2579) ** Obsolete normative reference: RFC 1904 (ref. '7') (Obsoleted by RFC 2580) ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '8') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '9') ** Obsolete normative reference: RFC 1906 (ref. '10') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2272 (ref. '11') (Obsoleted by RFC 2572) ** Obsolete normative reference: RFC 2274 (ref. '12') (Obsoleted by RFC 2574) ** Obsolete normative reference: RFC 1905 (ref. '13') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2273 (ref. '14') (Obsoleted by RFC 2573) ** Obsolete normative reference: RFC 2275 (ref. '15') (Obsoleted by RFC 2575) ** Obsolete normative reference: RFC 2021 (ref. '16') (Obsoleted by RFC 4502) ** Obsolete normative reference: RFC 1757 (ref. '17') (Obsoleted by RFC 2819) ** Obsolete normative reference: RFC 2037 (ref. '18') (Obsoleted by RFC 2737) -- Possible downref: Non-RFC (?) normative reference: ref. '19' -- Possible downref: Non-RFC (?) normative reference: ref. '20' ** Obsolete normative reference: RFC 2233 (ref. '22') (Obsoleted by RFC 2863) ** Obsolete normative reference: RFC 1493 (ref. '23') (Obsoleted by RFC 4188) Summary: 28 errors (**), 0 flaws (~~), 11 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Remote Network Monitoring MIB Extensions for Switched Networks 3 Version 1.0 5 7 Dec. 16 , 1998 9 Richard Waterman 10 Allot Networks Inc. 11 rich@allot.com 13 Bill Lahaye 14 Xylan Corp. 15 Bill.Lahaye@xylan.com 17 Dan Romascanu 18 Lucent Technologies 19 dromasca@lucent.com 21 Steve Waldbusser 22 INS 23 waldbusser@ins.com 25 Status of this Memo 27 This document is an Internet-Draft. Internet-Drafts are working 28 documents of the Internet Engineering Task Force (IETF), its areas, 29 and its working groups. Note that other groups may also distribute 30 working documents as Internet-Drafts. 32 Internet-Drafts are draft documents valid for a maximum of six 33 months and may be updated, replaced, or obsoleted by other documents 34 at any time. It is inappropriate to use Internet- Drafts as 35 reference material or to cite them other than as ``work in 36 progress.'' 38 To learn the current status of any Internet-Draft, please check the 39 ``1id-abstracts.txt'' listing contained in the Internet- Drafts 40 Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net 41 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 42 Rim). 44 Copyright Notice 46 Copyright (C) The Internet Society (1998). All Rights Reserved. 48 Abstract 50 This memo defines a portion of the Management Information Base (MIB) 51 for use with network management protocols in TCP/IP-based internets. 52 In particular, it defines objects for managing remote network 53 monitoring devices in switched networks environments. 55 Table of Contents 57 Status of this Memo 1 58 Abstract 1 59 1 The Network Management Framework 2 60 2 Overview 3 61 2.1 Remote Network Management Goals 4 62 2.2 Switched Networks Monitoring 5 63 2.3 Mechanisms for Monitoring Switched Networks 6 64 2.3.1 DataSource Objects 6 65 2.3.2 Copy Port 7 66 2.3.3 VLAN Monitoring 8 67 2.4 Relationship to Other MIBs 8 68 2.4.1 The RMON and RMON 2 MIBs 8 69 2.4.2 The Interfaces Group MIB 9 70 2.4.3 The Entity MIB 9 71 2.4.4 The Bridge MIB 10 72 2.5 Relationship with IEEE 802.1 Standards 10 73 3 SMON/RMON Groups 10 74 3.1 SMON ProbeCapabilities 10 75 3.2 smonVlanStats 11 76 3.3 smonPrioStats 11 77 3.4 dataSourceCaps 11 78 3.5 portCopyConfig 11 79 4 Control of Remote Network Monitoring Devices 12 80 5 Definitions 13 81 6 References 39 82 7 Security Considerations 41 83 8 Authors' Addresses 42 84 A Full Copyright Statement 43 86 1. The Network Management Framework 88 The SNMP Management Framework presently consists of five major 89 components: 91 - An overall architecture, described in RFC 2271 [1]. 93 - Mechanisms for describing and naming objects and events for the 94 purpose of management. The first version of this Structure of 95 Management Information (SMI) is called SMIv1 and described in RFC 96 1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version, called 97 SMIv2, is described in RFC 1902 [5], RFC 1903 [6] and RFC 1904 [7]. 99 - Message protocols for transferring management information. The 100 first version of the SNMP message protocol is called SNMPv1 and 101 described in RFC 1157 [8]. A second version of the SNMP message 102 protocol, which is not an Internet standards track protocol, is 103 called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. 104 The third version of the message protocol is called SNMPv3 and 105 described in RFC 1906 [10], RFC 2272 [11] and RFC 2274 [12]. 107 - Protocol operations for accessing management information. The first 108 set of protocol operations and associated PDU formats is described 109 in RFC 1157 [8]. A second set of protocol operations and associated 110 PDU formats is described in RFC 1905 [13]. 112 - A set of fundamental applications described in RFC 2273 [14] and 113 the view-based access control mechanism described in RFC 2275 [15]. 115 Managed objects are accessed via a virtual information store, termed 116 the Management Information Base or MIB. Objects in the MIB are 117 defined using the mechanisms defined in the SMI. 119 This memo specifies a MIB module that is compliant to the SMIv2. A 120 MIB conforming to the SMIv1 can be produced through the appropriate 121 translations. The resulting translated MIB must be semantically 122 equivalent, except where objects or events are omitted because no 123 information in SMIv2 will be converted into textual descriptions in 124 SMIv1 during the translation process. However, this loss of machine 125 readable information is not considered to change the semantics of the 126 MIB. 128 2. Overview 130 This document continues the architecture created in the RMON MIB [17] 131 by providing RMON analysis for switched networks (SMON). 133 Remote network monitoring devices, often called monitors or probes, 134 are instruments that exist for the purpose of managing a network. 135 Often these remote probes are stand-alone devices and devote 136 significant internal resources for the sole purpose of managing a 137 network. An organization may employ many of these devices, one per 138 network segment, to manage its internet. In addition, these devices 139 may be used for a network management service provider to access a 140 client network, often geographically remote. 142 The objects defined in this document are intended as an interface 143 between an RMON agent and an RMON management application and are not 144 intended for direct manipulation by humans. While some users may 145 tolerate the direct display of some of these objects, few will 146 tolerate the complexity of manually manipulating objects to 147 accomplish row creation. These functions should be handled by the 148 management application. 150 2.1 Remote Network Management Goals 152 o Offline Operation 154 There are sometimes conditions when a management 155 station will not be in constant contact with its 156 remote monitoring devices. This is sometimes by 157 design in an attempt to lower communications costs 158 (especially when communicating over a WAN or 159 dialup link), or by accident as network failures 160 affect the communications between the management 161 station and the probe. 163 For this reason, this MIB allows a probe to be 164 configured to perform diagnostics and to collect 165 statistics continuously, even when communication with 166 the management station may not be possible or 167 efficient. The probe may then attempt to notify 168 the management station when an exceptional condition 169 occurs. Thus, even in circumstances where 170 communication between management station and probe is 171 not continuous, fault, performance, and configuration 172 information may be continuously accumulated and 173 communicated to the management station conveniently 174 and efficiently. 176 o Proactive Monitoring 178 Given the resources available on the monitor, it 179 is potentially helpful for it continuously to run 180 diagnostics and to log network performance. The 181 monitor is always available at the onset of any 182 failure. It can notify the management station of the 183 failure and can store historical statistical 184 information about the failure. This historical 185 information can be played back by the management 186 station in an attempt to perform further diagnosis 187 into the cause of the problem. 189 o Problem Detection and Reporting 191 The monitor can be configured to recognize 192 conditions, most notably error conditions, and 193 continuously to check for them. When one of these 194 conditions occurs, the event may be logged, and 195 management stations may be notified in a number of 196 ways. 198 o Value Added Data 200 Because a remote monitoring device represents a 201 network resource dedicated exclusively to network 202 management functions, and because it is located 203 directly on the monitored portion of the network, the 204 remote network monitoring device has the opportunity 205 to add significant value to the data it collects. 206 For instance, by highlighting those hosts on the 207 network that generate the most traffic or errors, the 208 probe can give the management station precisely the 209 information it needs to solve a class of problems. 211 o Multiple Managers 213 An organization may have multiple management stations 214 for different units of the organization, for different 215 functions (e.g. engineering and operations), and in an 216 attempt to provide disaster recovery. Because 217 environments with multiple management stations are 218 common, the remote network monitoring device has to 219 deal with more than one management station, 220 potentially using its resources concurrently. 222 2.2 Switched Networks Monitoring 224 This document addresses issues related to applying "Remote 225 Technology" to Switch Networks. Switches today differ from standard 226 shared media protocols: 228 1) Data is not, in general, broadcast. This may be caused by the 229 switch architecture or by the connection-oriented nature of the 230 data. This means, therefore, that monitoring non-broadcast 231 traffic needs to be considered. 233 2) Monitoring the multiple entry and exit points from a switching 234 device requires a vast amount of resources - memory and CPU, and 235 aggregation of the data in logical packets of information, 236 determined by the application needs. 238 3) Switching incorporates logical segmentation such as Virtual LANs 239 (VLANs). 241 4) Switching incorporates packet prioritization. 243 5) Data across the switch fabric can be in the form of cells. Like 244 RMON, SMON is only concerned with the monitoring of packets. 246 Differences such as these make monitoring difficult. The current 247 RMON and RMON 2 standards do not provide for things that are unique 248 to switches or switched environments. 250 In order to overcome the limitations of the existing standards, new 251 monitoring mechanisms have been implemented by vendors of switching 252 equipment. All these monitoring strategies are currently proprietary 253 in nature. 255 This document provides the framework to include different switching 256 strategies and allow for monitoring operations consistent with the 257 RMON framework. This MIB is limited to monitoring and control 258 operations aimed at providing monitoring data for RMON probes. 260 2.3 Mechanisms for Monitoring Switched Networks 262 The following mechanisms are used by SMON devices, for the purpose of 263 monitoring switched networks. 265 2.3.1 DataSource Objects 267 The RMON MIB standard [17] defines data source objects which point to 268 MIB-II interfaces, identified by instances of ifIndex objects. 270 The SMON MIB extends this concept and allows for other types of 271 objects to be defined as data sources for RMON and/or SMON data. 272 Three forms of dataSources are described: 274 ifIndex. 276 Traditional RMON dataSources. Called 'port-based' for 277 ifType. not equal to 'propVirtual(53)'. is the 278 ifIndex value (see [22]). 280 smonVlanDataSource. 282 A dataSource of this form refers to a 'Packet-based VLAN' 283 and is called a 'VLAN-based' dataSource. is the VLAN 284 ID as defined by the IEEE 802.1Q standard [19]. The 285 value is between 1 and 4094 inclusive, and it represents 286 an 802.1Q VLAN-ID with global scope within a given 287 bridged domain, as defined by [19]. 289 entPhysicalEntry. 291 A dataSource of this form refers to a physical entity 292 within the agent and is called an 'entity-based' 293 dataSource. is the value of the entPhysicalIndex in 294 the entPhysicalTable (see [18]). 296 In addition to these new dataSource types, SMON introduces a new 297 group called dataSourceCapsTable to aid an NMS in discovering 298 dataSource identity and attributes. 300 The extended data source mechanism supported by the SMON MIB allows 301 for the use of external collection points, similar to the one defined 302 and supported by the RMON and RMON 2 MIBs, as well as internal 303 collection points (e.g. propVirtual ifTable entry, entPhysicalEntry). 304 The latter reflects either data sources which may be the result of 305 aggregation (e.g. switch-wide) or internal channels of physical 306 entities, which have the capability of being monitored by an SMON 307 probe. 309 2.3.2 Copy Port 311 In order to make the switching devices support RMON statistics, many 312 vendors have implemented a port copy feature, allowing traffic to be 313 replicated from switch port to switch port. Several levels of 314 configuration are possible: 316 1) 1 source port to 1 destination port 317 2) N source ports to 1 destination port 318 3) N source ports to M destination ports 320 The SMON standard presents a standard MIB interface which allows for 321 the control of this function. 323 Note that this function can apply to devices that have no other SMON 324 or RMON functionality than copy port. The agent of such a device 325 would support only the portCopyCaps and the portCopyConfig MIB 326 groups, out of the whole SMON MIB. Switch vendors are encouraged to 327 implement this subset of the SMON MIB, as it would allow for standard 328 port copy configuration from the same NMS application that does RMON 329 or SMON. 331 Port copy may cause congestion problems on the SMON device. This 332 situation is more likely occur when copying from a port of higher 333 speed to a port of lower speed or copy from multiple port to a single 334 port. 336 Particular implementations MAY chose to build protection mechanisms 337 that would prevent creation of new port copy links when the capacity 338 of the destination port is exceeded. The MIB allows for 339 implementations to (if supported) instrument a destination drop count 340 on port copy to provide NMS applications a sense of the quality of 341 data presented at the destination port. 343 2.3.3 VLAN Monitoring 345 VLAN monitoring can be accomplished by using a VLAN-based dataSource 346 and/or by configuring smonVlanIdStats and/or smonPrioStats 347 collections. These functions allow VLAN-ID or user priority 348 distributions per dataSource. VLAN monitoring provides a high-level 349 view of total VLAN usages and relative non-unicast traffic usage as 350 well as a profile of VLAN priority as defined in the 3-bit 351 user_priority field. 353 NOTE: priority statistics reflect what was parsed from the packet, 354 not what priority, if any, was necessarily granted by the switch. 356 2.4 Relationship to Other MIBs 358 2.4.1 The RMON and RMON 2 MIBs 360 The Remote Monitoring MIB (RMON) [17] provides several management 361 functions that may be directly or indirectly applicable to switched 362 networks. 364 The port copy mechanisms defined by the SMON MIB allow for the 365 destination ports to become a data source for any RMON statistics. 366 However, an NMS application should check whether it is in the device 367 capability (portCopyCap) to filter errors from a source to a 368 destination port and whether this capability is enabled, in order to 369 provide a correct interpretation of the copied port traffic. 371 RMON host and matrix group statistics entries may be aggregated by 372 use of the extended dataSource capability defined in SMON. RMON 2 373 groups are similarly extended through the use of SMON's dataSource 374 definition. 376 RMON also defines a simple thresholding monitoring mechanism, event- 377 logging and event-notification for any MIB instance; SMON utilizes 378 the alarms and events groups from RMON without modification. These 379 groups should be implemented on SMON devices if a simple thresholding 380 mechanism is desired. 382 The RMON 2 usrHistory group (user-defined history collection) should 383 be implemented by an SMON device if a history collection mechanism is 384 desired for smonStats entries. 386 2.4.2 The Interfaces Group MIB 388 The SMON MIB utilizes the propVirtual(53) ifType defined in the 389 Interfaces Group MIB [22] to provide SMON and RMON with new 390 dataSources such as VLANs and internal monitoring points. NMS 391 applications should consult the SMON dataSource capabilities group 392 (dataSourceCap) for a description of these virtual interfaces. 394 2.4.3 The Entity MIB 396 The SMON MIB does not mandate Entity MIB [18] support, but allows for 397 physical entities, as defined by this MIB to be defined as SMON data 398 sources. For such cases, the support for the entPhysicalTable is 399 required. 401 2.4.4 The Bridge MIB 403 One of the important indicators for measuring the effectiveness of a 404 switching device is the ratio between the number of forwarded frames 405 and the number of dropped frames at the switch port. 407 It is out of the scope of this MIB to provide instrumentation 408 information relative to switching devices. However, such indication 409 may be part of other MIB modules. 411 For instance the Bridge MIB [23] provides such MIB objects, for the 412 802.1 bridges (dot1dTpPortInFrames, dot1dTpPortInDiscards) and 413 switches managed according to the 802.1 bridge model may provide this 414 information. 416 2.5 Relationship with IEEE 802.1 Standards 418 The SMON MIB provides simple statistics per VLAN and priority levels. 419 Those two categories of statistics are important to managers of 420 switched networks. Interoperability for those features is ensured by 421 the use of the IEEE 802.1 p/Q standards ([19], [20]) defined by the 422 IEEE 802.1 WG. Interoperability from the SMON MIB point of view is 423 ensured by referencing the IEEE definition of VLANs and priority 424 levels for the SMON statistics. 426 3. SMON Groups 428 3.1 SMON ProbeCapabilities 430 The SMON probeCapabilities BITS object covers the following four 431 capabilities. 433 - smonVlanStats(0) 434 The probe supports the smonVlanStats object group. 436 - smonPrioStats(1) 437 The probe supports the smonPrioStats object group. 439 - dataSource(2) 440 The probe supports the dataSourceCaps object group. 442 - portCopy(4) 443 The probe supports the portCopyConfig object group. 445 3.2 smonVlanStats 447 The smonVlanStats MIB group includes the control and statistics 448 objects related to 802.1Q VLANs. Specific statistics per 802.1Q 449 virtual LAN are supported. The group provides a high level view of 450 total VLAN usage, and relative non-unicast traffic usage. 452 It is an implementation-specific matter as to how the agent deter- 453 mines the proper default-VLAN for untagged or priority-tagged frames. 455 3.3 smonPrioStats 457 The smonPrioStatsTable provides a distribution based on the 458 user_priority field in the VLAN header. 460 Note that this table merely reports priority as encoded in VLAN 461 headers, not the priority (if any) given the frame for actual 462 switching purposes. 464 3.4 dataSourceCaps 466 The dataSourceCaps MIB group identifies all supported data sources on 467 an SMON device. An NMS may use this table to discover the RMON and 468 Copy Port attributes of each data source. 470 Upon restart of the agent, the dataSourceTable, ifTable and 471 entPhysicalTable are initialized for the available data sources. The 472 agent may modify these tables as data sources become known or are 473 removed (e.g. hot swap of interfaces, chassis cards or the discovery 474 of VLAN usage). It is understood that dataSources representing VLANs 475 may not always be instantiated immediately upon restart, but rather 476 as VLAN usage is detected by the agent. The agent should attempt to 477 create dataSource and interface entries for all dataSources as soon 478 as possible. 480 For each dataSourceCapsEntry representing a VLAN or entPhysicalEntry, 481 the agent MUST create an associated ifEntry with a ifType value of 482 'propVirtual(53)'. The assigned ifIndex value is copied into the 483 associated dataSourceCapsIfIndex object. 485 The rationale of the above derives from the fact that according to 486 [16] and [17] an RMON dataSource MUST be associated with an ifEntry. 487 Specifically, the dataSourceCapsTable allows for an agent to map 488 Entity MIB physical entities (e.g., switch backplanes) and entire 489 VLANs to ifEntries with ifType "propVirtual(53)". This ifEntry values 490 will be used as the actual values in RMON control table dataSource 491 objects. This allows for physical entities and VLANs to be treated 492 as RMON data sources, and RMON functions to be applied to this type 493 of data sources. 495 3.5 portCopyConfig 497 The portCopyConfig MIB group includes the objects defined for the 498 control of the port copy functionality in a device. 500 The standard does not place a limit on the mode in which this copy 501 function may be used: 503 Mode 1 -- 1:1 Copy 505 Single dataSource copied to a single destination dataSource. 506 Agent may limit configuration based on ifTypes, ifSpeeds, half- 507 duplex/full-duplex, or agent resources. In this mode the single 508 instance of the portCopyDestDropEvents object refers to dropped 509 frames on the portCopyDest interface. 511 Mode 2 -- N:1 Copy 513 Multiple dataSources copied to a single destination dataSource. 514 Agent may limit configuration based on ifTypes, ifSpeeds, half- 515 duplex/full-duplex, portCopyDest over-subscription, or agent 516 resources. In this mode all N instances of the 517 portCopyDestDropEvents object should contain the same value, 518 and refer to dropped frames on the portCopyDest interface. 520 Mode 3 -- N:M Copy 522 Multiple dataSources copied to multiple destination dataSources. 523 Agent may limit configuration based on ifTypes, ifSpeeds, half- 524 duplex/full-duplex, portCopyDest over-subscription, or agent 525 resources. Since portCopyDestDropEvents is kept per destination 526 port, all instances of the portCopyDestDropEvents object 527 associated with (indexed by) a given portCopyDest should have 528 the same value (i.e. replicated or aliased for each instance 529 associated with a given portCopyDest). 531 The rows do not have an OwnerString, since multiple rows may be part 532 of the same portCopy operation. The agent is expected to activate or 533 deactivate entries one at a time, based on the rowStatus for the 534 given row. This can lead to unpredictable results in Modes 2 and 3 535 in applications utilizing the portCopy target traffic, if multiple 536 PDUs are used to fully configure the operation. It is RECOMMENDED 537 that an entire portCopy operation be configured in one SetRequest PDU 538 if possible. 540 The portCopyDest object may not reference an interface associated 541 with a packet-based VLAN (smonVlanDataSource.), but this 542 dataSource type may be used as a portCopySource. 544 4. Control of Remote Network Monitoring Devices 546 Due to the complex nature of the available functions in these 547 devices, the functions often need user configuration. In many cases, 548 the function requires parameters to be set up for a data collection 549 operation. The operation can proceed only after these parameters are 550 fully set up. 552 Many functional groups in this MIB have one or more tables in which 553 to set up control parameters, and one or more data tables in which to 554 place the results of the operation. The control tables are typically 555 read/write in nature, while the data tables are typically read-only. 556 Because the parameters in the control table often describe resulting 557 data in the data table, many of the parameters can be modified only 558 when the control entry is not active. Thus, the method for modifying 559 these parameters is to de-activate the entry, perform the SNMP Set 560 operations to modify the entry, and then re-activate the entry. 561 Deleting the control entry causes the deletion of any associated data 562 entries, which also gives a convenient method for reclaiming the 563 resources used by the associated data. 565 Some objects in this MIB provide a mechanism to execute an action on 566 the remote monitoring device. These objects may execute an action as 567 a result of a change in the state of the object. For those objects 568 in this MIB, a request to set an object to the same value as it 569 currently holds would thus cause no action to occur. 571 To facilitate control by multiple managers, resources have to be 572 shared among the managers. These resources are typically the memory 573 and computation resources that a function requires. 575 The control mechanisms defined and used in this MIB are the same as 576 those defined in the RMON MIB [17], for control functionality and 577 interaction with multiple managers. 579 5. Definitions 581 SMON-MIB DEFINITIONS ::= BEGIN 583 IMPORTS 584 MODULE-IDENTITY, OBJECT-TYPE, Counter32, 585 Integer32, Counter64, experimental 586 FROM SNMPv2-SMI 587 RowStatus, TEXTUAL-CONVENTION 588 FROM SNMPv2-TC 589 OwnerString 590 FROM RMON-MIB 591 LastCreateTime, DataSource, rmonConformance, probeConfig 592 FROM RMON2-MIB 593 InterfaceIndex 594 FROM IF-MIB 595 MODULE-COMPLIANCE, OBJECT-GROUP 596 FROM SNMPv2-CONF; 598 switchRMON MODULE-IDENTITY 599 LAST-UPDATED "9812160000Z" 600 ORGANIZATION "IETF RMON MIB Working Group" 601 CONTACT-INFO 602 "IETF RMONMIB WG Mailing list: rmonmib@cisco.com 604 Rich Waterman 605 Allot Networks Inc. 606 Tel: +1-408-559-0253 607 Email: rich@allot.com 609 Bill Lahaye 610 Xylan Corp. 611 Tel: +1-800-995-2612 612 Email: lahaye@ctron.com 614 Dan Romascanu 615 Lucent Technologies 616 Tel: +972-3-645-8414 617 Email: dromasca@lucent.com 619 Steven Waldbusser 620 International Network Services 621 Tel: +1-415-254-4251 622 Email: waldbusser@ins.com" 624 DESCRIPTION 625 "The MIB module for managing remote monitoring device 626 implementations for Switched Networks" 628 ::= { rmon 22 } 630 smonMIBObjects OBJECT IDENTIFIER ::= { switchRMON 1 } 632 dataSourceCaps OBJECT IDENTIFIER ::= {smonMIBObjects 1} 633 smonStats OBJECT IDENTIFIER ::= {smonMIBObjects 2} 634 portCopyConfig OBJECT IDENTIFIER ::= {smonMIBObjects 3} 635 smonRegistrationPoints OBJECT IDENTIFIER ::= {smonMIBObjects 4} 637 -- Textual Conventions 638 -- 640 SmonDataSource ::= TEXTUAL-CONVENTION 641 STATUS current 642 DESCRIPTION 643 "Identifies the source of the data that the associated function 644 is configured to analyze. This Textual Convention 645 extends the DataSource Textual Convention defined by RMON 2 646 to the following data source types: 648 - ifIndex. 649 DataSources of this traditional form are called 'port-based', 650 but only if ifType. is not equal to 'propVirtual(53)'. 652 - smonVlanDataSource. 653 A dataSource of this form refers to a 'Packet-based VLAN' 654 and is called a 'VLAN-based' dataSource. is the VLAN 655 ID as defined by the IEEE 802.1Q standard [19]. The 656 value is between 1 and 4094 inclusive, and it represents 657 an 802.1Q VLAN-ID with global scope within a given 658 bridged domain, as defined by [19]. 660 - entPhysicalEntry. 661 A dataSource of this form refers to a physical entity within 662 the agent (e.g. entPhysicalClass = backplane(4)) and is called 663 an 'entity-based' dataSource." 664 SYNTAX OBJECT IDENTIFIER 666 -- The smonCapabilities object describes SMON agent capabilities. 668 smonCapabilities OBJECT-TYPE 669 SYNTAX BITS { 670 smonVlanStats(0), 671 smonPrioStats(1), 672 dataSource(2), 673 portCopy(4) 674 } 675 MAX-ACCESS read-only 676 STATUS current 677 DESCRIPTION 678 "An indication of the SMON MIB groups supported 679 by this agent." 680 ::= { probeConfig 15 } 682 -- dataSourceCaps MIB group - defines SMON data source and port 683 -- copy capabilities for devices supporting SMON. 685 -- A NMS application will check this MIB group and retrieve 686 -- information about the SMON capabilities of the device before 687 -- applying SMON control operations to the device. 689 -- dataSourceCapsTable: defines capabilities of RMON data sources 691 dataSourceCapsTable OBJECT-TYPE 692 SYNTAX SEQUENCE OF DataSourceCapsEntry 693 MAX-ACCESS not-accessible 694 STATUS current 695 DESCRIPTION 696 "This table describes RMON data sources and port copy 697 capabilities. An NMS may use this table to discover the 698 identity and attributes of the data sources on a given agent 699 implementation. Similar to the probeCapabilities object, 700 actual row-creation operations will succeed or fail based on 701 the resources available and parameter values used in each 702 row-creation operation. 704 Upon restart of the RMON agent, the dataSourceTable, ifTable, 705 and perhaps entPhysicalTable are initialized for the available 706 dataSources. 708 For each dataSourceCapsEntry representing a VLAN or 709 entPhysicalEntry the agent MUST create an associated ifEntry 710 with a ifType value of 'propVirtual(53)'. This ifEntry will be 711 used as the actual value in RMON control table dataSource 712 objects. The assigned ifIndex value is copied into the 713 associated dataSourceCapsIfIndex object. 715 It is understood that dataSources representing VLANs may not 716 always be instantiated immediately upon restart, but rather as 717 VLAN usage is detected by the agent. The agent should attempt 718 to create dataSource and interface entries for all dataSources 719 as soon as possible." 720 ::= { dataSourceCaps 1 } 722 dataSourceCapsEntry OBJECT-TYPE 723 SYNTAX DataSourceCapsEntry 724 MAX-ACCESS not-accessible 725 STATUS current 726 DESCRIPTION 727 "Entries per data source containing descriptions of data 728 source and port copy capabilities. This table is populated by 729 the SMON agent with one entry for each supported data 730 source." 731 INDEX { IMPLIED dataSourceCapsObject } 732 ::= { dataSourceCapsTable 1 } 734 DataSourceCapsEntry ::= SEQUENCE { 735 dataSourceCapsObject 736 SmonDataSource, 737 dataSourceRmonCaps 738 BITS, 739 dataSourceCopyCaps 740 BITS, 741 dataSourceCapsIfIndex 742 InterfaceIndex 743 } 745 dataSourceCapsObject OBJECT-TYPE 746 SYNTAX SmonDataSource 747 MAX-ACCESS not-accessible 748 STATUS current 749 DESCRIPTION 750 "Defines an object that can be a SMON data source or a 751 source or a destination for a port copy operation." 752 ::= { dataSourceCapsEntry 1 } 754 dataSourceRmonCaps OBJECT-TYPE 755 SYNTAX BITS { 756 countErrFrames(0), 757 countAllGoodFrames(1), 758 countAnyRmonTables(2), 759 babyGiantsCountAsGood(3) 760 } 761 MAX-ACCESS read-only 762 STATUS current 763 DESCRIPTION 765 " General attributes of the specified dataSource. Note that 766 these are static attributes, which should not be adjusted 767 because of current resources or configuration. 769 - countErrFrames(0) 770 The agent sets this bit for the dataSource if errored frames 771 received on this dataSource can actually be monitored by the 772 agent The agent clears this bit if any errored frames are 773 not visible to the RMON data collector. 775 - countAllGoodFrames(1) 776 The agent sets this bit for the dataSource if all good 777 frames received on this dataSource can actually be monitored 778 by the agent. The agent clears this bit if any good frames 779 are not visible for RMON collection, e.g., the dataSource is 780 a non-promiscuous interface or an internal switch interface 781 which may not receive frames which were switched in hardware 782 or dropped by the bridge forwarding function. 784 - countAnyRmonTables(2) 785 The agent sets this bit if this dataSource can actually be 786 used in any of the implemented RMON tables, resources 787 notwithstanding. The agent clears this bit if this 788 dataSourceCapsEntry is present simply to identify a 789 dataSource that may only be used as portCopySource and/or a 790 portCopyDest, but not the source of an actual RMON data 791 collection. 793 - babyGiantsCountAsGood(3) 794 The agent sets this bit if it can distinguish, for counting 795 purposes, between true giant frames and frames that exceed 796 Ethernet maximum frame size 1518 due to VLAN tagging ('baby 797 giants'). Specifically, this BIT means that frames up to 798 1522 octets are counted as good. 800 Agents not capable of detecting 'baby giants' will clear 801 this bit and will view all frames less than or equal to 1518 802 octets as 'good frames' and all frames larger than 1518 803 octets as 'bad frames' for the purpose of counting in the 804 smonVlanIdStats and smonPrioStats tables. 806 Agents capable of detecting 'baby giants' SHALL consider 807 them as 'good frames' for the purpose of counting in the 808 smonVlanIdStats and smonPrioStats tables." 810 ::= { dataSourceCapsEntry 2 } 812 dataSourceCopyCaps OBJECT-TYPE 813 SYNTAX BITS { 814 copySourcePort(0), 815 copyDestPort(1), 816 copySrcTxTraffic(2), 817 copySrcRxTraffic(3), 818 countDestDropEvents(4), 819 copyErrFrames(5), 820 copyUnalteredFrames(6), 821 copyAllGoodFrames(7) 822 } 823 MAX-ACCESS read-only 824 STATUS current 825 DESCRIPTION 826 "PortCopy function capabilities of the specified dataSource. 827 Note that these are static capabilities, which should not be 828 adjusted because of current resources or configuration. 830 - copySourcePort(0) 831 The agent sets this bit if this dataSource is capable of 832 acting as a source of a portCopy operation. The agent clears 833 this bit otherwise. 835 - copyDestPort(1) 836 The agent sets this bit if this dataSource is capable of 837 acting as a destination of a portCopy operation. The agent 838 clears this bit otherwise. 840 - copySrcTxTraffic(2) 841 If the copySourcePort bit is set: 842 The agent sets this bit if this dataSource is capable of 843 copying frames transmitted out this portCopy source. The 844 agent clears this bit otherwise. This function is needed 845 to support full-duplex ports. 846 Else: 847 this bit should be cleared. 849 - copySrcRxTraffic(3) 850 If the copySourcePort bit is set: 851 The agent sets this bit if this dataSource is capable of 852 copying frames received on this portCopy source. The agent 853 clears this bit otherwise. This function is needed to 854 support full-duplex ports. 855 Else: 856 this bit should be cleared. 858 - countDestDropEvents(4) 860 If the copyDestPort bit is set: 861 The agent sets this bit if it is capable of incrementing 862 portCopyDestDropEvents, when this dataSource is the 863 target of a portCopy operation and a frame destined to 864 this dataSource is dropped (for RMON counting purposes). 865 Else: 866 this BIT should be cleared. 868 - copyErrFrames(5) 869 If the copySourcePort bit is set: 870 The agent sets this bit if it is capable of copying all 871 errored frames from this portCopy source-port, for 872 errored frames received on this dataSource. 873 Else: 874 this BIT should be cleared. 876 - copyUnalteredFrames(6) 877 If the copySourcePort bit is set: 878 The agent sets the copyUnalteredFrames bit If it is 879 capable of copying all frames from this portCopy 880 source-port without alteration in any way; 881 Else: 882 this bit should be cleared. 884 - copyAllGoodFrames(7) 885 If the copySourcePort bit is set: 886 The agent sets this bit for the dataSource if all good 887 frames received on this dataSource are normally capable 888 of being copied by the agent. The agent clears this bit 889 if any good frames are not visible for the RMON portCopy 890 operation, e.g., the dataSource is a non-promiscuous 891 interface or an internal switch interface which may not 892 receive frames which were switched in hardware or 893 dropped by the bridge forwarding function. 894 Else: 895 this bit should be cleared." 897 ::= { dataSourceCapsEntry 3 } 899 dataSourceCapsIfIndex OBJECT-TYPE 900 SYNTAX InterfaceIndex 901 MAX-ACCESS read-only 902 STATUS current 903 DESCRIPTION 904 "This object contains the ifIndex value of the ifEntry 905 associated with this smonDataSource. The agent MUST create 906 'propVirtual' ifEntries for each dataSourceCapsEntry of type 907 VLAN or entPhysicalEntry." 908 ::= { dataSourceCapsEntry 4 } 910 -- The SMON Statistics MIB Group 912 -- aggregated statistics for IEEE 802.1Q VLAN environments. 914 -- VLAN statistics can be gathered by configuring smonVlanIdStats 915 -- and/or smonPrioStats collections. These functions allow a 916 -- VLAN-ID or user priority distributions per dataSource, 917 -- auto-populated by the agent in a manner similar to the RMON 918 -- hostTable. 920 -- Only good frames are counted in the tables described in this 921 -- section. 923 -- VLAN ID Stats 925 -- smonVlanStatsControlTable allows configuration of VLAN-ID 926 -- collections. 928 smonVlanStatsControlTable OBJECT-TYPE 929 SYNTAX SEQUENCE OF SmonVlanStatsControlEntry 930 MAX-ACCESS not-accessible 931 STATUS current 932 DESCRIPTION 934 "Controls the setup of VLAN statistics tables. 936 The statistics collected represent a distribution based on 937 the IEEE 802.1Q VLAN-ID (VID), for each good frame attributed 938 to the data source for the collection." 939 ::= { smonStats 1 } 941 smonVlanStatsControlEntry OBJECT-TYPE 942 SYNTAX SmonVlanStatsControlEntry 943 MAX-ACCESS not-accessible 944 STATUS current 945 DESCRIPTION 946 "A conceptual row in the smonVlanStatsControlTable." 947 INDEX { smonVlanStatsControlIndex } 948 ::= { smonVlanStatsControlTable 1 } 950 SmonVlanStatsControlEntry ::= SEQUENCE { 951 smonVlanStatsControlIndex Integer32, 952 smonVlanStatsControlDataSource DataSource, 953 smonVlanStatsControlCreateTime LastCreateTime, 954 smonVlanStatsControlOwner OwnerString, 955 smonVlanStatsControlStatus RowStatus 956 } 958 smonVlanStatsControlIndex OBJECT-TYPE 959 SYNTAX Integer32 960 MAX-ACCESS not-accessible 961 STATUS current 962 DESCRIPTION 963 "A unique arbitrary index for this smonVlanStatsControlEntry." 965 ::= { smonVlanStatsControlEntry 1 } 967 smonVlanStatsControlDataSource OBJECT-TYPE 968 SYNTAX DataSource 969 MAX-ACCESS read-create 970 STATUS current 971 DESCRIPTION 972 "The source of data for this set of VLAN statistics. 974 This object may not be modified if the associated 975 smonVlanStatsControlStatus object is equal to active(1)." 976 ::= { smonVlanStatsControlEntry 2 } 978 smonVlanStatsControlCreateTime OBJECT-TYPE 979 SYNTAX LastCreateTime 980 MAX-ACCESS read-only 981 STATUS current 982 DESCRIPTION 983 "The value of sysUpTime when this control entry was last 984 activated. This object allows to a management station to 985 detect deletion and recreation cycles between polls." 986 ::= { smonVlanStatsControlEntry 3 } 988 smonVlanStatsControlOwner OBJECT-TYPE 990 SYNTAX OwnerString 991 MAX-ACCESS read-create 992 STATUS current 993 DESCRIPTION 994 "Administratively assigned named of the owner of this entry. 995 It usually defines the entity that created this entry and is 996 therefore using the resources assigned to it, though there is 997 no enforcement mechanism, nor assurance that rows created are 998 ever used." 999 ::= { smonVlanStatsControlEntry 4 } 1001 smonVlanStatsControlStatus OBJECT-TYPE 1002 SYNTAX RowStatus 1003 MAX-ACCESS read-create 1004 STATUS current 1005 DESCRIPTION 1006 "The status of this row. 1008 An entry may not exist in the active state unless all 1009 objects in the entry have an appropriate value. 1011 If this object is not equal to active(1), all associated 1012 entries in the smonVlanIdStatsTable SHALL be deleted." 1014 ::= { smonVlanStatsControlEntry 5 } 1016 -- The VLAN Statistics Table 1018 smonVlanIdStatsTable OBJECT-TYPE 1019 SYNTAX SEQUENCE OF SmonVlanIdStatsEntry 1020 MAX-ACCESS not-accessible 1021 STATUS current 1022 DESCRIPTION 1023 "Contains the VLAN statistics data. 1024 The statistics collected represent a distribution based 1025 on the IEEE 802.1Q VLAN-ID (VID), for each good frame 1026 attributed to the data source for the collection. 1028 This function applies the same rules for attributing frames 1029 to VLAN-based collections. RMON VLAN statistics are collected 1030 after the Ingress Rules defined in section 3.13 of the VLAN 1031 Specification [20] are applied. 1033 It is possible that entries in this table will be 1034 garbage-collected, based on agent resources, and VLAN 1035 configuration. Agents are encouraged to support all 4094 1036 index values and not garbage collect this table." 1037 ::= { smonStats 2 } 1039 smonVlanIdStatsEntry OBJECT-TYPE 1040 SYNTAX SmonVlanIdStatsEntry 1041 MAX-ACCESS not-accessible 1042 STATUS current 1043 DESCRIPTION 1044 "A conceptual row in smonVlanIdStatsTable." 1045 INDEX { smonVlanStatsControlIndex, smonVlanIdStatsId } 1046 ::= { smonVlanIdStatsTable 1 } 1048 SmonVlanIdStatsEntry ::= SEQUENCE { 1049 smonVlanIdStatsId Integer32, 1050 smonVlanIdStatsTotalPkts Counter32, 1051 smonVlanIdStatsTotalOverflowPkts Counter32, 1052 smonVlanIdStatsTotalHCPkts Counter64, 1053 smonVlanIdStatsTotalOctets Counter32, 1054 smonVlanIdStatsTotalOverflowOctets Counter32, 1055 smonVlanIdStatsTotalHCOctets Counter64, 1056 smonVlanIdStatsNUcastPkts Counter32, 1057 smonVlanIdStatsNUcastOverflowPkts Counter32, 1058 smonVlanIdStatsNUcastHCPkts Counter64, 1059 smonVlanIdStatsNUcastOctets Counter32, 1060 smonVlanIdStatsNUcastOverflowOctets Counter32, 1061 smonVlanIdStatsNUcastHCOctets Counter64, 1062 smonVlanIdStatsCreateTime LastCreateTime 1063 } 1065 smonVlanIdStatsId OBJECT-TYPE 1066 SYNTAX Integer32 (1..4094) 1067 MAX-ACCESS not-accessible 1068 STATUS current 1069 DESCRIPTION 1070 "The unique identifier of the VLAN monitored for 1071 this specific statistics collection. 1073 Tagged packets match the VID for the range between 1 and 4094. 1074 An external RMON probe may detect VID=0 on an Inter Switch 1075 Link, in which case the packet belongs to a VLAN determined by 1076 the PVID of the ingress port. The VLAN to which such a packet 1077 belongs can be determined only by a RMON probe internal to the 1078 switch." 1079 REFERENCE 1080 "Draft Standard for Virtual Bridged Local Area Networks, 1081 P802.1Q/D10, chapter 3.13" 1082 ::= { smonVlanIdStatsEntry 1 } 1084 smonVlanIdStatsTotalPkts OBJECT-TYPE 1085 SYNTAX Counter32 1086 UNITS "packets" 1087 MAX-ACCESS read-only 1088 STATUS current 1089 DESCRIPTION 1090 "The total number of packets counted on this VLAN." 1091 ::= { smonVlanIdStatsEntry 2 } 1093 smonVlanIdStatsTotalOverflowPkts OBJECT-TYPE 1094 SYNTAX Counter32 1095 UNITS "packets" 1096 MAX-ACCESS read-only 1097 STATUS current 1098 DESCRIPTION 1099 "The number of times the associated smonVlanIdStatsTotalPkts 1100 counter has overflowed." 1101 ::= { smonVlanIdStatsEntry 3 } 1103 smonVlanIdStatsTotalHCPkts OBJECT-TYPE 1104 SYNTAX Counter64 1105 UNITS "packets" 1106 MAX-ACCESS read-only 1107 STATUS current 1108 DESCRIPTION 1109 "The total number of packets counted on this VLAN." 1111 ::= { smonVlanIdStatsEntry 4 } 1113 smonVlanIdStatsTotalOctets OBJECT-TYPE 1114 SYNTAX Counter32 1115 UNITS "octets" 1116 MAX-ACCESS read-only 1117 STATUS current 1118 DESCRIPTION 1119 "The total number of octets counted on this VLAN." 1120 ::= { smonVlanIdStatsEntry 5 } 1122 smonVlanIdStatsTotalOverflowOctets OBJECT-TYPE 1123 SYNTAX Counter32 1124 UNITS "octets" 1125 MAX-ACCESS read-only 1126 STATUS current 1127 DESCRIPTION 1128 "The number of times the associated smonVlanIdStatsTotalOctets 1129 counter has overflowed." 1130 ::= { smonVlanIdStatsEntry 6 } 1132 smonVlanIdStatsTotalHCOctets OBJECT-TYPE 1133 SYNTAX Counter64 1134 UNITS "octets" 1135 MAX-ACCESS read-only 1136 STATUS current 1137 DESCRIPTION 1138 "The total number of octets counted on this VLAN." 1139 ::= { smonVlanIdStatsEntry 7 } 1141 smonVlanIdStatsNUcastPkts OBJECT-TYPE 1142 SYNTAX Counter32 1143 UNITS "packets" 1144 MAX-ACCESS read-only 1145 STATUS current 1146 DESCRIPTION 1147 "The total number of non-unicast packets counted on this 1148 VLAN." 1149 ::= { smonVlanIdStatsEntry 8 } 1151 smonVlanIdStatsNUcastOverflowPkts OBJECT-TYPE 1152 SYNTAX Counter32 1153 UNITS "packets" 1154 MAX-ACCESS read-only 1155 STATUS current 1156 DESCRIPTION 1157 "The number of times the associated smonVlanIdStatsNUcastPkts 1158 counter has overflowed." 1160 ::= { smonVlanIdStatsEntry 9 } 1162 smonVlanIdStatsNUcastHCPkts OBJECT-TYPE 1163 SYNTAX Counter64 1164 UNITS "packets" 1165 MAX-ACCESS read-only 1166 STATUS current 1167 DESCRIPTION 1168 "The total number of non-unicast packets counted on 1169 this VLAN." 1170 ::= { smonVlanIdStatsEntry 10 } 1172 smonVlanIdStatsNUcastOctets OBJECT-TYPE 1173 SYNTAX Counter32 1174 UNITS "octets" 1175 MAX-ACCESS read-only 1176 STATUS current 1177 DESCRIPTION 1178 "The total number of non-unicast octets counted on 1179 this VLAN." 1180 ::= { smonVlanIdStatsEntry 11 } 1182 smonVlanIdStatsNUcastOverflowOctets OBJECT-TYPE 1183 SYNTAX Counter32 1184 UNITS "octets" 1185 MAX-ACCESS read-only 1186 STATUS current 1187 DESCRIPTION 1188 "The number of times the associated 1189 smonVlanIdStatsNUcastOctets counter has overflowed." 1190 ::= { smonVlanIdStatsEntry 12 } 1192 smonVlanIdStatsNUcastHCOctets OBJECT-TYPE 1193 SYNTAX Counter64 1194 UNITS "octets" 1195 MAX-ACCESS read-only 1196 STATUS current 1197 DESCRIPTION 1198 "The total number of Non-unicast octets counted on 1199 this VLAN." 1200 ::= { smonVlanIdStatsEntry 13 } 1202 smonVlanIdStatsCreateTime OBJECT-TYPE 1203 SYNTAX LastCreateTime 1204 MAX-ACCESS read-only 1205 STATUS current 1206 DESCRIPTION 1207 "The value of sysUpTime when this entry was last 1208 activated. This object allows to a management station to 1209 detect deletion and recreation cycles between polls." 1210 ::= { smonVlanIdStatsEntry 14 } 1212 -- smonPrioStatsControlTable 1214 smonPrioStatsControlTable OBJECT-TYPE 1215 SYNTAX SEQUENCE OF SmonPrioStatsControlEntry 1216 MAX-ACCESS not-accessible 1217 STATUS current 1218 DESCRIPTION 1219 "Controls the setup of priority statistics tables. 1221 The smonPrioStatsControlTable allows configuration of 1222 collections based on the value of the 3-bit user priority 1223 field encoded in the Tag Control Information (TCI) field 1224 according to [19],[20]. 1226 Note that this table merely reports priority as encoded in 1227 the VLAN headers, not the priority (if any) given to the 1228 frame for the actual switching purposes." 1230 ::= { smonStats 3 } 1232 smonPrioStatsControlEntry OBJECT-TYPE 1233 SYNTAX SmonPrioStatsControlEntry 1234 MAX-ACCESS not-accessible 1235 STATUS current 1236 DESCRIPTION 1237 "A conceptual row in the smonPrioStatsControlTable." 1238 INDEX { smonPrioStatsControlIndex } 1239 ::= { smonPrioStatsControlTable 1 } 1241 SmonPrioStatsControlEntry ::= SEQUENCE { 1242 smonPrioStatsControlIndex Integer32, 1243 smonPrioStatsControlDataSource DataSource, 1244 smonPrioStatsControlCreateTime LastCreateTime, 1245 smonPrioStatsControlOwner OwnerString, 1246 smonPrioStatsControlStatus RowStatus 1247 } 1249 smonPrioStatsControlIndex OBJECT-TYPE 1250 SYNTAX Integer32 1251 MAX-ACCESS not-accessible 1252 STATUS current 1253 DESCRIPTION 1254 "A unique arbitrary index for this smonPrioStatsControlEntry." 1256 ::= { smonPrioStatsControlEntry 1 } 1258 smonPrioStatsControlDataSource OBJECT-TYPE 1259 SYNTAX DataSource 1260 MAX-ACCESS read-create 1261 STATUS current 1262 DESCRIPTION 1263 "The source of data for this set of VLAN statistics. 1265 This object may not be modified if the associated 1266 smonPrioStatsControlStatus object is equal to active(1)." 1267 ::= { smonPrioStatsControlEntry 2 } 1269 smonPrioStatsControlCreateTime OBJECT-TYPE 1270 SYNTAX LastCreateTime 1271 MAX-ACCESS read-only 1272 STATUS current 1273 DESCRIPTION 1274 "The value of sysUpTime when this entry was created. 1275 This object allows to a management station to 1276 detect deletion and recreation cycles between polls." 1278 ::= { smonPrioStatsControlEntry 3 } 1280 smonPrioStatsControlOwner OBJECT-TYPE 1281 SYNTAX OwnerString 1282 MAX-ACCESS read-create 1283 STATUS current 1284 DESCRIPTION 1285 "Administratively assigned named of the owner of this entry. 1286 It usually defines the entity that created this entry and is 1287 therefore using the resources assigned to it, though there is 1288 no enforcement mechanism, nor assurance that rows created are 1289 ever used." 1290 ::= { smonPrioStatsControlEntry 4 } 1292 smonPrioStatsControlStatus OBJECT-TYPE 1293 SYNTAX RowStatus 1294 MAX-ACCESS read-create 1295 STATUS current 1296 DESCRIPTION 1297 "The status of this row. 1299 An entry may not exist in the active state unless all 1300 objects in the entry have an appropriate value. 1302 If this object is not equal to active(1), all associated 1303 entries in the smonPrioStatsTable SHALL be deleted." 1305 ::= { smonPrioStatsControlEntry 5 } 1307 -- The Priority Statistics Table 1309 smonPrioStatsTable OBJECT-TYPE 1310 SYNTAX SEQUENCE OF SmonPrioStatsEntry 1311 MAX-ACCESS not-accessible 1312 STATUS current 1313 DESCRIPTION 1314 "Contains the priority statistics. The collections are based 1315 on the value of the 3-bit user priority field encoded in the 1316 Tag Control Information (TCI) field according to [19], [20]. 1317 Note that this table merely reports priority as encoded in 1318 the VLAN headers, not the priority (if any) given to the 1319 frame for the actual switching purposes. 1321 No garbage collection is designed for this table, as there 1322 always are at most eight rows per statistical set, and the 1323 low memory requirements do not justify the implementation of 1324 such a mechanism." 1325 ::= { smonStats 4 } 1327 smonPrioStatsEntry OBJECT-TYPE 1328 SYNTAX SmonPrioStatsEntry 1329 MAX-ACCESS not-accessible 1330 STATUS current 1331 DESCRIPTION 1332 "A conceptual row in smonPrioStatsTable." 1333 INDEX { smonPrioStatsControlIndex, smonPrioStatsId } 1334 ::= { smonPrioStatsTable 1 } 1336 SmonPrioStatsEntry ::= SEQUENCE { 1337 smonPrioStatsId Integer32, 1338 smonPrioStatsPkts Counter32, 1339 smonPrioStatsOverflowPkts Counter32, 1340 smonPrioStatsHCPkts Counter64, 1341 smonPrioStatsOctets Counter32, 1342 smonPrioStatsOverflowOctets Counter32, 1343 smonPrioStatsHCOctets Counter64 1344 } 1346 smonPrioStatsId OBJECT-TYPE 1347 SYNTAX Integer32 (0..7) 1348 MAX-ACCESS not-accessible 1349 STATUS current 1350 DESCRIPTION 1351 "The unique identifier of the priority level monitored for 1352 this specific statistics collection." 1354 REFERENCE 1355 " Draft Standard for Virtual Bridged Local Area Networks, 1356 P802.1Q/D10, chapter 4.3.2.1" 1357 ::= { smonPrioStatsEntry 1 } 1359 smonPrioStatsPkts OBJECT-TYPE 1360 SYNTAX Counter32 1361 UNITS "packets" 1362 MAX-ACCESS read-only 1363 STATUS current 1364 DESCRIPTION 1365 "The total number of packets counted on 1366 this priority level." 1367 ::= { smonPrioStatsEntry 2 } 1369 smonPrioStatsOverflowPkts OBJECT-TYPE 1370 SYNTAX Counter32 1371 UNITS "packets" 1372 MAX-ACCESS read-only 1373 STATUS current 1374 DESCRIPTION 1375 "The number of times the associated smonPrioStatsPkts 1376 counter has overflowed." 1377 ::= { smonPrioStatsEntry 3 } 1379 smonPrioStatsHCPkts OBJECT-TYPE 1380 SYNTAX Counter64 1381 UNITS "packets" 1382 MAX-ACCESS read-only 1383 STATUS current 1384 DESCRIPTION 1385 "The total number of packets counted on 1386 this priority level." 1387 ::= { smonPrioStatsEntry 4 } 1389 smonPrioStatsOctets OBJECT-TYPE 1390 SYNTAX Counter32 1391 UNITS "octets" 1392 MAX-ACCESS read-only 1393 STATUS current 1394 DESCRIPTION 1395 "The total number of octets counted on 1396 this priority level." 1397 ::= { smonPrioStatsEntry 5 } 1399 smonPrioStatsOverflowOctets OBJECT-TYPE 1400 SYNTAX Counter32 1401 UNITS "octets" 1402 MAX-ACCESS read-only 1403 STATUS current 1404 DESCRIPTION 1405 "The number of times the associated smonPrioStatsOctets 1406 counter has overflowed." 1407 ::= { smonPrioStatsEntry 6 } 1409 smonPrioStatsHCOctets OBJECT-TYPE 1410 SYNTAX Counter64 1411 UNITS "octets" 1412 MAX-ACCESS read-only 1413 STATUS current 1414 DESCRIPTION 1415 "The total number of octets counted on 1416 this priority level." 1417 ::= { smonPrioStatsEntry 7 } 1419 portCopyTable OBJECT-TYPE 1420 SYNTAX SEQUENCE OF PortCopyEntry 1421 MAX-ACCESS not-accessible 1422 STATUS current 1423 DESCRIPTION 1424 " Port Copy provides the ability to copy all frames from a 1425 specified source to specified destination within a switch. 1426 Source and destinations MUST be ifEntries, as defined by [22]. 1427 One to one, one to many, many to one and many to many source to 1428 destination relationships may be configured. 1430 Applicable counters on the destination will increment for all 1431 packets transiting the port, be it by normal bridging/switching 1432 or due to packet copy. 1433 Note that this table manages no RMON data collection by itself, 1434 and an agent may possibly implement no RMON objects except 1435 objects related to the port copy operation defined by the 1436 portCopyCompliance conformance macro. That allows for a switch 1437 with no other embedded RMON capability to perform port copy 1438 operations to a destination port at which a different external 1439 RMON probe is connected. 1441 One to one, many to one and one to many source to destination 1442 relationships may be configured. 1444 Each row that exists in this table defines such a 1445 relationship. By disabling a row in this table the port copy 1446 relationship no longer exists. 1448 The number of entries and the types of port copies (1-1, 1449 many-1, 1-many) are implementation specific and could 1450 possibly be dynamic due to changing resource availability. 1452 In order to configure a source to destination portCopy 1453 relationship, both source and destination interfaces MUST be 1454 present as an ifEntry in the ifTable and their respective 1455 ifAdminStatus and ifOperStatus values must be equal to 1456 'up(1)'. If the value of any of those two objects changes 1457 after the portCopyEntry is activated, portCopyStatus will 1458 transition to 'notReady(3)'. 1460 The capability of an interface to be source or destination of 1461 a port copy operation is described by the 'copySourcePort(0)' 1462 and 'copyDestPort(1)' bits in dataSourceCopyCaps. Those bits 1463 SHOULD be appropriately set by the agent, in order to allow 1464 for a portCopyEntry to be created. 1466 Applicable counters on the destination will increment for all 1467 packets transmitted, be it by normal bridging/switching or 1468 due to packet copy." 1469 ::= { portCopyConfig 1 } 1471 portCopyEntry OBJECT-TYPE 1472 SYNTAX PortCopyEntry 1473 MAX-ACCESS not-accessible 1474 STATUS current 1475 DESCRIPTION 1476 "Describes a particular port copy entry." 1477 INDEX { portCopySource, portCopyDest } 1478 ::= { portCopyTable 1 } 1480 PortCopyEntry ::= SEQUENCE { 1481 portCopySource 1482 InterfaceIndex, 1483 portCopyDest 1484 InterfaceIndex, 1485 portCopyDestDropEvents 1486 Counter32, 1487 portCopyDirection 1488 INTEGER, 1489 portCopyStatus 1490 RowStatus 1491 } 1493 portCopySource OBJECT-TYPE 1494 SYNTAX InterfaceIndex 1495 MAX-ACCESS not-accessible 1496 STATUS current 1497 DESCRIPTION 1498 "The ifIndex of the source which will have all packets 1499 redirected to the destination as defined by portCopyDest." 1500 ::= { portCopyEntry 1 } 1502 portCopyDest OBJECT-TYPE 1503 SYNTAX InterfaceIndex 1504 MAX-ACCESS not-accessible 1505 STATUS current 1506 DESCRIPTION 1507 "Defines the ifIndex destination for the copy operation." 1508 ::= { portCopyEntry 2 } 1510 portCopyDestDropEvents OBJECT-TYPE 1511 SYNTAX Counter32 1512 UNITS "events" 1513 MAX-ACCESS read-only 1514 STATUS current 1515 DESCRIPTION 1516 "The total number of events in which port copy packets were 1517 dropped by the switch at the destination port due to lack of 1518 resources. 1520 Note that this number is not necessarily the number of 1521 packets dropped; it is just the number of times this 1522 condition has been detected. 1524 A single dropped event counter is maintained for each 1525 portCopyDest. Thus all instances associated with a given 1526 portCopyDest will have the same portCopyDestDropEvents 1527 value." 1528 ::= { portCopyEntry 3 } 1530 portCopyDirection OBJECT-TYPE 1531 SYNTAX INTEGER { 1532 copyRxOnly(1), 1533 copyTxOnly(2), 1534 copyBoth(3) 1535 } 1536 MAX-ACCESS read-create 1537 STATUS current 1538 DESCRIPTION 1539 "This object affects the way traffic is copied from a switch 1540 source port, for the indicated port copy operation. 1542 If this object has the value 'copyRxOnly(1)', then only 1543 traffic received on the indicated source port will be copied 1544 to the indicated destination port. 1546 If this object has the value 'copyTxOnly(2)', then only 1547 traffic transmitted out the indicated source port will be 1548 copied to the indicated destination port. 1550 If this object has the value 'copyBoth(3)', then all traffic 1551 received or transmitted on the indicated source port will be 1552 copied to the indicated destination port. 1554 The creation and deletion of instances of this object is 1555 controlled by the portCopyRowStatus object. Note that there 1556 is no guarantee that changes in the value of this object 1557 performed while the associated portCopyRowStatus object is 1558 equal to active will not cause traffic discontinuities in the 1559 packet stream." 1560 DEFVAL { copyBoth } 1561 ::= { portCopyEntry 4 } 1563 portCopyStatus OBJECT-TYPE 1564 SYNTAX RowStatus 1565 MAX-ACCESS read-write 1566 STATUS current 1567 DESCRIPTION 1568 "Defines the status of the port copy entry. 1570 In order to configure a source to destination portCopy 1571 relationship, both source and destination interfaces MUST be 1572 present as an ifEntry in the ifTable and their respective 1573 ifAdminStatus and ifOperStatus values must be equal to 1574 'up(1)'. If the value of any of those two objects changes 1575 after the portCopyEntry is activated, portCopyStatus will 1576 transition to 'notReady(3)'. 1578 The capability of an interface to be source or destination of 1579 a port copy operation is described by the 'copySourcePort(0)' 1580 and 'copyDestPort(1)' bits in dataSourceCopyCaps. Those bits 1581 SHOULD be appropriately set by the agent, in order to allow 1582 for a portCopyEntry to be created." 1583 ::= { portCopyEntry 5 } 1585 -- smonRegistrationPoints 1586 -- defines a set of OIDs for registration purposes of entities 1587 -- supported by the SMON MIB. 1589 smonVlanDataSource 1590 OBJECT IDENTIFIER ::= { smonRegistrationPoints 1} 1592 -- Defined for use as an SmonDataSource. A single integer parameter 1593 -- is appended to the end of this OID when actually encountered in 1594 -- the dataSourceCapsTable, which represents a positive, non-zero 1595 -- VLAN identifier value. 1597 -- Conformance Macros 1599 smonMIBCompliances OBJECT IDENTIFIER ::= { rmonConformance 3} 1600 smonMIBGroups OBJECT IDENTIFIER ::= { rmonConformance 4} 1602 smonMIBCompliance MODULE-COMPLIANCE 1603 STATUS current 1604 DESCRIPTION 1605 "Describes the requirements for full conformance with the SMON 1606 MIB" 1607 MODULE -- this module 1608 MANDATORY-GROUPS {dataSourceCapsGroup, 1609 smonVlanStatsGroup, 1610 smonPrioStatsGroup, 1611 portCopyConfigGroup, 1612 smonInformationGroup} 1614 GROUP smonHcTo100mbGroup 1615 DESCRIPTION 1616 "This group of VLAN statistics counter are mandatory only for 1617 those network interfaces for which the corresponding ifSpeed 1618 can be greater than 10MB/sec and less than or equal to 1619 100MB/sec." 1621 GROUP smonHc100mbPlusGroup 1622 DESCRIPTION 1623 "This group of VLAN statistics counters are mandatory only for 1624 those network interfaces for which the corresponding ifSpeed 1625 can be more than 100MB/sec. This group of VLAN statistics is 1626 also mandatory for smonDataSources of type VLAN or 1627 entPhysicalEntry." 1629 ::= { smonMIBCompliances 1 } 1631 smonMIBVlanStatsCompliance MODULE-COMPLIANCE 1632 STATUS current 1633 DESCRIPTION 1634 "Describes the requirements for conformance with the SMON MIB 1635 with support for VLAN Statistics. Mandatory for a SMON probe 1636 in environment where IEEE 802.1Q bridging is implemented." 1637 MODULE -- this module 1638 MANDATORY-GROUPS {dataSourceCapsGroup, 1639 smonVlanStatsGroup, 1640 smonInformationGroup} 1642 GROUP hcVlanTo100mbGroup 1643 DESCRIPTION 1644 "This group of VLAN statistics counter are mandatory only 1645 for those network interfaces for which the corresponding 1646 ifSpeed can be up to and including 100MB/sec." 1648 GROUP hcVlan100mbPlusGroup 1649 DESCRIPTION 1650 "This group of VLAN statistics counters are mandatory only for 1651 those network interfaces for which the corresponding ifSpeed 1652 is greater than 100MB/sec. This group of VLAN statistics is 1653 also mandatory for smonDataSources of type VLAN or 1654 entPhysicalEntry." 1656 ::= { smonMIBCompliances 2 } 1658 smonMIBPrioStatsCompliance MODULE-COMPLIANCE 1659 STATUS current 1660 DESCRIPTION 1661 "Describes the requirements for conformance with the SMON MIB 1662 with support for priority level Statistics. Mandatory for a 1663 SMON probe in a environment where IEEE 802.1p 1664 priority-switching is implemented." 1665 MODULE -- this module 1666 MANDATORY-GROUPS {dataSourceCapsGroup, 1667 smonPrioStatsGroup, 1668 smonInformationGroup} 1670 GROUP hcPrioTo100mbGroup 1671 DESCRIPTION 1672 "This group of VLAN priority statistics counters are mandatory 1673 only for those network interfaces for which the corresponding 1674 ifSpeed can be up to and including 100MB/sec." 1676 GROUP hcPrio100mbPlusGroup 1677 DESCRIPTION 1678 "This group is mandatory only for those network 1679 interfaces for which the corresponding ifSpeed is greater 1680 than 100MB/sec. This group of VLAN priority 1681 statistics is also mandatory for smonDataSources of type 1682 VLAN or entPhysicalEntry" 1684 ::= { smonMIBCompliances 3 } 1686 portCopyCompliance MODULE-COMPLIANCE 1687 STATUS current 1688 DESCRIPTION 1689 "Describes the requirements for conformance with the port copy 1690 functionality defined by the SMON MIB" 1691 MODULE -- this module 1692 MANDATORY-GROUPS {dataSourceCapsGroup, 1693 portCopyConfigGroup, 1694 smonInformationGroup} 1696 ::= { smonMIBCompliances 4} 1698 dataSourceCapsGroup OBJECT-GROUP 1699 OBJECTS { dataSourceRmonCaps, 1700 dataSourceCopyCaps, 1701 dataSourceCapsIfIndex} 1702 STATUS current 1703 DESCRIPTION 1704 "Defines the objects that describe the capabilities of RMON 1705 data sources." 1706 ::= {smonMIBGroups 1 } 1708 smonVlanStatsGroup OBJECT-GROUP 1709 OBJECTS { smonVlanStatsControlDataSource, 1710 smonVlanStatsControlCreateTime, 1711 smonVlanStatsControlOwner, 1712 smonVlanStatsControlStatus, 1713 smonVlanIdStatsTotalPkts, 1714 smonVlanIdStatsTotalOctets, 1715 smonVlanIdStatsNUcastPkts, 1716 smonVlanIdStatsCreateTime} 1717 STATUS current 1718 DESCRIPTION 1719 "Defines the switch monitoring specific statistics - per VLAN 1720 Id on interfaces of 10MB or less." 1721 ::= { smonMIBGroups 2 } 1723 smonPrioStatsGroup OBJECT-GROUP 1724 OBJECTS { smonPrioStatsControlDataSource, 1725 smonPrioStatsControlCreateTime, 1726 smonPrioStatsControlOwner, 1727 smonPrioStatsControlStatus, 1728 smonPrioStatsPkts, 1729 smonPrioStatsOctets} 1730 STATUS current 1731 DESCRIPTION 1732 "Defines the switch monitoring specific statistics - per VLAN 1733 Id on interface." 1734 ::= { smonMIBGroups 3 } 1736 smonHcTo100mbGroup OBJECT-GROUP 1737 OBJECTS { smonVlanIdStatsTotalOverflowOctets, 1738 smonVlanIdStatsTotalHCOctets, 1739 smonPrioStatsOverflowOctets, 1740 smonPrioStatsHCOctets} 1741 STATUS current 1742 DESCRIPTION 1743 "Defines the additional high capacity statistics needed to be 1744 kept on interfaces with ifSpeed greater than 10MB/sec and 1745 less than or equal to 100MB/sec." 1746 ::= { smonMIBGroups 4 } 1748 smonHc100mbPlusGroup OBJECT-GROUP 1749 OBJECTS { smonVlanIdStatsTotalOverflowPkts, 1750 smonVlanIdStatsTotalHCPkts, 1751 smonVlanIdStatsTotalOverflowOctets, 1752 smonVlanIdStatsTotalHCOctets, 1753 smonVlanIdStatsNUcastOverflowPkts, 1754 smonVlanIdStatsNUcastHCPkts, 1755 smonPrioStatsOverflowPkts, 1756 smonPrioStatsHCPkts, 1757 smonPrioStatsOverflowOctets, 1758 smonPrioStatsHCOctets} 1759 STATUS current 1760 DESCRIPTION 1761 "Defines the additional high capacity statistics needed to be 1762 kept on interfaces with ifSpeed of more than 100MB/sec. These 1763 statistics MUST also be kept on smonDataSources of type VLAN 1764 or entPhysicalEntry." 1765 ::= { smonMIBGroups 5 } 1767 hcVlanTo100mbGroup OBJECT-GROUP 1768 OBJECTS { smonVlanIdStatsTotalOverflowOctets, 1769 smonVlanIdStatsTotalHCOctets} 1770 STATUS current 1771 DESCRIPTION 1772 "Defines the additional high capacity VLAN statistics 1773 needed to be kept on interfaces with ifSpeed greater than 1774 10MB/sec and less than or equal to 100MB/sec." 1775 ::= { smonMIBGroups 6 } 1777 hcVlan100mbPlusGroup OBJECT-GROUP 1778 OBJECTS { smonVlanIdStatsTotalOverflowPkts, 1779 smonVlanIdStatsTotalHCPkts, 1780 smonVlanIdStatsTotalOverflowOctets, 1781 smonVlanIdStatsTotalHCOctets, 1782 smonVlanIdStatsNUcastOverflowPkts, 1783 smonVlanIdStatsNUcastHCPkts} 1784 STATUS current 1785 DESCRIPTION 1786 "Defines the additional high capacity VLAN statistics 1787 needed to be kept on interfaces with ifSpeed of more than 1788 100MB/sec. These statistics MUST also be kept on 1789 smonDataSources of type VLAN or entPhysicalEntry." 1790 ::= { smonMIBGroups 7 } 1792 hcPrioTo100mbGroup OBJECT-GROUP 1793 OBJECTS { smonPrioStatsOverflowOctets, 1794 smonPrioStatsHCOctets } 1795 STATUS current 1796 DESCRIPTION 1797 "Defines the additional high capacity VLAN priority 1798 statistics needed to be kept on interfaces with 1799 ifSpeed of greater than 10MB/sec and less than or equal 1800 to 100MB/sec." 1801 ::= { smonMIBGroups 8 } 1803 hcPrio100mbPlusGroup OBJECT-GROUP 1804 OBJECTS { smonPrioStatsOverflowPkts, 1805 smonPrioStatsHCPkts, 1806 smonPrioStatsOverflowOctets, 1807 smonPrioStatsHCOctets} 1808 STATUS current 1809 DESCRIPTION 1810 "Defines the additional high capacity VLAN priority 1811 statistics needed to be kept on interfaces with 1812 ifSpeed of greater than 100MB/sec. These statistics MUST 1813 also be kept on smonDataSources of type VLAN or 1814 entPhysicalEntry." 1815 ::= { smonMIBGroups 9 } 1817 smonVlanStatsExtGroup OBJECT-GROUP 1818 OBJECTS {smonVlanIdStatsNUcastOctets, 1819 smonVlanIdStatsNUcastOverflowOctets, 1820 smonVlanIdStatsNUcastHCOctets} 1821 STATUS current 1822 DESCRIPTION 1823 "Defines the switch monitoring specific statistics for systems 1824 capable of counting non-unicast octets for a given dataSource 1825 (as described in the dataSourceRmonCaps object)." 1826 ::= { smonMIBGroups 10 } 1828 smonInformationGroup OBJECT-GROUP 1829 OBJECTS { smonCapabilities } 1830 STATUS current 1831 DESCRIPTION 1832 "An indication of the SMON capabilities supported by this 1833 agent." 1834 ::= { smonMIBGroups 11 } 1836 portCopyConfigGroup OBJECT-GROUP 1837 OBJECTS { portCopyDestDropEvents, 1838 portCopyStatus 1839 } 1840 STATUS current 1841 DESCRIPTION 1842 "Defines the control objects for copy port operations." 1844 OBJECT portCopyDirection 1845 MIN-ACCESS read-only 1846 DESCRIPTION 1847 "Defines direction of copied traffic. Write access is not 1848 required." 1849 ::= { smonMIBGroups 12 } 1851 END 1853 6. References 1855 [1] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for 1856 Describing SNMP Management Frameworks", RFC 2271, Cabletron 1857 Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, 1858 January 1998 1860 [2] Rose, M., and K. McCloghrie, "Structure and Identification of 1861 Management Information for TCP/IP-based Internets", RFC 1155, 1862 Performance Systems International, Hughes LAN Systems, May 1990 1864 [3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, 1865 Performance Systems International, Hughes LAN Systems, March 1991 1867 [4] M. Rose, "A Convention for Defining Traps for use with the 1868 SNMP", RFC 1215, Performance Systems International, March 1991 1870 [5] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 1871 Waldbusser, "Structure of Management Information for Version 2 of 1872 the Simple Network Management Protocol (SNMPv2)", RFC 1902, SNMP 1873 Research,Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 1874 International Network Services, January 1996. 1876 [6] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 1877 Waldbusser, "Textual Conventions for Version 2 of the Simple 1878 Network Management Protocol (SNMPv2)", RFC 1903, SNMP Research, 1879 Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 1880 International Network Services, January 1996. 1882 [7] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 1883 Waldbusser, "Conformance Statements for Version 2 of the Simple 1884 Network Management Protocol (SNMPv2)", RFC 1904, SNMP Research, 1885 Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 1886 International Network Services, January 1996. 1888 [8] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple 1889 Network Management Protocol", RFC 1157, SNMP Research, 1890 Performance Systems International, Performance Systems 1891 International, MIT Laboratory for Computer Science, May 1990. 1893 [9] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 1894 Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, 1895 SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting, 1896 Inc., International Network Services, January 1996. 1898 [10] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 1899 Waldbusser, "Transport Mappings for Version 2 of the Simple Network 1900 Management Protocol (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco 1901 Systems, Inc., Dover Beach Consulting, Inc., International Network 1902 Services, January 1996. 1904 [11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1905 Processing and Dispatching for the Simple Network Management 1906 Protocol (SNMP)", RFC 2272, SNMP Research, Inc., Cabletron Systems, 1907 Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998. 1909 [12] Blumenthal, U., and B. Wijnen, "User-based Security Model 1910 (USM) for version 3 of the Simple Network Management Protocol 1911 (SNMPv3)", RFC 2274, IBM T. J. Watson Research, January 1998. 1913 [13] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. 1914 Waldbusser, "Protocol Operations for Version 2 of the Simple 1915 Network Management Protocol (SNMPv2)", RFC 1905, SNMP Research, 1916 Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 1917 International Network Services, January 1996. 1919 [14] Levi, D., Meyer, P., and B. Stewart, " SNMPv3 Applications", 1920 RFC 2273, SNMP Research, Inc., Secure Computing Corporation, 1921 Cisco Systems, January 1998. 1923 [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access 1924 Control Model (VACM) for the Simple Network Management Protocol 1925 (SNMP)", RFC 2275, IBM T. J. Watson Research, BMC Software, Inc., 1926 Cisco Systems, Inc., January 1998. 1928 [16] Waldbusser, S., "Remote Network Monitoring Management 1929 Information Base Version 2 using SMIv2", RFC 2021, International 1930 Network Services, January 1997. 1932 [17] Waldbusser, S., "Remote Network Monitoring Management 1933 Information Base", RFC 1757, Carnegie Mellon University, 1934 February1995 1936 [18] McCloghrie, K., Bierman, A., "Entity MIB", RFC 2037, Cisco 1937 Systems, October1996 1939 [19] ISO/IEC Final CD 15802-3, ANSI/IEEE Std 802.1D-1998 "Information 1940 technology - Telecommunications and information exchange between 1941 systems - Local and metropolitan area networks - Common 1942 specifications - Part 3: Media Access Control (MAC) Bridges: 1943 Revision (Incorporating IEEE P802.1p: Traffic Class Expediting 1944 and Dynamic Multicast Filtering)", March 1998. 1946 [20] ANSI/IEEE Draft Standard P802.1Q/D10, "IEEE Standards for 1947 Local and Metropolitan Area Networks: Virtual Bridged Local Area 1948 Networks", March 1998. 1950 [21] De Graaf, K., Romascanu, D., McMaster, D., and K. McCloghrie, 1951 "Definition of Managed Objects for IEEE 802.3 Repeater Devices 1952 using SMIv2", RFC 2108, 3Com Corp., Madge Networks (Israel), 1953 Coloma Communications, Cisco Systems, February 1997 1955 [22] McCloghrie, K., and F. Kastenholz," The Interfaces Group MIB 1956 using SMIv2", RFC 2233, Cisco Systems, FTP Software, November 1957 1997 1959 [23] Decker, E. Langille, P., Rijsinghani, A., and K. McCloghrie.. 1960 - "Definitions of Managed Objects for Bridges", RFC 1493, Cisco 1961 Systems, Digital Equipment Corporation, Hughes LAN Systems, July 1962 1993 1964 [24] Bradner, S., "Key words for use in RFCs to Indicate Requirement 1965 Levels", BCP 14, RFC 2119, Harvard University, March 1997. 1967 [25] McCloghrie, K., and M. Rose, Editors, "Management Information 1968 Base for Network Management of TCP/IP-based internets: MIB-II", 1969 STD 17, RFC 1213, Hughes LAN Systems, Performance Systems 1970 International, March 1991. 1972 7. Security Considerations 1974 There are a number of management objects defined in this MIB 1975 that have a MAX-ACCESS clause of read-write and/or read-create. 1976 Such objects may be considered sensitive or vulnerable in some 1977 network environments. The support for SET operations in a 1978 non-secure environment without proper protection can have a 1979 negative effect on network operations. 1981 There are a number of managed objects in this MIB that may 1982 contain sensitive information. These are: 1983 smonCapabilities 1984 dataSourceCapsTable 1985 portCopyTable 1987 It is thus important to control even GET access to these objects 1988 and possibly to even encrypt the values of these object when 1989 sending them over the network via SNMP. Not all versions of 1990 SNMP provide features for such a secure environment. 1992 SNMPv1 by itself is not a secure environment. Even if the 1993 network itself is secure (for example by using IPSec), even then, 1994 there is no control as to who on the secure network is allowed 1995 to access and GET/SET (read/change/create/delete) the objects in 1996 this MIB. 1998 It is recommended that the implementers consider the security 1999 features as provided by the SNMPv3 framework. Specifically, the 2000 use of the User-based Security Model RFC 2274 [12] and the 2001 View-based Access Control Model RFC 2275 [15] is recommended. 2003 It is then a customer/user responsibility to ensure that the SNMP 2004 entity giving access to an instance of this MIB, is properly 2005 configured to give access to the objects only to those 2006 principals (users) that have legitimate rights to indeed GET or 2007 SET (change/create/delete) them. 2009 8. Authors' Addresses 2011 Richard Waterman 2012 Allot Communications 2013 292 E. Main St. 2014 Los Gatos, CA. 95030 2015 USA 2016 Tel: +1-408-399-3154 2017 Email: rich@allot.com 2019 Bill Lahaye 2020 Xylan Corporation 2021 26707 W. Agoura Rd. 2022 Calabasas, CA 91302 2023 USA 2024 Tel: +1-800-995-2612 2025 Email bill.lahaye@xylan.com 2026 Dan Romascanu 2027 Lucent Technologies 2028 Atidim Technology Park, Bldg. #3 2029 Tel Aviv, 61131 2030 Israel 2031 Tel: +972-3-645-8414 2032 Email: dromasca@lucent.com 2034 Steven Waldbusser 2035 International Network Services 2036 Tel: +1-415-254-4251 2037 EMail: waldbusser@ins.com 2039 A. Full Copyright Statement 2041 This document and translations of it may be copied and furnished to 2042 others, and derivative works that comment on or otherwise explain it 2043 or assist in its implementation may be prepared, copied, published 2044 and distributed, in whole or in part, without restriction of any 2045 kind, provided that the above copyright notice and this paragraph are 2046 included on all such copies and derivative works. However, this 2047 document itself may not be modified in any way, such as by removing 2048 the copyright notice or references to the Internet Society or other 2049 Internet organizations, except as needed for the purpose of 2050 developing Internet standards in which case the procedures for 2051 copyrights defined in the Internet Standards process must be 2052 followed, or as required to translate it into languages other than 2053 English. 2055 The limited permissions granted above are perpetual and will not be 2056 revoked by the Internet Society or its successors or assigns. 2058 This document and the information contained herein is provided on an 2059 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 2060 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 2061 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 2062 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 2063 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.