Network Working Group M. St. Johns, Ed. Request for Comments: 2669 @Home Network Category: Proposed Standard August 1999
Network Working Group M. St. Johns, Ed. Request for Comments: 2669 @Home Network Category: Proposed Standard August 1999
DOCSIS Cable Device MIB Cable Device Management Information Base for DOCSIS compliant Cable Modems and Cable Modem Termination Systems
符合DOCSIS标准的电缆调制解调器和电缆调制解调器终端系统的DOCSIS电缆设备MIB电缆设备管理信息库
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
Abstract
摘要
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a basic set of managed objects for SNMP-based management of DOCSIS 1.0 compliant Cable Modems and Cable Modem Termination Systems.
此备忘录定义了管理信息库(MIB)的一部分,用于Internet社区中的网络管理协议。特别是,它定义了一组基本的托管对象,用于基于SNMP的DOCSIS 1.0兼容电缆调制解调器和电缆调制解调器终端系统的管理。
This memo specifies a MIB module in a manner that is compliant to the SNMP SMIv2 [5][6][7]. The set of objects is consistent with the SNMP framework and existing SNMP standards.
此备忘录以符合SNMP SMIv2[5][6][7]的方式指定MIB模块。对象集与SNMP框架和现有SNMP标准一致。
This memo is a product of the IPCDN working group within the Internet Engineering Task Force. Comments are solicited and should be addressed to the working group's mailing list at ipcdn@terayon.com and/or the author.
本备忘录是互联网工程任务组内IPCDN工作组的成果。征求意见,并应发送至工作组的邮件列表:ipcdn@terayon.com和/或作者。
Table of Contents
目录
1 The SNMP Management Framework ................................... 2 2 Glossary ........................................................ 3 2.1 CATV .......................................................... 3 2.2 CM ............................................................ 3 2.3 CMTS .......................................................... 4 2.4 DOCSIS ........................................................ 4
1 The SNMP Management Framework ................................... 2 2 Glossary ........................................................ 3 2.1 CATV .......................................................... 3 2.2 CM ............................................................ 3 2.3 CMTS .......................................................... 4 2.4 DOCSIS ........................................................ 4
2.5 Downstream .................................................... 4 2.6 Head-end ...................................................... 4 2.7 MAC Packet .................................................... 4 2.8 MCNS .......................................................... 4 2.9 RF ............................................................ 4 2.10 Upstream ..................................................... 4 3 Overview ........................................................ 4 3.1 Structure of the MIB .......................................... 5 3.2 Management requirements ....................................... 6 3.2.1 Handling of Software upgrades ............................... 6 3.2.2 Events and Traps ............................................ 6 3.2.3 Trap Throttling ............................................. 8 3.2.3.1 Trap rate throttling ...................................... 8 3.2.3.2 Limiting the trap rate .................................... 8 3.3 Protocol Filters .............................................. 9 3.3.1 Inbound LLC Filters - docsDevFilterLLCTable ................ 10 3.3.2 Special Filters ............................................ 10 3.3.2.1 IP Spoofing Filters - docsDevCpeTable .................... 10 3.3.2.2 SNMP Access Filters - docsDevNmAccessTable ............... 10 3.3.3 IP Filtering - docsDevIpFilterTable ........................ 11 3.3.4 Outbound LLC Filters ....................................... 13 4 Definitions .................................................... 13 5 Acknowledgments ................................................ 51 6 References ..................................................... 51 7 Security Considerations ........................................ 52 8 Intellectual Property .......................................... 54 9 Author's Address ............................................... 54 10 Full Copyright Statement ...................................... 55
2.5 Downstream .................................................... 4 2.6 Head-end ...................................................... 4 2.7 MAC Packet .................................................... 4 2.8 MCNS .......................................................... 4 2.9 RF ............................................................ 4 2.10 Upstream ..................................................... 4 3 Overview ........................................................ 4 3.1 Structure of the MIB .......................................... 5 3.2 Management requirements ....................................... 6 3.2.1 Handling of Software upgrades ............................... 6 3.2.2 Events and Traps ............................................ 6 3.2.3 Trap Throttling ............................................. 8 3.2.3.1 Trap rate throttling ...................................... 8 3.2.3.2 Limiting the trap rate .................................... 8 3.3 Protocol Filters .............................................. 9 3.3.1 Inbound LLC Filters - docsDevFilterLLCTable ................ 10 3.3.2 Special Filters ............................................ 10 3.3.2.1 IP Spoofing Filters - docsDevCpeTable .................... 10 3.3.2.2 SNMP Access Filters - docsDevNmAccessTable ............... 10 3.3.3 IP Filtering - docsDevIpFilterTable ........................ 11 3.3.4 Outbound LLC Filters ....................................... 13 4 Definitions .................................................... 13 5 Acknowledgments ................................................ 51 6 References ..................................................... 51 7 Security Considerations ........................................ 52 8 Intellectual Property .......................................... 54 9 Author's Address ............................................... 54 10 Full Copyright Statement ...................................... 55
The SNMP Management Framework presently consists of five major components:
SNMP管理框架目前由五个主要组件组成:
o An overall architecture, described in RFC 2571 [1].
o RFC 2571[1]中描述的总体架构。
o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 [4]. The second version, called SMIv2, is described in STD 58, RFC 2578 [5], STD 58, RFC 2579 [6] and STD 58, RFC 2580 [7].
o 为管理目的描述和命名对象和事件的机制。这种管理信息结构(SMI)的第一个版本称为SMIv1,并在STD 16、RFC 1155[2]、STD 16、RFC 1212[3]和RFC 1215[4]中进行了描述。第二个版本称为SMIv2,在STD 58、RFC 2578[5]、STD 58、RFC 2579[6]和STD 58、RFC 2580[7]中进行了描述。
o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [8]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [9] and RFC
o 用于传输管理信息的消息协议。SNMP消息协议的第一个版本称为SNMPv1,在STD 15、RFC 1157[8]中进行了描述。SNMP消息协议的第二个版本不是Internet标准跟踪协议,称为SNMPv2c,并在RFC 1901[9]和RFC中进行了描述
1906 [10]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and RFC 2574 [12].
1906 [10]. 消息协议的第三个版本称为SNMPv3,在RFC 1906[10]、RFC 2572[11]和RFC 2574[12]中进行了描述。
o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [8]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [13].
o 访问管理信息的协议操作。STD 15、RFC 1157[8]中描述了第一组协议操作和相关PDU格式。RFC 1905[13]中描述了第二组协议操作和相关PDU格式。
o A set of fundamental applications described in RFC 2573 [14] and the view-based access control mechanism described in RFC 2575 [15].
o RFC 2573[14]中描述的一组基本应用程序和RFC 2575[15]中描述的基于视图的访问控制机制。
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI.
托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB中的对象是使用SMI中定义的机制定义的。
This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB.
此备忘录指定了符合SMIv2的MIB模块。通过适当的翻译,可以生成符合SMIv1的MIB。生成的已翻译MIB必须在语义上等效,除非由于无法翻译而省略了对象或事件(使用计数器64)。在翻译过程中,SMIv2中的一些机器可读信息将转换为SMIv1中的文本描述。但是,这种机器可读信息的丢失不被认为会改变MIB的语义。
The terms in this document are derived either from normal cable system usage, or from the documents associated with the Data Over Cable Service Interface Specification process.
本文档中的术语来源于正常的有线电视系统使用,或与有线电视数据服务接口规范流程相关的文档。
Originally "Community Antenna Television", now used to refer to any cable or hybrid fiber and cable system used to deliver video signals to a community.
最初是“社区天线电视”,现在用来指用于向社区传送视频信号的任何有线或混合光纤和有线系统。
2.2. CM Cable Modem.
2.2. CM电缆调制解调器。
A CM acts as a "slave" station in a DOCSIS compliant cable data system.
CM充当DOCSIS兼容电缆数据系统中的“从”站。
2.3. CMTS Cable Modem Termination System.
2.3. CMTS电缆调制解调器终端系统。
A generic term covering a cable bridge or cable router in a head-end. A CMTS acts as the master station in a DOCSIS compliant cable data system. It is the only station that transmits downstream, and it controls the scheduling of upstream transmissions by its associated CMs.
涵盖前端电缆桥架或电缆路由器的通用术语。CMTS充当DOCSIS兼容电缆数据系统中的主站。它是唯一一个下行传输的站点,并且它通过其相关的CMs控制上行传输的调度。
"Data Over Cable Interface Specification". A term referring to the ITU-T J.112 Annex B standard for cable modem systems [20].
“电缆数据接口规范”。指ITU-T J.112附录B电缆调制解调器系统标准[20]的术语。
The direction from the head-end towards the subscriber.
从前端到用户的方向。
The origination point in most cable systems of the subscriber video signals. Generally also the location of the CMTS equipment.
在大多数有线电视系统中,用户视频信号的起始点。通常还包括CMTS设备的位置。
A DOCSIS PDU.
DOCSIS PDU。
"Multimedia Cable Network System". Generally replaced in usage by DOCSIS.
“多媒体有线网络系统”。通常使用DOCSIS替代。
Radio Frequency.
无线电频率
The direction from the subscriber towards the head-end.
从用户到前端的方向。
This MIB provides a set of objects required for the management of DOCSIS compliant Cable Modems (CM) and Cable Modem Termination Systems (CMTS). The specification is derived from the DOCSIS Radio Frequency Interface specification [16]. Please note that the DOCSIS 1.0 standard only requires Cable Modems to implement SNMPv1 and to
此MIB提供了管理符合DOCSIS的电缆调制解调器(CM)和电缆调制解调器终端系统(CMT)所需的一组对象。本规范源自DOCSIS射频接口规范[16]。请注意,DOCSIS 1.0标准仅要求电缆调制解调器来实现SNMPv1和
process IPv4 customer traffic. Design choices in this MIB reflect those requirements. Future versions of the DOCSIS standard are expected to require support for SNMPv3 and IPv6 as well.
处理IPv4客户流量。此MIB中的设计选择反映了这些需求。DOCSIS标准的未来版本预计也需要对SNMPv3和IPv6的支持。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [19].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[19]中所述进行解释。
This MIB is structured into seven groups:
该MIB分为七组:
o The docsDevBase group extends the MIB-II 'system' group with objects needed for cable device system management.
o docsDevBase组使用电缆设备系统管理所需的对象扩展MIB-II“系统”组。
o The docsDevNmAccessGroup provides a minimum level of SNMP access security (see Section 3 of [18]).
o docsDevNmAccessGroup提供最低级别的SNMP访问安全性(见[18]第3节)。
o The docsDevSoftware group provides information for network-downloadable software upgrades. See "Handling of Software Upgrades" below..
o DOCSDEVSOFFTWARE组提供有关网络下载软件升级的信息。请参阅下面的“软件升级处理”。。
o The docsDevServer group provides information about the progress of the interaction between the CM or CMTS and various provisioning servers.
o docsDevServer组提供有关CM或CMT与各种供应服务器之间交互进度的信息。
o The docsDevEvent group provides control and logging for event reporting.
o DocsDevent组为事件报告提供控制和日志记录。
o The docsDevFilter group configures filters at link layer and IP layer for bridged data traffic. This group consists of a link-layer filter table, docsDevFilterLLCTable, which is used to manage the processing and forwarding of non-IP traffic; an IP packet classifier table, docsDevFilterIpTable, which is used to map classes of packets to specific policy actions; a policy table, docsDevFilterPolicyTable, which maps zero or more policy actions onto a specific packet classification, and one or more policy action tables.
o docsDevFilter组在链路层和IP层为桥接数据流量配置过滤器。该组由链路层筛选器表docsDevFilterLLCTable组成,用于管理非IP流量的处理和转发;IP数据包分类器表docsDevFilterIpTable,用于将数据包类映射到特定策略操作;策略表docsDevFilterPolicyTable(将零个或多个策略操作映射到特定数据包分类)和一个或多个策略操作表。
At this time, this MIB specifies only one policy action table, docsDevFilterTosTable, which allows the manipulation of the type of services bits in an IP packet based on matching some criteria. The working group may add additional policy types and action tables in the future, for example to allow QOS to modem service identifier assignment based on destination.
此时,此MIB仅指定一个策略操作表docsDevFilterTosTable,该表允许基于匹配某些条件操纵IP数据包中的服务类型位。工作组将来可以添加额外的策略类型和操作表,例如,以允许基于目的地的QOS到调制解调器服务标识符分配。
o The docsDevCpe group provides control over which IP addresses may be used by customer premises equipment (e.g. PCs) serviced by a given cable modem. This provides anti-spoofing control at the point of origin for a large cable modem system. This group is separate from docsDevFilter primarily as this group is only implemented on the Cable Modem (CM) and MUST NOT be implemented on the Cable Modem Termination System (CMTS).
o docsDevCpe组控制由给定电缆调制解调器提供服务的客户场所设备(如PC)可以使用哪些IP地址。这为大型电缆调制解调器系统在原点提供了反欺骗控制。此组与docsDevFilter分开,主要是因为此组仅在电缆调制解调器(CM)上实现,不得在电缆调制解调器终端系统(CMTS)上实现。
The Cable Modem software upgrade process is documented in [16]. From a network management station, the operator:
[16]中记录了电缆调制解调器软件升级过程。从网络管理站,运营商:
o sets docsDevSwServer to the address of the TFTP server for software upgrades
o 将docsDevSwServer设置为用于软件升级的TFTP服务器的地址
o sets docsDevSwFilename to the file pathname of the software upgrade image
o 将docsDevSwFilename设置为软件升级映像的文件路径名
o sets docsDevSwAdminStatus to upgrade-from-mgt
o 将docsDevSwAdminStatus设置为从mgt升级
One reason for the SNMP-initiated upgrade is to allow loading of a temporary software image (e.g., special diagnostic software) that differs from the software normally used on that device without changing the provisioning database.
SNMP启动升级的一个原因是允许加载与该设备上通常使用的软件不同的临时软件映像(例如,特殊诊断软件),而无需更改配置数据库。
Note that software upgrades should not be accepted blindly by the cable device. The cable device may refuse an upgrade if:
请注意,电缆设备不应盲目接受软件升级。如果出现以下情况,电缆设备可能会拒绝升级:
o The download is incomplete.
o 下载不完整。
o The file contents are incomplete or damaged.
o 文件内容不完整或已损坏。
o The software is not intended for that hardware device (may include the case of a feature set that has not been purchased for this device).
o 软件不适用于该硬件设备(可能包括尚未为此设备购买的功能集的情况)。
This MIB provides control facilities for reporting events through syslog, traps, and non-volatile logging. If events are reported through traps, the specified conventions must be followed. Other means of event reporting are outside the scope of this document.
此MIB提供了通过系统日志、陷阱和非易失性日志记录报告事件的控制功能。如果通过陷阱报告事件,则必须遵循指定的约定。其他事件报告方式不在本文件范围内。
The definition and coding of events is vendor-specific. In deference to the network operator who must troubleshoot multi-vendor networks, the circumstances and meaning of each event should be reported as human-readable text. Vendors SHOULD provide time-of-day clocks in CMs to provide useful timestamping of events.
事件的定义和编码是特定于供应商的。与必须对多供应商网络进行故障排除的网络运营商不同,每个事件的情况和意义应以人类可读文本的形式报告。供应商应在CMs中提供时间时钟,以提供有用的事件时间戳。
For each vendor-specific event that is reportable via TRAP, the vendor must create an enterprise-specific trap definition. Trap definitions MUST include the event reason encoded as DisplayString and should be defined as:
对于每个可通过陷阱报告的特定于供应商的事件,供应商必须创建特定于企业的陷阱定义。陷阱定义必须包括编码为DisplayString的事件原因,并应定义为:
trapName NOTIFICATION-TYPE OBJECTS { ifIndex, eventReason, other useful objects } STATUS current DESCRIPTION "trap description" ::= Object Id
trapName NOTIFICATION-TYPE OBJECTS { ifIndex, eventReason, other useful objects } STATUS current DESCRIPTION "trap description" ::= Object Id
Note that ifIndex is only included if the event or trap is interface related.
请注意,仅当事件或陷阱与接口相关时,才包括ifIndex。
An example (fake) vendor defined trap might be:
供应商定义的陷阱示例(假)可能是:
xyzVendorModemDropout NOTIFICATION-TYPE OBJECTS { eventReason, xyzModemHighWatermarkCount } STATUS current DESCRIPTION "Sent by a CMTS when a configurable number of modems (xyzModemHysteresis) de-register or become unreachable during the sampling period (5 minutes). Used to warn a management station about a catastrophic cable plant outage." ::= { xyzTraps 23 }
xyzVendorModemDropout NOTIFICATION-TYPE OBJECTS { eventReason, xyzModemHighWatermarkCount } STATUS current DESCRIPTION "Sent by a CMTS when a configurable number of modems (xyzModemHysteresis) de-register or become unreachable during the sampling period (5 minutes). Used to warn a management station about a catastrophic cable plant outage." ::= { xyzTraps 23 }
In this example eventReason is a DisplayString providing a human readable error message, and xyzModemHighWatermarkCount is a Gauge32 which indicates the maximum number of modems during the epoch.
在本例中,eventReason是一个显示字符串,提供了一条人类可读的错误消息,而xyzModemHighWatermarkCount是一个仪表32,它指示了历元期间调制解调器的最大数量。
The last digit of the trap OID for enterprise-specific traps must match docsDevEvId. For SNMPv1-capable Network Management systems, this is necessary to correlate the event type to the trap type. Many Network Management systems are only capable of trap filtering on an enterprise and single-last-digit basis.
企业特定陷阱的陷阱OID的最后一位数字必须与docsDevEvId匹配。对于支持SNMPv1的网络管理系统,有必要将事件类型与陷阱类型关联起来。许多网络管理系统只能对企业和最后一位数进行陷阱过滤。
The CM and CMTS MUST provide support for trap message throttling as described below. The network operator can employ message rate throttling or trap limiting by manipulating the appropriate MIB variables.
CM和CMT必须提供对陷阱消息限制的支持,如下所述。网络运营商可以通过操纵适当的MIB变量来采用消息速率限制或陷阱限制。
Network operators may employ either of two rate control methods. In the first method, the device ceases to send traps when the rate exceeds the specified maximum message rate. It resumes sending traps only if reactivated by a network management station request.
网络运营商可采用两种速率控制方法之一。在第一种方法中,当速率超过指定的最大消息速率时,设备停止发送陷阱。仅当网络管理站请求重新激活时,它才恢复发送陷阱。
In the second method, the device resumes sending traps when the rate falls below the specified maximum message rate.
在第二种方法中,当速率低于指定的最大消息速率时,设备恢复发送陷阱。
The network operator configures the specified maximum message rate by setting the measurement interval (in seconds), and the maximum number of traps to be transmitted within the measurement interval. The operator can query the operational throttling state (to determine whether traps are enabled or blocked by throttling) of the device, as well as query and set the administrative throttling state (to manage the rate control method) of the device.
网络运营商通过设置测量间隔(以秒为单位)和测量间隔内要传输的陷阱的最大数量来配置指定的最大消息速率。操作员可以查询设备的操作节流状态(确定是否通过节流启用或阻止陷阱),以及查询和设置设备的管理节流状态(管理速率控制方法)。
Network operators may wish to limit the number of traps sent by a device over a specified time period. The device ceases to send traps when the number of traps exceeds the specified threshold. It resumes sending traps only when the measurement interval has passed.
网络运营商可能希望限制设备在指定时间段内发送的陷阱数量。当陷阱数量超过指定阈值时,设备停止发送陷阱。仅当测量间隔已过时,它才恢复发送陷阱。
The network operator defines the maximum number of traps he is willing to handle and sets the measurement interval to a large number (in hundredths of a second). For this case, the administrative throttling state is set to stop at threshold which is the maximum number of traps.
网络运营商定义他愿意处理的陷阱的最大数量,并将测量间隔设置为一个较大的数字(百分之一秒)。对于这种情况,管理节流状态设置为在阈值停止,阈值是陷阱的最大数量。
See "Techniques for Managing Asynchronously Generated Alerts" [17] for further information.
有关更多信息,请参阅“管理异步生成警报的技术”[17]。
The Cable Device MIB provides objects for both LLC and IP protocol filters. The LLC protocol filter entries can be used to limit CM forwarding to a restricted set of network-layer protocols (such as IP, IPX, NetBIOS, and Appletalk).
电缆设备MIB为LLC和IP协议筛选器提供对象。LLC协议筛选器条目可用于将CM转发限制为一组受限的网络层协议(如IP、IPX、NetBIOS和Appletalk)。
The IP protocol filter entries can be used to restrict upstream or downstream traffic based on source and destination IP addresses, transport-layer protocols (such as TCP, UDP, and ICMP), and source and destination TCP/UDP port numbers.
IP协议筛选器条目可用于根据源和目标IP地址、传输层协议(如TCP、UDP和ICMP)以及源和目标TCP/UDP端口号限制上游或下游流量。
In general, a cable modem applies filters (or more properly, classifiers) in an order appropriate to the layering model. Specifically, the inbound MAC (or LLC) layer filters are applied first, then the "special" filters, then the IP layer inbound filters, then the IP layer outbound filters, then any final LLC outbound filters. Since the cable modem does not generally do any IP processing (other than that specified by the filters) the processing of the IP in filters and IP out filters can usually be combined into a single step.
通常,电缆调制解调器按照适合分层模型的顺序应用过滤器(或者更恰当地说,分类器)。具体来说,首先应用入站MAC(或LLC)层过滤器,然后是“特殊”过滤器,然后是IP层入站过滤器,然后是IP层出站过滤器,然后是任何最终的LLC出站过滤器。由于电缆调制解调器通常不进行任何IP处理(由过滤器指定的除外),因此IP in过滤器和IP out过滤器的处理通常可以组合到单个步骤中。
*************** * LLC Filters * *************** | | | v | v ************ | *************** * IP Spoof * | * SNMP Access * ************ | *************** | | | v v v **************** * IP Filter In * **************** | v ***************** * IP Filter Out * ***************** | v *********** * LLC Out * ***********
*************** * LLC Filters * *************** | | | v | v ************ | *************** * IP Spoof * | * SNMP Access * ************ | *************** | | | v v v **************** * IP Filter In * **************** | v ***************** * IP Filter Out * ***************** | v *********** * LLC Out * ***********
The inbound LLC (or MAC or level-2) filters are contained in the docsDevFilterLLCTable and are applied to level-2 frames entering the cable modem from either the RF MAC interface or from one of the CPE (ethernet or other) interfaces. These filters are used to prohibit the processing and forwarding of certain types of level-2 traffic that may be disruptive to the network. The filters, as currently specified, can be set to cause the modem to either drop frames which match at least one filter, or to process a frame which matches at least filter. Some examples of possible configurations would be to only permit IP (and ARP) traffic, or to drop NETBUEI traffic.
入站LLC(或MAC或2级)过滤器包含在DOCSDEVFILTERLLCC表中,并应用于从RF MAC接口或其中一个CPE(以太网或其他)接口进入电缆调制解调器的2级帧。这些筛选器用于禁止处理和转发可能中断网络的某些类型的2级流量。当前指定的筛选器可以设置为使调制解调器丢弃至少与一个筛选器匹配的帧,或处理至少与一个筛选器匹配的帧。一些可能的配置示例是只允许IP(和ARP)流量,或丢弃NETBUEI流量。
Special filters are applied after the packet is accepted from the MAC layer by the IP module, but before any other processing is done. They are filters that apply only to a very specific class of traffic.
在IP模块从MAC层接受数据包之后,但在完成任何其他处理之前,应用特殊过滤器。它们是仅适用于非常特定类别流量的过滤器。
IP spoofing filters are applied to packets entering the modem from one of the CPE interfaces and are intended to prevent a subscriber from stealing or mis-using IP addresses that were not assigned to the subscriber. If the filters are active (enabled), the source address of the IP packet must match at least one IP address in this table or it is discarded without further processing.
IP欺骗过滤器应用于从CPE接口之一进入调制解调器的数据包,旨在防止订户窃取或误用未分配给订户的IP地址。如果筛选器处于活动状态(已启用),则IP数据包的源地址必须至少与此表中的一个IP地址匹配,否则将被丢弃,而无需进一步处理。
The table can be automatically populated where the first N different IP addresses seen from the CPE side of the cable modem are used to automatically populate the table. The spoofing filters are specified in the docsDevCpeTable and the policy for automatically creating filters in that table is controlled by docsDevCpeEnroll and docsDevCpeMax as well as the network management agent.
当从电缆调制解调器的CPE侧看到的前N个不同IP地址用于自动填充表格时,可以自动填充表格。欺骗筛选器在docsDevCpeTable中指定,自动在该表中创建筛选器的策略由DocsdevcPetroll和docsDevCpeMax以及网络管理代理控制。
The SNMP access filters are applied to SNMP packets entering from any interface and destined for the cable modem. If the packets enter from a CPE interface, the SNMP filters are applied after the IP spoofing filters. The filters only apply to SNMPv1 or SNMPv2c traffic, and are not consulted for SNMPv3 traffic (and need not be implemented by a v3 only agent). SNMPv3 access control is specified in the User Security Model MIB in [12].
SNMP访问筛选器应用于从任何接口进入并发送到电缆调制解调器的SNMP数据包。如果数据包从CPE接口进入,则在IP欺骗过滤器之后应用SNMP过滤器。这些过滤器仅适用于SNMPv1或SNMPv2c流量,不适用于SNMPv3流量(并且不需要仅由v3代理实现)。SNMPv3访问控制在[12]中的用户安全模型MIB中指定。
The IP Filtering table acts as a classifier table. Each row in the table describes a template against which IP packets are compared. The template includes source and destination addresses (and their associated masks), upper level protocol (e.g. TCP, UDP), source and destination port ranges, TOS and TOS mask. A row also contains interface and traffic direction match values which have to be considered in combination. All columns of a particular row must match the appropriate fields in the packet, and must match the interface and direction items for the packet to result in a match to the packet.
IP筛选表充当分类器表。表中的每一行都描述了一个用于比较IP数据包的模板。该模板包括源和目标地址(及其相关掩码)、上层协议(如TCP、UDP)、源和目标端口范围、TOS和TOS掩码。行还包含必须结合考虑的接口和交通方向匹配值。特定行的所有列必须与数据包中的相应字段匹配,并且必须与数据包的接口和方向项匹配,才能与数据包匹配。
When classifying a packet, the table is scanned beginning with the lowest number filter. If the agent finds a match, it applies the group of policies specified. If the matched filter has the continue bit set, the agent continues the scan possibly matching additional filters and applying additional policies. This allows the agent to take one set of actions for the 24.0.16/255.255.255.0 group and one set of actions for telnet packets to/from 24.0.16.30 and these sets of actions may not be mutually exclusive.
对数据包进行分类时,将从数字最少的筛选器开始扫描表。如果代理找到匹配项,它将应用指定的策略组。如果匹配的筛选器设置了continue位,则代理将继续扫描,可能会匹配其他筛选器并应用其他策略。这允许代理为24.0.16/255.255.255.0组执行一组操作,并为从24.0.16.30到24.0.16.30的telnet数据包执行一组操作,并且这些操作不能相互排斥。
Once a packet is matched, one of three actions happen based on the setting of docsDevFilterIpControl in the row. The packet may be dropped, in which case no further processing is required. The packet may be accepted and processing of the packet continues. Lastly, the packet may have a set of policy actions applied to it. If docsDevFilterIpContinue is set to true, scanning of the table continues and additional matches may result.
匹配数据包后,将根据行中docsDevFilterIpControl的设置执行三个操作之一。包可能被丢弃,在这种情况下,不需要进一步处理。可以接受分组,并且分组的处理继续。最后,数据包可以应用一组策略操作。如果docsDevFilterIpContinue设置为true,则表的扫描将继续,并可能导致其他匹配。
When a packet matches, and docsDevFilterIpControl in the filter matched is set to 'policy', the value of docsDevFilterIpPolicyId is used as a selector into the docsDevFilterPolicyTable. The first level of indirection may result in zero or more actions being taken based on the match. The docsDevFilterPolicyTable is scanned in row order and all rows where docsDevFilterPolicyId equals docsDevFilterIpPolicyId have the action specified by docsDevFilterPolicyValue 'executed'. For example, a value pointing to an entry in the docsDevFilterTosTable may result in the re-writing of the TOS bits in the IP packet which was matched. Another possibility may be to assign an output packet to a specific output upstream queue. An even more complex action might be to re-write the TOS value, assign the packet to an upstream service ID, and drop it into a particular IPSEC tunnel.
当数据包匹配且匹配的筛选器中的docsDevFilterIpControl设置为“策略”时,docsDevFilterIpPolicyId的值将用作docsDevFilterPolicyTable中的选择器。第一级间接寻址可能导致根据匹配执行零个或多个操作。docsDevFilterPolicyTable按行顺序扫描,docsDevFilterPolicyId等于docsDevFilterIpPolicyId的所有行都具有docsDevFilterPolicyValue“已执行”指定的操作。例如,指向docsDevFilterTosTable中的条目的值可能导致在匹配的IP分组中重新写入TOS位。另一种可能是将输出分组分配给特定的输出上游队列。更复杂的操作可能是重新写入TOS值,将数据包分配给上游服务ID,并将其放入特定的IPSEC隧道。
Example:
例子:
docsDevFilterIpTable
可过滤文件
# Index, SrcIP/Mask, DstIP/Mask,ULP, SrcPts,DstPts,Tos/Mask, # Int/Dir, Pgroup, [continue] # drop any netbios traffic 10, 0/0, 0/0, TCP, any, 137-139, 0/0, any/any, drop
# Index, SrcIP/Mask, DstIP/Mask,ULP, SrcPts,DstPts,Tos/Mask, # Int/Dir, Pgroup, [continue] # drop any netbios traffic 10, 0/0, 0/0, TCP, any, 137-139, 0/0, any/any, drop
# traffic to the proxy gets better service - other matches possible 20, 0/0, proxy/32, TCP, any,any, 0/0, cpe/in, 10, continue
# traffic to the proxy gets better service - other matches possible 20, 0/0, proxy/32, TCP, any,any, 0/0, cpe/in, 10, continue
# Traffic from CPE 1 gets 'Gold' service, other matches possible 30, cpe1/32, 0/0, any, any,any, 0/0, cpe/in, 20, continue
# Traffic from CPE 1 gets 'Gold' service, other matches possible 30, cpe1/32, 0/0, any, any,any, 0/0, cpe/in, 20, continue
# Traffic from CPE2 to work goes, other traffic dropped 40, cpe2/32, workIPs/24, any, 0/0, cpe/in, accept 45, cpe2/32, 0/0, any, any,ayn, 0/0, cpe/in, drop
# Traffic from CPE2 to work goes, other traffic dropped 40, cpe2/32, workIPs/24, any, 0/0, cpe/in, accept 45, cpe2/32, 0/0, any, any,ayn, 0/0, cpe/in, drop
# Traffic with TOS=4 gets queued on the "silver" queue. 50, 0/0, 0/0, any, any,any, 4/255, cpe/in, 30
# Traffic with TOS=4 gets queued on the "silver" queue. 50, 0/0, 0/0, any, any,any, 4/255, cpe/in, 30
# Inbound "server" traffic to low numbered ports gets dropped. 60, 0/0, 0/0, TCP, any,1-1023, 0/0, cpe/out, drop 65, 0/0, 0/0, UDP, any,1-1023, 0/0, cpe/out, drop
# Inbound "server" traffic to low numbered ports gets dropped. 60, 0/0, 0/0, TCP, any,1-1023, 0/0, cpe/out, drop 65, 0/0, 0/0, UDP, any,1-1023, 0/0, cpe/out, drop
docsDevFilterIpPolicyTable
文件过滤政策表
# # index, policy group, policy 10, 10, queueEntry.20 -- special queue for traffic to proxy
##索引,策略组,策略10,10,queueEntry.20--代理流量的特殊队列
15, 20, queueEntry.15 -- Gold Service queue 20, 20, docsDevFilterTosStatus.10 -- Mark this packet with TOS 5
15,20,queueEntry.15——黄金服务队列20,20,DocsdevFilterToStatus.10——用TOS 5标记此数据包
25, 30, queueEntry.10 -- Silver service queue
25,30,queueEntry.10——银色服务队列
This table describes some special processing for packets originating from either the first or second CPE device which results in their queuing on to special upstream traffic queues and for the "gold" service results in having the packets marked with a TOS of 5. The 10, 20, 60 and 65 entries are generic entries that would generally be applied to all traffic to this CM. The 30, 40 and 45 entries are specific to a particular CPE's service assignments. The ordering here is a bit contrived, but is close to what may actually be required by the operator to control various classes of customers.
该表描述了对源自第一或第二CPE设备的数据包的一些特殊处理,这些数据包导致它们排队到特殊的上游业务队列,而对于“黄金”服务,这些数据包的TOS标记为5。10、20、60和65项为一般性项,通常适用于该CM的所有流量。30、40和45条目特定于特定CPE的服务分配。这里的订购有点做作,但接近运营商控制各类客户的实际要求。
Lastly, any outbound LLC filters are applied to the packet just prior to it being emitted on the appropriate interface. This MIB does not specify any outbound LLC filters, but it is anticipated that the QOS additions to the DOCSIS standard may include some outbound LLC filtering requirements. If so, those filters would be applied as described here.
最后,任何出站LLC筛选器都将在数据包在适当接口上发出之前应用于该数据包。该MIB未指定任何出站LLC过滤器,但预计DOCSIS标准中增加的QOS可能包括一些出站LLC过滤要求。如果是这样,这些过滤器将按此处所述应用。
DOCS-CABLE-DEVICE-MIB DEFINITIONS ::= BEGIN
DOCS-CABLE-DEVICE-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, OBJECT-TYPE, -- do not import BITS, IpAddress, Unsigned32, Counter32, Integer32, zeroDotZero, mib-2 FROM SNMPv2-SMI RowStatus, RowPointer, DateAndTime, TruthValue FROM SNMPv2-TC OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB InterfaceIndexOrZero FROM IF-MIB; -- RFC2233
从SNMPv2 SMI RowStatus导入模块标识、对象类型,--不从SNMPv2 TC对象组导入位、IpAddress、Unsigned32、计数器32、整数32、零点零、mib-2、行指针、日期和时间、TruthValue,从SNMPv2 CONF导入模块符合性从SNMP-FRAMEWORK导入SNMPAdministring从IF-mib接口导入索引零;--RFC2233
docsDev MODULE-IDENTITY LAST-UPDATED "9908190000Z" -- August 19, 1999 ORGANIZATION "IETF IPCDN Working Group" CONTACT-INFO " Michael StJohns Postal: @Home Network 425 Broadway Redwood City, CA 94063 U.S.A. Phone: +1 650 569 5368 E-mail: stjohns@corp.home.net"
docsDev模块标识最后更新的“990819000Z”-1999年8月19日组织“IETF IPCDN工作组”联系方式“Michael StJohns Postal:@Home Network 425 Broadway Redwood City,CA 94063美国电话:+1 650 569 5368电子邮件:stjohns@corp.home.net"
DESCRIPTION "This is the MIB Module for MCNS-compliant cable modems and cable-modem termination systems." REVISION "9908190000Z" DESCRIPTION "Initial Version, published as RFC 2669. Modified by Mike StJohns to add/revise filtering, TOS support, software version information objects." ::= { mib-2 69 }
DESCRIPTION "This is the MIB Module for MCNS-compliant cable modems and cable-modem termination systems." REVISION "9908190000Z" DESCRIPTION "Initial Version, published as RFC 2669. Modified by Mike StJohns to add/revise filtering, TOS support, software version information objects." ::= { mib-2 69 }
docsDevMIBObjects OBJECT IDENTIFIER ::= { docsDev 1 } docsDevBase OBJECT IDENTIFIER ::= { docsDevMIBObjects 1 }
docsDevMIBObjects OBJECT IDENTIFIER ::= { docsDev 1 } docsDevBase OBJECT IDENTIFIER ::= { docsDevMIBObjects 1 }
-- -- For the following object, there is no concept in the -- RFI specification corresponding to a backup CMTS. The -- enumeration is provided here in case someone is able -- to define such a role or device. --
-- -- For the following object, there is no concept in the -- RFI specification corresponding to a backup CMTS. The -- enumeration is provided here in case someone is able -- to define such a role or device. --
docsDevRole OBJECT-TYPE SYNTAX INTEGER { cm(1), cmtsActive(2), cmtsBackup(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Defines the current role of this device. cm (1) is a Cable Modem, cmtsActive(2) is a Cable Modem Termination System which is controlling the system of cable modems, and cmtsBackup(3) is a CMTS which is currently connected, but not controlling the system (not currently used).
docsDevRole OBJECT-TYPE SYNTAX INTEGER { cm(1), cmtsActive(2), cmtsBackup(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Defines the current role of this device. cm (1) is a Cable Modem, cmtsActive(2) is a Cable Modem Termination System which is controlling the system of cable modems, and cmtsBackup(3) is a CMTS which is currently connected, but not controlling the system (not currently used).
In general, if this device is a 'cm', its role will not change during operation or between reboots. If the device is a 'cmts' it may change between cmtsActive and cmtsBackup and back again during normal operation. NB: At this time, the DOCSIS standards do not support the concept of a backup CMTS, cmtsBackup is included for completeness." ::= { docsDevBase 1 }
In general, if this device is a 'cm', its role will not change during operation or between reboots. If the device is a 'cmts' it may change between cmtsActive and cmtsBackup and back again during normal operation. NB: At this time, the DOCSIS standards do not support the concept of a backup CMTS, cmtsBackup is included for completeness." ::= { docsDevBase 1 }
docsDevDateTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-write STATUS current
docsDevDateTime对象类型语法DateAndTime最大访问读写状态当前
DESCRIPTION "The date and time, with optional timezone information." ::= { docsDevBase 2 }
DESCRIPTION "The date and time, with optional timezone information." ::= { docsDevBase 2 }
docsDevResetNow OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to true(1) causes the device to reset. Reading this object always returns false(2)." ::= { docsDevBase 3 }
docsDevResetNow OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to true(1) causes the device to reset. Reading this object always returns false(2)." ::= { docsDevBase 3 }
docsDevSerialNumber OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer's serial number for this device." ::= { docsDevBase 4 }
docsDevSerialNumber OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer's serial number for this device." ::= { docsDevBase 4 }
docsDevSTPControl OBJECT-TYPE SYNTAX INTEGER { stEnabled(1), noStFilterBpdu(2), noStPassBpdu(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls operation of the spanning tree protocol (as distinguished from transparent bridging). If set to stEnabled(1) then the spanning tree protocol is enabled, subject to bridging constraints. If noStFilterBpdu(2), then spanning tree is not active, and Bridge PDUs received are discarded. If noStPassBpdu(3) then spanning tree is not active and Bridge PDUs are transparently forwarded. Note that a device need not implement all of these options, but that noStFilterBpdu(2) is required." ::= { docsDevBase 5 }
docsDevSTPControl OBJECT-TYPE SYNTAX INTEGER { stEnabled(1), noStFilterBpdu(2), noStPassBpdu(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls operation of the spanning tree protocol (as distinguished from transparent bridging). If set to stEnabled(1) then the spanning tree protocol is enabled, subject to bridging constraints. If noStFilterBpdu(2), then spanning tree is not active, and Bridge PDUs received are discarded. If noStPassBpdu(3) then spanning tree is not active and Bridge PDUs are transparently forwarded. Note that a device need not implement all of these options, but that noStFilterBpdu(2) is required." ::= { docsDevBase 5 }
-- -- The following table provides one level of security for access -- to the device by network management stations. -- Note that access is also constrained by the -- community strings and any vendor-specific security.
-- -- The following table provides one level of security for access -- to the device by network management stations. -- Note that access is also constrained by the -- community strings and any vendor-specific security.
--
--
docsDevNmAccessTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevNmAccessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table controls access to SNMP objects by network management stations. If the table is empty, access to SNMP objects is unrestricted. This table exists only on SNMPv1 or v2c agents and does not exist on SNMPv3 agents. See the conformance section for details. Specifically, for v3 agents, the appropriate MIBs and security models apply in lieu of this table." ::= { docsDevMIBObjects 2 }
docsDevNmAccessTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevNmAccessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table controls access to SNMP objects by network management stations. If the table is empty, access to SNMP objects is unrestricted. This table exists only on SNMPv1 or v2c agents and does not exist on SNMPv3 agents. See the conformance section for details. Specifically, for v3 agents, the appropriate MIBs and security models apply in lieu of this table." ::= { docsDevMIBObjects 2 }
docsDevNmAccessEntry OBJECT-TYPE SYNTAX DocsDevNmAccessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describing access to SNMP objects by a particular network management station. An entry in this table is not readable unless the management station has read-write permission (either implicit if the table is empty, or explicit through an entry in this table. Entries are ordered by docsDevNmAccessIndex. The first matching entry (e.g. matching IP address and community string) is used to derive access." INDEX { docsDevNmAccessIndex } ::= { docsDevNmAccessTable 1 }
docsDevNmAccessEntry OBJECT-TYPE SYNTAX DocsDevNmAccessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describing access to SNMP objects by a particular network management station. An entry in this table is not readable unless the management station has read-write permission (either implicit if the table is empty, or explicit through an entry in this table. Entries are ordered by docsDevNmAccessIndex. The first matching entry (e.g. matching IP address and community string) is used to derive access." INDEX { docsDevNmAccessIndex } ::= { docsDevNmAccessTable 1 }
DocsDevNmAccessEntry ::= SEQUENCE { docsDevNmAccessIndex Integer32, docsDevNmAccessIp IpAddress, docsDevNmAccessIpMask IpAddress, docsDevNmAccessCommunity OCTET STRING, docsDevNmAccessControl INTEGER, docsDevNmAccessInterfaces OCTET STRING, docsDevNmAccessStatus RowStatus }
DocsDevNmAccessEntry ::= SEQUENCE { docsDevNmAccessIndex Integer32, docsDevNmAccessIp IpAddress, docsDevNmAccessIpMask IpAddress, docsDevNmAccessCommunity OCTET STRING, docsDevNmAccessControl INTEGER, docsDevNmAccessInterfaces OCTET STRING, docsDevNmAccessStatus RowStatus }
docsDevNmAccessIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index used to order the application of access
docsDevNmAccessIndex对象类型语法Integer32(1..2147483647)MAX-ACCESS不可访问状态当前描述“用于订购ACCESS应用程序的索引
entries." ::= { docsDevNmAccessEntry 1 }
entries." ::= { docsDevNmAccessEntry 1 }
docsDevNmAccessIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address (or subnet) of the network management station. The address 255.255.255.255 is defined to mean any NMS. If traps are enabled for this entry, then the value must be the address of a specific device." DEFVAL { 'ffffffff'h } ::= { docsDevNmAccessEntry 2 }
docsDevNmAccessIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address (or subnet) of the network management station. The address 255.255.255.255 is defined to mean any NMS. If traps are enabled for this entry, then the value must be the address of a specific device." DEFVAL { 'ffffffff'h } ::= { docsDevNmAccessEntry 2 }
docsDevNmAccessIpMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP subnet mask of the network management stations. If traps are enabled for this entry, then the value must be 255.255.255.255." DEFVAL { 'ffffffff'h } ::= { docsDevNmAccessEntry 3 }
docsDevNmAccessIpMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP subnet mask of the network management stations. If traps are enabled for this entry, then the value must be 255.255.255.255." DEFVAL { 'ffffffff'h } ::= { docsDevNmAccessEntry 3 }
docsDevNmAccessCommunity OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "The community string to be matched for access by this entry. If set to a zero length string then any community string will match. When read, this object SHOULD return a zero length string." DEFVAL { "public" } ::= { docsDevNmAccessEntry 4 }
docsDevNmAccessCommunity OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "The community string to be matched for access by this entry. If set to a zero length string then any community string will match. When read, this object SHOULD return a zero length string." DEFVAL { "public" } ::= { docsDevNmAccessEntry 4 }
docsDevNmAccessControl OBJECT-TYPE SYNTAX INTEGER { none(1), read(2), readWrite(3), roWithTraps(4), rwWithTraps(5), trapsOnly(6) } MAX-ACCESS read-create
docsDevNmAccessControl OBJECT-TYPE SYNTAX INTEGER { none(1), read(2), readWrite(3), roWithTraps(4), rwWithTraps(5), trapsOnly(6) } MAX-ACCESS read-create
STATUS current DESCRIPTION "Specifies the type of access allowed to this NMS. Setting this object to none(1) causes the table entry to be destroyed. Read(2) allows access by 'get' and 'get-next' PDUs. ReadWrite(3) allows access by 'set' as well. RoWithtraps(4), rwWithTraps(5), and trapsOnly(6) control distribution of Trap PDUs transmitted by this device." DEFVAL { read } ::= { docsDevNmAccessEntry 5 }
STATUS current DESCRIPTION "Specifies the type of access allowed to this NMS. Setting this object to none(1) causes the table entry to be destroyed. Read(2) allows access by 'get' and 'get-next' PDUs. ReadWrite(3) allows access by 'set' as well. RoWithtraps(4), rwWithTraps(5), and trapsOnly(6) control distribution of Trap PDUs transmitted by this device." DEFVAL { read } ::= { docsDevNmAccessEntry 5 }
-- The syntax of the following object was copied from RFC1493, -- dot1dStaticAllowedToGoTo.
-- The syntax of the following object was copied from RFC1493, -- dot1dStaticAllowedToGoTo.
docsDevNmAccessInterfaces OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the set of interfaces from which requests from this NMS will be accepted. Each octet within the value of this object specifies a set of eight interfaces, with the first octet specifying ports 1 through 8, the second octet specifying interfaces 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered interface, and the least significant bit represents the highest numbered interface. Thus, each interface is represented by a single bit within the value of this object. If that bit has a value of '1' then that interface is included in the set.
DOCSDEVNMACESS接口对象类型语法八位字符串MAX-ACCESS读取创建状态当前描述“指定从中接受来自此NMS的请求的接口集。此对象值中的每个八位字节指定一组八个接口,第一个八位字节指定端口1到8,第二个八位字节指定接口9到16,等等。在每个八位字节中,最高有效位表示编号最低的接口,最低有效位表示编号最高的接口。因此,每个接口由该对象值内的一个位表示。如果该位的值为“1”,则该接口包含在集合中。
Note that entries in this table apply only to link-layer interfaces (e.g., Ethernet and CATV MAC). Upstream and downstream channel interfaces must not be specified." -- DEFVAL is the bitmask corresponding to all interfaces ::= { docsDevNmAccessEntry 6 }
Note that entries in this table apply only to link-layer interfaces (e.g., Ethernet and CATV MAC). Upstream and downstream channel interfaces must not be specified." -- DEFVAL is the bitmask corresponding to all interfaces ::= { docsDevNmAccessEntry 6 }
docsDevNmAccessStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. Rows in this table may be created by either the create-and-go or create-and-wait paradigms. There is no restriction on changing values in a row of this table while the row is active."
DOCSDEVNMACCESS状态对象类型语法RowStatus MAX-ACCESS read create STATUS current DESCRIPTION“控制并反映此表中行的状态。此表中的行可以通过create and go或create and wait范例创建。当行处于活动状态时,对更改此表中行的值没有任何限制。”
::= { docsDevNmAccessEntry 7 }
::= { docsDevNmAccessEntry 7 }
-- -- Procedures for using the following group are described in section -- 3.2.1 of the DOCSIS Radio Frequence Interface Specification --
-- -- Procedures for using the following group are described in section -- 3.2.1 of the DOCSIS Radio Frequence Interface Specification --
docsDevSoftware OBJECT IDENTIFIER ::= { docsDevMIBObjects 3 }
docsDevSoftware OBJECT IDENTIFIER ::= { docsDevMIBObjects 3 }
docsDevSwServer OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The address of the TFTP server used for software upgrades. If the TFTP server is unknown, return 0.0.0.0." ::= { docsDevSoftware 1 }
docsDevSwServer OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The address of the TFTP server used for software upgrades. If the TFTP server is unknown, return 0.0.0.0." ::= { docsDevSoftware 1 }
docsDevSwFilename OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "The file name of the software image to be loaded into this device. Unless set via SNMP, this is the file name specified by the provisioning server that corresponds to the software version that is desired for this device. If unknown, the string '(unknown)' is returned." ::= { docsDevSoftware 2 }
docsDevSwFilename OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "The file name of the software image to be loaded into this device. Unless set via SNMP, this is the file name specified by the provisioning server that corresponds to the software version that is desired for this device. If unknown, the string '(unknown)' is returned." ::= { docsDevSoftware 2 }
docsDevSwAdminStatus OBJECT-TYPE SYNTAX INTEGER { upgradeFromMgt(1), allowProvisioningUpgrade(2), ignoreProvisioningUpgrade(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to upgradeFromMgt(1), the device will initiate a TFTP software image download using docsDevSwFilename. After successfully receiving an image, the device will set its state to ignoreProvisioningUpgrade(3) and reboot. If the download process is interrupted by a reset or power failure, the device will load the previous image and, after re-initialization, continue to attempt loading the image specified in docsDevSwFilename.
docsDevSwAdminStatus OBJECT-TYPE SYNTAX INTEGER { upgradeFromMgt(1), allowProvisioningUpgrade(2), ignoreProvisioningUpgrade(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to upgradeFromMgt(1), the device will initiate a TFTP software image download using docsDevSwFilename. After successfully receiving an image, the device will set its state to ignoreProvisioningUpgrade(3) and reboot. If the download process is interrupted by a reset or power failure, the device will load the previous image and, after re-initialization, continue to attempt loading the image specified in docsDevSwFilename.
If set to allowProvisioningUpgrade(2), the device will use the software version information supplied by the provisioning server when next rebooting (this does not cause a reboot).
如果设置为allowProvisioningUpgrade(2),设备将在下次重新启动时使用配置服务器提供的软件版本信息(这不会导致重新启动)。
When set to ignoreProvisioningUpgrade(3), the device will disregard software image upgrade information from the provisioning server.
当设置为ignoreProvisioningUpgrade(3)时,设备将忽略来自设置服务器的软件映像升级信息。
Note that reading this object can return upgradeFromMgt(1). This indicates that a software download is currently in progress, and that the device will reboot after successfully receiving an image.
请注意,读取此对象可以返回upgradeFromMgt(1)。这表示当前正在进行软件下载,并且设备将在成功接收映像后重新启动。
At initial startup, this object has the default value of allowProvisioningUpgrade(2)." ::= { docsDevSoftware 3 }
At initial startup, this object has the default value of allowProvisioningUpgrade(2)." ::= { docsDevSoftware 3 }
docsDevSwOperStatus OBJECT-TYPE SYNTAX INTEGER { inProgress(1), completeFromProvisioning(2), completeFromMgt(3), failed(4), other(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "InProgress(1) indicates that a TFTP download is underway, either as a result of a version mismatch at provisioning or as a result of a upgradeFromMgt request. CompleteFromProvisioning(2) indicates that the last software upgrade was a result of version mismatch at provisioning. CompleteFromMgt(3) indicates that the last software upgrade was a result of setting docsDevSwAdminStatus to upgradeFromMgt. Failed(4) indicates that the last attempted download failed, ordinarily due to TFTP timeout." REFERENCE "DOCSIS Radio Frequency Interface Specification, Section 8.2, Downloading Cable Modem Operating Software." ::= { docsDevSoftware 4 }
docsDevSwOperStatus OBJECT-TYPE SYNTAX INTEGER { inProgress(1), completeFromProvisioning(2), completeFromMgt(3), failed(4), other(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "InProgress(1) indicates that a TFTP download is underway, either as a result of a version mismatch at provisioning or as a result of a upgradeFromMgt request. CompleteFromProvisioning(2) indicates that the last software upgrade was a result of version mismatch at provisioning. CompleteFromMgt(3) indicates that the last software upgrade was a result of setting docsDevSwAdminStatus to upgradeFromMgt. Failed(4) indicates that the last attempted download failed, ordinarily due to TFTP timeout." REFERENCE "DOCSIS Radio Frequency Interface Specification, Section 8.2, Downloading Cable Modem Operating Software." ::= { docsDevSoftware 4 }
docsDevSwCurrentVers OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current
DOCSDEVSWCURENTVERS对象类型语法SNMPAdministring MAX-ACCESS只读状态当前
DESCRIPTION "The software version currently operating in this device. This object should be in the syntax used by the individual vendor to identify software versions. Any CM MUST return a string descriptive of the current software load. For a CMTS, this object SHOULD contain either a human readable representation of the vendor specific designation of the software for the chassis, or of the software for the control processor. If neither of these is applicable, this MUST contain an empty string." ::= { docsDevSoftware 5 }
DESCRIPTION "The software version currently operating in this device. This object should be in the syntax used by the individual vendor to identify software versions. Any CM MUST return a string descriptive of the current software load. For a CMTS, this object SHOULD contain either a human readable representation of the vendor specific designation of the software for the chassis, or of the software for the control processor. If neither of these is applicable, this MUST contain an empty string." ::= { docsDevSoftware 5 }
-- -- The following group describes server access and parameters used for -- initial provisioning and bootstrapping. --
-- -- The following group describes server access and parameters used for -- initial provisioning and bootstrapping. --
docsDevServer OBJECT IDENTIFIER ::= { docsDevMIBObjects 4 }
docsDevServer OBJECT IDENTIFIER ::= { docsDevMIBObjects 4 }
docsDevServerBootState OBJECT-TYPE SYNTAX INTEGER { operational(1), disabled(2), waitingForDhcpOffer(3), waitingForDhcpResponse(4), waitingForTimeServer(5), waitingForTftp(6), refusedByCmts(7), forwardingDenied(8), other(9), unknown(10) } MAX-ACCESS read-only STATUS current DESCRIPTION "If operational(1), the device has completed loading and processing of configuration parameters and the CMTS has completed the Registration exchange. If disabled(2) then the device was administratively disabled, possibly by being refused network access in the configuration file. If waitingForDhcpOffer(3) then a DHCP Discover has been transmitted and no offer has yet been received. If waitingForDhcpResponse(4) then a DHCP Request has been transmitted and no response has yet been received. If waitingForTimeServer(5) then a Time Request has been transmitted and no response has yet been received.
docsDevServerBootState OBJECT-TYPE SYNTAX INTEGER { operational(1), disabled(2), waitingForDhcpOffer(3), waitingForDhcpResponse(4), waitingForTimeServer(5), waitingForTftp(6), refusedByCmts(7), forwardingDenied(8), other(9), unknown(10) } MAX-ACCESS read-only STATUS current DESCRIPTION "If operational(1), the device has completed loading and processing of configuration parameters and the CMTS has completed the Registration exchange. If disabled(2) then the device was administratively disabled, possibly by being refused network access in the configuration file. If waitingForDhcpOffer(3) then a DHCP Discover has been transmitted and no offer has yet been received. If waitingForDhcpResponse(4) then a DHCP Request has been transmitted and no response has yet been received. If waitingForTimeServer(5) then a Time Request has been transmitted and no response has yet been received.
If waitingForTftp(6) then a request to the TFTP parameter server has been made and no response received. If refusedByCmts(7) then the Registration Request/Response exchange with the CMTS failed. If forwardingDenied(8) then the registration process completed, but the network access option in the received configuration file prohibits forwarding. " REFERENCE "DOCSIS Radio Frequency Interface Specification, Figure 7-1, CM Initialization Overview." ::= { docsDevServer 1 }
If waitingForTftp(6) then a request to the TFTP parameter server has been made and no response received. If refusedByCmts(7) then the Registration Request/Response exchange with the CMTS failed. If forwardingDenied(8) then the registration process completed, but the network access option in the received configuration file prohibits forwarding. " REFERENCE "DOCSIS Radio Frequency Interface Specification, Figure 7-1, CM Initialization Overview." ::= { docsDevServer 1 }
docsDevServerDhcp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the DHCP server that assigned an IP address to this device. Returns 0.0.0.0 if DHCP was not used for IP address assignment." ::= { docsDevServer 2 }
docsDevServerDhcp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the DHCP server that assigned an IP address to this device. Returns 0.0.0.0 if DHCP was not used for IP address assignment." ::= { docsDevServer 2 }
docsDevServerTime OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the Time server (RFC-868). Returns 0.0.0.0 if the time server IP address is unknown." ::= { docsDevServer 3 }
docsDevServerTime OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the Time server (RFC-868). Returns 0.0.0.0 if the time server IP address is unknown." ::= { docsDevServer 3 }
docsDevServerTftp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the TFTP server responsible for downloading provisioning and configuration parameters to this device. Returns 0.0.0.0 if the TFTP server address is unknown." ::= { docsDevServer 4 }
docsDevServerTftp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the TFTP server responsible for downloading provisioning and configuration parameters to this device. Returns 0.0.0.0 if the TFTP server address is unknown." ::= { docsDevServer 4 }
docsDevServerConfigFile OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the device configuration file read from the
docsDevServerConfigFile对象类型语法SnmpAdminString MAX-ACCESS只读状态当前描述“从
TFTP server. Returns an empty string if the configuration file name is unknown." ::= { docsDevServer 5 }
TFTP server. Returns an empty string if the configuration file name is unknown." ::= { docsDevServer 5 }
-- -- Event Reporting --
----事件报告--
docsDevEvent OBJECT IDENTIFIER ::= { docsDevMIBObjects 5 }
docsDevEvent OBJECT IDENTIFIER ::= { docsDevMIBObjects 5 }
docsDevEvControl OBJECT-TYPE SYNTAX INTEGER { resetLog(1), useDefaultReporting(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to resetLog(1) empties the event log. All data is deleted. Setting it to useDefaultReporting(2) returns all event priorities to their factory-default reporting. Reading this object always returns useDefaultReporting(2)." ::= { docsDevEvent 1 }
docsDevEvControl OBJECT-TYPE SYNTAX INTEGER { resetLog(1), useDefaultReporting(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to resetLog(1) empties the event log. All data is deleted. Setting it to useDefaultReporting(2) returns all event priorities to their factory-default reporting. Reading this object always returns useDefaultReporting(2)." ::= { docsDevEvent 1 }
docsDevEvSyslog OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The IP address of the Syslog server. If 0.0.0.0, syslog transmission is inhibited." ::= { docsDevEvent 2 }
docsDevEvSyslog OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The IP address of the Syslog server. If 0.0.0.0, syslog transmission is inhibited." ::= { docsDevEvent 2 }
docsDevEvThrottleAdminStatus OBJECT-TYPE SYNTAX INTEGER { unconstrained(1), maintainBelowThreshold(2), stopAtThreshold(3), inhibited(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls the transmission of traps and syslog messages with respect to the trap pacing threshold. unconstrained(1) causes traps and syslog messages to be transmitted without regard to the threshold settings.
docsDevEvThrottleAdminStatus OBJECT-TYPE SYNTAX INTEGER { unconstrained(1), maintainBelowThreshold(2), stopAtThreshold(3), inhibited(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls the transmission of traps and syslog messages with respect to the trap pacing threshold. unconstrained(1) causes traps and syslog messages to be transmitted without regard to the threshold settings.
maintainBelowThreshold(2) causes trap transmission and syslog messages to be suppressed if the number of traps would otherwise exceed the threshold. stopAtThreshold(3) causes trap transmission to cease at the threshold, and not resume until directed to do so. inhibited(4) causes all trap transmission and syslog messages to be suppressed.
如果陷阱数量超过阈值,maintainBelowThreshold(2)会导致陷阱传输和系统日志消息被抑制。stopAtThreshold(3)导致陷阱传输在阈值处停止,并且在指示停止之前不会恢复。抑制(4)导致所有陷阱传输和系统日志消息被抑制。
A single event is always treated as a single event for threshold counting. That is, an event causing both a trap and a syslog message is still treated as a single event.
对于阈值计数,单个事件始终被视为单个事件。也就是说,同时导致陷阱和系统日志消息的事件仍然被视为单个事件。
Writing to this object resets the thresholding state.
写入此对象将重置阈值状态。
At initial startup, this object has a default value of unconstrained(1)." ::= { docsDevEvent 3 }
At initial startup, this object has a default value of unconstrained(1)." ::= { docsDevEvent 3 }
docsDevEvThrottleInhibited OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If true(1), trap and syslog transmission is currently inhibited due to thresholds and/or the current setting of docsDevEvThrottleAdminStatus. In addition, this is set to true(1) if transmission is inhibited due to no syslog (docsDevEvSyslog) or trap (docsDevNmAccessEntry) destinations having been set." ::= { docsDevEvent 4 }
docsDevEvThrottleInhibited OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If true(1), trap and syslog transmission is currently inhibited due to thresholds and/or the current setting of docsDevEvThrottleAdminStatus. In addition, this is set to true(1) if transmission is inhibited due to no syslog (docsDevEvSyslog) or trap (docsDevNmAccessEntry) destinations having been set." ::= { docsDevEvent 4 }
docsDevEvThrottleThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Number of trap/syslog events per docsDevEvThrottleInterval to be transmitted before throttling.
docsDevEvThrottleThreshold对象类型语法Unsigned32 MAX-ACCESS读写状态当前描述“节流前每个docsDevEvThrottleInterval要传输的陷阱/系统日志事件数”。
A single event is always treated as a single event for threshold counting. That is, an event causing both a trap and a syslog message is still treated as a single event.
对于阈值计数,单个事件始终被视为单个事件。也就是说,同时导致陷阱和系统日志消息的事件仍然被视为单个事件。
At initial startup, this object returns 0." ::= { docsDevEvent 5 }
At initial startup, this object returns 0." ::= { docsDevEvent 5 }
docsDevEvThrottleInterval OBJECT-TYPE SYNTAX Integer32 (1..2147483647)
docsDevEvThrottleInterval对象类型语法整数32(1..2147483647)
UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The interval over which the trap threshold applies. At initial startup, this object has a value of 1."
单位“秒”MAX-ACCESS read-write STATUS current DESCRIPTION“陷阱阈值应用的间隔。初始启动时,此对象的值为1。”
::= { docsDevEvent 6 }
::= { docsDevEvent 6 }
-- -- The following table controls the reporting of the various classes of -- events. --
-- -- The following table controls the reporting of the various classes of -- events. --
docsDevEvControlTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevEvControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table allows control of the reporting of event classes. For each event priority, a combination of logging and reporting mechanisms may be chosen. The mapping of event types to priorities is vendor-dependent. Vendors may also choose to allow the user to control that mapping through proprietary means." ::= { docsDevEvent 7 }
docsDevEvControlTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevEvControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table allows control of the reporting of event classes. For each event priority, a combination of logging and reporting mechanisms may be chosen. The mapping of event types to priorities is vendor-dependent. Vendors may also choose to allow the user to control that mapping through proprietary means." ::= { docsDevEvent 7 }
docsDevEvControlEntry OBJECT-TYPE SYNTAX DocsDevEvControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Allows configuration of the reporting mechanisms for a particular event priority." INDEX { docsDevEvPriority } ::= { docsDevEvControlTable 1 }
docsDevEvControlEntry OBJECT-TYPE SYNTAX DocsDevEvControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Allows configuration of the reporting mechanisms for a particular event priority." INDEX { docsDevEvPriority } ::= { docsDevEvControlTable 1 }
DocsDevEvControlEntry ::= SEQUENCE { docsDevEvPriority INTEGER, docsDevEvReporting BITS }
DocsDevEvControlEntry ::= SEQUENCE { docsDevEvPriority INTEGER, docsDevEvReporting BITS }
docsDevEvPriority OBJECT-TYPE SYNTAX INTEGER { emergency(1), alert(2), critical(3),
docsDevEvPriority对象类型语法整数{紧急(1)、警报(2)、严重(3),
error(4), warning(5), notice(6), information(7), debug(8) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The priority level that is controlled by this entry. These are ordered from most (emergency) to least (debug) critical. Each event with a CM or CMTS has a particular priority level associated with it (as defined by the vendor). During normal operation no event more critical than notice(6) should be generated. Events between warning and emergency should be generated at appropriate levels of problems (e.g. emergency when the box is about to crash)." ::= { docsDevEvControlEntry 1 }
error(4), warning(5), notice(6), information(7), debug(8) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The priority level that is controlled by this entry. These are ordered from most (emergency) to least (debug) critical. Each event with a CM or CMTS has a particular priority level associated with it (as defined by the vendor). During normal operation no event more critical than notice(6) should be generated. Events between warning and emergency should be generated at appropriate levels of problems (e.g. emergency when the box is about to crash)." ::= { docsDevEvControlEntry 1 }
docsDevEvReporting OBJECT-TYPE SYNTAX BITS { local(0), traps(1), syslog(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Defines the action to be taken on occurrence of this event class. Implementations may not necessarily support all options for all event classes, but at minimum must allow traps and syslogging to be disabled. If the local(0) bit is set, then log to the internal log, if the traps(1) bit is set, then generate a trap, if the syslog(2) bit is set, then send a syslog message (assuming the syslog address is set)." ::= { docsDevEvControlEntry 2 }
docsDevEvReporting OBJECT-TYPE SYNTAX BITS { local(0), traps(1), syslog(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Defines the action to be taken on occurrence of this event class. Implementations may not necessarily support all options for all event classes, but at minimum must allow traps and syslogging to be disabled. If the local(0) bit is set, then log to the internal log, if the traps(1) bit is set, then generate a trap, if the syslog(2) bit is set, then send a syslog message (assuming the syslog address is set)." ::= { docsDevEvControlEntry 2 }
docsDevEventTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevEventEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Contains a log of network and device events that may be of interest in fault isolation and troubleshooting." ::= { docsDevEvent 8 }
docsDevEventTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevEventEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Contains a log of network and device events that may be of interest in fault isolation and troubleshooting." ::= { docsDevEvent 8 }
docsDevEventEntry OBJECT-TYPE SYNTAX DocsDevEventEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a network or device event that may be of interest in fault isolation and troubleshooting. Multiple sequential identical events are represented by incrementing docsDevEvCounts and setting docsDevEvLastTime to the current time rather than creating multiple rows.
DOCSDEVEVENTERY对象类型语法DOCSDEVEVENTERY MAX-ACCESS不可访问状态当前描述“描述可能与故障隔离和故障排除有关的网络或设备事件。多个顺序相同的事件通过递增docsDevEvCounts并将docsDevEvLastTime设置为当前时间而不是创建多行来表示。
Entries are created with the first occurrance of an event. docsDevEvControl can be used to clear the table. Individual events can not be deleted." INDEX { docsDevEvIndex }
条目是在事件首次发生时创建的。docsDevEvControl可用于清除表格。无法删除单个事件。“索引{docsDevEvIndex}
::= { docsDevEventTable 1 }
::= { docsDevEventTable 1 }
DocsDevEventEntry ::= SEQUENCE { docsDevEvIndex Integer32, docsDevEvFirstTime DateAndTime, docsDevEvLastTime DateAndTime, docsDevEvCounts Counter32, docsDevEvLevel INTEGER, docsDevEvId Unsigned32, docsDevEvText SnmpAdminString }
DocsDevEventEntry ::= SEQUENCE { docsDevEvIndex Integer32, docsDevEvFirstTime DateAndTime, docsDevEvLastTime DateAndTime, docsDevEvCounts Counter32, docsDevEvLevel INTEGER, docsDevEvId Unsigned32, docsDevEvText SnmpAdminString }
docsDevEvIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Provides relative ordering of the objects in the event log. This object will always increase except when (a) the log is reset via docsDevEvControl, (b) the device reboots and does not implement non-volatile storage for this log, or (c) it reaches the value 2^31. The next entry for all the above cases is 1." ::= { docsDevEventEntry 1 }
docsDevEvIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Provides relative ordering of the objects in the event log. This object will always increase except when (a) the log is reset via docsDevEvControl, (b) the device reboots and does not implement non-volatile storage for this log, or (c) it reaches the value 2^31. The next entry for all the above cases is 1." ::= { docsDevEventEntry 1 }
docsDevEvFirstTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The time that this entry was created."
docsDevEvFirstTime对象类型语法DateAndTime MAX-ACCESS只读状态当前描述“创建此项的时间”
::= { docsDevEventEntry 2 }
::= { docsDevEventEntry 2 }
docsDevEvLastTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "If multiple events are reported via the same entry, the time that the last event for this entry occurred, otherwise this should have the same value as docsDevEvFirstTime. " ::= { docsDevEventEntry 3 }
docsDevEvLastTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "If multiple events are reported via the same entry, the time that the last event for this entry occurred, otherwise this should have the same value as docsDevEvFirstTime. " ::= { docsDevEventEntry 3 }
-- This object was renamed from docsDevEvCount to meet naming -- requirements for Counter32 docsDevEvCounts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of consecutive event instances reported by this entry. This starts at 1 with the creation of this row and increments by 1 for each subsequent duplicate event." ::= { docsDevEventEntry 4 }
-- This object was renamed from docsDevEvCount to meet naming -- requirements for Counter32 docsDevEvCounts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of consecutive event instances reported by this entry. This starts at 1 with the creation of this row and increments by 1 for each subsequent duplicate event." ::= { docsDevEventEntry 4 }
docsDevEvLevel OBJECT-TYPE SYNTAX INTEGER { emergency(1), alert(2), critical(3), error(4), warning(5), notice(6), information(7), debug(8) } MAX-ACCESS read-only STATUS current DESCRIPTION "The priority level of this event as defined by the vendor. These are ordered from most serious (emergency) to least serious (debug)." ::= { docsDevEventEntry 5 }
docsDevEvLevel OBJECT-TYPE SYNTAX INTEGER { emergency(1), alert(2), critical(3), error(4), warning(5), notice(6), information(7), debug(8) } MAX-ACCESS read-only STATUS current DESCRIPTION "The priority level of this event as defined by the vendor. These are ordered from most serious (emergency) to least serious (debug)." ::= { docsDevEventEntry 5 }
-- -- Vendors will provide their own enumerations for the following. -- The interpretation of the enumeration is unambiguous for a
-- -- Vendors will provide their own enumerations for the following. -- The interpretation of the enumeration is unambiguous for a
-- particular value of the vendor's enterprise number in sysObjectID. --
--sysObjectID中供应商企业编号的特定值--
docsDevEvId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "For this product, uniquely identifies the type of event that is reported by this entry." ::= { docsDevEventEntry 6 }
docsDevEvId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "For this product, uniquely identifies the type of event that is reported by this entry." ::= { docsDevEventEntry 6 }
docsDevEvText OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Provides a human-readable description of the event, including all relevant context (interface numbers, etc.)." ::= { docsDevEventEntry 7 }
docsDevEvText OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "Provides a human-readable description of the event, including all relevant context (interface numbers, etc.)." ::= { docsDevEventEntry 7 }
docsDevFilter OBJECT IDENTIFIER ::= { docsDevMIBObjects 6 }
docsDevFilter OBJECT IDENTIFIER ::= { docsDevMIBObjects 6 }
-- -- Link Level Control Filtering --
----链路级控制过滤--
-- docsDevFilterLLCDefault renamed to docsDevFilterLLCUnmatchedAction
--docsDevFilterLLCDefault重命名为docsdevfilterllcunmatchdaction
docsDevFilterLLCUnmatchedAction OBJECT-TYPE SYNTAX INTEGER { discard(1), accept(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "LLC (Link Level Control) filters can be defined on an inclusive or exclusive basis: CMs can be configured to forward only packets matching a set of layer three protocols, or to drop packets matching a set of layer three protocols. Typical use of these filters is to filter out possibly harmful (given the context of a large metropolitan LAN) protocols.
docsDevFilterLLCUnmatchedAction OBJECT-TYPE SYNTAX INTEGER { discard(1), accept(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "LLC (Link Level Control) filters can be defined on an inclusive or exclusive basis: CMs can be configured to forward only packets matching a set of layer three protocols, or to drop packets matching a set of layer three protocols. Typical use of these filters is to filter out possibly harmful (given the context of a large metropolitan LAN) protocols.
If set to discard(1), any L2 packet which does not match at
如果设置为discard(1),则在
least one filter in the docsDevFilterLLCTable will be discarded. If set to accept(2), any L2 packet which does not match at least one filter in the docsDevFilterLLCTable will be accepted for further processing (e.g., bridging). At initial system startup, this object returns accept(2)." ::= { docsDevFilter 1 }
least one filter in the docsDevFilterLLCTable will be discarded. If set to accept(2), any L2 packet which does not match at least one filter in the docsDevFilterLLCTable will be accepted for further processing (e.g., bridging). At initial system startup, this object returns accept(2)." ::= { docsDevFilter 1 }
docsDevFilterLLCTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevFilterLLCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of filters to apply to (bridged) LLC traffic. The filters in this table are applied to incoming traffic on the appropriate interface(s) prior to any further processing (e.g. before handing the packet off for level 3 processing, or for bridging). The specific action taken when no filter is matched is controlled by docsDevFilterLLCUnmatchedAction." ::= { docsDevFilter 2 }
docsDevFilterLLCTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevFilterLLCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of filters to apply to (bridged) LLC traffic. The filters in this table are applied to incoming traffic on the appropriate interface(s) prior to any further processing (e.g. before handing the packet off for level 3 processing, or for bridging). The specific action taken when no filter is matched is controlled by docsDevFilterLLCUnmatchedAction." ::= { docsDevFilter 2 }
docsDevFilterLLCEntry OBJECT-TYPE SYNTAX DocsDevFilterLLCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a single filter to apply to (bridged) LLC traffic received on a specified interface. " INDEX { docsDevFilterLLCIndex } ::= { docsDevFilterLLCTable 1 }
docsDevFilterLLCEntry OBJECT-TYPE SYNTAX DocsDevFilterLLCEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a single filter to apply to (bridged) LLC traffic received on a specified interface. " INDEX { docsDevFilterLLCIndex } ::= { docsDevFilterLLCTable 1 }
DocsDevFilterLLCEntry ::= SEQUENCE { docsDevFilterLLCIndex Integer32, docsDevFilterLLCStatus RowStatus, docsDevFilterLLCIfIndex InterfaceIndexOrZero, docsDevFilterLLCProtocolType INTEGER, docsDevFilterLLCProtocol Integer32, docsDevFilterLLCMatches Counter32 }
DocsDevFilterLLCEntry ::= SEQUENCE { docsDevFilterLLCIndex Integer32, docsDevFilterLLCStatus RowStatus, docsDevFilterLLCIfIndex InterfaceIndexOrZero, docsDevFilterLLCProtocolType INTEGER, docsDevFilterLLCProtocol Integer32, docsDevFilterLLCMatches Counter32 }
docsDevFilterLLCIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index used for the identification of filters (note that LLC filter order is irrelevant)." ::= { docsDevFilterLLCEntry 1 }
docsDevFilterLLCIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index used for the identification of filters (note that LLC filter order is irrelevant)." ::= { docsDevFilterLLCEntry 1 }
docsDevFilterLLCStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. There is no restriction on changing any of the associated columns for this row while this object is set to active."
docsDevFilterLLCStatus对象类型语法RowStatus MAX-ACCESS read create STATUS current DESCRIPTION“控制并反映此表中行的状态。当此对象设置为活动时,对更改此行的任何关联列没有任何限制。”
::= { docsDevFilterLLCEntry 2}
::= { docsDevFilterLLCEntry 2}
docsDevFilterLLCIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The entry interface to which this filter applies. The value corresponds to ifIndex for either a CATV MAC or another network interface. If the value is zero, the filter applies to all interfaces. In Cable Modems, the default value is the customer side interface. In Cable Modem Termination Systems, this object has to be specified to create a row in this table." ::= { docsDevFilterLLCEntry 3 }
docsDevFilterLLCIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The entry interface to which this filter applies. The value corresponds to ifIndex for either a CATV MAC or another network interface. If the value is zero, the filter applies to all interfaces. In Cable Modems, the default value is the customer side interface. In Cable Modem Termination Systems, this object has to be specified to create a row in this table." ::= { docsDevFilterLLCEntry 3 }
docsDevFilterLLCProtocolType OBJECT-TYPE SYNTAX INTEGER { ethertype(1), dsap(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The format of the value in docsDevFilterLLCProtocol: either a two-byte Ethernet Ethertype, or a one-byte 802.2 SAP value. EtherType(1) also applies to SNAP- encapsulated frames." DEFVAL { ethertype } ::= { docsDevFilterLLCEntry 4 }
docsDevFilterLLCProtocolType OBJECT-TYPE SYNTAX INTEGER { ethertype(1), dsap(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The format of the value in docsDevFilterLLCProtocol: either a two-byte Ethernet Ethertype, or a one-byte 802.2 SAP value. EtherType(1) also applies to SNAP- encapsulated frames." DEFVAL { ethertype } ::= { docsDevFilterLLCEntry 4 }
docsDevFilterLLCProtocol OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The layer three protocol for which this filter applies. The protocol value format depends on
docsdevfilterlcprotocol对象类型语法Integer32(0..65535)MAX-ACCESS read create STATUS current DESCRIPTION“应用此筛选器的第三层协议。协议值格式取决于
docsDevFilterLLCProtocolType. Note that for SNAP frames, etherType filtering is performed rather than DSAP=0xAA." DEFVAL { 0 } ::= { docsDevFilterLLCEntry 5 }
docsDevFilterLLCProtocolType. Note that for SNAP frames, etherType filtering is performed rather than DSAP=0xAA." DEFVAL { 0 } ::= { docsDevFilterLLCEntry 5 }
docsDevFilterLLCMatches OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times this filter was matched." ::= { docsDevFilterLLCEntry 6 }
docsDevFilterLLCMatches OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times this filter was matched." ::= { docsDevFilterLLCEntry 6 }
-- The default behavior for (bridged) packets that do not match IP -- filters is defined by -- docsDevFilterIpDefault.
-- The default behavior for (bridged) packets that do not match IP -- filters is defined by -- docsDevFilterIpDefault.
docsDevFilterIpDefault OBJECT-TYPE SYNTAX INTEGER { discard(1), accept(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to discard(1), all packets not matching an IP filter will be discarded. If set to accept(2), all packets not matching an IP filter will be accepted for further processing (e.g., bridging). At initial system startup, this object returns accept(2)." ::= { docsDevFilter 3 }
docsDevFilterIpDefault OBJECT-TYPE SYNTAX INTEGER { discard(1), accept(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "If set to discard(1), all packets not matching an IP filter will be discarded. If set to accept(2), all packets not matching an IP filter will be accepted for further processing (e.g., bridging). At initial system startup, this object returns accept(2)." ::= { docsDevFilter 3 }
docsDevFilterIpTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevFilterIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An ordered list of filters or classifiers to apply to IP traffic. Filter application is ordered by the filter index, rather than by a best match algorithm (Note that this implies that the filter table may have gaps in the index values). Packets which match no filters will have policy 0 in the docsDevFilterPolicyTable applied to them if it exists. Otherwise, Packets which match no filters are discarded or forwarded according to the setting of docsDevFilterIpDefault.
docsDevFilterIpTable对象类型DocsDevFilterIpEntry MAX-ACCESS的语法序列不可访问状态当前描述“应用于IP流量的筛选器或分类器的有序列表。筛选器应用程序按筛选器索引排序,而不是按最佳匹配算法排序(请注意,这意味着筛选器表可能在索引值中存在间隙)。如果存在不匹配筛选器的数据包,则将在docsDevFilterPolicyTable中对其应用策略0。否则,将根据docsDevFilterIpDefault的设置丢弃或转发不匹配筛选器的数据包。
Any IP packet can theoretically match multiple rows of
理论上,任何IP数据包都可以匹配多行数据
this table. When considering a packet, the table is scanned in row index order (e.g. filter 10 is checked before filter 20). If the packet matches that filter (which means that it matches ALL criteria for that row), actions appropriate to docsDevFilterIpControl and docsDevFilterPolicyId are taken. If the packet was discarded processing is complete. If docsDevFilterIpContinue is set to true, the filter comparison continues with the next row in the table looking for additional matches.
这张桌子。当考虑数据包时,表按行索引顺序扫描(例如,在过滤器20之前检查过滤器10)。如果数据包与该筛选器匹配(这意味着它与该行的所有条件匹配),则将采取适用于docsDevFilterIpControl和docsDevFilterPolicyId的操作。如果数据包被丢弃,则处理完成。如果docsDevFilterIpContinue设置为true,则过滤器比较将继续进行,并在表中的下一行中查找其他匹配项。
If the packet matches no filter in the table, the packet is accepted or dropped for further processing based on the setting of docsDevFilterIpDefault. If the packet is accepted, the actions specified by policy group 0 (e.g. the rows in docsDevFilterPolicyTable which have a value of 0 for docsDevFilterPolicyId) are taken if that policy group exists.
如果数据包与表中的任何筛选器都不匹配,则会根据docsDevFilterIpDefault的设置接受或丢弃该数据包以进行进一步处理。如果数据包被接受,则在策略组0(例如docsDevFilterPolicyTable中docsDevFilterPolicyId值为0的行)存在的情况下,将执行该策略组0指定的操作。
Logically, this table is consulted twice during the processing of any IP packet - once upon its acceptance from the L2 entity, and once upon its transmission to the L2 entity. In actuality, for cable modems, IP filtering is generally the only IP processing done for transit traffic. This means that inbound and outbound filtering can generally be done at the same time with one pass through the filter table." ::= { docsDevFilter 4 }
Logically, this table is consulted twice during the processing of any IP packet - once upon its acceptance from the L2 entity, and once upon its transmission to the L2 entity. In actuality, for cable modems, IP filtering is generally the only IP processing done for transit traffic. This means that inbound and outbound filtering can generally be done at the same time with one pass through the filter table." ::= { docsDevFilter 4 }
docsDevFilterIpEntry OBJECT-TYPE SYNTAX DocsDevFilterIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a filter to apply to IP traffic received on a specified interface. All identity objects in this table (e.g. source and destination address/mask, protocol, source/dest port, TOS/mask, interface and direction) must match their respective fields in the packet for any given filter to match.
docsDevFilterIpEntry对象类型语法docsDevFilterIpEntry MAX-ACCESS not accessible STATUS current DESCRIPTION”描述应用于指定接口上接收的IP流量的筛选器。此表中的所有标识对象(例如源和目标地址/掩码、协议、源/目标端口、TOS/掩码、接口和方向)必须匹配数据包中各自的字段,才能匹配任何给定的筛选器。
To create an entry in this table, docsDevFilterIpIfIndex must be specified." INDEX { docsDevFilterIpIndex } ::= { docsDevFilterIpTable 1 }
To create an entry in this table, docsDevFilterIpIfIndex must be specified." INDEX { docsDevFilterIpIndex } ::= { docsDevFilterIpTable 1 }
DocsDevFilterIpEntry ::= SEQUENCE { docsDevFilterIpIndex Integer32,
DocsDevFilterIpEntry ::= SEQUENCE { docsDevFilterIpIndex Integer32,
docsDevFilterIpStatus RowStatus, docsDevFilterIpControl INTEGER, docsDevFilterIpIfIndex InterfaceIndexOrZero, docsDevFilterIpDirection INTEGER, docsDevFilterIpBroadcast TruthValue, docsDevFilterIpSaddr IpAddress, docsDevFilterIpSmask IpAddress, docsDevFilterIpDaddr IpAddress, docsDevFilterIpDmask IpAddress, docsDevFilterIpProtocol Integer32, docsDevFilterIpSourcePortLow Integer32, docsDevFilterIpSourcePortHigh Integer32, docsDevFilterIpDestPortLow Integer32, docsDevFilterIpDestPortHigh Integer32, docsDevFilterIpMatches Counter32, docsDevFilterIpTos OCTET STRING, docsDevFilterIpTosMask OCTET STRING, docsDevFilterIpContinue TruthValue, docsDevFilterIpPolicyId Integer32 }
docsDevFilterIpStatus RowStatus、DOCSDEVFILTERIPSPCONTROL INTEGER、DOCSDEVFILTERIPFINFINDEX接口索引索引为零、DOCSDEVFILTERIPDIRECT INTEGER、DOCSDEVFILTERIPPBROadcast TruthValue、docsDevFilterIpSaddr IpAddress、DOCSDEVFILTERIPMASK IpAddress、DOCSDEVFILTERIPPROPROTOCOL Integer32、,docsDevFilterIpSourcePortLow Integer32、DOCSDEVFILTERIPSOURCEPTHIGH Integer32、DOCSDEVFILTERIPDESTROPLOW Integer32、DOCSDEVFILTERIPDESTROPHIGH Integer32、DOCSDEVFILTERIPSMASK八位字符串、docsDevFilterIpContinue TruthValue、docsDevFilterIpPolicyId Integer32}
docsDevFilterIpIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index used to order the application of filters. The filter with the lowest index is always applied first." ::= { docsDevFilterIpEntry 1 }
docsDevFilterIpIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index used to order the application of filters. The filter with the lowest index is always applied first." ::= { docsDevFilterIpEntry 1 }
docsDevFilterIpStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. Specifying only this object (with the appropriate index) on a CM is sufficient to create a filter row which matches all inbound packets on the ethernet interface, and results in the packets being discarded. docsDevFilterIpIfIndex (at least) must be specified on a CMTS to create a row. Creation of the rows may be done via either create-and-wait or create-and-go, but the filter is not applied until this object is set to (or changes to) active. There is no restriction in changing any object in a row while this object is set to active."
docsDevFilterIpStatus对象类型语法RowStatus MAX-ACCESS read create STATUS current DESCRIPTION“控制并反映此表中行的状态。仅指定此对象(使用适当的索引)在CM上创建的筛选器行足以匹配以太网接口上的所有入站数据包,并导致数据包被丢弃。docsDevFilterIpIfIndex(至少)必须在CMTS上指定才能创建行。行的创建可以通过创建并等待或创建并执行来完成,但在将此对象设置为活动(或更改为活动)之前,不会应用筛选器。在将此对象设置为活动时,对更改行中的任何对象没有任何限制。”
::= { docsDevFilterIpEntry 2 }
::= { docsDevFilterIpEntry 2 }
docsDevFilterIpControl OBJECT-TYPE SYNTAX INTEGER { discard(1), accept(2), policy(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "If set to discard(1), all packets matching this filter will be discarded and scanning of the remainder of the filter list will be aborted. If set to accept(2), all packets matching this filter will be accepted for further processing (e.g., bridging). If docsDevFilterIpContinue is set to true, see if there are other matches, otherwise done. If set to policy (3), execute the policy entries matched by docsDevIpFilterPolicyId in docsDevIpFilterPolicyTable.
docsDevFilterIpControl OBJECT-TYPE SYNTAX INTEGER { discard(1), accept(2), policy(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "If set to discard(1), all packets matching this filter will be discarded and scanning of the remainder of the filter list will be aborted. If set to accept(2), all packets matching this filter will be accepted for further processing (e.g., bridging). If docsDevFilterIpContinue is set to true, see if there are other matches, otherwise done. If set to policy (3), execute the policy entries matched by docsDevIpFilterPolicyId in docsDevIpFilterPolicyTable.
If is docsDevFilterIpContinue is set to true, continue scanning the table for other matches, otherwise done." DEFVAL { discard } ::= { docsDevFilterIpEntry 3 }
If is docsDevFilterIpContinue is set to true, continue scanning the table for other matches, otherwise done." DEFVAL { discard } ::= { docsDevFilterIpEntry 3 }
docsDevFilterIpIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The entry interface to which this filter applies. The value corresponds to ifIndex for either a CATV MAC or another network interface. If the value is zero, the filter applies to all interfaces. Default value in Cable Modems is the index of the customer-side (e.g. ethernet) interface. In Cable Modem Termination Systems, this object MUST be specified to create a row in this table." ::= { docsDevFilterIpEntry 4 }
docsDevFilterIpIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The entry interface to which this filter applies. The value corresponds to ifIndex for either a CATV MAC or another network interface. If the value is zero, the filter applies to all interfaces. Default value in Cable Modems is the index of the customer-side (e.g. ethernet) interface. In Cable Modem Termination Systems, this object MUST be specified to create a row in this table." ::= { docsDevFilterIpEntry 4 }
docsDevFilterIpDirection OBJECT-TYPE SYNTAX INTEGER { inbound(1), outbound(2), both(3) } MAX-ACCESS read-create STATUS current
docsDevFilterIpDirection OBJECT-TYPE SYNTAX INTEGER { inbound(1), outbound(2), both(3) } MAX-ACCESS read-create STATUS current
DESCRIPTION "Determines whether the filter is applied to inbound(1) traffic, outbound(2) traffic, or traffic in both(3) directions." DEFVAL { inbound } ::= { docsDevFilterIpEntry 5 }
DESCRIPTION "Determines whether the filter is applied to inbound(1) traffic, outbound(2) traffic, or traffic in both(3) directions." DEFVAL { inbound } ::= { docsDevFilterIpEntry 5 }
docsDevFilterIpBroadcast OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If set to true(1), the filter only applies to multicast and broadcast traffic. If set to false(2), the filter applies to all traffic." DEFVAL { false } ::= { docsDevFilterIpEntry 6 }
docsDevFilterIpBroadcast OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If set to true(1), the filter only applies to multicast and broadcast traffic. If set to false(2), the filter applies to all traffic." DEFVAL { false } ::= { docsDevFilterIpEntry 6 }
docsDevFilterIpSaddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The source IP address, or portion thereof, that is to be matched for this filter. The source address is first masked (and'ed) against docsDevFilterIpSmask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses." DEFVAL { '00000000'h } ::= { docsDevFilterIpEntry 7 }
docsDevFilterIpSaddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The source IP address, or portion thereof, that is to be matched for this filter. The source address is first masked (and'ed) against docsDevFilterIpSmask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses." DEFVAL { '00000000'h } ::= { docsDevFilterIpEntry 7 }
docsDevFilterIpSmask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "A bit mask that is to be applied to the source address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous." DEFVAL { '00000000'h } ::= { docsDevFilterIpEntry 8 }
docsDevFilterIpSmask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "A bit mask that is to be applied to the source address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous." DEFVAL { '00000000'h } ::= { docsDevFilterIpEntry 8 }
docsDevFilterIpDaddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION
DocsdevFilteriPaddr对象类型语法IpAddress MAX-ACCESS读取创建状态当前说明
"The destination IP address, or portion thereof, that is to be matched for this filter. The destination address is first masked (and'ed) against docsDevFilterIpDmask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses." DEFVAL { '00000000'h } ::= { docsDevFilterIpEntry 9 }
"The destination IP address, or portion thereof, that is to be matched for this filter. The destination address is first masked (and'ed) against docsDevFilterIpDmask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses." DEFVAL { '00000000'h } ::= { docsDevFilterIpEntry 9 }
docsDevFilterIpDmask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "A bit mask that is to be applied to the destination address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous." DEFVAL { '00000000'h } ::= { docsDevFilterIpEntry 10 }
docsDevFilterIpDmask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "A bit mask that is to be applied to the destination address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous." DEFVAL { '00000000'h } ::= { docsDevFilterIpEntry 10 }
docsDevFilterIpProtocol OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The IP protocol value that is to be matched. For example: icmp is 1, tcp is 6, udp is 17. A value of 256 matches ANY protocol." DEFVAL { 256 } ::= { docsDevFilterIpEntry 11 }
docsDevFilterIpProtocol OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The IP protocol value that is to be matched. For example: icmp is 1, tcp is 6, udp is 17. A value of 256 matches ANY protocol." DEFVAL { 256 } ::= { docsDevFilterIpEntry 11 }
docsDevFilterIpSourcePortLow OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If docsDevFilterIpProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 0 } ::= { docsDevFilterIpEntry 12 }
docsDevFilterIpSourcePortLow OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If docsDevFilterIpProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 0 } ::= { docsDevFilterIpEntry 12 }
docsDevFilterIpSourcePortHigh OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION
DocsdevFilterIPSource或高对象类型语法整数32(0..65535)MAX-ACCESS读取创建状态当前说明
"If docsDevFilterIpProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 65535 } ::= { docsDevFilterIpEntry 13 }
"If docsDevFilterIpProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 65535 } ::= { docsDevFilterIpEntry 13 }
docsDevFilterIpDestPortLow OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If docsDevFilterIpProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 0 } ::= { docsDevFilterIpEntry 14 }
docsDevFilterIpDestPortLow OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If docsDevFilterIpProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 0 } ::= { docsDevFilterIpEntry 14 }
docsDevFilterIpDestPortHigh OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If docsDevFilterIpProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 65535 } ::= { docsDevFilterIpEntry 15 }
docsDevFilterIpDestPortHigh OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If docsDevFilterIpProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 65535 } ::= { docsDevFilterIpEntry 15 }
docsDevFilterIpMatches OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times this filter was matched. This object is initialized to 0 at boot, or at row creation, and is reset only upon reboot." ::= { docsDevFilterIpEntry 16 }
docsDevFilterIpMatches OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times this filter was matched. This object is initialized to 0 at boot, or at row creation, and is reset only upon reboot." ::= { docsDevFilterIpEntry 16 }
docsDevFilterIpTos OBJECT-TYPE SYNTAX OCTET STRING ( SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION "This is the value to be matched to the packet's TOS (Type of Service) value (after the TOS value
docsDevFilterIpTos对象类型语法八位字符串(大小(1))MAX-ACCESS read create STATUS current DESCRIPTION“这是要与数据包的TOS(服务类型)值匹配的值(在TOS值之后
is AND'd with docsDevFilterIpTosMask). A value for this object of 0 and a mask of 0 matches all TOS values." DEFVAL { '00'h } ::= { docsDevFilterIpEntry 17 }
is AND'd with docsDevFilterIpTosMask). A value for this object of 0 and a mask of 0 matches all TOS values." DEFVAL { '00'h } ::= { docsDevFilterIpEntry 17 }
docsDevFilterIpTosMask OBJECT-TYPE SYNTAX OCTET STRING ( SIZE (1) ) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask to be applied to the packet's TOS value before matching." DEFVAL { '00'h } ::= { docsDevFilterIpEntry 18 }
docsDevFilterIpTosMask OBJECT-TYPE SYNTAX OCTET STRING ( SIZE (1) ) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask to be applied to the packet's TOS value before matching." DEFVAL { '00'h } ::= { docsDevFilterIpEntry 18 }
docsDevFilterIpContinue OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If this value is set to true, and docsDevFilterIpControl is anything but discard (1), continue scanning and applying policies." DEFVAL { false } ::= { docsDevFilterIpEntry 19 }
docsDevFilterIpContinue OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If this value is set to true, and docsDevFilterIpControl is anything but discard (1), continue scanning and applying policies." DEFVAL { false } ::= { docsDevFilterIpEntry 19 }
docsDevFilterIpPolicyId OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object points to an entry in docsDevFilterPolicyTable. If docsDevFilterIpControl is set to policy (3), execute all matching policies in docsDevFilterPolicyTable. If no matching policy exists, treat as if docsDevFilterIpControl were set to accept (1). If this object is set to the value of 0, there is no matching policy, and docsDevFilterPolicyTable MUST NOT be consulted." DEFVAL { 0 } ::= { docsDevFilterIpEntry 20 }
docsDevFilterIpPolicyId OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object points to an entry in docsDevFilterPolicyTable. If docsDevFilterIpControl is set to policy (3), execute all matching policies in docsDevFilterPolicyTable. If no matching policy exists, treat as if docsDevFilterIpControl were set to accept (1). If this object is set to the value of 0, there is no matching policy, and docsDevFilterPolicyTable MUST NOT be consulted." DEFVAL { 0 } ::= { docsDevFilterIpEntry 20 }
-- --
-- --
docsDevFilterPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevFilterPolicyEntry MAX-ACCESS not-accessible
DocsDevFilterPolicyEntry MAX-ACCESS的docsDevFilterPolicyTable对象类型语法序列不可访问
STATUS current DESCRIPTION "A Table which maps between a policy group ID and a set of policies to be applied. All rows with the same docsDevFilterPolicyId are part of the same policy group and are applied in the order in which they are in this table.
STATUS current DESCRIPTION“在策略组ID和要应用的一组策略之间映射的表。具有相同docsDevFilterPolicyId的所有行都是同一策略组的一部分,并按照它们在此表中的顺序应用。
docsDevFilterPolicyTable exists to allow multiple policy actions to be applied to any given classified packet. The policy actions are applied in index order For example:
docsDevFilterPolicyTable允许对任何给定的分类数据包应用多个策略操作。策略操作按索引顺序应用,例如:
Index ID Type Action 1 1 TOS 1 9 5 TOS 1 12 1 IPSEC 3
索引ID类型操作1 TOS 19 5 TOS 1 12 1 IPSEC 3
This says that a packet which matches a filter with policy id 1, first has TOS policy 1 applied (which might set the TOS bits to enable a higher priority), and next has the IPSEC policy 3 applied (which may result in the packet being dumped into a secure VPN to a remote encryptor).
这表示匹配策略id为1的筛选器的数据包首先应用TOS策略1(这可能会设置TOS位以启用更高的优先级),然后应用IPSEC策略3(这可能会导致数据包转储到远程加密机的安全VPN中)。
Policy ID 0 is reserved for default actions and is applied only to packets which match no filters in docsDevIpFilterTable." ::= { docsDevFilter 5 }
Policy ID 0 is reserved for default actions and is applied only to packets which match no filters in docsDevIpFilterTable." ::= { docsDevFilter 5 }
docsDevFilterPolicyEntry OBJECT-TYPE SYNTAX DocsDevFilterPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the docsDevFilterPolicyTable. Entries are created by Network Management. To create an entry, docsDevFilterPolicyId and docsDevFilterPolicyAction must be specified." INDEX { docsDevFilterPolicyIndex } ::= { docsDevFilterPolicyTable 1 }
docsDevFilterPolicyEntry OBJECT-TYPE SYNTAX DocsDevFilterPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the docsDevFilterPolicyTable. Entries are created by Network Management. To create an entry, docsDevFilterPolicyId and docsDevFilterPolicyAction must be specified." INDEX { docsDevFilterPolicyIndex } ::= { docsDevFilterPolicyTable 1 }
DocsDevFilterPolicyEntry ::= SEQUENCE { docsDevFilterPolicyIndex Integer32, docsDevFilterPolicyId Integer32, -- docsDevFilterPolicyType INTEGER, -- docsDevFilterPolicyAction Integer32, docsDevFilterPolicyStatus RowStatus, docsDevFilterPolicyPtr RowPointer
DocsDevFilterPolicyEntry ::= SEQUENCE { docsDevFilterPolicyIndex Integer32, docsDevFilterPolicyId Integer32, -- docsDevFilterPolicyType INTEGER, -- docsDevFilterPolicyAction Integer32, docsDevFilterPolicyStatus RowStatus, docsDevFilterPolicyPtr RowPointer
}
}
docsDevFilterPolicyIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index value for the table." ::= { docsDevFilterPolicyEntry 1 }
docsDevFilterPolicyIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index value for the table." ::= { docsDevFilterPolicyEntry 1 }
docsDevFilterPolicyId OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "Policy ID for this entry. A policy ID can apply to multiple rows of this table, all relevant policies are executed. Policy 0 (if populated) is applied to all packets which do not match any of the filters. N.B. If docsDevFilterIpPolicyId is set to 0, it DOES NOT match policy 0 of this table. " ::= { docsDevFilterPolicyEntry 2 }
docsDevFilterPolicyId OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "Policy ID for this entry. A policy ID can apply to multiple rows of this table, all relevant policies are executed. Policy 0 (if populated) is applied to all packets which do not match any of the filters. N.B. If docsDevFilterIpPolicyId is set to 0, it DOES NOT match policy 0 of this table. " ::= { docsDevFilterPolicyEntry 2 }
-- docsDevFilterPolicyType ::= { docsDevFilterPolicyEntry 3} Removed -- docsDevFilterPolicyAction ::= { docsDevFilterPolicyEntry 4 } removed
-- docsDevFilterPolicyType ::= { docsDevFilterPolicyEntry 3} Removed -- docsDevFilterPolicyAction ::= { docsDevFilterPolicyEntry 4 } removed
docsDevFilterPolicyStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Object used to create an entry in this table." ::= { docsDevFilterPolicyEntry 5 }
docsDevFilterPolicyStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Object used to create an entry in this table." ::= { docsDevFilterPolicyEntry 5 }
docsDevFilterPolicyPtr OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "This object points to a row in an applicable filter policy table. Currently, the only standard policy table is docsDevFilterTosTable. Per the textual convention, this object points to the first accessible object in the row. E.g. to point to a row in docsDevFilterTosTable with an index of 21, the value of this object would be the object identifier docsDevTosStatus.21.
docsDevFilterPolicyPtr对象类型语法行指针最大访问读取创建状态当前描述“此对象指向适用筛选器策略表中的一行。目前,唯一的标准策略表是docsDevFilterTosTable。根据文本约定,此对象指向行中的第一个可访问对象。例如,要指向docsDevFilterTosTable中索引为21的行,此对象的值应为对象标识符docsDevTosStatus.21。
Vendors must adhere to the same convention when adding
供应商在添加时必须遵守相同的约定
vendor specific policy table extensions.
特定于供应商的策略表扩展。
The default upon row creation is a null pointer which results in no policy action being taken." DEFVAL { zeroDotZero } ::= { docsDevFilterPolicyEntry 6 }
The default upon row creation is a null pointer which results in no policy action being taken." DEFVAL { zeroDotZero } ::= { docsDevFilterPolicyEntry 6 }
-- -- TOS Policy action table --
----TOS策略操作表--
docsDevFilterTosTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevFilterTosEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table used to describe Type of Service (TOS) bits processing.
docsDevFilterTosTable对象类型DocsDevFilterTosEntry MAX-ACCESS不可访问状态当前描述”表的语法序列,用于描述服务类型(TOS)位处理。
This table is an adjunct to the docsDevFilterIpTable, and the docsDevFilterPolicy table. Entries in the latter table can point to specific rows in this (and other) tables and cause specific actions to be taken. This table permits the manipulation of the value of the Type of Service bits in the IP header of the matched packet as follows: Set the tosBits of the packet to (tosBits & docsDevFilterTosAndMask) | docsDevFilterTosOrMask
此表是docsDevFilterPolicy表和docsDevFilterPolicy表的附属表。后一个表中的条目可以指向此(和其他)表中的特定行,并导致执行特定操作。此表允许对匹配数据包的IP报头中服务位类型的值进行如下操作:将数据包的tosBits设置为(tosBits&docsDevFilterTosAndMask)| DocsdevFilterTosMask
This construct allows you to do a clear and set of all the TOS bits in a flexible manner." ::= { docsDevFilter 6 }
This construct allows you to do a clear and set of all the TOS bits in a flexible manner." ::= { docsDevFilter 6 }
docsDevFilterTosEntry OBJECT-TYPE SYNTAX DocsDevFilterTosEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A TOS policy entry." INDEX { docsDevFilterTosIndex } ::= { docsDevFilterTosTable 1 }
docsDevFilterTosEntry OBJECT-TYPE SYNTAX DocsDevFilterTosEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A TOS policy entry." INDEX { docsDevFilterTosIndex } ::= { docsDevFilterTosTable 1 }
DocsDevFilterTosEntry ::= SEQUENCE { docsDevFilterTosIndex Integer32, docsDevFilterTosStatus RowStatus, docsDevFilterTosAndMask OCTET STRING (SIZE (1)), docsDevFilterTosOrMask OCTET STRING (SIZE (1))
DocsDevFilterTosEntry ::= SEQUENCE { docsDevFilterTosIndex Integer32, docsDevFilterTosStatus RowStatus, docsDevFilterTosAndMask OCTET STRING (SIZE (1)), docsDevFilterTosOrMask OCTET STRING (SIZE (1))
}
}
docsDevFilterTosIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { docsDevFilterTosEntry 1 }
docsDevFilterTosIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { docsDevFilterTosEntry 1 }
docsDevFilterTosStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The object used to create and delete entries in this table. A row created by specifying just this object results in a row which specifies no change to the TOS bits. A row may be created using either the create-and-go or create-and-wait paradigms. There is no restriction on the ability to change values in this row while the row is active." ::= { docsDevFilterTosEntry 2 }
docsDevFilterTosStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The object used to create and delete entries in this table. A row created by specifying just this object results in a row which specifies no change to the TOS bits. A row may be created using either the create-and-go or create-and-wait paradigms. There is no restriction on the ability to change values in this row while the row is active." ::= { docsDevFilterTosEntry 2 }
docsDevFilterTosAndMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION
docsDevFilterTosAndMask对象类型语法八位字符串(大小(1))MAX-ACCESS读取创建状态当前说明
"This value is bitwise AND'd with the matched packet's TOS bits." DEFVAL { 'ff'h } ::= { docsDevFilterTosEntry 3 }
"This value is bitwise AND'd with the matched packet's TOS bits." DEFVAL { 'ff'h } ::= { docsDevFilterTosEntry 3 }
docsDevFilterTosOrMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION "After bitwise AND'ing with the above bits, the packet's TOS bits are bitwise OR'd with these bits." DEFVAL { '00'h } ::= { docsDevFilterTosEntry 4 }
docsDevFilterTosOrMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION "After bitwise AND'ing with the above bits, the packet's TOS bits are bitwise OR'd with these bits." DEFVAL { '00'h } ::= { docsDevFilterTosEntry 4 }
-- -- CPE IP Management and anti spoofing group. Only implemented on -- Cable Modems. --
-- -- CPE IP Management and anti spoofing group. Only implemented on -- Cable Modems. --
docsDevCpe OBJECT IDENTIFIER ::= { docsDevMIBObjects 7}
docsDevCpe OBJECT IDENTIFIER ::= { docsDevMIBObjects 7}
docsDevCpeEnroll OBJECT-TYPE SYNTAX INTEGER { none(1), any(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls the population of docsDevFilterCpeTable. If set to none, the filters must be set manually. If set to any, the CM wiretaps the packets originating from the ethernet and enrolls up to docsDevCpeIpMax addresses based on the source IP addresses of those packets. At initial system startup, default value for this object is any(2)." ::= { docsDevCpe 1 }
docsDevCpeEnroll OBJECT-TYPE SYNTAX INTEGER { none(1), any(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls the population of docsDevFilterCpeTable. If set to none, the filters must be set manually. If set to any, the CM wiretaps the packets originating from the ethernet and enrolls up to docsDevCpeIpMax addresses based on the source IP addresses of those packets. At initial system startup, default value for this object is any(2)." ::= { docsDevCpe 1 }
docsDevCpeIpMax OBJECT-TYPE SYNTAX Integer32 (-1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls the maximum number of CPEs allowed to connect behind this device. If set to zero, any number of CPEs may connect up to the maximum permitted for the device. If set to -1, no filtering is done on CPE source addresses, and no entries are made in the docsDevFilterCpeTable. If an attempt is made to set this to a number greater than that permitted for the device, it is set to that maximum. At iniitial system startup, default value for this object is 1." ::= { docsDevCpe 2 }
docsDevCpeIpMax OBJECT-TYPE SYNTAX Integer32 (-1..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "This object controls the maximum number of CPEs allowed to connect behind this device. If set to zero, any number of CPEs may connect up to the maximum permitted for the device. If set to -1, no filtering is done on CPE source addresses, and no entries are made in the docsDevFilterCpeTable. If an attempt is made to set this to a number greater than that permitted for the device, it is set to that maximum. At iniitial system startup, default value for this object is 1." ::= { docsDevCpe 2 }
docsDevCpeTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsDevCpeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the IP addresses seen (or permitted) as source addresses in packets originating from the customer interface on this device. In addition, this table can be
docsDevCpeTable对象类型DocsdevcPendtry MAX-ACCESS不可访问状态的语法序列当前描述“此表列出了在源自此设备上的客户接口的数据包中作为源地址看到(或允许)的IP地址。此外,此表可以
provisioned with the specific addresses permitted for the CPEs via the normal row creation mechanisms." ::= { docsDevCpe 3 }
provisioned with the specific addresses permitted for the CPEs via the normal row creation mechanisms." ::= { docsDevCpe 3 }
docsDevCpeEntry OBJECT-TYPE SYNTAX DocsDevCpeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the docsDevFilterCpeTable. There is one entry for each IP CPE seen or provisioned. If docsDevCpeIpMax is set to -1, this table is ignored, otherwise: Upon receipt of an IP packet from the customer interface of the CM, the source IP address is checked against this table. If the address is in the table, packet processing continues. If the address is not in the table, but docsDevCpeEnroll is set to any and the table size is less than docsDevCpeIpMax, the address is added to the table and packet processing continues. Otherwise, the packet is dropped.
DOCSDEVCPENDTRY对象类型语法DOCSDEVCPENDTRY MAX-ACCESS不可访问状态当前描述“DocsdevFiltercTable中的条目。看到或配置的每个IP CPE都有一个条目。如果docsDevCpeIpMax设置为-1,则忽略此表,否则:从CM的客户接口收到IP数据包后,将根据此表检查源IP地址。如果地址在表中,则数据包处理将继续。如果地址不在表中,但DOCSDEVCPENPROLL设置为any且表大小小于docsDevCpeIpMax,则将地址添加到表中,并继续数据包处理。否则,数据包将被丢弃。
The filtering actions specified by this table occur after any LLC filtering (docsDevFilterLLCTable), but prior to any IP filtering (docsDevFilterIpTable, docsDevNmAccessTable)." INDEX { docsDevCpeIp } ::= {docsDevCpeTable 1 }
The filtering actions specified by this table occur after any LLC filtering (docsDevFilterLLCTable), but prior to any IP filtering (docsDevFilterIpTable, docsDevNmAccessTable)." INDEX { docsDevCpeIp } ::= {docsDevCpeTable 1 }
DocsDevCpeEntry ::= SEQUENCE { docsDevCpeIp IpAddress, docsDevCpeSource INTEGER, docsDevCpeStatus RowStatus }
DocsDevCpeEntry ::= SEQUENCE { docsDevCpeIp IpAddress, docsDevCpeSource INTEGER, docsDevCpeStatus RowStatus }
docsDevCpeIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address to which this entry applies." ::= { docsDevCpeEntry 1 }
docsDevCpeIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The IP address to which this entry applies." ::= { docsDevCpeEntry 1 }
docsDevCpeSource OBJECT-TYPE SYNTAX INTEGER { other(1), manual(2), learned(3) }
docsDevCpeSource OBJECT-TYPE SYNTAX INTEGER { other(1), manual(2), learned(3) }
MAX-ACCESS read-only STATUS current DESCRIPTION "This object describes how this entry was created. If the value is manual(2), this row was created by a network management action (either configuration, or SNMP set). If set to learned(3), then it was found via looking at the source IP address of a received packet." ::= { docsDevCpeEntry 2 }
MAX-ACCESS read-only STATUS current DESCRIPTION "This object describes how this entry was created. If the value is manual(2), this row was created by a network management action (either configuration, or SNMP set). If set to learned(3), then it was found via looking at the source IP address of a received packet." ::= { docsDevCpeEntry 2 }
docsDevCpeStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Standard object to manipulate rows. To create a row in this table, you only need to specify this object. Management stations SHOULD use the create-and-go mechanism for creating rows in this table." ::= { docsDevCpeEntry 3 }
docsDevCpeStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Standard object to manipulate rows. To create a row in this table, you only need to specify this object. Management stations SHOULD use the create-and-go mechanism for creating rows in this table." ::= { docsDevCpeEntry 3 }
-- -- Placeholder for notifications/traps. -- docsDevNotification OBJECT IDENTIFIER ::= { docsDev 2 }
-- -- Placeholder for notifications/traps. -- docsDevNotification OBJECT IDENTIFIER ::= { docsDev 2 }
-- -- Conformance definitions -- docsDevConformance OBJECT IDENTIFIER ::= { docsDev 3 } docsDevGroups OBJECT IDENTIFIER ::= { docsDevConformance 1 } docsDevCompliances OBJECT IDENTIFIER ::= { docsDevConformance 2 }
-- -- Conformance definitions -- docsDevConformance OBJECT IDENTIFIER ::= { docsDev 3 } docsDevGroups OBJECT IDENTIFIER ::= { docsDevConformance 1 } docsDevCompliances OBJECT IDENTIFIER ::= { docsDevConformance 2 }
docsDevBasicCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for MCNS Cable Modems and Cable Modem Termination Systems."
docsDevBasicCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION“MCNS电缆调制解调器和电缆调制解调器终端系统的符合性声明”
MODULE -- docsDev
模块——docsDev
-- conditionally mandatory groups
--条件强制群
GROUP docsDevBaseGroup DESCRIPTION "Mandatory in Cable Modems, optional in Cable Modem Termination Systems."
GROUP docsDevBaseGroup DESCRIPTION“在电缆调制解调器中为必填项,在电缆调制解调器终端系统中为可选项。”
GROUP docsDevEventGroup DESCRIPTION "Mandatory in Cable Modems, optional in Cable Modem Termination Systems."
组文档DeveventGroup DESCRIPTION“在电缆调制解调器中必须,在电缆调制解调器终端系统中可选。”
GROUP docsDevFilterGroup DESCRIPTION "Mandatory in Cable Modems, optional in Cable Modem Termination Systems."
组文档devfiltergroup DESCRIPTION“在电缆调制解调器中必须,在电缆调制解调器终端系统中可选。”
GROUP docsDevNmAccessGroup DESCRIPTION "This group is only implemented in devices which do not implement SNMPv3 User Security Model. It SHOULD NOT be implemented by SNMPv3 conformant devices.
GROUP docsDevNmAccessGroup DESCRIPTION“此组仅在未实现SNMPv3用户安全模型的设备中实现。它不应由符合SNMPv3的设备实现。
For devices which do not implement SNMPv3 or later, this group is Mandatory in Cable Modems and is optional in Cable Modem Termination Systems."
对于未实现SNMPv3或更高版本的设备,此组在电缆调制解调器中是必需的,在电缆调制解调器终端系统中是可选的。”
GROUP docsDevServerGroup DESCRIPTION "This group is implemented only in Cable Modems and is not implemented in Cable Modem Termination Systems."
GROUP docsDevServerGroup DESCRIPTION“此组仅在电缆调制解调器中实现,而不在电缆调制解调器终端系统中实现。”
GROUP docsDevSoftwareGroup DESCRIPTION "This group is Mandatory in Cable Modems and optional in Cable Modem Termination Systems."
GROUP docsDevSoftwareGroup DESCRIPTION“此组在电缆调制解调器中是必需的,在电缆调制解调器终端系统中是可选的。”
GROUP docsDevCpeGroup DESCRIPTION "This group is Mandatory in Cable Modems, and is not implemented in Cable Modem Termination Systems. A similar capability for CMTS devices may be proposed later after study."
GROUP docsDevCpeGroup DESCRIPTION“该组在电缆调制解调器中是强制性的,在电缆调制解调器终端系统中不实施。在研究之后,可能会建议为CMTS设备提供类似的功能。”
OBJECT docsDevSTPControl MIN-ACCESS read-only DESCRIPTION "It is compliant to implement this object as read-only. Devices need only support noStFilterBpdu(2)."
对象docsDevSTPControl MIN-ACCESS只读说明“将此对象实现为只读符合要求。设备只需支持noStFilterBpdu(2)。”
OBJECT docsDevEvReporting MIN-ACCESS read-only DESCRIPTION "It is compliant to implement this object as read-only. Devices need only support local(0)."
对象docsDevEvReporting MIN-ACCESS只读说明“将此对象实现为只读符合要求。设备只需支持本地(0)。”
::= { docsDevCompliances 1 }
::= { docsDevCompliances 1 }
docsDevBaseGroup OBJECT-GROUP OBJECTS { docsDevRole, docsDevDateTime, docsDevResetNow, docsDevSerialNumber, docsDevSTPControl } STATUS current DESCRIPTION "A collection of objects providing device status and control." ::= { docsDevGroups 1 }
docsDevBaseGroup OBJECT-GROUP OBJECTS { docsDevRole, docsDevDateTime, docsDevResetNow, docsDevSerialNumber, docsDevSTPControl } STATUS current DESCRIPTION "A collection of objects providing device status and control." ::= { docsDevGroups 1 }
docsDevNmAccessGroup OBJECT-GROUP OBJECTS { docsDevNmAccessIp, docsDevNmAccessIpMask, docsDevNmAccessCommunity, docsDevNmAccessControl, docsDevNmAccessInterfaces, docsDevNmAccessStatus } STATUS current DESCRIPTION "A collection of objects for controlling access to SNMP objects." ::= { docsDevGroups 2 }
docsDevNmAccessGroup OBJECT-GROUP OBJECTS { docsDevNmAccessIp, docsDevNmAccessIpMask, docsDevNmAccessCommunity, docsDevNmAccessControl, docsDevNmAccessInterfaces, docsDevNmAccessStatus } STATUS current DESCRIPTION "A collection of objects for controlling access to SNMP objects." ::= { docsDevGroups 2 }
docsDevSoftwareGroup OBJECT-GROUP OBJECTS { docsDevSwServer, docsDevSwFilename, docsDevSwAdminStatus, docsDevSwOperStatus, docsDevSwCurrentVers } STATUS current DESCRIPTION "A collection of objects for controlling software downloads." ::= { docsDevGroups 3 }
docsDevSoftwareGroup OBJECT-GROUP OBJECTS { docsDevSwServer, docsDevSwFilename, docsDevSwAdminStatus, docsDevSwOperStatus, docsDevSwCurrentVers } STATUS current DESCRIPTION "A collection of objects for controlling software downloads." ::= { docsDevGroups 3 }
docsDevServerGroup OBJECT-GROUP OBJECTS { docsDevServerBootState,
docsDevServerGroup对象组对象{docsDevServerBootState,
docsDevServerDhcp, docsDevServerTime, docsDevServerTftp, docsDevServerConfigFile } STATUS current DESCRIPTION "A collection of objects providing status about server provisioning." ::= { docsDevGroups 4 }
docsDevServerDhcp, docsDevServerTime, docsDevServerTftp, docsDevServerConfigFile } STATUS current DESCRIPTION "A collection of objects providing status about server provisioning." ::= { docsDevGroups 4 }
docsDevEventGroup OBJECT-GROUP OBJECTS { docsDevEvControl, docsDevEvSyslog, docsDevEvThrottleAdminStatus, docsDevEvThrottleInhibited, docsDevEvThrottleThreshold, docsDevEvThrottleInterval, docsDevEvReporting, docsDevEvFirstTime, docsDevEvLastTime, docsDevEvCounts, docsDevEvLevel, docsDevEvId, docsDevEvText } STATUS current DESCRIPTION "A collection of objects used to control and monitor events." ::= { docsDevGroups 5 }
docsDevEventGroup OBJECT-GROUP OBJECTS { docsDevEvControl, docsDevEvSyslog, docsDevEvThrottleAdminStatus, docsDevEvThrottleInhibited, docsDevEvThrottleThreshold, docsDevEvThrottleInterval, docsDevEvReporting, docsDevEvFirstTime, docsDevEvLastTime, docsDevEvCounts, docsDevEvLevel, docsDevEvId, docsDevEvText } STATUS current DESCRIPTION "A collection of objects used to control and monitor events." ::= { docsDevGroups 5 }
docsDevFilterGroup OBJECT-GROUP OBJECTS { docsDevFilterLLCUnmatchedAction, docsDevFilterIpDefault, docsDevFilterLLCStatus, docsDevFilterLLCIfIndex, docsDevFilterLLCProtocolType, docsDevFilterLLCProtocol, docsDevFilterLLCMatches, docsDevFilterIpControl, docsDevFilterIpIfIndex, docsDevFilterIpStatus, docsDevFilterIpDirection, docsDevFilterIpBroadcast, docsDevFilterIpSaddr,
docsDevFilterGroup对象组对象{docsDevFilterLLCUnmatchedAction,docsdevfilterlipdefault,docsDevFilterLLCStatus,docsdevfilterllcfindex,docsDevFilterLLCProtocolType,docsDevFilterLLCProtocol,docsDevFilterLLCMatches,docsdevfilterpcontrol,docsdevfilterpiffindex,docsdevfilterlipstatus,docsdeffilterlipdirection,docsdevfilterlipsproadr,
docsDevFilterIpSmask, docsDevFilterIpDaddr, docsDevFilterIpDmask, docsDevFilterIpProtocol, docsDevFilterIpSourcePortLow, docsDevFilterIpSourcePortHigh, docsDevFilterIpDestPortLow, docsDevFilterIpDestPortHigh, docsDevFilterIpMatches, docsDevFilterIpTos, docsDevFilterIpTosMask, docsDevFilterIpContinue, docsDevFilterIpPolicyId, docsDevFilterPolicyId, docsDevFilterPolicyStatus, docsDevFilterPolicyPtr, docsDevFilterTosStatus, docsDevFilterTosAndMask, docsDevFilterTosOrMask } STATUS current DESCRIPTION "A collection of objects to specify filters at link layer and IP layer." ::= { docsDevGroups 6 }
docsDevFilterIpSmask, docsDevFilterIpDaddr, docsDevFilterIpDmask, docsDevFilterIpProtocol, docsDevFilterIpSourcePortLow, docsDevFilterIpSourcePortHigh, docsDevFilterIpDestPortLow, docsDevFilterIpDestPortHigh, docsDevFilterIpMatches, docsDevFilterIpTos, docsDevFilterIpTosMask, docsDevFilterIpContinue, docsDevFilterIpPolicyId, docsDevFilterPolicyId, docsDevFilterPolicyStatus, docsDevFilterPolicyPtr, docsDevFilterTosStatus, docsDevFilterTosAndMask, docsDevFilterTosOrMask } STATUS current DESCRIPTION "A collection of objects to specify filters at link layer and IP layer." ::= { docsDevGroups 6 }
docsDevCpeGroup OBJECT-GROUP OBJECTS { docsDevCpeEnroll, docsDevCpeIpMax, docsDevCpeSource, docsDevCpeStatus } STATUS current DESCRIPTION "A collection of objects used to control the number and specific values of IP addresses allowed for associated Customer Premises Equipment (CPE)." ::= { docsDevGroups 7 }
docsDevCpeGroup OBJECT-GROUP OBJECTS { docsDevCpeEnroll, docsDevCpeIpMax, docsDevCpeSource, docsDevCpeStatus } STATUS current DESCRIPTION "A collection of objects used to control the number and specific values of IP addresses allowed for associated Customer Premises Equipment (CPE)." ::= { docsDevGroups 7 }
END
终止
This document was produced by the IPCDN Working Group. It is based on a document written by Pam Anderson from CableLabs, Wilson Sawyer from BayNetworks, and Rich Woundy from Continental Cablevision. The original working group editor, Guenter Roeck of cisco Systems, did much of the grunt work of putting the document into its current form.
本文件由IPCDN工作组编制。它基于CableLabs的Pam Anderson、BayNetworks的Wilson Sawyer和Continental Cablevision的Rich Woundy编写的文档。最初的工作组编辑,思科系统公司的Guenter Roeck,做了大量繁重的工作,将文档转换成当前的形式。
Special thanks is also due to Azlina Palmer, who helped a lot reviewing the document.
还要特别感谢Azlina Palmer,她在审阅文件时帮了很多忙。
[1] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999.
[1] Harrington,D.,Presohn,R.和B.Wijnen,“描述SNMP管理框架的体系结构”,RFC 2571,1999年4月。
[2] Rose, M. and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990.
[2] Rose,M.和K.McCloghrie,“基于TCP/IP的互联网管理信息的结构和识别”,STD 16,RFC 1155,1990年5月。
[3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991.
[3] Rose,M.和K.McCloghrie,“简明MIB定义”,STD 16,RFC 1212,1991年3月。
[4] Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991.
[4] Rose,M.“定义用于SNMP的陷阱的约定”,RFC1215,1991年3月。
[5] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Structure of Management Information for Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[5] McCloghrie,K.,Perkins,D.和J.Schoenwaeld,“版本2(SMIv2)的管理信息结构”,STD 58,RFC 2578,1999年4月。
[6] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[6] McCloghrie,K.,Perkins,D.和J.Schoenwaeld,“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。
[7] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
[7] McCloghrie,K.,Perkins,D.和J.Schoenwaeld,“SMIv2的一致性声明”,STD 58,RFC 25801999年4月。
[8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990.
[8] Case,J.,Fedor,M.,Schoffstall,M.和J.Davin,“简单网络管理协议”,STD 15,RFC 1157,1990年5月。
[9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996.
[9] Case,J.,McCloghrie,K.,Rose,M.和S.Waldbusser,“基于社区的SNMPv2简介”,RFC 19011996年1月。
[10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996.
[10] Case,J.,McCloghrie,K.,Rose,M.和S.Waldbusser,“简单网络管理协议(SNMPv2)版本2的传输映射”,RFC 1906,1996年1月。
[11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999.
[11] Case,J.,Harrington D.,Presohn R.和B.Wijnen,“简单网络管理协议(SNMP)的消息处理和调度”,RFC 2572,1999年4月。
[12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999.
[12] Blumenthal,U.和B.Wijnen,“简单网络管理协议(SNMPv3)第3版的基于用户的安全模型(USM)”,RFC 2574,1999年4月。
[13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996.
[13] Case,J.,McCloghrie,K.,Rose,M.和S.Waldbusser,“简单网络管理协议(SNMPv2)版本2的协议操作”,RFC 1905,1996年1月。
[14] Levi, D., Meyer, P. and B. Stewart, "SNMP Applications", RFC 2573, April 1999.
[14] Levi,D.,Meyer,P.和B.Stewart,“SNMP应用”,RFC2573,1999年4月。
[15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999.
[15] Wijnen,B.,Presuhn,R.和K.McCloghrie,“用于简单网络管理协议(SNMP)的基于视图的访问控制模型(VACM)”,RFC2575,1999年4月。
[16] "Data-Over-Cable Service Interface Specifications: Cable Modem Radio Frequency Interface Specification SP-RFI-I04-980724", DOCSIS, July 1998, http://www.cablemodem.com/public/pubtechspec/SP-RFI-I04- 980724.pdf.
[16] “电缆数据服务接口规范:电缆调制解调器射频接口规范SP-RFI-I04-980724”,DOCSIS,1998年7月,http://www.cablemodem.com/public/pubtechspec/SP-RFI-I04- 980724.pdf。
[17] Steinberg, L., "Techniques for Managing Asynchronously Generated Alerts", RFC 1224, May 1991.
[17] Steinberg,L.“管理异步生成警报的技术”,RFC1224,1991年5月。
[18] "Data-Over-Cable Service Interface Specifications: Operations Support System Interface Specification RF Interface SP-OSSI-RF-I02-980410", DOCSIS, April 1998, http://www.cablemodem.com/public/pubtechspec/ossi/sp-ossi.PDF.
[18] “有线数据服务接口规范:操作支持系统接口规范RF接口SP-OSI-RF-I02-980410”,DOCSIS,1998年4月,http://www.cablemodem.com/public/pubtechspec/ossi/sp-ossi.PDF.
[19] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[19] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[20] "Data-Over-Cable Service Interface Specifications: Baseline Privacy Interface Specification SP-BPI-I01-970922", DOCSIS, September 1977, http://www.cablemodem.com/public/pubtechspec/ss/SP-BPI-I01- 970922.pdf
[20] "Data-Over-Cable Service Interface Specifications: Baseline Privacy Interface Specification SP-BPI-I01-970922", DOCSIS, September 1977, http://www.cablemodem.com/public/pubtechspec/ss/SP-BPI-I01- 970922.pdf
This MIB relates to a system which will provide metropolitan public internet access. As such, improper manipulation of the objects represented by this MIB may result in denial of service to a large number of end-users. In addition, manipulation of the
该MIB涉及一个提供大都市公共互联网接入的系统。因此,对该MIB表示的对象的不当操作可能会导致大量最终用户拒绝服务。此外,操纵
docsDevNmAccessTable, docsDevFilterLLCTable, docsDevFilterIpTable and the elements of the docsDevCpe group may allow an end-user to increase their service levels, spoof their IP addresses, change the permitted management stations, or affect other end-users in either a positive or negative manner.
docsdevnmaccestable、docsDevFilterLLCTable、docsdevfilterptable和docsDevCpe组的元素可允许最终用户增加其服务级别、欺骗其IP地址、更改允许的管理站,或以积极或消极的方式影响其他最终用户。
There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. In addition to those mentioned above:
此MIB中定义了许多管理对象,它们的MAX-ACCESS子句为read-write和/或read-create。在某些网络环境中,此类对象可能被视为敏感或易受攻击。在没有适当保护的非安全环境中支持SET操作可能会对网络操作产生负面影响。除上述内容外:
o The use of docsDevNmAccessTable to specify management stations is considered to be only limited protection and does not protect against attacks which spoof the management station's IP address. The use of stronger mechanisms such as SNMPv3 security should be considered where possible. Specifically, SNMPv3 VACM and USM MUST be used with any v3 agent which implements this MIB. Administrators may also wish to consider whether even read access to docsDevNmAccessTable may be undesirable under certain circumstances.
o 使用docsdevnmaccestable指定管理站被认为只是有限的保护,不能防止欺骗管理站IP地址的攻击。在可能的情况下,应考虑使用更强的机制,如SNMPv3安全性。具体来说,SNMPv3 VACM和USM必须与实现此MIB的任何v3代理一起使用。管理员还可以考虑在某些情况下是否对DOCSsDeMnAccess稳定的读取访问可能是不可取的。
o The CM may have its software changed by the actions of the management system. An improper software load may result in substantial vulnerabilities and the loss of the ability of the management system to control the cable modem.
o CM可能会因管理系统的行为而更改其软件。不正确的软件加载可能会导致严重的漏洞,并使管理系统失去控制电缆调制解调器的能力。
o The device may be reset by setting docsDevResetNow = true(1). This causes the device to reload its configuration files as well as eliminating all previous non-persistent network management settings. As such, this may provide a vector for attacking the system.
o 可通过设置DOCSDVRESETNOW=true(1)重置设备。这会导致设备重新加载其配置文件,并消除所有以前的非持久性网络管理设置。因此,这可能提供攻击系统的向量。
o Setting docsDevEvThrottleAdminStatus = unconstrained(1) (which is also the DEFVAL) may cause flooding of traps, which can disrupt network service.
o 设置docsDevEvThrottleAdminStatus=unconstraint(1)(这也是deffal)可能会导致陷阱泛滥,从而中断网络服务。
This MIB does not affect confidentiality of services on a cable modem system. [20] specifies the implementation of the DOCSIS Baseline privacy mechanism. The working group expects to issue a MIB for the management of this mechanism at a later time.
此MIB不会影响电缆调制解调器系统上服务的机密性。[20] 指定DOCSIS基线隐私机制的实现。工作组预计将在稍后发布一份管理这一机制的MIB。
SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB.
SNMPv1本身不是一个安全的环境。即使网络本身是安全的(例如通过使用IPSec),即使如此,也无法控制安全网络上的谁可以访问和获取/设置(读取/更改/创建/删除)此MIB中的对象。
It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model [12] and the View-based Access Control Model [15] is recommended.
建议实施者考虑SNMPv3框架提供的安全特性。具体而言,建议使用基于用户的安全模型[12]和基于视图的访问控制模型[15]。
It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
然后,客户/用户有责任确保授予对此MIB实例访问权限的SNMP实体被正确配置为仅授予那些拥有确实获取或设置(更改/创建/删除)对象的合法权限的主体(用户)对对象的访问权限。
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
Michael StJohns @Home Network 425 Broadway Redwood City, CA 94063 U.S.A
Michael StJohns@Home Network美国加利福尼亚州百老汇红木城425号,邮编94063
Phone: +1 650 569 5368 EMail: stjohns@corp.home.net
Phone: +1 650 569 5368 EMail: stjohns@corp.home.net
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。