The following tables, groups, and variables are supported in this MIB.
|etsysPolicyProfile group||etsysPolicyProfileMaxEntries||The maximum number of entries allowed in the etsysPolicyProfileTable.|
|etsysPolicyProfileNumEntries||The current number of entries in the etsysPolicyProfileTable.|
|etsysPolicyProfileLastChange||The sysUpTime at which the etsysPolicyProfileTable was last modified.|
This object indicates the numerically lowest available index within this entity, which may be used for the value of etsysPolicyProfileIndex in the creation of a new entry in the etsysPolicyProfileTable.
An index is considered available if the index value falls within the range of 1 to 65535 and is not being used to index an existing entry in the etsysPolicyProfileTable contained within this entity.
This value should only be considered a guideline for management creation of etsysPolicyProfileEntries, there is no requirement on management to create entries based upon this index value.
|etsysPolicyProfileTable||A table containing policy profiles. A policy is a group of classification rules which may be applied on a per user basis, to ports or to stations.|
|etsysPolicyProfileEntry||Conceptually defines a particular entry within the etsysPolicyProfileTable. Entries within this table MUST be considered non-volatile and MUST be maintained across entity resets.|
|etsysPolicyProfileIndex||A unique arbitrary identifier for this Policy. Since a policy will be applied to a user regardless of his or her location in the network fabric policy names SHOULD be unique within the entire network fabric. Policy IDs and policy names MUST be unique within the scope of a single managed entity.|
Administratively assigned textual description of this Policy.
This object MUST NOT be modifiable while this entry's RowStatus is active(1).
This object allows for the dynamic creation and deletion of entries within the etsysPolicyProfileTable as well as the activation and deactivation of these entries.
When this object's value is active(1) the corresponding row's etsysPolicyProfilePortVid, etsysPolicyProfilePriority, and all entries within the etsysPolicyClassificationTable indexed by this row's etsysPolicyProfileIndex are available to be applied to network access ports or stations on the managed entity.
All ports corresponding to rows within the etsysPortPolicyProfileTable whose etsysPortPolicyProfileOperID is equal to the etsysPolicyProfileIndex, shall have the corresponding policy applied. Likewise, all stations corresponding to rows within the etsysStationPolicyProfileTable whose etsysStationPolicyProfileOperID is equal to the etsysPolicyProfileIndex, shall have the corresponding policy applied.
The value of etsysPortPolicyProfileOperID for each such row in the etsysPortPolicyProfileTable will be equal to the etsysPortPolicyProfileAdminID, unless the authorization information from a source such as a RADIUS server indicates to the contrary.
Refer to the specific objects within this MIB as well as well as RFC2674, the CTRON-PRIORITY-CLASSIFY-MIB, the CTRON-VLAN-CLASSIFY-MIB, and the CTRON-RATE-POLICING-MIB for a complete explanation of the application and behavior of these objects.
When this object's value is set to notInService(2) this policy will not be applied to any rows within the etsysPortPolicyProfileTable.
To allow policy profiles to be applied for security implementations, setting this object's value from active(1) to notInService(2) or destroy(6) SHALL fail if one or more instances of etsysPortPolicyProfileOperID or etsysStationPolicyProfileOperID currently reference this entry's associated policy due to a set by an underlying security protocol such as RADIUS.
For network functionality and clarity, setting this object to destroy(6) SHALL fail if one or more instances of etsysPortPolicyProfileOperID or etsysStationPolicyProfileOperID currently references this entry's etsysPolicyProfileIndex.
Refer to the RowStatus convention for further details on the behavior of this object.
This object defines whether a PVID override should be applied to ports which have this profile active.
enabled(1) means that any port with this policy active will have this row's etsysPolicyProfilePortVid applied to untagged frames or priority-tagged frames received on this port.
disabled(2) means that etsysPolicyProfilePortVid will not be applied. When this object is set to disabled(2) the value of etsysPolicyProfilePortVid has no meaning.
This object defines the PVID of this profile. If a port has an active policy and the policy's etsysPolicyProfilePortVidStatus is set to enabled(1), the etsysPolicyProfilePortVid will be applied to all untagged frames arriving on the port that do not match any of the policy classification rules.
Note that the 802.1Q PVID will still exist from a management view but will NEVER be applied to traffic arriving on a port that has an active policy and enabled etsysPolicyProfilePortVid defined, since policy is applied to traffic arriving on the port prior to the assignment of a VLAN using the 802.1Q PVID.
The behavior of an enabled etsysPolicyProfilePortVid on any associated port SHALL be identical to the behavior of the dot1qPvid upon that port.
Note that two special, otherwise illegal, values of the etsysPolicyProfilePortVid are used in defining the default forwarding actions, to be used in conjunction with policy classification rules, and do not result in packet tagging:
0 Indicates that the default forwarding action is to drop all packets that do not match an explicit rule.
4095 Indicates that the default forwarding action is to forward any packets not matching any explicit rules.
This object defines whether a Class of Service should be applied to ports which have this profile active.
enabled(1) means that any port with this policy active will have etsysPolicyProfilePriority applied to this port.
disabled(2) means that etsysPolicyProfilePriority will not be applied. When this object is set to disabled(2) the value of etsysPolicyProfilePriority has no meaning.
This object defines the default ingress Class of Service of this profile.
If a port has an active policy and the policy's etsysPolicyProfilePriorityStatus is set to enabled(1), the etsysPolicyProfilePriority will be applied to all packets arriving on the port that do not match any of the policy classification rules.
Note that dot1dPortDefaultUserPriority will still exist from a management view but will NEVER be applied to traffic arriving on a port that has an active policy and enabled etsysPolicyProfilePriority defined, since policy is applied to traffic arriving on the port prior to the assignment of a priority using dot1dPortDefaultUserPriority.
The behavior of an enabled etsysPolicyProfilePriority on any associated port SHALL be identical to the behavior of the dot1dPortDefaultUserPriority upon that port.
|etsysPolicyProfileEgressVlans||The set of VLANs which are assigned by this policy to egress on ports for which this policy is active. Changes to a bit in this object affect the per-port per-VLAN Registrar control for Registration Fixed for the relevant GVRP state machine on each port for which this policy is active. A VLAN may not be added in this set if it is already a member of the set of VLANs in etsysPolicyProfileForbiddenVlans. This object is superseded on a per-port per-VLAN basis by any 'set' bits in dot1qVlanStaticEgressPorts and dot1qVlanForbiddenEgressPorts. The default value of this object is a string of zeros.|
|etsysPolicyProfileForbiddenVlans||The set of VLANs which are prohibited by this policy to egress on ports for which this policy is active. Changes to this object that cause a port to be included or excluded affect the per-port per-VLAN Registrar control for Registration Forbidden for the relevant GVRP state machine on each port for which this policy is active. A VLAN may not be added in this set if it is already a member of the set of VLANs in etsysPolicyProfileEgressVlans. This object is superseded on a per-port per-VLAN basis by any 'set' bits in the dot1qVlanStaticEgressPorts and dot1qVlanForbiddenEgressPorts. The default value of this object is a string of zeros.|
|etsysPolicyProfileUntaggedVlans||The set of VLANs which should transmit egress packets as untagged on ports for which this policy is active. This object is superseded on a per-port per-VLAN basis by any 'set' bits in dot1qVlanStaticUntaggedPorts.|
|etsysPolicyProfileOverwriteTCI||If set, the information contained within the TCI field of inbound, tagged packets will not be used by the device after the ingress classification stage of packet relay. The net effect will be that the TCI information may be used to classify the packet, but will be overwritten (and ignored) by subsequent stages of packet relay.|
|etsysPolicyProfileRulePrecedence||Each octet will contain a single value representing the rule type to be matched against, defined by the PolicyClassificationRuleType textual convention. When read, will return the currently operating rule matching precedence, ordered from first consulted (in the first octet) to last consulted (in the last octet). A set of a single octet of 0x00 will result in a reversion to the default precedence ordering. A set of any other values will result in the specified rule types being matched in the order specified, followed by the remaining rules, in default precedence order.|
|etsysPolicyProfileVlanRFC3580Mappings||The set of VLANs which are currently being mapped onto this policy profile by the etsysPolicyRFC3580MapTable. This only refers to the mapping of vlan-tunnel-attributes returned from RADIUS in an RFC3580 context.|
A reference to a packet mirror destination (defined elsewhere).
A value of (-1) indicates no mirror is specified, but a mirror is not explicitly prohibited.
A value of (0) indicates that mirroring is explicitly prohibited, unless a higher precedence source (a rule) has specified a mirror.
|etsysPolicyProfileAuditSyslogEnable||Enables the sending of a syslog message if no rule bound to this profile has prohibited it.|
|etsysPolicyProfileAuditTrapEnable||Enables the sending of a SNMP NOTIFICATION if no rule bound to this profile has prohibited it.|
|etsysPolicyProfileDisablePort||Will set the ifOperStatus of the port, on which the frame which used this profile was received, to disable, if if no rule bound to this profile has prohibited it.|
|etsysPolicyProfileUsageList||When read, a set bit indicates that this profile was used to send a syslog or trap message for corresponding port. When set, the native PortList will be bit-wise AND'ed with the set PortList, allowing the agent to clear the usage indication.|
A reference to a Flow Setup Throttling (FST) class as defined by the etsysFlowLimitingClassType object.
A value of (0) indicates no FST class is specified.
A reference to a HTTP Redirect server group as specified by the etsysPolicyHttpRedirectGroupIndex object.
A value of (0) indicates no HTTP Redirect group is specified for this profile.
|etsysPolicyProfilePortAuthOverride||If a port has an active policy and that policy's etsysPolicyProfilePortAuthOverride is set to enabled(1), all frames arriving on t|