draft-ietf-behave-nat-mib-04.txt   draft-ietf-behave-nat-mib-05.txt 
Network Working Group S. Perreault Network Working Group S. Perreault
Internet-Draft Viagenie Internet-Draft Viagenie
Obsoletes: 4008 (if approved) T. Tsou Obsoletes: 4008 (if approved) T. Tsou
Intended status: Standards Track Huawei Technologies (USA) Intended status: Standards Track Huawei Technologies (USA)
Expires: August 25, 2013 S. Sivakumar Expires: August 26, 2013 S. Sivakumar
Cisco Systems Cisco Systems
February 21, 2013 February 22, 2013
Additional Managed Objects for Network Address Translators (NAT) Additional Managed Objects for Network Address Translators (NAT)
draft-ietf-behave-nat-mib-04 draft-ietf-behave-nat-mib-05
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for devices implementing Network Address Translator (NAT) function. for devices implementing Network Address Translator (NAT) function.
This MIB module may be used for monitoring of a device capable of NAT This MIB module may be used for monitoring of a device capable of NAT
function. function.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 25, 2013. This Internet-Draft will expire on August 26, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. The Internet-Standard Management Framework . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . 2
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3 3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3
3.2. New Features . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. New Features . . . . . . . . . . . . . . . . . . . . . . 4
3.3. Realms . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.3. Realms . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. Security Considerations . . . . . . . . . . . . . . . . . . . 78 5. Security Considerations . . . . . . . . . . . . . . . . . . . 78
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 79 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 79
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 79 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 79
7.1. Normative References . . . . . . . . . . . . . . . . . . . 79 7.1. Normative References . . . . . . . . . . . . . . . . . . 79
7.2. Informative References . . . . . . . . . . . . . . . . . . 80 7.2. Informative References . . . . . . . . . . . . . . . . . 80
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 80
1. Introduction 1. Introduction
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for devices implementing NAT function. This MIB module may be used for devices implementing NAT function. This MIB module may be used
for monitoring of a device capable of NAT function. Using it for for monitoring of a device capable of NAT function. Using it for
configuration is deprecated. NAT types and their characteristics are configuration is deprecated. NAT types and their characteristics are
defined in [RFC2663]. Traditional NAT function, in particular is defined in [RFC2663]. Traditional NAT function, in particular is
defined in [RFC3022]. This MIB does not address the firewall defined in [RFC3022]. This MIB does not address the firewall
functions and must not be used for configuring or monitoring these. functions and must not be used for configuring or monitoring these.
skipping to change at page 4, line 15 skipping to change at page 3, line 30
Exposing configuration parameters: Even in read-only mode, many Exposing configuration parameters: Even in read-only mode, many
configuration parameters were exposed by [RFC4008] (e.g. configuration parameters were exposed by [RFC4008] (e.g.
timeouts). Since implementations vary wildly in their sets of timeouts). Since implementations vary wildly in their sets of
configuration parameters, few implementations could claim even configuration parameters, few implementations could claim even
basic compliance. basic compliance.
Lesson learned: the NAT MIB's purpose is not to expose Lesson learned: the NAT MIB's purpose is not to expose
configuration parameters. configuration parameters.
Interfaces: Objects from [RFC4008] tie NAT state with interfaces Interfaces: Objects from [RFC4008] tie NAT state with interfaces
(e.g. the interface table, the way map entries are grouped by (e.g. the interface table, the way map entries are grouped by
interface). Many NAT implementations either never keep track of interface). Many NAT implementations either never keep track of
the interface or associate a mapping to a set of interfaces. the interface or associate a mapping to a set of interfaces.
Since interfaces are at the core of [RFC4008], many NAT devices Since interfaces are at the core of [RFC4008], many NAT devices
were unable to have a proper implementation. were unable to have a proper implementation.
Lesson learned: NAT is a logical function that may be independent Lesson learned: NAT is a logical function that may be independent
of interfaces. Do not tie NAT state with interfaces. of interfaces. Do not tie NAT state with interfaces.
NAT service types: [RFC4008] used four categories of NAT service: NAT service types: [RFC4008] used four categories of NAT service:
basicNat, napt, bidirectionalNat, twiceNat. These are ill-defined basicNat, napt, bidirectionalNat, twiceNat. These are ill-defined
skipping to change at page 6, line 11 skipping to change at page 5, line 24
realm while the external part is in another. In such cases the NAT realm while the external part is in another. In such cases the NAT
function acts like a "wormhole" between two realms. Using contexts function acts like a "wormhole" between two realms. Using contexts
would implicitly impose the restriction that all objects would have would implicitly impose the restriction that all objects would have
to belong to the same realm. to belong to the same realm.
4. Definitions 4. Definitions
This MIB module IMPORTs objects from [RFC2578], [RFC2579], and This MIB module IMPORTs objects from [RFC2578], [RFC2579], and
[RFC4001]. [RFC4001].
NAT-MIB DEFINITIONS ::= BEGIN NAT-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, MODULE-IDENTITY,
OBJECT-TYPE, OBJECT-TYPE,
Integer32, Integer32,
Unsigned32, Unsigned32,
Gauge32, Gauge32,
Counter64, Counter64,
TimeTicks, TimeTicks,
mib-2, mib-2,
NOTIFICATION-TYPE NOTIFICATION-TYPE
FROM SNMPv2-SMI FROM SNMPv2-SMI
TEXTUAL-CONVENTION, TEXTUAL-CONVENTION,
StorageType, StorageType,
RowStatus RowStatus
FROM SNMPv2-TC FROM SNMPv2-TC
MODULE-COMPLIANCE, MODULE-COMPLIANCE,
NOTIFICATION-GROUP, NOTIFICATION-GROUP,
OBJECT-GROUP OBJECT-GROUP
FROM SNMPv2-CONF FROM SNMPv2-CONF
ifIndex, ifIndex,
ifCounterDiscontinuityGroup ifCounterDiscontinuityGroup
FROM IF-MIB FROM IF-MIB
SnmpAdminString SnmpAdminString
FROM SNMP-FRAMEWORK-MIB FROM SNMP-FRAMEWORK-MIB
InetAddressType, InetAddressType,
InetAddress, InetAddress,
InetPortNumber InetPortNumber
FROM INET-ADDRESS-MIB; FROM INET-ADDRESS-MIB;
natMIB MODULE-IDENTITY natMIB MODULE-IDENTITY
LAST-UPDATED "200001010000Z" LAST-UPDATED "200001010000Z"
ORGANIZATION "TBD" ORGANIZATION "TBD"
CONTACT-INFO "TBD" CONTACT-INFO "TBD"
DESCRIPTION DESCRIPTION
"This MIB module defines the generic managed objects "This MIB module defines the generic managed objects
for NAT." for NAT."
REVISION "200503210000Z" -- 21th March 2005 REVISION "200503210000Z" -- 21th March 2005
DESCRIPTION DESCRIPTION
"Initial version, published as RFC 4008." "Initial version, published as RFC 4008."
REVISION "200001010000Z" REVISION "200001010000Z"
DESCRIPTION DESCRIPTION
"Dummy version. RFC Editor must replace this." "Dummy version. RFC Editor must replace this."
::= { mib-2 123 } ::= { mib-2 123 }
natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 } natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 }
NatProtocolType ::= TEXTUAL-CONVENTION NatProtocolType ::= TEXTUAL-CONVENTION
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"A list of protocols that support the network "A list of protocols that support the network
address translation. Inclusion of the values is address translation. Inclusion of the values is
not intended to imply that those protocols not intended to imply that those protocols
need to be supported. Any change in this need to be supported. Any change in this
TEXTUAL-CONVENTION should also be reflected in TEXTUAL-CONVENTION should also be reflected in
the definition of NatProtocolMap, which is a the definition of NatProtocolMap, which is a
BITS representation of this." BITS representation of this."
SYNTAX INTEGER { SYNTAX INTEGER {
none (1), -- not specified none (1), -- not specified
other (2), -- none of the following other (2), -- none of the following
icmp (3), icmp (3),
udp (4), udp (4),
tcp (5) tcp (5)
} }
NatProtocolMap ::= TEXTUAL-CONVENTION NatProtocolMap ::= TEXTUAL-CONVENTION
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"A bitmap of protocol identifiers that support "A bitmap of protocol identifiers that support
the network address translation. Any change the network address translation. Any change
in this TEXTUAL-CONVENTION should also be in this TEXTUAL-CONVENTION should also be
reflected in the definition of NatProtocolType." reflected in the definition of NatProtocolType."
SYNTAX BITS { SYNTAX BITS {
other (0), other (0),
icmp (1), icmp (1),
udp (2), udp (2),
tcp (3) tcp (3)
} }
NatAddrMapId ::= TEXTUAL-CONVENTION NatAddrMapId ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"A unique id that is assigned to each address map "A unique id that is assigned to each address map
by a NAT enabled device." by a NAT enabled device."
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
NatBindIdOrZero ::= TEXTUAL-CONVENTION NatBindIdOrZero ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"A unique id that is assigned to each bind by "A unique id that is assigned to each bind by
a NAT enabled device. The bind id will be zero a NAT enabled device. The bind id will be zero
in the case of a Symmetric NAT." in the case of a Symmetric NAT."
SYNTAX Unsigned32 (0..4294967295) SYNTAX Unsigned32 (0..4294967295)
NatBindId ::= TEXTUAL-CONVENTION NatBindId ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"A unique id that is assigned to each bind by "A unique id that is assigned to each bind by
a NAT enabled device." a NAT enabled device."
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
NatSessionId ::= TEXTUAL-CONVENTION NatSessionId ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"A unique id that is assigned to each session by "A unique id that is assigned to each session by
a NAT enabled device." a NAT enabled device."
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
NatBindMode ::= TEXTUAL-CONVENTION NatBindMode ::= TEXTUAL-CONVENTION
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"An indication of whether the bind is "An indication of whether the bind is
an address bind or an address port bind." an address bind or an address port bind."
SYNTAX INTEGER { SYNTAX INTEGER {
addressBind (1), addressBind (1),
addressPortBind (2) addressPortBind (2)
} }
NatAssociationType ::= TEXTUAL-CONVENTION NatAssociationType ::= TEXTUAL-CONVENTION
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"An indication of whether the association is "An indication of whether the association is
static or dynamic." static or dynamic."
SYNTAX INTEGER { SYNTAX INTEGER {
static (1), static (1),
dynamic (2) dynamic (2)
} }
NatTranslationEntity ::= TEXTUAL-CONVENTION NatTranslationEntity ::= TEXTUAL-CONVENTION
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"An indication of a) the direction of a session for "An indication of a) the direction of a session for
which an address map entry, address bind or port which an address map entry, address bind or port
bind is applicable, and b) the entity (source or bind is applicable, and b) the entity (source or
destination) within the session that is subject to destination) within the session that is subject to
translation." translation."
SYNTAX BITS { SYNTAX BITS {
inboundSrcEndPoint (0), inboundSrcEndPoint (0),
outboundDstEndPoint(1), outboundDstEndPoint(1),
inboundDstEndPoint (2), inboundDstEndPoint (2),
outboundSrcEndPoint(3) outboundSrcEndPoint(3)
} }
ProtocolNumber ::= TEXTUAL-CONVENTION --
DISPLAY-HINT "d" -- Default Values for the Bind and NAT Protocol Timers
STATUS current --
DESCRIPTION
"A transport protocol number, from the 'protocol-numbers' IANA
registry."
SYNTAX Unsigned32 (0..255)
NatPoolId ::= TEXTUAL-CONVENTION natDefTimeouts OBJECT IDENTIFIER ::= { natMIBObjects 1 }
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"A unique ID that is assigned to each pool."
SYNTAX Unsigned32 (1..4294967295)
NatBehaviorType ::= TEXTUAL-CONVENTION natNotifCtrl OBJECT IDENTIFIER ::= { natMIBObjects 2 }
STATUS current
DESCRIPTION
"Behavior type as described in [RFC4787] sections 4.1 and 5."
SYNTAX INTEGER {
endpointIndependent (0),
addressDependent (1),
addressAndPortDependent (2)
}
NatPoolingType ::= TEXTUAL-CONVENTION --
STATUS current -- Address Bind and Port Bind related NAT configuration
DESCRIPTION --
"Pooling type as described in [RFC4787] sections 4.1."
SYNTAX INTEGER {
arbitrary (0),
paired (1)
}
natBindDefIdleTimeout OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
UNITS "seconds"
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"The default Bind (Address Bind or Port Bind) idle
timeout parameter.
natDefTimeouts OBJECT IDENTIFIER ::= { natMIBObjects 1 } If the agent is capable of storing non-volatile
configuration, then the value of this object must be
restored after a re-initialization of the management
system."
DEFVAL { 0 }
::= { natDefTimeouts 1 }
natNotifCtrl OBJECT IDENTIFIER ::= { natMIBObjects 2 } --
-- UDP related NAT configuration
--
natUdpDefIdleTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "seconds"
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"The default UDP idle timeout parameter.
natBindDefIdleTimeout OBJECT-TYPE If the agent is capable of storing non-volatile
SYNTAX Unsigned32 (0..4294967295) configuration, then the value of this object must be
UNITS "seconds" restored after a re-initialization of the management
MAX-ACCESS read-write system."
STATUS deprecated DEFVAL { 300 }
DESCRIPTION ::= { natDefTimeouts 2 }
"The default Bind (Address Bind or Port Bind) idle
timeout parameter.
If the agent is capable of storing non-volatile --
configuration, then the value of this object must be -- ICMP related NAT configuration
restored after a re-initialization of the management --
system."
DEFVAL { 0 }
::= { natDefTimeouts 1 }
natIcmpDefIdleTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "seconds"
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"The default ICMP idle timeout parameter.
natUdpDefIdleTimeout OBJECT-TYPE If the agent is capable of storing non-volatile
SYNTAX Unsigned32 (1..4294967295) configuration, then the value of this object must be
UNITS "seconds" restored after a re-initialization of the management
MAX-ACCESS read-write system."
STATUS deprecated DEFVAL { 300 }
DESCRIPTION ::= { natDefTimeouts 3 }
"The default UDP idle timeout parameter.
If the agent is capable of storing non-volatile --
configuration, then the value of this object must be -- Other protocol parameters
restored after a re-initialization of the management --
system."
DEFVAL { 300 }
::= { natDefTimeouts 2 }
natOtherDefIdleTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "seconds"
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"The default idle timeout parameter for protocols
represented by the value other (2) in
NatProtocolType.
natIcmpDefIdleTimeout OBJECT-TYPE If the agent is capable of storing non-volatile
SYNTAX Unsigned32 (1..4294967295) configuration, then the value of this object must be
UNITS "seconds" restored after a re-initialization of the management
MAX-ACCESS read-write system."
STATUS deprecated DEFVAL { 60 }
DESCRIPTION ::= { natDefTimeouts 4 }
"The default ICMP idle timeout parameter.
If the agent is capable of storing non-volatile --
configuration, then the value of this object must be -- TCP related NAT Timers
restored after a re-initialization of the management --
system."
DEFVAL { 300 }
::= { natDefTimeouts 3 }
natTcpDefIdleTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
UNITS "seconds"
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"The default time interval that a NAT session for an
established TCP connection is allowed to remain
valid without any activity on the TCP connection.
natOtherDefIdleTimeout OBJECT-TYPE If the agent is capable of storing non-volatile
SYNTAX Unsigned32 (1..4294967295) configuration, then the value of this object must be
UNITS "seconds" restored after a re-initialization of the management
MAX-ACCESS read-write system."
STATUS deprecated DEFVAL { 86400 }
DESCRIPTION ::= { natDefTimeouts 5 }
"The default idle timeout parameter for protocols
represented by the value other (2) in
NatProtocolType.
If the agent is capable of storing non-volatile natTcpDefNegTimeout OBJECT-TYPE
configuration, then the value of this object must be SYNTAX Unsigned32 (1..4294967295)
restored after a re-initialization of the management UNITS "seconds"
system." MAX-ACCESS read-write
DEFVAL { 60 } STATUS deprecated
::= { natDefTimeouts 4 } DESCRIPTION
"The default time interval that a NAT session for a TCP
connection that is not in the established state
is allowed to remain valid without any activity on
the TCP connection.
If the agent is capable of storing non-volatile
configuration, then the value of this object must be
restored after a re-initialization of the management
system."
DEFVAL { 60 }
::= { natDefTimeouts 6 }
natTcpDefIdleTimeout OBJECT-TYPE natNotifThrottlingInterval OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Integer32 (0 | 5..3600)
UNITS "seconds" UNITS "seconds"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The default time interval that a NAT session for an "This object controls the generation of the
established TCP connection is allowed to remain natPacketDiscard notification.
valid without any activity on the TCP connection.
If the agent is capable of storing non-volatile If this object has a value of zero, then no
configuration, then the value of this object must be natPacketDiscard notifications will be transmitted by
restored after a re-initialization of the management the agent.
system."
DEFVAL { 86400 }
::= { natDefTimeouts 5 }
natTcpDefNegTimeout OBJECT-TYPE If this object has a non-zero value, then the agent must
SYNTAX Unsigned32 (1..4294967295) not generate more than one natPacketDiscard
UNITS "seconds" 'notification-event' in the indicated period, where a
MAX-ACCESS read-write 'notification-event' is the generation of a single
STATUS deprecated notification PDU type to a list of notification
DESCRIPTION destinations. If additional NAT packets are discarded
"The default time interval that a NAT session for a TCP within the throttling period, then notification-events
connection that is not in the established state for these changes must be suppressed by the agent until
is allowed to remain valid without any activity on the current throttling period expires.
the TCP connection.
If the agent is capable of storing non-volatile If natNotifThrottlingInterval notification generation
configuration, then the value of this object must be is enabled, the suggested default throttling period is
restored after a re-initialization of the management 60 seconds, but generation of the natPacketDiscard
system." notification should be disabled by default.
DEFVAL { 60 }
::= { natDefTimeouts 6 }
natNotifThrottlingInterval OBJECT-TYPE If the agent is capable of storing non-volatile
SYNTAX Integer32 (0 | 5..3600) configuration, then the value of this object must be
UNITS "seconds" restored after a re-initialization of the management
MAX-ACCESS read-write system.
STATUS deprecated
DESCRIPTION
"This object controls the generation of the
natPacketDiscard notification.
If this object has a value of zero, then no The actual transmission of notifications is controlled
natPacketDiscard notifications will be transmitted by the via the MIB modules in RFC 3413."
agent. DEFVAL { 0 }
::= { natNotifCtrl 1 }
If this object has a non-zero value, then the agent must --
not generate more than one natPacketDiscard -- The NAT Interface Table
'notification-event' in the indicated period, where a --
'notification-event' is the generation of a single natInterfaceTable OBJECT-TYPE
notification PDU type to a list of notification SYNTAX SEQUENCE OF NatInterfaceEntry
destinations. If additional NAT packets are discarded MAX-ACCESS not-accessible
within the throttling period, then notification-events STATUS deprecated
for these changes must be suppressed by the agent until DESCRIPTION
the current throttling period expires. "This table specifies the attributes for interfaces on a
device supporting NAT function."
::= { natMIBObjects 3 }
If natNotifThrottlingInterval notification generation natInterfaceEntry OBJECT-TYPE
is enabled, the suggested default throttling period is SYNTAX NatInterfaceEntry
60 seconds, but generation of the natPacketDiscard MAX-ACCESS not-accessible
notification should be disabled by default. STATUS deprecated
DESCRIPTION
"Each entry in the natInterfaceTable holds a set of
parameters for an interface, instantiated by
ifIndex. Therefore, the interface index must have been
assigned, according to the applicable procedures,
before it can be meaningfully used.
Generally, this means that the interface must exist.
If the agent is capable of storing non-volatile When natStorageType is of type nonVolatile, however,
configuration, then the value of this object must be this may reflect the configuration for an interface
restored after a re-initialization of the management whose ifIndex has been assigned but for which the
system. supporting implementation is not currently present."
INDEX { ifIndex }
::= { natInterfaceTable 1 }
The actual transmission of notifications is controlled NatInterfaceEntry ::= SEQUENCE {
via the MIB modules in RFC 3413." natInterfaceRealm INTEGER,
DEFVAL { 0 } natInterfaceServiceType BITS,
::= { natNotifCtrl 1 } natInterfaceInTranslates Counter64,
natInterfaceOutTranslates Counter64,
natInterfaceDiscards Counter64,
natInterfaceStorageType StorageType,
natInterfaceRowStatus RowStatus
}
natInterfaceRealm OBJECT-TYPE
SYNTAX INTEGER {
private (1),
public (2)
}
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"This object identifies whether this interface is
connected to the private or the public realm."
natInterfaceTable OBJECT-TYPE DEFVAL { public }
SYNTAX SEQUENCE OF NatInterfaceEntry ::= { natInterfaceEntry 1 }
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"This table specifies the attributes for interfaces on a
device supporting NAT function."
::= { natMIBObjects 3 }
natInterfaceEntry OBJECT-TYPE natInterfaceServiceType OBJECT-TYPE
SYNTAX NatInterfaceEntry SYNTAX BITS {
MAX-ACCESS not-accessible basicNat (0),
STATUS deprecated napt (1),
DESCRIPTION bidirectionalNat (2),
"Each entry in the natInterfaceTable holds a set of twiceNat (3)
parameters for an interface, instantiated by }
ifIndex. Therefore, the interface index must have been MAX-ACCESS read-create
assigned, according to the applicable procedures, STATUS deprecated
before it can be meaningfully used. DESCRIPTION
Generally, this means that the interface must exist. "An indication of the direction in which new sessions
are permitted and the extent of translation done within
the IP and transport headers."
::= { natInterfaceEntry 2 }
When natStorageType is of type nonVolatile, however, natInterfaceInTranslates OBJECT-TYPE
this may reflect the configuration for an interface whose SYNTAX Counter64
ifIndex has been assigned but for which the supporting MAX-ACCESS read-only
implementation is not currently present." STATUS deprecated
INDEX { ifIndex } DESCRIPTION
::= { natInterfaceTable 1 } "Number of packets received on this interface that
were translated.
Discontinuities in the value of this counter can occur
at reinitialization of the management system and at
other times as indicated by the value of
ifCounterDiscontinuityTime on the relevant interface."
::= { natInterfaceEntry 3 }
NatInterfaceEntry ::= SEQUENCE { natInterfaceOutTranslates OBJECT-TYPE
natInterfaceRealm INTEGER, SYNTAX Counter64
natInterfaceServiceType BITS, MAX-ACCESS read-only
natInterfaceInTranslates Counter64, STATUS deprecated
natInterfaceOutTranslates Counter64, DESCRIPTION
natInterfaceDiscards Counter64, "Number of translated packets that were sent out this
natInterfaceStorageType StorageType, interface.
natInterfaceRowStatus RowStatus
}
natInterfaceRealm OBJECT-TYPE Discontinuities in the value of this counter can occur
SYNTAX INTEGER { at reinitialization of the management system and at
private (1), other times as indicated by the value of
public (2) ifCounterDiscontinuityTime on the relevant interface."
} ::= { natInterfaceEntry 4 }
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"This object identifies whether this interface is
connected to the private or the public realm."
DEFVAL { public }
::= { natInterfaceEntry 1 }
natInterfaceServiceType OBJECT-TYPE natInterfaceDiscards OBJECT-TYPE
SYNTAX BITS { SYNTAX Counter64
basicNat (0), MAX-ACCESS read-only
napt (1), STATUS deprecated
bidirectionalNat (2), DESCRIPTION
twiceNat (3) "Number of packets that had to be rejected/dropped due to
} a lack of resources for this interface.
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"An indication of the direction in which new sessions
are permitted and the extent of translation done within
the IP and transport headers."
::= { natInterfaceEntry 2 }
natInterfaceInTranslates OBJECT-TYPE Discontinuities in the value of this counter can occur
SYNTAX Counter64 at reinitialization of the management system and at
MAX-ACCESS read-only other times as indicated by the value of
STATUS deprecated ifCounterDiscontinuityTime on the relevant interface."
DESCRIPTION ::= { natInterfaceEntry 5 }
"Number of packets received on this interface that
were translated.
Discontinuities in the value of this counter can occur at
reinitialization of the management system and at other
times as indicated by the value of
ifCounterDiscontinuityTime on the relevant interface."
::= { natInterfaceEntry 3 }
natInterfaceOutTranslates OBJECT-TYPE natInterfaceStorageType OBJECT-TYPE
SYNTAX Counter64 SYNTAX StorageType
MAX-ACCESS read-only MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"Number of translated packets that were sent out this "The storage type for this conceptual row.
interface. Conceptual rows having the value 'permanent'
need not allow write-access to any columnar objects
in the row."
REFERENCE
"Textual Conventions for SMIv2, Section 2."
DEFVAL { nonVolatile }
::= { natInterfaceEntry 6 }
Discontinuities in the value of this counter can occur at natInterfaceRowStatus OBJECT-TYPE
reinitialization of the management system and at other SYNTAX RowStatus
times as indicated by the value of MAX-ACCESS read-create
ifCounterDiscontinuityTime on the relevant interface." STATUS deprecated
::= { natInterfaceEntry 4 } DESCRIPTION
"The status of this conceptual row.
natInterfaceDiscards OBJECT-TYPE Until instances of all corresponding columns are
SYNTAX Counter64 appropriately configured, the value of the
MAX-ACCESS read-only corresponding instance of the natInterfaceRowStatus
STATUS deprecated column is 'notReady'.
DESCRIPTION
"Number of packets that had to be rejected/dropped due to
a lack of resources for this interface.
Discontinuities in the value of this counter can occur at In particular, a newly created row cannot be made
reinitialization of the management system and at other active until the corresponding instance of
times as indicated by the value of natInterfaceServiceType has been set.
ifCounterDiscontinuityTime on the relevant interface."
::= { natInterfaceEntry 5 }
natInterfaceStorageType OBJECT-TYPE None of the objects in this row may be modified
SYNTAX StorageType while the value of this object is active(1)."
MAX-ACCESS read-create REFERENCE
STATUS deprecated "Textual Conventions for SMIv2, Section 2."
DESCRIPTION ::= { natInterfaceEntry 7 }
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent'
need not allow write-access to any columnar objects
in the row."
REFERENCE
"Textual Conventions for SMIv2, Section 2."
DEFVAL { nonVolatile }
::= { natInterfaceEntry 6 }
natInterfaceRowStatus OBJECT-TYPE --
SYNTAX RowStatus -- The Address Map Table
MAX-ACCESS read-create --
STATUS deprecated
DESCRIPTION
"The status of this conceptual row.
Until instances of all corresponding columns are natAddrMapTable OBJECT-TYPE
appropriately configured, the value of the SYNTAX SEQUENCE OF NatAddrMapEntry
corresponding instance of the natInterfaceRowStatus MAX-ACCESS not-accessible
column is 'notReady'. STATUS deprecated
DESCRIPTION
"This table lists address map parameters for NAT."
::= { natMIBObjects 4 }
In particular, a newly created row cannot be made natAddrMapEntry OBJECT-TYPE
active until the corresponding instance of SYNTAX NatAddrMapEntry
natInterfaceServiceType has been set. MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"This entry represents an address map to be used for
NAT and contributes to the dynamic and/or static
address mapping tables of the NAT device."
INDEX { ifIndex, natAddrMapIndex }
::= { natAddrMapTable 1 }
None of the objects in this row may be modified NatAddrMapEntry ::= SEQUENCE {
while the value of this object is active(1)." natAddrMapIndex NatAddrMapId,
REFERENCE natAddrMapName SnmpAdminString,
"Textual Conventions for SMIv2, Section 2." natAddrMapEntryType NatAssociationType,
::= { natInterfaceEntry 7 } natAddrMapTranslationEntity NatTranslationEntity,
natAddrMapLocalAddrType InetAddressType,
natAddrMapLocalAddrFrom InetAddress,
natAddrMapLocalAddrTo InetAddress,
natAddrMapLocalPortFrom InetPortNumber,
natAddrMapLocalPortTo InetPortNumber,
natAddrMapGlobalAddrType InetAddressType,
natAddrMapGlobalAddrFrom InetAddress,
natAddrMapGlobalAddrTo InetAddress,
natAddrMapGlobalPortFrom InetPortNumber,
natAddrMapGlobalPortTo InetPortNumber,
natAddrMapProtocol NatProtocolMap,
natAddrMapInTranslates Counter64,
natAddrMapOutTranslates Counter64,
natAddrMapDiscards Counter64,
natAddrMapAddrUsed Gauge32,
natAddrMapStorageType StorageType,
natAddrMapRowStatus RowStatus
}
natAddrMapIndex OBJECT-TYPE
SYNTAX NatAddrMapId
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"Along with ifIndex, this object uniquely
identifies an entry in the natAddrMapTable.
Address map entries are applied in the order
specified by natAddrMapIndex."
::= { natAddrMapEntry 1 }
natAddrMapTable OBJECT-TYPE natAddrMapName OBJECT-TYPE
SYNTAX SEQUENCE OF NatAddrMapEntry SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This table lists address map parameters for NAT." "Name identifying all map entries in the table associated
::= { natMIBObjects 4 } with the same interface. All map entries with the same
ifIndex MUST have the same map name."
::= { natAddrMapEntry 2 }
natAddrMapEntry OBJECT-TYPE natAddrMapEntryType OBJECT-TYPE
SYNTAX NatAddrMapEntry SYNTAX NatAssociationType
MAX-ACCESS not-accessible MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This entry represents an address map to be used for "This parameter can be used to set up static
NAT and contributes to the dynamic and/or static or dynamic address maps."
address mapping tables of the NAT device." ::= { natAddrMapEntry 3 }
INDEX { ifIndex, natAddrMapIndex }
::= { natAddrMapTable 1 }
NatAddrMapEntry ::= SEQUENCE { natAddrMapTranslationEntity OBJECT-TYPE
natAddrMapIndex NatAddrMapId, SYNTAX NatTranslationEntity
natAddrMapName SnmpAdminString, MAX-ACCESS read-create
natAddrMapEntryType NatAssociationType, STATUS deprecated
natAddrMapTranslationEntity NatTranslationEntity, DESCRIPTION
natAddrMapLocalAddrType InetAddressType, "The end-point entity (source or destination) in
natAddrMapLocalAddrFrom InetAddress, inbound or outbound sessions (i.e., first packets) that
natAddrMapLocalAddrTo InetAddress, may be translated by an address map entry.
natAddrMapLocalPortFrom InetPortNumber,
natAddrMapLocalPortTo InetPortNumber,
natAddrMapGlobalAddrType InetAddressType,
natAddrMapGlobalAddrFrom InetAddress,
natAddrMapGlobalAddrTo InetAddress,
natAddrMapGlobalPortFrom InetPortNumber,
natAddrMapGlobalPortTo InetPortNumber,
natAddrMapProtocol NatProtocolMap,
natAddrMapInTranslates Counter64,
natAddrMapOutTranslates Counter64,
natAddrMapDiscards Counter64,
natAddrMapAddrUsed Gauge32,
natAddrMapStorageType StorageType,
natAddrMapRowStatus RowStatus
}
natAddrMapIndex OBJECT-TYPE Session direction (inbound or outbound) is
SYNTAX NatAddrMapId derived from the direction of the first packet
MAX-ACCESS not-accessible of a session traversing a NAT interface.
STATUS deprecated NAT address (and Transport-ID) maps may be defined
DESCRIPTION to effect inbound or outbound sessions.
"Along with ifIndex, this object uniquely
identifies an entry in the natAddrMapTable.
Address map entries are applied in the order
specified by natAddrMapIndex."
::= { natAddrMapEntry 1 }
natAddrMapName OBJECT-TYPE Traditionally, address maps for Basic NAT and NAPT are
SYNTAX SnmpAdminString (SIZE(1..32)) configured on a public interface for outbound sessions,
MAX-ACCESS read-create effecting translation of source end-point. The value of
STATUS deprecated this object must be set to outboundSrcEndPoint for
DESCRIPTION those interfaces.
"Name identifying all map entries in the table associated
with the same interface. All map entries with the same
ifIndex MUST have the same map name."
::= { natAddrMapEntry 2 }
natAddrMapEntryType OBJECT-TYPE Alternately, if address maps for Basic NAT and NAPT were
SYNTAX NatAssociationType to be configured on a private interface, the desired
MAX-ACCESS read-create value for this object for the map entries
STATUS deprecated would be inboundSrcEndPoint (i.e., effecting translation
DESCRIPTION of source end-point for inbound sessions).
"This parameter can be used to set up static
or dynamic address maps."
::= { natAddrMapEntry 3 }
natAddrMapTranslationEntity OBJECT-TYPE If TwiceNAT were to be configured on a private
SYNTAX NatTranslationEntity interface, the desired value for this object for the map
MAX-ACCESS read-create entries would be a bitmask of inboundSrcEndPoint and
STATUS deprecated inboundDstEndPoint."
DESCRIPTION ::= { natAddrMapEntry 4 }
"The end-point entity (source or destination) in
inbound or outbound sessions (i.e., first packets) that
may be translated by an address map entry.
Session direction (inbound or outbound) is natAddrMapLocalAddrType OBJECT-TYPE
derived from the direction of the first packet SYNTAX InetAddressType
of a session traversing a NAT interface. MAX-ACCESS read-create
NAT address (and Transport-ID) maps may be defined STATUS deprecated
to effect inbound or outbound sessions. DESCRIPTION
"This object specifies the address type used for
natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo."
::= { natAddrMapEntry 5 }
Traditionally, address maps for Basic NAT and NAPT are natAddrMapLocalAddrFrom OBJECT-TYPE
configured on a public interface for outbound sessions, SYNTAX InetAddress
effecting translation of source end-point. The value of MAX-ACCESS read-create
this object must be set to outboundSrcEndPoint for STATUS deprecated
those interfaces. DESCRIPTION
"This object specifies the first IP address of the range
of IP addresses mapped by this translation entry. The
value of this object must be less than or equal to the
value of the natAddrMapLocalAddrTo object.
Alternately, if address maps for Basic NAT and NAPT were The type of this address is determined by the value of
to be configured on a private interface, the desired the natAddrMapLocalAddrType object."
value for this object for the map entries ::= { natAddrMapEntry 6 }
would be inboundSrcEndPoint (i.e., effecting translation
of source end-point for inbound sessions).
If TwiceNAT were to be configured on a private interface, natAddrMapLocalAddrTo OBJECT-TYPE
the desired value for this object for the map entries SYNTAX InetAddress
would be a bitmask of inboundSrcEndPoint and MAX-ACCESS read-create
inboundDstEndPoint." STATUS deprecated
::= { natAddrMapEntry 4 } DESCRIPTION
"This object specifies the last IP address of the range
of IP addresses mapped by this translation entry. If
only a single address is being mapped, the value of this
object is equal to the value of natAddrMapLocalAddrFrom.
For a static NAT, the number of addresses in the range
defined by natAddrMapLocalAddrFrom and
natAddrMapLocalAddrTo must be equal to the number of
addresses in the range defined by
natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo.
The value of this object must be greater than or equal
to the value of the natAddrMapLocalAddrFrom object.
natAddrMapLocalAddrType OBJECT-TYPE The type of this address is determined by the value of
SYNTAX InetAddressType the natAddrMapLocalAddrType object."
MAX-ACCESS read-create ::= { natAddrMapEntry 7 }
STATUS deprecated
DESCRIPTION
"This object specifies the address type used for
natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo."
::= { natAddrMapEntry 5 }
natAddrMapLocalAddrFrom OBJECT-TYPE natAddrMapLocalPortFrom OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetPortNumber
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object specifies the first IP address of the range "If this conceptual row describes a Basic NAT address
of IP addresses mapped by this translation entry. The mapping, then the value of this object must be zero. If
value of this object must be less than or equal to the this conceptual row describes NAPT, then the value of
value of the natAddrMapLocalAddrTo object. this object specifies the first port number in the range
of ports being mapped.
The type of this address is determined by the value of The value of this object must be less than or equal to
the natAddrMapLocalAddrType object." the value of the natAddrMapLocalPortTo object. If the
::= { natAddrMapEntry 6 } translation specifies a single port, then the value of
this object is equal to the value of
natAddrMapLocalPortTo."
DEFVAL { 0 }
::= { natAddrMapEntry 8 }
natAddrMapLocalAddrTo OBJECT-TYPE natAddrMapLocalPortTo OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetPortNumber
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object specifies the last IP address of the range of "If this conceptual row describes a Basic NAT address
IP addresses mapped by this translation entry. If only mapping, then the value of this object must be zero. If
a single address is being mapped, the value of this object this conceptual row describes NAPT, then the value of
is equal to the value of natAddrMapLocalAddrFrom. For a this object specifies the last port number in the range
static NAT, the number of addresses in the range defined of ports being mapped.
by natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo must
be equal to the number of addresses in the range defined by
natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo.
The value of this object must be greater than or equal to
the value of the natAddrMapLocalAddrFrom object.
The type of this address is determined by the value of The value of this object must be greater than or equal
the natAddrMapLocalAddrType object." to the value of the natAddrMapLocalPortFrom object. If
::= { natAddrMapEntry 7 } the translation specifies a single port, then the value
of this object is equal to the value of
natAddrMapLocalPortFrom."
DEFVAL { 0 }
::= { natAddrMapEntry 9 }
natAddrMapLocalPortFrom OBJECT-TYPE natAddrMapGlobalAddrType OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetAddressType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"If this conceptual row describes a Basic NAT address "This object specifies the address type used for
mapping, then the value of this object must be zero. If natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo."
this conceptual row describes NAPT, then the value of ::= { natAddrMapEntry 10 }
this object specifies the first port number in the range
of ports being mapped.
The value of this object must be less than or equal to the natAddrMapGlobalAddrFrom OBJECT-TYPE
value of the natAddrMapLocalPortTo object. If the SYNTAX InetAddress
translation specifies a single port, then the value of this MAX-ACCESS read-create
object is equal to the value of natAddrMapLocalPortTo." STATUS deprecated
DEFVAL { 0 } DESCRIPTION
::= { natAddrMapEntry 8 } "This object specifies the first IP address of the range
of IP addresses being mapped to. The value of this
object must be less than or equal to the value of the
natAddrMapGlobalAddrTo object.
natAddrMapLocalPortTo OBJECT-TYPE The type of this address is determined by the value of
SYNTAX InetPortNumber the natAddrMapGlobalAddrType object."
MAX-ACCESS read-create ::= { natAddrMapEntry 11 }
STATUS deprecated
DESCRIPTION
"If this conceptual row describes a Basic NAT address
mapping, then the value of this object must be zero. If
this conceptual row describes NAPT, then the value of
this object specifies the last port number in the range
of ports being mapped.
The value of this object must be greater than or equal to natAddrMapGlobalAddrTo OBJECT-TYPE
the value of the natAddrMapLocalPortFrom object. If the SYNTAX InetAddress
translation specifies a single port, then the value of this MAX-ACCESS read-create
object is equal to the value of natAddrMapLocalPortFrom." STATUS deprecated
DEFVAL { 0 } DESCRIPTION
::= { natAddrMapEntry 9 } "This object specifies the last IP address of the range
of IP addresses being mapped to. If only a single
address is being mapped to, the value of this object is
equal to the value of natAddrMapGlobalAddrFrom. For a
static NAT, the number of addresses in the range defined
by natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo
must be equal to the number of addresses in the range
defined by natAddrMapLocalAddrFrom and
natAddrMapLocalAddrTo. The value of this object must be
greater than or equal to the value of the
natAddrMapGlobalAddrFrom object.
natAddrMapGlobalAddrType OBJECT-TYPE The type of this address is determined by the value of
SYNTAX InetAddressType the natAddrMapGlobalAddrType object."
MAX-ACCESS read-create ::= { natAddrMapEntry 12 }
STATUS deprecated
DESCRIPTION
"This object specifies the address type used for
natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo."
::= { natAddrMapEntry 10 }
natAddrMapGlobalAddrFrom OBJECT-TYPE natAddrMapGlobalPortFrom OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetPortNumber
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object specifies the first IP address of the range of "If this conceptual row describes a Basic NAT address
IP addresses being mapped to. The value of this object mapping, then the value of this object must be zero. If
must be less than or equal to the value of the this conceptual row describes NAPT, then the value of
natAddrMapGlobalAddrTo object. this object specifies the first port number in the range
of ports being mapped to.
The type of this address is determined by the value of The value of this object must be less than or equal to
the natAddrMapGlobalAddrType object." the value of the natAddrMapGlobalPortTo object. If the
::= { natAddrMapEntry 11 } translation specifies a single port, then the value of
this object is equal to the value
natAddrMapGlobalPortTo."
DEFVAL { 0 }
::= { natAddrMapEntry 13 }
natAddrMapGlobalAddrTo OBJECT-TYPE natAddrMapGlobalPortTo OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetPortNumber
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object specifies the last IP address of the range of "If this conceptual row describes a Basic NAT address
IP addresses being mapped to. If only a single address is mapping, then the value of this object must be zero. If
being mapped to, the value of this object is equal to the this conceptual row describes NAPT, then the value of
value of natAddrMapGlobalAddrFrom. For a static NAT, the this object specifies the last port number in the range
number of addresses in the range defined by of ports being mapped to.
natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo must be
equal to the number of addresses in the range defined by
natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo.
The value of this object must be greater than or equal to
the value of the natAddrMapGlobalAddrFrom object.
The type of this address is determined by the value of The value of this object must be greater than or equal
the natAddrMapGlobalAddrType object." to the value of the natAddrMapGlobalPortFrom object. If
::= { natAddrMapEntry 12 } the translation specifies a single port, then the value
of this object is equal to the value of
natAddrMapGlobalPortFrom."
DEFVAL { 0 }
::= { natAddrMapEntry 14 }
natAddrMapGlobalPortFrom OBJECT-TYPE natAddrMapProtocol OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX NatProtocolMap
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"If this conceptual row describes a Basic NAT address "This object specifies a bitmap of protocol identifiers."
mapping, then the value of this object must be zero. If ::= { natAddrMapEntry 15 }
this conceptual row describes NAPT, then the value of
this object specifies the first port number in the range
of ports being mapped to.
The value of this object must be less than or equal to the natAddrMapInTranslates OBJECT-TYPE
value of the natAddrMapGlobalPortTo object. If the SYNTAX Counter64
translation specifies a single port, then the value of this MAX-ACCESS read-only
object is equal to the value natAddrMapGlobalPortTo." STATUS deprecated
DEFVAL { 0 } DESCRIPTION
::= { natAddrMapEntry 13 } "The number of inbound packets pertaining to this address
map entry that were translated.
natAddrMapGlobalPortTo OBJECT-TYPE Discontinuities in the value of this counter can occur
SYNTAX InetPortNumber at reinitialization of the management system and at
MAX-ACCESS read-create other times, as indicated by the value of
STATUS deprecated ifCounterDiscontinuityTime on the relevant interface."
DESCRIPTION ::= { natAddrMapEntry 16 }
"If this conceptual row describes a Basic NAT address
mapping, then the value of this object must be zero. If
this conceptual row describes NAPT, then the value of this
object specifies the last port number in the range of
ports being mapped to.
The value of this object must be greater than or equal to natAddrMapOutTranslates OBJECT-TYPE
the value of the natAddrMapGlobalPortFrom object. If the SYNTAX Counter64
translation specifies a single port, then the value of this MAX-ACCESS read-only
object is equal to the value of natAddrMapGlobalPortFrom." STATUS deprecated
DEFVAL { 0 } DESCRIPTION
::= { natAddrMapEntry 14 } "The number of outbound packets pertaining to this
address map entry that were translated.
natAddrMapProtocol OBJECT-TYPE Discontinuities in the value of this counter can occur
SYNTAX NatProtocolMap at reinitialization of the management system and at
MAX-ACCESS read-create other times, as indicated by the value of
STATUS deprecated ifCounterDiscontinuityTime on the relevant interface."
DESCRIPTION ::= { natAddrMapEntry 17 }
"This object specifies a bitmap of protocol identifiers."
::= { natAddrMapEntry 15 }
natAddrMapInTranslates OBJECT-TYPE natAddrMapDiscards OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The number of inbound packets pertaining to this address "The number of packets pertaining to this address map
map entry that were translated. entry that were dropped due to lack of addresses in the
address pool identified by this address map. The value
of this object must always be zero in case of static
address map.
Discontinuities in the value of this counter can occur at Discontinuities in the value of this counter can occur
reinitialization of the management system and at other at reinitialization of the management system and at
times, as indicated by the value of other times, as indicated by the value of
ifCounterDiscontinuityTime on the relevant interface." ifCounterDiscontinuityTime on the relevant interface."
::= { natAddrMapEntry 16 } ::= { natAddrMapEntry 18 }
natAddrMapOutTranslates OBJECT-TYPE natAddrMapAddrUsed OBJECT-TYPE
SYNTAX Counter64 SYNTAX Gauge32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The number of outbound packets pertaining to this "The number of addresses pertaining to this address map
address map entry that were translated. that are currently being used from the NAT pool.
The value of this object must always be zero in the case
of a static address map."
::= { natAddrMapEntry 19 }
Discontinuities in the value of this counter can occur at natAddrMapStorageType OBJECT-TYPE
reinitialization of the management system and at other SYNTAX StorageType
times, as indicated by the value of MAX-ACCESS read-create
ifCounterDiscontinuityTime on the relevant interface." STATUS deprecated
::= { natAddrMapEntry 17 } DESCRIPTION
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent'
need not allow write-access to any columnar objects
in the row."
REFERENCE
"Textual Conventions for SMIv2, Section 2."
DEFVAL { nonVolatile }
::= { natAddrMapEntry 20 }
natAddrMapDiscards OBJECT-TYPE natAddrMapRowStatus OBJECT-TYPE
SYNTAX Counter64 SYNTAX RowStatus
MAX-ACCESS read-only MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The number of packets pertaining to this address map "The status of this conceptual row.
entry that were dropped due to lack of addresses in the
address pool identified by this address map. The value of
this object must always be zero in case of static
address map.
Discontinuities in the value of this counter can occur at Until instances of all corresponding columns are
reinitialization of the management system and at other appropriately configured, the value of the
times, as indicated by the value of corresponding instance of the natAddrMapRowStatus
ifCounterDiscontinuityTime on the relevant interface." column is 'notReady'.
::= { natAddrMapEntry 18 }
natAddrMapAddrUsed OBJECT-TYPE None of the objects in this row may be modified
SYNTAX Gauge32 while the value of this object is active(1)."
MAX-ACCESS read-only REFERENCE
STATUS deprecated "Textual Conventions for SMIv2, Section 2."
DESCRIPTION ::= { natAddrMapEntry 21 }
"The number of addresses pertaining to this address map
that are currently being used from the NAT pool.
The value of this object must always be zero in the case
of a static address map."
::= { natAddrMapEntry 19 }
natAddrMapStorageType OBJECT-TYPE --
SYNTAX StorageType -- Address Bind section
MAX-ACCESS read-create --
STATUS deprecated
DESCRIPTION
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent'
need not allow write-access to any columnar objects
in the row."
REFERENCE
"Textual Conventions for SMIv2, Section 2."
DEFVAL { nonVolatile }
::= { natAddrMapEntry 20 }
natAddrMapRowStatus OBJECT-TYPE natAddrBindNumberOfEntries OBJECT-TYPE
SYNTAX RowStatus SYNTAX Gauge32
MAX-ACCESS read-create MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The status of this conceptual row. "This object maintains a count of the number of entries
that currently exist in the natAddrBindTable."
::= { natMIBObjects 5 }
Until instances of all corresponding columns are --
appropriately configured, the value of the -- The NAT Address BIND Table
corresponding instance of the natAddrMapRowStatus --
column is 'notReady'.
None of the objects in this row may be modified natAddrBindTable OBJECT-TYPE
while the value of this object is active(1)." SYNTAX SEQUENCE OF NatAddrBindEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"This table holds information about the currently
active NAT BINDs."
::= { natMIBObjects 6 }
REFERENCE natAddrBindEntry OBJECT-TYPE
"Textual Conventions for SMIv2, Section 2." SYNTAX NatAddrBindEntry
::= { natAddrMapEntry 21 } MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"Each entry in this table holds information about
an active address BIND. These entries are lost
upon agent restart.
This row has indexing which may create variables with
more than 128 subidentifiers. Implementers of this
table must be careful not to create entries that would
result in OIDs which exceed the 128 subidentifier limit.
Otherwise, the information cannot be accessed using
SNMPv1, SNMPv2c or SNMPv3."
natAddrBindNumberOfEntries OBJECT-TYPE INDEX { ifIndex,
SYNTAX Gauge32 natAddrBindLocalAddrType,
MAX-ACCESS read-only natAddrBindLocalAddr }
STATUS deprecated ::= { natAddrBindTable 1 }
DESCRIPTION
"This object maintains a count of the number of entries
that currently exist in the natAddrBindTable."
::= { natMIBObjects 5 }
NatAddrBindEntry ::= SEQUENCE {
natAddrBindLocalAddrType InetAddressType,
natAddrBindLocalAddr InetAddress,
natAddrBindGlobalAddrType InetAddressType,
natAddrBindGlobalAddr InetAddress,
natAddrBindId NatBindId,
natAddrBindTranslationEntity NatTranslationEntity,
natAddrBindType NatAssociationType,
natAddrBindMapIndex NatAddrMapId,
natAddrBindSessions Gauge32,
natAddrBindMaxIdleTime TimeTicks,
natAddrBindCurrentIdleTime TimeTicks,
natAddrBindInTranslates Counter64,
natAddrBindOutTranslates Counter64
natAddrBindTable OBJECT-TYPE }
SYNTAX SEQUENCE OF NatAddrBindEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"This table holds information about the currently
active NAT BINDs."
::= { natMIBObjects 6 }
natAddrBindEntry OBJECT-TYPE natAddrBindLocalAddrType OBJECT-TYPE
SYNTAX NatAddrBindEntry SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"Each entry in this table holds information about "This object specifies the address type used for
an active address BIND. These entries are lost natAddrBindLocalAddr."
upon agent restart. ::= { natAddrBindEntry 1 }
This row has indexing which may create variables with natAddrBindLocalAddr OBJECT-TYPE
more than 128 subidentifiers. Implementers of this table SYNTAX InetAddress
must be careful not to create entries that would result MAX-ACCESS not-accessible
in OIDs which exceed the 128 subidentifier limit. STATUS deprecated
Otherwise, the information cannot be accessed using DESCRIPTION
SNMPv1, SNMPv2c or SNMPv3." "This object represents the private-realm specific
network layer address, which maps to the public-realm
address represented by natAddrBindGlobalAddr.
INDEX { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr } The type of this address is determined by the value of
::= { natAddrBindTable 1 } the natAddrBindLocalAddrType object."
::= { natAddrBindEntry 2 }
NatAddrBindEntry ::= SEQUENCE { natAddrBindGlobalAddrType OBJECT-TYPE
natAddrBindLocalAddrType InetAddressType, SYNTAX InetAddressType
natAddrBindLocalAddr InetAddress, MAX-ACCESS read-only
natAddrBindGlobalAddrType InetAddressType, STATUS deprecated
natAddrBindGlobalAddr InetAddress, DESCRIPTION
natAddrBindId NatBindId, "This object specifies the address type used for
natAddrBindTranslationEntity NatTranslationEntity, natAddrBindGlobalAddr."
natAddrBindType NatAssociationType, ::= { natAddrBindEntry 3 }
natAddrBindMapIndex NatAddrMapId,
natAddrBindSessions Gauge32,
natAddrBindMaxIdleTime TimeTicks,
natAddrBindCurrentIdleTime TimeTicks,
natAddrBindInTranslates Counter64,
natAddrBindOutTranslates Counter64
}
natAddrBindLocalAddrType OBJECT-TYPE natAddrBindGlobalAddr OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddress
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object specifies the address type used for "This object represents the public-realm network layer
natAddrBindLocalAddr." address that maps to the private-realm network layer
::= { natAddrBindEntry 1 } address represented by natAddrBindLocalAddr.
natAddrBindLocalAddr OBJECT-TYPE The type of this address is determined by the value of
SYNTAX InetAddress the natAddrBindGlobalAddrType object."
MAX-ACCESS not-accessible ::= { natAddrBindEntry 4 }
STATUS deprecated
DESCRIPTION
"This object represents the private-realm specific network
layer address, which maps to the public-realm address
represented by natAddrBindGlobalAddr.
The type of this address is determined by the value of natAddrBindId OBJECT-TYPE
the natAddrBindLocalAddrType object." SYNTAX NatBindId
::= { natAddrBindEntry 2 } MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"This object represents a bind id that is dynamically
assigned to each bind by a NAT enabled device. Each
bind is represented by a bind id that is
unique across both, the natAddrBindTable and the
natAddrPortBindTable."
::= { natAddrBindEntry 5 }
natAddrBindGlobalAddrType OBJECT-TYPE natAddrBindTranslationEntity OBJECT-TYPE
SYNTAX InetAddressType SYNTAX NatTranslationEntity
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object specifies the address type used for "This object represents the direction of sessions
natAddrBindGlobalAddr." for which this bind is applicable and the endpoint
::= { natAddrBindEntry 3 } entity (source or destination) within the sessions that
is subject to translation using the BIND.
natAddrBindGlobalAddr OBJECT-TYPE Orientation of the bind can be a superset of
SYNTAX InetAddress translationEntity of the address map entry which
MAX-ACCESS read-only forms the basis for this bind.
STATUS deprecated
DESCRIPTION
"This object represents the public-realm network layer
address that maps to the private-realm network layer
address represented by natAddrBindLocalAddr.
The type of this address is determined by the value of For example, if the translationEntity of an
the natAddrBindGlobalAddrType object." address map entry is outboundSrcEndPoint, the
::= { natAddrBindEntry 4 } translationEntity of a bind derived from this
map entry may either be outboundSrcEndPoint or
it may be bidirectional (a bitmask of
outboundSrcEndPoint and inboundDstEndPoint)."
::= { natAddrBindEntry 6 }
natAddrBindId OBJECT-TYPE natAddrBindType OBJECT-TYPE
SYNTAX NatBindId SYNTAX NatAssociationType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object represents a bind id that is dynamically "This object indicates whether the bind is static or
assigned to each bind by a NAT enabled device. Each dynamic."
bind is represented by a bind id that is ::= { natAddrBindEntry 7 }
unique across both, the natAddrBindTable and the
natAddrPortBindTable."
::= { natAddrBindEntry 5 }
natAddrBindTranslationEntity OBJECT-TYPE natAddrBindMapIndex OBJECT-TYPE
SYNTAX NatTranslationEntity SYNTAX NatAddrMapId
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object represents the direction of sessions "This object is a pointer to the natAddrMapTable entry
for which this bind is applicable and the endpoint entity (and the parameters of that entry) which was used in
(source or destination) within the sessions that is creating this BIND. This object, in conjunction with
subject to translation using the BIND. the ifIndex (which identifies a unique addrMapName)
points to a unique entry in the natAddrMapTable."
::= { natAddrBindEntry 8 }
Orientation of the bind can be a superset of natAddrBindSessions OBJECT-TYPE
translationEntity of the address map entry which SYNTAX Gauge32
forms the basis for this bind. MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"Number of sessions currently using this BIND."
::= { natAddrBindEntry 9 }
For example, if the translationEntity of an natAddrBindMaxIdleTime OBJECT-TYPE
address map entry is outboundSrcEndPoint, the SYNTAX TimeTicks
translationEntity of a bind derived from this MAX-ACCESS read-only
map entry may either be outboundSrcEndPoint or STATUS deprecated
it may be bidirectional (a bitmask of DESCRIPTION
outboundSrcEndPoint and inboundDstEndPoint)." "This object indicates the maximum time for
::= { natAddrBindEntry 6 } which this bind can be idle with no sessions
attached to it.
natAddrBindType OBJECT-TYPE The value of this object is of relevance only for
SYNTAX NatAssociationType dynamic NAT."
MAX-ACCESS read-only ::= { natAddrBindEntry 10 }
STATUS deprecated
DESCRIPTION
"This object indicates whether the bind is static or
dynamic."
::= { natAddrBindEntry 7 }
natAddrBindMapIndex OBJECT-TYPE natAddrBindCurrentIdleTime OBJECT-TYPE
SYNTAX NatAddrMapId SYNTAX TimeTicks
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object is a pointer to the natAddrMapTable entry "At any given instance, this object indicates the
(and the parameters of that entry) which was used in time that this bind has been idle without any sessions
creating this BIND. This object, in conjunction with the attached to it.
ifIndex (which identifies a unique addrMapName) points to
a unique entry in the natAddrMapTable."
::= { natAddrBindEntry 8 }
natAddrBindSessions OBJECT-TYPE The value of this object is of relevance only for
SYNTAX Gauge32 dynamic NAT."
MAX-ACCESS read-only ::= { natAddrBindEntry 11 }
STATUS deprecated
DESCRIPTION
"Number of sessions currently using this BIND."
::= { natAddrBindEntry 9 }
natAddrBindMaxIdleTime OBJECT-TYPE natAddrBindInTranslates OBJECT-TYPE
SYNTAX TimeTicks SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object indicates the maximum time for "The number of inbound packets that were successfully
which this bind can be idle with no sessions translated by using this bind entry.
attached to it.
The value of this object is of relevance only for Discontinuities in the value of this counter can occur
dynamic NAT." at reinitialization of the management system and at
::= { natAddrBindEntry 10 } other times, as indicated by the value of
ifCounterDiscontinuityTime on the relevant interface."
::= { natAddrBindEntry 12 }
natAddrBindCurrentIdleTime OBJECT-TYPE natAddrBindOutTranslates OBJECT-TYPE
SYNTAX TimeTicks SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"At any given instance, this object indicates the "The number of outbound packets that were successfully
time that this bind has been idle without any sessions translated using this bind entry.
attached to it.
The value of this object is of relevance only for Discontinuities in the value of this counter can occur
dynamic NAT." at reinitialization of the management system and at
::= { natAddrBindEntry 11 } other times as indicated by the value of
ifCounterDiscontinuityTime on the relevant interface."
::= { natAddrBindEntry 13 }
natAddrBindInTranslates OBJECT-TYPE --
SYNTAX Counter64 -- Address Port Bind section
MAX-ACCESS read-only --
STATUS deprecated
DESCRIPTION
"The number of inbound packets that were successfully
translated by using this bind entry.
Discontinuities in the value of this counter can occur at natAddrPortBindNumberOfEntries OBJECT-TYPE
reinitialization of the management system and at other SYNTAX Gauge32
times, as indicated by the value of MAX-ACCESS read-only
ifCounterDiscontinuityTime on the relevant interface." STATUS deprecated
::= { natAddrBindEntry 12 } DESCRIPTION
"This object maintains a count of the number of entries
that currently exist in the natAddrPortBindTable."
::= { natMIBObjects 7 }
natAddrBindOutTranslates OBJECT-TYPE --
SYNTAX Counter64 -- The NAT Address Port Bind Table
MAX-ACCESS read-only --
STATUS deprecated
DESCRIPTION
"The number of outbound packets that were successfully
translated using this bind entry.
Discontinuities in the value of this counter can occur at natAddrPortBindTable OBJECT-TYPE
reinitialization of the management system and at other SYNTAX SEQUENCE OF NatAddrPortBindEntry
times as indicated by the value of MAX-ACCESS not-accessible
ifCounterDiscontinuityTime on the relevant interface." STATUS deprecated
::= { natAddrBindEntry 13 } DESCRIPTION
"This table holds information about the currently
active NAPT BINDs."
::= { natMIBObjects 8 }
natAddrPortBindEntry OBJECT-TYPE
SYNTAX NatAddrPortBindEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"Each entry in the this table holds information
about a NAPT bind that is currently active.
These entries are lost upon agent restart.
natAddrPortBindNumberOfEntries OBJECT-TYPE This row has indexing which may create variables with
SYNTAX Gauge32 more than 128 subidentifiers. Implementers of this
MAX-ACCESS read-only table must be careful not to create entries which would
STATUS deprecated result in OIDs that exceed the 128 subidentifier limit.
DESCRIPTION Otherwise, the information cannot be accessed using
"This object maintains a count of the number of entries SNMPv1, SNMPv2c or SNMPv3."
that currently exist in the natAddrPortBindTable." INDEX { ifIndex, natAddrPortBindLocalAddrType,
::= { natMIBObjects 7 } natAddrPortBindLocalAddr, natAddrPortBindLocalPort,
natAddrPortBindProtocol }
::= { natAddrPortBindTable 1 }
natAddrPortBindTable OBJECT-TYPE NatAddrPortBindEntry ::= SEQUENCE {
SYNTAX SEQUENCE OF NatAddrPortBindEntry natAddrPortBindLocalAddrType InetAddressType,
MAX-ACCESS not-accessible natAddrPortBindLocalAddr InetAddress,
STATUS deprecated natAddrPortBindLocalPort InetPortNumber,
DESCRIPTION natAddrPortBindProtocol NatProtocolType,
"This table holds information about the currently natAddrPortBindGlobalAddrType InetAddressType,
active NAPT BINDs." natAddrPortBindGlobalAddr InetAddress,
::= { natMIBObjects 8 } natAddrPortBindGlobalPort InetPortNumber,
natAddrPortBindId NatBindId,
natAddrPortBindTranslationEntity NatTranslationEntity,
natAddrPortBindType NatAssociationType,
natAddrPortBindMapIndex NatAddrMapId,
natAddrPortBindSessions Gauge32,
natAddrPortBindMaxIdleTime TimeTicks,
natAddrPortBindCurrentIdleTime TimeTicks,
natAddrPortBindInTranslates Counter64,
natAddrPortBindOutTranslates Counter64
}
natAddrPortBindEntry OBJECT-TYPE natAddrPortBindLocalAddrType OBJECT-TYPE
SYNTAX NatAddrPortBindEntry SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"Each entry in the this table holds information "This object specifies the address type used for
about a NAPT bind that is currently active. natAddrPortBindLocalAddr."
These entries are lost upon agent restart. ::= { natAddrPortBindEntry 1 }
This row has indexing which may create variables with natAddrPortBindLocalAddr OBJECT-TYPE
more than 128 subidentifiers. Implementers of this table SYNTAX InetAddress
must be careful not to create entries which would result MAX-ACCESS not-accessible
in OIDs that exceed the 128 subidentifier limit. STATUS deprecated
Otherwise, the information cannot be accessed using DESCRIPTION
SNMPv1, SNMPv2c or SNMPv3." "This object represents the private-realm specific
INDEX { ifIndex, natAddrPortBindLocalAddrType, network layer address which, in conjunction with
natAddrPortBindLocalAddr, natAddrPortBindLocalPort, natAddrPortBindLocalPort, maps to the public-realm
natAddrPortBindProtocol } network layer address and transport id represented by
::= { natAddrPortBindTable 1 } natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort
respectively.
NatAddrPortBindEntry ::= SEQUENCE { The type of this address is determined by the value of
natAddrPortBindLocalAddrType InetAddressType, the natAddrPortBindLocalAddrType object."
natAddrPortBindLocalAddr InetAddress, ::= { natAddrPortBindEntry 2 }
natAddrPortBindLocalPort InetPortNumber,
natAddrPortBindProtocol NatProtocolType,
natAddrPortBindGlobalAddrType InetAddressType,
natAddrPortBindGlobalAddr InetAddress,
natAddrPortBindGlobalPort InetPortNumber,
natAddrPortBindId NatBindId,
natAddrPortBindTranslationEntity NatTranslationEntity,
natAddrPortBindType NatAssociationType,
natAddrPortBindMapIndex NatAddrMapId,
natAddrPortBindSessions Gauge32,
natAddrPortBindMaxIdleTime TimeTicks,
natAddrPortBindCurrentIdleTime TimeTicks,
natAddrPortBindInTranslates Counter64,
natAddrPortBindOutTranslates Counter64
}
natAddrPortBindLocalAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"This object specifies the address type used for
natAddrPortBindLocalAddr."
::= { natAddrPortBindEntry 1 }
natAddrPortBindLocalAddr OBJECT-TYPE natAddrPortBindLocalPort OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetPortNumber
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object represents the private-realm specific network "For a protocol value TCP or UDP, this object represents
layer address which, in conjunction with the private-realm specific port number. On the other
natAddrPortBindLocalPort, maps to the public-realm hand, for ICMP a bind is created only for query/response
network layer address and transport id represented by type ICMP messages such as ICMP echo, Timestamp, and
natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort Information request messages, and this object represents
respectively. the private-realm specific identifier in the ICMP
message, as defined in RFC 792 for ICMPv4 and in RFC
2463 for ICMPv6.
The type of this address is determined by the value of This object, together with natAddrPortBindProtocol,
the natAddrPortBindLocalAddrType object." natAddrPortBindLocalAddrType, and
::= { natAddrPortBindEntry 2 } natAddrPortBindLocalAddr, constitutes a session endpoint
in the private realm. A bind entry binds a private
realm specific endpoint to a public realm specific
endpoint, as represented by the tuple of
(natAddrPortBindGlobalPort, natAddrPortBindProtocol,
natAddrPortBindGlobalAddrType, and
natAddrPortBindGlobalAddr)."
::= { natAddrPortBindEntry 3 }
natAddrPortBindLocalPort OBJECT-TYPE natAddrPortBindProtocol OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX NatProtocolType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"For a protocol value TCP or UDP, this object represents "This object specifies a protocol identifier. If the
the private-realm specific port number. On the other value of this object is none(1), then this bind entry
hand, for ICMP a bind is created only for query/response applies to all IP traffic. Any other value of this
type ICMP messages such as ICMP echo, Timestamp, and object specifies the class of IP traffic to which this
Information request messages, and this object represents BIND applies."
the private-realm specific identifier in the ICMP ::= { natAddrPortBindEntry 4 }
message, as defined in RFC 792 for ICMPv4 and in RFC
2463 for ICMPv6.
This object, together with natAddrPortBindProtocol, natAddrPortBindGlobalAddrType OBJECT-TYPE
natAddrPortBindLocalAddrType, and natAddrPortBindLocalAddr, SYNTAX InetAddressType
constitutes a session endpoint in the private realm. A MAX-ACCESS read-only
bind entry binds a private realm specific endpoint to a STATUS deprecated
public realm specific endpoint, as represented by the DESCRIPTION
tuple of (natAddrPortBindGlobalPort, "This object specifies the address type used for
natAddrPortBindProtocol, natAddrPortBindGlobalAddrType, natAddrPortBindGlobalAddr."
and natAddrPortBindGlobalAddr)." ::= { natAddrPortBindEntry 5 }
::= { natAddrPortBindEntry 3 } natAddrPortBindGlobalAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"This object represents the public-realm specific network
layer address that, in conjunction with
natAddrPortBindGlobalPort, maps to the private-realm
natAddrPortBindProtocol OBJECT-TYPE network layer address and transport id represented by
SYNTAX NatProtocolType natAddrPortBindLocalAddr and natAddrPortBindLocalPort,
MAX-ACCESS not-accessible respectively.
STATUS deprecated
DESCRIPTION
"This object specifies a protocol identifier. If the
value of this object is none(1), then this bind entry
applies to all IP traffic. Any other value of this object
specifies the class of IP traffic to which this BIND
applies."
::= { natAddrPortBindEntry 4 }
natAddrPortBindGlobalAddrType OBJECT-TYPE The type of this address is determined by the value of
SYNTAX InetAddressType the natAddrPortBindGlobalAddrType object."
MAX-ACCESS read-only ::= { natAddrPortBindEntry 6 }
STATUS deprecated
DESCRIPTION
"This object specifies the address type used for
natAddrPortBindGlobalAddr."
::= { natAddrPortBindEntry 5 }
natAddrPortBindGlobalAddr OBJECT-TYPE natAddrPortBindGlobalPort OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetPortNumber
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object represents the public-realm specific network "For a protocol value TCP or UDP, this object represents
layer address that, in conjunction with the public-realm specific port number. On the other
natAddrPortBindGlobalPort, maps to the private-realm hand, for ICMP a bind is created only for query/response
type ICMP messages such as ICMP echo, Timestamp, and
Information request messages, and this object represents
the public-realm specific identifier in the ICMP
message, as defined in RFC 792 for ICMPv4 and in RFC
2463 for ICMPv6.
network layer address and transport id represented by This object, together with natAddrPortBindProtocol,
natAddrPortBindLocalAddr and natAddrPortBindLocalPort, natAddrPortBindGlobalAddrType, and
respectively. natAddrPortBindGlobalAddr, constitutes a session
endpoint in the public realm. A bind entry binds a
public realm specific endpoint to a private realm
specific endpoint, as represented by the tuple of
(natAddrPortBindLocalPort, natAddrPortBindProtocol,
natAddrPortBindLocalAddrType, and
natAddrPortBindLocalAddr)."
::= { natAddrPortBindEntry 7 }
The type of this address is determined by the value of natAddrPortBindId OBJECT-TYPE
the natAddrPortBindGlobalAddrType object." SYNTAX NatBindId
::= { natAddrPortBindEntry 6 } MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"This object represents a bind id that is dynamically
assigned to each bind by a NAT enabled device. Each
bind is represented by a unique bind id across both
the natAddrBindTable and the natAddrPortBindTable."
::= { natAddrPortBindEntry 8 }
natAddrPortBindGlobalPort OBJECT-TYPE natAddrPortBindTranslationEntity OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX NatTranslationEntity
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"For a protocol value TCP or UDP, this object represents "This object represents the direction of sessions
the public-realm specific port number. On the other for which this bind is applicable and the entity
hand, for ICMP a bind is created only for query/response (source or destination) within the sessions that is
type ICMP messages such as ICMP echo, Timestamp, and subject to translation with the BIND.
Information request messages, and this object represents
the public-realm specific identifier in the ICMP message,
as defined in RFC 792 for ICMPv4 and in RFC 2463 for
ICMPv6.
This object, together with natAddrPortBindProtocol, Orientation of the bind can be a superset of the
natAddrPortBindGlobalAddrType, and translationEntity of the address map entry that
natAddrPortBindGlobalAddr, constitutes a session endpoint forms the basis for this bind.
in the public realm. A bind entry binds a public realm
specific endpoint to a private realm specific endpoint,
as represented by the tuple of
(natAddrPortBindLocalPort, natAddrPortBindProtocol,
natAddrPortBindLocalAddrType, and
natAddrPortBindLocalAddr)."
::= { natAddrPortBindEntry 7 }
natAddrPortBindId OBJECT-TYPE For example, if the translationEntity of an
SYNTAX NatBindId address map entry is outboundSrcEndPoint, the
MAX-ACCESS read-only translationEntity of a bind derived from this
STATUS deprecated map entry may either be outboundSrcEndPoint or
DESCRIPTION may be bidirectional (a bitmask of
"This object represents a bind id that is dynamically outboundSrcEndPoint and inboundDstEndPoint)."
assigned to each bind by a NAT enabled device. Each ::= { natAddrPortBindEntry 9 }
bind is represented by a unique bind id across both
the natAddrBindTable and the natAddrPortBindTable."
::= { natAddrPortBindEntry 8 }
natAddrPortBindTranslationEntity OBJECT-TYPE natAddrPortBindType OBJECT-TYPE
SYNTAX NatTranslationEntity SYNTAX NatAssociationType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object represents the direction of sessions "This object indicates whether the bind is static or
for which this bind is applicable and the entity dynamic."
(source or destination) within the sessions that is ::= { natAddrPortBindEntry 10 }
subject to translation with the BIND.
Orientation of the bind can be a superset of the natAddrPortBindMapIndex OBJECT-TYPE
translationEntity of the address map entry that SYNTAX NatAddrMapId
forms the basis for this bind. MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"This object is a pointer to the natAddrMapTable entry
(and the parameters of that entry) used in
creating this BIND. This object, in conjunction with
the ifIndex (which identifies a unique addrMapName),
points to a unique entry in the natAddrMapTable."
::= { natAddrPortBindEntry 11 }
For example, if the translationEntity of an natAddrPortBindSessions OBJECT-TYPE
address map entry is outboundSrcEndPoint, the SYNTAX Gauge32
translationEntity of a bind derived from this MAX-ACCESS read-only
map entry may either be outboundSrcEndPoint or STATUS deprecated
may be bidirectional (a bitmask of DESCRIPTION
outboundSrcEndPoint and inboundDstEndPoint)." "Number of sessions currently using this BIND."
::= { natAddrPortBindEntry 12 }
::= { natAddrPortBindEntry 9 } natAddrPortBindMaxIdleTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS deprecated
natAddrPortBindType OBJECT-TYPE DESCRIPTION
SYNTAX NatAssociationType "This object indicates the maximum time for
MAX-ACCESS read-only which this bind can be idle without any sessions
STATUS deprecated attached to it.
DESCRIPTION The value of this object is of relevance
"This object indicates whether the bind is static or only for dynamic NAT."
dynamic." ::= { natAddrPortBindEntry 13 }
::= { natAddrPortBindEntry 10 }
natAddrPortBindMapIndex OBJECT-TYPE natAddrPortBindCurrentIdleTime OBJECT-TYPE
SYNTAX NatAddrMapId SYNTAX TimeTicks
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object is a pointer to the natAddrMapTable entry "At any given instance, this object indicates the
(and the parameters of that entry) used in time that this bind has been idle without any sessions
creating this BIND. This object, in conjunction with the attached to it.
ifIndex (which identifies a unique addrMapName), points
to a unique entry in the natAddrMapTable."
::= { natAddrPortBindEntry 11 }
natAddrPortBindSessions OBJECT-TYPE The value of this object is of relevance
SYNTAX Gauge32 only for dynamic NAT."
MAX-ACCESS read-only ::= { natAddrPortBindEntry 14 }
STATUS deprecated
DESCRIPTION
"Number of sessions currently using this BIND."
::= { natAddrPortBindEntry 12 }
natAddrPortBindMaxIdleTime OBJECT-TYPE natAddrPortBindInTranslates OBJECT-TYPE
SYNTAX TimeTicks SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION
"The number of inbound packets that were translated as
per this bind entry.
DESCRIPTION Discontinuities in the value of this counter can occur
"This object indicates the maximum time for at reinitialization of the management system and at
which this bind can be idle without any sessions other times, as indicated by the value of
attached to it. ifCounterDiscontinuityTime on the relevant interface."
The value of this object is of relevance ::= { natAddrPortBindEntry 15 }
only for dynamic NAT."
::= { natAddrPortBindEntry 13 }
natAddrPortBindCurrentIdleTime OBJECT-TYPE natAddrPortBindOutTranslates OBJECT-TYPE
SYNTAX TimeTicks SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"At any given instance, this object indicates the "The number of outbound packets that were translated as
time that this bind has been idle without any sessions per this bind entry.
attached to it.
The value of this object is of relevance Discontinuities in the value of this counter can occur
only for dynamic NAT." at reinitialization of the management system and at
::= { natAddrPortBindEntry 14 } other times, as indicated by the value of
ifCounterDiscontinuityTime on the relevant interface."
::= { natAddrPortBindEntry 16 }
natAddrPortBindInTranslates OBJECT-TYPE --
SYNTAX Counter64 -- The Session Table
MAX-ACCESS read-only --
STATUS deprecated
DESCRIPTION
"The number of inbound packets that were translated as per
this bind entry.
Discontinuities in the value of this counter can occur at natSessionTable OBJECT-TYPE
reinitialization of the management system and at other SYNTAX SEQUENCE OF NatSessionEntry
times, as indicated by the value of MAX-ACCESS not-accessible
ifCounterDiscontinuityTime on the relevant interface." STATUS deprecated
::= { natAddrPortBindEntry 15 } DESCRIPTION
"The (conceptual) table containing one entry for each
NAT session currently active on this NAT device."
::= { natMIBObjects 9 }
natAddrPortBindOutTranslates OBJECT-TYPE natSessionEntry OBJECT-TYPE
SYNTAX Counter64 SYNTAX NatSessionEntry
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The number of outbound packets that were translated as per "An entry (conceptual row) containing information
this bind entry. about an active NAT session on this NAT device.
These entries are lost upon agent restart."
INDEX { ifIndex, natSessionIndex }
::= { natSessionTable 1 }
Discontinuities in the value of this counter can occur at NatSessionEntry ::= SEQUENCE {
reinitialization of the management system and at other natSessionIndex NatSessionId,
times, as indicated by the value of natSessionPrivateSrcEPBindId NatBindIdOrZero,
ifCounterDiscontinuityTime on the relevant interface." natSessionPrivateSrcEPBindMode NatBindMode,
::= { natAddrPortBindEntry 16 } natSessionPrivateDstEPBindId NatBindIdOrZero,
natSessionPrivateDstEPBindMode NatBindMode,
natSessionDirection INTEGER,
natSessionUpTime TimeTicks,
natSessionAddrMapIndex NatAddrMapId,
natSessionProtocolType NatProtocolType,
natSessionPrivateAddrType InetAddressType,
natSessionPrivateSrcAddr InetAddress,
natSessionPrivateSrcPort InetPortNumber,
natSessionPrivateDstAddr InetAddress,
natSessionPrivateDstPort InetPortNumber,
natSessionPublicAddrType InetAddressType,
natSessionPublicSrcAddr InetAddress,
natSessionPublicSrcPort InetPortNumber,
natSessionPublicDstAddr InetAddress,
natSessionPublicDstPort InetPortNumber,
natSessionMaxIdleTime TimeTicks,
natSessionCurrentIdleTime TimeTicks,
natSessionInTranslates Counter64,
natSessionOutTranslates Counter64
}
natSessionIndex OBJECT-TYPE
SYNTAX NatSessionId
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"The session ID for this NAT session."
::= { natSessionEntry 1 }
natSessionTable OBJECT-TYPE natSessionPrivateSrcEPBindId OBJECT-TYPE
SYNTAX SEQUENCE OF NatSessionEntry SYNTAX NatBindIdOrZero
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The (conceptual) table containing one entry for each "The bind id associated between private and public
NAT session currently active on this NAT device." source end points. In the case of Symmetric-NAT,
this should be set to zero."
::= { natSessionEntry 2 }
::= { natMIBObjects 9 } natSessionPrivateSrcEPBindMode OBJECT-TYPE
SYNTAX NatBindMode
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"This object indicates whether the bind indicated
by the object natSessionPrivateSrcEPBindId
is an address bind or an address port bind."
::= { natSessionEntry 3 }
natSessionEntry OBJECT-TYPE natSessionPrivateDstEPBindId OBJECT-TYPE
SYNTAX NatSessionEntry SYNTAX NatBindIdOrZero
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"An entry (conceptual row) containing information "The bind id associated between private and public
about an active NAT session on this NAT device. destination end points."
These entries are lost upon agent restart." ::= { natSessionEntry 4 }
INDEX { ifIndex, natSessionIndex }
::= { natSessionTable 1 }
NatSessionEntry ::= SEQUENCE { natSessionPrivateDstEPBindMode OBJECT-TYPE
natSessionIndex NatSessionId, SYNTAX NatBindMode
natSessionPrivateSrcEPBindId NatBindIdOrZero, MAX-ACCESS read-only
natSessionPrivateSrcEPBindMode NatBindMode, STATUS deprecated
natSessionPrivateDstEPBindId NatBindIdOrZero, DESCRIPTION
natSessionPrivateDstEPBindMode NatBindMode, "This object indicates whether the bind indicated
natSessionDirection INTEGER, by the object natSessionPrivateDstEPBindId
natSessionUpTime TimeTicks, is an address bind or an address port bind."
natSessionAddrMapIndex NatAddrMapId, ::= { natSessionEntry 5 }
natSessionProtocolType NatProtocolType,
natSessionPrivateAddrType InetAddressType,
natSessionPrivateSrcAddr InetAddress,
natSessionPrivateSrcPort InetPortNumber,
natSessionPrivateDstAddr InetAddress,
natSessionPrivateDstPort InetPortNumber,
natSessionPublicAddrType InetAddressType,
natSessionPublicSrcAddr InetAddress,
natSessionPublicSrcPort InetPortNumber,
natSessionPublicDstAddr InetAddress,
natSessionPublicDstPort InetPortNumber,
natSessionMaxIdleTime TimeTicks,
natSessionCurrentIdleTime TimeTicks,
natSessionInTranslates Counter64,
natSessionOutTranslates Counter64
}
natSessionIndex OBJECT-TYPE natSessionDirection OBJECT-TYPE
SYNTAX NatSessionId SYNTAX INTEGER {
MAX-ACCESS not-accessible inbound (1),
STATUS deprecated outbound (2)
DESCRIPTION }
"The session ID for this NAT session."
::= { natSessionEntry 1 }
natSessionPrivateSrcEPBindId OBJECT-TYPE MAX-ACCESS read-only
SYNTAX NatBindIdOrZero STATUS deprecated
MAX-ACCESS read-only DESCRIPTION
STATUS deprecated "The direction of this session with respect to the
DESCRIPTION local network. 'inbound' indicates that this session
"The bind id associated between private and public was initiated from the public network into the private
source end points. In the case of Symmetric-NAT, network. 'outbound' indicates that this session was
this should be set to zero." initiated from the private network into the public
::= { natSessionEntry 2 } network."
::= { natSessionEntry 6 }
natSessionPrivateSrcEPBindMode OBJECT-TYPE natSessionUpTime OBJECT-TYPE
SYNTAX NatBindMode SYNTAX TimeTicks
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object indicates whether the bind indicated "The up time of this session in one-hundredths of a
by the object natSessionPrivateSrcEPBindId second."
is an address bind or an address port bind." ::= { natSessionEntry 7 }
::= { natSessionEntry 3 }
natSessionPrivateDstEPBindId OBJECT-TYPE natSessionAddrMapIndex OBJECT-TYPE
SYNTAX NatBindIdOrZero SYNTAX NatAddrMapId
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The bind id associated between private and public "This object is a pointer to the natAddrMapTable entry
destination end points." (and the parameters of that entry) used in
::= { natSessionEntry 4 } creating this session. This object, in conjunction with
the ifIndex (which identifies a unique addrMapName),
points to a unique entry in the natAddrMapTable."
::= { natSessionEntry 8 }
natSessionPrivateDstEPBindMode OBJECT-TYPE natSessionProtocolType OBJECT-TYPE
SYNTAX NatBindMode SYNTAX NatProtocolType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object indicates whether the bind indicated "The protocol type of this session."
by the object natSessionPrivateDstEPBindId ::= { natSessionEntry 9 }
is an address bind or an address port bind."
::= { natSessionEntry 5 }
natSessionDirection OBJECT-TYPE natSessionPrivateAddrType OBJECT-TYPE
SYNTAX INTEGER { SYNTAX InetAddressType
inbound (1), MAX-ACCESS read-only
outbound (2) STATUS deprecated
} DESCRIPTION
"This object specifies the address type used for
natSessionPrivateSrcAddr and natSessionPrivateDstAddr."
::= { natSessionEntry 10 }
MAX-ACCESS read-only natSessionPrivateSrcAddr OBJECT-TYPE
STATUS deprecated SYNTAX InetAddress
DESCRIPTION MAX-ACCESS read-only
"The direction of this session with respect to the STATUS deprecated
local network. 'inbound' indicates that this session DESCRIPTION
was initiated from the public network into the private "The source IP address of the session endpoint that
network. 'outbound' indicates that this session was lies in the private network.
initiated from the private network into the public
network."
::= { natSessionEntry 6 }
natSessionUpTime OBJECT-TYPE The value of this object must be zero only when the
SYNTAX TimeTicks natSessionPrivateSrcEPBindId object has a zero value.
MAX-ACCESS read-only When the value of this object is zero, the NAT session
STATUS deprecated lookup will match any IP address to this field.
DESCRIPTION
"The up time of this session in one-hundredths of a
second."
::= { natSessionEntry 7 }
natSessionAddrMapIndex OBJECT-TYPE The type of this address is determined by the value of
SYNTAX NatAddrMapId the natSessionPrivateAddrType object."
MAX-ACCESS read-only ::= { natSessionEntry 11 }
STATUS deprecated
DESCRIPTION
"This object is a pointer to the natAddrMapTable entry
(and the parameters of that entry) used in
creating this session. This object, in conjunction with
the ifIndex (which identifies a unique addrMapName), points
to a unique entry in the natAddrMapTable."
::= { natSessionEntry 8 }
natSessionProtocolType OBJECT-TYPE natSessionPrivateSrcPort OBJECT-TYPE
SYNTAX NatProtocolType SYNTAX InetPortNumber
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The protocol type of this session." "When the value of protocol is TCP or UDP, this object
::= { natSessionEntry 9 } represents the source port in the first packet of
session while in private-realm. On the other hand, when
the protocol is ICMP, a NAT session is created only for
query/response type ICMP messages such as ICMP echo,
Timestamp, and Information request messages, and this
object represents the private-realm specific identifier
in the ICMP message, as defined in RFC 792 for ICMPv4
and in RFC 2463 for ICMPv6.
natSessionPrivateAddrType OBJECT-TYPE The value of this object must be zero when the
SYNTAX InetAddressType natSessionPrivateSrcEPBindId object has zero value
MAX-ACCESS read-only and value of natSessionPrivateSrcEPBindMode is
STATUS deprecated addressPortBind(2). In such a case, the NAT session
DESCRIPTION lookup will match any port number to this field.
"This object specifies the address type used for
natSessionPrivateSrcAddr and natSessionPrivateDstAddr."
::= { natSessionEntry 10 }
natSessionPrivateSrcAddr OBJECT-TYPE The value of this object must be zero when the object
SYNTAX InetAddress is not a representative field (SrcPort, DstPort, or
MAX-ACCESS read-only ICMP identifier) of the session tuple in either the
STATUS deprecated public realm or the private realm."
DESCRIPTION ::= { natSessionEntry 12 }
"The source IP address of the session endpoint that
lies in the private network.
The value of this object must be zero only when the natSessionPrivateDstAddr OBJECT-TYPE
natSessionPrivateSrcEPBindId object has a zero value. SYNTAX InetAddress
When the value of this object is zero, the NAT session MAX-ACCESS read-only
lookup will match any IP address to this field. STATUS deprecated
DESCRIPTION
"The destination IP address of the session endpoint that
lies in the private network.
The type of this address is determined by the value of The value of this object must be zero when the
the natSessionPrivateAddrType object." natSessionPrivateDstEPBindId object has a zero value.
::= { natSessionEntry 11 } In such a scenario, the NAT session lookup will match
any IP address to this field.
natSessionPrivateSrcPort OBJECT-TYPE The type of this address is determined by the value of
SYNTAX InetPortNumber the natSessionPrivateAddrType object."
MAX-ACCESS read-only ::= { natSessionEntry 13 }
STATUS deprecated
DESCRIPTION
"When the value of protocol is TCP or UDP, this object
represents the source port in the first packet of session
while in private-realm. On the other hand, when the
protocol is ICMP, a NAT session is created only for
query/response type ICMP messages such as ICMP echo,
Timestamp, and Information request messages, and this
object represents the private-realm specific identifier
in the ICMP message, as defined in RFC 792 for ICMPv4
and in RFC 2463 for ICMPv6.
The value of this object must be zero when the natSessionPrivateDstPort OBJECT-TYPE
natSessionPrivateSrcEPBindId object has zero value SYNTAX InetPortNumber
and value of natSessionPrivateSrcEPBindMode is MAX-ACCESS read-only
addressPortBind(2). In such a case, the NAT session STATUS deprecated
lookup will match any port number to this field. DESCRIPTION
"When the value of protocol is TCP or UDP, this object
represents the destination port in the first packet
of session while in private-realm. On the other hand,
when the protocol is ICMP, this object is not relevant
and should be set to zero.
The value of this object must be zero when the object The value of this object must be zero when the
is not a representative field (SrcPort, DstPort, or natSessionPrivateDstEPBindId object has a zero
ICMP identifier) of the session tuple in either the value and natSessionPrivateDstEPBindMode is set to
public realm or the private realm." addressPortBind(2). In such a case, the NAT session
::= { natSessionEntry 12 } lookup will match any port number to this field.
natSessionPrivateDstAddr OBJECT-TYPE The value of this object must be zero when the object
SYNTAX InetAddress is not a representative field (SrcPort, DstPort, or
MAX-ACCESS read-only ICMP identifier) of the session tuple in either the
STATUS deprecated public realm or the private realm."
DESCRIPTION ::= { natSessionEntry 14 }
"The destination IP address of the session endpoint that
lies in the private network.
The value of this object must be zero when the natSessionPublicAddrType OBJECT-TYPE
natSessionPrivateDstEPBindId object has a zero value. SYNTAX InetAddressType
In such a scenario, the NAT session lookup will match MAX-ACCESS read-only
any IP address to this field. STATUS deprecated
DESCRIPTION
"This object specifies the address type used for
natSessionPublicSrcAddr and natSessionPublicDstAddr."
::= { natSessionEntry 15 }
The type of this address is determined by the value of natSessionPublicSrcAddr OBJECT-TYPE
the natSessionPrivateAddrType object." SYNTAX InetAddress
::= { natSessionEntry 13 } MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The source IP address of the session endpoint that
lies in the public network.
natSessionPrivateDstPort OBJECT-TYPE The value of this object must be zero when the
SYNTAX InetPortNumber natSessionPrivateSrcEPBindId object has a zero value.
MAX-ACCESS read-only In such a scenario, the NAT session lookup will match
STATUS deprecated any IP address to this field.
DESCRIPTION
"When the value of protocol is TCP or UDP, this object
represents the destination port in the first packet
of session while in private-realm. On the other hand,
when the protocol is ICMP, this object is not relevant
and should be set to zero.
The value of this object must be zero when the The type of this address is determined by the value of
natSessionPrivateDstEPBindId object has a zero the natSessionPublicAddrType object."
value and natSessionPrivateDstEPBindMode is set to ::= { natSessionEntry 16 }
addressPortBind(2). In such a case, the NAT session
lookup will match any port number to this field.
The value of this object must be zero when the object natSessionPublicSrcPort OBJECT-TYPE
is not a representative field (SrcPort, DstPort, or SYNTAX InetPortNumber
ICMP identifier) of the session tuple in either the MAX-ACCESS read-only
public realm or the private realm." STATUS deprecated
::= { natSessionEntry 14 } DESCRIPTION
"When the value of protocol is TCP or UDP, this object
represents the source port in the first packet of
session while in public-realm. On the other hand, when
protocol is ICMP, a NAT session is created only for
query/response type ICMP messages such as ICMP echo,
Timestamp, and Information request messages, and this
object represents the public-realm specific identifier
in the ICMP message, as defined in RFC 792 for ICMPv4
and in RFC 2463 for ICMPv6.
natSessionPublicAddrType OBJECT-TYPE The value of this object must be zero when the
SYNTAX InetAddressType natSessionPrivateSrcEPBindId object has a zero value
MAX-ACCESS read-only and natSessionPrivateSrcEPBindMode is set to
STATUS deprecated addressPortBind(2). In such a scenario, the NAT
DESCRIPTION session lookup will match any port number to this
"This object specifies the address type used for field.
natSessionPublicSrcAddr and natSessionPublicDstAddr."
::= { natSessionEntry 15 }
natSessionPublicSrcAddr OBJECT-TYPE The value of this object must be zero when the object
SYNTAX InetAddress is not a representative field (SrcPort, DstPort or
MAX-ACCESS read-only ICMP identifier) of the session tuple in either the
STATUS deprecated public realm or the private realm."
DESCRIPTION ::= { natSessionEntry 17 }
"The source IP address of the session endpoint that
lies in the public network.
The value of this object must be zero when the natSessionPublicDstAddr OBJECT-TYPE
natSessionPrivateSrcEPBindId object has a zero value. SYNTAX InetAddress
In such a scenario, the NAT session lookup will match MAX-ACCESS read-only
any IP address to this field. STATUS deprecated
DESCRIPTION
"The destination IP address of the session endpoint that
lies in the public network.
The type of this address is determined by the value of The value of this object must be non-zero when the
the natSessionPublicAddrType object." natSessionPrivateDstEPBindId object has a non-zero
::= { natSessionEntry 16 } value. If the value of this object and the
corresponding natSessionPrivateDstEPBindId object value
is zero, then the NAT session lookup will match any IP
address to this field.
natSessionPublicSrcPort OBJECT-TYPE The type of this address is determined by the value of
SYNTAX InetPortNumber the natSessionPublicAddrType object."
MAX-ACCESS read-only ::= { natSessionEntry 18 }
STATUS deprecated
DESCRIPTION
"When the value of protocol is TCP or UDP, this object
represents the source port in the first packet of
session while in public-realm. On the other hand, when
protocol is ICMP, a NAT session is created only for
query/response type ICMP messages such as ICMP echo,
Timestamp, and Information request messages, and this
object represents the public-realm specific identifier
in the ICMP message, as defined in RFC 792 for ICMPv4
and in RFC 2463 for ICMPv6.
The value of this object must be zero when the natSessionPublicDstPort OBJECT-TYPE
natSessionPrivateSrcEPBindId object has a zero value SYNTAX InetPortNumber
and natSessionPrivateSrcEPBindMode is set to MAX-ACCESS read-only
addressPortBind(2). In such a scenario, the NAT STATUS deprecated
session lookup will match any port number to this DESCRIPTION
field. "When the value of protocol is TCP or UDP, this object
represents the destination port in the first packet of
session while in public-realm. On the other hand, when
the protocol is ICMP, this object is not relevant for
translation and should be zero.
The value of this object must be zero when the object The value of this object must be zero when the
is not a representative field (SrcPort, DstPort or natSessionPrivateDstEPBindId object has a zero value
ICMP identifier) of the session tuple in either the and natSessionPrivateDstEPBindMode is
public realm or the private realm." addressPortBind(2). In such a scenario, the NAT
::= { natSessionEntry 17 } session lookup will match any port number to this
field.
natSessionPublicDstAddr OBJECT-TYPE The value of this object must be zero when the object
SYNTAX InetAddress is not a representative field (SrcPort, DstPort, or
MAX-ACCESS read-only ICMP identifier) of the session tuple in either the
STATUS deprecated public realm or the private realm."
DESCRIPTION ::= { natSessionEntry 19 }
"The destination IP address of the session endpoint that
lies in the public network.
The value of this object must be non-zero when the natSessionMaxIdleTime OBJECT-TYPE
natSessionPrivateDstEPBindId object has a non-zero SYNTAX TimeTicks
value. If the value of this object and the MAX-ACCESS read-only
corresponding natSessionPrivateDstEPBindId object value STATUS deprecated
is zero, then the NAT session lookup will match any IP DESCRIPTION
address to this field. "The max time for which this session can be idle
without detecting a packet."
::= { natSessionEntry 20 }
The type of this address is determined by the value of natSessionCurrentIdleTime OBJECT-TYPE
the natSessionPublicAddrType object." SYNTAX TimeTicks
::= { natSessionEntry 18 } MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The time since a packet belonging to this session was
last detected."
::= { natSessionEntry 21 }
natSessionPublicDstPort OBJECT-TYPE natSessionInTranslates OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"When the value of protocol is TCP or UDP, this object "The number of inbound packets that were translated for
represents the destination port in the first packet of this session.
session while in public-realm. On the other hand, when
the protocol is ICMP, this object is not relevant for
translation and should be zero.
The value of this object must be zero when the Discontinuities in the value of this counter can occur
natSessionPrivateDstEPBindId object has a zero value at reinitialization of the management system and at
and natSessionPrivateDstEPBindMode is other times, as indicated by the value of
addressPortBind(2). In such a scenario, the NAT ifCounterDiscontinuityTime on the relevant interface."
session lookup will match any port number to this ::= { natSessionEntry 22 }
field.
The value of this object must be zero when the object natSessionOutTranslates OBJECT-TYPE
is not a representative field (SrcPort, DstPort, or SYNTAX Counter64
ICMP identifier) of the session tuple in either the MAX-ACCESS read-only
public realm or the private realm." STATUS deprecated
::= { natSessionEntry 19 } DESCRIPTION
"The number of outbound packets that were translated for
this session.
natSessionMaxIdleTime OBJECT-TYPE Discontinuities in the value of this counter can occur
SYNTAX TimeTicks at reinitialization of the management system and at
MAX-ACCESS read-only other times, as indicated by the value of
STATUS deprecated ifCounterDiscontinuityTime on the relevant interface."
DESCRIPTION ::= { natSessionEntry 23 }
"The max time for which this session can be idle
without detecting a packet."
::= { natSessionEntry 20 }
natSessionCurrentIdleTime OBJECT-TYPE --
SYNTAX TimeTicks -- The Protocol table
MAX-ACCESS read-only --
STATUS deprecated
DESCRIPTION
"The time since a packet belonging to this session was
last detected."
::= { natSessionEntry 21 } natProtocolTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatProtocolEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"The (conceptual) table containing per protocol NAT
statistics."
::= { natMIBObjects 10 }
natSessionInTranslates OBJECT-TYPE natProtocolEntry OBJECT-TYPE
SYNTAX Counter64 SYNTAX NatProtocolEntry
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The number of inbound packets that were translated for "An entry (conceptual row) containing NAT statistics
this session. pertaining to a particular protocol."
INDEX { natProtocol }
::= { natProtocolTable 1 }
Discontinuities in the value of this counter can occur at NatProtocolEntry ::= SEQUENCE {
reinitialization of the management system and at other natProtocol NatProtocolType,
times, as indicated by the value of natProtocolInTranslates Counter64,
ifCounterDiscontinuityTime on the relevant interface." natProtocolOutTranslates Counter64,
::= { natSessionEntry 22 } natProtocolDiscards Counter64
natSessionOutTranslates OBJECT-TYPE }
SYNTAX Counter64
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of outbound packets that were translated for
this session.
Discontinuities in the value of this counter can occur at natProtocol OBJECT-TYPE
reinitialization of the management system and at other SYNTAX NatProtocolType
times, as indicated by the value of MAX-ACCESS not-accessible
ifCounterDiscontinuityTime on the relevant interface." STATUS deprecated
::= { natSessionEntry 23 } DESCRIPTION
"This object represents the protocol pertaining to which
parameters are reported."
::= { natProtocolEntry 1 }
natProtocolInTranslates OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of inbound packets pertaining to the protocol
identified by natProtocol that underwent NAT.
natProtocolTable OBJECT-TYPE Discontinuities in the value of this counter can occur
SYNTAX SEQUENCE OF NatProtocolEntry at reinitialization of the management system and at
MAX-ACCESS not-accessible other times, as indicated by the value of
STATUS deprecated ifCounterDiscontinuityTime on the relevant interface."
DESCRIPTION ::= { natProtocolEntry 2 }
"The (conceptual) table containing per protocol NAT
statistics."
::= { natMIBObjects 10 }
natProtocolEntry OBJECT-TYPE natProtocolOutTranslates OBJECT-TYPE
SYNTAX NatProtocolEntry SYNTAX Counter64
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"An entry (conceptual row) containing NAT statistics "The number of outbound packets pertaining to the
pertaining to a particular protocol." protocol identified by natProtocol that underwent NAT.
INDEX { natProtocol }
::= { natProtocolTable 1 }
NatProtocolEntry ::= SEQUENCE { Discontinuities in the value of this counter can occur
natProtocol NatProtocolType, at reinitialization of the management system and at
natProtocolInTranslates Counter64, other times, as indicated by the value of
natProtocolOutTranslates Counter64, ifCounterDiscontinuityTime on the relevant interface."
natProtocolDiscards Counter64 ::= { natProtocolEntry 3 }
}
natProtocol OBJECT-TYPE natProtocolDiscards OBJECT-TYPE
SYNTAX NatProtocolType SYNTAX Counter64
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"This object represents the protocol pertaining to which "The number of packets pertaining to the protocol
parameters are reported." identified by natProtocol that had to be
::= { natProtocolEntry 1 } rejected/dropped due to lack of resources. These
rejections could be due to session timeout, resource
unavailability, lack of address space, etc.
natProtocolInTranslates OBJECT-TYPE Discontinuities in the value of this counter can occur
SYNTAX Counter64 at reinitialization of the management system and at
MAX-ACCESS read-only other times, as indicated by the value of
STATUS deprecated ifCounterDiscontinuityTime on the relevant interface."
DESCRIPTION ::= { natProtocolEntry 4 }
"The number of inbound packets pertaining to the protocol
identified by natProtocol that underwent NAT.
Discontinuities in the value of this counter can occur at --
reinitialization of the management system and at other -- Notifications section
times, as indicated by the value of --
ifCounterDiscontinuityTime on the relevant interface."
::= { natProtocolEntry 2 }
natProtocolOutTranslates OBJECT-TYPE natMIBNotifications OBJECT IDENTIFIER ::= { natMIB 0 }
SYNTAX Counter64
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of outbound packets pertaining to the protocol
identified by natProtocol that underwent NAT.
Discontinuities in the value of this counter can occur at --
reinitialization of the management system and at other -- Notifications
times, as indicated by the value of --
ifCounterDiscontinuityTime on the relevant interface."
::= { natProtocolEntry 3 }
natProtocolDiscards OBJECT-TYPE natPacketDiscard NOTIFICATION-TYPE
SYNTAX Counter64 OBJECTS { ifIndex }
MAX-ACCESS read-only STATUS deprecated
STATUS deprecated DESCRIPTION
DESCRIPTION "This notification is generated when IP packets are
"The number of packets pertaining to the protocol discarded by the NAT function; e.g., due to lack of
identified by natProtocol that had to be mapping space when NAT is out of addresses or ports.
rejected/dropped due to lack of resources. These
rejections could be due to session timeout, resource
unavailability, lack of address space, etc.
Discontinuities in the value of this counter can occur at Note that the generation of natPacketDiscard
reinitialization of the management system and at other notifications is throttled by the agent, as specified
times, as indicated by the value of by the 'natNotifThrottlingInterval' object."
ifCounterDiscontinuityTime on the relevant interface." ::= { natMIBNotifications 1 }
::= { natProtocolEntry 4 }
--
-- Conformance information.
--
natMIBNotifications OBJECT IDENTIFIER ::= { natMIB 0 } natMIBConformance OBJECT IDENTIFIER ::= { natMIB 2 }
natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 }
natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 }
natPacketDiscard NOTIFICATION-TYPE --
OBJECTS { ifIndex } -- Units of conformance
STATUS deprecated --
DESCRIPTION
"This notification is generated when IP packets are
discarded by the NAT function; e.g., due to lack of
mapping space when NAT is out of addresses or ports.
Note that the generation of natPacketDiscard natConfigGroup OBJECT-GROUP
notifications is throttled by the agent, as specified OBJECTS { natInterfaceRealm,
by the 'natNotifThrottlingInterval' object." natInterfaceServiceType,
::= { natMIBNotifications 1 } natInterfaceStorageType,
natInterfaceRowStatus,
natAddrMapName,
natAddrMapEntryType,
natAddrMapTranslationEntity,
natAddrMapLocalAddrType,
natAddrMapLocalAddrFrom,
natAddrMapLocalAddrTo,
natAddrMapLocalPortFrom,
natAddrMapLocalPortTo,
natAddrMapGlobalAddrType,
natAddrMapGlobalAddrFrom,
natAddrMapGlobalAddrTo,
natAddrMapGlobalPortFrom,
natAddrMapGlobalPortTo,
natAddrMapProtocol,
natAddrMapStorageType,
natAddrMapRowStatus,
natBindDefIdleTimeout,
natUdpDefIdleTimeout,
natIcmpDefIdleTimeout,
natOtherDefIdleTimeout,
natTcpDefIdleTimeout,
natTcpDefNegTimeout,
natNotifThrottlingInterval }
STATUS deprecated
DESCRIPTION
"A collection of configuration-related information
required to support management of devices supporting
NAT."
::= { natMIBGroups 1 }
natNotifPoolWatermarkLow NOTIFICATION-TYPE natTranslationGroup OBJECT-GROUP
OBJECTS { natPoolIndex } OBJECTS { natAddrBindNumberOfEntries,
STATUS current natAddrBindGlobalAddrType,
DESCRIPTION natAddrBindGlobalAddr,
"This notification is generated when the specified pool's number natAddrBindId,
of free addresses becomes lower than or equal to the specified natAddrBindTranslationEntity,
threshold. The threshold is specified by the natAddrBindType,
natPoolWatermarkLow object" natAddrBindMapIndex,
natAddrBindSessions,
natAddrBindMaxIdleTime,
natAddrBindCurrentIdleTime,
natAddrBindInTranslates,
natAddrBindOutTranslates,
natAddrPortBindNumberOfEntries,
natAddrPortBindGlobalAddrType,
natAddrPortBindGlobalAddr,
natAddrPortBindGlobalPort,
natAddrPortBindId,
natAddrPortBindTranslationEntity,
natAddrPortBindType,
natAddrPortBindMapIndex,
natAddrPortBindSessions,
natAddrPortBindMaxIdleTime,
natAddrPortBindCurrentIdleTime,
natAddrPortBindInTranslates,
natAddrPortBindOutTranslates,
natSessionPrivateSrcEPBindId,
natSessionPrivateSrcEPBindMode,
natSessionPrivateDstEPBindId,
natSessionPrivateDstEPBindMode,
natSessionDirection,
natSessionUpTime,
natSessionAddrMapIndex,
natSessionProtocolType,
natSessionPrivateAddrType,
natSessionPrivateSrcAddr,
natSessionPrivateSrcPort,
natSessionPrivateDstAddr,
natSessionPrivateDstPort,
natSessionPublicAddrType,
natSessionPublicSrcAddr,
natSessionPublicSrcPort,
natSessionPublicDstAddr,
natSessionPublicDstPort,
natSessionMaxIdleTime,
natSessionCurrentIdleTime,
natSessionInTranslates,
natSessionOutTranslates }
STATUS deprecated
::= { natMIBNotifications 2 } DESCRIPTION
"A collection of BIND-related objects required to support
management of devices supporting NAT."
::= { natMIBGroups 2 }
natNotifPoolWatermarkHigh NOTIFICATION-TYPE natStatsInterfaceGroup OBJECT-GROUP
OBJECTS { natPoolIndex } OBJECTS { natInterfaceInTranslates,
STATUS current natInterfaceOutTranslates,
DESCRIPTION natInterfaceDiscards }
"This notification is generated when the specified pool's number STATUS deprecated
of free addresses becomes greater than or equal to the DESCRIPTION
specified threshold. The threshold is specified by the "A collection of NAT statistics associated with the
natPoolWatermarkHigh object" interface on which NAT is configured, to aid
::= { natMIBNotifications 3 } troubleshooting/monitoring of the NAT operation."
::= { natMIBGroups 3 }
natNotifMappings NOTIFICATION-TYPE natStatsProtocolGroup OBJECT-GROUP
OBJECTS { natCntMappings } OBJECTS { natProtocolInTranslates,
STATUS current natProtocolOutTranslates,
DESCRIPTION natProtocolDiscards }
"This notification is generated when natCntMappings exceeds STATUS deprecated
the value of natMappingsNotifyThreshold." DESCRIPTION
::= { natMIBNotifications 4 } "A collection of protocol specific NAT statistics,
to aid troubleshooting/monitoring of NAT operation."
::= { natMIBGroups 4 }
natNotifAddrMappings NOTIFICATION-TYPE natStatsAddrMapGroup OBJECT-GROUP
OBJECTS { natCntAddressMappings } OBJECTS { natAddrMapInTranslates,
STATUS current natAddrMapOutTranslates,
DESCRIPTION natAddrMapDiscards,
"This notification is generated when natCntAddressMappings natAddrMapAddrUsed }
exceeds the value of natAddrMapNotifyThreshold." STATUS deprecated
::= { natMIBNotifications 5 } DESCRIPTION
"A collection of address map specific NAT statistics,
to aid troubleshooting/monitoring of NAT operation."
::= { natMIBGroups 5 }
natNotifSubscriberMappings NOTIFICATION-TYPE natMIBNotificationGroup NOTIFICATION-GROUP
OBJECTS { natSubscriberCntMappings } NOTIFICATIONS { natPacketDiscard }
STATUS current STATUS deprecated
DESCRIPTION DESCRIPTION
"This notification is generated when natSubscriberCntMappings "A collection of notifications generated by
exceeds the value of natSubscriberMapNotifyThresh, unless devices supporting this MIB."
natSubscriberMapNotifyThresh is zero.." ::= { natMIBGroups 6 }
::= { NatNotifications 6 }
--
-- Compliance statements
--
natMIBConformance OBJECT IDENTIFIER ::= { natMIB 2 } natMIBFullCompliance MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"When this MIB is implemented with support for
read-create, then such an implementation can claim
full compliance. Such devices can then be both
monitored and configured with this MIB.
natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 } The following index objects cannot be added as OBJECT
natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 } clauses but nevertheless have the compliance
requirements:
natConfigGroup OBJECT-GROUP "
OBJECTS { natInterfaceRealm, -- OBJECT natAddrBindLocalAddrType
natInterfaceServiceType, -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
natInterfaceStorageType, -- DESCRIPTION
natInterfaceRowStatus, -- "An implementation is required to support
natAddrMapName, -- global IPv4 and/or IPv6 addresses, depending
natAddrMapEntryType, -- on its support for IPv4 and IPv6."
natAddrMapTranslationEntity,
natAddrMapLocalAddrType,
natAddrMapLocalAddrFrom,
natAddrMapLocalAddrTo,
natAddrMapLocalPortFrom,
natAddrMapLocalPortTo,
natAddrMapGlobalAddrType,
natAddrMapGlobalAddrFrom,
natAddrMapGlobalAddrTo,
natAddrMapGlobalPortFrom,
natAddrMapGlobalPortTo,
natAddrMapProtocol,
natAddrMapStorageType,
natAddrMapRowStatus,
natBindDefIdleTimeout,
natUdpDefIdleTimeout,
natIcmpDefIdleTimeout,
natOtherDefIdleTimeout,
natTcpDefIdleTimeout,
natTcpDefNegTimeout,
natNotifThrottlingInterval }
STATUS deprecated
DESCRIPTION
"A collection of configuration-related information
required to support management of devices supporting
NAT."
::= { natMIBGroups 1 }
natTranslationGroup OBJECT-GROUP -- OBJECT natAddrBindLocalAddr
OBJECTS { natAddrBindNumberOfEntries, -- SYNTAX InetAddress (SIZE(4|16))
natAddrBindGlobalAddrType, -- DESCRIPTION
natAddrBindGlobalAddr, -- "An implementation is required to support
natAddrBindId, -- global IPv4 and/or IPv6 addresses, depending
natAddrBindTranslationEntity, -- on its support for IPv4 and IPv6."
natAddrBindType,
natAddrBindMapIndex,
natAddrBindSessions,
natAddrBindMaxIdleTime,
natAddrBindCurrentIdleTime,
natAddrBindInTranslates,
natAddrBindOutTranslates,
natAddrPortBindNumberOfEntries,
natAddrPortBindGlobalAddrType,
natAddrPortBindGlobalAddr,
natAddrPortBindGlobalPort,
natAddrPortBindId,
natAddrPortBindTranslationEntity,
natAddrPortBindType,
natAddrPortBindMapIndex,
natAddrPortBindSessions,
natAddrPortBindMaxIdleTime,
natAddrPortBindCurrentIdleTime,
natAddrPortBindInTranslates,
natAddrPortBindOutTranslates,
natSessionPrivateSrcEPBindId,
natSessionPrivateSrcEPBindMode,
natSessionPrivateDstEPBindId,
natSessionPrivateDstEPBindMode,
natSessionDirection,
natSessionUpTime,
natSessionAddrMapIndex,
natSessionProtocolType,
natSessionPrivateAddrType,
natSessionPrivateSrcAddr,
natSessionPrivateSrcPort,
natSessionPrivateDstAddr,
natSessionPrivateDstPort,
natSessionPublicAddrType,
natSessionPublicSrcAddr,
natSessionPublicSrcPort,
natSessionPublicDstAddr,
natSessionPublicDstPort,
natSessionMaxIdleTime,
natSessionCurrentIdleTime,
natSessionInTranslates,
natSessionOutTranslates }
STATUS deprecated
DESCRIPTION -- OBJECT natAddrPortBindLocalAddrType
"A collection of BIND-related objects required to support -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
management of devices supporting NAT." -- DESCRIPTION
::= { natMIBGroups 2 } -- "An implementation is required to support
-- global IPv4 and/or IPv6 addresses, depending
-- on its support for IPv4 and IPv6."
natStatsInterfaceGroup OBJECT-GROUP -- OBJECT natAddrPortBindLocalAddr
OBJECTS { natInterfaceInTranslates, -- SYNTAX InetAddress (SIZE(4|16))
natInterfaceOutTranslates, -- DESCRIPTION
natInterfaceDiscards } -- "An implementation is required to support
STATUS deprecated -- global IPv4 and/or IPv6 addresses, depending
DESCRIPTION -- on its support for IPv4 and IPv6."
"A collection of NAT statistics associated with the
interface on which NAT is configured, to aid
troubleshooting/monitoring of the NAT operation."
::= { natMIBGroups 3 }
natStatsProtocolGroup OBJECT-GROUP MODULE IF-MIB -- The interfaces MIB, RFC2863
OBJECTS { natProtocolInTranslates, MANDATORY-GROUPS {
natProtocolOutTranslates, ifCounterDiscontinuityGroup
natProtocolDiscards } }
STATUS deprecated
DESCRIPTION
"A collection of protocol specific NAT statistics,
to aid troubleshooting/monitoring of NAT operation."
::= { natMIBGroups 4 }
natStatsAddrMapGroup OBJECT-GROUP MODULE -- this module
OBJECTS { natAddrMapInTranslates, MANDATORY-GROUPS { natConfigGroup, natTranslationGroup,
natAddrMapOutTranslates, natStatsInterfaceGroup }
natAddrMapDiscards,
natAddrMapAddrUsed }
STATUS deprecated
DESCRIPTION
"A collection of address map specific NAT statistics,
to aid troubleshooting/monitoring of NAT operation."
::= { natMIBGroups 5 }
natMIBNotificationGroup NOTIFICATION-GROUP GROUP natStatsProtocolGroup
NOTIFICATIONS { natPacketDiscard } DESCRIPTION
STATUS deprecated "This group is optional."
DESCRIPTION GROUP natStatsAddrMapGroup
"A collection of notifications generated by DESCRIPTION
devices supporting this MIB." "This group is optional."
::= { natMIBGroups 6 } GROUP natMIBNotificationGroup
DESCRIPTION
"This group is optional."
natGroupBasicObjects OBJECT-GROUP OBJECT natAddrMapLocalAddrType
OBJECTS { natCntTranslates, SYNTAX InetAddressType { ipv4(1), ipv6(2) }
natCntOOP, DESCRIPTION
natCntResource, "An implementation is required to support global IPv4
natCntStateMismatch, and/or IPv6 addresses, depending on its support
natCntQuota, for IPv4 and IPv6."
natCntMappings,
natCntMapCreations,
natCntMapRemovals,
natCntProtocolTranslates,
natCntProtocolOOP,
natCntProtocolResource,
natCntProtocolStateMismatch,
natCntProtocolQuota,
natCntProtocolMappings,
natCntProtocolMapCreations,
natCntProtocolMapRemovals,
natLimitMappings,
natMappingsNotifyThreshold,
natPoolIndex,
natPoolRealm,
natPoolUsage,
natPoolWatermarkLow,
natPoolWatermarkHigh,
natPoolPortMin,
natPoolPortMax,
natPoolRangePoolIndex,
natPoolRangeEnd,
natPoolRangeAllocatedPorts,
natMappingIntRealm,
natMappingIntAddressType,
natMappingIntAddress,
natMappingIntPort,
natMappingPool,
natMappingMapBehavior,
natMappingFilterBehavior,
natMappingAddressPooling }
STATUS current
DESCRIPTION
"Basic counters, limits, and thresholds."
::= { natMIBGroups 7 }
natGroupAddrMapObjects OBJECT-GROUP OBJECT natAddrMapLocalAddrFrom
OBJECTS { natCntAddressMappings, SYNTAX InetAddress (SIZE(4|16))
natCntAddrMapCreations, DESCRIPTION
natCntAddrMapRemovals, "An implementation is required to support global IPv4
natLimitAddressMappings, and/or IPv6 addresses, depending on its support
natAddrMapNotifyThreshold, for IPv4 and IPv6."
natMapIntAddrExtRealm,
natMapIntAddrExt }
STATUS current
DESCRIPTION
"Objects that require 'Paired IP address pooling' behavior
[RFC4787]."
::= { natMIBGroups 8 }
natGroupFragmentObjects OBJECT-GROUP OBJECT natAddrMapLocalAddrTo
OBJECTS { natLimitFragments } SYNTAX InetAddress (SIZE(4|16))
STATUS current DESCRIPTION
DESCRIPTION "An implementation is required to support global IPv4
"Objects that require 'Receive Fragments Out of Order' behavior and/or IPv6 addresses, depending on its support
[RFC4787]." for IPv4 and IPv6."
::= { natMIBGroups 9 }
natGroupBasicNotifications NOTIFICATION-GROUP OBJECT natAddrMapGlobalAddrType
NOTIFICATIONS { natNotifPoolWatermarkLow, SYNTAX InetAddressType { ipv4(1), ipv6(2) }
natNotifPoolWatermarkHigh, DESCRIPTION
natNotifMappings } "An implementation is required to support global IPv4
STATUS current and/or IPv6 addresses, depending on its support
DESCRIPTION for IPv4 and IPv6."
"Basic notifications."
::= { natMIBGroups 11 }
natGroupAddrMapNotifications NOTIFICATION-GROUP OBJECT natAddrMapGlobalAddrFrom
NOTIFICATIONS { natNotifAddrMappings } SYNTAX InetAddress (SIZE(4|16))
STATUS current DESCRIPTION
DESCRIPTION "An implementation is required to support global IPv4
"Notifications about address mappings." and/or IPv6 addresses, depending on its support
::= { natMIBGroups 12 } for IPv4 and IPv6."
natGroupSubscriberObjects OBJECT-GROUP OBJECT natAddrMapGlobalAddrTo
OBJECTS { natSubscriberIntPrefixType, SYNTAX InetAddress (SIZE(4|16))
natSubscriberIntPrefix, DESCRIPTION
natSubscriberIntPrefixLength, "An implementation is required to support global IPv4
natSubscriberPool, and/or IPv6 addresses, depending on its support
natSubscriberCntTranslates, for IPv4 and IPv6."
natSubscriberCntOOP,
natSubscriberCntResource,
natSubscriberCntStateMismatch,
natSubscriberCntQuota,
natSubscriberCntMappings,
natSubscriberCntMapCreations,
natSubscriberCntMapRemovals,
natSubscriberLimitMappings,
natLimitSubscribers }
STATUS current
DESCRIPTION
"Per-subscriber counters, limits, and thresholds."
::= { natMIBGroups 13 }
natGroupSubscriberNotifications NOTIFICATION-GROUP OBJECT natAddrBindGlobalAddrType
NOTIFICATIONS { natSubscriberMapNotifyThresh } SYNTAX InetAddressType { ipv4(1), ipv6(2) }
DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support
for IPv4 and IPv6."
STATUS current OBJECT natAddrBindGlobalAddr
DESCRIPTION SYNTAX InetAddress (SIZE(4|16))
"Subscriber notifications." DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support
for IPv4 and IPv6."
::= { natMIBGroups 14 } OBJECT natAddrPortBindGlobalAddrType
SYNTAX InetAddressType { ipv4(1), ipv6(2) }
DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support
for IPv4 and IPv6."
natMIBFullCompliance MODULE-COMPLIANCE OBJECT natAddrPortBindGlobalAddr
STATUS deprecated SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION DESCRIPTION
"When this MIB is implemented with support for "An implementation is required to support global IPv4
read-create, then such an implementation can claim and/or IPv6 addresses, depending on its support
full compliance. Such devices can then be both for IPv4 and IPv6."
monitored and configured with this MIB.
The following index objects cannot be added as OBJECT OBJECT natSessionPrivateAddrType
clauses but nevertheless have the compliance SYNTAX InetAddressType { ipv4(1), ipv6(2) }
requirements: DESCRIPTION
" "An implementation is required to support global IPv4
-- OBJECT natAddrBindLocalAddrType and/or IPv6 addresses, depending on its support
-- SYNTAX InetAddressType { ipv4(1), ipv6(2) } for IPv4 and IPv6."
-- DESCRIPTION
-- "An implementation is required to support
-- global IPv4 and/or IPv6 addresses, depending
-- on its support for IPv4 and IPv6."
-- OBJECT natAddrBindLocalAddr OBJECT natSessionPrivateSrcAddr
-- SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddress (SIZE(4|16))
-- DESCRIPTION DESCRIPTION
-- "An implementation is required to support "An implementation is required to support global IPv4
-- global IPv4 and/or IPv6 addresses, depending and/or IPv6 addresses, depending on its support
-- on its support for IPv4 and IPv6." for IPv4 and IPv6."
-- OBJECT natAddrPortBindLocalAddrType OBJECT natSessionPrivateDstAddr
-- SYNTAX InetAddressType { ipv4(1), ipv6(2) } SYNTAX InetAddress (SIZE(4|16))
-- DESCRIPTION DESCRIPTION
-- "An implementation is required to support "An implementation is required to support global IPv4
-- global IPv4 and/or IPv6 addresses, depending and/or IPv6 addresses, depending on its support
-- on its support for IPv4 and IPv6." for IPv4 and IPv6."
-- OBJECT natAddrPortBindLocalAddr OBJECT natSessionPublicAddrType
-- SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddressType { ipv4(1), ipv6(2) }
-- DESCRIPTION DESCRIPTION
-- "An implementation is required to support "An implementation is required to support global IPv4
-- global IPv4 and/or IPv6 addresses, depending and/or IPv6 addresses, depending on its support
-- on its support for IPv4 and IPv6." for IPv4 and IPv6."
MODULE IF-MIB -- The interfaces MIB, RFC2863 OBJECT natSessionPublicSrcAddr
MANDATORY-GROUPS { SYNTAX InetAddress (SIZE(4|16))
ifCounterDiscontinuityGroup DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support
for IPv4 and IPv6."
} OBJECT natSessionPublicDstAddr
SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support
for IPv4 and IPv6."
MODULE -- this module ::= { natMIBCompliances 1 }
MANDATORY-GROUPS { natConfigGroup, natTranslationGroup,
natStatsInterfaceGroup }
GROUP natStatsProtocolGroup natMIBReadOnlyCompliance MODULE-COMPLIANCE
DESCRIPTION STATUS deprecated
"This group is optional." DESCRIPTION
GROUP natStatsAddrMapGroup "When this MIB is implemented without support for
DESCRIPTION read-create (i.e., in read-only mode), then such an
"This group is optional." implementation can claim read-only compliance.
GROUP natMIBNotificationGroup Such a device can then be monitored but cannot be
DESCRIPTION configured with this MIB.
"This group is optional."
OBJECT natAddrMapLocalAddrType The following index objects cannot be added as OBJECT
SYNTAX InetAddressType { ipv4(1), ipv6(2) } clauses but nevertheless have the compliance
DESCRIPTION requirements:
"An implementation is required to support global IPv4 "
and/or IPv6 addresses, depending on its support -- OBJECT natAddrBindLocalAddrType
for IPv4 and IPv6." -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
-- DESCRIPTION
-- "An implementation is required to support
-- global IPv4 and/or IPv6 addresses, depending
-- on its support for IPv4 and IPv6."
OBJECT natAddrMapLocalAddrFrom -- OBJECT natAddrBindLocalAddr
SYNTAX InetAddress (SIZE(4|16)) -- SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support
for IPv4 and IPv6."
OBJECT natAddrMapLocalAddrTo -- DESCRIPTION
SYNTAX InetAddress (SIZE(4|16)) -- "An implementation is required to support
DESCRIPTION -- global IPv4 and/or IPv6 addresses, depending
"An implementation is required to support global IPv4 -- on its support for IPv4 and IPv6."
and/or IPv6 addresses, depending on its support
for IPv4 and IPv6."
OBJECT natAddrMapGlobalAddrType -- OBJECT natAddrPortBindLocalAddrType
SYNTAX InetAddressType { ipv4(1), ipv6(2) } -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
DESCRIPTION -- DESCRIPTION
"An implementation is required to support global IPv4 -- "An implementation is required to support
and/or IPv6 addresses, depending on its support -- global IPv4 and/or IPv6 addresses, depending
for IPv4 and IPv6." -- on its support for IPv4 and IPv6."
-- OBJECT natAddrPortBindLocalAddr
-- SYNTAX InetAddress (SIZE(4|16))
-- DESCRIPTION
-- "An implementation is required to support
-- global IPv4 and/or IPv6 addresses, depending
-- on its support for IPv4 and IPv6."
OBJECT natAddrMapGlobalAddrFrom MODULE IF-MIB -- The interfaces MIB, RFC2863
SYNTAX InetAddress (SIZE(4|16)) MANDATORY-GROUPS {
DESCRIPTION ifCounterDiscontinuityGroup
"An implementation is required to support global IPv4 }
and/or IPv6 addresses, depending on its support
for IPv4 and IPv6."
OBJECT natAddrMapGlobalAddrTo MODULE -- this module
SYNTAX InetAddress (SIZE(4|16)) MANDATORY-GROUPS { natConfigGroup, natTranslationGroup,
DESCRIPTION natStatsInterfaceGroup }
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support
for IPv4 and IPv6."
OBJECT natAddrBindGlobalAddrType GROUP natStatsProtocolGroup
SYNTAX InetAddressType { ipv4(1), ipv6(2) } DESCRIPTION
DESCRIPTION "This group is optional."
"An implementation is required to support global IPv4 GROUP natStatsAddrMapGroup
and/or IPv6 addresses, depending on its support DESCRIPTION
for IPv4 and IPv6." "This group is optional."
GROUP natMIBNotificationGroup
DESCRIPTION
"This group is optional."
OBJECT natInterfaceRowStatus
SYNTAX RowStatus { active(1) }
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and active is the only
status that needs to be supported."
OBJECT natAddrBindGlobalAddr OBJECT natAddrMapLocalAddrType
SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddressType { ipv4(1), ipv6(2) }
DESCRIPTION MIN-ACCESS read-only
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support "Write access is not required. An implementation is
for IPv4 and IPv6." required to support global IPv4 and/or IPv6 addresses,
depending on its support for IPv4 and IPv6."
OBJECT natAddrPortBindGlobalAddrType OBJECT natAddrMapLocalAddrFrom
SYNTAX InetAddressType { ipv4(1), ipv6(2) } SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION MIN-ACCESS read-only
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support "Write access is not required. An implementation is
for IPv4 and IPv6." required to support global IPv4 and/or IPv6 addresses,
depending on its support for IPv4 and IPv6."
OBJECT natAddrPortBindGlobalAddr OBJECT natAddrMapLocalAddrTo
SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION MIN-ACCESS read-only
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support "Write access is not required. An implementation is
for IPv4 and IPv6." required to support global IPv4 and/or IPv6 addresses,
depending on its support for IPv4 and IPv6."
OBJECT natSessionPrivateAddrType OBJECT natAddrMapGlobalAddrType
SYNTAX InetAddressType { ipv4(1), ipv6(2) } SYNTAX InetAddressType { ipv4(1), ipv6(2) }
DESCRIPTION MIN-ACCESS read-only
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support "Write access is not required. An implementation is
for IPv4 and IPv6." required to support global IPv4 and/or IPv6 addresses,
depending on its support for IPv4 and IPv6."
OBJECT natSessionPrivateSrcAddr OBJECT natAddrMapGlobalAddrFrom
SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION MIN-ACCESS read-only
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support "Write access is not required. An implementation is
for IPv4 and IPv6." required to support global IPv4 and/or IPv6 addresses,
depending on its support for IPv4 and IPv6."
OBJECT natSessionPrivateDstAddr OBJECT natAddrMapGlobalAddrTo
SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION MIN-ACCESS read-only
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support "Write access is not required. An implementation is
for IPv4 and IPv6." required to support global IPv4 and/or IPv6 addresses,
depending on its support for IPv4 and IPv6."
OBJECT natSessionPublicAddrType OBJECT natAddrMapRowStatus
SYNTAX InetAddressType { ipv4(1), ipv6(2) } SYNTAX RowStatus { active(1) }
DESCRIPTION MIN-ACCESS read-only
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support "Write access is not required, and active is the only
for IPv4 and IPv6." status that needs to be supported."
OBJECT natSessionPublicSrcAddr OBJECT natAddrBindGlobalAddrType
SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddressType { ipv4(1), ipv6(2) }
DESCRIPTION DESCRIPTION
"An implementation is required to support global IPv4 "An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support and/or IPv6 addresses, depending on its support for
for IPv4 and IPv6." IPv4 and IPv6."
OBJECT natSessionPublicDstAddr OBJECT natAddrBindGlobalAddr
SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION DESCRIPTION
"An implementation is required to support global IPv4 "An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support and/or IPv6 addresses, depending on its support for
for IPv4 and IPv6." IPv4 and IPv6."
::= { natMIBCompliances 1 } OBJECT natAddrPortBindGlobalAddrType
SYNTAX InetAddressType { ipv4(1), ipv6(2) }
DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support for
IPv4 and IPv6."
natMIBReadOnlyCompliance MODULE-COMPLIANCE OBJECT natAddrPortBindGlobalAddr
STATUS deprecated SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION DESCRIPTION
"When this MIB is implemented without support for "An implementation is required to support global IPv4
read-create (i.e., in read-only mode), then such an and/or IPv6 addresses, depending on its support for
implementation can claim read-only compliance. IPv4 and IPv6."
Such a device can then be monitored but cannot be
configured with this MIB.
The following index objects cannot be added as OBJECT OBJECT natSessionPrivateAddrType
clauses but nevertheless have the compliance SYNTAX InetAddressType { ipv4(1), ipv6(2) }
requirements: DESCRIPTION
" "An implementation is required to support global IPv4
-- OBJECT natAddrBindLocalAddrType and/or IPv6 addresses, depending on its support for
-- SYNTAX InetAddressType { ipv4(1), ipv6(2) } IPv4 and IPv6."
-- DESCRIPTION
-- "An implementation is required to support
-- global IPv4 and/or IPv6 addresses, depending
-- on its support for IPv4 and IPv6."
-- OBJECT natAddrBindLocalAddr OBJECT natSessionPrivateSrcAddr
-- SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support for
IPv4 and IPv6."
-- DESCRIPTION OBJECT natSessionPrivateDstAddr
-- "An implementation is required to support SYNTAX InetAddress (SIZE(4|16))
-- global IPv4 and/or IPv6 addresses, depending DESCRIPTION
-- on its support for IPv4 and IPv6." "An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support for
IPv4 and IPv6."
-- OBJECT natAddrPortBindLocalAddrType OBJECT natSessionPublicAddrType
-- SYNTAX InetAddressType { ipv4(1), ipv6(2) } SYNTAX InetAddressType { ipv4(1), ipv6(2) }
-- DESCRIPTION DESCRIPTION
-- "An implementation is required to support "An implementation is required to support global IPv4
-- global IPv4 and/or IPv6 addresses, depending and/or IPv6 addresses, depending on its support for
-- on its support for IPv4 and IPv6." IPv4 and IPv6."
-- OBJECT natAddrPortBindLocalAddr
-- SYNTAX InetAddress (SIZE(4|16))
-- DESCRIPTION
-- "An implementation is required to support
-- global IPv4 and/or IPv6 addresses, depending
-- on its support for IPv4 and IPv6."
MODULE IF-MIB -- The interfaces MIB, RFC2863 OBJECT natSessionPublicSrcAddr
MANDATORY-GROUPS { SYNTAX InetAddress (SIZE(4|16))
ifCounterDiscontinuityGroup DESCRIPTION
} "An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support for
IPv4 and IPv6."
MODULE -- this module OBJECT natSessionPublicDstAddr
MANDATORY-GROUPS { natConfigGroup, natTranslationGroup, SYNTAX InetAddress (SIZE(4|16))
natStatsInterfaceGroup } DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support for
IPv4 and IPv6."
GROUP natStatsProtocolGroup ::= { natMIBCompliances 2 }
DESCRIPTION
"This group is optional."
GROUP natStatsAddrMapGroup
DESCRIPTION
"This group is optional."
GROUP natMIBNotificationGroup
DESCRIPTION
"This group is optional."
OBJECT natInterfaceRowStatus
SYNTAX RowStatus { active(1) }
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and active is the only
status that needs to be supported."
OBJECT natAddrMapLocalAddrType ---------------------------------------------------------------------
SYNTAX InetAddressType { ipv4(1), ipv6(2) } -- END OF DEPRECATED OBJECTS. CURRENT OBJECTS FOLLOW.
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required. An implementation is
required to support global IPv4 and/or IPv6 addresses,
depending on its support for IPv4 and IPv6."
OBJECT natAddrMapLocalAddrFrom -- textual conventions
SYNTAX InetAddress (SIZE(4|16))
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required. An implementation is
required to support global IPv4 and/or IPv6 addresses,
depending on its support for IPv4 and IPv6."
OBJECT natAddrMapLocalAddrTo ProtocolNumber ::= TEXTUAL-CONVENTION
SYNTAX InetAddress (SIZE(4|16)) DISPLAY-HINT "d"
MIN-ACCESS read-only STATUS current
DESCRIPTION DESCRIPTION
"Write access is not required. An implementation is "A transport protocol number, from the 'protocol-numbers'
required to support global IPv4 and/or IPv6 addresses, IANA registry."
depending on its support for IPv4 and IPv6." SYNTAX Unsigned32 (0..255)
OBJECT natAddrMapGlobalAddrType NatPoolId ::= TEXTUAL-CONVENTION
SYNTAX InetAddressType { ipv4(1), ipv6(2) } DISPLAY-HINT "d"
MIN-ACCESS read-only STATUS current
DESCRIPTION DESCRIPTION
"Write access is not required. An implementation is "A unique ID that is assigned to each pool."
required to support global IPv4 and/or IPv6 addresses, SYNTAX Unsigned32 (1..4294967295)
depending on its support for IPv4 and IPv6."
OBJECT natAddrMapGlobalAddrFrom NatBehaviorType ::= TEXTUAL-CONVENTION
SYNTAX InetAddress (SIZE(4|16)) STATUS current
MIN-ACCESS read-only DESCRIPTION
DESCRIPTION "Behavior type as described in [RFC4787] sections 4.1 and 5."
"Write access is not required. An implementation is SYNTAX INTEGER {
required to support global IPv4 and/or IPv6 addresses, endpointIndependent (0),
depending on its support for IPv4 and IPv6." addressDependent (1),
addressAndPortDependent (2)
}
OBJECT natAddrMapGlobalAddrTo NatPoolingType ::= TEXTUAL-CONVENTION
SYNTAX InetAddress (SIZE(4|16)) STATUS current
MIN-ACCESS read-only DESCRIPTION
DESCRIPTION "Pooling type as described in [RFC4787] sections 4.1."
"Write access is not required. An implementation is SYNTAX INTEGER {
required to support global IPv4 and/or IPv6 addresses, arbitrary (0),
depending on its support for IPv4 and IPv6." paired (1)
}
OBJECT natAddrMapRowStatus -- notifications
SYNTAX RowStatus { active(1) }
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required, and active is the only
status that needs to be supported."
OBJECT natAddrBindGlobalAddrType natNotifPoolWatermarkLow NOTIFICATION-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2) } OBJECTS { natPoolIndex }
DESCRIPTION STATUS current
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support for "This notification is generated when the specified pool's
IPv4 and IPv6." number of free addresses becomes lower than or equal to the
specified threshold. The threshold is specified by the
natPoolWatermarkLow object"
::= { natMIBNotifications 2 }
OBJECT natAddrBindGlobalAddr natNotifPoolWatermarkHigh NOTIFICATION-TYPE
SYNTAX InetAddress (SIZE(4|16)) OBJECTS { natPoolIndex }
DESCRIPTION STATUS current
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support for "This notification is generated when the specified pool's
IPv4 and IPv6." number of free addresses becomes greater than or equal to
the specified threshold. The threshold is specified by the
natPoolWatermarkHigh object"
::= { natMIBNotifications 3 }
OBJECT natAddrPortBindGlobalAddrType natNotifMappings NOTIFICATION-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2) } OBJECTS { natCntMappings }
DESCRIPTION STATUS current
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support for "This notification is generated when natCntMappings exceeds
IPv4 and IPv6." the value of natMappingsNotifyThreshold."
::= { natMIBNotifications 4 }
OBJECT natAddrPortBindGlobalAddr natNotifAddrMappings NOTIFICATION-TYPE
SYNTAX InetAddress (SIZE(4|16)) OBJECTS { natCntAddressMappings }
DESCRIPTION STATUS current
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support for "This notification is generated when natCntAddressMappings
IPv4 and IPv6." exceeds the value of natAddrMapNotifyThreshold."
::= { natMIBNotifications 5 }
OBJECT natSessionPrivateAddrType natNotifSubscriberMappings NOTIFICATION-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2) } OBJECTS { natSubscriberCntMappings }
DESCRIPTION STATUS current
"An implementation is required to support global IPv4 DESCRIPTION
and/or IPv6 addresses, depending on its support for "This notification is generated when natSubscriberCntMappings
IPv4 and IPv6." exceeds the value of natSubscriberMapNotifyThresh, unless
natSubscriberMapNotifyThresh is zero.."
::= { NatNotifications 6 }
OBJECT natSessionPrivateSrcAddr -- counters
SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support for
IPv4 and IPv6."
OBJECT natSessionPrivateDstAddr natCounters OBJECT IDENTIFIER ::= { natMIBObjects 11 }
SYNTAX InetAddress (SIZE(4|16))
DESCRIPTION
"An implementation is required to support global IPv4
and/or IPv6 addresses, depending on its support for
IPv4 and IPv6."
OBJECT natSessionPublicAddrType natCntTranslates OBJECT-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2) } SYNTAX Counter64
DESCRIPTION MAX-ACCESS read-only
"An implementation is required to support global IPv4 STATUS current
and/or IPv6 addresses, depending on its support for DESCRIPTION
IPv4 and IPv6." "The number of packets to which NAT has been applied."
::= { natCounters 1 }
OBJECT natSessionPublicSrcAddr natCntOOP OBJECT-TYPE
SYNTAX InetAddress (SIZE(4|16)) SYNTAX Counter64
DESCRIPTION MAX-ACCESS read-only
"An implementation is required to support global IPv4 STATUS current
and/or IPv6 addresses, depending on its support for DESCRIPTION
IPv4 and IPv6." "The number of packets to which NAT could not be applied
because no external port was available, excluding quota
limitations."
::= { natCounters 2 }
OBJECT natSessionPublicDstAddr natCntResource OBJECT-TYPE
SYNTAX InetAddress (SIZE(4|16)) SYNTAX Counter64
DESCRIPTION MAX-ACCESS read-only
"An implementation is required to support global IPv4 STATUS current
and/or IPv6 addresses, depending on its support for DESCRIPTION
IPv4 and IPv6." "The number of packets to which NAT could not be applied
because of resource constraints (excluding out-of-ports
condition)."
::= { natCounters 3 }
::= { natMIBCompliances 2 } natCntStateMismatch OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets to which NAT could not be applied
because of mapping state mismatch. For example, a TCP packet
that matches an existing mapping but is dropped because its
flags are incompatible with the current state of the mapping
would cause this counter to be incremented."
::= { natCounters 4 }
natBasicCompliance MODULE-COMPLIANCE natCntQuota OBJECT-TYPE
STATUS current SYNTAX Counter64
DESCRIPTION MAX-ACCESS read-only
"Basic compliance with this MIB is attained when the objects STATUS current
contained in the mandatory groups are implemented." DESCRIPTION
MODULE -- this module "The number of packets to which NAT could not be applied
MANDATORY-GROUPS { natGroupBasicObjects, because of quota limitations. Quotas include absolute limits
natGroupBasicNotifications } as well as limits on rate of allocation."
::= { natMIBCompliances 3 } ::= { natCounters 5 }
natAddrMapCompliance MODULE-COMPLIANCE natCntMappings OBJECT-TYPE
STATUS current SYNTAX Gauge32
DESCRIPTION MAX-ACCESS read-only
"NATs that have 'Paired IP address pooling' behavior [RFC4787] STATUS current
and implement the objects in this group can claim this level of DESCRIPTION
compliance." "Number of currently active mappings.
MODULE -- this module
MANDATORY-GROUPS { natGroupBasicObjects,
natGroupBasicNotifications,
natGroupAddrMapObjects,
natGroupAddrMapNotifications }
::= { natMIBCompliances 4 }
natFragmentsCompliance MODULE-COMPLIANCE Equal to natCntMapRemovals - natCntMapCreations."
STATUS current ::= { natCounters 6 }
DESCRIPTION
"NATs that have 'Receive Fragments Out of Order' behavior
[RFC4787] and implement the objects in this group can claim
this level of compliance."
MODULE -- this module
MANDATORY-GROUPS { natGroupBasicObjects,
natGroupBasicNotifications,
natGroupFragmentObjects }
::= { natMIBCompliances 5 }
natCGNCompliance MODULE-COMPLIANCE natCntMapCreations OBJECT-TYPE
STATUS current SYNTAX Counter64
DESCRIPTION MAX-ACCESS read-only
"NATs that have 'Paired IP address pooling' and 'Receive STATUS current
Fragments Out of Order' behavior [RFC4787] and implement the DESCRIPTION
objects in this group can claim this level of compliance. "Number of mapping creations. This includes static mappings."
::= { natCounters 7 }
This level of compliance is to be expected of a CGN compliant natCntMapRemovals OBJECT-TYPE
with [I-D.ietf-behave-lsn-requiremnents]." SYNTAX Counter64
MODULE -- this module MAX-ACCESS read-only
MANDATORY-GROUPS { natGroupBasicObjects, STATUS current
natGroupBasicNotifications, DESCRIPTION
natGroupAddrMapObjects, "Number of mapping removals. This includes static mappings."
natGroupAddrMapNotifications, ::= { natCounters 8 }
natGroupFragmentObjects,
natGroupSubscriberObjects,
natGroupSubscriberNotifications }
::= { natMIBCompliances 6 }
natCntAddressMappings OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of active address mappings.
natCounters OBJECT IDENTIFIER ::= { natMIBObjects 11 } Equal to natCntAddrMapRemovals - natCntAddrMapCreations."
::= { natCounters 9 }
natCntTranslates OBJECT-TYPE natCntAddrMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT has been applied." "Number of address mapping creations. This includes static
::= { natCounters 1 } mappings."
::= { natCounters 10 }
natCntOOP OBJECT-TYPE natCntAddrMapRemovals OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT could not be applied because "Number of address mapping removals. This includes static
no external port was available, excluding quota limitations." mappings."
::= { natCounters 2 } ::= { natCounters 11 }
natCntResource OBJECT-TYPE natCntProtocolTable OBJECT-TYPE
SYNTAX Counter64 SYNTAX SEQUENCE OF NatCntProtocolEntry
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT could not be applied because "Table of protocols with per-protocol counters."
of resource constraints (excluding out-of-ports condition)." ::= { natCounters 128 }
::= { natCounters 3 }
natCntStateMismatch OBJECT-TYPE natCntProtocolEntry OBJECT-TYPE
SYNTAX Counter64 SYNTAX NatCntProtocolEntry
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT could not be applied because "Per-protocol counters."
of mapping state mismatch. For example, a TCP packet that INDEX { natCntProtocolNumber }
matches an existing mapping but is dropped because its flags ::= { natCntProtocolTable 1 }
are incompatible with the current state of the mapping would
cause this counter to be incremented."
::= { natCounters 4 }
natCntQuota OBJECT-TYPE NatCntProtocolEntry ::=
SYNTAX Counter64 SEQUENCE {
MAX-ACCESS read-only natCntProtocolNumber ProtocolNumber,
STATUS current natCntProtocolTranslates Counter64,
DESCRIPTION natCntProtocolOOP Counter64,
"The number of packets to which NAT could not be applied because natCntProtocolResource Counter64,
of quota limitations. Quotas include absolute limits as well as natCntProtocolStateMismatch Counter64,
limits on rate of allocation." natCntProtocolQuota Counter64,
::= { natCounters 5 } natCntProtocolMappings Gauge32,
natCntProtocolMapCreations Counter64,
natCntProtocolMapRemovals Counter64
}
natCntMappings OBJECT-TYPE natCntProtocolNumber OBJECT-TYPE
SYNTAX Gauge32 SYNTAX ProtocolNumber
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Number of currently active mappings. "Counters in this conceptual row apply to packets using the
transport protocol identified by this object's value."
::= { natCntProtocolEntry 1 }
Equal to natCntMapRemovals - natCntMapCreations." natCntProtocolTranslates OBJECT-TYPE
::= { natCounters 6 } SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets to which NAT has been applied."
::= { natCntProtocolEntry 2 }
natCntMapCreations OBJECT-TYPE natCntProtocolOOP OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Number of mapping creations. This includes static mappings." "The number of packets to which NAT could not be applied
::= { natCounters 7 } because no external port was available."
::= { natCntProtocolEntry 3 }
natCntMapRemovals OBJECT-TYPE natCntProtocolResource OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Number of mapping removals. This includes static mappings." "The number of packets to which NAT could not be applied
::= { natCounters 8 } because of resource constraints (excluding out-of-ports
condition)."
::= { natCntProtocolEntry 4 }
natCntAddressMappings OBJECT-TYPE natCntProtocolStateMismatch OBJECT-TYPE
SYNTAX Gauge32 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Number of active address mappings. "The number of packets to which NAT could not be applied
because of state table mismatch. For example, a TCP packet
that matches an existing mapping but is dropped because its
flags are incompatible with the current state of the mapping
would cause this counter to be incremented."
::= { natCntProtocolEntry 5 }
Equal to natCntAddrMapRemovals - natCntAddrMapCreations." natCntProtocolQuota OBJECT-TYPE
::= { natCounters 9 } SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets to which NAT could not be applied
because of exceeded quotas. Quotas include absolute limits
as well as limits on rate of allocation."
::= { natCntProtocolEntry 6 }
natCntAddrMapCreations OBJECT-TYPE natCntProtocolMappings OBJECT-TYPE
SYNTAX Counter64 SYNTAX Gauge32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Number of address mapping creations. This includes static "Number of active mappings.
mappings."
::= { natCounters 10 }
natCntAddrMapRemovals OBJECT-TYPE Equal to natCntMapRemovals - natCntMapCreations."
SYNTAX Counter64 ::= { natCntProtocolEntry 7 }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of address mapping removals. This includes static
mappings."
::= { natCounters 11 }
natCntProtocolTable OBJECT-TYPE natCntProtocolMapCreations OBJECT-TYPE
SYNTAX SEQUENCE OF NatCntProtocolEntry SYNTAX Counter64
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of protocols with per-protocol counters." "Number of mapping creations. This includes static mappings."
::= { natCounters 128 } ::= { natCntProtocolEntry 8 }
natCntProtocolEntry OBJECT-TYPE natCntProtocolMapRemovals OBJECT-TYPE
SYNTAX NatCntProtocolEntry SYNTAX Counter64
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Per-protocol counters." "Number of mapping removals. This includes statis mappings."
INDEX { natCntProtocolNumber } ::= { natCntProtocolEntry 9 }
::= { natCntProtocolTable 1 }
NatCntProtocolEntry ::= -- limits
SEQUENCE {
natCntProtocolNumber ProtocolNumber,
natCntProtocolTranslates Counter64,
natCntProtocolOOP Counter64,
natCntProtocolResource Counter64,
natCntProtocolStateMismatch Counter64,
natCntProtocolQuota Counter64,
natCntProtocolMappings Gauge32,
natCntProtocolMapCreations Counter64,
natCntProtocolMapRemovals Counter64
}
natCntProtocolNumber OBJECT-TYPE natLimits OBJECT IDENTIFIER ::= { natMIBObjects 12 }
SYNTAX ProtocolNumber natLimitMappings OBJECT-TYPE
MAX-ACCESS not-accessible SYNTAX Unsigned32
STATUS current MAX-ACCESS read-write
DESCRIPTION STATUS current
"Counters in this conceptual row apply to packets using the DESCRIPTION
transport protocol identified by this object's value." "Global limit on the total number of mappings. Zero means
::= { natCntProtocolEntry 1 } unlimited."
::= { natLimits 1 }
natCntProtocolTranslates OBJECT-TYPE natMappingsNotifyThreshold OBJECT-TYPE
SYNTAX Counter64 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT has been applied." "See natNotifMappings."
::= { natCntProtocolEntry 2 } ::= { natLimits 2 }
natCntProtocolOOP OBJECT-TYPE natLimitAddressMappings OBJECT-TYPE
SYNTAX Counter64 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT could not be applied because "Global limit on the total number of internal-to-external
no external port was available." address mappings. Zero means unlimited.
::= { natCntProtocolEntry 3 }
natCntProtocolResource OBJECT-TYPE This limit is only applicable to NATs that have an 'IP
SYNTAX Counter64 address pooling' behavior of 'Paired' [RFC4787]."
MAX-ACCESS read-only ::= { natLimits 3 }
STATUS current
DESCRIPTION
"The number of packets to which NAT could not be applied because
of resource constraints (excluding out-of-ports condition)."
::= { natCntProtocolEntry 4 }
natCntProtocolStateMismatch OBJECT-TYPE natAddrMapNotifyThreshold OBJECT-TYPE
SYNTAX Counter64 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT could not be applied because "See natNotifAddrMappings."
of state table mismatch. For example, a TCP packet that matches ::= { natLimits 4 }
an existing mapping but is dropped because its flags are
incompatible with the current state of the mapping would cause
this counter to be incremented."
::= { natCntProtocolEntry 5 }
natCntProtocolQuota OBJECT-TYPE natLimitFragments OBJECT-TYPE
SYNTAX Counter64 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT could not be applied because "Global limit on the total number of fragments pending
of exceeded quotas. Quotas include absolute limits as well as reassembly. Zero means unlimited.
limits on rate of allocation."
::= { natCntProtocolEntry 6 }
natCntProtocolMappings OBJECT-TYPE This limit is only applicable to NATs having 'Receive
SYNTAX Gauge32 Fragments Out of Order' behavior [RFC4787]."
MAX-ACCESS read-only ::= { natLimits 5 }
STATUS current
DESCRIPTION
"Number of active mappings.
Equal to natCntMapRemovals - natCntMapCreations." natLimitSubscribers OBJECT-TYPE
::= { natCntProtocolEntry 7 } SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Global limit on the number of subscribers with active
mappings. Zero means unlimited."
::= { natLimits 6 }
natCntProtocolMapCreations OBJECT-TYPE -- pools
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of mapping creations. This includes static mappings."
::= { natCntProtocolEntry 8 }
natCntProtocolMapRemovals OBJECT-TYPE natPoolObjects OBJECT IDENTIFIER ::= { natMIBObjects 13 }
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of mapping removals. This includes statis mappings."
::= { natCntProtocolEntry 9 }
natPoolTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatPoolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of pools."
::= { natPoolObjects 1 }
natLimits OBJECT IDENTIFIER ::= { natMIBObjects 12 } natPoolEntry OBJECT-TYPE
SYNTAX NatPoolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry in the table of pools."
INDEX { natPoolIndex }
::= { natPoolTable 1 }
natLimitMappings OBJECT-TYPE NatPoolEntry ::=
SYNTAX Unsigned32 SEQUENCE {
MAX-ACCESS read-write natPoolIndex NatPoolId,
STATUS current natPoolRealm SnmpAdminString,
DESCRIPTION natPoolUsage Integer32,
"Global limit on the total number of mappings. Zero means natPoolWatermarkLow Integer32,
unlimited." natPoolWatermarkHigh Integer32,
::= { natLimits 1 } natPoolPortMin InetPortNumber,
natPoolPortMax InetPortNumber
}
natMappingsNotifyThreshold OBJECT-TYPE natPoolIndex OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX NatPoolId
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"See natNotifMappings." "Index of an address pool."
::= { natLimits 2 } ::= { natPoolEntry 1 }
natLimitAddressMappings OBJECT-TYPE natPoolRealm OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX SnmpAdminString (SIZE (0..32))
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Global limit on the total number of internal-to-external "Realm to which this pool's addresses belong."
address mappings. Zero means unlimited. ::= { natPoolEntry 2 }
This limit is only applicable to NATs that have an 'IP address natPoolUsage OBJECT-TYPE
pooling' behavior of 'Paired' [RFC4787]." SYNTAX Integer32 (0..100)
::= { natLimits 3 } MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Percentage of the pool's total number of external ports
currently mapped."
::= { natPoolEntry 3 }
natAddrMapNotifyThreshold OBJECT-TYPE natPoolWatermarkLow OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Integer32 (-1|0..100)
MAX-ACCESS read-write MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"See natNotifAddrMappings." "Low watermark on a pool's usage, in percentage of the total
::= { natLimits 4 } number of ports available. If set to -1, the watermark is
disabled. Otherwise when natPoolUsage becomes lower than or
equal to natPoolWatermarkLow, a notification is sent. The
NAT may also start behaving in low usage mode (this is
implementation-defined)."
::= { natPoolEntry 4 }
natLimitFragments OBJECT-TYPE natPoolWatermarkHigh OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Integer32 (-1|0..100)
MAX-ACCESS read-write MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Global limit on the total number of fragments pending "High watermark on a pool's usage, in percentage of the total
reassembly. Zero means unlimited. number of ports available. If set to -1, the watermark is
disabled. Otherwise, when natPoolUsage becomes higher than
or equal to natPoolWatermarkHigh, a notification is sent.
The NAT may also start behaving in high usage mode (this is
implementation-defined)."
::= { natPoolEntry 5 }
This limit is only applicable to NATs having 'Receive natPoolPortMin OBJECT-TYPE
Fragments Out of Order' behavior [RFC4787]." SYNTAX InetPortNumber
::= { natLimits 5 } MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Minimal port number to be allocated in this pool."
::= { natPoolEntry 6 }
natLimitSubscribers OBJECT-TYPE natPoolPortMax OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX InetPortNumber
MAX-ACCESS read-write MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Global limit on the number of subscribers with active mappings. "Maximal port number to be allocated in this pool."
Zero means unlimited." ::= { natPoolEntry 7 }
::= { natLimits 6 }
natPoolRangeTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatPoolRangeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains address ranges used by pool entries."
::= { natPoolObjects 2 }
natPoolObjects OBJECT IDENTIFIER ::= { natMIBObjects 13 } natPoolRangeEntry OBJECT-TYPE
SYNTAX NatPoolRangeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"NAT pool address range."
INDEX { natPoolRangeType,
natPoolRangeBegin }
::= { natPoolRangeTable 1 }
natPoolTable OBJECT-TYPE NatPoolRangeEntry ::=
SYNTAX SEQUENCE OF NatPoolEntry SEQUENCE {
MAX-ACCESS not-accessible natPoolRangePoolIndex NatPoolId,
STATUS current natPoolRangeType InetAddressType,
DESCRIPTION natPoolRangeBegin InetAddress,
"Table of pools." natPoolRangeEnd InetAddress,
natPoolRangeAllocatedPorts Gauge32
}
::= { natPoolObjects 1 } natPoolRangePoolIndex OBJECT-TYPE
SYNTAX NatPoolId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the address pool to which this address range
belongs. See natPoolIndex."
::= { natPoolRangeEntry 1 }
natPoolEntry OBJECT-TYPE natPoolRangeType OBJECT-TYPE
SYNTAX NatPoolEntry SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Entry in the table of pools." "The address type of natPoolRangeBegin and
INDEX { natPoolIndex } natPoolRangeEnd."
::= { natPoolTable 1 } ::= { natPoolRangeEntry 2 }
NatPoolEntry ::= natPoolRangeBegin OBJECT-TYPE
SEQUENCE { SYNTAX InetAddress (SIZE (4|16))
natPoolIndex NatPoolId, MAX-ACCESS not-accessible
natPoolRealm SnmpAdminString, STATUS current
natPoolUsage Integer32, DESCRIPTION
natPoolWatermarkLow Integer32, "Lowest address included in this range."
natPoolWatermarkHigh Integer32, ::= { natPoolRangeEntry 3 }
natPoolPortMin InetPortNumber,
natPoolPortMax InetPortNumber
}
natPoolIndex OBJECT-TYPE natPoolRangeEnd OBJECT-TYPE
SYNTAX NatPoolId SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of an address pool." "Highest address included in this range."
::= { natPoolEntry 1 } ::= { natPoolRangeEntry 4 }
natPoolRealm OBJECT-TYPE natPoolRangeAllocatedPorts OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..32)) SYNTAX Gauge32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Realm to which this pool's addresses belong." "Number of ports currently allocated on the addresses in this
::= { natPoolEntry 2 } range."
::= { natPoolRangeEntry 5 }
natPoolUsage OBJECT-TYPE -- indexed mapping tables
SYNTAX Integer32 (0..100)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Percentage of the pool's total number of external ports
currently mapped."
::= { natPoolEntry 3 }
natPoolWatermarkLow OBJECT-TYPE natMapObjects OBJECT IDENTIFIER ::= { natMIBObjects 14 }
SYNTAX Integer32 (-1|0..100)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Low watermark on a pool's usage, in percentage of the total
number of ports available. If set to -1, the watermark is
disabled. Otherwise when natPoolUsage becomes lower than or
equal to natPoolWatermarkLow, a notification is sent. The
NAT may also start behaving in low usage mode (this is
implementation-defined)."
::= { natPoolEntry 4 }
natPoolWatermarkHigh OBJECT-TYPE natMapIntAddrTable OBJECT-TYPE
SYNTAX Integer32 (-1|0..100) SYNTAX SEQUENCE OF NatMapIntAddrEntry
MAX-ACCESS read-create MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"High watermark on a pool's usage, in percentage of the total "Table of mappings from internal to external address.
number of ports available. If set to -1, the watermark is
disabled. Otherwise, when natPoolUsage becomes higher than
or equal to natPoolWatermarkHigh, a notification is sent.
The NAT may also start behaving in high usage mode (this is
implementation-defined)."
::= { natPoolEntry 5 }
natPoolPortMin OBJECT-TYPE This table is only applicable to NATs that have an 'IP
SYNTAX InetPortNumber address pooling' behavior of 'Paired' [RFC4787]."
MAX-ACCESS read-create ::= { natMapObjects 1 }
STATUS current
DESCRIPTION
"Minimal port number to be allocated in this pool."
::= { natPoolEntry 6 }
natPoolPortMax OBJECT-TYPE natMapIntAddrEntry OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX NatMapIntAddrEntry
MAX-ACCESS read-create MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Maximal port number to be allocated in this pool." "Mapping from internal to external address."
::= { natPoolEntry 7 } INDEX { natMapIntAddrIntRealm,
natMapIntAddrType,
natMapIntAddrInt }
::= { natMapIntAddrTable 1 }
natPoolRangeTable OBJECT-TYPE NatMapIntAddrEntry ::=
SYNTAX SEQUENCE OF NatPoolRangeEntry SEQUENCE {
MAX-ACCESS not-accessible natMapIntAddrIntRealm SnmpAdminString,
STATUS current natMapIntAddrExtRealm SnmpAdminString,
DESCRIPTION natMapIntAddrType InetAddressType,
"This table contains address ranges used by pool entries." natMapIntAddrInt InetAddress,
natMapIntAddrExt InetAddress
}
::= { natPoolObjects 2 } natMapIntAddrIntRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Realm to which natMapIntAddrInt belongs."
::= { natMapIntAddrEntry 1 }
natPoolRangeEntry OBJECT-TYPE natMapIntAddrExtRealm OBJECT-TYPE
SYNTAX NatPoolRangeEntry SYNTAX SnmpAdminString
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"NAT pool address range." "Realm to which natMapIntAddrExt belongs."
INDEX { natPoolRangeType, ::= { natMapIntAddrEntry 2 }
natPoolRangeBegin }
::= { natPoolRangeTable 1 }
NatPoolRangeEntry ::= natMapIntAddrType OBJECT-TYPE
SEQUENCE { SYNTAX InetAddressType
natPoolRangePoolIndex NatPoolId, MAX-ACCESS not-accessible
natPoolRangeType InetAddressType, STATUS current
natPoolRangeBegin InetAddress, DESCRIPTION
natPoolRangeEnd InetAddress, "Address type for natMapIntAddrInt and natMapIntAddrExt."
natPoolRangeAllocatedPorts Gauge32 ::= { natMapIntAddrEntry 3 }
}
natPoolRangePoolIndex OBJECT-TYPE natMapIntAddrInt OBJECT-TYPE
SYNTAX NatPoolId SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the address pool to which this address range belongs. "Internal address."
See natPoolIndex." ::= { natMapIntAddrEntry 4 }
::= { natPoolRangeEntry 1 }
natPoolRangeType OBJECT-TYPE natMapIntAddrExt OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddress
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The address type of natPoolRangeBegin and "External address."
natPoolRangeEnd." ::= { natMapIntAddrEntry 5 }
::= { natPoolRangeEntry 2 }
natPoolRangeBegin OBJECT-TYPE natMappingTable OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16)) SYNTAX SEQUENCE OF NatMappingTableEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Lowest address included in this range." "Table of mappings indexed by external 3-tuple."
::= { natPoolRangeEntry 3 } ::= { natMapObjects 2 }
natPoolRangeEnd OBJECT-TYPE natMappingTableEntry OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16)) SYNTAX NatMappingTableEntry
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Highest address included in this range." "A single NAT mapping."
::= { natPoolRangeEntry 4 } INDEX { natMappingProto,
natMappingExtRealm,
natMappingExtAddressType,
natMappingExtAddress,
natMappingExtPort }
::= { natMappingTable 1 }
natPoolRangeAllocatedPorts OBJECT-TYPE NatMappingTableEntry ::=
SYNTAX Gauge32 SEQUENCE {
MAX-ACCESS read-only natMappingProto ProtocolNumber,
STATUS current natMappingExtRealm SnmpAdminString,
DESCRIPTION natMappingExtAddressType InetAddressType,
"Number of ports currently allocated on the addresses in this natMappingExtAddress InetAddress,
range." natMappingExtPort InetPortNumber,
::= { natPoolRangeEntry 5 } natMappingIntRealm SnmpAdminString,
natMappingIntAddressType InetAddressType,
natMappingIntAddress InetAddress,
natMappingIntPort InetPortNumber,
natMappingPool NatPoolId,
natMappingMapBehavior NatBehaviorType,
natMappingFilterBehavior NatBehaviorType,
natMappingAddressPooling NatPoolingType
}
natMappingProto OBJECT-TYPE
SYNTAX ProtocolNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's transport protocol number."
::= { natMappingTableEntry 1 }
natMapObjects OBJECT IDENTIFIER ::= { natMIBObjects 14 } natMappingExtRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The realm to which natMappingExtAddress belongs."
::= { natMappingTableEntry 2 }
natMapIntAddrTable OBJECT-TYPE natMappingExtAddressType OBJECT-TYPE
SYNTAX SEQUENCE OF NatMapIntAddrEntry SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of mappings from internal to external address. "Type of the mapping's external address."
::= { natMappingTableEntry 3 }
This table is only applicable to NATs that have an 'IP address natMappingExtAddress OBJECT-TYPE
pooling' behavior of 'Paired' [RFC4787]." SYNTAX InetAddress (SIZE (4|16))
::= { natMapObjects 1 } MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's external address. If this is the undefined
address, all external addresses are mapped to the internal
address."
::= { natMappingTableEntry 4 }
natMapIntAddrEntry OBJECT-TYPE natMappingExtPort OBJECT-TYPE
SYNTAX NatMapIntAddrEntry SYNTAX InetPortNumber
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Mapping from internal to external address." "The mapping's external port number. If this is zero, all
INDEX { natMapIntAddrIntRealm, external ports are mapped to the internal port."
natMapIntAddrType, ::= { natMappingTableEntry 5 }
natMapIntAddrInt }
::= { natMapIntAddrTable 1 }
NatMapIntAddrEntry ::= natMappingIntRealm OBJECT-TYPE
SEQUENCE { SYNTAX SnmpAdminString
natMapIntAddrIntRealm SnmpAdminString, MAX-ACCESS read-only
natMapIntAddrExtRealm SnmpAdminString, STATUS current
natMapIntAddrType InetAddressType, DESCRIPTION
natMapIntAddrInt InetAddress, "The realm to which natMappingIntAddress belongs."
natMapIntAddrExt InetAddress ::= { natMappingTableEntry 6 }
}
natMapIntAddrIntRealm OBJECT-TYPE natMappingIntAddressType OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Realm to which natMapIntAddrInt belongs." "Type of the mapping's internal address."
::= { natMapIntAddrEntry 1 } ::= { natMappingTableEntry 7 }
natMapIntAddrExtRealm OBJECT-TYPE natMappingIntAddress OBJECT-TYPE
SYNTAX SnmpAdminString SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Realm to which natMapIntAddrExt belongs." "The mapping's internal address. If this is the undefined
::= { natMapIntAddrEntry 2 } address, addresses are not translated."
::= { natMappingTableEntry 8 }
natMapIntAddrType OBJECT-TYPE natMappingIntPort OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetPortNumber
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type for natMapIntAddrInt and natMapIntAddrExt." "The mapping's internal port number. If this is zero, ports
::= { natMapIntAddrEntry 3 } are not translated."
::= { natMappingTableEntry 9 }
natMapIntAddrInt OBJECT-TYPE natMappingPool OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16)) SYNTAX NatPoolId (0|1..4294967295)
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal address." "Index of the pool that contains this mapping's external
::= { natMapIntAddrEntry 4 } address and port. If zero, no pool is associated with this
mapping."
::= { natMappingTableEntry 10 }
natMapIntAddrExt OBJECT-TYPE natMappingMapBehavior OBJECT-TYPE
SYNTAX InetAddress SYNTAX NatBehaviorType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"External address." "Mapping behavior as described in [RFC4787] section 4.1."
::= { natMapIntAddrEntry 5 } ::= { natMappingTableEntry 11 }
natMappingTable OBJECT-TYPE natMappingFilterBehavior OBJECT-TYPE
SYNTAX SEQUENCE OF NatMappingTableEntry SYNTAX NatBehaviorType
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of mappings indexed by external 3-tuple." "Filtering behavior as described in [RFC4787] section 5."
::= { natMapObjects 2 } ::= { natMappingTableEntry 12 }
natMappingTableEntry OBJECT-TYPE natMappingAddressPooling OBJECT-TYPE
SYNTAX NatMappingTableEntry SYNTAX NatPoolingType
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A single NAT mapping." "Type of address pooling behavior that was used to create
INDEX { natMappingProto, this mapping."
natMappingExtRealm, ::= { natMappingTableEntry 13 }
natMappingExtAddressType,
natMappingExtAddress,
natMappingExtPort }
::= { natMappingTable 1 }
NatMappingTableEntry ::= -- subscribers
SEQUENCE {
natMappingProto ProtocolNumber,
natMappingExtRealm SnmpAdminString,
natMappingExtAddressType InetAddressType,
natMappingExtAddress InetAddress,
natMappingExtPort InetPortNumber,
natMappingIntRealm SnmpAdminString,
natMappingIntAddressType InetAddressType,
natMappingIntAddress InetAddress,
natMappingIntPort InetPortNumber,
natMappingPool NatPoolId,
natMappingMapBehavior NatBehaviorType,
natMappingFilterBehavior NatBehaviorType,
natMappingAddressPooling NatPoolingType
}
natMappingProto OBJECT-TYPE natSubscribers OBJECT IDENTIFIER ::= { NatObjects 5 }
SYNTAX ProtocolNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's transport protocol number."
::= { natMappingTableEntry 1 }
natMappingExtRealm OBJECT-TYPE natSubscribersTable OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX SEQUENCE OF natSubscribersTableEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The realm to which natMappingExtAddress belongs." "Table of CGN subscribers."
::= { natSubscribers 1 }
::= { natMappingTableEntry 2 } natSubscribersTableEntry OBJECT-TYPE
SYNTAX natSubscribersTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry describes a single CGN subscriber."
INDEX { natSubscriberIdentifierType,
natSubscriberIdentifier }
::= { natSubscribersTable 1 }
natMappingExtAddressType OBJECT-TYPE natSubscribersTableEntry ::=
SYNTAX InetAddressType SEQUENCE {
MAX-ACCESS not-accessible natSubscriberIdentifierType InetAddressType,
STATUS current natSubscriberIdentifier InetAddress,
DESCRIPTION natSubscriberIntPrefixType InetAddressType,
"Type of the mapping's external address." natSubscriberIntPrefix InetAddress,
::= { natMappingTableEntry 3 } natSubscriberIntPrefixLength InetAddressPrefixLength,
natSubscriberPool NatPoolIndex,
natSubscriberCntTranslates Counter64,
natSubscriberCntOOP Counter64,
natSubscriberCntResource Counter64,
natSubscriberCntStateMismatch Counter64,
natSubscriberCntQuota Counter64,
natSubscriberCntMappings Gauge32,
natSubscriberCntMapCreations Counter64,
natSubscriberCntMapRemovals Counter64,
natSubscriberLimitMappings Unsigned32,
natSubscriberMapNotifyThresh Unsigned32
}
natMappingExtAddress OBJECT-TYPE natSubscriberIdentifierType OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16)) SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The mapping's external address. If this is the undefined "Address type of the subscriber identifier."
address, all external addresses are mapped to the internal ::= { natSubscribersTableEntry 1 }
address."
::= { natMappingTableEntry 4 }
natMappingExtPort OBJECT-TYPE natSubscriberIdentifier OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The mapping's external port number. If this is zero, all "Address used for uniquely identifying the subscriber.
external ports are mapped to the internal port."
::= { natMappingTableEntry 5 }
natMappingIntRealm OBJECT-TYPE In traditional NAT, this is the internal address assigned to
SYNTAX SnmpAdminString the CPE. In case an address range is assigned to a
MAX-ACCESS read-only subscriber, the first address in the range is used as
STATUS current identifier. For tunnelled connectivity (e.g., DS-Lite
DESCRIPTION [RFC6333]), the outer address is used as identifier (i.e.,
"The realm to which natMappingIntAddress belongs." the IPv6 address in the case of DS-Lite)."
::= { natMappingTableEntry 6 } ::= { natSubscribersTableEntry 2 }
natMappingIntAddressType OBJECT-TYPE natSubscriberIntPrefixType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Type of the mapping's internal address." "Subscriber's internal prefix type."
::= { natMappingTableEntry 7 } ::= { natSubscribersTableEntry 3 }
natMappingIntAddress OBJECT-TYPE natSubscriberIntPrefix OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The mapping's internal address. If this is the undefined "Prefix assigned to a subscriber's CPE."
address, addresses are not translated." ::= { natSubscribersTableEntry 4 }
::= { natMappingTableEntry 8 }
natMappingIntPort OBJECT-TYPE natSubscriberIntPrefixLength OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The mapping's internal port number. If this is zero, ports are "Length of the prefix assigned to a subscriber's CPE, in
not translated." bits. In case a single address is assigned, this will be 32
::= { natMappingTableEntry 9 } for IPv4 and 128 for IPv6."
::= { natSubscribersTableEntry 5 }
natMappingPool OBJECT-TYPE natSubscriberPool OBJECT-TYPE
SYNTAX NatPoolId (0|1..4294967295) SYNTAX NatPoolIndex
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the pool that contains this mapping's external address "External address pool to which this subscriber belongs."
and port. If zero, no pool is associated with this mapping." ::= { natSubscribersTableEntry 6 }
::= { natMappingTableEntry 10 }
natMappingMapBehavior OBJECT-TYPE natSubscriberCntTranslates OBJECT-TYPE
SYNTAX NatBehaviorType SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Mapping behavior as described in [RFC4787] section 4.1." "The number of packets received from or sent to this
::= { natMappingTableEntry 11 } subscriber and to which NAT has been applied."
::= { natSubscribersTableEntry 7 }
natMappingFilterBehavior OBJECT-TYPE natSubscriberCntOOP OBJECT-TYPE
SYNTAX NatBehaviorType SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Filtering behavior as described in [RFC4787] section 5." "The number of packets received from this subscriber to which
::= { natMappingTableEntry 12 } NAT could not be applied because no external port was
available, excluding quota limitations."
::= { natSubscribersTableEntry 8 }
natMappingAddressPooling OBJECT-TYPE natSubscriberCntResource OBJECT-TYPE
SYNTAX NatPoolingType SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Type of address pooling behavior that was used to create this "The number of packets received from this subscriber to which
mapping." NAT could not be applied because of resource constraints
::= { natMappingTableEntry 13 } (excluding out-of-ports condition)."
::= { natSubscribersTableEntry 9 }
natSubscriberCntStateMismatch OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from or destined to this
subscriber to which NAT could not be applied because of
mapping state mismatch. For example, a TCP packet that
matches an existing mapping but is dropped because its flags
are incompatible with the current state of the mapping would
cause this counter to be incremented."
::= { natSubscribersTableEntry 10 }
natSubscribers OBJECT IDENTIFIER ::= { NatObjects 5 } natSubscriberCntQuota OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from or destined to this
subscriber to which NAT could not be applied because of
quota limitations. Quotas include absolute limits as well as
limits on the rate of allocation."
::= { natSubscribersTableEntry 11 }
natSubscribersTable OBJECT-TYPE natSubscriberCntMappings OBJECT-TYPE
SYNTAX SEQUENCE OF natSubscribersTableEntry SYNTAX Gauge32
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of CGN subscribers." "Number of currently active mappings created by or for this
::= { natSubscribers 1 } subscriber.
natSubscribersTableEntry OBJECT-TYPE Equal to natSubscriberCntMapRemovals -
SYNTAX natSubscribersTableEntry natSubscriberCntMapCreations."
MAX-ACCESS not-accessible ::= { natSubscribersTableEntry 12 }
STATUS current
DESCRIPTION
"Each entry describes a single CGN subscriber."
INDEX { natSubscriberIdentifierType,
natSubscriberIdentifier }
::= { natSubscribersTable 1 }
natSubscribersTableEntry ::= natSubscriberCntMapCreations OBJECT-TYPE
SEQUENCE { SYNTAX Counter64
natSubscriberIdentifierType InetAddressType, MAX-ACCESS read-only
natSubscriberIdentifier InetAddress, STATUS current
natSubscriberIntPrefixType InetAddressType, DESCRIPTION
natSubscriberIntPrefix InetAddress, "Number of mappings created by or for this subscriber."
natSubscriberIntPrefixLength InetAddressPrefixLength, ::= { natSubscribersTableEntry 13 }
natSubscriberPool NatPoolIndex,
natSubscriberCntTranslates Counter64,
natSubscriberCntOOP Counter64,
natSubscriberCntResource Counter64,
natSubscriberCntStateMismatch Counter64,
natSubscriberCntQuota Counter64,
natSubscriberCntMappings Gauge32,
natSubscriberCntMapCreations Counter64,
natSubscriberCntMapRemovals Counter64,
natSubscriberLimitMappings Unsigned32,
natSubscriberMapNotifyThresh Unsigned32
}
natSubscriberIdentifierType OBJECT-TYPE natSubscriberCntMapRemovals OBJECT-TYPE
SYNTAX InetAddressType SYNTAX Counter64
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type of the subscriber identifier." "Number of mappings removed by or for this subscriber."
::= { natSubscribersTableEntry 14 }
::= { natSubscribersTableEntry 1 } natSubscriberLimitMappings OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Limit on the number of active mappings created by or for
this subscriber. Zero means unlimited."
::= { natSubscribersTableEntry 15 }
natSubscriberIdentifier OBJECT-TYPE natSubscriberMapNotifyThresh OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16)) SYNTAX Unsigned32
MAX-ACCESS not-accessible MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address used for uniquely identifying the subscriber. "See NatNotifSubscriberMappings."
::= { natSubscribersTableEntry 16 }
In traditional NAT, this is the internal address assigned to -- object groups
the CPE. In case an address range is assigned to a subscriber,
the first address in the range is used as identifier. For
tunnelled connectivity (e.g., DS-Lite [RFC6333]), the outer
address is used as identifier (i.e., the IPv6 address in the
case of DS-Lite)."
::= { natSubscribersTableEntry 2 }
natSubscriberIntPrefixType OBJECT-TYPE natGroupBasicObjects OBJECT-GROUP
SYNTAX InetAddressType OBJECTS { natCntTranslates,
MAX-ACCESS read-only natCntOOP,
STATUS current natCntResource,
DESCRIPTION natCntStateMismatch,
"Subscriber's internal prefix type." natCntQuota,
::= { natSubscribersTableEntry 3 } natCntMappings,
natCntMapCreations,
natCntMapRemovals,
natCntProtocolTranslates,
natCntProtocolOOP,
natCntProtocolResource,