[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SPD-MIB MAX-ACCESS question

To: ipsec-policy@xxxxxxxx, baerm@xxxxxxxxxxx, hardaker@xxxxxxxxxxx, rs-snmp@xxxxxxxxxxxxxx, cliffwang2000@xxxxxxxxx
Subject: SPD-MIB MAX-ACCESS question
From: Yacine.El_Mghazli@xxxxxxxxxx
Date: Mon, 24 May 2004 10:33:09 +0200
Cc: rafa@xxxxxxxxx
List-archive: <http://www.vpnc.org/ipsec-policy/mail-archive/>
List-id: <ipsec-policy.vpnc.org>
List-unsubscribe: <mailto:ipsec-policy-request@vpnc.org?body=unsubscribe>
Organization: Alcatel R&I
Sender: owner-ipsec-policy@xxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007

dear SPD-MIB authors,

my question is related to the IPSec conf MIB recently splitted into 3 modules. more precisely, it deals with the spdIpHeaderFilter table in the SPD MIB. we re-use it in draft-ietf-pana-snmp-00.txt for filtering purposes.

we noticed the spdIpHeaderFilter table has a MAX-ACCESS = "not-accesible". then how to create such a filter row ? for example like in the example quoted from the SPD-MIB draft below:

------------------------------------------------------------------------
4.1.2 Implementing an example SPD policy

   For our example, let us define and apply the following policy for all
   incoming traffic on a network interface:

o Drop all packets from the host 10.6.6.6.

o Accept all other packets.

   To do this, let us call the set of rules (as a group) "incoming" and
   apply them to the incoming traffic for the interface associated with
   the IPv4 address "10.0.0.1".  For these rules, let us apply a policy
   that accepts all traffic except for packets that arrive from a host
   with an IPv4 address of "10.6.6.6".  To achieve this policy, we would
   follow these steps:

   First, we need to create the rules to institute this policy.  To
   accomplish this, first we have to create the filter for the host.  We
   could do this using the following row insertion into the
   spdIpHeaderFilterTable table:

   SpdIpHeaderFilterEntry(spdIpHeadFiltName = "10.6.6.6")
         = (spdIpHeadFiltType            = 0x80,        -- sourceAddress
            spdIpHeadFiltIPVersion       = 1,           -- IPv4
            spdIpHeadFiltSrcAddressBegin = 0x0a060606,
            spdIpHeadFiltSrcAddressEnd   = 0x0a060606,
            spdIpHeadFiltRowStatus       = 5)           -- createAndGo
------------------------------------------------------------------------

can you elaborate on this ?

thanks in advance,
yacine

-------- Original Message --------
Subject: PANA and SNMP doubt
Date: Mon, 10 May 2004 18:50:29 +0200
From: Rafael Marin Lopez <rafa@xxxxxxxxx>
To: yacine.el_mghazli@xxxxxxxxxx

Hello Yacine... I have a doubt draft SNMP usage for PAA-2-EP interface

I am reading it and in page 12 says:


"For Ipv4/v6 address-based filters provisioning, the IPSec SPD-MIB
     provides means to filter the traffic based on the IP header
     information. SPD-MIB "spdIpHeaderFilter" table provides such
     facilities: one can define the various tests that are used when
     evaluating a given IP packet. The various tests definable in this
     table are as follows:"

I have taken a look SPD-MIB and this table has a MAX-ACCESS =
not-accesible ... then how could you add this tests text explains?

Regards..

--
------------------------------------------------------
Rafael Marin Lopez
Faculty of Computer Science-University of Murcia
30071 Murcia - Spain
Telf: +34968367645    e-mail: rafa@xxxxxxxxx
------------------------------------------------------

Follow-Ups:
- Re: SPD-MIB MAX-ACCESS question
  - From: Robert Story

Prev by Date: work on ipsec APIREQ
Next by Date: Re: SPD-MIB MAX-ACCESS question
Previous by thread: work on ipsec APIREQ
Next by thread: Re: SPD-MIB MAX-ACCESS question
Index(es):
- Date
- Thread