INTERNET DRAFT I. Jeyasubramanian FSPL June 12, 1997 Definitions of Managed Objects for IEEE 802.1q Virtual LAN Bridges draft-jeya-vlan-8021q-mib-01.txt Status of This Memo This document is an Internet-Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months, and may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material, or to cite them other than as a ``working draft'' or ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the internet-drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). 1. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular it describes objects used for managing bridges based on the IEEE 802.1q draft standard between Local Area Network (LAN) segments. This memo uses SNMPv2 as the basis for defining VLAN MIB, and refers to other MIBs whose published definitions use SNMPv2 convention Jeyasubramanian Expires November 17, 1997 [Page 1] Internet Draft VLAN Bridge MIB June 1997 2. The SNMPv2 Network Management Framework The SNMPv2 Network Management Framework presently consists of four major components. They are: o RFC 1902 [1] which defines the SMI, the mechanisms used for describing and naming objects for the purpose of management o RFC 1213 [2] defines MIB-II, the core set of managed objects for the Internet suite of protocols. o RFC 1157 [3] and RFC 1905 [4] which defines two versions of the protocol used network access to managed objects. The Framework permits new objects to be defined for the purpose of experimentation and evaluation. 3. Objects Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) defined in the SMI. In particular, each object object type is named by an OBJECT IDENTIFIER, an administratively assigned name. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, we often use a textual string, termed the descriptor, to also refer to the object type. 4. Overview Virtual LAN (VLAN) is now an integral feature of switched LAN networks. VLAN can be viewed as a group of end-stations on multiple LAN segments and can communicate as if they were on a single LAN. The VLAN Bridge which implements Virtual LAN provides the following benefits. (i) Broadcast containment (ii) Security (iii) Easy administration Jeyasubramanian Expires November 17, 1997 [Page 2] Internet Draft VLAN Bridge MIB June 1997 There are various styles in which Virtual LANs can be defined. (i) Port based VLAN (ii) MAC address based VLAN (iii) Protocol based VLAN (iv) IP Subnet based VLAN (v) IP Multicast based VLAN (vi) ELAN based VLAN (vii) Policy based VLAN IEEE 802.1q is currently working on port based Virtual LAN. This memo defines those objects needed for the management of a Port based VLAN. The definitions presented here are based on Section 7, "VLAN Bridge management" of IEEE Draft 802.1q-1997 [7]. 4.1. Structure of MIB The Managed objects in this MIB are arranged into a single group. The overall structure and assignment of objects to the group is shown below. The mapping of IEEE 802.1q management objects is also included. VLAN Bridge MIB Name IEEE 802.1q Name ==================== ================ dot1qVlan BridgeVlanConfiguration Version .VersionNumber NumVlans VlanTypesSupported TriggerPortSet .TriggerPortSet PortTable Port .PortNumber PVID .PVID ConfigTable VlanConfiguration Identifier .VlanIdentifier VlanTypeInIngress UntaggedPortList .ListOfUntaggedPorts EgressPortList .ListOfEgressPorts Enable 5. Application of MIB II to VLAN 5.1. The 'interfaces' Group The Interfaces Group of MIB II defines generic managed objects for managing interfaces. This memo contains the media-specific extensions to the Interfaces Group for managing VLAN interfaces. Jeyasubramanian Expires November 17, 1997 [Page 3] Internet Draft VLAN Bridge MIB June 1997 This memo assumes the interpretation of the Interfaces Group to be in accordance with [5] which states that the interfaces table (ifTable) contains information on the managed resource's interfaces and that each sub-layer below the internetwork layer of a network interface is considered an interface. Thus the VLAN interface is represented as an entry in the ifTable. The inter-relation of entries in the ifTable is defined by Interfaces Stack Group defined in [5]. 5.1.1. Interpretations of ifTable for VLAN Some specific interpretations of ifTable for the VLAN layer follow. ifTable Object Use for VLAN Layer ============== ================== ifIndex Each VLAN is represented by an entry in the ifTable. ifDescr Description of the VLAN. ifType Type of the VLAN. ifSpeed The bandwidth in bits per second for use by the VLAN layer. ifPhysAddress see interfaces MIB [5]. ifAdminStatus see interfaces MIB [5]. ifOperStatus see interfaces MIB [5]. ifLastChange see interfaces MIB [5]. ifName Textual name (unique on this system) of the VLAN or an octet string of zero length. ifLinkUpDownTrapenable Default is disabled (2). ifConnectorPresent Set to false (2). ifPromiscuousMode Set to false (2). ifHighSpeed Set to false (2). ifHCInOctets The 64-bit version of ifInOctets; supported if required by the compliance statements in [5]. Jeyasubramanian Expires November 17, 1997 [Page 4] Internet Draft VLAN Bridge MIB June 1997 ifHCOutOctets The 64-bit version of ifOutOctets; supported if required by the compliance statements in [5]. 5.1.2. Interpretations of ifStackTable for VLAN This section describes by example how to use ifStackTable to represent the relationship of VLAN with router interfaces. Implementors of the stack table for VLAN interface should look at the appropriate RFC for the service being stacked on VLAN. Examples given below are for illustration purposes only. Example: A router over VLAN interfaces. +---------------------------------------------+ | Router | +---------------------------------------------+ | | | +-------------------+ +------------+ +--------+ | VLAN 1 | | VLAN 2 | | VLAN 3 | +-------------------+ +------------+ +--------+ | | | | +-------------------+ +------------+ +--------+ | Ethernet | | Token Ring | | LANE | | 1 2 | | 1 | | 1 | +-------------------+ +------------+ +--------+ The assignment of the index values could for example be: ifIndex Description ======= =========== 1 IP Router 2 VLAN #1 3 VLAN #2 4 VLAN #3 5 Ethernet #1 6 Ethernet #2 7 Token Ring #1 8 LANE #1 The ifStackTable is then used to show the relationships between the various interfaces. Jeyasubramanian Expires November 17, 1997 [Page 5] Internet Draft VLAN Bridge MIB June 1997 ifStackTableEntries =================== HigherLayer LowerLayer =========== ========== 0 1 1 2 1 3 1 4 2 5 2 6 3 7 4 8 5 0 6 0 7 0 8 0 6. Definitions VLAN-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF ifIndex FROM IF-MIB; dot1qVlan MODULE-IDENTITY LAST-UPDATED "9706121330Z" ORGANIZATION "IETF" CONTACT-INFO " Jeyasubramanian Postal: Future Software Private Limited 481, Mount Road, Nandanam, Madras-600 035. INDIA Tel: +91 44 4340323 Fax: +91 44 4344157 E-mail: jeyai@future.futsoft.com" DESCRIPTION "The MIB module for managing VLAN switches." ::= { experimental XX } Jeyasubramanian Expires November 17, 1997 [Page 6] Internet Draft VLAN Bridge MIB June 1997 dot1qVlanVersion OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The 802.1q VLAN Version number. Reported as '1' by devices which implement VLAN functionality as per the draft P802.1q/D5." REFERENCE "P802.1q/D5, February 28, 1997: Section 7.2.1.3" ::= { dot1qVlan 1 } dot1qVlanNumVlans OBJECT-TYPE SYNTAX INTEGER (0..4095) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of VLANs associated with this VLAN bridge. The number of VLANs supported by the bridge can not exceed 4095." REFERENCE "P802.1q/D5, February 28, 1997: Section 4.3.2.3" ::= { dot1qVlan 2 } dot1qVlanTypesSupported OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The type of VLANs supported by this VLAN bridge. Here each bit position indicates the type of Vlans supported by this VLAN bridge. 0 - Port based VLAN. 1 - MAC Address based VLAN. 2 - Protocol based VLAN. 3 - IP Subnet based VLAN. 4 - IP Multicast based VLAN. 5 - ELAN based VLAN. 6 - Policy based VLAN" REFERENCE "P802.1q/D5, February 28, 1997: Section C.2.2" ::= { dot1qVlan 3 } dot1qVlanTriggerPortSetMembers OBJECT-TYPE SYNTAX OCTET STRING (SIZE(8)) MAX-ACCESS read-write STATUS current Jeyasubramanian Expires November 17, 1997 [Page 7] Internet Draft VLAN Bridge MIB June 1997 DESCRIPTION "The set of ports that are members of the Trigger Port Set. Each octet within the value of this object specifies a set of eight ports, with the first octet specifying ports 1 through 8, the second octet specifying ports 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered port, and the least significant bit represents the highest numbered port. Thus, each port of the VLAN bridge is represented by a single bit within the value of this object. If that bit has a value of '1' then that port is included in the set of ports; the port is not included if its bit has a value of '0'. (Note that the setting of the bit corresponding to the port from which a frame is received is irrelevant.)" DEFVAL { 0 } REFERENCE "P802.1q/D5, February 28, 1997: Section 6.3" ::= { dot1qVlan 4 } -- The PVID Group -- Implementation of this group is mandatory for all -- VLAN bridges. -- The PVID Group consists of one table -- PVID -- PVID Table dot1qVlanPvidTable OBJECT-TYPE SYNTAX SEQUENCE OF Dot1qVlanPvidEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains information about every port that is associated with this VLAN bridge." REFERENCE "P802.1q/D5, February 28, 1997: Section 7.3.1" ::= { dot1qVlan 5 } dot1qVlanPvidEntry OBJECT-TYPE SYNTAX Dot1qVlanPvidEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of PVID nformation for each port of a VLAN bridge." Jeyasubramanian Expires November 17, 1997 [Page 8] Internet Draft VLAN Bridge MIB June 1997 INDEX { ifIndex } REFERENCE "P802.1q/D5, February 28, 1997: Section 7.3.1" ::= { dot1qVlanPortTable 1 } Dot1qVlanPvidEntry ::= SEQUENCE { dot1qVlanPort INTEGER, dot1qVlanPvid INTEGER } dot1qVlanPort OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-only STATUS current DESCRIPTION "The port number of the port for which this entry contains VLAN bridging management information." REFERENCE "P802.1q/D5, February 28, 1997: Section 7.3.1" ::= { dot1qVlanPortEntry 1 } dot1qVlanPvid OBJECT-TYPE SYNTAX INTEGER (1..4095) MAX-ACCESS read-only STATUS current DESCRIPTION "A 12 bit Port VLAN Identifier for this Port. 0 - The Null VLAN ID. It is used when the Tag Header contains only user_priority information; No VLAN identifier is present in the frame. This number is not allowed here. 1 - The Default PVID value used for tagging frames on ingress through a Bridge Port. The PVID used for Port-based tagging of frames can be changed by management." REFERENCE "P802.1q/D5, February 28, 1997: Section 3.4.1.1" DEFVAL { 1 } ::= { dot1qVlanPortEntry 2 } -- The VLAN Config Group -- Implementation of this group is mandatory for all -- VLAN bridges. Jeyasubramanian Expires November 17, 1997 [Page 9] Internet Draft VLAN Bridge MIB June 1997 -- The VLAN Config Group consists of one table -- VLAN Configuration -- VLAN Configuration Table dot1qVlanConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF Dot1qVlanConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table that contains information about every VLAN that is associated with this VLAN bridge." REFERENCE "P802.1q/D5, February 28, 1997: Section 7.3" ::= { dot1qVlan 6 } dot1qVlanConfigEntry OBJECT-TYPE SYNTAX Dot1qVlanConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information for each VLAN of a VLAN bridge." INDEX { ifIndex } REFERENCE "P802.1q/D5, February 28, 1997: Section 7.3" ::= { dot1qVlanConfigTable 1 } Dot1qVlanConfigEntry ::= SEQUENCE { dot1qVlanIdentifier INTEGER, dot1qVlanTypeInIngress INTEGER, dot1qVlanUntaggedPortList OCTET STRING, dot1qVlanEgressPortList OCTET STRING, dot1qVlanEnable INTEGER } dot1qVlanIdentifier OBJECT-TYPE SYNTAX INTEGER (1..4095) MAX-ACCESS read-write STATUS current DESCRIPTION "A 12 bit Identifier for this VLAN. Jeyasubramanian Expires November 17, 1997 [Page 10] Internet Draft VLAN Bridge MIB June 1997 0 - The Null VLAN ID. It is used when the Tag Header contains only user_priority information; No VLAN identifier is present in the frame. This number is not allowed here. 1 - The Default PVID value used for tagging frames on ingress through a Bridge Port. The PVID used for Port-based tagging of frames can be changed by management." REFERENCE "P802.1q/D5, February 28, 1997: Section 3.4.1.1" ::= { dot1qVlanConfigEntry 1 } dot1qVlanTypeInIngress OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "VLAN type used in ingress ports for VLAN classification of Untagged frames 0 - Port based VLAN. 1 - MAC address based VLAN. 2 - Protocol based VLAN. 3 - IP Subnet based VLAN. 4 - IP Multicast based VLAN. 5 - ELAN based VLAN. 6 - Policy based VLAN." REFERENCE "P802.1q/D5, February 28, 1997: Section C.2.2" ::= { dot1qVlanConfigEntry 2 } dot1qVlanUntaggedPortList OBJECT-TYPE SYNTAX OCTET STRING (SIZE(8)) MAX-ACCESS read-write STATUS current DESCRIPTION "The set of ports to which traffic destined for this VLAN should be untagged. Each octet within the value of this object specifies a set of eight ports, with the first octet specifying ports 1 through 8, the second octet specifying ports 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered port, and the least significant bit represents the highest numbered port. Thus, each port of the VLAN bridge is represented by a single bit within the value of this object. If that bit has a value of '1' then that port is included in the set of ports; the port is not included if its bit has a value of '0'. (Note that the setting of the bit corresponding to the port from Jeyasubramanian Expires November 17, 1997 [Page 11] Internet Draft VLAN Bridge MIB June 1997 which a frame is received is irrelevant.)" REFERENCE "P802.1q/D5, February 28, 1997: Section 7.3.1" ::= { dot1qVlanConfigEntry 3 } dot1qVlanEgressPortList OBJECT-TYPE SYNTAX OCTET STRING (SIZE(8)) MAX-ACCESS read-write STATUS current DESCRIPTION "The set of ports to which traffic destined for this VLAN may be transmitted. Each octet within the value of this object specifies a set of eight ports, with the first octet specifying ports 1 through 8, the second octet specifying ports 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered port, and the least significant bit represents the highest numbered port. Thus, each port of the VLAN bridge is represented by a single bit within the value of this object. If that bit has a value of '1' then that port is included in the set of ports; the port is not included if its bit has a value of '0'. (Note that the setting of the bit corresponding to the port from which a frame is received is irrelevant.)" REFERENCE "P802.1q/D5, February 28, 1997: Section 7.3.1" ::= { dot1qVlanConfigEntry 4 } dot1qVlanEnable OBJECT-TYPE SYNTAX INTEGER { disable(1), enable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "disable - This operation causes the VLAN Identifier to be removed from the Untagged set in the Port Egress Lists of all ports of the Bridge. enable - This operation causes the VLAN Identifier to be included in the Untagged set of the Port Egress List for each Port, in accordance with the configuration specified. " REFERENCE "P802.1q/D5, February 28, 1997: Sections 7.3.4 and 7.3.5" DEFVAL { disable } ::= { dot1qVlanConfigEntry 5 } Jeyasubramanian Expires November 17, 1997 [Page 12] Internet Draft VLAN Bridge MIB June 1997 END 7. References [1] SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1902, January 1996. [2] McCloghrie, K., and M.Rose, "Management Information Base for Network Management of TCP/IP-based internets - MIB-II", RFC 1213, Hughes LAN systems, Performance systems International, March 1991. [3] Case, J., Fedor, M., Schoffstall, M., and J. Davin. " A simple Network Management Protocol (SNMP)", STD 15, RFC 1157, SNMP Research, Performance Systems International, MIT Lab for Computer Science, May 1990. [4] SNMPv2 working Group, Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [5] McCloghrie, K. and F. Kastenholz, "Evolution of the Interfaces Group of MIB-II", RFC 1573, Hughes LAN Systems, FTP Software, January 1994. [6] ANSI/IEEE Draft P802.1d/D9 MAC Bridges, "IEEE Project 802 Local and Metropolitan Area Networks", July 14, 1989. [7] IEEE Standards for Local and Metropolitan Area Networks: Draft Standard for Virtual Bridged Local Area Networks, P802.1q/D5, February 28, 1997. 8. Acknowledgments This draft is based on IEEE Draft P802.1q/D5. The author wish to thank Sharon Barkai for his many comments and suggestions which improved this effort. Jeyasubramanian Expires November 17, 1997 [Page 13] Internet Draft VLAN Bridge MIB June 1997 9. Security Considerations Security issues are not discussed in this memo. 10. Authors' Address I.Jeyasubramanian Future Software Private Limited. Madras - 600 035, INDIA. Phone: +91-44-4340323 Fax: +91-44-4344157 Email: jeyai@future.futsoft.com Table of Contents 1. Abstract ................................................... 1 2. The SNMPv2 Network Management Framework .................... 2 3. Objects .................................................... 2 4. Overview ................................................... 2 4.1. Structure of MIB ......................................... 3 5. Application MIB II to VLAN ................................. 3 5.1. The 'interfaces' Group ................................... 3 5.1.1. Interpretations of ifTable for VLAN .................... 4 5.1.2. Interpretations of ifStackTable for VLAN ............... 5 6. Definitions ................................................. 6 7. References ................................................. 13 8. Acknowledgments ............................................ 13 9. Security Considerations .................................... 14 10. Author's Address ........................................... 14 Jeyasubramanian Expires November 17, 1997 [Page 14]