tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 4444

 
 
 

Management Information Base for Intermediate System to Intermediate System (IS-IS)

Part 4 of 4, p. 65 to 103
Prev RFC Part

 


prevText      Top      Up      ToC       Page 65 
    isisIPRANextHop OBJECT-TYPE
        SYNTAX InetAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The IP next hop to this destination.

             The type of this address is determined by the value of
             the isisIPRANextHopType object."
    ::= { isisIPRAEntry 6 }

    isisIPRAType OBJECT-TYPE
        SYNTAX INTEGER
            {
                manual (1),
                automatic (2)
            }
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The type of this IP Reachable Address.  Those of type
             manual are created by the network manager.  Those of type
             automatic are created through propagation of routing
             information from another routing protocol.  This object
             follows the ManualOrAutomatic behavior."
    ::= { isisIPRAEntry 7 }

    isisIPRAExistState OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The state of this IP Reachable Address.  This object
             follows the ExistenceState and ManualOrAutomatic
             behaviors.  Support for 'createAndWait' and
             'notInService' is not required.

             A row entry cannot be modified when the value of this
             object is 'active'."
    ::= { isisIPRAEntry 8 }

    isisIPRAAdminState OBJECT-TYPE
        SYNTAX IsisAdminState
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The administrative state of the IP Reachable Address.  This
             object follows the IsisAdminState and ManualOrAutomatic

Top      Up      ToC       Page 66 
             behaviors."
        DEFVAL { off }
    ::= { isisIPRAEntry 9 }

    isisIPRAMetric OBJECT-TYPE
        SYNTAX IsisDefaultMetric
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The metric value for reaching the specified
             destination over this circuit.  This object follows the
             ManualOrAutomatic behavior."
        DEFVAL { 10 }
    ::= { isisIPRAEntry 10 }

    isisIPRAMetricType OBJECT-TYPE
        SYNTAX IsisMetricType
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Indicates whether the metric is internal or
             external.  This object follows the ManualOrAutomatic
             behavior."
        DEFVAL { internal }
    ::= { isisIPRAEntry 11 }

    isisIPRAFullMetric OBJECT-TYPE
        SYNTAX IsisFullMetric
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The wide metric value for reaching the specified
             destination over this circuit.  This object follows the
             ManualOrAutomatic behavior."
        DEFVAL { 10 }
    ::= { isisIPRAEntry 12 }

    isisIPRASNPAAddress OBJECT-TYPE
        SYNTAX IsisOSINSAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The SNPA Address to which a PDU may be forwarded in
             order to reach a destination that matches this IP
             Reachable Address.  This object follows the
             ManualOrAutomatic behavior."
        DEFVAL { ''H }
    ::= { isisIPRAEntry 13 }

Top      Up      ToC       Page 67 
    isisIPRASourceType OBJECT-TYPE
        SYNTAX INTEGER
            {
                static (1),
                direct (2),
                ospfv2 (3),
                ospfv3 (4),
                isis   (5),
                rip    (6),
                igrp   (7),
                eigrp  (8),
                bgp    (9),
                other (10)
            }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The origin of this route."
    ::= { isisIPRAEntry 14 }

-- The LSP Database Table
--
-- The first table provides Summary Information about LSPs
-- The next table provides a complete record

    isisLSPSummaryTable OBJECT-TYPE
        SYNTAX SEQUENCE OF IsisLSPSummaryEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The table of LSP Headers."
    ::= { isisLSPDataBase 1 }

    isisLSPSummaryEntry OBJECT-TYPE
        SYNTAX IsisLSPSummaryEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Each entry provides a summary describing an
             LSP currently stored in the system.

             Dynamically learned rows will not survive an
             agent reboot."
        INDEX {  isisLSPLevel,
                 isisLSPID }
    ::= { isisLSPSummaryTable 1 }

    IsisLSPSummaryEntry ::=

Top      Up      ToC       Page 68 
        SEQUENCE {
            isisLSPLevel
                IsisISLevel,
            isisLSPID
                IsisLinkStatePDUID,
            isisLSPSeq
                Unsigned32,
            isisLSPZeroLife
                TruthValue,
            isisLSPChecksum
                IsisUnsigned16TC,
            isisLSPLifetimeRemain
                IsisUnsigned16TC,
            isisLSPPDULength
                IsisUnsigned16TC,
            isisLSPAttributes
                IsisUnsigned8TC
        }

    isisLSPLevel OBJECT-TYPE
        SYNTAX IsisISLevel
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "At which level does this LSP appear?"
    ::= { isisLSPSummaryEntry 1 }

    isisLSPID OBJECT-TYPE
        SYNTAX IsisLinkStatePDUID
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The 8-byte LSP ID for this Link State PDU."
    ::= { isisLSPSummaryEntry 2 }

    isisLSPSeq OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The sequence number for this LSP."
    ::= { isisLSPSummaryEntry 3 }

    isisLSPZeroLife OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION

Top      Up      ToC       Page 69 
            "Is this LSP being purged by this system?"
    ::= { isisLSPSummaryEntry 4 }

    isisLSPChecksum OBJECT-TYPE
        SYNTAX IsisUnsigned16TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The 16-bit Fletcher Checksum for this LSP."
    ::= { isisLSPSummaryEntry 5 }

    isisLSPLifetimeRemain OBJECT-TYPE
        SYNTAX IsisUnsigned16TC
        UNITS "seconds"
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The remaining lifetime, in seconds, for this LSP."
    ::= { isisLSPSummaryEntry 6 }

    isisLSPPDULength OBJECT-TYPE
        SYNTAX IsisUnsigned16TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The length of this LSP."
    ::= { isisLSPSummaryEntry 7 }

    isisLSPAttributes OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Flags carried by the LSP."
    ::= { isisLSPSummaryEntry 8 }

-- LSP Table
--
-- The full LSP as a sequence of {Type, Len, Value} tuples
-- Since the underlying LSP may have changed while downloading
-- TLVs, we provide the Sequence number and Checksum for each
-- LSP TLV, so the network manager may verify that they are
-- still working on the same version of the LSP.

    isisLSPTLVTable OBJECT-TYPE
        SYNTAX SEQUENCE OF IsisLSPTLVEntry
        MAX-ACCESS not-accessible
        STATUS current

Top      Up      ToC       Page 70 
        DESCRIPTION
            "The table of LSPs in the database."
    ::= { isisLSPDataBase 2 }

    isisLSPTLVEntry OBJECT-TYPE
        SYNTAX IsisLSPTLVEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Each entry describes a TLV within
             an LSP currently stored in the system.

             Dynamically learned rows will not survive an
             agent reboot."
        INDEX {  isisLSPLevel,
                 isisLSPID,
                 isisLSPTLVIndex }
    ::= { isisLSPTLVTable 1 }

    IsisLSPTLVEntry ::=
        SEQUENCE {
            isisLSPTLVIndex
                Unsigned32,
            isisLSPTLVSeq
                Unsigned32,
            isisLSPTLVChecksum
                IsisUnsigned16TC,
            isisLSPTLVType
                IsisUnsigned8TC,
            isisLSPTLVLen
                IsisUnsigned8TC,
            isisLSPTLVValue
                OCTET STRING
        }

    isisLSPTLVIndex OBJECT-TYPE
        SYNTAX Unsigned32(1..4294967295)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The index of this TLV in the LSP.  The first TLV has
             index 1, and the Nth TLV has an index of N."
    ::= { isisLSPTLVEntry 1 }

    isisLSPTLVSeq OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS read-only
        STATUS current

Top      Up      ToC       Page 71 
        DESCRIPTION
            "The sequence number for this LSP."
    ::= { isisLSPTLVEntry 2 }

    isisLSPTLVChecksum OBJECT-TYPE
        SYNTAX IsisUnsigned16TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The 16-bit Fletcher Checksum for this LSP."
    ::= { isisLSPTLVEntry 3 }

    isisLSPTLVType OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The type of this TLV."
    ::= { isisLSPTLVEntry 4 }

    isisLSPTLVLen OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The length of this TLV."
    ::= { isisLSPTLVEntry 5 }

    isisLSPTLVValue OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(0..255))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The value of this TLV."
    ::= { isisLSPTLVEntry 6 }


-- The IS-IS Notification Table

-- The IS-IS Notification Table records fields that are
-- required for notifications

    isisNotificationEntry OBJECT IDENTIFIER
        ::= { isisNotification 1 }

    isisNotificationSysLevelIndex OBJECT-TYPE
        SYNTAX IsisLevel
        MAX-ACCESS accessible-for-notify

Top      Up      ToC       Page 72 
        STATUS current
        DESCRIPTION
            "The system level for this notification."
    ::= { isisNotificationEntry 1 }

    isisNotificationCircIfIndex OBJECT-TYPE
        SYNTAX Unsigned32 (1..2147483647)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The identifier of this circuit relevant to
             this notification."
    ::= { isisNotificationEntry 2 }

    isisPduLspId OBJECT-TYPE
        SYNTAX IsisLinkStatePDUID
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "An Octet String that uniquely identifies
             a Link State PDU."
    ::= { isisNotificationEntry 3 }

    isisPduFragment OBJECT-TYPE
        SYNTAX IsisPDUHeader
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds up to 64 initial bytes of a PDU that
             triggered the notification."
    ::= { isisNotificationEntry 4 }

    isisPduFieldLen OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the System ID length reported in PDU we received."
    ::= { isisNotificationEntry 5 }

    isisPduMaxAreaAddress OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the Max Area Addresses reported in a PDU
             we received."
    ::= { isisNotificationEntry 6 }

Top      Up      ToC       Page 73 
    isisPduProtocolVersion OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the Protocol version reported in PDU we received."
    ::= { isisNotificationEntry 7 }

    isisPduLspSize OBJECT-TYPE
        SYNTAX Unsigned32 (0..2147483647)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the size of LSP we received that is too
             big to forward."
    ::= { isisNotificationEntry 8 }

    isisPduOriginatingBufferSize OBJECT-TYPE
        SYNTAX IsisUnsigned16TC (0..16000)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the size of isisSysLevelOrigLSPBuffSize advertised
             by the peer in the originatingLSPBufferSize TLV.
             If the peer does not advertise this TLV, this
             value is set to 0."
    ::= { isisNotificationEntry 9 }

    isisPduBufferSize OBJECT-TYPE
        SYNTAX IsisUnsigned16TC (0..16000)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the size of LSP received from peer."
    ::= { isisNotificationEntry 10 }

    isisPduProtocolsSupported OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(0..255))
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The list of protocols supported by an
             adjacent system.  This may be empty."
    ::= { isisNotificationEntry 11 }

    isisAdjState OBJECT-TYPE
        SYNTAX INTEGER
            {

Top      Up      ToC       Page 74 
                 down (1),
                 initializing (2),
                 up (3),
                 failed(4)
            }
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The current state of an adjacency."
    ::= { isisNotificationEntry 12 }

    isisErrorOffset OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "An offset to a problem in a PDU.  If the problem
             is a malformed TLV, this points to the beginning
             of the TLV.  If the problem is in the header, this
             points to the byte that is suspicious."
    ::= { isisNotificationEntry 13 }

    isisErrorTLVType OBJECT-TYPE
        SYNTAX Unsigned32 (0..255)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
             "The type for a malformed TLV."
    ::= { isisNotificationEntry 14 }

    isisNotificationAreaAddress OBJECT-TYPE
        SYNTAX IsisOSINSAddress
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "An Area Address."
    ::= { isisNotificationEntry 15 }

-- Notification definitions
--
-- Note that notifications can be disabled by setting
--     isisSysNotificationEnable false

    isisDatabaseOverload NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisSysLevelState
        }

Top      Up      ToC       Page 75 
        STATUS current
        DESCRIPTION
            "This notification is generated when the system
             enters or leaves the Overload state.  The number
             of times this has been generated and cleared is kept
             track of by isisSysStatLSPDbaseOloads."
    ::= { isisNotifications 1 }

    isisManualAddressDrops NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationAreaAddress
        }
        STATUS current
        DESCRIPTION
            "This notification is generated when one of the
             manual areaAddresses assigned to this system is
             ignored when computing routes.  The object
             isisNotificationAreaAddress describes the area that
             has been dropped.

             The number of times this event has been generated
             is counted by isisSysStatManAddrDropFromAreas.

             The agent must throttle the generation of
             consecutive isisManualAddressDrops notifications
             so that there is at least a 5-second gap between
             notifications of this type.  When notifications
             are throttled, they are dropped, not queued for
             sending at a future time."
    ::= { isisNotifications 2 }

    isisCorruptedLSPDetected NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisPduLspId
        }
        STATUS current
        DESCRIPTION
            "This notification is generated when we find that
             an LSP that was stored in memory has become
             corrupted.  The number of times this has been
             generated is counted by isisSysCorrLSPs.

             We forward an LSP ID.  We may have independent
             knowledge of the ID, but in some implementations
             there is a chance that the ID itself will be
             corrupted."

Top      Up      ToC       Page 76 
    ::= { isisNotifications 3 }

    isisAttemptToExceedMaxSequence NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisPduLspId
        }
        STATUS current
        DESCRIPTION
            "When the sequence number on an LSP we generate
             wraps the 32-bit sequence counter, we purge and
             wait to re-announce this information.  This
             notification describes that event.  Since these
             should not be generated rapidly, we generate
             an event each time this happens.

             While the first 6 bytes of the LSPID are ours,
             the other two contain useful information."

    ::= { isisNotifications 4 }

    isisIDLenMismatch  NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisPduFieldLen,
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with a different value for the System ID Length.
             This notification includes an index to identify
             the circuit where we saw the PDU and the header of
             the PDU, which may help a network manager identify
             the source of the confusion.

             The agent must throttle the generation of
             consecutive isisIDLenMismatch notifications
             so that there is at least a 5-second gap between
             notifications of this type.  When notifications
             are throttled, they are dropped, not queued for
             sending at a future time."

    ::= { isisNotifications 5 }

    isisMaxAreaAddressesMismatch NOTIFICATION-TYPE
        OBJECTS {

Top      Up      ToC       Page 77 
            isisNotificationSysLevelIndex,
            isisPduMaxAreaAddress,
            isisNotificationCircIfIndex,
            isisPduFragment
        }

        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with a different value for the Maximum Area
             Addresses.  This notification includes the
             header of the packet, which may help a
             network manager identify the source of the
             confusion.

             The agent must throttle the generation of
             consecutive isisMaxAreaAddressesMismatch
             notifications so that there is at least a 5-second
             gap between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 6 }

    isisOwnLSPPurge NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with our systemID and zero age.  This
             notification includes the circuit Index
             and router ID from the LSP, if available,
             which may help a network manager
             identify the source of the confusion."

    ::= { isisNotifications 7 }

    isisSequenceNumberSkip NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId
        }
        STATUS current

Top      Up      ToC       Page 78 
        DESCRIPTION
            "When we receive an LSP with our System ID
             and different contents, we may need to reissue
             the LSP with a higher sequence number.

             We send this notification if we need to increase
             the sequence number by more than one.  If two
             Intermediate Systems are configured with the same
             System ID, this notification will fire."

    ::= { isisNotifications 8 }

    isisAuthenticationTypeFailure NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with the wrong authentication type field.
             This notification includes the header of the
             packet, which may help a network manager
             identify the source of the confusion.

             The agent must throttle the generation of
             consecutive isisAuthenticationTypeFailure
             notifications so that there is at least a 5-second
             gap between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 9 }

    isisAuthenticationFailure NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with an incorrect authentication information
             field.  This notification includes the header
             of the packet, which may help a network manager
             identify the source of the confusion.

Top      Up      ToC       Page 79 
             The agent must throttle the generation of
             consecutive isisAuthenticationFailure
             notifications so that there is at least a 5-second
             gap between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 10 }

    isisVersionSkew NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduProtocolVersion,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a Hello
             PDU from an IS running a different version
             of the protocol.  This notification includes
             the header of the packet, which may help a
             network manager identify the source of the
             confusion.

             The agent must throttle the generation of
             consecutive isisVersionSkew notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 11 }

    isisAreaMismatch NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a Hello
             PDU from an IS that does not share any
             area address.  This notification includes
             the header of the packet, which may help a
             network manager identify the source of the
             confusion.

Top      Up      ToC       Page 80 
             The agent must throttle the generation of
             consecutive isisAreaMismatch notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 12 }

    isisRejectedAdjacency NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a Hello
             PDU from an IS but do not establish an
             adjacency for some reason.

             The agent must throttle the generation of
             consecutive isisRejectedAdjacency notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 13 }

    isisLSPTooLargeToPropagate NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspSize,
            isisPduLspId
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we attempt to propagate
             an LSP that is larger than the dataLinkBlockSize
             for the circuit.

             The agent must throttle the generation of
             consecutive isisLSPTooLargeToPropagate notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not

Top      Up      ToC       Page 81 
             queued for sending at a future time."

    ::= { isisNotifications 14 }

    isisOrigLSPBuffSizeMismatch NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId,
            isisPduOriginatingBufferSize,
            isisPduBufferSize
        }
        STATUS current
        DESCRIPTION
            "A notification sent when a Level 1 LSP or Level
             2 LSP is received that is larger than the local
             value for isisSysLevelOrigLSPBuffSize, or when an
             LSP is received that contains the supported Buffer Size
             option and the value in the PDU option field does
             not match the local value for isisSysLevelOrigLSPBuffSize.
             We pass up the size from the option field and the
             size of the LSP when one of them exceeds our configuration.

             The agent must throttle the generation of
             consecutive isisOrigLSPBuffSizeMismatch notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 15 }

    isisProtocolsSupportedMismatch NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduProtocolsSupported,
            isisPduLspId,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when a non-pseudonode
             segment 0 LSP is received that has no matching
             protocols supported.  This may be because the system
             does not generate the field, or because there are no
             common elements.  The list of protocols supported
             should be included in the notification: it may be

Top      Up      ToC       Page 82 
             empty if the TLV is not supported, or if the
             TLV is empty.

             The agent must throttle the generation of
             consecutive isisProtocolsSupportedMismatch
             notifications so that there is at least a 5-second
             gap between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 16 }

    isisAdjacencyChange NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId,
            isisAdjState
        }
        STATUS current
        DESCRIPTION
            "A notification sent when an adjacency changes
             state, entering or leaving state up.
             The first 6 bytes of the isisPduLspId are the
             SystemID of the adjacent IS.
             The isisAdjState is the new state of the adjacency."

    ::= { isisNotifications 17 }

    isisLSPErrorDetected NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisPduLspId,
            isisNotificationCircIfIndex,
            isisPduFragment,
            isisErrorOffset,
            isisErrorTLVType
        }
        STATUS current
        DESCRIPTION
            "This notification is generated when we receive
             an LSP with a parse error.  The isisCircIfIndex
             holds an index of the circuit on which the PDU
             arrived.  The isisPduFragment holds the start of the
             LSP, and the isisErrorOffset points to the problem.

             If the problem is a malformed TLV, isisErrorOffset
             points to the start of the TLV, and isisErrorTLVType

Top      Up      ToC       Page 83 
             holds the value of the type.

             If the problem is with the LSP header, isisErrorOffset
             points to the suspicious byte.

             The number of such LSPs is accumulated in
             isisSysStatLSPErrors."

    ::= { isisNotifications 18 }

-- Agent Conformance Definitions
-- We define the objects a conformant agent must define

isisCompliances OBJECT IDENTIFIER ::= { isisConformance 1 }
isisGroups      OBJECT IDENTIFIER ::= { isisConformance 2 }

-- compliance statements

    isisCompliance MODULE-COMPLIANCE
        STATUS current
        DESCRIPTION
            "The compliance statement for agents that support
             the IS-IS MIB.

             There are a number of INDEX objects that cannot be
             represented in the form of OBJECT clauses in SMIv2,
             but for which there are compliance requirements.
             Those requirements and similar requirements for
             related objects are expressed below, in
             pseudo-OBJECT clause form, in this description:

             -- OBJECT isisSummAddressType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4 Summary
             --    Addresses and anticipates the support of
             --    IPv6 addresses.
             --
             --
             -- OBJECT isisRedistributeAddrType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4
             --    Redistribution Addresses and anticipates
             --    the support of IPv6 addresses."
             --

Top      Up      ToC       Page 84 
             --
             -- OBJECT isisISAdjIPAddrType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4
             --    Adjacency Addresses and anticipates the
             --    support of IPv6 addresses.
        MODULE -- this module
            MANDATORY-GROUPS {
                    isisSystemGroup,
                    isisCircuitGroup,
                    isisISAdjGroup,
                    isisNotificationObjectGroup,
                    isisNotificationGroup
            }
    ::= { isisCompliances 1 }

    -- List of all groups, mandatory and optional
    isisAdvancedCompliance MODULE-COMPLIANCE
        STATUS current
        DESCRIPTION
            "The compliance statement for agents that fully
             support the IS-IS MIB.

             There are a number of INDEX objects that cannot be
             represented in the form of OBJECT clauses in SMIv2,
             but for which there are compliance requirements.
             Those requirements and similar requirements for
             related objects are expressed below, in
             pseudo-OBJECT clause form, in this description:

             -- OBJECT isisSummAddressType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4 Summary
             --    Addresses and anticipates the support of
             --    IPv6 addresses.
             --
             --
             -- OBJECT isisRedistributeAddrType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4
             --    Redistribution Addresses and anticipates
             --    the support of IPv6 addresses."

Top      Up      ToC       Page 85 
             --
             --
             -- OBJECT isisISAdjIPAddrType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4
             --    Adjacency Addresses and anticipates the
             --    support of IPv6 addresses.
             --
             --
             -- OBJECT isisIPRADestType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4 RA
             --    Addresses and anticipates the support of
             --    IPv6 addresses.
             --
             --
             -- OBJECT isisIPRANextHopType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4 NextHop
             --    Addresses and anticipates the support of
             --    IPv6 addresses.
        MODULE -- this module
            MANDATORY-GROUPS {
                    isisSystemGroup,
                    isisCircuitGroup,
                    isisISAdjGroup,
                    isisNotificationObjectGroup,
                    isisNotificationGroup,
                    isisISPDUCounterGroup,
                    isisRATableGroup,
                    isisISIPRADestGroup,
                    isisLSPGroup
            }
    ::= { isisCompliances 2 }

    isisReadOnlyCompliance MODULE-COMPLIANCE
       STATUS     current
       DESCRIPTION
               "When this MIB is implemented without support for
                read-create (i.e., in read-only mode), the
                implementation can claim read-only compliance.  Such
                a device can then be monitored but cannot be

Top      Up      ToC       Page 86 
                configured with this MIB."
       MODULE -- this module
            MANDATORY-GROUPS {
                    isisSystemGroup,
                    isisCircuitGroup,
                    isisISAdjGroup
            }

       OBJECT isisSysLevelType
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysID
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysMaxPathSplits
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysMaxLSPGenInt
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysPollESHelloRate
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysWaitTime
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysAdminState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysL2toL1Leaking
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

Top      Up      ToC       Page 87 
       OBJECT isisSysMaxAge
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisManAreaAddrExistState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelOrigLSPBuffSize
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelMinLSPGenInt
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelSetOverload
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelSetOverloadUntil
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelMetricStyle
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelSPFConsiders
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelTEEnabled
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysReceiveLSPBufferSize
       MIN-ACCESS read-only
       DESCRIPTION

Top      Up      ToC       Page 88 
            "Write access is not required."

       OBJECT isisSummAddrExistState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSummAddrMetric
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSummAddrFullMetric
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisRedistributeAddrExistState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircAdminState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircExistState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircType
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircExtDomain
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelType
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircPassiveCircuit

Top      Up      ToC       Page 89 
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircMeshGroupEnabled
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircMeshGroup
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircSmallHellos
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircExtendedCircID
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircIfIndex
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCirc3WayEnabled
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelMetric
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelWideMetric
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelISPriority
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

Top      Up      ToC       Page 90 
       OBJECT isisCircLevelHelloMultiplier
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelHelloTimer
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelDRHelloTimer
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelLSPThrottle
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelMinLSPRetransInt
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelCSNPInterval
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelPartSNPInterval
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

    ::= { isisCompliances 3 }

-- MIB Grouping

    isisSystemGroup OBJECT-GROUP
        OBJECTS {
            isisSysVersion,
            isisSysLevelType,
            isisSysID,
            isisSysMaxPathSplits,
            isisSysMaxLSPGenInt,
            isisSysPollESHelloRate,
            isisSysWaitTime,

Top      Up      ToC       Page 91 
            isisSysAdminState,
            isisSysL2toL1Leaking,
            isisSysMaxAge,
            isisSysProtSupported,
            isisSysNotificationEnable,
            isisManAreaAddrExistState,
            isisSysLevelOrigLSPBuffSize,
            isisSysLevelMinLSPGenInt,
            isisSysLevelState,
            isisSysLevelSetOverload,
            isisSysLevelSetOverloadUntil,
            isisSysLevelMetricStyle,
            isisSysLevelSPFConsiders,
            isisSysLevelTEEnabled,
            isisSysReceiveLSPBufferSize,
            isisSummAddrExistState,
            isisSummAddrMetric,
            isisAreaAddr,
            isisSummAddrFullMetric,
            isisRedistributeAddrExistState,
            isisRouterHostName,
            isisRouterID,
            isisSysStatCorrLSPs,
            isisSysStatLSPDbaseOloads,
            isisSysStatManAddrDropFromAreas,
            isisSysStatAttmptToExMaxSeqNums,
            isisSysStatSeqNumSkips,
            isisSysStatOwnLSPPurges,
            isisSysStatIDFieldLenMismatches,
            isisSysStatPartChanges,
            isisSysStatSPFRuns,
            isisSysStatAuthTypeFails,
            isisSysStatAuthFails,
            isisSysStatLSPErrors
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to manage an
             IS-IS router."
    ::= { isisGroups 1 }

    isisCircuitGroup OBJECT-GROUP
        OBJECTS {
            isisNextCircIndex,
            isisCircAdminState,
            isisCircExistState,
            isisCircType,
            isisCircExtDomain,

Top      Up      ToC       Page 92 
            isisCircLevelType,
            isisCircAdjChanges,
            isisCircNumAdj,
            isisCircInitFails,
            isisCircRejAdjs,
            isisCircIDFieldLenMismatches,
            isisCircMaxAreaAddrMismatches,
            isisCircAuthTypeFails,
            isisCircAuthFails,
            isisCircLANDesISChanges,
            isisCircPassiveCircuit,
            isisCircMeshGroupEnabled,
            isisCircMeshGroup,
            isisCircSmallHellos,
            isisCircLastUpTime,
            isisCirc3WayEnabled,
            isisCircExtendedCircID,
            isisCircIfIndex,
            isisCircLevelMetric,
            isisCircLevelWideMetric,
            isisCircLevelISPriority,
            isisCircLevelIDOctet,
            isisCircLevelID,
            isisCircLevelDesIS,
            isisCircLevelHelloMultiplier,
            isisCircLevelHelloTimer,
            isisCircLevelDRHelloTimer,
            isisCircLevelLSPThrottle,
            isisCircLevelMinLSPRetransInt,
            isisCircLevelCSNPInterval,
            isisCircLevelPartSNPInterval
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to describe an
             IS-IS Circuit."
    ::= { isisGroups 2 }

    isisISAdjGroup OBJECT-GROUP
        OBJECTS {
            isisISAdjState,
            isisISAdj3WayState,
            isisISAdjNeighSNPAAddress,
            isisISAdjNeighSysType,
            isisISAdjNeighSysID,
            isisISAdjNbrExtendedCircID,
            isisISAdjUsage,
            isisISAdjHoldTimer,

Top      Up      ToC       Page 93 
            isisISAdjNeighPriority,
            isisISAdjLastUpTime,
            isisISAdjAreaAddress,
            isisISAdjIPAddrType,
            isisISAdjIPAddrAddress,
            isisISAdjProtSuppProtocol
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to manage an
             IS-IS Adjacency."
    ::= { isisGroups 3 }

    isisNotificationObjectGroup OBJECT-GROUP
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId,
            isisPduFragment,
            isisPduFieldLen,
            isisPduMaxAreaAddress,
            isisPduProtocolVersion,
            isisPduLspSize,
            isisPduOriginatingBufferSize,
            isisPduBufferSize,
            isisPduProtocolsSupported,
            isisAdjState,
            isisErrorOffset,
            isisErrorTLVType,
            isisNotificationAreaAddress
        }
        STATUS current
        DESCRIPTION
            "The objects used to record notification parameters."
    ::= { isisGroups 4 }


    isisNotificationGroup        NOTIFICATION-GROUP
        NOTIFICATIONS {
            isisDatabaseOverload,
            isisManualAddressDrops,
            isisCorruptedLSPDetected,
            isisAttemptToExceedMaxSequence,
            isisIDLenMismatch,
            isisMaxAreaAddressesMismatch,
            isisOwnLSPPurge,
            isisSequenceNumberSkip,
            isisAuthenticationTypeFailure,

Top      Up      ToC       Page 94 
            isisAuthenticationFailure,
            isisVersionSkew,
            isisAreaMismatch,
            isisRejectedAdjacency,
            isisLSPTooLargeToPropagate,
            isisOrigLSPBuffSizeMismatch,
            isisProtocolsSupportedMismatch,
            isisAdjacencyChange,
            isisLSPErrorDetected
        }
        STATUS current
        DESCRIPTION
            "The collections of notifications sent by an IS."
    ::= { isisGroups 5 }


    isisISPDUCounterGroup OBJECT-GROUP
        OBJECTS {
            isisPacketCountIIHello,
            isisPacketCountISHello,
            isisPacketCountESHello,
            isisPacketCountLSP,
            isisPacketCountCSNP,
            isisPacketCountPSNP,
            isisPacketCountUnknown
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to count protocol PDUs."
    ::= { isisGroups 6 }


    isisRATableGroup OBJECT-GROUP
        OBJECTS {
            isisRAExistState,
            isisRAAdminState,
            isisRAAddrPrefix,
            isisRAMapType,
            isisRAMetric,
            isisRAMetricType,
            isisRASNPAAddress,
            isisRASNPAMask,
            isisRASNPAPrefix,
            isisRAType
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to manage the

Top      Up      ToC       Page 95 
             reachable NSAP prefixes."
    ::= { isisGroups 7 }


    isisISIPRADestGroup OBJECT-GROUP
        OBJECTS {
            isisIPRANextHopType,
            isisIPRANextHop,
            isisIPRAType,
            isisIPRAExistState,
            isisIPRAAdminState,
            isisIPRAMetric,
            isisIPRAFullMetric,
            isisIPRAMetricType,
            isisIPRASNPAAddress,
            isisIPRASourceType
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to manage configured
             IP addresses."
    ::= { isisGroups 8 }

    isisLSPGroup OBJECT-GROUP
        OBJECTS {
            isisLSPSeq,
            isisLSPZeroLife,
            isisLSPChecksum,
            isisLSPLifetimeRemain,
            isisLSPPDULength,
            isisLSPAttributes,
            isisLSPTLVSeq,
            isisLSPTLVChecksum,
            isisLSPTLVType,
            isisLSPTLVLen,
            isisLSPTLVValue
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to observe the LSP
             Database."
    ::= { isisGroups 9 }

END

Top      Up      ToC       Page 96 
5.  IANA Considerations

   The MIB module in this document uses the following IANA-assigned
   OBJECT IDENTIFIER values recorded in the SMI Numbers registry:

      Descriptor        OBJECT IDENTIFIER value
      ----------        -----------------------

      isisMIB           { mib-2 138 }

6.  Acknowledgements

   This MIB is based on a March 1994 document by Chris Gunner, who
   should be held blameless for the errors introduced since then.  This
   version has been modified to include MIB-II syntax, to exclude
   portions of the protocol that are not relevant to IP, such as the
   ES-IS protocol, and to add management support for current practice.

   We would like to thank the following individuals for constructive and
   valuable comments: Mike Bartlett, Neal Castagnoli, Ken Chapman, Joan
   Cucchiara, Satish Dattatri, Nagi Jonnala, Adrian Farrel, Shamik
   Ganguly, Les Ginsberg, Don Goodspeed, Jeff Gross, Jim Halpin, Jon
   Harrison, Dimitri Haskin, C. M. Heard, Peter Higginson, Christian
   Hopps, Laura Liu, Gavin McPherson, Kay Noguchi, Serge Maskalik, Z.
   Opalka, Jeff Pickering, Sundar Ramachandran, Swaminatha Ramalingam,
   Aravind Ravikumar, Juergen Schoenwaelder, Koen Vermeulen, Hans De
   Vleeschouwer, Bert Wijnen, and Bingzhang Zhao.

7.  Security Considerations

   Management information defined in this MIB may be considered
   sensitive in some network environments.

7.1.  Discussion

   This MIB may be used to manage an IP router, which is used to direct
   network traffic.  The control of network traffic allows an attacker
   to deny service to a region of the network or to forward traffic to
   adversaries.  By raising or lowering metrics, traffic may be directed
   to insecure portions of the network.  By disabling the protocol on an
   interface, the network may be partitioned.  Changes to the network
   topology will force all routers to recompute their routes.  Periodic
   route changes have brought down networks in the past by subjecting
   routers to stressful recomputations.

   There are a number of management objects defined in this MIB that
   have a MAX-ACCESS clause of read-write and/or read-create.  Such
   objects may be considered sensitive or vulnerable in some network

Top      Up      ToC       Page 97 
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on
   network operations.  Authentication of received SNMP requests and
   controlled access to management information should be employed in
   such environments.

   We identify a set of threats and then list attributes that can be
   used in each form of attack.  We discuss the effects that can be
   obtained by a single change to the variable in each class.

7.2.  Threats

      - Drop an Adjacency
      - Drop all Peers
      - Drop Subnetwork
      - Split the Network
      - Intermittent Outages
      - Redirect Traffic
      - Delay Convergence
      - Avoid Detection
      - Prevent Updates
      - Hijack LAN
      - Create Problems for CLNS Networks

7.2.1.  Drop an Adjacency

   By changing attributes that are used to peer, we can disrupt an
   adjacency and bring a link down.

      isisCirc3WayEnabled
      isisCircAdminState
      isisCircExistState
      isisCircLevelDRHelloTimer
      isisCircLevelHelloTimer
      isisCircLevelType
      isisCircSmallHellos

7.2.2.  Drop All Adjacencies

   These attributes can be used to break some or all of a router's
   adjacencies.  In the case of System ID, the adjacency may be
   restored.  However, it will subject the network to additional stress.

      isisSysLevelType
      isisManAreaAddrExistState
      isisSysAdminState
      isisSysID

Top      Up      ToC       Page 98 
7.2.3.  Drop Subnetwork

   This attribute can be used to stop advertisement of a subnetwork
   reachable through a single interface.

      isisCircPassiveCircuit

7.2.4.  Split the Network

   If the network design depends upon Wide Metrics or TE, we can use
   these attributes to prevent traffic from passing through a router.

      isisSysLevelMetricStyle
      isisSysLevelOrigLSPBuffSize
      isisSysLevelSPFConsiders
      isisSysLevelTEEnabled
      isisSysReceiveLSPBufferSize

7.2.5.  Intermittent Outages

   We can use these attributes to subject the network to a series of
   topology changes, or otherwise force extensive recomputations of
   routes.

      isisSysLevelMinLSPGenInt
      isisSysLevelSetOverload
      isisSysLevelSetOverloadUntil
      isisSysMaxAge
      isisSysMaxLSPGenInt
      isisSysL2toL1Leaking
      isisSysID

7.2.6.  Redirect Traffic

   By changing attributes such as metrics, we can push traffic to
   different parts of the network.  This may allow an intruder to
   observe data traffic from otherwise remote parts of the network.

   We may also use these attributes to deny service to parts of the
   network.

      isisSysMaxPathSplits
      isisCircLevelMetric
      isisCircLevelWideMetric
      isisIPRAAdminState
      isisIPRAExistState
      isisIPRAFullMetric
      isisIPRAMetric

Top      Up      ToC       Page 99 
      isisIPRAMetricType
      isisIPRANextHop
      isisIPRANextHopType
      isisIPRASNPAAddress
      isisIPRAType
      isisRedistributeAddrExistState
      isisSummAddrExistState
      isisSummAddrFullMetric
      isisSummAddrMetric
      isisSysL2toL1Leaking

7.2.7.  Delay Convergence

   These attributes can be used to slow convergence by increasing the
   minimal interval required to update a packet.

      isisCircLevelCSNPInterval
      isisCircLevelLSPThrottle
      isisCircLevelMinLSPRetransInt
      isisCircLevelPartSNPInterval
      isisSysWaitTime
      isisCircPassiveCircuit

7.2.8.  Avoid Detection

   By turning off traps, we can prevent a Network Management station
   from observing problems in the network caused by other aspects of an
   attack.

      isisSysNotificationEnable

7.2.9.  Prevent Updates

   Mesh Groups can be used to prevent the transmission of Link State
   PDUs on certain interfaces, delaying or preventing the propagation of
   updates.

      isisCircMeshGroup
      isisCircMeshGroupEnabled

7.2.10. Hijack LAN

   If we have compromised a router, we can use this attribute to become
   the designated router and lie about the topology of a LAN.

      isisCircLevelISPriority

Top      Up      ToC       Page 100 
7.2.11.  Create Problems for CLNS Networks

   This attribute can be used to modify the handling of CLNS traffic.

      isisRAAddrPrefix
      isisRAAdminState
      isisRAExistState
      isisRAMapType
      isisRAMetric
      isisRAMetricType
      isisRASNPAAddress
      isisRASNPAMask
      isisRASNPAPrefix
      isisRAType
      isisSysPollESHelloRate

7.2.12.  Mostly Harmless

   The following writable attributes do not pose a known security risk.

      isisCircExtDomain
      isisCircExtendedCircID
      isisCircIfIndex
      isisCircLevelHelloMultiplier
      isisCircType

7.2.13.  Recommendations

   Much of the MIB is used to set or read attributes which are readily
   visible to any intruder who has access to traffic.  None of the
   security attributes are setable or visible through the MIB.  Read
   access to the MIB does not pose additional risks or vulnerabilities.

   If write access is to be provided, it is RECOMMENDED that
   implementers consider the security features as provided by the SNMPv3
   framework (see [RFC3410], section 8), including full support for the
   SNMPv3 cryptographic mechanisms (for authentication and privacy).

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPSec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the objects
   in this MIB module.

   Deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED.
   Instead, it is RECOMMENDED to deploy SNMPv3 and to enable
   cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an

Top      Up      ToC       Page 101 
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.

8.  Normative References

   [ISO10589] ISO 10589, "Intermediate system to Intermediate system
              routeing information exchange protocol for use in
              conjunction with the Protocol for providing the
              Connectionless-mode Network Service (ISO 8473)," ISO/IEC
              10589:2002.

   [ISO10733] ISO 10733, "Information Processing Systems - Open Systems
              Interconnection - Specification of the elements of
              Management Information related to OSI Network layer
              Standards", September 1998.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC1195]  Callon, R., "Use of OSI IS-IS for routing in TCP/IP and
              dual environments", RFC 1195, December 1990.

   [RFC2863]  McCloghrie, K. and F. Kastenholz, "The Interfaces Group
              MIB", RFC 2863, June 2000.

   [RFC3289]  Baker, F., Chan, K., and A. Smith, "Management Information
              Base for the Differentiated Services Architecture", RFC
              3289, May 2002.

   [RFC3411]  Harrington, D., Presuhn, R., and B. Wijnen, "An
              Architecture for Describing Simple Network Management
              Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
              December 2002.

   [RFC2578]  McCloghrie, K., Perkins, D., and J. Schoenwaelder,
              "Structure of Management Information Version 2 (SMIv2)",
              STD 58, RFC 2578, April 1999.

   [RFC2579]  McCloghrie, K., Perkins, D., and J. Schoenwaelder,
              "Textual Conventions for SMIv2", STD 58, RFC 2579, April
              1999.

   [RFC2580]  McCloghrie, K., Perkins, D., and J. Schoenwaelder,
              "Conformance Statements for SMIv2", STD 58, RFC 2580,
              April 1999.

Top      Up      ToC       Page 102 
   [RFC4001]  Daniele, M., Haberman, B., Routhier, S., and J.
              Schoenwaelder, "Textual Conventions for Internet Network
              Addresses", RFC 4001, February 2005.

9.  Informative References

   [RFC2973]  Balay, R., Katz, D., and J. Parker, "IS-IS Mesh Groups",
              RFC 2973, October 2000.

   [RFC3373]  Katz, D. and R. Saluja, "Three-Way Handshake for
              Intermediate System to Intermediate System (IS-IS) Point-
              to-Point Adjacencies", RFC 3373, September 2002.

   [RFC3410]  Case, J., Mundy, R., Partain, D., and B. Stewart,
              "Introduction and Applicability Statements for Internet-
              Standard Management Framework", RFC 3410, December 2002.

Authors' Address

   Jeff Parker
   Department of Computer Science
   Middlebury College,
   Middlebury, Vermont 05753

   EMail: jeffp@middlebury.edu

Top      Up      ToC       Page 103 
Full Copyright Statement

   Copyright (C) The Internet Society (2006).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).