-- ============================================================================ -- Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved. -- -- Description: -- Reference: -- Version: V3.1 -- History: -- V1.0 created by yuhui. -- V2.0 2004-10-12 updated by gaolong -- Define MODULE-IDENTITY for h3cAcl -- Remove chinese characters -- Add limitation(0..65535) for some table index -- Fix a default value error of h3cAclAdvancedEstablish -- V2.1 2004-11-18 updated by yubo -- Add 'h3cAclIDSTable' for IDS -- V2.2 2004-12-13 -- Fix syntax bugs and adjust format of the whole file by jinyi -- Modify description of h3cAclAdvancedDscp by zhuangyu -- V2.3 2005-1-26 updated by WuZhao02557 -- Change MAX-ACCESS from read-create to not-accessible for the -- following MIB nodes: -- h3cAclNumGroupAclNum, h3cAclNameGroupIndex, h3cAclBasicAclNum, -- h3cAclBasicSubitem, h3cAclAdvancedAclNum, h3cAclAdvancedSubitem -- h3cAclIfAclNum, h3cAclIfSubitem, h3cAclLinkAclNum, h3cAclLinkSubitem -- h3cAclUserAclNum, h3cAclUserSubitem, h3cAclActiveAclIndex, -- h3cAclActiveIfIndex, h3cAclActiveVlanID, h3cAclActiveDirection -- Adjust format of whole file. -- 2005-01-27 updated by zhangyinxi -- 1. Add objects h3cAclLinkL2LabelRangeOp, h3cAclLinkL2LabelRangeBegin -- h3cAclLinkL2LabelRangeEnd and h3cAclLinkMplsExp in h3cAclLinkTable -- 2. Add an enumeration mpls(34887) to object h3cAclLinkProtocol -- 3. Expand the range of object h3cAclActiveVlanID to Integer32 -- V2.4 2005-2-24 -- Make the index of h3cAclIDSTable IMPLIED by fuzhenyu because IDS devices -- require fixed length index to be used. IDS devices only provide index -- with no sub-identifier indicating the length of the string. -- Modify enum name(value is 4) of h3cAclLinkFormatType to ieee802Dot3 by daishijun -- V2.5 2005-7-25 -- Add objects h3cAclMib2Mode, h3cAclVersion, h3cAclMib2ObjectsCapabilities, -- h3cAclIPAclNumGroupTable, h3cAclIPAclBasicTable, h3cAclIPAclAdvancedTable, -- h3cAclMACTable, h3cAclEnUserTable by tangshun. -- V2.6 2006-01-03 -- Add objects h3cAclIPAclBasicComment, h3cAclIPAclAdvancedComment, -- h3cAclMACComment, h3cAclEnUserComment by tangshun. -- V2.7 2006-03-09 updated by changhuifeng -- Add object h3cAclIPAclAdvancedReflective in h3cAclIPAclAdvancedTable. -- Modify the description of object h3cAclIPAclAdvancedFragmentFlag. -- Modify the description of object h3cAclMib2Version. -- Modify the description of object h3cAclLinkDestAny for text error. -- Modify the description of object h3cAclMib2CharacteristicsValue. -- V2.8 2006-07-06 updated by xialei -- Modify the description of h3cAclIPAclAdvancedIcmpType -- and h3cAclIPAclAdvancedIcmpCode. -- Change value range of h3cAclIPAclAdvancedIcmpCode. -- V2.9 2006-08-08 updated by chenzhaojie -- Add enumeration value to h3cAclActiveDirection. -- V3.0 2010-09-01 updated by zhaixiaoxiang -- Add h3cAclResourceUsageTable. -- V3.1 2012-02-06 updated by wangchenxiao -- Add h3cPacketfilterTrapObjects -- Add h3cPacketfilterTrap -- 2012-02-14 updated by mouxuanli -- Add h3cAclMib2ProcessingStatus of object h3cAclMib2NodesGroup -- Add h3cAclNumberGroupName of object h3cAclNumberGroupTable -- Add h3cAclIPAclBasicCounting of object h3cAclIPAclBasicTable -- Add h3cAclIPAclBasicRouteTypeAny of object h3cAclIPAclBasicTable -- Add h3cAclIPAclBasicRouteTypeValue of object h3cAclIPAclBasicTable -- Add h3cAclIPAclAdvancedCounting of object h3cAclIPAclAdvancedTable -- Add h3cAclIPAclAdvancedTCPFlagMask of object h3cAclIPAclAdvancedTable -- Add h3cAclIPAclAdvancedTCPFlagValue of object h3cAclIPAclAdvancedTable -- Add h3cAclIPAclAdvancedRouteTypeAny of object h3cAclIPAclAdvancedTable -- Add h3cAclIPAclAdvancedRouteTypeValue of object h3cAclIPAclAdvancedTable -- Add h3cAclIPAclAdvancedFlowLabel of object h3cAclIPAclAdvancedTable -- Add h3cAclMACLog of object h3cAclMACTable -- Add h3cAclMACCounting of object h3cAclMACTable -- Add h3cAclEnUserLog of object h3cAclEnUserTable -- Add h3cAclEnUserCounting of object h3cAclEnUserTable -- Modify the description of h3cAclResourceType -- Add h3cAclResourceTypeDescription of object h3cAclResourceUsageTable -- Add h3cAclPacketFilterObjects -- ============================================================================ A3COM-HUAWEI-ACL-MIB DEFINITIONS ::= BEGIN IMPORTS h3cCommon FROM A3COM-HUAWEI-OID-MIB IpAddress, Integer32, Counter32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE, Unsigned32, Counter64 FROM SNMPv2-SMI InetAddressType, InetAddress, InetAddressPrefixLength FROM INET-ADDRESS-MIB RowStatus, TruthValue, MacAddress, TEXTUAL-CONVENTION FROM SNMPv2-TC; -- -- Node definitions -- h3cAcl MODULE-IDENTITY LAST-UPDATED "200409211936Z" -- Sept 21, 2004 at 19:36 GMT ORGANIZATION "Hangzhou H3C Tech. Co., Ltd." CONTACT-INFO "Platform Team Hangzhou H3C Tech. Co., Ltd. Hai-Dian District Beijing P.R. China http://www.h3c.com Zip:100085" DESCRIPTION "ACL management information base for managing devices that support access control list and packet filtering. " ::= { h3cCommon 8 } -- Rule action value RuleAction ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The value of rule's action. permit: The packet matching the rule will be permitted to forward. deny: The packet matching the rule will be denied. " SYNTAX INTEGER { invalid(1), permit(2), deny(3) } -- CounterClear value CounterClear ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "cleared: Reset the value of the rule's counter. nouse: 'nouse' will be returned when getting. " SYNTAX INTEGER { cleared(1), nouse(2) } -- PortOp value PortOp ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The operation type of TCP and UDP. lt : Less than given port number. eq : Equal to given port number. gt : Greater than given port number. neq : Not equal to given port number. range : Between two port numbers. Default value is 'invalid'. " SYNTAX INTEGER { invalid(0), lt(1), eq(2), gt(3), neq(4), range(5) } -- DSCP value DSCPValue ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The value of DSCP. <0-63> Value of DSCP af11 Specify Assured Forwarding 11 service(10) af12 Specify Assured Forwarding 12 service(12) af13 Specify Assured Forwarding 13 service(14) af21 Specify Assured Forwarding 21 service(18) af22 Specify Assured Forwarding 22 service(20) af23 Specify Assured Forwarding 23 service(22) af31 Specify Assured Forwarding 31 service(26) af32 Specify Assured Forwarding 32 service(28) af33 Specify Assured Forwarding 33 service(30) af41 Specify Assured Forwarding 41 service(34) af42 Specify Assured Forwarding 42 service(36) af43 Specify Assured Forwarding 43 service(38) be Specify Best Effort service(0) cs1 Specify Class Selector 1 service(8) cs2 Specify Class Selector 2 service(16) cs3 Specify Class Selector 3 service(24) cs4 Specify Class Selector 4 service(32) cs5 Specify Class Selector 5 service(40) cs6 Specify Class Selector 6 service(48) cs7 Specify Class Selector 7 service(56) ef Specify Expedited Forwarding service(46) " SYNTAX Integer32 (0..63|255) -- TCP Flags TCPFlag ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Type of TCP. invalid(0) tcpack(1) TCP protocol ACK Packet tcpfin(2) TCP protocol PIN Packet tcppsh(3) TCP protocol PUSH Packet tcprst(4) TCP protocol RST Packet tcpsyn(5) TCP protocol SYN Packet tcpurg(6) TCP protocol URG Packet Default value is 'invalid'. " SYNTAX INTEGER { invalid(0), tcpack(1), tcpfin(2), tcppsh(3), tcprst(4), tcpsyn(5), tcpurg(6) } -- Fragment Flags FragmentFlag ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Type of fragment. invalid(0) fragment(1) Frag-Type Fragment fragmentSubseq(2) Frag-Type Fragment-subsequent nonFragment(3) Frag-Type non-Fragment nonSubseq(4) Frag-Type non-subsequent Default value is 'invalid'. " SYNTAX INTEGER { invalid(0), fragment(1), fragmentSubseq(2), nonFragment(3), nonSubseq(4) } -- Address Flags AddressFlag ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Address flag to select IPv6 Address. Default value is 'invalid'. t64SrcAddrPre64DestAddrPre(1): The mean of the enumeration 't64SrcAddrPre64DestAddrPre' is that system gets the 64 bits prefix of source address and the 64 bits prefix of destination address. t64SrcAddrPre64DestAddrSuf(2): The mean of the enumeration 't64SrcAddrPre64DestAddrSuf' is that system gets the 64 bits prefix of source address and the 64 bits suffix of destination address. t64SrcAddrSuf64DestAddrPre(3): The mean of the enumeration 't64SrcAddrSuf64DestAddrPre' is that system gets the 64 bits suffix of source address and the 64 bits prefix of destination address. t64SrcAddrSuf64DestAddrSuf(4): The mean of the enumeration 't64SrcAddrSuf64DestAddrSuf' is that system gets the 64 bits suffix of source address and the 64 bits suffix of destination address. t128SourceAddress(5): The mean of the enumeration 't128SourceAddress' is that system gets the 128 bits of source address. t128DestinationAddress(6): The mean of the enumeration 't128SourceAddress' is that system gets the 128 bits of destination address. " SYNTAX INTEGER { invalid(0), t64SrcAddrPre64DestAddrPre(1), t64SrcAddrPre64DestAddrSuf(2), t64SrcAddrSuf64DestAddrPre(3), t64SrcAddrSuf64DestAddrSuf(4), t128SourceAddress(5), t128DestinationAddress(6) } -- Direction type DirectionType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The direction: inbound or outbound." SYNTAX INTEGER { inbound(1), outbound(2) } -- -- nodes defined -- h3cAclMibObjects OBJECT IDENTIFIER ::= { h3cAcl 1 } h3cAclMode OBJECT-TYPE SYNTAX INTEGER { linkBased(1), ipBased(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Access-list mode." DEFVAL { ipBased } ::= { h3cAclMibObjects 1 } -- -- Node of h3cAclNumGroupTable -- h3cAclNumGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclNumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the match-order of number-acl group." ::= { h3cAclMibObjects 2 } h3cAclNumGroupEntry OBJECT-TYPE SYNTAX H3cAclNumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Define the index of h3cAclNumGroupTable." INDEX { h3cAclNumGroupAclNum } ::= { h3cAclNumGroupTable 1 } H3cAclNumGroupEntry ::= SEQUENCE { h3cAclNumGroupAclNum Integer32, h3cAclNumGroupMatchOrder INTEGER, h3cAclNumGroupSubitemNum Integer32, h3cAclNumGroupDescription OCTET STRING, h3cAclNumGroupCountClear INTEGER, h3cAclNumGroupRowStatus RowStatus } h3cAclNumGroupAclNum OBJECT-TYPE SYNTAX Integer32 (1000..5999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of number-acl group Interface type:1000..1999 Basic type:2000..2999 Advance type:3000..3999 Link type:4000..4999 User type:5000..5999" ::= { h3cAclNumGroupEntry 1 } h3cAclNumGroupMatchOrder OBJECT-TYPE SYNTAX INTEGER { config(1), auto(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The match-order of number-acl group." DEFVAL { config } ::= { h3cAclNumGroupEntry 2 } h3cAclNumGroupSubitemNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of number-acl group's node." ::= { h3cAclNumGroupEntry 3 } h3cAclNumGroupDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..127)) MAX-ACCESS read-write STATUS current DESCRIPTION "The description of this acl group." ::= { h3cAclNumGroupEntry 4 } h3cAclNumGroupCountClear OBJECT-TYPE SYNTAX INTEGER { cleared(1), nouse(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Reset the value of rules' counter, which belong to this group." ::= { h3cAclNumGroupEntry 5 } h3cAclNumGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, now support three state: CreateAndGo, Active, Destroy." ::= { h3cAclNumGroupEntry 6 } -- -- Node of h3cAclNameGroupTable -- h3cAclNameGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclNameGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Create acl-group that identified by name." ::= { h3cAclMibObjects 3 } h3cAclNameGroupEntry OBJECT-TYPE SYNTAX H3cAclNameGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Define the index of h3cAclNameGroupTable." INDEX { h3cAclNameGroupIndex } ::= { h3cAclNameGroupTable 1 } H3cAclNameGroupEntry ::= SEQUENCE { h3cAclNameGroupIndex Integer32, h3cAclNameGroupCreateName OCTET STRING, h3cAclNameGroupTypes INTEGER, h3cAclNameGroupMatchOrder INTEGER, h3cAclNameGroupSubitemNum Integer32, h3cAclNameGroupRowStatus RowStatus } h3cAclNameGroupIndex OBJECT-TYPE SYNTAX Integer32 (10000..12999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of name-acl group." ::= { h3cAclNameGroupEntry 1 } h3cAclNameGroupCreateName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of name-acl group." ::= { h3cAclNameGroupEntry 2 } h3cAclNameGroupTypes OBJECT-TYPE SYNTAX INTEGER { basic(1), advanced(2), ifBased(3), link(4), user(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The type of name-acl group." ::= { h3cAclNameGroupEntry 3 } h3cAclNameGroupMatchOrder OBJECT-TYPE SYNTAX INTEGER { config(1), auto(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The match-order of name-acl group." DEFVAL { config } ::= { h3cAclNameGroupEntry 4 } h3cAclNameGroupSubitemNum OBJECT-TYPE SYNTAX Integer32 (0..128) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of name-acl group's node." ::= { h3cAclNameGroupEntry 5 } h3cAclNameGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, now support three state: CreateAndGo, Active, Destroy." ::= { h3cAclNameGroupEntry 6 } -- -- h3cAclBasicRuleTable -- h3cAclBasicRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclBasicRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for basic acl group." ::= { h3cAclMibObjects 4 } h3cAclBasicRuleEntry OBJECT-TYPE SYNTAX H3cAclBasicRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Define the index of h3cAclBasicRuleTable." INDEX { h3cAclBasicAclNum, h3cAclBasicSubitem } ::= { h3cAclBasicRuleTable 1 } H3cAclBasicRuleEntry ::= SEQUENCE { h3cAclBasicAclNum Integer32, h3cAclBasicSubitem Integer32, h3cAclBasicAct INTEGER, h3cAclBasicSrcIp IpAddress, h3cAclBasicSrcWild IpAddress, h3cAclBasicTimeRangeName OCTET STRING, h3cAclBasicFragments TruthValue, h3cAclBasicLog TruthValue, h3cAclBasicEnable TruthValue, h3cAclBasicCount Counter32, h3cAclBasicCountClear INTEGER, h3cAclBasicRowStatus RowStatus } h3cAclBasicAclNum OBJECT-TYPE SYNTAX Integer32 (0|2000..2999|10000..12999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of basic acl group." ::= { h3cAclBasicRuleEntry 1 } h3cAclBasicSubitem OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The subindex of basic acl group." ::= { h3cAclBasicRuleEntry 2 } h3cAclBasicAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action of basic acl rule." ::= { h3cAclBasicRuleEntry 3 } h3cAclBasicSrcIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP-address of basic acl rule." ::= { h3cAclBasicRuleEntry 4 } h3cAclBasicSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP-address wild of basic acl rule." ::= { h3cAclBasicRuleEntry 5 } h3cAclBasicTimeRangeName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Time-range of basic acl rule." ::= { h3cAclBasicRuleEntry 6 } h3cAclBasicFragments OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching fragmented packet." ::= { h3cAclBasicRuleEntry 7 } h3cAclBasicLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of log." ::= { h3cAclBasicRuleEntry 8 } h3cAclBasicEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The rule is active or not. true : active false : inactive " ::= { h3cAclBasicRuleEntry 9 } h3cAclBasicCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of matched by basic rule." ::= { h3cAclBasicRuleEntry 10 } h3cAclBasicCountClear OBJECT-TYPE SYNTAX INTEGER { cleared(1), nouse(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Reset the value of counter." ::= { h3cAclBasicRuleEntry 11 } h3cAclBasicRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, now support three state: CreateAndGo, Active, Destroy." ::= { h3cAclBasicRuleEntry 12 } -- -- h3cAclAdvancedRuleTable -- h3cAclAdvancedRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclAdvancedRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for advanced acl group." ::= { h3cAclMibObjects 5 } h3cAclAdvancedRuleEntry OBJECT-TYPE SYNTAX H3cAclAdvancedRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Define the index of h3cAclAdvancedRuleTable." INDEX { h3cAclAdvancedAclNum, h3cAclAdvancedSubitem } ::= { h3cAclAdvancedRuleTable 1 } H3cAclAdvancedRuleEntry ::= SEQUENCE { h3cAclAdvancedAclNum Integer32, h3cAclAdvancedSubitem Integer32, h3cAclAdvancedAct INTEGER, h3cAclAdvancedProtocol Integer32, h3cAclAdvancedSrcIp IpAddress, h3cAclAdvancedSrcWild IpAddress, h3cAclAdvancedSrcOp INTEGER, h3cAclAdvancedSrcPort1 Integer32, h3cAclAdvancedSrcPort2 Integer32, h3cAclAdvancedDestIp IpAddress, h3cAclAdvancedDestWild IpAddress, h3cAclAdvancedDestOp INTEGER, h3cAclAdvancedDestPort1 Integer32, h3cAclAdvancedDestPort2 Integer32, h3cAclAdvancedPrecedence Integer32, h3cAclAdvancedTos Integer32, h3cAclAdvancedDscp Integer32, h3cAclAdvancedEstablish TruthValue, h3cAclAdvancedTimeRangeName OCTET STRING, h3cAclAdvancedIcmpType Integer32, h3cAclAdvancedIcmpCode Integer32, h3cAclAdvancedFragments TruthValue, h3cAclAdvancedLog TruthValue, h3cAclAdvancedEnable TruthValue, h3cAclAdvancedCount Counter32, h3cAclAdvancedCountClear INTEGER, h3cAclAdvancedRowStatus RowStatus } h3cAclAdvancedAclNum OBJECT-TYPE SYNTAX Integer32 (0|3000..3999|10000..12999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of advanced acl group." ::= { h3cAclAdvancedRuleEntry 1 } h3cAclAdvancedSubitem OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The subindex of advanced acl group." ::= { h3cAclAdvancedRuleEntry 2 } h3cAclAdvancedAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action of Advance acl rule." ::= { h3cAclAdvancedRuleEntry 3 } h3cAclAdvancedProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The protocol-type of advanced acl group. <1-255> Protocol number gre GRE tunneling(47) icmp Internet Control Message Protocol(1) igmp Internet Group Management Protocol(2) ip Any IP protocol ipinip IP in IP tunneling(4) ospf OSPF routing protocol(89) tcp Transmission Control Protocol (6) udp User Datagram Protocol (17)" ::= { h3cAclAdvancedRuleEntry 4 } h3cAclAdvancedSrcIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP-address of advanced acl group." ::= { h3cAclAdvancedRuleEntry 5 } h3cAclAdvancedSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP-address wild of advanced acl group." ::= { h3cAclAdvancedRuleEntry 6 } h3cAclAdvancedSrcOp OBJECT-TYPE SYNTAX INTEGER { invalid(0), lt(1), eq(2), gt(3), neq(4), range(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The source IP-address's operator of advanced acl group." ::= { h3cAclAdvancedRuleEntry 7 } h3cAclAdvancedSrcPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer source port1." ::= { h3cAclAdvancedRuleEntry 8 } h3cAclAdvancedSrcPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer source port2." ::= { h3cAclAdvancedRuleEntry 9 } h3cAclAdvancedDestIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IP-address of advanced acl group." ::= { h3cAclAdvancedRuleEntry 10 } h3cAclAdvancedDestWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IP-address wild of advanced acl group." ::= { h3cAclAdvancedRuleEntry 11 } h3cAclAdvancedDestOp OBJECT-TYPE SYNTAX INTEGER { invalid(0), lt(1), eq(2), gt(3), neq(4), range(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The destination IP-address's operator of advanced acl group." ::= { h3cAclAdvancedRuleEntry 12 } h3cAclAdvancedDestPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer destination port1." ::= { h3cAclAdvancedRuleEntry 13 } h3cAclAdvancedDestPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer destination port2." ::= { h3cAclAdvancedRuleEntry 14 } h3cAclAdvancedPrecedence OBJECT-TYPE SYNTAX Integer32 (0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of IP-packet's precedence. <0-7> Value of precedence routine Specify routine precedence(0) priority Specify priority precedence(1) immediate Specify immediate precedence(2) flash Specify flash precedence(3) flash-override Specify flash-override precedence(4) critical Specify critical precedence(5) internet Specify internetwork control precedence(6) network Specify network control precedence(7) " ::= { h3cAclAdvancedRuleEntry 15 } h3cAclAdvancedTos OBJECT-TYPE SYNTAX Integer32 (0..15|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of IP-packet's TOS. <0-15> Value of TOS(type of service) max-reliability Match packets with max reliable TOS(2) max-throughput Match packets with max throughput TOS(4) min-delay Match packets with min delay TOS(8) min-monetary-cost Match packets with min monetary cost TOS(1) normal Match packets with normal TOS(0) " ::= { h3cAclAdvancedRuleEntry 16 } h3cAclAdvancedDscp OBJECT-TYPE SYNTAX Integer32 (0..63|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of DSCP. <0-63> Value of DSCP af11 Specify Assured Forwarding 11 service(10) af12 Specify Assured Forwarding 12 service(12) af13 Specify Assured Forwarding 13 service(14) af21 Specify Assured Forwarding 21 service(18) af22 Specify Assured Forwarding 22 service(20) af23 Specify Assured Forwarding 23 service(22) af31 Specify Assured Forwarding 31 service(26) af32 Specify Assured Forwarding 32 service(28) af33 Specify Assured Forwarding 33 service(30) af41 Specify Assured Forwarding 41 service(34) af42 Specify Assured Forwarding 42 service(36) af43 Specify Assured Forwarding 43 service(38) be Specify Best Effort service(0) cs1 Specify Class Selector 1 service(8) cs2 Specify Class Selector 2 service(16) cs3 Specify Class Selector 3 service(24) cs4 Specify Class Selector 4 service(32) cs5 Specify Class Selector 5 service(40) cs6 Specify Class Selector 6 service(48) cs7 Specify Class Selector 7 service(56) ef Specify Expedited Forwarding service(46)" ::= { h3cAclAdvancedRuleEntry 17 } h3cAclAdvancedEstablish OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Establish flag." DEFVAL { false } ::= { h3cAclAdvancedRuleEntry 18 } h3cAclAdvancedTimeRangeName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Time-range of advanced acl rule." ::= { h3cAclAdvancedRuleEntry 19 } h3cAclAdvancedIcmpType OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The type of ICMP packet. Integer32 ICMP type echo Type=8, Code=0 echo-reply Type=0, Code=0 fragmentneed-DFset Type=3, Code=4 host-redirect Type=5, Code=1 host-tos-redirect Type=5, Code=3 host-unreachable Type=3, Code=1 information-reply Type=16, Code=0 information-request Type=15, Code=0 net-redirect Type=5, Code=0 net-tos-redirect Type=5, Code=2 net-unreachable Type=3, Code=0 parameter-problem Type=12, Code=0 port-unreachable Type=3, Code=3 protocol-unreachable Type=3, Code=2 reassembly-timeout Type=11, Code=1 source-quench Type=4, Code=0 source-route-failed Type=3, Code=5 timestamp-reply Type=14, Code=0 timestamp-request Type=13, Code=0 ttl-exceeded Type=11, Code=0 " ::= { h3cAclAdvancedRuleEntry 20 } h3cAclAdvancedIcmpCode OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The code of ICMP packet." ::= { h3cAclAdvancedRuleEntry 21 } h3cAclAdvancedFragments OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching fragmented packet." ::= { h3cAclAdvancedRuleEntry 22 } h3cAclAdvancedLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of log." ::= { h3cAclAdvancedRuleEntry 23 } h3cAclAdvancedEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The rule is active or not. true : active false : inactive " ::= { h3cAclAdvancedRuleEntry 24 } h3cAclAdvancedCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of matched by advanced rule." ::= { h3cAclAdvancedRuleEntry 25 } h3cAclAdvancedCountClear OBJECT-TYPE SYNTAX INTEGER { cleared(1), nouse(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Reset the value of counter." ::= { h3cAclAdvancedRuleEntry 26 } h3cAclAdvancedRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, now support three state: CreateAndGo, Active, Destroy." ::= { h3cAclAdvancedRuleEntry 27 } -- -- h3cAclIfRuleTable -- h3cAclIfRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclIfRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for interface-based acl group." ::= { h3cAclMibObjects 6 } h3cAclIfRuleEntry OBJECT-TYPE SYNTAX H3cAclIfRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Define the index of h3cAclIfRuleTable." INDEX { h3cAclIfAclNum, h3cAclIfSubitem } ::= { h3cAclIfRuleTable 1 } H3cAclIfRuleEntry ::= SEQUENCE { h3cAclIfAclNum Integer32, h3cAclIfSubitem Integer32, h3cAclIfAct INTEGER, h3cAclIfIndex Integer32, h3cAclIfAny TruthValue, h3cAclIfTimeRangeName OCTET STRING, h3cAclIfLog TruthValue, h3cAclIfEnable TruthValue, h3cAclIfCount Counter32, h3cAclIfCountClear INTEGER, h3cAclIfRowStatus RowStatus } h3cAclIfAclNum OBJECT-TYPE SYNTAX Integer32 (0|1000..1999|10000..12999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of interface-based acl group." ::= { h3cAclIfRuleEntry 1 } h3cAclIfSubitem OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The subindex of interface-based acl group." ::= { h3cAclIfRuleEntry 2 } h3cAclIfAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action of interface-based acl group." ::= { h3cAclIfRuleEntry 3 } h3cAclIfIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "The index of interface." ::= { h3cAclIfRuleEntry 4 } h3cAclIfAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching any interface." ::= { h3cAclIfRuleEntry 5 } h3cAclIfTimeRangeName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Time-range of interface-based acl rule." ::= { h3cAclIfRuleEntry 6 } h3cAclIfLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of log." ::= { h3cAclIfRuleEntry 7 } h3cAclIfEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The rule is active or not. true : active false : inactive " ::= { h3cAclIfRuleEntry 8 } h3cAclIfCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of matched by basic rule." ::= { h3cAclIfRuleEntry 9 } h3cAclIfCountClear OBJECT-TYPE SYNTAX INTEGER { cleared(1), nouse(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Reset the value of the rule's counter." ::= { h3cAclIfRuleEntry 10 } h3cAclIfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, now support three state: CreateAndGo, Active, Destroy." ::= { h3cAclIfRuleEntry 11 } -- -- h3cAclLinkTable -- h3cAclLinkTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclLinkEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Create link acl." ::= { h3cAclMibObjects 7 } h3cAclLinkEntry OBJECT-TYPE SYNTAX H3cAclLinkEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of the link acl table." INDEX { h3cAclLinkAclNum, h3cAclLinkSubitem } ::= { h3cAclLinkTable 1 } H3cAclLinkEntry ::= SEQUENCE { h3cAclLinkAclNum Integer32, h3cAclLinkSubitem Integer32, h3cAclLinkAct INTEGER, h3cAclLinkProtocol INTEGER, h3cAclLinkFormatType INTEGER, h3cAclLinkVlanTag INTEGER, h3cAclLinkVlanPri Integer32, h3cAclLinkSrcVlanId Integer32, h3cAclLinkSrcMac MacAddress, h3cAclLinkSrcMacWild MacAddress, h3cAclLinkSrcIfIndex Integer32, h3cAclLinkSrcAny TruthValue, h3cAclLinkDestVlanId Integer32, h3cAclLinkDestMac MacAddress, h3cAclLinkDestMacWild MacAddress, h3cAclLinkDestIfIndex Integer32, h3cAclLinkDestAny TruthValue, h3cAclLinkTimeRangeName OCTET STRING, h3cAclLinkEnable TruthValue, h3cAclLinkRowStatus RowStatus, h3cAclLinkTypeCode OCTET STRING, h3cAclLinkTypeMask OCTET STRING, h3cAclLinkLsapCode OCTET STRING, h3cAclLinkLsapMask OCTET STRING, h3cAclLinkL2LabelRangeOp INTEGER, h3cAclLinkL2LabelRangeBegin Integer32, h3cAclLinkL2LabelRangeEnd Integer32, h3cAclLinkMplsExp Integer32 } h3cAclLinkAclNum OBJECT-TYPE SYNTAX Integer32 (0|4000..4999|10000..12999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of link-based acl group." ::= { h3cAclLinkEntry 1 } h3cAclLinkSubitem OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The subindex of link-based acl group." ::= { h3cAclLinkEntry 2 } h3cAclLinkAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action of link-based acl group." ::= { h3cAclLinkEntry 3 } h3cAclLinkProtocol OBJECT-TYPE SYNTAX INTEGER { invalid(0), ip(2048), arp(2054), rarp(32821), pppoeControl(34915), pppoeData(34916), mpls(34887) } MAX-ACCESS read-create STATUS current DESCRIPTION "The layer 2 protocol-type of link acl rule." DEFVAL { invalid } ::= { h3cAclLinkEntry 4 } h3cAclLinkFormatType OBJECT-TYPE SYNTAX INTEGER { invalid(0), ethernetII(1), snap(2), ieee802Dot3And2(3), ieee802Dot3(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Format type of link acl rule." ::= { h3cAclLinkEntry 5 } h3cAclLinkVlanTag OBJECT-TYPE SYNTAX INTEGER { invalid(0), tagged(1), untagged(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of vlan tag of link acl rule." ::= { h3cAclLinkEntry 6 } h3cAclLinkVlanPri OBJECT-TYPE SYNTAX Integer32 (0..7 | 255) MAX-ACCESS read-create STATUS current DESCRIPTION "Vlan priority of link acl rule." ::= { h3cAclLinkEntry 7 } h3cAclLinkSrcVlanId OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Source vlan ID of link acl rule." ::= { h3cAclLinkEntry 8 } h3cAclLinkSrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source mac of link acl rule." ::= { h3cAclLinkEntry 9 } h3cAclLinkSrcMacWild OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source mac wildzard of link acl rule." ::= { h3cAclLinkEntry 10 } h3cAclLinkSrcIfIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "Source IfIndex of link acl rule." ::= { h3cAclLinkEntry 11 } h3cAclLinkSrcAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching any source." ::= { h3cAclLinkEntry 12 } h3cAclLinkDestVlanId OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Destination vlan ID of link acl rule." ::= { h3cAclLinkEntry 13 } h3cAclLinkDestMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination mac of link acl rule." ::= { h3cAclLinkEntry 14 } h3cAclLinkDestMacWild OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination mac wildzard of link acl rule." ::= { h3cAclLinkEntry 15 } h3cAclLinkDestIfIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IfIndex of link acl rule." ::= { h3cAclLinkEntry 16 } h3cAclLinkDestAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching any destination." ::= { h3cAclLinkEntry 17 } h3cAclLinkTimeRangeName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Time-range of link-based acl rule." ::= { h3cAclLinkEntry 18 } h3cAclLinkEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The rule is active or not. true : active false : inactive " ::= { h3cAclLinkEntry 19 } h3cAclLinkRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, now support three state: CreateAndGo, Active, Destroy." ::= { h3cAclLinkEntry 20 } h3cAclLinkTypeCode OBJECT-TYPE SYNTAX OCTET STRING ( SIZE(0..32) ) MAX-ACCESS read-create STATUS current DESCRIPTION "The type of layer 2 protocol.0x0000...0xffff." ::= { h3cAclLinkEntry 21 } h3cAclLinkTypeMask OBJECT-TYPE SYNTAX OCTET STRING ( SIZE(0..32) ) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask of layer 2 protocol.0x0000...0xffff." ::= { h3cAclLinkEntry 22 } h3cAclLinkLsapCode OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The type of LSAP.0x0000...0xffff." ::= { h3cAclLinkEntry 23 } h3cAclLinkLsapMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask of LSAP.0x0000...0xffff." ::= { h3cAclLinkEntry 24 } h3cAclLinkL2LabelRangeOp OBJECT-TYPE SYNTAX INTEGER { invalid(0), lt(1), eq(2), gt(3), neq(4), range(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "Operation symbol of the MPLS label. If the symbol is range(5), the objects h3cAclLinkL2LabelRangeBegin and h3cAclLinkL2LabelRangeEnd should have different values indicating a range. Otherwise, only h3cAclLinkL2LabelRangeBegin counts, object h3cAclLinkL2LabelRangeEnd is ignored. invalid(0) -- unavailable lt(1) -- less than eq(2) -- equal gt(3) -- great than neq(4) -- not equal range(5) -- a range with two ends included " ::= { h3cAclLinkEntry 25 } h3cAclLinkL2LabelRangeBegin OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The beginning of VPLS VC label." ::= { h3cAclLinkEntry 26 } h3cAclLinkL2LabelRangeEnd OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The end of VPLS VC label." ::= { h3cAclLinkEntry 27 } h3cAclLinkMplsExp OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The value of MPLS-packet's Exp." ::= { h3cAclLinkEntry 28 } -- -- h3cAclUserTable -- h3cAclUserTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Create user acl." ::= { h3cAclMibObjects 8 } h3cAclUserEntry OBJECT-TYPE SYNTAX H3cAclUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of user acl table." INDEX { h3cAclUserAclNum, h3cAclUserSubitem } ::= { h3cAclUserTable 1 } H3cAclUserEntry ::= SEQUENCE { h3cAclUserAclNum Integer32, h3cAclUserSubitem Integer32, h3cAclUserAct INTEGER, h3cAclUserFormatType INTEGER, h3cAclUserVlanTag INTEGER, h3cAclUserRuleStr OCTET STRING, h3cAclUserRuleMask OCTET STRING, h3cAclUserTimeRangeName OCTET STRING, h3cAclUserEnable TruthValue, h3cAclUserRowStatus RowStatus } h3cAclUserAclNum OBJECT-TYPE SYNTAX Integer32 (0|5000..5999|10000..12999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The number of the user acl." ::= { h3cAclUserEntry 1 } h3cAclUserSubitem OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The subitem of the user acl." ::= { h3cAclUserEntry 2 } h3cAclUserAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action of the user acl." ::= { h3cAclUserEntry 3 } h3cAclUserFormatType OBJECT-TYPE SYNTAX INTEGER { invalid(0), ethernetII(1), snap(2), ieee802Dot2And3(3), ieee802Dot4(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Format type." DEFVAL { invalid } ::= { h3cAclUserEntry 4 } h3cAclUserVlanTag OBJECT-TYPE SYNTAX INTEGER { tagged(1), untagged(2), invalid(0) } MAX-ACCESS read-create STATUS current DESCRIPTION "Vlan tag exits or not." DEFVAL { invalid } ::= { h3cAclUserEntry 5 } h3cAclUserRuleStr OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..80)) MAX-ACCESS read-create STATUS current DESCRIPTION "Rule string." ::= { h3cAclUserEntry 6 } h3cAclUserRuleMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..80)) MAX-ACCESS read-create STATUS current DESCRIPTION "Rule mask." ::= { h3cAclUserEntry 7 } h3cAclUserTimeRangeName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Time-range of the user defined acl." ::= { h3cAclUserEntry 8 } h3cAclUserEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The rule is active or not. true : active false : inactive " ::= { h3cAclUserEntry 9 } h3cAclUserRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, now support three state: CreateAndGo, Active, Destroy." ::= { h3cAclUserEntry 10 } -- -- h3cAclActiveTable -- h3cAclActiveTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclActiveEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Active acl." ::= { h3cAclMibObjects 9 } h3cAclActiveEntry OBJECT-TYPE SYNTAX H3cAclActiveEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of active acl table." INDEX { h3cAclActiveAclIndex, h3cAclActiveIfIndex, h3cAclActiveVlanID, h3cAclActiveDirection } ::= { h3cAclActiveTable 1 } H3cAclActiveEntry ::= SEQUENCE { h3cAclActiveAclIndex Integer32, h3cAclActiveIfIndex Integer32, h3cAclActiveVlanID Integer32, h3cAclActiveDirection INTEGER, h3cAclActiveUserAclNum Integer32, h3cAclActiveUserAclSubitem Integer32, h3cAclActiveIpAclNum Integer32, h3cAclActiveIpAclSubitem Integer32, h3cAclActiveLinkAclNum Integer32, h3cAclActiveLinkAclSubitem Integer32, h3cAclActiveRuntime TruthValue, h3cAclActiveRowStatus RowStatus } h3cAclActiveAclIndex OBJECT-TYPE SYNTAX Integer32 (0|1..5999|10000..12999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Acl index." ::= { h3cAclActiveEntry 1 } h3cAclActiveIfIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "IfIndex." ::= { h3cAclActiveEntry 2 } h3cAclActiveVlanID OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The lower 16 bits is Vlan ID, the higher 16 bits, if not zero, it describes the slot ID of the L3plus board. " ::= { h3cAclActiveEntry 3 } h3cAclActiveDirection OBJECT-TYPE SYNTAX INTEGER { input(1), output(2), both(3), invalid(0) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Direction." ::= { h3cAclActiveEntry 4 } h3cAclActiveUserAclNum OBJECT-TYPE SYNTAX Integer32 (0|5000..5999|10000..12999) MAX-ACCESS read-create STATUS current DESCRIPTION "The number of the user acl." ::= { h3cAclActiveEntry 5 } h3cAclActiveUserAclSubitem OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The subitem of the user acl." ::= { h3cAclActiveEntry 6 } h3cAclActiveIpAclNum OBJECT-TYPE SYNTAX Integer32 (0|2000..3999|10000..12999) MAX-ACCESS read-create STATUS current DESCRIPTION "The number of the IP acl." ::= { h3cAclActiveEntry 7 } h3cAclActiveIpAclSubitem OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The subitem of the IP acl." ::= { h3cAclActiveEntry 8 } h3cAclActiveLinkAclNum OBJECT-TYPE SYNTAX Integer32 (0|4000..4999|10000..12999) MAX-ACCESS read-create STATUS current DESCRIPTION "The num of the link acl." ::= { h3cAclActiveEntry 9 } h3cAclActiveLinkAclSubitem OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The subitem of the link acl." ::= { h3cAclActiveEntry 10 } h3cAclActiveRuntime OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Is run or not." ::= { h3cAclActiveEntry 11 } h3cAclActiveRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, now support three state: CreateAndGo, Active, Destroy." ::= { h3cAclActiveEntry 12 } -- -- h3cAclIDSTable -- h3cAclIDSTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclIDSEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Configure the rule for IDS." ::= { h3cAclMibObjects 10 } h3cAclIDSEntry OBJECT-TYPE SYNTAX H3cAclIDSEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry of acl ids table." INDEX { IMPLIED h3cAclIDSName} ::= { h3cAclIDSTable 1 } H3cAclIDSEntry ::= SEQUENCE { h3cAclIDSName OCTET STRING, h3cAclIDSSrcMac MacAddress, h3cAclIDSDestMac MacAddress, h3cAclIDSSrcIp IpAddress, h3cAclIDSSrcWild IpAddress, h3cAclIDSDestIp IpAddress, h3cAclIDSDestWild IpAddress, h3cAclIDSSrcPort Integer32, h3cAclIDSDestPort Integer32, h3cAclIDSProtocol Integer32, h3cAclIDSDenyTime Unsigned32, h3cAclIDSAct INTEGER, h3cAclIDSRowStatus RowStatus } h3cAclIDSName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name index of the IDS table." ::= { h3cAclIDSEntry 1 } h3cAclIDSSrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source mac of IDS acl rule." ::= { h3cAclIDSEntry 2 } h3cAclIDSDestMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination mac of IDS acl rule." ::= { h3cAclIDSEntry 3 } h3cAclIDSSrcIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP-address of IDS acl rule." ::= { h3cAclIDSEntry 4 } h3cAclIDSSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IP-address wild of IDS acl rule." ::= { h3cAclIDSEntry 5 } h3cAclIDSDestIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IP-address of IDS acl rule." ::= { h3cAclIDSEntry 6 } h3cAclIDSDestWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IP-address wild of IDS acl rule." ::= { h3cAclIDSEntry 7 } h3cAclIDSSrcPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer source port." ::= { h3cAclIDSEntry 8 } h3cAclIDSDestPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer destination port." ::= { h3cAclIDSEntry 9 } h3cAclIDSProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The protocol-type of advanced acl group. <1-255> Protocol number gre GRE tunneling(47) icmp Internet Control Message Protocol(1) igmp Internet Group Management Protocol(2) ip Any IP protocol ipinip IP in IP tunneling(4) ospf OSPF routing protocol(89) tcp Transmission Control Protocol (6) udp User Datagram Protocol (17) " ::= { h3cAclIDSEntry 10 } h3cAclIDSDenyTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum number of seconds which deny for this acl rule." DEFVAL { 0 } ::= { h3cAclIDSEntry 11 } h3cAclIDSAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action of IDS acl rule." ::= { h3cAclIDSEntry 12 } h3cAclIDSRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus, now supports three states: CreateAndGo, Active, and Destroy." ::= { h3cAclIDSEntry 13 } -- -- Nodes of h3cAclMib2Objects -- h3cAclMib2Objects OBJECT IDENTIFIER ::= { h3cAcl 2 } -- -- Nodes of h3cAclMib2GlobalGroup -- h3cAclMib2GlobalGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 1 } h3cAclMib2NodesGroup OBJECT IDENTIFIER ::= { h3cAclMib2GlobalGroup 1 } h3cAclMib2Mode OBJECT-TYPE SYNTAX INTEGER { linkBased(1), ipBased(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The applying mode of ACL." ::= { h3cAclMib2NodesGroup 1 } h3cAclMib2Version OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The version of this file. The output value has the format of 'xx'or 'xxx'. For example: 10 means 1.0; 125 means 12.5. " ::= { h3cAclMib2NodesGroup 2 } h3cAclMib2ObjectsCapabilities OBJECT-TYPE SYNTAX BITS { h3cAclMib2Mode(0), h3cAclVersion(1), h3cAclMib2ObjectsCapabilities(2), h3cAclMib2CapabilityTable(3), h3cAclNumberGroupTable(4), h3cAclIPAclBasicTable(5), h3cAclIPAclAdvancedTable(6), h3cAclMACTable(7), h3cAclEnUserTable(8), h3cAclMib2ProcessingStatus(9) } MAX-ACCESS read-only STATUS current DESCRIPTION "The objects of h3cAclMib2Objects." ::= { h3cAclMib2NodesGroup 3 } h3cAclMib2ProcessingStatus OBJECT-TYPE SYNTAX INTEGER { processing(1), done(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The processing status of ACL operation." ::= { h3cAclMib2NodesGroup 4 } h3cAclMib2CapabilityTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclMib2CapabilityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The capability of mib2." ::= { h3cAclMib2GlobalGroup 2 } h3cAclMib2CapabilityEntry OBJECT-TYPE SYNTAX H3cAclMib2CapabilityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information of Capability of mib2." INDEX { h3cAclMib2EntityType, h3cAclMib2EntityIndex, h3cAclMib2ModuleIndex, h3cAclMib2CharacteristicsIndex } ::= { h3cAclMib2CapabilityTable 1 } H3cAclMib2CapabilityEntry ::= SEQUENCE { h3cAclMib2EntityType INTEGER, h3cAclMib2EntityIndex Integer32, h3cAclMib2ModuleIndex INTEGER, h3cAclMib2CharacteristicsIndex Integer32, h3cAclMib2CharacteristicsDesc OCTET STRING, h3cAclMib2CharacteristicsValue Unsigned32 } h3cAclMib2EntityType OBJECT-TYPE SYNTAX INTEGER { system(1), interface(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of entity . system: The entity is systemic level. interface: The entity is interface level. " ::= { h3cAclMib2CapabilityEntry 1 } h3cAclMib2EntityIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of entity. If h3cAclMib2EntityType is system, the value of this object is 0. If h3cAclMib2EntityType is interface, the value of this object is equal to 'ifIndex'. " ::= { h3cAclMib2CapabilityEntry 2 } h3cAclMib2ModuleIndex OBJECT-TYPE SYNTAX INTEGER { layer3(1), layer2(2), userDefined(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The module index of ACL." ::= { h3cAclMib2CapabilityEntry 3 } h3cAclMib2CharacteristicsIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The characteristics index of mib2. See DESCRIPTION of h3cAclMib2CharacteristicsValue to get detail information about the value of this object. " ::= { h3cAclMib2CapabilityEntry 4 } h3cAclMib2CharacteristicsDesc OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The description of characteristics." ::= { h3cAclMib2CapabilityEntry 5 } h3cAclMib2CharacteristicsValue OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of capability of this object. TypeOfRuleStringValue : notSupport(0) and the length of RuleString. TypeOfCodeValue : OnlyOneNotSupport(0), MoreThanOneNotSupport(1) If h3cAclMib2CharacteristicsValue is 'moreThanOneNotSupport', h3cAclMib2CharacteristicsDesc must be used to depict which protocols are not supported. The output value of h3cAclMib2CharacteristicsDesc has the format of 'a,b'. For example, 'ip,rarp'. layer3 Module: Index Characteristics value 1 SourceIPAddress notSupport(0) 2 DestinationIPAddress notSupport(0) 3 SourcePort notSupport(0) 4 DestinationPort notSupport(0) 5 IPPrecedence notSupport(0) 6 TOS notSupport(0) 7 DSCP notSupport(0) 8 TCPFlag notSupport(0) 9 FragmentFlag notSupport(0) 10 Log notSupport(0) 11 RuleMatchCounter notSupport(0) 12 ResetRuleMatchCounter notSupport(0) 13 VPN notSupport(0) 15 protocol notSupport(0) 16 AddressFlag notSupport(0) layer2 Module: Index Characteristics value 1 ProtocolType TypeOfCodeValue 2 SourceMAC notSupport(0) 3 DestinationMAC notSupport(0) 4 LSAPType TypeOfCodeValue 5 CoS notSupport(0) UserDefined Module: Index Characteristics value 1 UserDefaultOffset TypeOfRuleStringValue 2 UserL2RuleOffset TypeOfRuleStringValue 3 UserMplsOffset TypeOfRuleStringValue 4 UserIPv4Offset TypeOfRuleStringValue 5 UserIPv6Offset TypeOfRuleStringValue 6 UserL4Offset TypeOfRuleStringValue 7 UserL5Offset TypeOfRuleStringValue " ::= { h3cAclMib2CapabilityEntry 6 } -- -- Nodes of number group -- h3cAclNumberGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclNumberGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of the number acl group information." ::= { h3cAclMib2GlobalGroup 3 } h3cAclNumberGroupEntry OBJECT-TYPE SYNTAX H3cAclNumberGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Number acl group information entry." INDEX { h3cAclNumberGroupType, h3cAclNumberGroupIndex } ::= { h3cAclNumberGroupTable 1 } H3cAclNumberGroupEntry ::= SEQUENCE { h3cAclNumberGroupType INTEGER, h3cAclNumberGroupIndex Integer32, h3cAclNumberGroupRowStatus RowStatus, h3cAclNumberGroupMatchOrder INTEGER, h3cAclNumberGroupStep Integer32, h3cAclNumberGroupDescription OCTET STRING, h3cAclNumberGroupCountClear CounterClear, h3cAclNumberGroupRuleCounter Counter32, h3cAclNumberGroupName OCTET STRING } h3cAclNumberGroupType OBJECT-TYPE SYNTAX INTEGER { ipv4(1), ipv6(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of number group. Basic ACL and Advanced ACL support ipv4 and ipv6. The range of Basic ACL is from 2000 to 2999. The range of Advanced ACL is from 3000 to 3999. Simple ACL supports ipv6 only. The range of Simple ACL is from 10000 to 42767. MAC ACL and User ACL support ipv4 only. The range of MAC ACL is from 4000 to 4999. The range of User ACL is from 5000 to 5999. " DEFVAL { ipv4 } ::= { h3cAclNumberGroupEntry 1 } h3cAclNumberGroupIndex OBJECT-TYPE SYNTAX Integer32 (2000..5999|10000..42767) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The group index of number acl. Basic type:2000..2999 Advanced type:3000..3999 MAC type:4000..4999 User type:5000..5999 Simple type:10000..42767 " ::= { h3cAclNumberGroupEntry 2 } h3cAclNumberGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus." ::= { h3cAclNumberGroupEntry 3 } h3cAclNumberGroupMatchOrder OBJECT-TYPE SYNTAX INTEGER { config(1), auto(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The match-order of number acl group." DEFVAL { config } ::= { h3cAclNumberGroupEntry 4 } h3cAclNumberGroupStep OBJECT-TYPE SYNTAX Integer32 (1..20) MAX-ACCESS read-create STATUS current DESCRIPTION "The step of rule index." DEFVAL { 5 } ::= { h3cAclNumberGroupEntry 5 } h3cAclNumberGroupDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "Description of this acl group." ::= { h3cAclNumberGroupEntry 6 } h3cAclNumberGroupCountClear OBJECT-TYPE SYNTAX CounterClear MAX-ACCESS read-write STATUS current DESCRIPTION "Reset the value of counters of this group." DEFVAL { nouse } ::= { h3cAclNumberGroupEntry 7 } h3cAclNumberGroupRuleCounter OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The rule count of number acl group." ::= { h3cAclNumberGroupEntry 8 } h3cAclNumberGroupName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..63)) MAX-ACCESS read-create STATUS current DESCRIPTION "Name of this acl group." ::= { h3cAclNumberGroupEntry 9 } -- -- Node of h3cAclIPv6Group -- h3cAclIPAclGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 2 } -- -- Nodes of h3cAclIPAclBasicTable -- h3cAclIPAclBasicTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclIPAclBasicEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of basic rule group. If some objects of this table are not supported by some products, these objects can't be created, changed and applied. Default value of these objects will be returned when they are read. " ::= { h3cAclIPAclGroup 2 } h3cAclIPAclBasicEntry OBJECT-TYPE SYNTAX H3cAclIPAclBasicEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Basic rule group information." INDEX { h3cAclNumberGroupType, h3cAclNumberGroupIndex, h3cAclIPAclBasicRuleIndex } ::= { h3cAclIPAclBasicTable 1 } H3cAclIPAclBasicEntry ::= SEQUENCE { h3cAclIPAclBasicRuleIndex Integer32, h3cAclIPAclBasicRowStatus RowStatus, h3cAclIPAclBasicAct RuleAction, h3cAclIPAclBasicSrcAddrType InetAddressType, h3cAclIPAclBasicSrcAddr InetAddress, h3cAclIPAclBasicSrcPrefix InetAddressPrefixLength, h3cAclIPAclBasicSrcAny TruthValue, h3cAclIPAclBasicSrcWild IpAddress, h3cAclIPAclBasicTimeRangeName OCTET STRING, h3cAclIPAclBasicFragmentFlag FragmentFlag, h3cAclIPAclBasicLog TruthValue, h3cAclIPAclBasicCount Unsigned32, h3cAclIPAclBasicCountClear CounterClear, h3cAclIPAclBasicEnable TruthValue, h3cAclIPAclBasicVpnInstanceName OCTET STRING, h3cAclIPAclBasicComment OCTET STRING, h3cAclIPAclBasicCounting TruthValue, h3cAclIPAclBasicRouteTypeAny TruthValue, h3cAclIPAclBasicRouteTypeValue Integer32 } h3cAclIPAclBasicRuleIndex OBJECT-TYPE SYNTAX Integer32 (0..65534) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The rule index of basic acl group." ::= { h3cAclIPAclBasicEntry 1 } h3cAclIPAclBasicRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus." ::= { h3cAclIPAclBasicEntry 2 } h3cAclIPAclBasicAct OBJECT-TYPE SYNTAX RuleAction MAX-ACCESS read-create STATUS current DESCRIPTION "The action of basic acl rule." ::= { h3cAclIPAclBasicEntry 3 } h3cAclIPAclBasicSrcAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The IP addresses type of IP pool." ::= { h3cAclIPAclBasicEntry 4 } h3cAclIPAclBasicSrcAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of a local IP address is available for this association. The type of this address is determined by the value of h3cAclIPAclBasicSrcAddrType. " ::= { h3cAclIPAclBasicEntry 5 } h3cAclIPAclBasicSrcPrefix OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the length of a generic Internet network address prefix. A value of n corresponds to an IP address mask which has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0. " ::= { h3cAclIPAclBasicEntry 6 } h3cAclIPAclBasicSrcAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching any IP address." ::= { h3cAclIPAclBasicEntry 7 } h3cAclIPAclBasicSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IPv4 address wild. Only IPv4 Basic Rule support this object. Default value is '0.0.0.0'. " ::= { h3cAclIPAclBasicEntry 8 } h3cAclIPAclBasicTimeRangeName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Time-range of basic acl rule. Default value is null. " ::= { h3cAclIPAclBasicEntry 9 } h3cAclIPAclBasicFragmentFlag OBJECT-TYPE SYNTAX FragmentFlag MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching fragmented packets." ::= { h3cAclIPAclBasicEntry 10 } h3cAclIPAclBasicLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The packet will be logged when it matches the rule." ::= { h3cAclIPAclBasicEntry 11 } h3cAclIPAclBasicCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of matched by the rule." ::= { h3cAclIPAclBasicEntry 12 } h3cAclIPAclBasicCountClear OBJECT-TYPE SYNTAX CounterClear MAX-ACCESS read-write STATUS current DESCRIPTION "Reset the value of counter." ::= { h3cAclIPAclBasicEntry 13 } h3cAclIPAclBasicEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The rule is active or not. true : active false : inactive " ::= { h3cAclIPAclBasicEntry 14 } h3cAclIPAclBasicVpnInstanceName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The VPN name, which the rule will be applied. Default value is null. " ::= { h3cAclIPAclBasicEntry 15 } h3cAclIPAclBasicComment OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The description of ACL rule. Default value is Zero-length String. " ::= { h3cAclIPAclBasicEntry 16 } h3cAclIPAclBasicCounting OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The packet will be counted when it matches the rule. It is disabled by default. " DEFVAL { false } ::= { h3cAclIPAclBasicEntry 17 } h3cAclIPAclBasicRouteTypeAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching any type of routing header of IPv6 packet. " DEFVAL { false } ::= { h3cAclIPAclBasicEntry 18 } h3cAclIPAclBasicRouteTypeValue OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Match specify type of routing header of IPv6 packet." DEFVAL { 65535 } ::= { h3cAclIPAclBasicEntry 19 } -- -- Notes of h3cAclIPAclAdvancedTable -- h3cAclIPAclAdvancedTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclIPAclAdvancedEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of advanced and simple acl group. If some objects of this table are not supported by some products, these objects can't be created, changed and applied. Default value of these objects will be returned when they are read. " ::= { h3cAclIPAclGroup 3 } h3cAclIPAclAdvancedEntry OBJECT-TYPE SYNTAX H3cAclIPAclAdvancedEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Advanced acl group information." INDEX { h3cAclNumberGroupType, h3cAclNumberGroupIndex, h3cAclIPAclAdvancedRuleIndex } ::= { h3cAclIPAclAdvancedTable 1 } H3cAclIPAclAdvancedEntry ::= SEQUENCE { h3cAclIPAclAdvancedRuleIndex Integer32, h3cAclIPAclAdvancedRowStatus RowStatus, h3cAclIPAclAdvancedAct RuleAction, h3cAclIPAclAdvancedProtocol Integer32, h3cAclIPAclAdvancedAddrFlag AddressFlag, h3cAclIPAclAdvancedSrcAddrType InetAddressType, h3cAclIPAclAdvancedSrcAddr InetAddress, h3cAclIPAclAdvancedSrcPrefix InetAddressPrefixLength, h3cAclIPAclAdvancedSrcAny TruthValue, h3cAclIPAclAdvancedSrcWild IpAddress, h3cAclIPAclAdvancedSrcOp PortOp, h3cAclIPAclAdvancedSrcPort1 Integer32, h3cAclIPAclAdvancedSrcPort2 Integer32, h3cAclIPAclAdvancedDestAddrType InetAddressType, h3cAclIPAclAdvancedDestAddr InetAddress, h3cAclIPAclAdvancedDestPrefix InetAddressPrefixLength, h3cAclIPAclAdvancedDestAny TruthValue, h3cAclIPAclAdvancedDestWild IpAddress, h3cAclIPAclAdvancedDestOp PortOp, h3cAclIPAclAdvancedDestPort1 Integer32, h3cAclIPAclAdvancedDestPort2 Integer32, h3cAclIPAclAdvancedIcmpType Integer32, h3cAclIPAclAdvancedIcmpCode Integer32, h3cAclIPAclAdvancedPrecedence Integer32, h3cAclIPAclAdvancedTos Integer32, h3cAclIPAclAdvancedDscp DSCPValue, h3cAclIPAclAdvancedTimeRangeName OCTET STRING, h3cAclIPAclAdvancedTCPFlag TCPFlag, h3cAclIPAclAdvancedFragmentFlag FragmentFlag, h3cAclIPAclAdvancedLog TruthValue, h3cAclIPAclAdvancedCount Unsigned32, h3cAclIPAclAdvancedCountClear CounterClear, h3cAclIPAclAdvancedEnable TruthValue, h3cAclIPAclAdvancedVpnInstanceName OCTET STRING, h3cAclIPAclAdvancedComment OCTET STRING, h3cAclIPAclAdvancedReflective TruthValue, h3cAclIPAclAdvancedCounting TruthValue, h3cAclIPAclAdvancedTCPFlagMask BITS, h3cAclIPAclAdvancedTCPFlagValue BITS, h3cAclIPAclAdvancedRouteTypeAny TruthValue, h3cAclIPAclAdvancedRouteTypeValue Integer32, h3cAclIPAclAdvancedFlowLabel Unsigned32 } h3cAclIPAclAdvancedRuleIndex OBJECT-TYPE SYNTAX Integer32 (0..65534) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The rule index of advanced acl group. As a Simple ACL group, the value of this object must be 0. As an Advanced ACL group, the value of this object is ranging from 0 to 65534. " ::= { h3cAclIPAclAdvancedEntry 1 } h3cAclIPAclAdvancedRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus." ::= { h3cAclIPAclAdvancedEntry 2 } h3cAclIPAclAdvancedAct OBJECT-TYPE SYNTAX RuleAction MAX-ACCESS read-create STATUS current DESCRIPTION "The action of advanced acl rule." ::= { h3cAclIPAclAdvancedEntry 3 } h3cAclIPAclAdvancedProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The protocol-type of advanced acl group. <1-255> Protocol number gre GRE tunneling(47) icmp Internet Control Message Protocol(1) icmpv6 Internet Control Message Protocol6(58) igmp Internet Group Management Protocol(2) ip Any IPv4 protocol ipv6 Any IPv6 protocol ipinip IP in IP tunneling(4) ospf OSPF routing protocol(89) tcp Transmission Control Protocol (6) udp User Datagram Protocol (17) ipv6-ah IPv6 Authentication Header(51) ipv6-esp IPv6 Encapsulating Security Payload(50) " ::= { h3cAclIPAclAdvancedEntry 4 } h3cAclIPAclAdvancedAddrFlag OBJECT-TYPE SYNTAX AddressFlag MAX-ACCESS read-create STATUS current DESCRIPTION "Address flag to select address." DEFVAL { invalid } ::= { h3cAclIPAclAdvancedEntry 5 } h3cAclIPAclAdvancedSrcAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The IP addresses type of IP pool." ::= { h3cAclIPAclAdvancedEntry 6 } h3cAclIPAclAdvancedSrcAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of a local IP address available for this association. The type of this address is determined by the value of h3cAclIPAclAdvancedSrcAddrType. " ::= { h3cAclIPAclAdvancedEntry 7 } h3cAclIPAclAdvancedSrcPrefix OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the length of a generic Internet network address prefix. A value of n corresponds to an IP address mask which has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0. " ::= { h3cAclIPAclAdvancedEntry 8 } h3cAclIPAclAdvancedSrcAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching any IP address." DEFVAL { false } ::= { h3cAclIPAclAdvancedEntry 9 } h3cAclIPAclAdvancedSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source IPv4 address wild. Only IPv4 Advanced Rule supports this object. Default value is '0.0.0.0'. " ::= { h3cAclIPAclAdvancedEntry 10 } h3cAclIPAclAdvancedSrcOp OBJECT-TYPE SYNTAX PortOp MAX-ACCESS read-create STATUS current DESCRIPTION "Source port operation symbol of advanced acl group." ::= { h3cAclIPAclAdvancedEntry 11 } h3cAclIPAclAdvancedSrcPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer source port1." DEFVAL { 0 } ::= { h3cAclIPAclAdvancedEntry 12 } h3cAclIPAclAdvancedSrcPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer source port2." DEFVAL { 65535 } ::= { h3cAclIPAclAdvancedEntry 13 } h3cAclIPAclAdvancedDestAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The IP addresses type of IP pool." ::= { h3cAclIPAclAdvancedEntry 14 } h3cAclIPAclAdvancedDestAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The value of a local IP address available for this association. The type of this address is determined by the value of h3cAclIPAclAdvancedDestAddrType. " ::= { h3cAclIPAclAdvancedEntry 15 } h3cAclIPAclAdvancedDestPrefix OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the length of a generic Internet network address prefix. A value of n corresponds to an IP address mask which has n contiguous 1-bits from the most significant bit (MSB) and all other bits set to 0. " ::= { h3cAclIPAclAdvancedEntry 16 } h3cAclIPAclAdvancedDestAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching any IP address." DEFVAL { false } ::= { h3cAclIPAclAdvancedEntry 17 } h3cAclIPAclAdvancedDestWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IPv4 address wild. Only IPv4 Advanced Rule supports this object. Default value is '0.0.0.0'. " ::= { h3cAclIPAclAdvancedEntry 18 } h3cAclIPAclAdvancedDestOp OBJECT-TYPE SYNTAX PortOp MAX-ACCESS read-create STATUS current DESCRIPTION "Destination port operation symbol of advanced acl group." ::= { h3cAclIPAclAdvancedEntry 19 } h3cAclIPAclAdvancedDestPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer destination port1." DEFVAL { 0 } ::= { h3cAclIPAclAdvancedEntry 20 } h3cAclIPAclAdvancedDestPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The fourth layer destination port2." DEFVAL { 65535 } ::= { h3cAclIPAclAdvancedEntry 21 } h3cAclIPAclAdvancedIcmpType OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The type of ICMP packet." DEFVAL { 65535 } ::= { h3cAclIPAclAdvancedEntry 22 } h3cAclIPAclAdvancedIcmpCode OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The code of ICMP packet." DEFVAL { 65535 } ::= { h3cAclIPAclAdvancedEntry 23 } h3cAclIPAclAdvancedPrecedence OBJECT-TYPE SYNTAX Integer32 (0..7|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of IP-packet's precedence. <0-7> Value of precedence routine Specify routine precedence(0) priority Specify priority precedence(1) immediate Specify immediate precedence(2) flash Specify flash precedence(3) flash-override Specify flash-override precedence(4) critical Specify critical precedence(5) internet Specify internetwork control precedence(6) network Specify network control precedence(7) " DEFVAL { 255 } ::= { h3cAclIPAclAdvancedEntry 24 } h3cAclIPAclAdvancedTos OBJECT-TYPE SYNTAX Integer32 (0..15|255) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of IP-packet's TOS. <0-15> Value of TOS(type of service) max-reliability Match packets with max reliable TOS(2) max-throughput Match packets with max throughput TOS(4) min-delay Match packets with min delay TOS(8) min-monetary-cost Match packets with min monetary cost TOS(1) normal Match packets with normal TOS(0) " DEFVAL { 255 } ::= { h3cAclIPAclAdvancedEntry 25 } h3cAclIPAclAdvancedDscp OBJECT-TYPE SYNTAX DSCPValue MAX-ACCESS read-create STATUS current DESCRIPTION "The value of DSCP of IP packet." DEFVAL { 255 } ::= { h3cAclIPAclAdvancedEntry 26 } h3cAclIPAclAdvancedTimeRangeName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Time-range of advanced acl rule. Default value is null. " ::= { h3cAclIPAclAdvancedEntry 27 } h3cAclIPAclAdvancedTCPFlag OBJECT-TYPE SYNTAX TCPFlag MAX-ACCESS read-create STATUS current DESCRIPTION "The packet type of TCP protocol." DEFVAL { invalid } ::= { h3cAclIPAclAdvancedEntry 28 } h3cAclIPAclAdvancedFragmentFlag OBJECT-TYPE SYNTAX FragmentFlag MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching fragmented packet, and now support two value: 0 or 2 ." DEFVAL { invalid } ::= { h3cAclIPAclAdvancedEntry 29 } h3cAclIPAclAdvancedLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Log matched packets." DEFVAL { false } ::= { h3cAclIPAclAdvancedEntry 30 } h3cAclIPAclAdvancedCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of matched by the rule." ::= { h3cAclIPAclAdvancedEntry 31 } h3cAclIPAclAdvancedCountClear OBJECT-TYPE SYNTAX CounterClear MAX-ACCESS read-write STATUS current DESCRIPTION "Reset the value of counter." DEFVAL { nouse } ::= { h3cAclIPAclAdvancedEntry 32 } h3cAclIPAclAdvancedEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The rule is active or not. true : active false : inactive " DEFVAL { false } ::= { h3cAclIPAclAdvancedEntry 33 } h3cAclIPAclAdvancedVpnInstanceName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The VPN name that the rule will be applied. Default value is null. " ::= { h3cAclIPAclAdvancedEntry 34 } h3cAclIPAclAdvancedComment OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The description of ACL rule. Default value is Zero-length String. " ::= { h3cAclIPAclAdvancedEntry 35 } h3cAclIPAclAdvancedReflective OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of reflective." ::= { h3cAclIPAclAdvancedEntry 36 } h3cAclIPAclAdvancedCounting OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The packet will be counted when it matches the rule. It is disabled by default. " DEFVAL { false } ::= { h3cAclIPAclAdvancedEntry 37 } h3cAclIPAclAdvancedTCPFlagMask OBJECT-TYPE SYNTAX BITS { tcpack(0), tcpfin(1), tcppsh(2), tcprst(3), tcpsyn(4), tcpurg(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The TCP Flag Mask. This is a bit-map of possible conditions. The various bit positions are: |0 |tcpack | |1 |tcpfin | |2 |tcppsh | |3 |tcprst | |4 |tcpsyn | |5 |tcpurg | " DEFVAL { { } } ::= { h3cAclIPAclAdvancedEntry 38 } h3cAclIPAclAdvancedTCPFlagValue OBJECT-TYPE SYNTAX BITS { tcpack(0), tcpfin(1), tcppsh(2), tcprst(3), tcpsyn(4), tcpurg(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The TCP Flag Value. This is a bit-map of possible conditions. The various bit positions are: |0 |tcpack | |1 |tcpfin | |2 |tcppsh | |3 |tcprst | |4 |tcpsyn | |5 |tcpurg | " DEFVAL { { } } ::= { h3cAclIPAclAdvancedEntry 39 } h3cAclIPAclAdvancedRouteTypeAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The flag of matching any type of routing header of IPv6 packet. " DEFVAL { false } ::= { h3cAclIPAclAdvancedEntry 40 } h3cAclIPAclAdvancedRouteTypeValue OBJECT-TYPE SYNTAX Integer32 (0..255|65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The type of routing header of IPv6 packet." DEFVAL { 65535 } ::= { h3cAclIPAclAdvancedEntry 41 } h3cAclIPAclAdvancedFlowLabel OBJECT-TYPE SYNTAX Unsigned32 (0..1048575|4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of flow label of IPv6 packet header." DEFVAL { 4294967295 } ::= { h3cAclIPAclAdvancedEntry 42 } -- -- Node of h3cAclMACAclGroup -- h3cAclMACAclGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 3 } -- -- Nodes of h3cAclMACTable -- h3cAclMACTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclMACEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of MAC acl group. If some objects of this table are not supported by some products, these objects can't be created, changed and applied. Default value of these objects will be returned when they are read. " ::= { h3cAclMACAclGroup 1 } h3cAclMACEntry OBJECT-TYPE SYNTAX H3cAclMACEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "MAC acl group information." INDEX { h3cAclNumberGroupType, h3cAclNumberGroupIndex, h3cAclMACRuleIndex } ::= { h3cAclMACTable 1 } H3cAclMACEntry ::= SEQUENCE { h3cAclMACRuleIndex Integer32, h3cAclMACRowStatus RowStatus, h3cAclMACAct RuleAction, h3cAclMACTypeCode OCTET STRING, h3cAclMACTypeMask OCTET STRING, h3cAclMACSrcMac MacAddress, h3cAclMACSrcMacWild MacAddress, h3cAclMACDestMac MacAddress, h3cAclMACDestMacWild MacAddress, h3cAclMACLsapCode OCTET STRING, h3cAclMACLsapMask OCTET STRING, h3cAclMACCos Integer32, h3cAclMACTimeRangeName OCTET STRING, h3cAclMACCount Unsigned32, h3cAclMACCountClear CounterClear, h3cAclMACEnable TruthValue, h3cAclMACComment OCTET STRING, h3cAclMACLog TruthValue, h3cAclMACCounting TruthValue } h3cAclMACRuleIndex OBJECT-TYPE SYNTAX Integer32 (0..65534) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The rule index of MAC-based acl group." ::= { h3cAclMACEntry 1 } h3cAclMACRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus." ::= { h3cAclMACEntry 2 } h3cAclMACAct OBJECT-TYPE SYNTAX RuleAction MAX-ACCESS read-create STATUS current DESCRIPTION "The action of MAC acl rule." ::= { h3cAclMACEntry 3 } h3cAclMACTypeCode OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The type of protocol." REFERENCE "rfc894, rfc1010." ::= { h3cAclMACEntry 4 } h3cAclMACTypeMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask of protocol." ::= { h3cAclMACEntry 5 } h3cAclMACSrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source MAC of MAC acl rule. Default value is '00:00:00:00:00:00'. " ::= { h3cAclMACEntry 6 } h3cAclMACSrcMacWild OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Source MAC wildzard of MAC acl rule. Default value is '00:00:00:00:00:00'. " ::= { h3cAclMACEntry 7 } h3cAclMACDestMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination MAC of MAC acl rule. Default value is '00:00:00:00:00:00'. " ::= { h3cAclMACEntry 8 } h3cAclMACDestMacWild OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Destination MAC wildzard of MAC acl rule. Default value is '00:00:00:00:00:00' " ::= { h3cAclMACEntry 9 } h3cAclMACLsapCode OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The type of LSAP." REFERENCE "ANSI/IEEE Std 802.3" ::= { h3cAclMACEntry 10 } h3cAclMACLsapMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask of LSAP." ::= { h3cAclMACEntry 11 } h3cAclMACCos OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "Vlan priority of MAC acl rule." ::= { h3cAclMACEntry 12 } h3cAclMACTimeRangeName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Time-range of MAC acl rule. Default value is null. " ::= { h3cAclMACEntry 13 } h3cAclMACCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of matched frame by the rule." ::= { h3cAclMACEntry 14 } h3cAclMACCountClear OBJECT-TYPE SYNTAX CounterClear MAX-ACCESS read-write STATUS current DESCRIPTION "Reset the value of counter." ::= { h3cAclMACEntry 15 } h3cAclMACEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The rule is active or not. true : active false : inactive " DEFVAL { false } ::= { h3cAclMACEntry 16 } h3cAclMACComment OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The description of ACL rule. Default value is Zero-length String. " ::= { h3cAclMACEntry 17 } h3cAclMACLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The packet will be logged when it matches the rule. It is disabled by default. " DEFVAL { false } ::= { h3cAclMACEntry 18 } h3cAclMACCounting OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The packet will be counted when it matches the rule. It is disabled by default. " DEFVAL { false } ::= { h3cAclMACEntry 19 } -- -- Node of h3cAclEnUserGroup -- h3cAclEnUserAclGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 4 } -- -- Nodes of h3cAclEnUserTable -- h3cAclEnUserTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclEnUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of user acl group information. If some objects of this table are not supported by some products, these objects can't be created, changed and applied. Default value of these objects will be returned when they are read. " ::= { h3cAclEnUserAclGroup 3 } h3cAclEnUserEntry OBJECT-TYPE SYNTAX H3cAclEnUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "User defined acl group entry." INDEX { h3cAclNumberGroupType, h3cAclNumberGroupIndex, h3cAclEnUserRuleIndex } ::= { h3cAclEnUserTable 1 } H3cAclEnUserEntry ::= SEQUENCE { h3cAclEnUserRuleIndex Integer32, h3cAclEnUserRowStatus RowStatus, h3cAclEnUserAct RuleAction, h3cAclEnUserStartString OCTET STRING, h3cAclEnUserL2String OCTET STRING, h3cAclEnUserMplsString OCTET STRING, h3cAclEnUserIPv4String OCTET STRING, h3cAclEnUserIPv6String OCTET STRING, h3cAclEnUserL4String OCTET STRING, h3cAclEnUserL5String OCTET STRING, h3cAclEnUserTimeRangeName OCTET STRING, h3cAclEnUserCount Unsigned32, h3cAclEnUserCountClear CounterClear, h3cAclEnUserEnable TruthValue, h3cAclEnUserComment OCTET STRING, h3cAclEnUserLog TruthValue, h3cAclEnUserCounting TruthValue } h3cAclEnUserRuleIndex OBJECT-TYPE SYNTAX Integer32 (0..65534) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The subitem of the user acl." ::= { h3cAclEnUserEntry 1 } h3cAclEnUserRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus." ::= { h3cAclEnUserEntry 2 } h3cAclEnUserAct OBJECT-TYPE SYNTAX RuleAction MAX-ACCESS read-create STATUS current DESCRIPTION "The action of user defined acl rule." ::= { h3cAclEnUserEntry 3 } h3cAclEnUserStartString OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The rule, matching packets, input like this: 'RuleOffset','RuleString','RuleMask'. RuleOffset: The value of this object is defined by product and it indicates the offset of the rule mask in the packet(unit: byte). RuleString: The length of RuleString is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. RuleMask: The length of RuleMask is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. For example: 10,10af,ffff. Default value is null. " ::= { h3cAclEnUserEntry 4 } h3cAclEnUserL2String OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The rule, matching layer 2 packets, input like this: 'RuleOffset','RuleString','RuleMask'. RuleOffset: The value is defined by product and it indicates offset of the rule mask in the packet(unit: byte). RuleString: The length of RuleString is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. RuleMask: The length of RuleMask is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. For example: '10','10af','ffff'. Default value is null. " ::= { h3cAclEnUserEntry 5 } h3cAclEnUserMplsString OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The rule, matching mpls packets, input like this: 'RuleOffset','RuleString','RuleMask'. RuleOffset: The value is defined by product and it indicates offset of the rule mask in the packet(unit: byte). RuleString: The length of RuleString is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. RuleMask: The length of RuleMask is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. For example: '10','10af','ffff'. Default value is null. " ::= { h3cAclEnUserEntry 6 } h3cAclEnUserIPv4String OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The rule, matching IPv4 packets, input like this: 'RuleOffset','RuleString','RuleMask'. RuleOffset: The value is defined by product and it indicates offset of the rule mask in the packet(unit: byte). RuleString: The length of RuleString is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. RuleMask: The length of RuleMask is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. For example: '10','10af','ffff'. Default value is null. " ::= { h3cAclEnUserEntry 7 } h3cAclEnUserIPv6String OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The rule, matching IPv6 packets, input like this: 'RuleOffset','RuleString','RuleMask'. RuleOffset: The value is defined by product and it indicates offset of the rule mask in the packet(unit: byte). RuleString: The length of RuleString is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. RuleMask: The length of RuleMask is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. For example: '10','10af','ffff'. Default value is null. " ::= { h3cAclEnUserEntry 8 } h3cAclEnUserL4String OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The rule, matching layer 4 packets, input like this: 'RuleOffset','RuleString','RuleMask'. RuleOffset: The value is defined by product and it indicates offset of the rule mask in the packet(unit: byte). RuleString: The length of RuleString is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. RuleMask: The length of RuleMask is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. For example: '10','10af','ffff'. Default value is null. " ::= { h3cAclEnUserEntry 9 } h3cAclEnUserL5String OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The rule, matching layer 5 packets, input like this: 'RuleOffset','RuleString','RuleMask'. RuleOffset: The value is defined by product and it indicates offset of the rule mask in the packet(unit: byte). RuleString: The length of RuleString is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. RuleMask: The length of RuleMask is defined by product. The string must be hexadecimal. The length of string must be multiple of 2. For example: '10','10af','ffff'. Default value is null. " ::= { h3cAclEnUserEntry 10 } h3cAclEnUserTimeRangeName OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The Time-range of user acl rule. Default value is null." ::= { h3cAclEnUserEntry 11 } h3cAclEnUserCount OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of matched by the rule." ::= { h3cAclEnUserEntry 12 } h3cAclEnUserCountClear OBJECT-TYPE SYNTAX CounterClear MAX-ACCESS read-write STATUS current DESCRIPTION "Reset the value of counter." ::= { h3cAclEnUserEntry 13 } h3cAclEnUserEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "The rule is active or not. true : active false : inactive " DEFVAL { false } ::= { h3cAclEnUserEntry 14 } h3cAclEnUserComment OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "The description of ACL rule. Default value is Zero-length String. " ::= { h3cAclEnUserEntry 15 } h3cAclEnUserLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The packet will be logged when it matches the rule. It is disabled by default. " DEFVAL { false } ::= { h3cAclEnUserEntry 16 } h3cAclEnUserCounting OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "The packet will be counted when it matches the rule. It is disabled by default. " DEFVAL { false } ::= { h3cAclEnUserEntry 17 } -- -- Node of h3cAclResourceGroup -- h3cAclResourceGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 5 } -- -- Nodes of h3cAclResourceUsageTable -- h3cAclResourceUsageTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cAclResourceUsageEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table shows ACL resource usage information. Support for resource types that are denoted by h3cAclResourceType object varies with products. If a type is not supported, the corresponding row for the type will not be instantiated in this table. " ::= { h3cAclResourceGroup 1 } h3cAclResourceUsageEntry OBJECT-TYPE SYNTAX H3cAclResourceUsageEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each row contains a brief description of the resource type, a port range associated with the chip, total, reserved, and configured amount of resource of this type, the percent of resource that has been allocated, and so on. " INDEX { h3cAclResourceChassis, h3cAclResourceSlot, h3cAclResourceChip, h3cAclResourceType } ::= { h3cAclResourceUsageTable 1 } H3cAclResourceUsageEntry ::= SEQUENCE { h3cAclResourceChassis Unsigned32, h3cAclResourceSlot Unsigned32, h3cAclResourceChip Unsigned32, h3cAclResourceType Integer32, h3cAclPortRange OCTET STRING, h3cAclResourceTotal Unsigned32, h3cAclResourceReserved Unsigned32, h3cAclResourceConfigured Unsigned32, h3cAclResourceUsagePercent Unsigned32, h3cAclResourceTypeDescription OCTET STRING } h3cAclResourceChassis OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The chassis number. On a centralized or distributed device, the value for this node is always zero. " ::= { h3cAclResourceUsageEntry 1 } h3cAclResourceSlot OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The slot number. On a centralized device, the value for this node is always zero." ::= { h3cAclResourceUsageEntry 2 } h3cAclResourceChip OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The chip number. On a single chip device, the value for this node is always zero." ::= { h3cAclResourceUsageEntry 3 } h3cAclResourceType OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The resource type." ::= { h3cAclResourceUsageEntry 4 } h3cAclPortRange OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "The port range associated with the chip. Commas are used to separate multiple port ranges, for example, Ethernet1/2 to Ethernet1/12, Ethernet1/31 to Ethernet1/48. " ::= { h3cAclResourceUsageEntry 5 } h3cAclResourceTotal OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Total TCAM entries of the resource type." ::= { h3cAclResourceUsageEntry 6 } h3cAclResourceReserved OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of reserved TCAM entries of the resource type." ::= { h3cAclResourceUsageEntry 7 } h3cAclResourceConfigured OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The amount of configured TCAM entries of the resource type." ::= { h3cAclResourceUsageEntry 8 } h3cAclResourceUsagePercent OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The percent of TCAM entries that have been used for this resource type. " ::= { h3cAclResourceUsageEntry 9 } h3cAclResourceTypeDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..31)) MAX-ACCESS read-only STATUS current DESCRIPTION "The description of this resource type." ::= { h3cAclResourceUsageEntry 10 } -- -- Node of h3cAclPacketFilterObjects -- h3cAclPacketFilterObjects OBJECT IDENTIFIER ::= { h3cAcl 3 } h3cPfilterScalarGroup OBJECT IDENTIFIER ::= { h3cAclPacketFilterObjects 1 } h3cPfilterDefaultAction OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The default action of packet filter. By default, the packet filter permits packets that do not match any ACL rule to pass. " ::= { h3cPfilterScalarGroup 1 } h3cPfilterProcessingStatus OBJECT-TYPE SYNTAX INTEGER { processing(1), done(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object shows the status of the system when applying packet filter. It is forbidden to set or read in h3cAclPacketFilterObjects MIB module when the value is processing. " ::= { h3cPfilterScalarGroup 2 } -- -- Nodes of h3cPfilterApplyTable -- h3cPfilterApplyTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cPfilterApplyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of packet filter application. It's not supported to set default action on an entity, but supported to enable hardware count of default action on an entity. " ::= { h3cAclPacketFilterObjects 2 } h3cPfilterApplyEntry OBJECT-TYPE SYNTAX H3cPfilterApplyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packet filter application information entry." INDEX { h3cPfilterApplyObjType, h3cPfilterApplyObjIndex, h3cPfilterApplyDirection, h3cPfilterApplyAclType, h3cPfilterApplyAclIndex } ::= { h3cPfilterApplyTable 1 } H3cPfilterApplyEntry ::= SEQUENCE { h3cPfilterApplyObjType INTEGER, h3cPfilterApplyObjIndex Integer32, h3cPfilterApplyDirection DirectionType, h3cPfilterApplyAclType INTEGER, h3cPfilterApplyAclIndex Integer32, h3cPfilterApplyHardCount TruthValue, h3cPfilterApplySequence Unsigned32, h3cPfilterApplyCountClear CounterClear, h3cPfilterApplyRowStatus RowStatus } h3cPfilterApplyObjType OBJECT-TYPE SYNTAX INTEGER { interface(1), vlan(2), global(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The object type of packet filter application. interface: Apply an ACL to the interface to filter packets. vlan: Apply an ACL to the VLAN to filter packets. global: Apply an ACL globally to filter packets. " ::= { h3cPfilterApplyEntry 1 } h3cPfilterApplyObjIndex OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The object ID of packet filter application. Interface: interface index, equal to ifIndex VLAN: VLAN ID, 1..4094 Global: 0 " ::= { h3cPfilterApplyEntry 2 } h3cPfilterApplyDirection OBJECT-TYPE SYNTAX DirectionType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The direction of packet filter application." ::= { h3cPfilterApplyEntry 3 } h3cPfilterApplyAclType OBJECT-TYPE SYNTAX INTEGER { ipv4(1), ipv6(2), default(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "ACL Type: IPv4, IPv6, default action. Take default action as a special ACL group. " ::= { h3cPfilterApplyEntry 4 } h3cPfilterApplyAclIndex OBJECT-TYPE SYNTAX Integer32 (0|2000..5999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ACL group index. Basic type: 2000..2999 Advanced type: 3000..3999 MAC type: 4000..4999 User type: 5000..5999 Default action type: 0 " ::= { h3cPfilterApplyEntry 5 } h3cPfilterApplyHardCount OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Hardware count flag. true: enable hardware count false: disable hardware count " DEFVAL { false } ::= { h3cPfilterApplyEntry 6 } h3cPfilterApplySequence OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The configure sequence of packet filter application." ::= { h3cPfilterApplyEntry 7 } h3cPfilterApplyCountClear OBJECT-TYPE SYNTAX CounterClear MAX-ACCESS read-write STATUS current DESCRIPTION "Clear the value of counters." ::= { h3cPfilterApplyEntry 8 } h3cPfilterApplyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus." ::= { h3cPfilterApplyEntry 9 } -- -- Nodes of h3cPfilterAclGroupRunInfoTable -- h3cPfilterAclGroupRunInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cPfilterAclGroupRunInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of group running information of ACLs for packet filtering. If hardware count function is not supported or not enabled to the packet filter application, the statistics entry will be zero. " ::= { h3cAclPacketFilterObjects 3 } h3cPfilterAclGroupRunInfoEntry OBJECT-TYPE SYNTAX H3cPfilterAclGroupRunInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "ACL group running information entry for packet filtering." INDEX { h3cPfilterApplyObjType, h3cPfilterApplyObjIndex, h3cPfilterApplyDirection, h3cPfilterApplyAclType, h3cPfilterApplyAclIndex } ::= { h3cPfilterAclGroupRunInfoTable 1 } H3cPfilterAclGroupRunInfoEntry ::= SEQUENCE { h3cPfilterAclGroupStatus INTEGER, h3cPfilterAclGroupCountStatus INTEGER, h3cPfilterAclGroupPermitPkts Counter64, h3cPfilterAclGroupPermitBytes Counter64, h3cPfilterAclGroupDenyPkts Counter64, h3cPfilterAclGroupDenyBytes Counter64 } h3cPfilterAclGroupStatus OBJECT-TYPE SYNTAX INTEGER { success(1), failed(2), partialSuccess(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of ACL group applied. success: ACL applied successfully on all slots failed: failed to apply ACL on all slots partialSuccess: failed to apply ACL on some slots " ::= { h3cPfilterAclGroupRunInfoEntry 1 } h3cPfilterAclGroupCountStatus OBJECT-TYPE SYNTAX INTEGER { success(1), failed(2), partialSuccess(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of enabling hardware count. If hardware count is not enabled, it returns success. success: enable hardware count successfully on all slots failed: failed to enable hardware count on all slots partialSuccess: failed to enable hardware count on some slots " ::= { h3cPfilterAclGroupRunInfoEntry 2 } h3cPfilterAclGroupPermitPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets permitted." ::= { h3cPfilterAclGroupRunInfoEntry 3 } h3cPfilterAclGroupPermitBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of bytes permitted." ::= { h3cPfilterAclGroupRunInfoEntry 4 } h3cPfilterAclGroupDenyPkts OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets denied." ::= { h3cPfilterAclGroupRunInfoEntry 5 } h3cPfilterAclGroupDenyBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of bytes denied." ::= { h3cPfilterAclGroupRunInfoEntry 6 } -- -- Nodes of h3cPfilterAclRuleRunInfoTable -- h3cPfilterAclRuleRunInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cPfilterAclRuleRunInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of rule's running information of ACLs for packet filtering. If hardware count function is not supported or not enabled to the packet filter application, the h3cPfilterAclRuleMatchPackets and h3cPfilterAclRuleMatchBytes will be zero. " ::= { h3cAclPacketFilterObjects 4 } h3cPfilterAclRuleRunInfoEntry OBJECT-TYPE SYNTAX H3cPfilterAclRuleRunInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "ACL rule's running information entry." INDEX { h3cPfilterApplyObjType, h3cPfilterApplyObjIndex, h3cPfilterApplyDirection, h3cPfilterApplyAclType, h3cPfilterApplyAclIndex, h3cPfilterAclRuleIndex } ::= { h3cPfilterAclRuleRunInfoTable 1 } H3cPfilterAclRuleRunInfoEntry ::= SEQUENCE { h3cPfilterAclRuleIndex Integer32, h3cPfilterAclRuleStatus INTEGER, h3cPfilterAclRuleCountStatus INTEGER, h3cPfilterAclRuleMatchPackets Counter64, h3cPfilterAclRuleMatchBytes Counter64 } h3cPfilterAclRuleIndex OBJECT-TYPE SYNTAX Integer32 (0..65534) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ACL rule index." ::= { h3cPfilterAclRuleRunInfoEntry 1 } h3cPfilterAclRuleStatus OBJECT-TYPE SYNTAX INTEGER { success(1), failed(2), partialSuccess(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of rule application. success: rule applied successfully on all slots failed: failed to apply rule on all slots partialSuccess: failed to apply rule on some slots " ::= { h3cPfilterAclRuleRunInfoEntry 2 } h3cPfilterAclRuleCountStatus OBJECT-TYPE SYNTAX INTEGER { success(1), failed(2), partialSuccess(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of enabling rule's hardware count. If hardware count is not enabled, it returns success. success: enable hardware count successfully on all slots failed: failed to enable hardware count on all slots partialSuccess: failed to enable hardware count on some slots " ::= { h3cPfilterAclRuleRunInfoEntry 3 } h3cPfilterAclRuleMatchPackets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets matched." ::= { h3cPfilterAclRuleRunInfoEntry 4 } h3cPfilterAclRuleMatchBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of bytes matched." ::= { h3cPfilterAclRuleRunInfoEntry 5 } -- -- Nodes of h3cPfilterStatisticSumTable -- h3cPfilterStatisticSumTable OBJECT-TYPE SYNTAX SEQUENCE OF H3cPfilterStatisticSumEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of ACL rule's sum statistics information, accumulated by all entity application on all slots. " ::= { h3cAclPacketFilterObjects 5 } h3cPfilterStatisticSumEntry OBJECT-TYPE SYNTAX H3cPfilterStatisticSumEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "ACL rule's sum statistics information entry." INDEX { h3cPfilterSumDirection, h3cPfilterSumAclType, h3cPfilterSumAclIndex, h3cPfilterSumRuleIndex } ::= { h3cPfilterStatisticSumTable 1 } H3cPfilterStatisticSumEntry ::= SEQUENCE { h3cPfilterSumDirection DirectionType, h3cPfilterSumAclType INTEGER, h3cPfilterSumAclIndex Integer32, h3cPfilterSumRuleIndex Integer32, h3cPfilterSumRuleMatchPackets Counter64, h3cPfilterSumRuleMatchBytes Counter64 } h3cPfilterSumDirection OBJECT-TYPE SYNTAX DirectionType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The direction of application." ::= { h3cPfilterStatisticSumEntry 1 } h3cPfilterSumAclType OBJECT-TYPE SYNTAX INTEGER { ipv4(1), ipv6(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "ACL type, IPv4 or IPv6." ::= { h3cPfilterStatisticSumEntry 2 } h3cPfilterSumAclIndex OBJECT-TYPE SYNTAX Integer32 (2000..5999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ACL group index. Basic type: 2000..2999 Advanced type: 3000..3999 MAC type: 4000..4999 User type: 5000..5999 " ::= { h3cPfilterStatisticSumEntry 3 } h3cPfilterSumRuleIndex OBJECT-TYPE SYNTAX Integer32 (0..65534) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ACL rule index." ::= { h3cPfilterStatisticSumEntry 4 } h3cPfilterSumRuleMatchPackets OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The sum number of packets matched the ACL rule." ::= { h3cPfilterStatisticSumEntry 5 } h3cPfilterSumRuleMatchBytes OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The sum number of bytes matched the ACL rule." ::= { h3cPfilterStatisticSumEntry 6 } -- -- Nodes of h3cPacketfilterTrapObjects -- h3cAclPacketfilterTrapObjects OBJECT IDENTIFIER ::= { h3cAcl 4 } h3cPfilterInterface OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The interface which policy apply." ::= { h3cAclPacketfilterTrapObjects 1 } h3cPfilterDirection OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Inbound or outbound." ::= { h3cAclPacketfilterTrapObjects 2 } h3cPfilterACLNumber OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "ACL number." ::= { h3cAclPacketfilterTrapObjects 3 } h3cPfilterAction OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Permit or deny." ::= { h3cAclPacketfilterTrapObjects 4 } h3cMACfilterSourceMac OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Source MAC address." ::= { h3cAclPacketfilterTrapObjects 5 } h3cMACfilterDestinationMac OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Destination MAC address." ::= { h3cAclPacketfilterTrapObjects 6 } h3cPfilterPacketNumber OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The number of packets permitted or denied by ACL." ::= { h3cAclPacketfilterTrapObjects 7 } h3cPfilterReceiveInterface OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The interface where packet come from." ::= { h3cAclPacketfilterTrapObjects 8 } -- -- Nodes of h3cPacketfilterTrap -- h3cAclPacketfilterTrap OBJECT IDENTIFIER ::= { h3cAcl 5 } h3cPfilterTrapPrefix OBJECT IDENTIFIER ::= { h3cAclPacketfilterTrap 0 } h3cMACfilterTrap NOTIFICATION-TYPE OBJECTS { h3cPfilterInterface, h3cPfilterDirection, h3cPfilterACLNumber, h3cPfilterAction, h3cMACfilterSourceMac, h3cMACfilterDestinationMac, h3cPfilterPacketNumber, h3cPfilterReceiveInterface } STATUS current DESCRIPTION "This notification is generated when a packet was processed by MAC address filter, but not every packet will generate one notification, the same notification only generate once in 30 seconds." ::= { h3cPfilterTrapPrefix 1 } END