-- Copyright (C) 2009-2012 Aricent Group . All Rights Reserved -- $Id: fsissacl.mib,v 1.11 2015/03/04 10:30:07 siva Exp $ ARICENT-ISS-ACL-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, enterprises, IpAddress, Integer32, Unsigned32 FROM SNMPv2-SMI InetAddressType, InetAddress, InetAddressPrefixLength, InetPortNumber FROM INET-ADDRESS-MIB RowStatus, TEXTUAL-CONVENTION, MacAddress, TruthValue FROM SNMPv2-TC; issAcl MODULE-IDENTITY LAST-UPDATED "201209050000Z" ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE" CONTACT-INFO "support@aricent.com" DESCRIPTION "Proprietary MIB definition for Access Control Feature" REVISION "201209050000Z" DESCRIPTION "Proprietary MIB definition for Access Control Feature" ::= { enterprises aricent-communication-holding-ltd(29601) iss(2) 21 } PortList ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Each octet within this value specifies a set of eight ports, with the first octet specifying ports 1 through 8, the second octet specifying ports 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered port, and the least significant bit represents the highest numbered port. Thus, each port of the bridge is represented by a single bit within the value of this object. If that bit has a value of '1' then that port is included in the set of ports; the port is not included if its bit has a value of '0'." SYNTAX OCTET STRING IndexInteger ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "An integer which may be used as a table index. If 0 then it is invalid" SYNTAX Unsigned32 (1..65535) IndexIntegerNextFree ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "An integer which may be used as a new Index in a table. The special value of 0 indicates that no more new entries can be created in the relevant table. When a MIB is used for configuration, an object with this SYNTAX always contains a legal value (if non-zero) for an index that is not currently used in the relevant table. The Command Generator (Network Management Application) reads this variable and uses the (non-zero) value read when creating a new row with an SNMP SET. When the SET is performed, the Command Responder (agent) must determine whether the value is indeed still unused; Two Network Management Applications may attempt to create a row (configuration entry) simultaneously and use the same value. If it is currently unused, the SET succeeds and the Command Responder (agent) changes the value of this object, according to an implementation-specific algorithm. If the value is in use, however, the SET fails. The Network Management Application must then re-read this variable to obtain a new usable value. An OBJECT-TYPE definition using this SYNTAX MUST specify the relevant table for which the object is providing this functionality." SYNTAX Unsigned32 (0..4294967295) iss OBJECT IDENTIFIER ::= { enterprises 2076 81 } EnabledStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A simple status value for the object." SYNTAX INTEGER { enabled(1), disabled(2) } -- ----------------------------------------------------------------- -- -- groups in the MIB -- ----------------------------------------------------------------- -- issAclRateControl OBJECT IDENTIFIER ::= { issAcl 1 } issAclL2Filter OBJECT IDENTIFIER ::= { issAcl 2 } issAclL3Filter OBJECT IDENTIFIER ::= { issAcl 3 } issAclUserDefinedFilter OBJECT IDENTIFIER ::= { issAcl 4 } issRedirectInterfaceGrp OBJECT IDENTIFIER ::= { issAcl 5 } issRedirectIdNextFree OBJECT IDENTIFIER ::= { issAcl 6 } issAclTrafficControl OBJECT IDENTIFIER ::= { issAcl 7 } -- Rate Control Group --------------------------------------------- -- issAclRateCtrlTable OBJECT-TYPE SYNTAX SEQUENCE OF IssAclRateCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table to control the rate limiting parameters either for the entire switch or for each physical and port-channel interface in the switch." ::= { issAclRateControl 1 } issAclRateCtrlEntry OBJECT-TYPE SYNTAX IssAclRateCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry appears in this table for each physical and port-channel interface in the switch." INDEX { issAclRateCtrlIndex } ::= { issAclRateCtrlTable 1 } IssAclRateCtrlEntry ::= SEQUENCE { issAclRateCtrlIndex Integer32, issAclRateCtrlDLFLimitValue Integer32, issAclRateCtrlBCASTLimitValue Integer32, issAclRateCtrlMCASTLimitValue Integer32, issAclRateCtrlPortRateLimit Integer32, issAclRateCtrlPortBurstSize Integer32 } issAclRateCtrlIndex OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The interface index for which the configuration in this entry applies." ::= { issAclRateCtrlEntry 1 } issAclRateCtrlDLFLimitValue OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "Allows to configure the limiting value for the maximum number of dlf packets that can be transmitted per second over this interface. Setting this object to the value zero disables rate limiting for Destination lookup failure packets on this interface. The value that can be set for this object is limited by the underlying hardware" DEFVAL {0} ::= { issAclRateCtrlEntry 2 } issAclRateCtrlBCASTLimitValue OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "Allows to configure the limiting value for the maximum number of broadcast packets that can be transmitted per second over this interface. Setting this object to the value zero disables rate limiting for Broadcast packets on this interface. The value that can be set for this object is limited by the underlying hardware" DEFVAL {0} ::= { issAclRateCtrlEntry 3 } issAclRateCtrlMCASTLimitValue OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-write STATUS current DESCRIPTION "Allows to configure the limiting value for the maximum number of multicast packets that can be transmitted per second over this interface. Setting this object to the value zero disables rate limiting for Multicast packets on this interface. The value that can be set for this object is limited by the underlying hardware" DEFVAL {0} ::= { issAclRateCtrlEntry 4} issAclRateCtrlPortRateLimit OBJECT-TYPE SYNTAX Integer32 (0..80000000) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures interface Rate Limit (Packet that can be transferred on a port at a particular second). This object's value will take effect on the interface speed. Based on the operating speed of the port, the rate limit will be applied. This value can also be affected by the metering. A value of zero(0) disable rate limiting i.e. sets the port to full speed." ::= { issAclRateCtrlEntry 5 } issAclRateCtrlPortBurstSize OBJECT-TYPE SYNTAX Integer32 (0..80000000) MAX-ACCESS read-write STATUS current DESCRIPTION "Configures interface Burst Pkt Rate. (Packet Burst that can be transferred on a port at a particular second) This object's value will take effect on the interface speed. Based on the operating speed of the port, the burst size of the port will be applied. This value can also be affected by the metering. A value of zero(0) disable burst rate limiting i.e. sets the port burst rate limit to full speed." ::= { issAclRateCtrlEntry 6 } -- ------------------------------------------------------------------ -- L2 Filter Group -------------------------------------------------- issAclL2FilterTable OBJECT-TYPE SYNTAX SEQUENCE OF IssAclL2FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table to configure L2 filter rules in the system." ::= { issAclL2Filter 1 } issAclL2FilterEntry OBJECT-TYPE SYNTAX IssAclL2FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in this table is a L2 filter rule. Index to the table is the L2 filter number." INDEX { issAclL2FilterNo} ::= { issAclL2FilterTable 1 } IssAclL2FilterEntry ::= SEQUENCE { issAclL2FilterNo Integer32, issAclL2FilterPriority Integer32, issAclL2FilterEtherType Integer32, issAclL2FilterProtocolType Unsigned32, issAclL2FilterDstMacAddr MacAddress, issAclL2FilterSrcMacAddr MacAddress, issAclL2FilterVlanId Integer32, issAclL2FilterInPortList PortList, issAclL2FilterAction INTEGER, issAclL2FilterMatchCount Counter32, issAclL2FilterStatus RowStatus, issAclL2FilterOutPortList PortList, issAclL2FilterDirection INTEGER, issAclL2FilterSubAction INTEGER, issAclL2FilterSubActionId Integer32, issAclL2FilterRedirectId Integer32, issAclL2NextFilterNo Integer32, issAclL2NextFilterType INTEGER, issAclL2FilterCreationMode INTEGER, issAclL2FilterInPortChannelList PortList, issAclL2FilterOutPortChannelList PortList, issAclL2FilterStatsEnabledStatus EnabledStatus, issAclClearL2FilterStats TruthValue } issAclL2FilterNo OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "L2 Filter rule number." ::= { issAclL2FilterEntry 1 } issAclL2FilterPriority OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "The priority of the L2 filter can be used to decide which filter rule is applicable when --> the packet matches with more than one filter rules --> All the filter rules result in 'allow'ing the packet Higher value of 'filter priority' implies a higher priority. Usage of 'L2FilterPriority' is implementation dependant." DEFVAL { 1 } ::= { issAclL2FilterEntry 2 } issAclL2FilterEtherType OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The value in the Type/Len field of a frame that will be matched to trigger this filter. The default value of this object is '0'. When this object is SET with the default value, frames are not matched for the value in the Type/Len field with the value set for this object." DEFVAL { 0 } ::= { issAclL2FilterEntry 3 } issAclL2FilterProtocolType OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the non IP protocol type to be filtered. aarp | amber | dec-spanning | decnet-iv | diagnostic | dsm |etype-6000 | etype-8042 | lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo | vines-ip | xns-idp: A non-IP protocol. A value of '0' means, the filter is applicable for all protocols." DEFVAL { 0 } ::= { issAclL2FilterEntry 4 } issAclL2FilterDstMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Destination MAC address to be matched with the packet. By Default, the Destination Mac Address will be zero which means dont care condition ie) any Dst Mac Address ." ::= { issAclL2FilterEntry 5 } issAclL2FilterSrcMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Source MAC address to be matched with the packet. By Default, the Source Mac Address will be zero which means dont care condition ie) any Src Mac address" ::= { issAclL2FilterEntry 6 } issAclL2FilterVlanId OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "Vlan Id to be filtered. In case of Provider bridges, This Vlan Id will be treated as customer Vlan Id. A value of '0' means, this object is unused. Configuring this value is not allowed." DEFVAL { 0 } ::= { issAclL2FilterEntry 7 } issAclL2FilterInPortList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the complete set of ports over which this filter is applied for packets ingress at ports in this list. If the In port list is '0', the filter rule is applicable for the incoming packets on all ports. Even though the issAclL2FilterInPortList is configured, It is applicable only if issAclL2FilterDirection is configured as 'in'. By default inport list is maintained as '0'." ::= { issAclL2FilterEntry 8 } issAclL2FilterAction OBJECT-TYPE SYNTAX INTEGER { allow (1), drop (2), redirect (3), switchandcopytocpu (4), dropandcopytocpu (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the action to be taken on the packet if the filter rule matches. If the action is 'allow', the packet will be forwarded according to the forwarding rules. If the action is 'drop', the packet will be discarded. If the action is 'redirect', the packet will be switched according to the redirect rules. If the action is 'switch-and-copy-to-cpu', packet is switched and a copy of the packet is sent to the CPU. If the action is 'drop-and-copy-to-cpu', packet is not switched but only sent to the CPU." DEFVAL { allow } ::= { issAclL2FilterEntry 9 } issAclL2FilterMatchCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of times this filter is matched." ::= { issAclL2FilterEntry 10 } issAclL2FilterStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry. An entry is created in this table when this object is SET to 'createAndWait'. The entry in this table is used when the status of this object is SET 'active'. The entry in this table is not used when this object is SET 'notInService'. An entry created in this table is be deleted when this object is SET 'destroy'. The entry status will be made 'active' only if either of In/Out PortList or In/Out PortChannelList are configured in case of l2Filter." ::= { issAclL2FilterEntry 11 } issAclL2FilterOutPortList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the complete set of ports over which this filter is applied for packets egress at Ports in this list. If the Out port list is '0', the filter rule is applicable for the outgoing packets on all ports. Even though the issAclL2FilterOutPortList is configured, It is applicable only if issAclL2FilterDirection is configured as 'out'. By default outport list is maintained as '0'." ::= { issAclL2FilterEntry 12 } issAclL2FilterDirection OBJECT-TYPE SYNTAX INTEGER { in (1), out (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the direction of this filter to be applied. By Default the filter will be applied on ingress direction. When the direction of this filter is 'in', It is applied on specified ports of the issAclL2FilterInPortList. When the direction of this filter is 'out', It is applied on specified ports of the issAclL2FilterOutPortList." DEFVAL { in } ::= { issAclL2FilterEntry 13 } issAclL2FilterSubAction OBJECT-TYPE SYNTAX INTEGER { none (0), modifyVlan (1), nestedVlan (2), modifyCVlan (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The action to be taken on the incoming packet is detailed below - none - no action modifyVlan - Traffic matching ACL rule will have VLAN ID classified/modified to value specified by this object. nestedVlan - Traffic matching ACL rule will have one additional VLAN Tag added to the packet ( on top of existing VLAN tags, if any). modifyCVlan - Traffic matching ACL rule will have Customer VLAN ID classified/modified to value specified by this object. Note - VLANID added is specified by mib object issAclL2FilterSubActionId strip-etherhdr-apply-nextfilter - Traffic matching ACL rule will have outer ethernet header stripped, Ex This can be used for stripping the outer ethernet header for MPLS packet." DEFVAL { none } ::= { issAclL2FilterEntry 14 } issAclL2FilterSubActionId OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "Id to be used if the object as specified by issAclL2FilterSubAction is either modifyvlan or nestedvlan only. Non-Zero value need to be specify when issAclL2FilterSubAction is modify or Nested Vlan. Value of Zero need to be specify when issAclL2FilterSubAction is none" DEFVAL { 0 } ::= { issAclL2FilterEntry 15 } issAclL2FilterRedirectId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the redirect index associated with L2Filter entry." ::= { issAclL2FilterEntry 16 } issAclL2NextFilterNo OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Next Filter rule number to be matched for traffic matching the current ACL rule " ::= { issAclL2FilterEntry 17 } issAclL2NextFilterType OBJECT-TYPE SYNTAX INTEGER { l2filter (0), l3filter (1), userdefined (2) } MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the type of the next access-control list. The type could take the value 'l2filter' for MAC-based ACLs and 'l3filter' for IP-based ACLs. It takes the value 'userdefined' for filtering based on user-defined filters." ::= { issAclL2FilterEntry 18 } issAclL2FilterCreationMode OBJECT-TYPE SYNTAX INTEGER { internal (1), external (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the filter created mode. internal: Indicates filter is created by the system internally. external: Indicates filter is created externally by user configuration. Filter table with the mode 'internal' is readonly, and cannot be deleted by setting 'destroy' to table row status." DEFVAL { external } ::= { issAclL2FilterEntry 19 } issAclL2FilterInPortChannelList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the complete set of port channel interfaces over which the filter is applied for packets arriving at the ports in this list. By default InPortChannel list is '0'." ::= { issAclL2FilterEntry 20 } issAclL2FilterOutPortChannelList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the complete set of portchannel interfaces over which the filter is applied for packets egress at ports in this list. This configuration is applicable only if issAclL2FilterDirection is configured as 'out'. By default the OutPortChannel list is '0'." ::= { issAclL2FilterEntry 21 } issAclL2FilterStatsEnabledStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the status of L2 filter statistics collection. When set as enabled, the number of hits for the specific filter entry is collected and can be verified using the issAclL2FilterMatchCount object. When set as disabled, the number of hits for the specific filter entry is not collected." DEFVAL { disabled } ::= { issAclL2FilterEntry 22 } issAclClearL2FilterStats OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object clears the hit count of the specific filter. When this object is set as 'true'(1), the hit count for the filter is cleared and the object value is reset to 'false'(2). The get routine for this object always returns 'false'(2)." DEFVAL { false } ::= { issAclL2FilterEntry 23 } -- ------------------------------------------------------------------ -- L3 Filter Group -------------------------------------------------- issAclL3FilterTable OBJECT-TYPE SYNTAX SEQUENCE OF IssAclL3FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " A table to configure L3 filter rules in the system. " ::= { issAclL3Filter 1 } issAclL3FilterEntry OBJECT-TYPE SYNTAX IssAclL3FilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Each entry in this table is a L3 filter rule. Index to the table is L3 filter number. " INDEX { issAclL3FilterNo} ::= { issAclL3FilterTable 1 } IssAclL3FilterEntry ::= SEQUENCE { issAclL3FilterNo Integer32, issAclL3FilterPriority Integer32, issAclL3FilterProtocol Integer32, issAclL3FilterMessageType Integer32, issAclL3FilterMessageCode Integer32, issAclL3FilteAddrType InetAddressType, issAclL3FilterDstIpAddr InetAddress, issAclL3FilterSrcIpAddr InetAddress, issAclL3FilterDstIpAddrPrefixLength InetAddressPrefixLength, issAclL3FilterSrcIpAddrPrefixLength InetAddressPrefixLength, issAclL3FilterMinDstProtPort Unsigned32, issAclL3FilterMaxDstProtPort Unsigned32, issAclL3FilterMinSrcProtPort Unsigned32, issAclL3FilterMaxSrcProtPort Unsigned32, issAclL3FilterInPortList PortList, issAclL3FilterOutPortList PortList, issAclL3FilterAckBit INTEGER, issAclL3FilterRstBit INTEGER, issAclL3FilterTos Integer32, issAclL3FilterDscp Integer32, issAclL3FilterDirection INTEGER, issAclL3FilterAction INTEGER, issAclL3FilterMatchCount Counter32, issAclL3FilterFlowId Unsigned32, issAclL3FilterStatus RowStatus, issAclL3FilterSubAction INTEGER, issAclL3FilterSubActionId Integer32, issAclL3FilterRedirectId Integer32, issAclL3FilterCreationMode INTEGER, issAclL3FilterInPortChannelList PortList, issAclL3FilterOutPortChannelList PortList, issAclL3FilterStatsEnabledStatus EnabledStatus, issAclClearL3FilterStats TruthValue } issAclL3FilterNo OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "L3 Filter rule number." ::= { issAclL3FilterEntry 1 } issAclL3FilterPriority OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "The priority of the filter can be used to decide which filter rule is applicable when --> the packet matches with more than one filter rules --> All the filter rules result in 'allow'ing the packet Higher value of 'L3 filter priority' implies a higher priority. Usage of 'L3FilterPriority' is implementation dependant." DEFVAL { 1 } ::= { issAclL3FilterEntry 2 } issAclL3FilterProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION " The type of protocol to be checked against the packet. The default value is 255. If the value is 255, it means that the protocol type can be anything and it will not be checked to decide the action. " DEFVAL { 255 } ::= { issAclL3FilterEntry 3 } issAclL3FilterMessageType OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION " The message type to be checked against the packet. If the message type matches with the packet, then the packet will be dropped / allowed based on the action set in issAclL3FilterAction. The default value is 255. It means that message type is not configured and need not be checked. Generally the value zero is given as default. But here zero can be an ICMP Type value. Hence 255 is given as the default value. Some ICMP message types are: echoReply(0), destinationUnreachable(3), sourceQuench(4), redirect(5), echoRequest(8), timeExceeded(11), parameterProblem(12), timestampRequest(13), timestampReply(14), informationRequest(15), informationReply(16), addressMaskRequest(17), addressMaskReply (18), noICMPType(255) " DEFVAL { 255 } ::= { issAclL3FilterEntry 4 } issAclL3FilterMessageCode OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION " The message code to be checked against the packet. If the packet matches with the message code, then the packet will be dropped / allowed based on the action set in issAclL3FilterAction. The default value is 255. It means that message code is not configured and need not be checked. Generally the value zero will be given as default. But here, zero can be an ICMP Code value. Hence 255 is given as the default value. Some ICMP message codes are : networkUnreachable(0), hostUnreachable(1), protocolUnreachable(2), portUnreachable(3), fragmentNeed(4), sourceRouteFail(5), destNetworkUnknown(6), destHostUnknown(7), srcHostIsolated(8), destNetworkAdminProhibited(9), destHostAdminProhibited(10), networkUnreachableTOS(11), hostUnreachableTOS(12), noICMPCode(255) " DEFVAL { 255 } ::= { issAclL3FilterEntry 5 } issAclL3FilteAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of IP address used by this classifier entry. While other types of addresses are defined in the InetAddressType textual convention, and DNS names, a classifier can only look at packets on the wire. Therefore, this object is limited to IPv4 and IPv6 addresses." ::= { issAclL3FilterEntry 6 } issAclL3FilterDstIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address to match against the packet's destination IP address. This may not be a DNS name, but may be an IPv4 or IPv6 prefix. issAclL3FilterDstIpAddrPrefixLength indicates the number of bits that are relevant." ::= { issAclL3FilterEntry 7 } issAclL3FilterSrcIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address to match against the packet's source IP address. This may not be a DNS name, but may be an IPv4 or IPv6 prefix. issAclL3FilterSrcIpAddrPrefixLength indicates the number of bits that are relevant." ::= { issAclL3FilterEntry 8 } issAclL3FilterDstIpAddrPrefixLength OBJECT-TYPE SYNTAX InetAddressPrefixLength UNITS "bits" MAX-ACCESS read-create STATUS current DESCRIPTION "The length of the CIDR Prefix carried in issAclL3FilterDstIpAddr. In IPv4 addresses, a length of 0 indicates a match of any address; a length of 32 indicates a match of a single host address, and a length between 0 and 32 indicates the use of a CIDR Prefix. IPv6 is similar, except that prefix lengths range from 0..128." DEFVAL { 0 } ::= { issAclL3FilterEntry 9 } issAclL3FilterSrcIpAddrPrefixLength OBJECT-TYPE SYNTAX InetAddressPrefixLength UNITS "bits" MAX-ACCESS read-create STATUS current DESCRIPTION "The length of the CIDR Prefix carried in issAclL3FilterSrcIpAddr. In IPv4 addresses, a length of 0 indicates a match of any address; a length of 32 indicates a match of a single host address, and a length between 0 and 32 indicates the use of a CIDR Prefix. IPv6 is similar, except that prefix lengths range from 0..128." DEFVAL { 0 } ::= { issAclL3FilterEntry 10 } issAclL3FilterMinDstProtPort OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The minimum port in the destination port range. Please note these ports are the TCP / UDP ports." DEFVAL { 0 } ::= { issAclL3FilterEntry 11 } issAclL3FilterMaxDstProtPort OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum port in the destination port range. Please note these ports are the TCP / UDP ports." DEFVAL { 65535 } ::= { issAclL3FilterEntry 12 } issAclL3FilterMinSrcProtPort OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The minimum port in the source port range. Please note these ports are the TCP / UDP ports." DEFVAL { 0 } ::= { issAclL3FilterEntry 13 } issAclL3FilterMaxSrcProtPort OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum port in the source port range. Please note these ports are the TCP / UDP ports." DEFVAL { 65535 } ::= { issAclL3FilterEntry 14 } issAclL3FilterInPortList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the complete set of ports over which if the packet arrives this filter rule will be applicable. If the incoming port list is '0', the filter rule is applicable for all the incoming ports. By default inport list is maintained as '0'." ::= { issAclL3FilterEntry 15 } issAclL3FilterOutPortList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the complete set of ports over which if the packet goes out, this filter rule will be applicable. If the outgoing port list is '0', the filter rule is applicable for all the outgoing packets in all ports. By default outport list is maintained as '0'." ::= { issAclL3FilterEntry 16 } issAclL3FilterAckBit OBJECT-TYPE SYNTAX INTEGER { establish(1), notEstablish(2), any(3) } MAX-ACCESS read-create STATUS current DESCRIPTION " The TCP ACK bit to be checked against the packet. The default value is 'any'(3). It means that ACK bit will not be checked to decide the action. " DEFVAL { any } ::= { issAclL3FilterEntry 17 } issAclL3FilterRstBit OBJECT-TYPE SYNTAX INTEGER { set(1), notSet(2), any(3) } MAX-ACCESS read-create STATUS current DESCRIPTION " The TCP RST bit to be checked against the packet. The default value is 'any'(3). It means that RST bit will not be checked to decide the action. " DEFVAL { any } ::= { issAclL3FilterEntry 18 } issAclL3FilterTos OBJECT-TYPE SYNTAX Integer32 (-1..7) MAX-ACCESS read-create STATUS current DESCRIPTION " The IP TOS bit to be checked against the packet. This is a single byte integer of which the last three bits (least significant bits) indicate Delay, Throughput and Reliability i.e 'uuuuudtr', u-unused, d-delay, t-throughput, r-reliability. For example '6' indicates low delay and high throughput. A value of '-1' means, the Tos Field becomes dont care" DEFVAL { -1 } ::= { issAclL3FilterEntry 19 } issAclL3FilterDscp OBJECT-TYPE SYNTAX Integer32 (-1..63) MAX-ACCESS read-create STATUS current DESCRIPTION " The IP Dscp value to be checked against the packet. A value of '-1' means, the Dscp Field becomes dont care." DEFVAL { -1 } ::= { issAclL3FilterEntry 20 } issAclL3FilterDirection OBJECT-TYPE SYNTAX INTEGER { in (1), out(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the direction of this filter to be applied. By Default the filter will be applied on ingress direction. When the direction of this filter is 'in', It is applied on specified ports of the issAclL3FilterInPortList. When the direction of this filter is 'out', It is applied on specified ports of the issAclL3FilterOutPortList." DEFVAL { in } ::= { issAclL3FilterEntry 21 } issAclL3FilterAction OBJECT-TYPE SYNTAX INTEGER { allow (1), drop (2), redirect (3), switchandcopytocpu (4), dropandcopytocpu (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the action to be taken on the packet if the filter rule matches. If the action is 'allow', the packet will be sent to the ports in 'out port list'. If the out port list is '0', the port over which the packet is to be switched will be decided based on further processing on the packet. If the action is 'drop', the packet will be discarded. If the action is 'switch-and-copy-to-cpu', packet is switched and a copy of the packet is sent to the CPU. If the action is 'drop-and-copy-to-cpu', packet is not switched but only sent to the CPU." DEFVAL { allow } ::= { issAclL3FilterEntry 22 } issAclL3FilterMatchCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of times this filter is matched." ::= { issAclL3FilterEntry 23 } issAclL3FilterFlowId OBJECT-TYPE SYNTAX Unsigned32 (0..1048575) MAX-ACCESS read-create STATUS current DESCRIPTION "The flow identifier in an IPv6 header." ::= { issAclL3FilterEntry 24 } issAclL3FilterStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry. An entry is created in this table when this object is SET to 'createAndWait'. The entry in this table is used when the status of this object is SET 'active'. The entry in this table is not used when this object is SET 'notInService'. An entry created in this table is be deleted when this object is SET 'destroy'. The entry status will be made 'active' only if either of In/Out PortList or In/Out PortChannelList are configured in case of l3Filter." ::= { issAclL3FilterEntry 25 } issAclL3FilterSubAction OBJECT-TYPE SYNTAX INTEGER { none (0), modifyVlan (1), nestedVlan (2), modifyCVlan (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The action to be taken on the incoming packet on the incoming packet value specified by this object is detailed below - none - no action modifyVlan - Traffic matching ACL rule will have VLAN ID classified/modified to value specified by this object. nestedVlan - Traffic matching ACL rule will have one additional VLAN Tag added to the packet ( on top of existing VLAN tags, if any). modifyCVlan - Traffic matching ACL rule will have Customer VLAN ID classified/modified to value specified by this object. Note - VLANID added is specified by mib object issAclL3FilterSubActionId." DEFVAL { none } ::= { issAclL3FilterEntry 26 } issAclL3FilterSubActionId OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "Id to be used if the object as specified by issAcl3FilterSubAction is either modifyvlan or nestedvlan only. Non-Zero value need to be specify when issAclL3FilterSubAction is modify or Nested Vlan. Value of Zero need to be specify when issAclL3FilterSubAction is none" DEFVAL { 0 } ::= { issAclL3FilterEntry 27 } issAclL3FilterRedirectId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the redirect index associated with L3Filter entry." ::= { issAclL3FilterEntry 28 } issAclL3FilterCreationMode OBJECT-TYPE SYNTAX INTEGER { internal (1), external (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the filter created mode. internal: Indicates filter is created by the system internally. external: Indicates filter is created externally by user configuration. Filter table with the mode 'internal' is readonly, and cannot be deleted by setting 'destroy' to table row status." DEFVAL { external } ::= { issAclL3FilterEntry 29 } issAclL3FilterInPortChannelList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the complete set of port channel interfaces over which the filter is applied for packets arriving at the ports in this list. By default InPortChannel list is '0'." ::= { issAclL3FilterEntry 30 } issAclL3FilterOutPortChannelList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the complete set of portchannel interfaces over which the filter is applied for packets egress at ports in this list. This configuration is applicable only if issAclL3FilterDirection is configured as 'out'. By default the OutPortChannel list is '0'." ::= { issAclL3FilterEntry 31 } issAclL3FilterStatsEnabledStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the status of L3 filter statistics collection. When set as enabled, the number of hits for the specific filter entry is collected and can be verified using the issAclL3FilterMatchCount object. When set as disabled, the number of hits for the filter entry is not collected." DEFVAL { disabled } ::= { issAclL3FilterEntry 32 } issAclClearL3FilterStats OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object clears the hit count of the specific filter. When this object is set as 'true'(1), the hit count for the filter is cleared and the object value is reset to 'false'(2). The get routine for this object always returns 'false'(2)." DEFVAL { false } ::= { issAclL3FilterEntry 33 } ------------------------------------------------------------------------------------------ -- User Defined Filter Table for specifying user defined packet header elements -- Also used for supporting AND/OR/NOT operations on existing ACL rules -- and deriving new user defined ACL rules ------------------------------------------------------------------------------------------ issAclUserDefinedFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF FsIssAclUserDefinedFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table to configure user defined filter rules in the system. This table is used for specifying the user defined packet header elements for application of filter rules. This table could also be used for supporting AND, OR,NOT operations on existing filter rules and deriving new user defined ACL rules." ::= { issAclUserDefinedFilter 1 } issAclUserDefinedFilterEntry OBJECT-TYPE SYNTAX FsIssAclUserDefinedFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Specifies user defined filter entry indexed uniquely by issAclUserDefinedFilterId" INDEX { issAclUserDefinedFilterId } ::= { issAclUserDefinedFilterTable 1 } FsIssAclUserDefinedFilterEntry ::= SEQUENCE { issAclUserDefinedFilterId IndexInteger, issAclUserDefinedFilterPktType INTEGER, issAclUserDefinedFilterOffSetBase Integer32, issAclUserDefinedFilterOffSetValue OCTET STRING, issAclUserDefinedFilterOffSetMask OCTET STRING, issAclUserDefinedFilterPriority Integer32, issAclUserDefinedFilterAction INTEGER, issAclUserDefinedFilterInPortList PortList, issAclUserDefinedFilterIdOneType INTEGER, issAclUserDefinedFilterIdOne Unsigned32, issAclUserDefinedFilterIdTwoType INTEGER, issAclUserDefinedFilterIdTwo Unsigned32, issAclUserDefinedFilterSubAction INTEGER, issAclUserDefinedFilterSubActionId Integer32, issAclUserDefinedFilterRedirectId Integer32, issAclUserDefinedFilterStatus RowStatus, issAclUserDefinedFilterMatchCount Counter32, issAclUserDefinedFilterStatsEnabledStatus EnabledStatus, issAclClearUserDefinedFilterStats TruthValue } issAclUserDefinedFilterId OBJECT-TYPE SYNTAX IndexInteger MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index to uniquely identify the User defined filter table entry." ::= { issAclUserDefinedFilterEntry 1 } issAclUserDefinedFilterPktType OBJECT-TYPE SYNTAX INTEGER { userDef(0), -- user defined packet type ethernet(1), -- ethernet packet ipv4(2), -- packet type is IPv4 ipv6(3), -- packet type is IPv6 ipv4tcp(4), -- packet type is IPv4 TCP ipv6tcp(5), -- packet type is IPv6 TCP ipv4udp(6), -- packet type is IPv4 UDP ipv6udp(7), -- packet type is IPv6 UDP mpls(8), -- packet type is MPLS fragip(9) -- fragmented IPv4/v6 packet } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the type of packet for which packet-filter match needs to be applied on incoming traffic." DEFVAL {0} ::= { issAclUserDefinedFilterEntry 2 } issAclUserDefinedFilterOffSetBase OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the offset base from the start of packet header ( beginning of full packet) for which the match needs to be applied on incoming traffic. A value of 0 indicates Start of L2 Header, value 1 indicates start of L3 Header, value 2 start of L4 Header, value 3 start of IPv6 start header, value 4 start from Ethertype and value 5 indicated start from MPLS Header(minus2). Other value are correctly invlaid and reserved for future use." DEFVAL { 0 } ::= { issAclUserDefinedFilterEntry 3 } issAclUserDefinedFilterOffSetValue OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the offset value for which packet-filter match needs to be applied on incoming traffic. A value of zero indicates that this field is dont-care. The offset value is a contiguous set of 128 bytes from the OffSetBase. For specifying non-contiguous elements in the packet header, the OffSetValue is ANDed with the OffsetMask to result in the appropriate match on non-contiguous elements of the packet header." ::= { issAclUserDefinedFilterEntry 4 } issAclUserDefinedFilterOffSetMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the mask for the offset value. The actual user defined value to be used for matching incoming traffic is obtained after ANDing the OffsetValue and OffsetMask. A value of 0 indicates that this field is dont-care." ::= { issAclUserDefinedFilterEntry 5 } issAclUserDefinedFilterPriority OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS read-write STATUS current DESCRIPTION "The priority of the filter can be used to decide which filter rule is applicable when --> the packet matches with more than one filter rules --> All the filter rules result in 'allow'ing the packet Higher value of 'UserDefined filter priority' implies a higher priority. Usage of 'UserDefinedFilterPriority' is implementation dependant." DEFVAL { 1 } ::= { issAclUserDefinedFilterEntry 6 } issAclUserDefinedFilterAction OBJECT-TYPE SYNTAX INTEGER { allow (1), drop (2), redirect (3), and (4), or (5), not (6) } MAX-ACCESS read-write STATUS current DESCRIPTION "Action value allow/drop/redirect specify the action to be taken on the packet if the filter rule matches. --> If the action is 'allow', the packet will be sent to the ports as specified by issRedirectInterfaceGrpPortList. --> If the action is 'drop', the packet will be discarded. --> If the action is 'redirect', the packet will be switched based on the redirect rule. Action value and/or/not specify the operation that is applied on base access filter rules to derive a new user defined ACL rule. For the below actions, the user defined offset values are not used for packet match. --> and : Apply AND operation on base filter rules identified uniquely by AND to derive new user defined filter rule. --> or : Apply OR operation on base filter rules identified uniquely by AND The FilterAction corresponding to issAclUserDefinedFilterIdOne will be applied on issAclUserDefinedFilterIdTwo. --> not : Apply NOT operation on base filter rule identified uniquely by to derive new user defined filter rule." DEFVAL { allow } ::= { issAclUserDefinedFilterEntry 7 } issAclUserDefinedFilterInPortList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the complete set of ports over which this filter is applied for packets ingress at ports in this list. Filter will be applied in chip when port list is not null. If the In port list is '0', the filter rule will not be installed in hardware. By default inport list is maintained as '0'." ::= { issAclUserDefinedFilterEntry 8 } issAclUserDefinedFilterIdOneType OBJECT-TYPE SYNTAX INTEGER { macbased (1), ipbased (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This Object specifies the type of the Base ACL rule 1 that is used for deriving new ACL rule." ::= { issAclUserDefinedFilterEntry 9 } issAclUserDefinedFilterIdOne OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This Object specifies the ID of the Base ACL rule 1 (MAC-based or IP-based) that is used for deriving new ACL rule." ::= { issAclUserDefinedFilterEntry 10 } issAclUserDefinedFilterIdTwoType OBJECT-TYPE SYNTAX INTEGER { macbased (1) , ipbased (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This Object specifies the type of the Base ACL rule 2 that is used for deriving new ACL rule." ::= { issAclUserDefinedFilterEntry 11 } issAclUserDefinedFilterIdTwo OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This Object specifies the ID of the Base ACL rule 2 (MAC-based or IP-based) that is used for deriving new ACL rule." ::= { issAclUserDefinedFilterEntry 12 } issAclUserDefinedFilterSubAction OBJECT-TYPE SYNTAX INTEGER { none (0), modifyVlan (1), nestedVlan (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The action to be taken on the incoming packet is detailed below - none - no action modifyVlan - Traffic matching ACL rule will have VLAN ID classified/modified to value specified by this object. The direction of VLAN ID modification is determined as follows - nestedVlan - Traffic matching ACL rule will have one additional VLAN Tag added to the packet ( on top of existing VLAN tags, if any). NOte - VLANID added is specified by issAclUserDefinedFilterSubActionId." DEFVAL { none } ::= { issAclUserDefinedFilterEntry 13 } issAclUserDefinedFilterSubActionId OBJECT-TYPE SYNTAX Integer32 (0..4094) MAX-ACCESS read-write STATUS current DESCRIPTION "Id to be used if the object as specified by issAclUserDefinedFilterSubAction is either modifyvlan or nestedvlan only. Non-Zero value need to be specify when issAclUserDefinedFilterSubAction is modify or Nested Vlan. Value of Zero need to be specify when issAclUserDefinedFilterSubAction is none." DEFVAL { 0 } ::= { issAclUserDefinedFilterEntry 14 } issAclUserDefinedFilterRedirectId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the redirect index associated with UserDefinedFilter entry." ::= { issAclUserDefinedFilterEntry 15 } issAclUserDefinedFilterStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry. An entry is created in this table when this object is SET to 'createAndWait'. The entry in this table is used when the status of this object is SET 'active'. The entry in this table is not used when this object is SET 'notInService'. An entry created in this table is be deleted when this object is SET 'destroy'." ::= { issAclUserDefinedFilterEntry 16 } issAclUserDefinedFilterMatchCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the number of times the filter is matched." ::= { issAclUserDefinedFilterEntry 17 } issAclUserDefinedFilterStatsEnabledStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies the status of User Defined filter statistics collection. When set as enabled, the number of hits for the specific filter entry is collected and can be verified using the issAclUserDefinedFilterMatchCount object. When set as disabled, the number of hits for the filter entry is not collected." DEFVAL { disabled } ::= { issAclUserDefinedFilterEntry 18 } issAclClearUserDefinedFilterStats OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object clears the hit count of the specific filter. When this object is set as 'true'(1), the hit count for the filter is cleared and the object value is reset to 'false'(2). The get routine for this object always returns 'false'(2)." DEFVAL { false } ::= { issAclUserDefinedFilterEntry 19 } ---------------------------------------- -- Redirect Interface Group Table ---------------------------------------- issRedirectInterfaceGrpTable OBJECT-TYPE SYNTAX SEQUENCE OF FsRedirectInterfaceGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An interface group is a collection of physical ports ( or ) trunks that are grouped together for distributing traffic received on an ingress interface. Based on the access-list match on an incoming interface, traffic is distributed among the member ports of an interface-group/virtual trunk." ::= { issRedirectInterfaceGrp 1 } issRedirectInterfaceGrpEntry OBJECT-TYPE SYNTAX FsRedirectInterfaceGrpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "There is one entry in this table for each created Interface-Group. An interface-group/virtual trunk is uniquely identified by the object 'issRedirectInterfaceGrpId'." INDEX { issRedirectInterfaceGrpId } ::= { issRedirectInterfaceGrpTable 1 } FsRedirectInterfaceGrpEntry ::= SEQUENCE { issRedirectInterfaceGrpId IndexInteger, issRedirectInterfaceGrpFilterType INTEGER, issRedirectInterfaceGrpFilterId Unsigned32, issRedirectInterfaceGrpDistByte Integer32, issRedirectInterfaceGrpPortList PortList, issRedirectInterfaceGrpType INTEGER, issRedirectInterfaceGrpUdbPosition Integer32, issRedirectInterfaceGrpStatus RowStatus } issRedirectInterfaceGrpId OBJECT-TYPE SYNTAX IndexInteger MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index to the Redirect Interface Group table entry. Uniquely identifies the interface-group." ::= { issRedirectInterfaceGrpEntry 1 } issRedirectInterfaceGrpFilterType OBJECT-TYPE SYNTAX INTEGER { l2filter (0), l3filter (1), userdefined (2) } MAX-ACCESS read-write STATUS current DESCRIPTION " This object specifies the type of the access-control list. The type could take the value 'l2filter' for MAC-based ACLs and 'l3filter' for IP-based ACLs. It takes the value 'userdefined' for filtering based on user-defined filters." ::= { issRedirectInterfaceGrpEntry 2 } issRedirectInterfaceGrpFilterId OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "This Object specifies the ID of the MAC-based, IP-based or UserDefined access control list/filter-rule, the details of which should be matched against the incoming packet. The corresponding ACL/filter-rule can be applied to this Interface Redirect Group only if the following objects are set with values mentioned below - a. 'issAclL2FilterAction'/'issAclL3FilterAction' - redirect." ::= { issRedirectInterfaceGrpEntry 3 } issRedirectInterfaceGrpDistByte OBJECT-TYPE SYNTAX Integer32 (0..140) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the Distribution Byte that needs to be used for deriving the traffic distribution hash-logic for the set of interfaces in the interface-group/virtual-trunk. The output of the hash-logic is an egress interface from amongst the member ports of a virtual trunk. Traffic would get redirected to this egress interface. 'udb' can take any value between (0..128). If srcip is selected, then Source IP in the packet header would be used for distributing traffic. For encapsulated IP packets, inner IP can be used for traffic distribution." ::= { issRedirectInterfaceGrpEntry 4 } issRedirectInterfaceGrpPortList OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-write STATUS current DESCRIPTION "Each octet in this object specifies the IfIndex of a physical interface or manually aggregated trunk.Based on the value specified by issRedirectInterfaceGrpType This PortList specifies either of the below. -> if issRedirectInterfaceGrpType is portList it specifies List of interfaces that comprise the redirect interface-group with Most Significant Bit Represents Lowest Port. -> if issRedirectInterfaceGrpType is port then it specifies Single interface with Least Significant Octets taking up the interface Value ." ::= { issRedirectInterfaceGrpEntry 5 } issRedirectInterfaceGrpType OBJECT-TYPE SYNTAX INTEGER { port (1) , portList (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies whether the redirected interface is a single port or portlist.If the value of this object is port(1) then the redirected interface is a single interface .If the value of this object is portlist(2) then the redirected interface consists of a group of ports." ::= { issRedirectInterfaceGrpEntry 6 } issRedirectInterfaceGrpUdbPosition OBJECT-TYPE SYNTAX Integer32 (0..128) MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the User defined postion of a byte in the packet when the value of the object as specified by issRedirectInterfaceGrpDistByte is udb." DEFVAL { 0 } ::= { issRedirectInterfaceGrpEntry 7 } issRedirectInterfaceGrpStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry. An entry is created in this table when this object is SET to 'createAndWait'. The entry is 'not-ready' when the mandatory parameters are not specified. Following objects are mandatory parameters that need to be set before this object can be SET to 'active' - a. issRedirectInterfaceGrpFilterId b. issRedirectInterfaceGrpPortList The entry in this table is used when the status of this object is SET to 'active'. The entry in this table is not used when this object is SET to 'notInService'. An entry created in this table is deleted when this object is SET to 'destroy'." ::= { issRedirectInterfaceGrpEntry 8 } ------------------------------------------------------------------- --SCALAR OBJECT ------------------------------------------------------------------- issRedirectInterfaceGrpIdNextFree OBJECT-TYPE SYNTAX IndexIntegerNextFree MAX-ACCESS read-only STATUS current DESCRIPTION "This object value the next free index (issRedirectInterfaceGrpId) to be used for creation of redirect interface entry, or a zero to indicate that none exist" ::= { issRedirectIdNextFree 1 } -- Traffic Control Group ------------------------------------------ -- issAclTrafficSeperationCtrl OBJECT-TYPE SYNTAX INTEGER { systemdefault (1), userconfig (2) } MAX-ACCESS read-write STATUS deprecated DESCRIPTION "This object provides control to administrator, to have system default or user defined ACL/QoS rules to carry control traffic to CPU. system-default: ACL/QoS rules for all the control packets will be automatically installed by the ISS software at system init time.Either a 'switch-and-copy-to-cpu'filter (or) 'drop-and-copy-to-cpu' filter will be installed, as appropriate, for getting the control packets to CPU, for processing. user-config: The ACL/QoS rules for receiving all the control packets to CPU for processing, will NOT be automatically installed by the the ISS software.The administrator is expected to install required rules for the control packets as requried. If the configuration is changed from 'systemdefault' to 'userconfig' option, then all the default ACL/QoS rules for carrying protocol control packets to CPU are removed.Then user has to install the specific ACL/QoS rules, to carry the intended control packets to CPU for the processing. If the configuration is changed from 'userconfig' to 'systemdefault', all the default ACL/QoS rules are installed. Already existing(if any) user configured ACL rules in the system are not removed. Above two options can be configured during system runtime. This object is deprecated, corresponding functionality can be realised by issTrafficSeperationCtrl from fsiss.mib" DEFVAL { systemdefault } ::= { issAclTrafficControl 1 } END