FDRY-ACL-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI -- [RFC2578] TEXTUAL-CONVENTION, RowStatus, DisplayString, TruthValue FROM SNMPv2-TC -- [RFC2579] Ipv6Address FROM IPV6-TC -- [RFC2465] fdryAcl FROM FOUNDRY-SN-ROOT-MIB -- [snroo101] FdryVlanIdOrNoneTC FROM FOUNDRY-SN-SWITCH-GROUP-MIB --[snswitchu] ; fdryAclMIB MODULE-IDENTITY LAST-UPDATED "201006020000Z" -- 04 June 2010 ORGANIZATION "Brocade Communications Systems, Inc." CONTACT-INFO "Technical Support Center 130 Holger Way, San Jose, CA 95134 Email: ipsupport@brocade.com Phone: 1-800-752-8061 URL: www.brocade.com" DESCRIPTION "The Brocade proprietary MIB module for Ipv6 Access Control List. It has new tables for Ipv6 Access Control List. Copyright 1996-2010 Brocade Communications Systems, Inc. All rights reserved. This Brocade Communications Systems SNMP Management Information Base Specification embodies Brocade Communications Systems' confidential and proprietary intellectual property. Brocade Communications Systems retains all title and ownership in the Specification, including any revisions. This Specification is supplied AS IS, and Brocade Communications Systems makes no warranty, either express or implied, as to the use, operation, condition, or performance of the specification, and any unintended consequence it may on the user environment." REVISION "201006020000Z" -- 04 June 2010 DESCRIPTION "Changed the ORGANIZATION, CONTACT-INFO and DESCRIPTION fields." REVISION "200802140000Z" -- 14 February 2008 DESCRIPTION "Initial version" ::= { fdryAcl 1 } -- -- Textual Conventions -- RtrStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Represents a status value such as disabled or enabled." SYNTAX INTEGER { disabled(0), enabled (1) } Action ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Represents a action value such as deny or permit." SYNTAX INTEGER { deny(0), permit (1) } Operator ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Represents a operators value, such as equal, not-equal, lesser than, greater than, range and undefined." SYNTAX INTEGER { eq(0), neq (1), lt (2), gt (3), range (4), undefined (7) } IpProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Represents a transport protocol value." SYNTAX Unsigned32 (0..256) -- -- Top level components of this MIB. -- fdryIpv6Acl OBJECT IDENTIFIER ::= { fdryAclMIB 1 } -- -- Ipv6 Access Control List Table -- fdryIpv6AclTable OBJECT-TYPE SYNTAX SEQUENCE OF FdryIpv6AclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of Ipv6 Access Control List filters" ::= { fdryIpv6Acl 1 } fdryIpv6AclEntry OBJECT-TYPE SYNTAX FdryIpv6AclEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the Ipv6 Access Control List filter table." INDEX { fdryIpv6AclIndex } ::= { fdryIpv6AclTable 1 } FdryIpv6AclEntry ::= SEQUENCE { fdryIpv6AclIndex Unsigned32, fdryIpv6AclName DisplayString, fdryIpv6AclAction Action, fdryIpv6AclProtocol IpProtocol, fdryIpv6AclSourceIp Ipv6Address, fdryIpv6AclSourcePrefixLen Unsigned32, fdryIpv6AclSourceOperator Operator, fdryIpv6AclSourceOperand1 Unsigned32, fdryIpv6AclSourceOperand2 Unsigned32, fdryIpv6AclDestinationIp Ipv6Address, fdryIpv6AclDestinationPrefixLen Unsigned32, fdryIpv6AclDestinationOperator Operator, fdryIpv6AclDestinationOperand1 Unsigned32, fdryIpv6AclDestinationOperand2 Unsigned32, fdryIpv6AclEstablished RtrStatus, fdryIpv6AclLogOption TruthValue, fdryIpv6AclComments DisplayString, fdryIpv6AclRowStatus RowStatus, fdryIpv6AclVlanId FdryVlanIdOrNoneTC, fdryIpv6AclClauseString DisplayString } fdryIpv6AclIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The access control list item number for an entry. This is a unique number that identifies different Access list entries. This one has to be unique even though the name is not unique for a give access list with same or different source address, prefix length, destination address and destination prefix length, protocol type, action (permit/deny) type and the operator (neq, eq, gt and , lt)." ::= { fdryIpv6AclEntry 1 } fdryIpv6AclName OBJECT-TYPE SYNTAX DisplayString (SIZE (0..199)) MAX-ACCESS read-create STATUS current DESCRIPTION "Access Control List name for an entry. This object is not writable on NI platforms." ::= { fdryIpv6AclEntry 2 } fdryIpv6AclAction OBJECT-TYPE SYNTAX Action MAX-ACCESS read-create STATUS current DESCRIPTION "Action to take if the ip packet matches with this access control list." ::= { fdryIpv6AclEntry 3 } fdryIpv6AclProtocol OBJECT-TYPE SYNTAX IpProtocol MAX-ACCESS read-create STATUS current DESCRIPTION "Transport protocols. 0 means any protocol." ::= { fdryIpv6AclEntry 4 } fdryIpv6AclSourceIp OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Source Ipv6 address." ::= { fdryIpv6AclEntry 5 } fdryIpv6AclSourcePrefixLen OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "Source IPv6 address prefix length." DEFVAL {64} ::= { fdryIpv6AclEntry 6 } fdryIpv6AclSourceOperator OBJECT-TYPE SYNTAX Operator MAX-ACCESS read-create STATUS current DESCRIPTION "Type of comparison to perform. for now, this only applys to tcp or udp to compare the port number" ::= { fdryIpv6AclEntry 7 } fdryIpv6AclSourceOperand1 OBJECT-TYPE SYNTAX Unsigned32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "For now this only refers to transport protocol port number." ::= { fdryIpv6AclEntry 8 } fdryIpv6AclSourceOperand2 OBJECT-TYPE SYNTAX Unsigned32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "For now this only refers to transport protocol port number." ::= { fdryIpv6AclEntry 9 } fdryIpv6AclDestinationIp OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Destination Ipv6 address." ::= { fdryIpv6AclEntry 10 } fdryIpv6AclDestinationPrefixLen OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "Destination IPv6 address prefix length." DEFVAL {64} ::= { fdryIpv6AclEntry 11 } fdryIpv6AclDestinationOperator OBJECT-TYPE SYNTAX Operator MAX-ACCESS read-create STATUS current DESCRIPTION "Type of comparison to perform. for now, this only applys to tcp or udp to compare the port number" ::= { fdryIpv6AclEntry 12 } fdryIpv6AclDestinationOperand1 OBJECT-TYPE SYNTAX Unsigned32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "For now this only refers to transport protocol port number." ::= { fdryIpv6AclEntry 13 } fdryIpv6AclDestinationOperand2 OBJECT-TYPE SYNTAX Unsigned32(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "For now this only refers to transport protocol port number." ::= { fdryIpv6AclEntry 14 } fdryIpv6AclEstablished OBJECT-TYPE SYNTAX RtrStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Enable/Disable the filtering of established TCP packets of which the ACK or RESET flag is on. This additional filter only applies to TCP transport protocol." ::= { fdryIpv6AclEntry 15 } fdryIpv6AclLogOption OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Log flag, should be set to one to enable logging" ::= { fdryIpv6AclEntry 16 } fdryIpv6AclComments OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "Remark description of individual Access Control List entry." ::= { fdryIpv6AclEntry 17 } fdryIpv6AclRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "To create or delete a access list entry." ::= { fdryIpv6AclEntry 18 } fdryIpv6AclVlanId OBJECT-TYPE SYNTAX FdryVlanIdOrNoneTC MAX-ACCESS read-create STATUS current DESCRIPTION "Optional VLAN ID to match against that of the incoming packet. By default, the VLAN ID field is ignored during the match. In this case, value 0 is returned." DEFVAL { 0 } ::= { fdryIpv6AclEntry 19 } fdryIpv6AclClauseString OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Returns the equivalent filter clause string." ::= { fdryIpv6AclEntry 20 } brcdIpv6AccessListTable OBJECT-TYPE SYNTAX SEQUENCE OF BrcdIpv6AccessListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of Ipv6 Access Control List. This table only supports IPv6 ACLs with name length less than or equal to 110 characters SNMP walk operation will skip the entries if the IPv6 ACL name is greater than 110 characters." ::= { fdryIpv6Acl 2 } brcdIpv6AccessListEntry OBJECT-TYPE SYNTAX BrcdIpv6AccessListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the Ipv6 Access Control List table." INDEX { IMPLIED brcdIpv6AccessListName } ::= { brcdIpv6AccessListTable 1 } BrcdIpv6AccessListEntry ::= SEQUENCE { brcdIpv6AccessListName DisplayString, brcdIpv6AccessListNextIndex Unsigned32, brcdIpv6AccessListRowStatus RowStatus } brcdIpv6AccessListName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..110)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Name of the IPv6 Access Control List. From SNMP the length of the IPv6 ACL name is restricted to 110 characters although from CLI it can be 200 characters, due to SNMP restriction on sub OID length to be 128 for Index objects. SNMP get/getnext will skip the IPv6 ACLs with more than 110 characters in it. SNMP set request will be rejected if the IPv6 ACL name length is more than 110 characters." ::= { brcdIpv6AccessListEntry 1 } brcdIpv6AccessListNextIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "When read provides the encoded Index - combination of IPv6 ACL id and next available filter id - which can be used as index while creating access list filter entry in the fdryIpv6AclTable." ::= { brcdIpv6AccessListEntry 2 } brcdIpv6AccessListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "To create or delete a Ipv6 access list entry. The supported values are createAndGo(4) to create an entry in this table and destroy(6) to delete an entry from this table. Value of active(1) will be always returned for SNMP Get/GetNext operations." ::= { brcdIpv6AccessListEntry 3 } END