-- ----------------------------------------------------------------------------- -- MIB NAME : Access Control List(ACL) Common mib -- FILE NAME: ACL.mib -- DATE : 2010/12/21 -- VERSION : 2.15 -- PURPOSE : To construct the MIB structure of Access Control List -- for proprietary enterprise -- ----------------------------------------------------------------------------- -- MODIFICTION HISTORY: -- ----------------------------------------------------------------------------- -- Version, Date, Author -- Description: -- [New Object] -- [Modification] -- Notes: (Requested by who and which project) -- -- Version 2.15, 2010/12/21, Marco Visaya -- Description -- 1. remove value range of swACLPktContMaskOption2OffsetsValue -- Requested by Marco Visaya for project DES3200 -- -- Version 2.14, 2009/03/18, Marco Visaya -- Description -- 1. add swACLPktContMaskOption2 -- 2. add swACLPktContRuleOption2 -- 3. add swACLEthernetVlanMask -- 4. add swACLIpVlanMask -- Requested by Marco Visaya for project DES3200 -- -- Version 2.13, 2009/01/05, Oran Tang -- Description: -- 1.add swACLEtherRuleMatchVID in swACLEtherRuleTable -- 2.add swACLIpRuleMatchVID in swACLIpRuleTable -- 3.add swCpuAclEtherRuleMatchVID in swCpuAclEtherRuleTable -- 4.add swCpuAclIpRuleMatchVID in swCpuAclIpRuleTable -- for config the VLAN-ID which has the access rule. -- 5.modify the description of swACLEtherRuleVlan -- 6.modify the description of swACLEtherRuleVID -- 7.modify the description of swACLIpRuleVlan -- 8.modify the description of swACLIpRuleVID -- 9.modify the description of swCpuAclEtherRuleVlan -- 10.modify the description of swCpuAclIpRuleVlan -- Requested by Oran Tang for project DGS3700. -- -- Revision 2.12 2008/12/26 by Ronald Hsu, Yedda Liao -- Description: -- 1.Add 'arp-spoofing(11)' and 'bpdu-tunnel(12)' in the value list of objects swACLEthernetOwner, -- swACLIpOwner, swACLPktContMaskOwner, swACLIpv6MaskOwner, swACLEtherRuleOwner, swACLIpRuleOwner, -- swACLPktContRuleOwner and swACLIpv6RuleOwner. -- For arp spoofing and bpdu tunnel function, we need to add the two types of the owner on these objects. -- 2.Add 'pppoe(10)','arp-spoofing(11)' and 'bpdu-tunnel(12)' in the value list of objects -- swACLPktContMaskOptionOwner,swACLPktContRuleOptionOwner. -- For PPPoE circuit ID insertion, ARP spoofing and BPDU tunnel functions, we need to add the three types -- of the owner on these objects. -- -- Revision 2.11 2008/11/21 by Ronald Hsu -- 1.Add 'set-drop-precedence(5)' in the value list of object swACLEtherRulePermit, -- swACLIpRulePermit, swACLPktContRulePermit, swACLIpv6RulePermit. -- -- Revision 2.10 2008/10/16 by Ronald Hsu -- Description: -- 1.Add pppoe(10) in the value list of objects swACLEthernetOwner, swACLIpOwner, swACLPktContMaskOwner, -- swACLIpv6MaskOwner, swACLEtherRuleOwner, swACLIpRuleOwner, swACLPktContRuleOwner and swACLIpv6RuleOwner. -- Requested by project DES3500. -- -- Version 2.09, 2008/05/05, Bonnnie -- Description: -- 1.add ismvlan(8) and dhcp-relay(9) in the value list of objects swACLEthernetOwner,swACLIpOwner,swACLPktContMaskOwner, -- swACLIpv6MaskOwner, swACLPktContMaskOptionOwner,swACLEtherRuleOwner,swACLIpRuleOwner,swACLPktContRuleOwner, -- swACLIpv6RuleOwner and swACLPktContRuleOptionOwner. -- Requested by Bonnnie cheng for project DHS3628. -- -- Version 2.08, 2008/04/18, Marco -- Description: -- [New Object] -- [Modification] -- 1. change range of the ff nodes to include case node is not active: -- swACLEtherRule8021P -- swACLIpRuleDscp -- swAclIpRuleType -- swAclIpRuleCode -- swACLIpRuleSrcPort -- swACLIpRuleDstPort -- swACLIpRuleProtoID -- swCpuAclEtherRule8021P -- swCpuAclIpRuleDscp -- swCpuAclIpRuleType -- swCpuAclIpRuleCode -- swCpuAclIpRuleSrcPort -- swCpuAclIpRuleDstPort -- swCpuAclIpRuleProtoID -- removed *replaceprioritywith objects -- Requested by Marco Visaya for project DES30XXP. -- -- Version 2.07, 2008/04/11, Marco -- Description: -- [New Object] -- 1. Added swACLEtherRuleReplacePriorityWith -- 2. Added swACLIPRuleReplacePriorityWith -- [Modification] -- 1. Remove the range of xxxProfileID, and xxxRxRate. The maximum value of the objects depend on the device. -- Requested by Marco Visaya for project DES30XXP. -- -- -- Version 2.06, 2008/04/02, Kelvin -- Description: -- [New Object] -- 1.add objects swACLIpv6MaskUseProtoType, swACLIpv6MaskTcpOption, swACLIpv6MaskUdpOption -- swACLIpv6MaskTCPorUDPSrcPortMask, swACLIpv6MaskTCPorUDPDstPortMask in swACLIpv6MaskTable. -- 2.add objects swACLIpv6RuleProtocol, swACLIpv6RuleSrcPort, swACLIpv6RuleDstPort in swACLIpv6RuleTable. -- Requested by Kelvin Tao for project DGS3700. -- -- Version 2.05, 2008/02/20, Kelvin -- Description: -- [New Object] -- 1.add objects swACLEtherRuleVID in swACLEtherRuleTable. -- 2.add objects swACLIpRuleVID in swACLIpRuleTable. -- 3.add objects swACLPktContRuleVID in swACLPktContRuleTable. -- 4.add objects swACLIpv6RuleVID in swACLIpv6RuleTable. -- 5.add objects swACLPktContRuleOptionVID in swACLPktContRuleOptionTable. -- Requested by Kelvin Tao for project DGS3700. -- -- Version 2.04, 2008/01/15, Yan -- Description: -- [New Object] -- 1.add objects swACLEtherRuleEnableReplaceTosPrecedence, swACLEtherRuleRepTosPrecedence in swACLEtherRuleTable. -- 2.add objects swACLIpRuleEnableReplaceTosPrecedence, swACLIpRuleRepTosPrecedence in swACLIpRuleTable. -- 3.add objects swACLPktContRuleEnableReplaceTosPrecedence, swACLPktContRuleRepTosPrecedence in swACLPktContRuleTable. -- 4.add objects swACLIpv6RuleEnableReplaceDscp, swACLIpv6RuleRepDscp, swACLIpv6RuleEnableReplaceTosPrecedence and -- swACLIpv6RuleRepTosPrecedence in swACLIpv6RuleTable. -- 5.add objects swACLPktContRuleOptionEnableReplaceTosPrecedence, swACLPktContRuleOptionRepTosPrecedence in -- swACLPktContRuleOptionTable. -- Requested by Yan Zhang for project DES35XX. -- -- Version 2.03, 2007/12/27 by Ronald Hsu -- 1.Add 'lease-renew(4)' in the value list of object swACLPktContRulePermit. -- Requested by Ronald Hsu for project DES3828R4. -- -- Version 2.02, 2007/12/18, Jenny -- Description: -- [New Object] -- 1.add object swACLPktContMaskOptionProfileName in swACLPktContMaskOptionTable. -- 2.add object swACLIpv6MaskProfileName in swACLIpv6MaskTable. -- 3.add object swACLIpProfileName in swACLIpTable. -- 4.add object swACLEthernetProfileName in swACLEthernetTable. -- 5.add object swACLPktContMaskProfileName in swACLPktContMaskTable. -- Requested by Jenny for project DES35XX. -- -- Version 2.01, 2007/05/15, Yan -- Description: -- [Modification] -- 1. add Value List remark-dscp(4) of object swAclMeterActionForRateExceed, change the access -- of objects swAclMeterRate and swAclMeterActionForRateExceed from read-write to read-create for CLI. -- 2. change the access of object swACLIpRuleProtocol from read-only to read-write for supporting -- the new chip of project DGS3600R2. -- [New Object] -- 1. add objects swACLIpSrcMacAddrMask, swACLIpRuleSrcMacAddress for supporting the lab-out project DGS3400R2. -- 2. add tables swACLCounterTable, swACLPktContMaskOptionTable and swACLPktContRuleOptionTable for CLI. -- 3. add read-only objects swACLTotalUsedRuleEntries, swACLTotalUnusedRuleEntries, swACLEthernetUnusedRuleEntries, -- swACLIpUnusedRuleEntries, swACLPktContMaskUnusedRuleEntries, swACLIpv6MaskUnusedRuleEntries for CLI. -- 4. add objects swCpuAclEtherRuleEtherPort, swCpuAclIpRulePort, swCpuAclPktContRulePort, swCpuAclIpv6RulePort for CLI. -- 5. add object swCpuACLMaskDelAllState for supporting the lab-out project DGS3400R2. -- 6. add objects swAclMeterRemarkDscp, swAclMeterBurstSize, swAclMeterMode, swAclMeterTrtcmCir, swAclMeterTrtcmCbs, -- swAclMeterTrtcmPir, swAclMeterTrtcmPbs, swAclMeterTrtcmColorMode, swAclMeterTrtcmConformState, swAclMeterTrtcmConformReplaceDscp, -- swAclMeterTrtcmConformCounterState, swAclMeterTrtcmExceedState, swAclMeterTrtcmExceedReplaceDscp, swAclMeterTrtcmExceedCounterState, -- swAclMeterTrtcmViolateState, swAclMeterTrtcmViolateReplaceDscp, swAclMeterTrtcmViolateCounterState, swAclMeterSrtcmCir, -- swAclMeterSrtcmCbs, swAclMeterSrtcmEbs, swAclMeterSrtcmColorMode, swAclMeterSrtcmConformState, swAclMeterSrtcmConformReplaceDscp, -- swAclMeterSrtcmConformCounterState, swAclMeterSrtcmExceedState, swAclMeterSrtcmExceedReplaceDscp, swAclMeterSrtcmExceedCounterState, -- swAclMeterSrtcmViolateState, swAclMeterSrtcmViolateReplaceDscp, swAclMeterSrtcmViolateCounterState, swAclMeterRowStatus for CLI. -- 7. add objects swACLEtherRuleRxRate, swACLIpRuleRxRate, swACLPktContRuleRxRate, swACLIpv6RuleRxRate for supporting -- the older CLI Command, and these objects could be used for some projects. -- 8. add swIBPACLEthernetTable, swIBPACLIpTable, swIBPACLEtherRuleTable, swIBPACLIpRuleTable for keeping the OID -- of lab-out project DGS3400R2, but these objects can not be used for other project, so the status is obsolete. -- Requested by Yan for DGS3600R2. -- -- Version 2.00, 2007/03/27, Yedda -- This is the first formal version for universal MIB definition. -- ----------------------------------------------------------------------------- ACLMGMT-MIB DEFINITIONS ::= BEGIN IMPORTS Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE, MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32 FROM SNMPv2-SMI MacAddress, RowStatus FROM SNMPv2-TC DisplayString FROM RFC1213-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB dlink-common-mgmt FROM DLINK-ID-REC-MIB; swAclMgmtMIB MODULE-IDENTITY LAST-UPDATED "0903180000Z" ORGANIZATION "D-Link Corp." CONTACT-INFO "http://support.dlink.com" DESCRIPTION "The structure of Access Control List information for the proprietary enterprise." ::= { dlink-common-mgmt 9 } PortList ::= OCTET STRING(SIZE (0..127)) swAclCtrl OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 } swAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 } swAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 3 } swCpuAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 4 } swCpuAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 5 } swAclMeteringMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 6 } -- ----------------------------------------------------------------------------- -- Textual Conventions -- ----------------------------------------------------------------------------- -- This definition may be excluded if IPv6 Supported Ipv6Address ::= TEXTUAL-CONVENTION DISPLAY-HINT "2x:" STATUS current DESCRIPTION "This data type is used to model IPv6 addresses. This is a binary string of 16 octets in network byte-order." SYNTAX OCTET STRING (SIZE (16)) -- ----------------------------------------------------------------------------- -- swAclCtrl -- ----------------------------------------------------------------------------- swCpuInterfacefilterState OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable CPU Interface Filtering (also called Software ACL). The default is disabled. If enabled, the filtering entries in the swAclRuleMgmt tables will be set to active if its RuleSwAclState is enabled. If disabled, the software ACL function will be disabled." ::={ swAclCtrl 1} swACLTotalUsedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of used ACL rule entries." ::={ swAclCtrl 2} swACLTotalUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of unused ACL rule entries." ::={ swAclCtrl 3} -- ----------------------------------------------------------------------------- -- swACLEthernetTable -- ----------------------------------------------------------------------------- swACLEthernetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains ACL mask Ethernet information. The access profile will be created on the switch to define which part of each incoming frame's layer 2 header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 1 } swACLEthernetEntry OBJECT-TYPE SYNTAX SwACLEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL for Ethernet." INDEX { swACLEthernetProfileID } ::= { swACLEthernetTable 1 } SwACLEthernetEntry ::= SEQUENCE { swACLEthernetProfileID INTEGER, -- swACLEthernetPort -- PortList, swACLEthernetUsevlan INTEGER, swACLEthernetMacAddrMaskState INTEGER, swACLEthernetSrcMacAddrMask MacAddress, swACLEthernetDstMacAddrMask MacAddress, swACLEthernetUse8021p INTEGER, swACLEthernetUseEthernetType INTEGER, swACLEthernetRowStatus RowStatus, swACLEthernetOwner INTEGER, swACLEthernetUnusedRuleEntries INTEGER, swACLEthernetProfileName DisplayString, swACLEthernetVlanMask OCTET STRING } swACLEthernetProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the ACL mask entry unique to the mask list. The maximum value of this object depends on the device." ::= { swACLEthernetEntry 1 } -- swACLEthernetPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLEthernetEntry 2 } swACLEthernetUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine the VLAN part of each packet header." ::= { swACLEthernetEntry 2 } swACLEthernetMacAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-mac-addr(2), src-mac-addr(3), dst-src-mac-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the MAC address mask. other (1) - Neither source MAC address nor destination MAC address are masked. dst-mac-addr (2) - Destination MAC addresses within received frames are to be filtered when matched with the MAC address entry for the table. src-mac-addr (3) - Source MAC addresses within received frames are to be filtered when matched with the MAC address entry for the table. dst-src-mac-addr (4) - Source or destination MAC addresses within received frames are to be filtered when matched with the MAC address entry of the table." ::= { swACLEthernetEntry 3 } swACLEthernetSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the MAC address mask for the source MAC address." ::= { swACLEthernetEntry 4 } swACLEthernetDstMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the MAC address mask for the destination MAC address." ::= { swACLEthernetEntry 5 } swACLEthernetUse8021p OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the 802.1p priority value in the frame's header or not." ::= { swACLEthernetEntry 6 } swACLEthernetUseEthernetType OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the Ethernet type value in each frame's header or not." ::= { swACLEthernetEntry 7 } swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLEthernetEntry 8 } swACLEthernetOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLEthernetEntry 9 } swACLEthernetUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries of this Ethernet profile entry." ::={ swACLEthernetEntry 10} swACLEthernetProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLEthernetEntry 11 } swACLEthernetVlanMask OBJECT-TYPE SYNTAX OCTET STRING(SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask used for the VLAN ID. Valid values are from 0x0000 to 0x0FFF. Default value is 0x0FFF " ::= { swACLEthernetEntry 12 } -- ----------------------------------------------------------------------------- -- swACLIpTable -- ----------------------------------------------------------------------------- swACLIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the ACL mask for IP information. Access profiles will be created on the switch to define which part of the incoming frame's IP layer packet header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 2 } swACLIpEntry OBJECT-TYPE SYNTAX SwACLIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL of the IP Layer." INDEX { swACLIpProfileID } ::= { swACLIpTable 1 } SwACLIpEntry ::= SEQUENCE { swACLIpProfileID INTEGER, -- swACLIpPort -- PortList, swACLIpUsevlan INTEGER, swACLIpIpAddrMaskState INTEGER, swACLIpSrcIpAddrMask IpAddress, swACLIpDstIpAddrMask IpAddress, swACLIpUseDSCP INTEGER, swACLIpUseProtoType INTEGER, swACLIpIcmpOption INTEGER, swACLIpIgmpOption INTEGER, swACLIpTcpOption INTEGER, swACLIpUdpOption INTEGER, swACLIpTCPorUDPSrcPortMask OCTET STRING, swACLIpTCPorUDPDstPortMask OCTET STRING, swACLIpTCPFlagBit INTEGER, swACLIpTCPFlagBitMask INTEGER, swACLIpProtoIDOption INTEGER, swACLIpProtoID INTEGER, swACLIpProtoIDMask OCTET STRING, swACLIpRowStatus RowStatus, swACLIpOwner INTEGER, swACLIpSrcMacAddrMask MacAddress, swACLIpUnusedRuleEntries INTEGER, swACLIpProfileName DisplayString, swACLIpVlanMask OCTET STRING } swACLIpProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLIpEntry 1 } -- swACLIpPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLIpEntry 2 } swACLIpUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the IP layer VLAN part is examined or not." ::= { swACLIpEntry 2 } swACLIpIpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ip-addr(2), src-ip-addr(3), dst-src-ip-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of IP address mask. other (1) - Neither source IP address nor destination IP address are masked. dst-ip-addr (2) - Destination IP addresses within received frames are to be filtered when matched with the IP address entry of the table. src-ip-addr (3) - Source IP addresses within received frames are to be filtered when matched with the IP address entry of the table. dst-src-ip-addr (4) - Destination or source IP addresses within received frames are to be filtered when matched with the IP address entry of the table." ::= { swACLIpEntry 3 } swACLIpSrcIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address mask for the source IP address." ::= { swACLIpEntry 4 } swACLIpDstIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address mask for the destination IP address." ::= { swACLIpEntry 5 } swACLIpUseDSCP OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the DSCP protocol in the packet header is to be examined or not." ::= { swACLIpEntry 6 } swACLIpUseProtoType OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "That object indicates which protocol will be examined." ::= { swACLIpEntry 7 } swACLIpIcmpOption OBJECT-TYPE SYNTAX INTEGER { none(1), type(2), code(3), type-code(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which fields are defined for ICMP. none (1)- Both fields are null. type (2)- Type field identified. code (3)- Code field identified. type-code (4)- Both ICMP fields identified. " ::= { swACLIpEntry 8 } swACLIpIgmpOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates if the IGMP options field is identified or not." ::= { swACLIpEntry 9 } swACLIpTcpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the filtered address of TCP. other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swACLIpEntry 10 } swACLIpUdpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the filtered address of UDP . other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swACLIpEntry 11 } swACLIpTCPorUDPSrcPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the source port if swACLIpUseProtoType is TCP Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP. " ::= { swACLIpEntry 12 } swACLIpTCPorUDPDstPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the destination port if swACLIpUseProtoType is TCP Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP." ::= { swACLIpEntry 13 } swACLIpTCPFlagBit OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP connection flag mask." ::= { swACLIpEntry 14 } swACLIpTCPFlagBitMask OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offer. The value is a sum of flag bits. This sum initially takes the value zero. Then, for each flag, L, is added in the range 1 through 6, for which this node performs transactions where 2^(L-1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example, if you want to enable urg bit and ack bit, you should set value 48{2^(5-1) + 2^(6-1)}." ::= { swACLIpEntry 15 } swACLIpProtoIDOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine each frame's protocol ID field or not." ::= { swACLIpEntry 16 } swACLIpProtoID OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID behind the IP header." ::= { swACLIpEntry 17 } swACLIpProtoIDMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the mask options behind the IP header." ::= { swACLIpEntry 18 } swACLIpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpEntry 19 } swACLIpOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example, IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLIpEntry 20 } swACLIpSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the MAC address mask for the source MAC address." ::= { swACLIpEntry 21 } swACLIpUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries this IP profile entry." ::={ swACLIpEntry 22} swACLIpProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLIpEntry 23 } swACLIpVlanMask OBJECT-TYPE SYNTAX OCTET STRING(SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask used for the VLAN ID. Valid values are from 0x0000 to 0x0FFF. Default value is 0x0FFF. " ::= { swACLIpEntry 24 } -- ----------------------------------------------------------------------------- -- swACLPktContMaskTable -- ----------------------------------------------------------------------------- swACLPktContMaskTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the ACL mask for user-defined information. An access profile will be created on the switch to define which part of each incoming frame's user-defined part of the packet header will be examined by switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 3 } swACLPktContMaskEntry OBJECT-TYPE SYNTAX SwACLPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about user-defined ACLs." INDEX { swACLPktContMaskProfileID } ::= { swACLPktContMaskTable 1 } SwACLPktContMaskEntry ::= SEQUENCE { swACLPktContMaskProfileID INTEGER, -- swACLPktContMaskPort -- PortList, swACLPktContMaskOffset0to15 OCTET STRING, swACLPktContMaskOffset16to31 OCTET STRING, swACLPktContMaskOffset32to47 OCTET STRING, swACLPktContMaskOffset48to63 OCTET STRING, swACLPktContMaskOffset64to79 OCTET STRING, swACLPktContMaskRowStatus RowStatus, swACLPktContMaskOwner INTEGER, swACLPktContMaskUnusedRuleEntries INTEGER, swACLPktContMaskProfileName DisplayString } swACLPktContMaskProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLPktContMaskEntry 1 } -- swACLPktContMaskPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLPktContMaskEntry 2 } swACLPktContMaskOffset0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset0to15) and the mask options." ::= { swACLPktContMaskEntry 2 } swACLPktContMaskOffset16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset16to31) and the mask options." ::= { swACLPktContMaskEntry 3 } swACLPktContMaskOffset32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset32to47) and the mask options." ::= { swACLPktContMaskEntry 4 } swACLPktContMaskOffset48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset48to63) and the mask options." ::= { swACLPktContMaskEntry 5 } swACLPktContMaskOffset64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset64to79) and the mask options." ::= { swACLPktContMaskEntry 6 } swACLPktContMaskRowStatus OBJECT-TYPE --swACLEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContMaskEntry 7 } swACLPktContMaskOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example, IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLPktContMaskEntry 8 } swACLPktContMaskUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries of this IP profile entry." ::={ swACLPktContMaskEntry 9} swACLPktContMaskProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLPktContMaskEntry 10 } -- ----------------------------------------------------------------------------- -- swACLIpv6MaskTable -- ----------------------------------------------------------------------------- swACLIpv6MaskTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpv6MaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined ACL mask information. An access profile will be created on the switch to define which parts of each incoming frame's IPv6 part of the packet header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 4 } swACLIpv6MaskEntry OBJECT-TYPE SYNTAX SwACLIpv6MaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about user-defined ACLs." INDEX { swACLIpv6MaskProfileID } ::= { swACLIpv6MaskTable 1 } SwACLIpv6MaskEntry ::= SEQUENCE { swACLIpv6MaskProfileID INTEGER, -- swACLIpv6MaskPort -- PortList, swACLIpv6MaskClass INTEGER, swACLIpv6MaskFlowlabel INTEGER, swACLIpv6IpAddrMaskState INTEGER, swACLIpv6MaskSrcIpv6Mask Ipv6Address, swACLIpv6MaskDstIpv6Mask Ipv6Address, swACLIpv6MaskRowStatus RowStatus, swACLIpv6MaskOwner INTEGER, swACLIpv6MaskUnusedRuleEntries INTEGER, swACLIpv6MaskProfileName DisplayString, swACLIpv6MaskUseProtoType INTEGER, swACLIpv6MaskTcpOption INTEGER, swACLIpv6MaskUdpOption INTEGER, swACLIpv6MaskTCPorUDPSrcPortMask OCTET STRING, swACLIpv6MaskTCPorUDPDstPortMask OCTET STRING } swACLIpv6MaskProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLIpv6MaskEntry 1 } -- swACLIpv6MaskPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLIpv6MaskEntry 2 } swACLIpv6MaskClass OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 class field and the mask options." ::= { swACLIpv6MaskEntry 2 } swACLIpv6MaskFlowlabel OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 flowlabel field and the mask options." ::= { swACLIpv6MaskEntry 3 } swACLIpv6IpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ipv6-addr(2), src-ipv6-addr(3), dst-src-ipv6-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the IPv6 address mask. other (1) - Neither source IPv6 address nor destination IPv6 address are masked. dst-ipv6-addr (2) - Received frame destination IPv6 address is currently used to be filtered as it meets with the IPv6 address entry of the table. src-ipv6-addr (3) - Received frame source IPv6 address is currently used to be filtered as it meets with the IPv6 address entry of the table. dst-src-ipv6-addr (4) - Received frame destination IPv6 address or source IPv6 address is currently used to be filtered as it meets with the IPv6 address entry of the table." ::= { swACLIpv6MaskEntry 4 } swACLIpv6MaskSrcIpv6Mask OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the Source IPv6 address and the mask options. This should be a 16 byte octet string." ::= { swACLIpv6MaskEntry 5 } swACLIpv6MaskDstIpv6Mask OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the Destination IPv6 address and the mask options. This should be a 16 byte octet string." ::= { swACLIpv6MaskEntry 6 } swACLIpv6MaskRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpv6MaskEntry 7 } swACLIpv6MaskOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example, IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLIpv6MaskEntry 8 } swACLIpv6MaskUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries of this IP profile entry." ::={ swACLIpv6MaskEntry 9} swACLIpv6MaskProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLIpv6MaskEntry 10 } swACLIpv6MaskUseProtoType OBJECT-TYPE SYNTAX INTEGER { none(1), tcp(2), udp(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "That object indicates which protocol will be examined." ::= { swACLIpv6MaskEntry 11 } swACLIpv6MaskTcpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the filtered address of TCP. other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swACLIpv6MaskEntry 12 } swACLIpv6MaskUdpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the filtered address of UDP. other (1) - Neither source port nor destination port is masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swACLIpv6MaskEntry 13 } swACLIpv6MaskTCPorUDPSrcPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the source port if swACLIpv6MaskUseProtoType is TCP Specifies a UDP port mask for the source port if swACLIpv6MaskUseProtoType is UDP. " ::= { swACLIpv6MaskEntry 14 } swACLIpv6MaskTCPorUDPDstPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the destination port if swACLIpv6MaskUseProtoType is TCP Specifies a UDP port mask for the destination port if swACLIpv6MaskUseProtoType is UDP." ::= { swACLIpv6MaskEntry 15 } -- ----------------------------------------------------------------------------- -- swACLMaskDelAllState -- ----------------------------------------------------------------------------- swACLMaskDelAllState OBJECT-TYPE SYNTAX INTEGER{ none(1), start(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to delete all ACL masks." ::= { swAclMaskMgmt 5 } -- ----------------------------------------------------------------------------- --swIBPACLEthernetTable -- ----------------------------------------------------------------------------- swIBPACLEthernetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwIBPACLEthernetEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This table contains IP-MAC-Binding ACL mask Ethernet information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's layer 2 header part the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 6 } swIBPACLEthernetEntry OBJECT-TYPE SYNTAX SwIBPACLEthernetEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "A list of information about the Ethernet ACL." INDEX { swIBPACLEthernetProfileID } ::= { swIBPACLEthernetTable 1 } SwIBPACLEthernetEntry ::= SEQUENCE { swIBPACLEthernetProfileID INTEGER, swIBPACLEthernetUseEthernetType INTEGER } swIBPACLEthernetProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device." ::= { swIBPACLEthernetEntry 1 } swIBPACLEthernetUseEthernetType OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies if the switch will examine the Ethernet type value in each frame's header or not." ::= { swIBPACLEthernetEntry 2 } -- ----------------------------------------------------------------------------- --swIBPACLIpTable -- ----------------------------------------------------------------------------- swIBPACLIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SwIBPACLIpEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This table contains IP-MAC-Binding IP ACL mask information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's IP layer part of the header the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 7 } swIBPACLIpEntry OBJECT-TYPE SYNTAX SwIBPACLIpEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "A list of information about the IP layer of the ACL." INDEX { swIBPACLIpProfileID } ::= { swIBPACLIpTable 1 } SwIBPACLIpEntry ::= SEQUENCE { swIBPACLIpProfileID INTEGER, swIBPACLIpSrcMacAddrMask MacAddress, swIBPACLIpSrcIpAddrMask IpAddress } swIBPACLIpProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device." ::= { swIBPACLIpEntry 1 } swIBPACLIpSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "This object specifies the MAC address mask for the source MAC address." ::= { swIBPACLIpEntry 2 } swIBPACLIpSrcIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "This object specifies IP address masks for the source IP address." ::= { swIBPACLIpEntry 3 } -- ----------------------------------------------------------------------------- -- swACLPktContMaskOptionTable -- ----------------------------------------------------------------------------- swACLPktContMaskOptionTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContMaskOptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the ACL mask for user-defined option information. An access profile will be created on the switch to define which part of each incoming frame's user-defined part of the packet header will be examined by switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 8 } swACLPktContMaskOptionEntry OBJECT-TYPE SYNTAX SwACLPktContMaskOptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the user-defined ACL." INDEX { swACLPktContMaskOptionProfileID } ::= { swACLPktContMaskOptionTable 1 } SwACLPktContMaskOptionEntry ::= SEQUENCE { swACLPktContMaskOptionProfileID INTEGER, swACLPktContMaskOffsetChunk1State INTEGER, swACLPktContMaskOffsetChunk1OffsetValue INTEGER, swACLPktContMaskOffsetChunk1Mask OCTET STRING, swACLPktContMaskOffsetChunk2State INTEGER, swACLPktContMaskOffsetChunk2OffsetValue INTEGER, swACLPktContMaskOffsetChunk2Mask OCTET STRING, swACLPktContMaskOffsetChunk3State INTEGER, swACLPktContMaskOffsetChunk3OffsetValue INTEGER, swACLPktContMaskOffsetChunk3Mask OCTET STRING, swACLPktContMaskOffsetChunk4State INTEGER, swACLPktContMaskOffsetChunk4OffsetValue INTEGER, swACLPktContMaskOffsetChunk4Mask OCTET STRING, swACLPktContMaskOptionRowStatus RowStatus, swACLPktContMaskOptionOwner INTEGER, swACLPktContMaskOptionUnusedRuleEntries INTEGER, swACLPktContMaskOptionProfileName DisplayString } swACLPktContMaskOptionProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, unique to the mask list. The maximum value of this object depends on the device." ::= { swACLPktContMaskOptionEntry 1 } swACLPktContMaskOffsetChunk1State OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the state of chunk1." ::= { swACLPktContMaskOptionEntry 2 } swACLPktContMaskOffsetChunk1OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content offset of chunk1." ::= { swACLPktContMaskOptionEntry 3 } swACLPktContMaskOffsetChunk1Mask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content mask of chunk1." ::= { swACLPktContMaskOptionEntry 4 } swACLPktContMaskOffsetChunk2State OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the state of chunk2." ::= { swACLPktContMaskOptionEntry 5 } swACLPktContMaskOffsetChunk2OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content offset of chunk2." ::= { swACLPktContMaskOptionEntry 6 } swACLPktContMaskOffsetChunk2Mask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content mask of chunk2." ::= { swACLPktContMaskOptionEntry 7 } swACLPktContMaskOffsetChunk3State OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the state of chunk3." ::= { swACLPktContMaskOptionEntry 8 } swACLPktContMaskOffsetChunk3OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content offset of chunk3." ::= { swACLPktContMaskOptionEntry 9 } swACLPktContMaskOffsetChunk3Mask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content mask of chunk3." ::= { swACLPktContMaskOptionEntry 10 } swACLPktContMaskOffsetChunk4State OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the state of chunk4." ::= { swACLPktContMaskOptionEntry 11 } swACLPktContMaskOffsetChunk4OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content offset of chunk4." ::= { swACLPktContMaskOptionEntry 12 } swACLPktContMaskOffsetChunk4Mask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content mask of chunk4." ::= { swACLPktContMaskOptionEntry 13 } swACLPktContMaskOptionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContMaskOptionEntry 14 } swACLPktContMaskOptionOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example, IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLPktContMaskOptionEntry 15 } swACLPktContMaskOptionUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries of this IP profile entry." ::={ swACLPktContMaskOptionEntry 16} swACLPktContMaskOptionProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLPktContMaskOptionEntry 17 } -- ----------------------------------------------------------------------------- -- swACLPktContMaskOption2 -- ----------------------------------------------------------------------------- swACLPktContMaskOption2 OBJECT IDENTIFIER ::= { swAclMaskMgmt 10 } -- ----------------------------------------------------------------------------- -- swACLPktContMaskOption2Table -- ----------------------------------------------------------------------------- swACLPktContMaskOption2Table OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContMaskOption2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the ACL mask for user-defined option 2 information. An access profile will be created on the switch to define which part of each incoming frame's user-defined part of the packet header will be examined by switch. Masks entered will be combined with the values the switch finds in the specified frame header fields. To create a packet content field with respect to an offset, an entry in the swACLPktContMaskOption2OffsetsTable must be created first. On row creation, all entries in the corresponding profile defined in the swACLPktContMaskOption2OffsetsTable will be associated to the profile mask. If any rule is using the profile mask the entries cannot be modified. " ::= { swACLPktContMaskOption2 1 } swACLPktContMaskOption2Entry OBJECT-TYPE SYNTAX SwACLPktContMaskOption2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the user-defined ACL." INDEX { swACLPktContMaskOption2ProfileID } ::= { swACLPktContMaskOption2Table 1 } SwACLPktContMaskOption2Entry ::= SEQUENCE { swACLPktContMaskOption2ProfileID INTEGER, swACLPktContMaskOption2SrcMac MacAddress, swACLPktContMaskOption2DstMac MacAddress, swACLPktContMaskOption2CTag OCTET STRING, swACLPktContMaskOption2STag OCTET STRING, swACLPktContMaskOption2Owner INTEGER, swACLPktContMaskOption2UnusedRuleEntries INTEGER, swACLPktContMaskOption2ProfileName DisplayString, swACLPktContMaskOption2RowStatus RowStatus } swACLPktContMaskOption2ProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, unique to the mask list. The maximum value of this object depends on the device." ::= { swACLPktContMaskOption2Entry 1 } swACLPktContMaskOption2SrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the mask for source MAC address" ::= { swACLPktContMaskOption2Entry 2 } swACLPktContMaskOption2DstMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the mask for destination MAC address" ::= { swACLPktContMaskOption2Entry 3 } swACLPktContMaskOption2CTag OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the mask for customer VLAN tag, valid values are only from 0x0000 to 0xFFFF." ::= { swACLPktContMaskOption2Entry 4 } swACLPktContMaskOption2STag OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the mask for service VLAN tag, valid values are only from 0x0000 to 0xFFFF." ::= { swACLPktContMaskOption2Entry 5 } swACLPktContMaskOption2Owner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example, IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLPktContMaskOption2Entry 6 } swACLPktContMaskOption2UnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries of this IP profile entry." ::={ swACLPktContMaskOption2Entry 7 } swACLPktContMaskOption2ProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLPktContMaskOption2Entry 8 } swACLPktContMaskOption2RowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContMaskOption2Entry 9 } -- ----------------------------------------------------------------------------- -- swACLPktContMaskOption2OffsetsTable -- ----------------------------------------------------------------------------- swACLPktContMaskOption2OffsetsTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContMaskOption2OffsetsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the ACL masks for the individual packet content offset user-defined option 2 information. Entries created in this table will not set into the TCAM until a valid entry in the swACLPktContMaskOption2Table is created. If any rule is using the profile mask the entries cannot be modified. ." ::= { swACLPktContMaskOption2 2 } swACLPktContMaskOption2OffsetsEntry OBJECT-TYPE SYNTAX SwACLPktContMaskOption2OffsetsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the individual offsets for user-defined ACL." INDEX { swACLPktContMaskOption2OffsetsProfileID,swACLPktContMaskOption2OffsetsNum } ::= { swACLPktContMaskOption2OffsetsTable 1 } SwACLPktContMaskOption2OffsetsEntry ::= SEQUENCE { swACLPktContMaskOption2OffsetsProfileID INTEGER, swACLPktContMaskOption2OffsetsNum INTEGER, swACLPktContMaskOption2OffsetsReference INTEGER, swACLPktContMaskOption2OffsetsValue INTEGER, swACLPktContMaskOption2OffsetsMask OCTET STRING, swACLPktContMaskOption2OffsetsRowStatus RowStatus } swACLPktContMaskOption2OffsetsProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, unique to the mask list. This is the profile id to which this packet content field entry will be associated to. " ::= { swACLPktContMaskOption2OffsetsEntry 1 } swACLPktContMaskOption2OffsetsNum OBJECT-TYPE SYNTAX INTEGER (1..11) MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the offset number with respect to the profile." ::= { swACLPktContMaskOption2OffsetsEntry 2 } swACLPktContMaskOption2OffsetsReference OBJECT-TYPE SYNTAX INTEGER{ l2(1), l3(2), l4(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the reference of the offset. L2 - The offset will start counting from the byte after the end of the VLAN tags (start of ether type) L3 - The offset will start counting right after the ether type field. The packet must have a valid L2 header and a recognizeable ether type in order to be recognized. L4 - The offset will start counting right after the end of ip header. The packet must have a valid IP header in order to be recognized. " ::= { swACLPktContMaskOption2OffsetsEntry 3 } swACLPktContMaskOption2OffsetsValue OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the amount of bytes from the reference to the packet content field" ::= { swACLPktContMaskOption2OffsetsEntry 4 } swACLPktContMaskOption2OffsetsMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the mask for the packet content field" ::= { swACLPktContMaskOption2OffsetsEntry 5 } swACLPktContMaskOption2OffsetsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContMaskOption2OffsetsEntry 6 } -- ----------------------------------------------------------------------------- -- swACLEtherRuleTable -- ----------------------------------------------------------------------------- swACLEtherRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains Ethernet ACL information." ::= { swAclRuleMgmt 1 } swACLEtherRuleEntry OBJECT-TYPE SYNTAX SwACLEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL rule of the layer 2 part of each packet." INDEX { swACLEtherRuleProfileID,swACLEtherRuleAccessID } ::= { swACLEtherRuleTable 1 } SwACLEtherRuleEntry ::= SEQUENCE { swACLEtherRuleProfileID INTEGER, swACLEtherRuleAccessID INTEGER, swACLEtherRuleVlan SnmpAdminString, swACLEtherRuleSrcMacAddress MacAddress, swACLEtherRuleDstMacAddress MacAddress, swACLEtherRule8021P INTEGER, swACLEtherRuleEtherType OCTET STRING, swACLEtherRuleEnablePriority INTEGER, swACLEtherRulePriority INTEGER, swACLEtherRuleReplacePriority INTEGER, swACLEtherRuleEnableReplaceDscp INTEGER, swACLEtherRuleRepDscp INTEGER, swACLEtherRulePermit INTEGER, swACLEtherRulePort -- INTEGER, PortList, -- swACLEtherRuleSwAclState -- INTEGER, swACLEtherRuleRowStatus RowStatus, swACLEtherRuleOwner INTEGER, swACLEtherRuleRxRate INTEGER, swACLEtherRuleEnableReplaceTosPrecedence INTEGER, swACLEtherRuleRepTosPrecedence INTEGER, swACLEtherRuleVID INTEGER, swACLEtherRuleMatchVID INTEGER, swACLEtherRuleMaskVlan OCTET STRING, swACLEtherRuleMaskSrcMacAddress MacAddress, swACLEtherRuleMaskDstMacAddress MacAddress } swACLEtherRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLEtherRuleEntry 1 } swACLEtherRuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the the ACL rule entry relates to the swACLEtherRuleProfileID. When row creation is set to 0, assignment of an Access ID for ports is automatic and the swACLEtherRulePort creates Rule entries for the swACLEtherRulePort accordingly. When set from 1 to 65535, an access ID will be created for the swACLEtherRulePort. The swACLEtherRulePort must be set to one port only otherwise the row creation will fail. " ::= { swACLEtherRuleEntry 2 } swACLEtherRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to the packet with the VLAN ID indexed by this VLAN name." ::= { swACLEtherRuleEntry 3 } swACLEtherRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply to only packets with this source MAC address." ::= { swACLEtherRuleEntry 4 } swACLEtherRuleDstMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply to only packets with this destination MAC address." ::= { swACLEtherRuleEntry 5 } swACLEtherRule8021P OBJECT-TYPE SYNTAX INTEGER(-1..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this 802.1p priority value. A value of -1 indicates that this node is not actively used." ::= { swACLEtherRuleEntry 6 } swACLEtherRuleEtherType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this hexadecimal 802.1Q Ethernet type value in the packet header." ::= { swACLEtherRuleEntry 7 } swACLEtherRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with priority value." ::= { swACLEtherRuleEntry 8 } swACLEtherRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the priority will be changed in packets while the swACLEtherRuleEnablePriority is enabled ." ::= { swACLEtherRuleEntry 9 } swACLEtherRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile 802.1p priority tag field or not ." ::= { swACLEtherRuleEntry 10 } swACLEtherRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile DSCP field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLEtherRuleEntry 11 } swACLEtherRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLEtherRuleEntry 12 } swACLEtherRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2), mirror(3), set-drop-precedence(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets matching the access profile are permitted to be forwarded by the switch. deny - Specifies that packets matching the access profile are not permitted to be forwarded by the switch and will be filtered. mirror - Specifies that packets matching the access profile are copied to the mirror port. Note : The ACL mirror function will start functioning after mirror has been enabled and the mirror port has been configured. set-drop-precedence - Specifies that packets that matching the access profile are set to drop precedence." ::= { swACLEtherRuleEntry 13 } swACLEtherRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s). This object and swACLEtherRuleVID can not be set together." ::= { swACLEtherRuleEntry 14 } -- swACLEtherRuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to the software ACL state." -- ::= { swACLEtherRuleEntry 15 } swACLEtherRuleRowStatus OBJECT-TYPE --swACLEtherRuleState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLEtherRuleEntry 15 } swACLEtherRuleOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL rule entry. Only owners can modify this entry." ::= { swACLEtherRuleEntry 16 } swACLEtherRuleRxRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rx rate, 0 denotes no_limit. The maximum value of this object depends on the device." ::= { swACLEtherRuleEntry 17 } swACLEtherRuleEnableReplaceTosPrecedence OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile ToS precedence field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLEtherRuleEntry 18 } swACLEtherRuleRepTosPrecedence OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the ToS precedence field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the ToS precedence field of the packet." ::= { swACLEtherRuleEntry 19 } swACLEtherRuleVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the VLAN-based ACL rule. There are two conditions: 1. this rule will apply to all the ports; 2. packets must belong to this VLAN. This object and swACLEtherRulePort can not be set together. When you set swACLEtherRulePort, the value of this object will automatically change to 0. And this object can not be set to 0." ::= { swACLEtherRuleEntry 20 } swACLEtherRuleMatchVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this VLAN ID. It is applied to the specified ports configured by swACLEtherRulePort." ::= { swACLEtherRuleEntry 21 } swACLEtherRuleMaskVlan OBJECT-TYPE SYNTAX OCTET STRING(SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask for the VLAN field as defined in swACLEtherRuleVlan object. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. " ::= { swACLEtherRuleEntry 22 } swACLEtherRuleMaskSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask for the source MAC addres field as defined in swACLEtherRuleSrcMacAddress object. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. " ::= { swACLEtherRuleEntry 23 } swACLEtherRuleMaskDstMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask for the destination MAC addres field as defined in swACLEtherRuleDstMacAddress object. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. " ::= { swACLEtherRuleEntry 24 } -- ----------------------------------------------------------------------------- -- swACLIpRuleTable -- ----------------------------------------------------------------------------- swACLIpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { swAclRuleMgmt 2 } swACLIpRuleEntry OBJECT-TYPE SYNTAX SwACLIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { swACLIpRuleProfileID , swACLIpRuleAccessID } ::= { swACLIpRuleTable 1 } SwACLIpRuleEntry ::= SEQUENCE { swACLIpRuleProfileID INTEGER, swACLIpRuleAccessID INTEGER, swACLIpRuleVlan SnmpAdminString, swACLIpRuleSrcIpaddress IpAddress, swACLIpRuleDstIpaddress IpAddress, swACLIpRuleDscp INTEGER, swACLIpRuleProtocol INTEGER, swACLIpRuleType INTEGER, swACLIpRuleCode INTEGER, swACLIpRuleSrcPort INTEGER, swACLIpRuleDstPort INTEGER, swACLIpRuleFlagBits INTEGER, swACLIpRuleProtoID INTEGER, swACLIpRuleUserMask OCTET STRING, swACLIpRuleEnablePriority INTEGER, swACLIpRulePriority INTEGER, swACLIpRuleReplacePriority INTEGER, swACLIpRuleEnableReplaceDscp INTEGER, swACLIpRuleRepDscp INTEGER, swACLIpRulePermit INTEGER, swACLIpRulePort -- INTEGER, PortList, -- swACLIpRuleSwAclState -- INTEGER, swACLIpRuleRowStatus RowStatus, swACLIpRuleOwner INTEGER, swACLIpRuleRxRate INTEGER, swACLIpRuleSrcMacAddress MacAddress, swACLIpRuleEnableReplaceTosPrecedence INTEGER, swACLIpRuleRepTosPrecedence INTEGER, swACLIpRuleVID INTEGER, swACLIpRuleMatchVID INTEGER, swACLIpRuleMaskVlan OCTET STRING, swACLIpRuleMaskSrcIpaddress IpAddress, swACLIpRuleMaskDstIpaddress IpAddress, swACLIpRuleMaskSrcPort OCTET STRING, swACLIpRuleMaskDstPort OCTET STRING } swACLIpRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLIpRuleEntry 1 } swACLIpRuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the ACL rule entry relates to swACLIPRuleProfileID. Row creation set to 0 indicates automatic assignment of the Access ID for the ports in the swACLIpRulePort to create Rule entries for swACLIpRulePort accordingly. Set to 1-65535 causes creation of an access ID for the swACLIpRulePort. The swACLIpRulePort must be set to one port only otherwise the row creation will fail." ::= { swACLIpRuleEntry 2 } swACLIpRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to packets with the VLAN ID indexed by this VLAN name." ::= { swACLIpRuleEntry 3 } swACLIpRuleSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies an IP source address." ::= { swACLIpRuleEntry 4 } swACLIpRuleDstIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies an IP destination address." ::= { swACLIpRuleEntry 5 } swACLIpRuleDscp OBJECT-TYPE SYNTAX INTEGER(-1..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the value of DSCP. The value can be configured from 0 to 63. A value of -1 indicates that this node is not actively used." ::= { swACLIpRuleEntry 6 } swACLIpRuleProtocol OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the IP protocol. For some older chips, this object can not be set. When getting this object, it always returns the type which has been configured in swACLIpEntry. For some newer chips, this object can only set the type which has been configured in swACLIpEntry. The default value is none (1). " ::= { swACLIpRuleEntry 7 } swACLIpRuleType OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the value of ICMP type traffic. A value of -1 denotes that this object is not active." ::= { swACLIpRuleEntry 8 } swACLIpRuleCode OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the value of ICMP code traffic. A value of -1 denotes that this object is not active." ::= { swACLIpRuleEntry 9 } swACLIpRuleSrcPort OBJECT-TYPE SYNTAX INTEGER(-1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the range of the TCP/UDP source ports. A value of -1 indicates that this node is not actively used." ::= { swACLIpRuleEntry 10 } swACLIpRuleDstPort OBJECT-TYPE SYNTAX INTEGER(-1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the TCP/UDP destination port range. A value of -1 indicates that this node is not actively used." ::= { swACLIpRuleEntry 11 } swACLIpRuleFlagBits OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offer. The value is a sum of flag bits. This sum initially takes the value zero. Then, for each flag, L is added in the range 1 through 6, for which this node performs transactions, where 2^(L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example, it you want to enable urg bit and ack bit, you should set value 48{2^(5-1) + 2^(6-1)}." ::= { swACLIpRuleEntry 12 } swACLIpRuleProtoID OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the value of IP protocol ID traffic. A value of -1 indicates that this node is not actively used." ::= { swACLIpRuleEntry 13 } swACLIpRuleUserMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the range of options behind the IP header." ::= { swACLIpRuleEntry 14 } swACLIpRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this priority value." ::= { swACLIpRuleEntry 15 } swACLIpRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the priority will change in packets while the swACLIpRuleEnablePriority is enabled." ::= { swACLIpRuleEntry 16 } swACLIpRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies whether the packets that match the access profile will change the 802.1p priority tag field by the switch or not." ::= { swACLIpRuleEntry 17 } swACLIpRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile DSCP field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLIpRuleEntry 18 } swACLIpRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLIpRuleEntry 19 } swACLIpRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2), mirror(3), set-drop-precedence(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets matching the access profile are permitted to be forwarded by the switch. deny - Specifies that packets matching the access profile are not permitted to be forwarded by the switch and will be filtered. mirror - Specifies the packets matching the access profile are copied to the mirror port. Note : The ACL mirror function will work after the mirror is enabled and the mirror port has been configured. set-drop-precedence - Specifies the packets that match the access profile are set to drop precedence." ::= { swACLIpRuleEntry 20 } swACLIpRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s). This object and swACLIpRuleVID can not be set together. " ::= { swACLIpRuleEntry 21 } -- swACLIpRuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to the software ACL state." -- ::= { swACLIpRuleEntry 22 } swACLIpRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpRuleEntry 22 } swACLIpRuleOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL rule entry. Only owners can modify this entry." ::= { swACLIpRuleEntry 23 } swACLIpRuleRxRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device." ::= { swACLIpRuleEntry 24 } swACLIpRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies that the access will only apply to packets with this source MAC address." ::= { swACLIpRuleEntry 25 } swACLIpRuleEnableReplaceTosPrecedence OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile ToS precedence field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLIpRuleEntry 26 } swACLIpRuleRepTosPrecedence OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the ToS precedence field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the ToS precedence field of the packet." ::= { swACLIpRuleEntry 27 } swACLIpRuleVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the VLAN-based rule. There are two conditions: 1. this rule will apply to all the ports; 2. packets must belong to this VLAN. This object and swACLIpRulePort can not be set together. When you set swACLIpRulePort, the value of this object will automatically change to 0. And this object can not be set 0." ::= { swACLIpRuleEntry 28 } swACLIpRuleMatchVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this VLAN ID. It is applied to the specified ports configured by swACLIpRulePort." ::= { swACLIpRuleEntry 29 } swACLIpRuleMaskVlan OBJECT-TYPE SYNTAX OCTET STRING(SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask for the VLAN as defined in swACLIpRuleVlan object. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. This object is writeable only once. " ::= { swACLIpRuleEntry 30 } swACLIpRuleMaskSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask for the source IP address as defined in swACLIpRuleSrcIpaddress object. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. This object is writeable only once. " ::= { swACLIpRuleEntry 31 } swACLIpRuleMaskDstIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask for the destination IP address as defined in swACLIpRuleMaskDstIpaddress object. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. This object is writeable only once. " ::= { swACLIpRuleEntry 32 } swACLIpRuleMaskSrcPort OBJECT-TYPE SYNTAX OCTET STRING(SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask for the L4 source port as defined in swACLIpRuleSrcPort object. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. This object is writeable only once. " ::= { swACLIpRuleEntry 33 } swACLIpRuleMaskDstPort OBJECT-TYPE SYNTAX OCTET STRING(SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask for the L4 destination port as defined in swACLIpRuleDstPort object. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. This object is writeable only once. " ::= { swACLIpRuleEntry 34 } -- ----------------------------------------------------------------------------- -- swACLPktContRuleTable -- ----------------------------------------------------------------------------- swACLPktContRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains ACL rules regarding user-defined information." ::= { swAclRuleMgmt 3 } swACLPktContRuleEntry OBJECT-TYPE SYNTAX SwACLPktContRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL rule of the user-defined part of each packet." INDEX { swACLPktContRuleProfileID,swACLPktContRuleAccessID } ::= { swACLPktContRuleTable 1 } SwACLPktContRuleEntry ::= SEQUENCE { swACLPktContRuleProfileID INTEGER, swACLPktContRuleAccessID INTEGER, swACLPktContRuleOffset0to15 OCTET STRING, swACLPktContRuleOffset16to31 OCTET STRING, swACLPktContRuleOffset32to47 OCTET STRING, swACLPktContRuleOffset48to63 OCTET STRING, swACLPktContRuleOffset64to79 OCTET STRING, swACLPktContRuleEnablePriority INTEGER, swACLPktContRulePriority INTEGER, swACLPktContRuleReplacePriority INTEGER, swACLPktContRuleEnableReplaceDscp INTEGER, swACLPktContRuleRepDscp INTEGER, swACLPktContRulePermit INTEGER, swACLPktContRulePort -- INTEGER, PortList, -- swACLPktContRuleSwAclState -- INTEGER, swACLPktContRuleRowStatus RowStatus, swACLPktContRuleOwner INTEGER, swACLPktContRuleRxRate INTEGER, swACLPktContRuleEnableReplaceTosPrecedence INTEGER, swACLPktContRuleRepTosPrecedence INTEGER, swACLPktContRuleVID INTEGER } swACLPktContRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLPktContRuleEntry 1 } swACLPktContRuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID. When row creation is set to 0, an access ID is automatically created for the ports in the swACLPktContRulePort to create rule entries for swACLPktContRulePort accordingly. Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID for the swACLPktContRulePort. The swACLPktContRulePort must be set to one port only, otherwise the row creation will fail." ::= { swACLPktContRuleEntry 2 } swACLPktContRuleOffset0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swACLPktContRuleEntry 3 } swACLPktContRuleOffset16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swACLPktContRuleEntry 4 } swACLPktContRuleOffset32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swACLPktContRuleEntry 5 } swACLPktContRuleOffset48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swACLPktContRuleEntry 6 } swACLPktContRuleOffset64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swACLPktContRuleEntry 7 } swACLPktContRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this priority value." ::= { swACLPktContRuleEntry 8 } swACLPktContRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the priority will change for the packets while the swACLPktContRuleReplacePriority is enabled ." ::= { swACLPktContRuleEntry 9 } swACLPktContRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile 802.1p priority tag or not." ::= { swACLPktContRuleEntry 10 } swACLPktContRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile DSCP field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLPktContRuleEntry 11 } swACLPktContRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLPktContRuleEntry 12 } swACLPktContRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2), mirror(3), lease-renew(4), set-drop-precedence(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets matching the access profile are permitted to be forwarded by the switch. deny - Specifies that packets matching the access profile are not permitted to be forwarded by the switch and will be filtered. mirror - Specifies that the packets matching the access profile are copied to the mirror port. Note : The ACL mirror function will function after mirror is enabled and a mirror port has been configured. lease-renew - Specifies the packets matching the access profile are copied to the CPU. Note : After a user enables the port's lease-renew state, all kinds of DHCP packets (including unicast and broadcast DHCP packets) will be copied to the CPU (using user ACL mask and rule). set-drop-precedence - Specifies that packets matching the access profile are set to drop precedence." ::= { swACLPktContRuleEntry 13 } swACLPktContRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s). This object and swACLPktContRuleVID can not be set together. " ::= { swACLPktContRuleEntry 14 } -- swACLPktContRuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to the software ACL state." -- ::= { swACLPktContRuleEntry 15 } swACLPktContRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContRuleEntry 15 } swACLPktContRuleOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL rule entry. Only owners can modify this entry." ::= { swACLPktContRuleEntry 16 } swACLPktContRuleRxRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device." ::= { swACLPktContRuleEntry 17 } swACLPktContRuleEnableReplaceTosPrecedence OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile ToS precedence field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLPktContRuleEntry 18 } swACLPktContRuleRepTosPrecedence OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the ToS precedence field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the ToS precedence field of the packet." ::= { swACLPktContRuleEntry 19 } swACLPktContRuleVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies this rule only applies to the specified VLAN. There are two conditions: 1.only the portlist that belongs to this VLAN will be included; 2.packets must belong to this VLAN. This object and swACLPktContRulePort can not be set together. When you set swACLPktContRulePort, the value of this object will automatically change to 0. And this object can not be set 0." ::= { swACLPktContRuleEntry 20 } -- ----------------------------------------------------------------------------- -- swACLIpv6RuleTable -- ----------------------------------------------------------------------------- swACLIpv6RuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpv6RuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the IPv6 ACL rule information." ::= { swAclRuleMgmt 4 } swACLIpv6RuleEntry OBJECT-TYPE SYNTAX SwACLIpv6RuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL rules regarding the IPv6 part of each packet." INDEX { swACLIpv6RuleProfileID,swACLIpv6RuleAccessID } ::= { swACLIpv6RuleTable 1 } SwACLIpv6RuleEntry ::= SEQUENCE { swACLIpv6RuleProfileID INTEGER, swACLIpv6RuleAccessID INTEGER, swACLIpv6RuleClass INTEGER, swACLIpv6RuleFlowlabel OCTET STRING, swACLIpv6RuleSrcIpv6Addr Ipv6Address, swACLIpv6RuleDstIpv6Addr Ipv6Address, swACLIpv6RuleEnablePriority INTEGER, swACLIpv6RulePriority INTEGER, swACLIpv6RuleReplacePriority INTEGER, swACLIpv6RulePermit INTEGER, swACLIpv6RulePort -- INTEGER, PortList, -- swACLIpv6RuleSwAclState -- INTEGER, swACLIpv6RuleRowStatus RowStatus, swACLIpv6RuleOwner INTEGER, swACLIpv6RuleRxRate INTEGER, swACLIpv6RuleEnableReplaceDscp INTEGER, swACLIpv6RuleRepDscp INTEGER, swACLIpv6RuleEnableReplaceTosPrecedence INTEGER, swACLIpv6RuleRepTosPrecedence INTEGER, swACLIpv6RuleVID INTEGER, swACLIpv6RuleProtocol INTEGER, swACLIpv6RuleSrcPort INTEGER, swACLIpv6RuleDstPort INTEGER, swACLIpv6RuleMaskSrcIpv6Addr Ipv6Address, swACLIpv6RuleMaskDstIpv6Addr Ipv6Address, swACLIpv6RuleMaskSrcPort OCTET STRING, swACLIpv6RuleMaskDstPort OCTET STRING } swACLIpv6RuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLIpv6RuleEntry 1 } swACLIpv6RuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry relates to swACLIpv6RuleProfileID. When row creation is set to 0, this indicates the access ID will be assigned automatically for the ports in the swACLIpv6RulePort to create rule entries for swACLIpv6RulePort accordingly. Set to 1-65535 indicates creation of an access ID for the swACLIpv6RulePort. The swACLIpv6RulePort must be set to one port only, otherwise the row creation will fail." ::= { swACLIpv6RuleEntry 2 } swACLIpv6RuleClass OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 class field." ::= { swACLIpv6RuleEntry 3 } swACLIpv6RuleFlowlabel OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 flow label field." ::= { swACLIpv6RuleEntry 4 } swACLIpv6RuleSrcIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the source IPv6 address. This should be a 16 byte octet string." ::= { swACLIpv6RuleEntry 5 } swACLIpv6RuleDstIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the destination IPv6 address. This should be a 16 byte octet string." ::= { swACLIpv6RuleEntry 6 } swACLIpv6RuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with priority value." ::= { swACLIpv6RuleEntry 7 } swACLIpv6RulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the priority will change in packets while the swACLIpv6RuleReplacePriority is enabled." ::= { swACLIpv6RuleEntry 8 } swACLIpv6RuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile 802.1p priority tag or not." ::= { swACLIpv6RuleEntry 9 } swACLIpv6RulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2), mirror(3), set-drop-precedence(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets matching the access profile are permitted to be forwarded by the switch. deny - Specifies that packets matching the access profile are not permitted to be forwarded by the switch and will be filtered. mirror - Specifies that the packets matching the access profile are copied to the mirror port. Note : The ACL mirror function will function after mirror has been enabled and a mirror port has been configured. set-drop-precedence - Specifies the packets matching the access profile are set to drop precedence." ::= { swACLIpv6RuleEntry 10 } swACLIpv6RulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to port(s). This object and swACLIpv6RuleVID can not be set together. " ::= { swACLIpv6RuleEntry 11 } -- swACLIpv6RuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to the software ACL state." -- ::= { swACLIpv6RuleEntry 13 } swACLIpv6RuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpv6RuleEntry 12 } swACLIpv6RuleOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL rule entry. Only owners can modify this entry." ::= { swACLIpv6RuleEntry 13 } swACLIpv6RuleRxRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device." ::= { swACLIpv6RuleEntry 14 } swACLIpv6RuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile DSCP field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLIpv6RuleEntry 15 } swACLIpv6RuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLIpv6RuleEntry 16 } swACLIpv6RuleEnableReplaceTosPrecedence OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile ToS precedence field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLIpv6RuleEntry 17 } swACLIpv6RuleRepTosPrecedence OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the ToS precedence field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the ToS precedence field of the packet." ::= { swACLIpv6RuleEntry 18 } swACLIpv6RuleVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies this rule only applies to the specified VLAN. There are two conditions: 1.only the portlist that belongs to this VLAN will be included; 2.packets must belong to this VLAN. This object and swACLIpv6RulePort can not be set together. When you set swACLIpv6RulePort, the value of this object will automatically change to 0. And this object can not be set 0." ::= { swACLIpv6RuleEntry 19 } swACLIpv6RuleProtocol OBJECT-TYPE SYNTAX INTEGER { none(1), tcp(2), udp(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the IPv6 protocol. For some older chips, this object can not be set. When getting this object, it always returns the type which has been configured in swACLIpv6Entry. For some newer chips, this object can only set the type which has been configured in swACLIpv6Entry. The default value is none (1). " ::= { swACLIpv6RuleEntry 20 } swACLIpv6RuleSrcPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the range of the TCP/UDP source ports." ::= { swACLIpv6RuleEntry 21 } swACLIpv6RuleDstPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the TCP/UDP destination ports range." ::= { swACLIpv6RuleEntry 22 } swACLIpv6RuleMaskSrcIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the per rule mask of swACLIpv6RuleSrcIpv6Addr. This should be a 16 byte octet string. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. This object is writeable only once. " ::= { swACLIpv6RuleEntry 23 } swACLIpv6RuleMaskDstIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the destination IPv6 address. This should be a 16 byte octet string." ::= { swACLIpv6RuleEntry 24 } swACLIpv6RuleMaskSrcPort OBJECT-TYPE SYNTAX OCTET STRING(SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the per rule mask of swACLIpv6RuleSrcPort. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. This object is writeable only once. " ::= { swACLIpv6RuleEntry 25 } swACLIpv6RuleMaskDstPort OBJECT-TYPE SYNTAX OCTET STRING(SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask of swACLIpv6RuleDstPort. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. This object is writeable only once. " ::= { swACLIpv6RuleEntry 26 } -- ----------------------------------------------------------------------------- --swIBPACLEtherRuleTable -- ----------------------------------------------------------------------------- swIBPACLEtherRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwIBPACLEtherRuleEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This table contains IP-MAC-Binding Ethernet ACL Rule information." ::= { swAclRuleMgmt 5 } swIBPACLEtherRuleEntry OBJECT-TYPE SYNTAX SwIBPACLEtherRuleEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "A list of information about the ACL rule of the layer 2 part of each packet." INDEX { swIBPACLEtherRuleProfileID,swIBPACLEtherRuleAccessID } ::= { swIBPACLEtherRuleTable 1 } SwIBPACLEtherRuleEntry ::= SEQUENCE { swIBPACLEtherRuleProfileID INTEGER, swIBPACLEtherRuleAccessID INTEGER, swIBPACLEtherRuleEtherType OCTET STRING, swIBPACLEtherRulePermit INTEGER, swIBPACLEtherRulePort PortList } swIBPACLEtherRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device." ::= { swIBPACLEtherRuleEntry 1 } swIBPACLEtherRuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL rule entry in relation to swACLEtherRuleProfileID. When row creation is set to 0, this indicates automatically assigning an Access for the ports in the swACLEtherRulePort to create rule entries for swACLEtherRulePort accordingly. Set to 1-65535 indicates to create the exact access ID for the swACLEtherRulePort and the swACLEtherRulePort must set one port only, otherwise the row creation will fail." ::= { swIBPACLEtherRuleEntry 2 } swIBPACLEtherRuleEtherType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies that the access rule will apply only to packets with this 802.1Q Ethernet type value in the packet header." ::= { swIBPACLEtherRuleEntry 3 } swIBPACLEtherRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-only STATUS obsolete DESCRIPTION "This object indicates if the result of the examination is 'permit' or 'deny'. The default is 'permit' (1). permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swIBPACLEtherRuleEntry 4 } swIBPACLEtherRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swIBPACLEtherRuleEntry 5 } -- ----------------------------------------------------------------------------- --swIBPACLIpRuleTable -- ----------------------------------------------------------------------------- swIBPACLIpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwIBPACLIpRuleEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "" ::= { swAclRuleMgmt 6 } swIBPACLIpRuleEntry OBJECT-TYPE SYNTAX SwIBPACLIpRuleEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "" INDEX { swIBPACLIpRuleProfileID , swIBPACLIpRuleAccessID } ::= { swIBPACLIpRuleTable 1 } SwIBPACLIpRuleEntry ::= SEQUENCE { swIBPACLIpRuleProfileID INTEGER, swIBPACLIpRuleAccessID INTEGER, swIBPACLIpRuleSrcMacAddress MacAddress, swIBPACLIpRuleSrcIpaddress IpAddress, swIBPACLIpRulePermit INTEGER, swIBPACLIpRulePort PortList } swIBPACLIpRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device." ::= { swIBPACLIpRuleEntry 1 } swIBPACLIpRuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only --read-create STATUS obsolete DESCRIPTION "The ID of the ACL rule entry in relation to swACLIPRuleProfileID. When the row creation is set to 0, this indicates assigning an access ID automatically for the ports in the swACLIpRulePort to create rule entries for swACLIpRulePort accordingly. Set to 1-65535 indicates to create the exact access ID for the swACLIpRulePort and the swACLIpRulePort must be set for one port only, otherwise the row creation will fail." ::= { swIBPACLIpRuleEntry 2 } swIBPACLIpRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies that the access rule will apply to only packets with this source MAC address." ::= { swIBPACLIpRuleEntry 3 } swIBPACLIpRuleSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies an IP source address." ::= { swIBPACLIpRuleEntry 4 } swIBPACLIpRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-only STATUS obsolete DESCRIPTION "This object indicates if the result of the examination is 'permit' or 'deny'; the default is 'permit' (1) permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swIBPACLIpRuleEntry 5 } swIBPACLIpRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swIBPACLIpRuleEntry 6 } -- ----------------------------------------------------------------------------- --swACLPktContRuleOptionTable -- ----------------------------------------------------------------------------- swACLPktContRuleOptionTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContRuleOptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined ACL information." ::= { swAclRuleMgmt 7 } swACLPktContRuleOptionEntry OBJECT-TYPE SYNTAX SwACLPktContRuleOptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL rule regarding the user-defined part of each packet." INDEX { swACLPktContRuleOptionProfileID,swACLPktContRuleOptionAccessID } ::= { swACLPktContRuleOptionTable 1 } SwACLPktContRuleOptionEntry ::= SEQUENCE { swACLPktContRuleOptionProfileID INTEGER, swACLPktContRuleOptionAccessID INTEGER, swACLPktContRuleOffsetChunk1OffsetValue INTEGER, swACLPktContRuleOffsetChunk1Content OCTET STRING, swACLPktContRuleOffsetChunk2OffsetValue INTEGER, swACLPktContRuleOffsetChunk2Content OCTET STRING, swACLPktContRuleOffsetChunk3OffsetValue INTEGER, swACLPktContRuleOffsetChunk3Content OCTET STRING, swACLPktContRuleOffsetChunk4OffsetValue INTEGER, swACLPktContRuleOffsetChunk4Content OCTET STRING, swACLPktContRuleOptionEnablePriority INTEGER, swACLPktContRuleOptionPriority INTEGER, swACLPktContRuleOptionReplacePriority INTEGER, swACLPktContRuleOptionEnableReplaceDscp INTEGER, swACLPktContRuleOptionRepDscp INTEGER, swACLPktContRuleOptionPermit INTEGER, swACLPktContRuleOptionPort PortList, swACLPktContRuleOptionRowStatus RowStatus, swACLPktContRuleOptionOwner INTEGER, swACLPktContRuleOptionRxRate INTEGER, swACLPktContRuleOptionEnableReplaceTosPrecedence INTEGER, swACLPktContRuleOptionRepTosPrecedence INTEGER, swACLPktContRuleOptionVID INTEGER } swACLPktContRuleOptionProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLPktContRuleOptionEntry 1 } swACLPktContRuleOptionAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID. When row creation is set to 0, access ID is automatically created for the ports in the swACLPktContRulePort to create rule entries for swACLPktContRulePort accordingly. Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID for the swACLPktContRulePort. The swACLPktContRulePort must be set to one port only, otherwise the row creation will fail." ::= { swACLPktContRuleOptionEntry 2 } swACLPktContRuleOffsetChunk1OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-only STATUS current DESCRIPTION "Displays the frame content offset of chunk1." ::= { swACLPktContRuleOptionEntry 3 } swACLPktContRuleOffsetChunk1Content OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content of chunk1." ::= { swACLPktContRuleOptionEntry 4 } swACLPktContRuleOffsetChunk2OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-only STATUS current DESCRIPTION "Displays the frame content offset of chunk2." ::= { swACLPktContRuleOptionEntry 5 } swACLPktContRuleOffsetChunk2Content OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content of chunk2." ::= { swACLPktContRuleOptionEntry 6 } swACLPktContRuleOffsetChunk3OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-only STATUS current DESCRIPTION "Displays the frame content offset of chunk3." ::= { swACLPktContRuleOptionEntry 7 } swACLPktContRuleOffsetChunk3Content OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content of chunk3." ::= { swACLPktContRuleOptionEntry 8 } swACLPktContRuleOffsetChunk4OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-only STATUS current DESCRIPTION "Displays the frame content offset of chunk4." ::= { swACLPktContRuleOptionEntry 9 } swACLPktContRuleOffsetChunk4Content OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content of chunk4." ::= { swACLPktContRuleOptionEntry 10 } swACLPktContRuleOptionEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to packets with this priority value." ::= { swACLPktContRuleOptionEntry 11 } swACLPktContRuleOptionPriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the priority will change for the packets while the swACLPktContRuleReplacePriority is enabled ." ::= { swACLPktContRuleOptionEntry 12 } swACLPktContRuleOptionReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile 802.1p priority tag or not." ::= { swACLPktContRuleOptionEntry 13 } swACLPktContRuleOptionEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile DSCP field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLPktContRuleOptionEntry 14 } swACLPktContRuleOptionRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLPktContRuleOptionEntry 15 } swACLPktContRuleOptionPermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2), mirror(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered. mirror - Specifies that the packets that match the access profile are copied to the mirror port. Note: The ACL mirror function will function after mirror is enabled and a mirror port has been configured." ::= { swACLPktContRuleOptionEntry 16 } swACLPktContRuleOptionPort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s). This object and swACLPktContRuleOptionVID can not be set together. " ::= { swACLPktContRuleOptionEntry 17 } swACLPktContRuleOptionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContRuleOptionEntry 18 } swACLPktContRuleOptionOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL rule entry. Only owners can modify this entry." ::= { swACLPktContRuleOptionEntry 19 } swACLPktContRuleOptionRxRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device." ::= { swACLPktContRuleOptionEntry 20 } swACLPktContRuleOptionEnableReplaceTosPrecedence OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile ToS precedence field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLPktContRuleOptionEntry 21 } swACLPktContRuleOptionRepTosPrecedence OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the ToS precedence field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the ToS precedence field of the packet." ::= { swACLPktContRuleOptionEntry 22 } swACLPktContRuleOptionVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies this rule only applies to the specified VLAN. There are two conditions: 1.only the portlist that belongs to this VLAN will be included; 2.packets must belong to this VLAN. This object and swACLPktContRuleOptionPort can not be set together. When you set swACLPktContRuleOptionPort, the value of this object will automatically change to 0. And this object can not be set 0." ::= { swACLPktContRuleOptionEntry 23 } -- ----------------------------------------------------------------------------- -- swACLCounterTable -- ----------------------------------------------------------------------------- swACLCounterTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table maintains counter information associated with a specific rule in the ACL rule table. Please refer to the swACLEtherRuleTable, swACLIpRuleTable, swACLIpv6RuleTable and swACLPktContRuleTable for detailed ACL rule information." ::= { swAclRuleMgmt 8 } swACLCounterEntry OBJECT-TYPE SYNTAX SwACLCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry maintains counter information associated with the ACL rule table." INDEX { swACLCounterProfileID, swACLCounterAccessID} ::= { swACLCounterTable 1 } SwACLCounterEntry ::= SEQUENCE { swACLCounterProfileID INTEGER, swACLCounterAccessID INTEGER, swACLCounterState INTEGER, swACLCounterTotalCounter Counter64, swACLCounterGreenCounter Counter64, swACLCounterYellowCounter Counter64, swACLCounterRedCounter Counter64 } swACLCounterProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique in the mask list." ::= { swACLCounterEntry 1 } swACLCounterAccessID OBJECT-TYPE SYNTAX INTEGER(1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry as related to the swACLCounterProfileID." ::= { swACLCounterEntry 2 } swACLCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies whether the counter feature will be enabled/disabled. 1. This is optional. The default is disable. 2. If the rule is not bound with flow_meter, then all packets that match will be counted. If the rule is bound with flow_meter, then the 'counter' will be overridden. " ::= { swACLCounterEntry 3 } swACLCounterTotalCounter OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of matched packets." ::= { swACLCounterEntry 4 } swACLCounterGreenCounter OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of matched green packets." ::= { swACLCounterEntry 5 } swACLCounterYellowCounter OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of matched yellow packets." ::= { swACLCounterEntry 6 } swACLCounterRedCounter OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of matched red packets." ::= { swACLCounterEntry 7 } -- ----------------------------------------------------------------------------- -- swACLPktContRuleOption2 -- ----------------------------------------------------------------------------- swACLPktContRuleOption2 OBJECT IDENTIFIER ::= { swAclRuleMgmt 10 } -- ----------------------------------------------------------------------------- --swACLPktContRuleOption2Table -- ----------------------------------------------------------------------------- swACLPktContRuleOption2Table OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContRuleOption2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined ACL information for option 2 type of packet contnet syntax. To qualify the data of a packet content field with respect to an offset, an entry in the swACLPktContRuleOption2OffsetsTable must be created first. On row creation, all entries in the corresponding profile defined in the swACLPktContRuleOption2OffsetsTable will be associated to the ACL rule. " ::= { swACLPktContRuleOption2 1 } swACLPktContRuleOption2Entry OBJECT-TYPE SYNTAX SwACLPktContRuleOption2Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL rule regarding the user-defined part of each packet." INDEX { swACLPktContRuleOption2ProfileID,swACLPktContRuleOption2AccessID } ::= { swACLPktContRuleOption2Table 1 } SwACLPktContRuleOption2Entry ::= SEQUENCE { swACLPktContRuleOption2ProfileID INTEGER, swACLPktContRuleOption2AccessID INTEGER, swACLPktContRuleOption2SrcMac MacAddress, swACLPktContRuleOption2DstMac MacAddress, swACLPktContRuleOption2CTag OCTET STRING, swACLPktContRuleOption2STag OCTET STRING, swACLPktContRuleOption2EnablePriority INTEGER, swACLPktContRuleOption2Priority INTEGER, swACLPktContRuleOption2ReplacePriority INTEGER, swACLPktContRuleOption2EnableReplaceDscp INTEGER, swACLPktContRuleOption2RepDscp INTEGER, swACLPktContRuleOption2Permit INTEGER, swACLPktContRuleOption2Port PortList, swACLPktContRuleOption2Owner INTEGER, swACLPktContRuleOption2EnableReplaceTosPrecedence INTEGER, swACLPktContRuleOption2RepTosPrecedence INTEGER, swACLPktContRuleOption2VID INTEGER, swACLPktContRuleOption2RowStatus RowStatus, swACLPktContRuleOption2MaskSrcMac MacAddress, swACLPktContRuleOption2MaskDstMac MacAddress, swACLPktContRuleOption2MaskCTag OCTET STRING, swACLPktContRuleOption2MaskSTag OCTET STRING } swACLPktContRuleOption2ProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLPktContRuleOption2Entry 1 } swACLPktContRuleOption2AccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry in relation to the swACLPktContRuleOption2ProfileID. When row creation is set to 0, access ID is automatically assigned. " ::= { swACLPktContRuleOption2Entry 2 } swACLPktContRuleOption2SrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply to only packets with this source MAC address." ::= { swACLPktContRuleOption2Entry 3 } swACLPktContRuleOption2DstMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply to only packets with this destination MAC address." ::= { swACLPktContRuleOption2Entry 4 } swACLPktContRuleOption2CTag OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content of the customer VLAN tag, valid values are only from 0x0000 to 0xFFFF." ::= { swACLPktContRuleOption2Entry 5 } swACLPktContRuleOption2STag OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content of the service VLAN tag, valid values are only from 0x0000 to 0xFFFF." ::= { swACLPktContRuleOption2Entry 6 } swACLPktContRuleOption2EnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to packets with this priority value." ::= { swACLPktContRuleOption2Entry 7 } swACLPktContRuleOption2Priority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the priority will change for the packets while the swACLPktContRuleOption2ReplacePriority is enabled ." ::= { swACLPktContRuleOption2Entry 8 } swACLPktContRuleOption2ReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile 802.1p priority tag or not." ::= { swACLPktContRuleOption2Entry 9 } swACLPktContRuleOption2EnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile DSCP field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLPktContRuleOption2Entry 10 } swACLPktContRuleOption2RepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLPktContRuleOption2Entry 11 } swACLPktContRuleOption2Permit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2), mirror(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered. mirror - Specifies that the packets that match the access profile are copied to the mirror port. Note: The ACL mirror function will function after mirror is enabled and a mirror port has been configured." ::= { swACLPktContRuleOption2Entry 12 } swACLPktContRuleOption2Port OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s). This object and swACLPktContRuleOption2VID can not be set together. " ::= { swACLPktContRuleOption2Entry 13 } swACLPktContRuleOption2Owner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7), ismvlan(8), dhcp-relay(9), pppoe(10), arp-spoofing(11), bpdu-tunnel(12) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL rule entry. Only owners can modify this entry." ::= { swACLPktContRuleOption2Entry 17} swACLPktContRuleOption2EnableReplaceTosPrecedence OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile ToS precedence field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLPktContRuleOption2Entry 18 } swACLPktContRuleOption2RepTosPrecedence OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the ToS precedence field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the ToS precedence field of the packet." ::= { swACLPktContRuleOption2Entry 19 } swACLPktContRuleOption2VID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies this rule only applies to the specified VLAN. There are two conditions: 1.only the portlist that belongs to this VLAN will be included; 2.packets must belong to this VLAN. This object and swACLPktContRuleOption2Port can not be set together. When you set swACLPktContRuleOption2Port, the value of this object will automatically change to 0. And this object can not be set 0." ::= { swACLPktContRuleOption2Entry 20 } swACLPktContRuleOption2RowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContRuleOption2Entry 21 } swACLPktContRuleOption2MaskSrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask of source MAC address field as defined in swACLPktContRuleOption2SrcMac object The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. " ::= { swACLPktContRuleOption2Entry 22 } swACLPktContRuleOption2MaskDstMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask of source MAC address field as defined in swACLPktContRuleOption2DstMac object The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. " ::= { swACLPktContRuleOption2Entry 23 } swACLPktContRuleOption2MaskCTag OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask of the customer VLAN tag field as defined in swACLPktContRuleOption2CTag object The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. " ::= { swACLPktContRuleOption2Entry 24 } swACLPktContRuleOption2MaskSTag OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask of the service VLAN tag field as defined in swACLPktContRuleOption2STag object The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. " ::= { swACLPktContRuleOption2Entry 25 } -- ----------------------------------------------------------------------------- --swACLPktContRuleOption2OffsetsTable -- ----------------------------------------------------------------------------- swACLPktContRuleOption2OffsetsTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContRuleOption2OffsetsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the ACL rules for the individual packet content offset user-defined option 2 information. Entries created in this table will not set into the TCAM until a valid entry in the swACLPktContMaskOption2Table is created. " ::= { swACLPktContRuleOption2 2 } swACLPktContRuleOption2OffsetsEntry OBJECT-TYPE SYNTAX SwACLPktContRuleOption2OffsetsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL rule regarding the user-defined part of each packet." INDEX { swACLPktContRuleOption2OffsetsProfileID,swACLPktContRuleOption2OffsetsAccessID,swACLPktContRuleOption2OffsetsNum } ::= { swACLPktContRuleOption2OffsetsTable 1 } SwACLPktContRuleOption2OffsetsEntry ::= SEQUENCE { swACLPktContRuleOption2OffsetsProfileID INTEGER, swACLPktContRuleOption2OffsetsAccessID INTEGER, swACLPktContRuleOption2OffsetsNum INTEGER, swACLPktContRuleOption2OffsetsData OCTET STRING, swACLPktContRuleOption2OffsetsRowStatus RowStatus, swACLPktContRuleOption2OffsetsMask OCTET STRING } swACLPktContRuleOption2OffsetsProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ACL profile id to which this packet content field entry will be associated." ::= { swACLPktContRuleOption2OffsetsEntry 1 } swACLPktContRuleOption2OffsetsAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ACL access id to which this packet content field entry will be associated." ::= { swACLPktContRuleOption2OffsetsEntry 2 } swACLPktContRuleOption2OffsetsNum OBJECT-TYPE SYNTAX INTEGER (1..11) MAX-ACCESS read-only STATUS current DESCRIPTION "The sequence number of the packet content field to qualify the packet content." ::= { swACLPktContRuleOption2OffsetsEntry 3 } swACLPktContRuleOption2OffsetsData OBJECT-TYPE SYNTAX OCTET STRING(SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "The data of the packet content field." ::= { swACLPktContRuleOption2OffsetsEntry 4 } swACLPktContRuleOption2OffsetsRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContRuleOption2OffsetsEntry 5 } swACLPktContRuleOption2OffsetsMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the per rule mask of the frame content of each packet content offset field. The value of this object when not in use is the corresponding mask in the profile mask. Once the value of this object is modified, the per rule mask will take effect. " ::= { swACLPktContRuleOption2OffsetsEntry 6 } -- ----------------------------------------------------------------------------- -- swCpuAclEthernetTable -- ----------------------------------------------------------------------------- swCpuAclEthernetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains software ACL mask Ethernet information. Access profiles will be created on the switch to define which part of each incoming frame's layer 2 header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swCpuAclMaskMgmt 1 } swCpuAclEthernetEntry OBJECT-TYPE SYNTAX SwCpuAclEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about Ethernet ACL masks." INDEX { swCpuAclEthernetProfileID } ::= { swCpuAclEthernetTable 1 } SwCpuAclEthernetEntry ::= SEQUENCE { swCpuAclEthernetProfileID INTEGER, swCpuAclEthernetUsevlan INTEGER, swCpuAclEthernetMacAddrMaskState INTEGER, swCpuAclEthernetSrcMacAddrMask MacAddress, swCpuAclEthernetDstMacAddrMask MacAddress, swCpuAclEthernetUse8021p INTEGER, swCpuAclEthernetUseEthernetType INTEGER, swCpuAclEthernetRowStatus RowStatus } swCpuAclEthernetProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclEthernetEntry 1 } swCpuAclEthernetUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine the VLAN part of each packet header." ::= { swCpuAclEthernetEntry 2 } swCpuAclEthernetMacAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-mac-addr(2), src-mac-addr(3), dst-src-mac-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the MAC address mask. other (1) - Neither source MAC addresses nor destination MAC addresses are masked. dst-mac-addr (2) - Destination MAC addresses within received frames are to be filtered when matched with the MAC address entry of the table. src-mac-addr (3) - Source MAC address within received frames are to be filtered when matched with the MAC address entry of the table. dst-src-mac-addr (4) - Source or destination MAC addresses within received frames are to be filtered when matched with the MAC address entry of this table." ::= { swCpuAclEthernetEntry 3 } swCpuAclEthernetSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the MAC address mask for the source MAC address." ::= { swCpuAclEthernetEntry 4 } swCpuAclEthernetDstMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the MAC address mask for the destination MAC address." ::= { swCpuAclEthernetEntry 5 } swCpuAclEthernetUse8021p OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the 802.1p priority value in the frame's header or not." ::= { swCpuAclEthernetEntry 6 } swCpuAclEthernetUseEthernetType OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the Ethernet type value in each frame's header or not." ::= { swCpuAclEthernetEntry 7 } swCpuAclEthernetRowStatus OBJECT-TYPE --swCpuAclEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclEthernetEntry 8 } -- ----------------------------------------------------------------------------- -- swCpuAclIpTable -- ----------------------------------------------------------------------------- swCpuAclIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains software ACL mask IP information. Access profiles will be created on the switch to define which parts of each incoming frame's IP layer 2 header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swCpuAclMaskMgmt 2 } swCpuAclIpEntry OBJECT-TYPE SYNTAX SwCpuAclIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the software ACL of the IP Layer." INDEX { swCpuAclIpProfileID } ::= { swCpuAclIpTable 1 } SwCpuAclIpEntry ::= SEQUENCE { swCpuAclIpProfileID INTEGER, swCpuAclIpUsevlan INTEGER, swCpuAclIpIpAddrMaskState INTEGER, swCpuAclIpSrcIpAddrMask IpAddress, swCpuAclIpDstIpAddrMask IpAddress, swCpuAclIpUseDSCP INTEGER, swCpuAclIpUseProtoType INTEGER, swCpuAclIpIcmpOption INTEGER, swCpuAclIpIgmpOption INTEGER, swCpuAclIpTcpOption INTEGER, swCpuAclIpUdpOption INTEGER, swCpuAclIpTCPorUDPSrcPortMask OCTET STRING, swCpuAclIpTCPorUDPDstPortMask OCTET STRING, swCpuAclIpTCPFlagBit INTEGER, swCpuAclIpTCPFlagBitMask INTEGER, swCpuAclIpProtoIDOption INTEGER, swCpuAclIpProtoID INTEGER, swCpuAclIpProtoIDMask OCTET STRING, swCpuAclIpRowStatus RowStatus } swCpuAclIpProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclIpEntry 1 } swCpuAclIpUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the IP layer VLAN part is examined or not." ::= { swCpuAclIpEntry 2 } swCpuAclIpIpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ip-addr(2), src-ip-addr(3), dst-src-ip-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of IP address mask. other (1) - Neither source IP addresses nor destination IP address are masked. dst-ip-addr (2) - Destination IP addresses within received frames are to be filtered when matched with the IP address entry of this table. src-ip-addr (3) - Source IP addresses within received frames are to be filtered when matched with the IP address entry of this table. dst-src-ip-addr (4) - Destination or source IP addresses within received frames are to be filtered when matched with the IP address entry of the table." ::= { swCpuAclIpEntry 3 } swCpuAclIpSrcIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address mask for the source IP address." ::= { swCpuAclIpEntry 4 } swCpuAclIpDstIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address mask for the destination IP address." ::= { swCpuAclIpEntry 5 } swCpuAclIpUseDSCP OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the DSCP protocol in the packet header is to be examined or not." ::= { swCpuAclIpEntry 6 } swCpuAclIpUseProtoType OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which protocol will be examined." ::= { swCpuAclIpEntry 7 } swCpuAclIpIcmpOption OBJECT-TYPE SYNTAX INTEGER { none(1), type(2), code(3), type-code(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which fields are identified for ICMP. none (1)- Both fields are null. type (2)- Type field identified. code (3)- Code field identified. type-code (4)- Both ICMP fields identified. " ::= { swCpuAclIpEntry 8 } swCpuAclIpIgmpOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the IGMP options field is identified or not." ::= { swCpuAclIpEntry 9 } swCpuAclIpTcpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered addresses of TCP. other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered is this destination or source port is identified in received frames." ::= { swCpuAclIpEntry 10 } swCpuAclIpUdpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered addresses of UDP. other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swCpuAclIpEntry 11 } swCpuAclIpTCPorUDPSrcPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the source port if swCpuAclIpUseProtoType is TCP. Specifies a UDP port mask for the source port if swCpuAclIpUseProtoType is UDP. " ::= { swCpuAclIpEntry 12 } swCpuAclIpTCPorUDPDstPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the destination port if swCpuAclIpUseProtoType is TCP. Specifies a UDP port mask for the destination port if swCpuAclIpUseProtoType is UDP." ::= { swCpuAclIpEntry 13 } swCpuAclIpTCPFlagBit OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP connection flag mask." ::= { swCpuAclIpEntry 14 } swCpuAclIpTCPFlagBitMask OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offer. The value is a sum of flag bits. This sum initially takes the value zero. Then, for each flag, L is added in the range 1 through 6, for which this node performs transactions where 2^(L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example, if you want to enable urg bit and ack bit, you should set value 48{2^(5-1) + 2^(6-1)}." ::= { swCpuAclIpEntry 15 } swCpuAclIpProtoIDOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine each frame's Protocol ID field or not." ::= { swCpuAclIpEntry 16 } swCpuAclIpProtoID OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swCpuAclIpEntry 17 } swCpuAclIpProtoIDMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the mask options behind the IP header." ::= { swCpuAclIpEntry 18 } swCpuAclIpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpEntry 19 } -- ----------------------------------------------------------------------------- -- swCpuAclPktContMaskTable -- ----------------------------------------------------------------------------- swCpuAclPktContMaskTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined software ACL information. Access profiles will be created on the switch to define which part of each incoming frame's user-defined part of the packet header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swCpuAclMaskMgmt 3 } swCpuAclPktContMaskEntry OBJECT-TYPE SYNTAX SwCpuAclPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about user-defined software ACLs." INDEX { swCpuAclPktContMaskProfileID } ::= { swCpuAclPktContMaskTable 1 } SwCpuAclPktContMaskEntry ::= SEQUENCE { swCpuAclPktContMaskProfileID INTEGER, swCpuAclPktContMaskOffset0to15 OCTET STRING, swCpuAclPktContMaskOffset16to31 OCTET STRING, swCpuAclPktContMaskOffset32to47 OCTET STRING, swCpuAclPktContMaskOffset48to63 OCTET STRING, swCpuAclPktContMaskOffset64to79 OCTET STRING, swCpuAclPktContMaskRowStatus RowStatus } swCpuAclPktContMaskProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclPktContMaskEntry 1 } swCpuAclPktContMaskOffset0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset0to15) and the mask options." ::= { swCpuAclPktContMaskEntry 2 } swCpuAclPktContMaskOffset16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset16to31) and the mask options." ::= { swCpuAclPktContMaskEntry 3 } swCpuAclPktContMaskOffset32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset32to47) and the mask options." ::= { swCpuAclPktContMaskEntry 4 } swCpuAclPktContMaskOffset48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset48to63) and the mask options." ::= { swCpuAclPktContMaskEntry 5 } swCpuAclPktContMaskOffset64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset64to79) and the mask options." ::= { swCpuAclPktContMaskEntry 6 } swCpuAclPktContMaskRowStatus OBJECT-TYPE --swCpuAclEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclPktContMaskEntry 7 } -- ----------------------------------------------------------------------------- -- swCpuAclIpv6MaskTable -- ----------------------------------------------------------------------------- swCpuAclIpv6MaskTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpv6MaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains IPv6 software ACL mask information. An access profile will be created on the switch to define which part of each incoming frame's IPv6 part of the packet header will be examined by switch. Masks entered will be combined with the values the switch finds in the specified frame header fields. " ::= { swCpuAclMaskMgmt 4 } swCpuAclIpv6MaskEntry OBJECT-TYPE SYNTAX SwCpuAclIpv6MaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about user-defined software ACLs." INDEX { swCpuAclIpv6MaskProfileID } ::= { swCpuAclIpv6MaskTable 1 } SwCpuAclIpv6MaskEntry ::= SEQUENCE { swCpuAclIpv6MaskProfileID INTEGER, swCpuAclIpv6MaskClass INTEGER, swCpuAclIpv6MaskFlowlabel INTEGER, swCpuAclIpv6IpAddrMaskState INTEGER, swCpuAclIpv6MaskSrcIpv6Mask Ipv6Address, swCpuAclIpv6MaskDstIpv6Mask Ipv6Address, swCpuAclIpv6MaskRowStatus RowStatus } swCpuAclIpv6MaskProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclIpv6MaskEntry 1 } swCpuAclIpv6MaskClass OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 class field and the mask options." ::= { swCpuAclIpv6MaskEntry 2 } swCpuAclIpv6MaskFlowlabel OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 flowlabel field and the mask options." ::= { swCpuAclIpv6MaskEntry 3 } swCpuAclIpv6IpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ipv6-addr(2), src-ipv6-addr(3), dst-src-ipv6-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of IPv6 address mask. other (1) - Neither source IPv6 address nor destination IPv6 address are masked. dst-ipv6-addr (2) - Packets will be filtered if this destination IPv6 address is identified as a match in received frames. src-ipv6-addr (3) - Packets will be filtered if this source IPv6 address is identified as a match in received frames. dst-src-ipv6-addr (4) - Packets will be filtered if this destination or source IPv6 address is identified as a match in received frames." ::= { swCpuAclIpv6MaskEntry 4 } swCpuAclIpv6MaskSrcIpv6Mask OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the source IPv6 address and the mask options. This should be a 16 byte octet string." ::= { swCpuAclIpv6MaskEntry 5 } swCpuAclIpv6MaskDstIpv6Mask OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the destination IPv6 address and the mask options. This should be a 16 byte octet string." ::= { swCpuAclIpv6MaskEntry 6 } swCpuAclIpv6MaskRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpv6MaskEntry 7 } -- ----------------------------------------------------------------------------- --swCpuACLMaskDelAllState -- ----------------------------------------------------------------------------- swCpuACLMaskDelAllState OBJECT-TYPE SYNTAX INTEGER{ none(1), start(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to delete all software ACL masks." ::= { swCpuAclMaskMgmt 5 } -- ----------------------------------------------------------------------------- -- swCpuAclEtherRuleTable -- ----------------------------------------------------------------------------- swCpuAclEtherRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains Ethernet software ACL rule information." ::= { swCpuAclRuleMgmt 1 } swCpuAclEtherRuleEntry OBJECT-TYPE SYNTAX SwCpuAclEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the software ACL rule of the layer 2 part of each packet." INDEX { swCpuAclEtherRuleProfileID,swCpuAclEtherRuleAccessID } ::= { swCpuAclEtherRuleTable 1 } SwCpuAclEtherRuleEntry ::= SEQUENCE { swCpuAclEtherRuleProfileID INTEGER, swCpuAclEtherRuleAccessID INTEGER, swCpuAclEtherRuleVlan SnmpAdminString, swCpuAclEtherRuleSrcMacAddress MacAddress, swCpuAclEtherRuleDstMacAddress MacAddress, swCpuAclEtherRule8021P INTEGER, swCpuAclEtherRuleEtherType OCTET STRING, swCpuAclEtherRulePermit INTEGER, swCpuAclEtherRuleRowStatus RowStatus, swCpuAclEtherRulePort PortList, swCpuAclEtherRuleMatchVID INTEGER } swCpuAclEtherRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclEtherRuleEntry 1 } swCpuAclEtherRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL rule entry as it relates to swCpuAclEtherRuleProfileID." ::= { swCpuAclEtherRuleEntry 2 } swCpuAclEtherRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to packets with the VLAN ID indexed by this VLAN name." ::= { swCpuAclEtherRuleEntry 3 } swCpuAclEtherRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to the packets with this source MAC address." ::= { swCpuAclEtherRuleEntry 4 } swCpuAclEtherRuleDstMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to the packets with this destination MAC address." ::= { swCpuAclEtherRuleEntry 5 } swCpuAclEtherRule8021P OBJECT-TYPE SYNTAX INTEGER(-1..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to packets with this 802.1p priority value. A value of -1 indicates that this node is not actively used." ::= { swCpuAclEtherRuleEntry 6 } swCpuAclEtherRuleEtherType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to packets with this 802.1Q Ethernet type value in the packet header." ::= { swCpuAclEtherRuleEntry 7 } swCpuAclEtherRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is to 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclEtherRuleEntry 8 } swCpuAclEtherRuleRowStatus OBJECT-TYPE --swCpuAclEtherRuleState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclEtherRuleEntry 9 } swCpuAclEtherRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swCpuAclEtherRuleEntry 10 } swCpuAclEtherRuleMatchVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this VLAN ID." ::= { swCpuAclEtherRuleEntry 11 } -- ----------------------------------------------------------------------------- -- swCpuAclIpRuleTable -- ----------------------------------------------------------------------------- swCpuAclIpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains IPv4 software ACL rule information." ::= { swCpuAclRuleMgmt 2 } swCpuAclIpRuleEntry OBJECT-TYPE SYNTAX SwCpuAclIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about this software ACL rule." INDEX { swCpuAclIpRuleProfileID , swCpuAclIpRuleAccessID } ::= { swCpuAclIpRuleTable 1 } SwCpuAclIpRuleEntry ::= SEQUENCE { swCpuAclIpRuleProfileID INTEGER, swCpuAclIpRuleAccessID INTEGER, swCpuAclIpRuleVlan SnmpAdminString, swCpuAclIpRuleSrcIpaddress IpAddress, swCpuAclIpRuleDstIpaddress IpAddress, swCpuAclIpRuleDscp INTEGER, swCpuAclIpRuleProtocol INTEGER, swCpuAclIpRuleType INTEGER, swCpuAclIpRuleCode INTEGER, swCpuAclIpRuleSrcPort INTEGER, swCpuAclIpRuleDstPort INTEGER, swCpuAclIpRuleFlagBits INTEGER, swCpuAclIpRuleProtoID INTEGER, swCpuAclIpRuleUserMask OCTET STRING, swCpuAclIpRulePermit INTEGER, swCpuAclIpRuleRowStatus RowStatus, swCpuAclIpRulePort PortList, swCpuAclIpRuleMatchVID INTEGER } swCpuAclIpRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclIpRuleEntry 1 } swCpuAclIpRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the software ACL for the IPv4 rule entry." ::= { swCpuAclIpRuleEntry 2 } swCpuAclIpRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with the VLAN ID indexed by this VLAN name." ::= { swCpuAclIpRuleEntry 3 } swCpuAclIpRuleSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies an IP source address." ::= { swCpuAclIpRuleEntry 4 } swCpuAclIpRuleDstIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies an IP destination address." ::= { swCpuAclIpRuleEntry 5 } swCpuAclIpRuleDscp OBJECT-TYPE SYNTAX INTEGER(-1..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the value of DSCP. The value can be configured from 0 to 63. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 6 } swCpuAclIpRuleProtocol OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the IP protocol which has been configured in swCpuAclIpEntry." ::= { swCpuAclIpRuleEntry 7 } swCpuAclIpRuleType OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rule applies to the value of ICMP type traffic. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 8 } swCpuAclIpRuleCode OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rule applies to the value of ICMP code traffic. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 9 } swCpuAclIpRuleSrcPort OBJECT-TYPE SYNTAX INTEGER(-1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rule applies to the range of TCP/UDP source ports. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 10 } swCpuAclIpRuleDstPort OBJECT-TYPE SYNTAX INTEGER(-1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the range of TCP/UDP destination ports. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 11 } swCpuAclIpRuleFlagBits OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offer. The value is a sum of flag bits. This sum initially takes the value zero. Then, for each flag, L is added in the range 1 through 6, for which this node performs transactions where, 2^(L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example, it you want to enable urg bit and ack bit, you should set the value 48{2^(5-1) + 2^(6-1)}." ::= { swCpuAclIpRuleEntry 12 } swCpuAclIpRuleProtoID OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rule applies to the value of IP protocol ID traffic. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 13 } swCpuAclIpRuleUserMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the range of options behind the IP header." ::= { swCpuAclIpRuleEntry 14 } swCpuAclIpRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is to 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclIpRuleEntry 15 } swCpuAclIpRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpRuleEntry 16 } swCpuAclIpRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swCpuAclIpRuleEntry 17 } swCpuAclIpRuleMatchVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this VLAN ID." ::= { swCpuAclIpRuleEntry 18 } -- ----------------------------------------------------------------------------- -- swCpuAclPktContRuleTable -- ----------------------------------------------------------------------------- swCpuAclPktContRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclPktContRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined software ACL rule information." ::= { swCpuAclRuleMgmt 3 } swCpuAclPktContRuleEntry OBJECT-TYPE SYNTAX SwCpuAclPktContRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the software ACL rule of the user-defined part of each packet." INDEX { swCpuAclPktContRuleProfileID,swCpuAclPktContRuleAccessID } ::= { swCpuAclPktContRuleTable 1 } SwCpuAclPktContRuleEntry ::= SEQUENCE { swCpuAclPktContRuleProfileID INTEGER, swCpuAclPktContRuleAccessID INTEGER, swCpuAclPktContRuleOffset0to15 OCTET STRING, swCpuAclPktContRuleOffset16to31 OCTET STRING, swCpuAclPktContRuleOffset32to47 OCTET STRING, swCpuAclPktContRuleOffset48to63 OCTET STRING, swCpuAclPktContRuleOffset64to79 OCTET STRING, swCpuAclPktContRulePermit INTEGER, swCpuAclPktContRuleRowStatus RowStatus, swCpuAclPktContRulePort PortList } swCpuAclPktContRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclPktContRuleEntry 1 } swCpuAclPktContRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL rule entry related to swCpuAclPktContRuleProfileID." ::= { swCpuAclPktContRuleEntry 2 } swCpuAclPktContRuleOffset0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 3 } swCpuAclPktContRuleOffset16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 4 } swCpuAclPktContRuleOffset32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 5 } swCpuAclPktContRuleOffset48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 6 } swCpuAclPktContRuleOffset64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 7 } swCpuAclPktContRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is to 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclPktContRuleEntry 8 } swCpuAclPktContRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclPktContRuleEntry 9 } swCpuAclPktContRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swCpuAclPktContRuleEntry 10 } -- ----------------------------------------------------------------------------- -- swCpuAclIpv6RuleTable -- ----------------------------------------------------------------------------- swCpuAclIpv6RuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpv6RuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined ACL rule information." ::= { swCpuAclRuleMgmt 4 } swCpuAclIpv6RuleEntry OBJECT-TYPE SYNTAX SwCpuAclIpv6RuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL rule of the user-defined part of each packet." INDEX { swCpuAclIpv6RuleProfileID,swCpuAclIpv6RuleAccessID } ::= { swCpuAclIpv6RuleTable 1 } SwCpuAclIpv6RuleEntry ::= SEQUENCE { swCpuAclIpv6RuleProfileID INTEGER, swCpuAclIpv6RuleAccessID INTEGER, swCpuAclIpv6RuleClass INTEGER, swCpuAclIpv6RuleFlowlabel OCTET STRING, swCpuAclIpv6RuleSrcIpv6Addr Ipv6Address, swCpuAclIpv6RuleDstIpv6Addr Ipv6Address, swCpuAclIpv6RulePermit INTEGER, swCpuAclIpv6RuleRowStatus RowStatus, swCpuAclIpv6RulePort PortList } swCpuAclIpv6RuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry. This is unique in the mask list. The maximum value of this object depends on the device." ::= { swCpuAclIpv6RuleEntry 1 } swCpuAclIpv6RuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry in relation to swCpuAclIpv6RuleProfileID." ::= { swCpuAclIpv6RuleEntry 2 } swCpuAclIpv6RuleClass OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 class field." ::= { swCpuAclIpv6RuleEntry 3 } swCpuAclIpv6RuleFlowlabel OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 flowlabel field." ::= { swCpuAclIpv6RuleEntry 4 } swCpuAclIpv6RuleSrcIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the source IPv6 address. This should be a 16 byte octet string." ::= { swCpuAclIpv6RuleEntry 5 } swCpuAclIpv6RuleDstIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the destination IPv6 address. This should be a 16 byte octet string." ::= { swCpuAclIpv6RuleEntry 6 } swCpuAclIpv6RulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the examination is to 'permit' or 'deny'. The default is 'permit' (1). permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclIpv6RuleEntry 7 } swCpuAclIpv6RuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpv6RuleEntry 8 } swCpuAclIpv6RulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to port(s)." ::= { swCpuAclIpv6RuleEntry 9 } -- ----------------------------------------------------------------------------- -- swAclMeteringMgmt -- ----------------------------------------------------------------------------- swAclMeterTable OBJECT-TYPE SYNTAX SEQUENCE OF SwAclMeterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to configure the flow-based metering function. The access rule must first be created before the parameters of this function can be applied. Users may set the preferred bandwidth for this rule, in Kbps; once the bandwidth has been exceeded, overflow packets will be either dropped or set for a drop precedence, depending on user configuration." ::= { swAclMeteringMgmt 1 } swAclMeterEntry OBJECT-TYPE SYNTAX SwAclMeterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This entry displays parameters and configurations set for the flow metering function." INDEX { swAclMeterProfileID, swAclMeterAccessID} ::= { swAclMeterTable 1 } SwAclMeterEntry ::= SEQUENCE { swAclMeterProfileID INTEGER, swAclMeterAccessID INTEGER, swAclMeterRate INTEGER, swAclMeterActionForRateExceed INTEGER, swAclMeterRemarkDscp INTEGER, swAclMeterBurstSize INTEGER, swAclMeterMode INTEGER, swAclMeterTrtcmCir INTEGER, swAclMeterTrtcmCbs INTEGER, swAclMeterTrtcmPir INTEGER, swAclMeterTrtcmPbs INTEGER, swAclMeterTrtcmColorMode INTEGER, swAclMeterTrtcmConformState INTEGER, swAclMeterTrtcmConformReplaceDscp INTEGER, swAclMeterTrtcmConformCounterState INTEGER, swAclMeterTrtcmExceedState INTEGER, swAclMeterTrtcmExceedReplaceDscp INTEGER, swAclMeterTrtcmExceedCounterState INTEGER, swAclMeterTrtcmViolateState INTEGER, swAclMeterTrtcmViolateReplaceDscp INTEGER, swAclMeterTrtcmViolateCounterState INTEGER, swAclMeterSrtcmCir INTEGER, swAclMeterSrtcmCbs INTEGER, swAclMeterSrtcmEbs INTEGER, swAclMeterSrtcmColorMode INTEGER, swAclMeterSrtcmConformState INTEGER, swAclMeterSrtcmConformReplaceDscp INTEGER, swAclMeterSrtcmConformCounterState INTEGER, swAclMeterSrtcmExceedState INTEGER, swAclMeterSrtcmExceedReplaceDscp INTEGER, swAclMeterSrtcmExceedCounterState INTEGER, swAclMeterSrtcmViolateState INTEGER, swAclMeterSrtcmViolateReplaceDscp INTEGER, swAclMeterSrtcmViolateCounterState INTEGER, swAclMeterRowStatus RowStatus } swAclMeterProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry is unique in the mask list. The maximum value of this object depends on the device." ::= { swAclMeterEntry 1 } swAclMeterAccessID OBJECT-TYPE SYNTAX INTEGER(1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry as related to the swAclMeterProfileID." ::= { swAclMeterEntry 2 } swAclMeterRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the committed bandwidth in Kbps for the flow. NOTE: 1. Specifying 0 will disable this flow meter setting. 2. Users must set the swAclMeterActionForRateExceed object to activate this entry." ::= { swAclMeterEntry 3 } swAclMeterActionForRateExceed OBJECT-TYPE SYNTAX INTEGER { other(1), drop-packet(2), set-drop-precedence(3), remark-dscp(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action to take for those packets exceeding the committed rate. NOTE: Users must also set the swAclMeterRate to activate this entry." ::= { swAclMeterEntry 4 } swAclMeterRemarkDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Mark the packet with a specified DSCP. It can be set when swAclMeterActionForRateExceed sets remark-dscp (3)." ::= { swAclMeterEntry 5 } swAclMeterBurstSize OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "This specifies the burst size for the single rate two color mode. The unit is Kbytes. That is to say, 1 means 1kbytes. The set value range is 0..n, the value n is determined by project, the value of 0 means to delete this flow_meter setting." ::= { swAclMeterEntry 6 } swAclMeterMode OBJECT-TYPE SYNTAX INTEGER { other(1), tr-tcm(2), sr-tcm(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "tr-tcm: two rate three color mode; sr-tcm: single rate three color mode. " ::= { swAclMeterEntry 7 } swAclMeterTrtcmCir OBJECT-TYPE SYNTAX INTEGER (1..156249) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'committed information rate' of 'two rate three color mode'. The unit is Kbps." ::= { swAclMeterEntry 8 } swAclMeterTrtcmCbs OBJECT-TYPE SYNTAX INTEGER (1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'committed burst size' of 'two rate three color mode'. 1. The unit is Kbytes. That is to say, 1 means 1Kbytes. 2. This parameter is an optional parameter. The default value is 4*1024. 3. The max set value is 16*1024. " ::= { swAclMeterEntry 9 } swAclMeterTrtcmPir OBJECT-TYPE SYNTAX INTEGER (1..156249) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'Peak Information Rate' of 'two rate three color mode'. The unit is Kbps." ::= { swAclMeterEntry 10 } swAclMeterTrtcmPbs OBJECT-TYPE SYNTAX INTEGER (1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'peak burst size' of 'two rate three color mode'. 1. The unit is Kbytes. That is to say, 1 means 1kbytes. 2. This parameter is an optional parameter. The default value is 4*1024. 3. The max set value is 16*1024. " ::= { swAclMeterEntry 11 } swAclMeterTrtcmColorMode OBJECT-TYPE SYNTAX INTEGER { color-blind(1), color-aware(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the meter mode. The default is color-blind mode. The final color of the packet is determined by the initial color of the packet and the metering result." ::= { swAclMeterEntry 12 } swAclMeterTrtcmConformState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when packet is in 'green color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. " ::= { swAclMeterEntry 13 } swAclMeterTrtcmConformReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when the packet is in 'green color'." ::= { swAclMeterEntry 14 } swAclMeterTrtcmConformCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when the packet is in 'green color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 15 } swAclMeterTrtcmExceedState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3), drop(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when packet is in 'yellow color'. permit: permit the packet. replace-dscp: change the DSCP value of the packet. drop: drop the packet. " ::= { swAclMeterEntry 16 } swAclMeterTrtcmExceedReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of packet when packet is in 'yellow color'." ::= { swAclMeterEntry 17 } swAclMeterTrtcmExceedCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when packet is in 'yellow color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 18 } swAclMeterTrtcmViolateState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3), drop(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when packet is in 'red color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. drop: drop the packet. " ::= { swAclMeterEntry 19 } swAclMeterTrtcmViolateReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when packet is in 'red color'." ::= { swAclMeterEntry 20 } swAclMeterTrtcmViolateCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when packet is in 'red color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 21 } swAclMeterSrtcmCir OBJECT-TYPE SYNTAX INTEGER (1..156249) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'committed information rate' of 'single rate three color mode'. The unit is Kbps." ::= { swAclMeterEntry 22 } swAclMeterSrtcmCbs OBJECT-TYPE SYNTAX INTEGER (1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'committed burst size' of 'single rate three color mode'. 1. The unit is Kbytes. That is to say, 1 means 1Kbytes. 2. The max set value is 16*1024. " ::= { swAclMeterEntry 23 } swAclMeterSrtcmEbs OBJECT-TYPE SYNTAX INTEGER (1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'Excess burst size' of 'single rate three color mode'. 1. The unit is Kbytes. That is to say, 1 means 1kbytes. 2. The max set value is 16*1024. " ::= { swAclMeterEntry 24 } swAclMeterSrtcmColorMode OBJECT-TYPE SYNTAX INTEGER { color-blind(1), color-aware(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the meter mode. The default is color-blind mode. The final color of packet is determined by the initial color of the packet and the metering result." ::= { swAclMeterEntry 25 } swAclMeterSrtcmConformState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when the packet is in 'green color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. " ::= { swAclMeterEntry 26 } swAclMeterSrtcmConformReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when packet is in 'green color'." ::= { swAclMeterEntry 27 } swAclMeterSrtcmConformCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when the packet is in 'green color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited such that counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 28 } swAclMeterSrtcmExceedState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3), drop(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when the packet is in 'yellow color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. drop: drop the packet. " ::= { swAclMeterEntry 29 } swAclMeterSrtcmExceedReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when packet is in 'yellow color'." ::= { swAclMeterEntry 30 } swAclMeterSrtcmExceedCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when the packet is in 'yellow color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited such that counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 31 } swAclMeterSrtcmViolateState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3), drop(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when the packet is in 'red color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. drop: drop the packet. " ::= { swAclMeterEntry 32 } swAclMeterSrtcmViolateReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when packet is in 'red color'." ::= { swAclMeterEntry 33 } swAclMeterSrtcmViolateCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when the packet is in 'red color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 34 } swAclMeterRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swAclMeterEntry 35 } swAclMeteringNumOfEntryInUse OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Used to display total entries of the flow metering." ::= { swAclMeteringMgmt 2 } END