-- ACLMGMT mib -- Draft Ver 0.3 2003/3/30 04:04¤U¤È -- History: -- Index in the Mask and Rule table, change their ACCESS from read-create to read-only -- -------------------------------------------------------------------------------------- -- Draft Ver 0.1 2003/2/27 02:44¤U¤È by Scott Sung -- Draft Ver 0.2 2003/3/12 10:43¤U¤È by Richard Chang -- Draft Ver 0.3 2003/8/13 10:43¤U¤È by Scott Sung ,add swACLIpTCPFlagBit for DGS3x12S -- -------------------------------------------------------------------------------------- SW-ACLMGMT-MIB DEFINITIONS ::= BEGIN IMPORTS Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE, MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32 FROM SNMPv2-SMI MacAddress, RowStatus FROM SNMPv2-TC DisplayString FROM RFC1213-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB dlink-mgmt FROM DLINK-ID-REC-MIB PortList FROM Q-BRIDGE-MIB; swAclMgmtMIB MODULE-IDENTITY LAST-UPDATED "0007150000Z" ORGANIZATION "enterprise, Inc." CONTACT-INFO " Customer Service Postal: Tel: E-mail: " DESCRIPTION "The Structure of Access Control List Information for the proprietary enterprise." ::= { dlink-mgmt 5 } swAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 } swAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 } --*************************************************************************** --swACLEthernetTable --*************************************************************************** swACLEthernetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL mask of Ethernet information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's layer 2 part of header the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields. " ::= { swAclMaskMgmt 1 } swACLEthernetEntry OBJECT-TYPE SYNTAX SwACLEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL of Ethernet." INDEX { swACLEthernetProfileID } ::= { swACLEthernetTable 1 } SwACLEthernetEntry ::= SEQUENCE { swACLEthernetProfileID INTEGER, swACLEthernetUsevlan INTEGER, swACLEthernetMacAddrMaskState INTEGER, swACLEthernetSrcMacAddrMask MacAddress, swACLEthernetDstMacAddrMask MacAddress, swACLEthernetUse8021p INTEGER, swACLEthernetUseEthernetType INTEGER, --del by ynot 2-19 --swACLEthernetPermit --INTEGER, --add by ynot swACLEthernetPort PortList, --end swACLEthernetRowStatus RowStatus } swACLEthernetProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swACLEthernetEntry 1 } swACLEthernetUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine the VLAN part of each packet header." ::= { swACLEthernetEntry 2 } swACLEthernetMacAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-mac-addr(2), src-mac-addr(3), dst-src-mac-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of MAC address mask. other(1) - Neither source MAC address nor destination MAC address are masked. dst-mac-addr(2) - recieved frames's destination MAC address are currently used to be filtered as it meets with the MAC address entry of the table. src-mac-addr(3) - recieved frames's source MAC address are currently used to be filtered as it meets with the MAC address entry of the table. dst-src-mac-addr(4) - recieved frames's destination MAC address or source MAC address are currently used to be filtered as it meets with the MAC address entry of the table." ::= { swACLEthernetEntry 3 } swACLEthernetSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies the MAC address mask for the source MAC address." ::= { swACLEthernetEntry 4 } swACLEthernetDstMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies the MAC address mask for the destination MAC address." ::= { swACLEthernetEntry 5 } swACLEthernetUse8021p OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the 802.1p priority value in the frame's header or not." ::= { swACLEthernetEntry 6 } swACLEthernetUseEthernetType OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the Ethernet type value in each frame's header or not." ::= { swACLEthernetEntry 7 } --del by ynot 2-19 --swACLEthernetPermit OBJECT-TYPE -- SYNTAX INTEGER { -- permit(1), -- deny(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates resoult of examination is permit or deny;default is permit(1) -- permit - Specifies that packets that match the access profile are -- permitted to be forwarded by the switch. -- deny - Specifies that packets that do not match the access profile -- are not permitted to be forwarded by the switch and will be filtered." -- ::= { swACLEthernetEntry 8 } --add by ynot swACLEthernetPort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the portlist of this entry." ::= { swACLEthernetEntry 8 } swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLEthernetEntry 9 } --*************************************************************************** --swACLIpTable --*************************************************************************** swACLIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL mask of IP information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's IP layer part of header the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 2 } swACLIpEntry OBJECT-TYPE SYNTAX SwACLIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL of IP Layer." INDEX { swACLIpProfileID } ::= { swACLIpTable 1 } SwACLIpEntry ::= SEQUENCE { swACLIpProfileID INTEGER, swACLIpUsevlan INTEGER, swACLIpIpAddrMaskState INTEGER, swACLIpSrcIpAddrMask IpAddress, swACLIpDstIpAddrMask IpAddress, swACLIpUseDSCP INTEGER, swACLIpUseProtoType INTEGER, swACLIpIcmpOption INTEGER, swACLIpIgmpOption INTEGER, swACLIpTcpOption INTEGER, swACLIpUdpOption INTEGER, swACLIpTCPorUDPSrcPortMask OCTET STRING, swACLIpTCPorUDPDstPortMask OCTET STRING, swACLIpTCPFlagBit INTEGER, swACLIpProtoIDOption INTEGER, swACLIpProtoIDMask OCTET STRING, swACLIpPort PortList, --del by ynot 2-19 --swACLIpPermit -- INTEGER, swACLIpRowStatus RowStatus, swACLIpTCPFlagBitMask INTEGER } swACLIpProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swACLIpEntry 1 } swACLIpUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if IP layer vlan is examined or not." ::= { swACLIpEntry 2 } swACLIpIpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ip-addr(2), src-ip-addr(3), dst-src-ip-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of IP address mask. other(1) - Neither source IP address nor destination IP address are masked. dst-ip-addr(2) - recieved frames's destination IP address are currently used to be filtered as it meets with the IP address entry of the table. src-ip-addr(3) - recieved frames's source IP address are currently used to be filtered as it meets with the IP address entry of the table. dst-src-ip-addr(4) - recieved frames's destination IP address or source IP address are currently used to be filtered as it meets with the IP address entry of the table." ::= { swACLIpEntry 3 } swACLIpSrcIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies IP address mask for the source IP address." ::= { swACLIpEntry 4 } swACLIpDstIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies the IP address mask for the destination IP address." ::= { swACLIpEntry 5 } swACLIpUseDSCP OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates DSCP protocol is is examined or not." ::= { swACLIpEntry 6 } swACLIpUseProtoType OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "That object indicates which protocol will be examined." ::= { swACLIpEntry 7 } swACLIpIcmpOption OBJECT-TYPE SYNTAX INTEGER { none(1), type(2), code(3), type-code(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which fields should be filled in of ICMP. none(1)- two fields are null. type(2)- type field should be filled in. code(3)- code field should be filled in. type-code(4)- not only type fileld but code field should be filled in. " ::= { swACLIpEntry 8 } swACLIpIgmpOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates Options of IGMP is examined or not." ::= { swACLIpEntry 9 } swACLIpTcpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered address of TCP. other(1) - Neither source port nor destination port are masked. dst-addr(2) - recieved frames's destination port are currently used to be filtered . src-addr(3) - recieved frames's source port are currently used to be filtered . dst-src-addr(4) - both recieved frames's destination port and source port are currently used to be filtered ." ::= { swACLIpEntry 10 } swACLIpUdpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered address of UDP . other(1) - Neither source port nor destination port are masked. dst-addr(2) - recieved frames's destination port are currently used to be filtered . src-addr(3) - recieved frames's source port are currently used to be filtered . dst-src-addr(4) - recieved frames's destination port or source port are currently used to be filtered." ::= { swACLIpEntry 11 } swACLIpTCPorUDPSrcPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the source port if swACLIpUseProtoType is TCP Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP. " ::= { swACLIpEntry 12 } swACLIpTCPorUDPDstPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the destination port if swACLIpUseProtoType is TCP Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP." ::= { swACLIpEntry 13 } swACLIpTCPFlagBit OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP connection flag mask." ::= { swACLIpEntry 14 } swACLIpProtoIDOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine each frame's Protocol ID field or not." ::= { swACLIpEntry 16 } swACLIpProtoIDMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the mask options behind the IP header." ::= { swACLIpEntry 17 } --del by ynot 2-19 --swACLIpPermit OBJECT-TYPE -- SYNTAX INTEGER { -- deny(1), -- permit(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates filter is permit or deny; -- default is permit(1)" -- ::= { swACLIpEntry 18 } --add by ynot swACLIpPort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the portlist of this entry." ::= { swACLIpEntry 18 } swACLIpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpEntry 19 } --add 6-2 swACLIpTCPFlagBitMask OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offers. The value is a sum. This sum initially takes the value zero, Then, for each flag, L, in the range 1 through 6, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example,it you want to enable urg bit and ack bit,you should set vlaue 48(2^(5-1) + 2^(6-1))." ::= { swACLIpEntry 115 } --**************************************************************************** --swACLPayloadEntry --add by ynot --**************************************************************************** swACLPayloadTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPayloadEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL mask of payload information." ::= { swAclMaskMgmt 3 } swACLPayloadEntry OBJECT-TYPE SYNTAX SwACLPayloadEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This Entry contain ACL mask of payload information." INDEX { swACLPayloadProfileID } ::= { swACLPayloadTable 1 } SwACLPayloadEntry ::= SEQUENCE { swACLPayloadProfileID INTEGER, swACLPayloadPort PortList, swACLPayloadOffSet0to15 OCTET STRING, swACLPayloadOffSet16to31 OCTET STRING, swACLPayloadOffSet32to47 OCTET STRING, swACLPayloadOffSet48to63 OCTET STRING, swACLPayloadOffSet64to79 OCTET STRING, --swACLOffSet16to19 --OCTET STRING, -- swACLOffSet20to23 -- OCTET STRING, -- swACLOffSet24to27 -- OCTET STRING, --swACLOffSet28to31 -- OCTET STRING, -- swACLOffSet32to35 -- OCTET STRING, -- swACLOffSet36to39 -- OCTET STRING, -- swACLOffSet40to43 -- OCTET STRING, -- swACLOffSet44to47 -- OCTET STRING, -- swACLOffSet48to51 -- OCTET STRING, -- swACLOffSet52to55 -- OCTET STRING, -- swACLOffSet56to59 -- OCTET STRING, -- swACLOffSet60to63 -- OCTET STRING, -- swACLOffSet64to67 -- OCTET STRING, -- swACLOffSet68to71 -- OCTET STRING, -- swACLOffSet72to75 -- OCTET STRING, -- swACLOffSet76to79 -- OCTET STRING, swACLPayloadRowStatus RowStatus } swACLPayloadProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swACLPayloadEntry 1 } swACLPayloadPort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "The portlist of ACL mask entry ." ::= { swACLPayloadEntry 2 } swACLPayloadOffSet0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL mask entry ." ::= { swACLPayloadEntry 3 } swACLPayloadOffSet16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL mask entry ." ::= { swACLPayloadEntry 4 } swACLPayloadOffSet32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL mask entry ." ::= { swACLPayloadEntry 5 } swACLPayloadOffSet48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL mask entry ." ::= { swACLPayloadEntry 6 } swACLPayloadOffSet64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL mask entry ." ::= { swACLPayloadEntry 7 } --swACLOffSet16to19 OBJECT-TYPE --SYNTAX OCTET STRING --MAX-ACCESS read-create -- STATUS current --DESCRIPTION -- "" -- ::= { swACLPayloadEntry 3 } -- swACLOffSet20to23 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadEntry 4 } -- swACLOffSet24to27 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadEntry 5 } --swACLOffSet28to31 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadEntry 6 } --swACLOffSet32to35 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadEntry 7 } -- swACLOffSet36to39 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadEntry 8 } -- swACLOffSet40to43 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadEntry 9 } --swACLOffSet44to47 OBJECT-TYPE --SYNTAX OCTET STRING --MAX-ACCESS read-create --STATUS current -- DESCRIPTION -- "" --::= { swACLPayloadEntry 10 } --swACLOffSet48to51 OBJECT-TYPE --SYNTAX OCTET STRING --MAX-ACCESS read-create --STATUS current --DESCRIPTION -- "" --::= { swACLPayloadEntry 11 } -- swACLOffSet52to55 OBJECT-TYPE --SYNTAX OCTET STRING --MAX-ACCESS read-create --STATUS current --DESCRIPTION -- "" -- ::= { swACLPayloadEntry 12 } --swACLOffSet56to59 OBJECT-TYPE --SYNTAX OCTET STRING --MAX-ACCESS read-create --STATUS current --DESCRIPTION -- "" --::= { swACLPayloadEntry 13 } --swACLOffSet60to63 OBJECT-TYPE --SYNTAX OCTET STRING --MAX-ACCESS read-create --STATUS current --DESCRIPTION -- "" --::= { swACLPayloadEntry 14 } -- swACLOffSet64to67 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create --STATUS current --DESCRIPTION -- "" --::= { swACLPayloadEntry 15 } --swACLOffSet68to71 OBJECT-TYPE --SYNTAX OCTET STRING --MAX-ACCESS read-create --STATUS current --DESCRIPTION -- "" --::= { swACLPayloadEntry 16 } --swACLOffSet72to75 OBJECT-TYPE --SYNTAX OCTET STRING --MAX-ACCESS read-create --STATUS current --DESCRIPTION -- "" --::= { swACLPayloadEntry 17 } --swACLOffSet76to79 OBJECT-TYPE --SYNTAX OCTET STRING --MAX-ACCESS read-create --STATUS current --DESCRIPTION -- "" -- ::= { swACLPayloadEntry 18 } swACLPayloadRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of the entry ." ::= {swACLPayloadEntry 8} --*************************************************************************** --swACLEtherRuleTable --*************************************************************************** swACLEtherRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL rule of ethernet information." ::= { swAclRuleMgmt 1 } swACLEtherRuleEntry OBJECT-TYPE SYNTAX SwACLEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL rule of the layer 2 part of each packet." INDEX { swACLEtherRuleProfileID,swACLEtherRuleAccessID } ::= { swACLEtherRuleTable 1 } SwACLEtherRuleEntry ::= SEQUENCE { swACLEtherRuleProfileID INTEGER, swACLEtherRuleAccessID INTEGER, swACLEtherRuleVlan SnmpAdminString, swACLEtherRuleSrcMacAddress MacAddress, swACLEtherRuleDstMacAddress MacAddress, swACLEtherRule8021P INTEGER, swACLEtherRuleEtherType OCTET STRING, swACLEtherRuleEnablePriority INTEGER, swACLEtherRulePriority INTEGER, swACLEtherRuleReplacePriority INTEGER, swACLEtherRuleEnableReplaceDscp INTEGER, swACLEtherRuleRepDscp INTEGER, --add by ynot --swACLEtherRulePort --PortList, swACLEtherRulePermit INTEGER, swACLEtherRuleRowStatus RowStatus } swACLEtherRuleProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swACLEtherRuleEntry 1 } swACLEtherRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL rule entry relate to swACLEtherRuleProfileID." ::= { swACLEtherRuleEntry 2 } swACLEtherRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only to this VLAN." ::= { swACLEtherRuleEntry 3 } swACLEtherRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only packets with this source MAC address." ::= { swACLEtherRuleEntry 4 } swACLEtherRuleDstMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only packets with this destination MAC address." ::= { swACLEtherRuleEntry 5 } swACLEtherRule8021P OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with this 802.1p priority value." ::= { swACLEtherRuleEntry 6 } swACLEtherRuleEtherType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with this hexidecimal 802.1Q Ethernet type value in the packet header." ::= { swACLEtherRuleEntry 7 } swACLEtherRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with priority value." ::= { swACLEtherRuleEntry 8 } swACLEtherRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the priority will change to the packets while the swACLEtherRuleReplacePriority is enabled ." ::= { swACLEtherRuleEntry 9 } swACLEtherRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the packets that match the access profile will changed the 802.1p priority tag field by the switch or not ." ::= { swACLEtherRuleEntry 10 } swACLEtherRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the packets that match the access profile will replaced the DSCP field by the switch or not ." ::= { swACLEtherRuleEntry 11 } swACLEtherRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLEtherRuleEntry 12 } --add by ynot --swACLEtherRulePort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLEtherRuleEntry 13 } swACLEtherRulePermit OBJECT-TYPE SYNTAX INTEGER{ deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the permit status of this entry." ::= { swACLEtherRuleEntry 14 } swACLEtherRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLEtherRuleEntry 15 } --*************************************************************************** --swACLIpRuleTable --*************************************************************************** swACLIpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { swAclRuleMgmt 2 } swACLIpRuleEntry OBJECT-TYPE SYNTAX SwACLIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { swACLIpRuleProfileID , swACLIpRuleAccessID } ::= { swACLIpRuleTable 1 } SwACLIpRuleEntry ::= SEQUENCE { swACLIpRuleProfileID INTEGER, swACLIpRuleAccessID INTEGER, swACLIpRuleVlan SnmpAdminString, swACLIpRuleSrcIpaddress IpAddress, swACLIpRuleDstIpaddress IpAddress, swACLIpRuleDscp INTEGER, swACLIpRuleProtocol INTEGER, swACLIpRuleType INTEGER, swACLIpRuleCode INTEGER, swACLIpRuleSrcPort INTEGER, swACLIpRuleDstPort INTEGER, swACLIpRuleFlagBits INTEGER, swACLIpRuleProtoID INTEGER, swACLIpRuleUserMask OCTET STRING, swACLIpRuleEnablePriority INTEGER, swACLIpRulePriority INTEGER, swACLIpRuleReplacePriority INTEGER, swACLIpRuleEnableReplaceDscp INTEGER, swACLIpRuleRepDscp INTEGER, --add by ynot --swACLIpRulePort -- PortList, swACLIpRulePermit INTEGER, swACLIpRuleRowStatus RowStatus } swACLIpRuleProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swACLIpRuleEntry 1 } swACLIpRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of ACL IP rule entry ." ::= { swACLIpRuleEntry 2 } swACLIpRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only to this VLAN." ::= { swACLIpRuleEntry 3 } swACLIpRuleSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specific an IP source address." ::= { swACLIpRuleEntry 4 } swACLIpRuleDstIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specific an IP destination address." ::= { swACLIpRuleEntry 5 } swACLIpRuleDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the value of dscp, the value can be configured 0 to 63" ::= { swACLIpRuleEntry 6 } swACLIpRuleProtocol OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the IP protocol which has been configured in swACLIpEntry ." ::= { swACLIpRuleEntry 7 } swACLIpRuleType OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the value of icmp type traffic." ::= { swACLIpRuleEntry 8 } swACLIpRuleCode OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the value of icmp code traffic." ::= { swACLIpRuleEntry 9 } swACLIpRuleSrcPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies the range of tcp/udp source port" ::= { swACLIpRuleEntry 10 } swACLIpRuleDstPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the range of tcp/udp destination port range" ::= { swACLIpRuleEntry 11 } swACLIpRuleFlagBits OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offers. The value is a sum. This sum initially takes the value zero, Then, for each flag, L, in the range 1 through 6, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 rsh bit 3 rst bit 2 syn bit 1 fin bit For example,it you want to enable urg bit and ack bit,you should set vlaue 48(2^(5-1) + 2^(6-1))." ::= { swACLIpRuleEntry 12 } swACLIpRuleProtoID OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the value of ip protocol id traffic" ::= { swACLIpRuleEntry 13 } swACLIpRuleUserMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the ip protocol id and the range of options behind the IP header." ::= { swACLIpRuleEntry 14 } swACLIpRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with priority value." ::= { swACLIpRuleEntry 15 } swACLIpRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access profile will apply to packets that contain this value in their 802.1p priority field of their header." ::= { swACLIpRuleEntry 16 } swACLIpRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the packets that match the access profile will changed the 802.1p priority tag field by the switch or not ." ::= { swACLIpRuleEntry 17 } swACLIpRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicate weather the DSCP field can be over-write or not. " ::= { swACLIpRuleEntry 18 } swACLIpRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLIpRuleEntry 19 } --add by ynot --swACLIpRulePort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLIpRuleEntry 20 } swACLIpRulePermit OBJECT-TYPE SYNTAX INTEGER{ deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLIpRuleEntry 21 } swACLIpRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpRuleEntry 22 } --**************************************************************************** --swACLPayloadEntry --add by ynot --**************************************************************************** swACLPayloadRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPayloadRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { swAclRuleMgmt 3 } swACLPayloadRuleEntry OBJECT-TYPE SYNTAX SwACLPayloadRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { swACLPayloadRuleProfileID,swACLPayloadRuleAccessID } ::= { swACLPayloadRuleTable 1 } SwACLPayloadRuleEntry ::= SEQUENCE { swACLPayloadRuleProfileID INTEGER, swACLPayloadRuleAccessID INTEGER, swACLPayloadRuleOffSet0to15 OCTET STRING, swACLPayloadRuleOffSet16to31 OCTET STRING, swACLPayloadRuleOffSet32to47 OCTET STRING, swACLPayloadRuleOffSet48to63 OCTET STRING, swACLPayloadRuleOffSet64to79 OCTET STRING, -- swACLRulePayloadPort -- PortList, --swACLRuleOffSet16to19 -- OCTET STRING, --swACLRuleOffSet20to23 -- OCTET STRING, -- swACLRuleOffSet24to27 -- OCTET STRING, --swACLRuleOffSet28to31 -- OCTET STRING, -- swACLRuleOffSet32to35 -- OCTET STRING, -- swACLRuleOffSet36to39 -- OCTET STRING, -- swACLRuleOffSet40to43 -- OCTET STRING, -- swACLRuleOffSet44to47 -- OCTET STRING, -- swACLRuleOffSet48to51 -- OCTET STRING, -- swACLRuleOffSet52to55 -- OCTET STRING, -- swACLRuleOffSet56to59 -- OCTET STRING, -- swACLRuleOffSet60to63 -- OCTET STRING, -- swACLRuleOffSet64to67 -- OCTET STRING, -- swACLRuleOffSet68to71 -- OCTET STRING, -- swACLRuleOffSet72to75 -- OCTET STRING, -- swACLRuleOffSet76to79 -- OCTET STRING, swACLPayloadRuleEnablePriority INTEGER, swACLPayloadRulePriority INTEGER, swACLPayloadRuleReplacePriority INTEGER, swACLPayloadRuleEnableReplaceDscp INTEGER, swACLPayloadRuleRepDscp INTEGER, swACLPayloadRulePermit INTEGER, swACLPayloadRuleRowStatus RowStatus } swACLPayloadRuleProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL RULE entry ,and is unique in the mask list." ::= { swACLPayloadRuleEntry 1 } swACLPayloadRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "th id of the entry " ::= { swACLPayloadRuleEntry 2 } --swACLRulePayloadPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 3 } swACLPayloadRuleOffSet0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL rule entry ." ::= { swACLPayloadRuleEntry 4 } swACLPayloadRuleOffSet16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL rule entry ." ::= { swACLPayloadRuleEntry 5 } swACLPayloadRuleOffSet32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL rule entry ." ::= { swACLPayloadRuleEntry 6 } swACLPayloadRuleOffSet48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL rule entry ." ::= { swACLPayloadRuleEntry 7 } swACLPayloadRuleOffSet64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL rule entry ." ::= { swACLPayloadRuleEntry 8 } -- swACLRuleOffSet36to39 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 9 } -- swACLRuleOffSet40to43 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 10 } --swACLRuleOffSet44to47 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 11 } --swACLRuleOffSet48to51 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 12 } -- swACLRuleOffSet52to55 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 13 } -- swACLRuleOffSet56to59 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 14 } -- swACLRuleOffSet60to63 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 15 } -- swACLRuleOffSet64to67 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 16 } -- swACLRuleOffSet68to71 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 17 } -- swACLRuleOffSet72to75 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 18 } -- swACLRuleOffSet76to79 OBJECT-TYPE -- SYNTAX OCTET STRING -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "" -- ::= { swACLPayloadRuleEntry 19 } swACLPayloadRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 9 } swACLPayloadRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access profile will apply to packets that contain this value in their 802.1p priority field of their header." ::= { swACLPayloadRuleEntry 10 } swACLPayloadRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 11 } swACLPayloadRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicate wether the DSCP field can be over-write or not " ::= { swACLPayloadRuleEntry 12 } swACLPayloadRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLPayloadRuleEntry 13 } swACLPayloadRulePermit OBJECT-TYPE SYNTAX INTEGER{ deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The offset of ACL rule entry ." ::= { swACLPayloadRuleEntry 14 } swACLPayloadRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of ACL rule entry ." ::= { swACLPayloadRuleEntry 15 } END