-- ACLMGMT mib -- Draft Ver 0.3 2003/3/30 04:04¤U¤È -- History: -- Index in the Mask and Rule table, change their ACCESS from read-create to read-only -- -------------------------------------------------------------------------------------- -- Draft Ver 0.1 2003/2/27 02:44¤U¤È by Scott Sung -- Draft Ver 0.2 2003/3/12 10:43¤U¤È by Richard Chang -- Draft Ver 0.3 2003/8/13 10:43¤U¤È by Scott Sung ,add swACLIpTCPFlagBit for DGS3x12S -- -------------------------------------------------------------------------------------- SW-DES3x50-ACLMGMT-MIB DEFINITIONS ::= BEGIN IMPORTS Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE, MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32 FROM SNMPv2-SMI MacAddress, RowStatus FROM SNMPv2-TC DisplayString FROM RFC1213-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB PortList FROM Q-BRIDGE-MIB dlink-mgmt FROM DLINK-ID-REC-MIB; swAclMgmtMIB MODULE-IDENTITY LAST-UPDATED "0007150000Z" ORGANIZATION "enterprise, Inc." CONTACT-INFO " Customer Service Postal: Tel: E-mail: " DESCRIPTION "The Structure of Access Control List Information for the proprietary enterprise." ::= { dlink-mgmt 5 } swAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 } swAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 } --*************************************************************************** --swACLEthernetTable --*************************************************************************** swACLEthernetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL mask of Ethernet information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's layer 2 part of header the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields. " ::= { swAclMaskMgmt 1 } swACLEthernetEntry OBJECT-TYPE SYNTAX SwACLEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL of Ethernet." INDEX { swACLEthernetProfileID } ::= { swACLEthernetTable 1 } SwACLEthernetEntry ::= SEQUENCE { swACLEthernetProfileID INTEGER, swACLEthernetUsevlan INTEGER, swACLEthernetMacAddrMaskState INTEGER, swACLEthernetSrcMacAddrMask MacAddress, swACLEthernetDstMacAddrMask MacAddress, swACLEthernetUse8021p INTEGER, swACLEthernetUseEthernetType INTEGER, swACLEthernetPort PortList, swACLEthernetRowStatus RowStatus } swACLEthernetProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swACLEthernetEntry 1 } swACLEthernetUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine the VLAN part of each packet header." ::= { swACLEthernetEntry 2 } swACLEthernetMacAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-mac-addr(2), src-mac-addr(3), dst-src-mac-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of MAC address mask. other(1) - Neither source MAC address nor destination MAC address are masked. dst-mac-addr(2) - recieved frames's destination MAC address are currently used to be filtered as it meets with the MAC address entry of the table. src-mac-addr(3) - recieved frames's source MAC address are currently used to be filtered as it meets with the MAC address entry of the table. dst-src-mac-addr(4) - recieved frames's destination MAC address or source MAC address are currently used to be filtered as it meets with the MAC address entry of the table." ::= { swACLEthernetEntry 3 } swACLEthernetSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies the MAC address mask for the source MAC address." ::= { swACLEthernetEntry 4 } swACLEthernetDstMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies the MAC address mask for the destination MAC address." ::= { swACLEthernetEntry 5 } swACLEthernetUse8021p OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the 802.1p priority value in the frame's header or not." ::= { swACLEthernetEntry 6 } swACLEthernetUseEthernetType OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the Ethernet type value in each frame's header or not." ::= { swACLEthernetEntry 7 } swACLEthernetPort OBJECT-TYPE SYNTAX PortList(SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { swACLEthernetEntry 8 } swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLEthernetEntry 9 } --*************************************************************************** --swACLIpTable --*************************************************************************** swACLIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL mask of IP information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's IP layer part of header the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 2 } swACLIpEntry OBJECT-TYPE SYNTAX SwACLIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL of IP Layer." INDEX { swACLIpProfileID } ::= { swACLIpTable 1 } SwACLIpEntry ::= SEQUENCE { swACLIpProfileID INTEGER, swACLIpUsevlan INTEGER, swACLIpIpAddrMaskState INTEGER, swACLIpSrcIpAddrMask IpAddress, swACLIpDstIpAddrMask IpAddress, swACLIpUseDSCP INTEGER, swACLIpUseProtoType INTEGER, swACLIpIcmpOption INTEGER, swACLIpIgmpOption INTEGER, swACLIpTcpOption INTEGER, swACLIpUdpOption INTEGER, swACLIpTCPorUDPSrcPortMask OCTET STRING, swACLIpTCPorUDPDstPortMask OCTET STRING, swACLIpTCPFlagBit INTEGER, swACLIpProtoIDOption INTEGER, swACLIpProtoIDMask OCTET STRING, swACLIpPort PortList, swACLIpRowStatus RowStatus } swACLIpProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swACLIpEntry 1 } swACLIpUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if IP layer vlan is examined or not." ::= { swACLIpEntry 2 } swACLIpIpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ip-addr(2), src-ip-addr(3), dst-src-ip-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of IP address mask. other(1) - Neither source IP address nor destination IP address are masked. dst-ip-addr(2) - recieved frames's destination IP address are currently used to be filtered as it meets with the IP address entry of the table. src-ip-addr(3) - recieved frames's source IP address are currently used to be filtered as it meets with the IP address entry of the table. dst-src-ip-addr(4) - recieved frames's destination IP address or source IP address are currently used to be filtered as it meets with the IP address entry of the table." ::= { swACLIpEntry 3 } swACLIpSrcIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies IP address mask for the source IP address." ::= { swACLIpEntry 4 } swACLIpDstIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies the IP address mask for the destination IP address." ::= { swACLIpEntry 5 } swACLIpUseDSCP OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates DSCP protocol is is examined or not." ::= { swACLIpEntry 6 } swACLIpUseProtoType OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "That object indicates which protocol will be examined." ::= { swACLIpEntry 7 } swACLIpIcmpOption OBJECT-TYPE SYNTAX INTEGER { none(1), type(2), code(3), type-code(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which fields should be filled in of ICMP. none(1)- two fields are null. type(2)- type field should be filled in. code(3)- code field should be filled in. type-code(4)- not only type fileld but code field should be filled in. " ::= { swACLIpEntry 8 } swACLIpIgmpOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates Options of IGMP is examined or not." ::= { swACLIpEntry 9 } swACLIpTcpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered address of TCP. other(1) - Neither source port nor destination port are masked. dst-addr(2) - recieved frames's destination port are currently used to be filtered . src-addr(3) - recieved frames's source port are currently used to be filtered . dst-src-addr(4) - both recieved frames's destination port and source port are currently used to be filtered ." ::= { swACLIpEntry 10 } swACLIpUdpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered address of UDP . other(1) - Neither source port nor destination port are masked. dst-addr(2) - recieved frames's destination port are currently used to be filtered . src-addr(3) - recieved frames's source port are currently used to be filtered . dst-src-addr(4) - recieved frames's destination port or source port are currently used to be filtered." ::= { swACLIpEntry 11 } swACLIpTCPorUDPSrcPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the source port if swACLIpUseProtoType is TCP Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP. " ::= { swACLIpEntry 12 } swACLIpTCPorUDPDstPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the destination port if swACLIpUseProtoType is TCP Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP." ::= { swACLIpEntry 13 } swACLIpTCPFlagBit OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP connection flag mask." ::= { swACLIpEntry 14 } swACLIpProtoIDOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine each frame's Protocol ID field or not." ::= { swACLIpEntry 15 } swACLIpProtoIDMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the mask options behind the IP header." ::= { swACLIpEntry 16 } swACLIpPort OBJECT-TYPE SYNTAX PortList(SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { swACLIpEntry 17 } swACLIpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpEntry 18 } --**************************************************************************** --swACLPayloadEntry --**************************************************************************** swACLPayloadTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPayloadEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { swAclMaskMgmt 3 } swACLPayloadEntry OBJECT-TYPE SYNTAX SwACLPayloadEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { swACLPayloadProfileID } ::= { swACLPayloadTable 1 } SwACLPayloadEntry ::= SEQUENCE { swACLPayloadProfileID INTEGER, swACLPayloadOffSet0to15 OCTET STRING, swACLPayloadOffSet16to31 OCTET STRING, swACLPayloadOffSet32to47 OCTET STRING, swACLPayloadOffSet48to63 OCTET STRING, swACLPayloadOffSet64to79 OCTET STRING, swACLPayloadPort PortList, swACLPayloadRowStatus RowStatus } swACLPayloadProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "." ::= { swACLPayloadEntry 1 } swACLPayloadOffSet0to15 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { swACLPayloadEntry 2} swACLPayloadOffSet16to31 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { swACLPayloadEntry 3} swACLPayloadOffSet32to47 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { swACLPayloadEntry 4 } swACLPayloadOffSet48to63 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { swACLPayloadEntry 5 } swACLPayloadOffSet64to79 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { swACLPayloadEntry 6 } swACLPayloadPort OBJECT-TYPE SYNTAX PortList(SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= { swACLPayloadEntry 7 } swACLPayloadRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "." ::= {swACLPayloadEntry 8} --*************************************************************************** --swACLEtherRuleTable --*************************************************************************** swACLEtherRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL rule of ethernet information." ::= { swAclRuleMgmt 1 } swACLEtherRuleEntry OBJECT-TYPE SYNTAX SwACLEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL rule of the layer 2 part of each packet." INDEX { swACLEtherRuleProfileID,swACLEtherRuleAccessID } ::= { swACLEtherRuleTable 1 } SwACLEtherRuleEntry ::= SEQUENCE { swACLEtherRuleProfileID INTEGER, swACLEtherRuleAccessID INTEGER, swACLEtherRuleVlan SnmpAdminString, swACLEtherRuleSrcMacAddress MacAddress, swACLEtherRuleDstMacAddress MacAddress, swACLEtherRule8021P INTEGER, swACLEtherRuleEtherType OCTET STRING, swACLEtherRuleEnablePriority INTEGER, swACLEtherRulePriority INTEGER, swACLEtherRuleReplacePriority INTEGER, swACLEtherRuleEnableReplaceDscp INTEGER, swACLEtherRuleRepDscp INTEGER, swACLEtherRulePermit INTEGER, swACLEtherRuleRowStatus RowStatus } swACLEtherRuleProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swACLEtherRuleEntry 1 } swACLEtherRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL rule entry relate to swACLEtherRuleProfileID." ::= { swACLEtherRuleEntry 2 } swACLEtherRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only to this VLAN." ::= { swACLEtherRuleEntry 3 } swACLEtherRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only packets with this source MAC address." ::= { swACLEtherRuleEntry 4 } swACLEtherRuleDstMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only packets with this destination MAC address." ::= { swACLEtherRuleEntry 5 } swACLEtherRule8021P OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with this 802.1p priority value." ::= { swACLEtherRuleEntry 6 } swACLEtherRuleEtherType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with this hexidecimal 802.1Q Ethernet type value in the packet header." ::= { swACLEtherRuleEntry 7 } swACLEtherRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with priority value." ::= { swACLEtherRuleEntry 8 } swACLEtherRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the priority will change to the packets while the swACLEtherRuleReplacePriority is enabled ." ::= { swACLEtherRuleEntry 9 } swACLEtherRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the packets that match the access profile will changed the 802.1p priority tag field by the switch or not ." ::= { swACLEtherRuleEntry 10 } swACLEtherRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the packets that match the access profile will replaced the DSCP field by the switch or not ." ::= { swACLEtherRuleEntry 11 } swACLEtherRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLEtherRuleEntry 12 } swACLEtherRulePermit OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates resoult of examination is permit or deny;default is permit(1) permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that do not match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swACLEtherRuleEntry 13 } swACLEtherRuleRowStatus OBJECT-TYPE --swACLEtherRuleState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLEtherRuleEntry 14 } --*************************************************************************** --swACLIpRuleTable --*************************************************************************** swACLIpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." ::= { swAclRuleMgmt 2 } swACLIpRuleEntry OBJECT-TYPE SYNTAX SwACLIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "." INDEX { swACLIpRuleProfileID , swACLIpRuleAccessID } ::= { swACLIpRuleTable 1 } SwACLIpRuleEntry ::= SEQUENCE { swACLIpRuleProfileID INTEGER, swACLIpRuleAccessID INTEGER, swACLIpRuleVlan SnmpAdminString, swACLIpRuleSrcIpaddress IpAddress, swACLIpRuleDstIpaddress IpAddress, swACLIpRuleDscp INTEGER, swACLIpRuleProtocol INTEGER, swACLIpRuleType INTEGER, swACLIpRuleCode INTEGER, swACLIpRuleSrcPort INTEGER, swACLIpRuleDstPort INTEGER, swACLIpRuleFlagBits INTEGER, swACLIpRuleProtoID INTEGER, swACLIpRuleUserMask OCTET STRING, swACLIpRuleEnablePriority INTEGER, swACLIpRulePriority INTEGER, swACLIpRuleReplacePriority INTEGER, swACLIpRuleEnableReplaceDscp INTEGER, swACLIpRuleRepDscp INTEGER, swACLIpRulePermit INTEGER, swACLIpRuleRowStatus RowStatus } swACLIpRuleProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swACLIpRuleEntry 1 } swACLIpRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of ACL IP rule entry ." ::= { swACLIpRuleEntry 2 } swACLIpRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only to this VLAN." ::= { swACLIpRuleEntry 3 } swACLIpRuleSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specific an IP source address." ::= { swACLIpRuleEntry 4 } swACLIpRuleDstIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specific an IP destination address." ::= { swACLIpRuleEntry 5 } swACLIpRuleDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the value of dscp, the value can be configured 0 to 63" ::= { swACLIpRuleEntry 6 } swACLIpRuleProtocol OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the IP protocol which has been configured in swACLIpEntry ." ::= { swACLIpRuleEntry 7 } swACLIpRuleType OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the value of icmp type traffic." ::= { swACLIpRuleEntry 8 } swACLIpRuleCode OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the value of icmp code traffic." ::= { swACLIpRuleEntry 9 } swACLIpRuleSrcPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies the range of tcp/udp source port" ::= { swACLIpRuleEntry 10 } swACLIpRuleDstPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the range of tcp/udp destination port range" ::= { swACLIpRuleEntry 11 } swACLIpRuleFlagBits OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offers. The value is a sum. This sum initially takes the value zero, Then, for each flag, L, in the range 1 through 6, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 rsh bit 3 rst bit 2 syn bit 1 fin bit For example,it you want to enable urg bit and ack bit,you should set vlaue 48(2^(5-1) + 2^(6-1))." ::= { swACLIpRuleEntry 12 } swACLIpRuleProtoID OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the value of ip protocol id traffic" ::= { swACLIpRuleEntry 13 } swACLIpRuleUserMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the ip protocol id and the range of options behind the IP header." ::= { swACLIpRuleEntry 14 } swACLIpRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with priority value." ::= { swACLIpRuleEntry 15 } swACLIpRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access profile will apply to packets that contain this value in their 802.1p priority field of their header." ::= { swACLIpRuleEntry 16 } swACLIpRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the packets that match the access profile will changed the 802.1p priority tag field by the switch or not ." ::= { swACLIpRuleEntry 17 } swACLIpRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicate weather the DSCP field can be over-write or not. " ::= { swACLIpRuleEntry 18 } swACLIpRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLIpRuleEntry 19 } swACLIpRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates filter is permit or deny; default is permit(1)" ::= { swACLIpRuleEntry 20 } swACLIpRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpRuleEntry 21 } --**************************************************************************** --swACLPayloadEntry --**************************************************************************** swACLPayloadRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPayloadRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { swAclRuleMgmt 3 } swACLPayloadRuleEntry OBJECT-TYPE SYNTAX SwACLPayloadRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { swACLPayloadRuleProfileID,swACLPayloadRuleAccessID } ::= { swACLPayloadRuleTable 1 } SwACLPayloadRuleEntry ::= SEQUENCE { swACLPayloadRuleProfileID INTEGER, swACLPayloadRuleAccessID INTEGER, swACLPayloadRuleOffSet0to15 OCTET STRING, swACLPayloadRuleOffSet16to31 OCTET STRING, swACLPayloadRuleOffSet32to47 OCTET STRING, swACLPayloadRuleOffSet48to63 OCTET STRING, swACLPayloadRuleOffSet64to79 OCTET STRING, swACLPayloadRuleEnablePriority INTEGER, swACLPayloadRulePriority INTEGER, swACLPayloadRuleReplacePriority INTEGER, swACLPayloadRuleEnableReplaceDscp INTEGER, swACLPayloadRuleRepDscp INTEGER, swACLPayloadRulePermit INTEGER, swACLPayloadRuleRowStatus RowStatus } swACLPayloadRuleProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 1 } swACLPayloadRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 2 } swACLPayloadRuleOffSet0to15 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 3 } swACLPayloadRuleOffSet16to31 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 4 } swACLPayloadRuleOffSet32to47 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 5 } swACLPayloadRuleOffSet48to63 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 6 } swACLPayloadRuleOffSet64to79 OBJECT-TYPE SYNTAX OCTET STRING(SIZE (16)) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 7 } swACLPayloadRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 8 } swACLPayloadRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access profile will apply to packets that contain this value in their 802.1p priority field of their header." ::= { swACLPayloadRuleEntry 9 } swACLPayloadRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 10 } swACLPayloadRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicate wether the DSCP field can be over-write or not " ::= { swACLPayloadRuleEntry 11 } swACLPayloadRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLPayloadRuleEntry 12 } swACLPayloadRulePermit OBJECT-TYPE SYNTAX INTEGER{ permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 13 } swACLPayloadRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swACLPayloadRuleEntry 14 } END