-- ============================================================================ -- Copyright (C) 2015 by HUAWEI TECHNOLOGIES. All rights reserved. -- Description: The MIB is used for configuring ACL rules.An access control list (ACL) -- is used to filter the specified data packets according to a series of -- matching rules configured in the ACL packets so that undesired data -- packets can be identified. By using the matching rules, network devices -- can permit or deny the matching data packets to pass. -- Reference: -- Version: V3.32 -- ============================================================================ HUAWEI-DSLAM-ACL-MIB DEFINITIONS ::= BEGIN IMPORTS huaweiMgmt FROM HUAWEI-MIB IpAddress, Integer32, Unsigned32, Counter32, OBJECT-TYPE, MODULE-IDENTITY,NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, TruthValue, MacAddress FROM SNMPv2-TC; hwAcl MODULE-IDENTITY LAST-UPDATED "201508290000Z" ORGANIZATION "Huawei Technologies Co.,Ltd." CONTACT-INFO "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com " DESCRIPTION "The MIB is used for configuring ACL rules. An access control list (ACL) is used to filter the specified data packets according to a series of matching rules configured in the ACL packets so that undesired data packets can be identified. By using the matching rules, network devices can permit or deny the matching data packets to pass." -- Revision history REVISION "201509140000Z" DESCRIPTION "V3.32, modified the description of hwAclActiveDirection." REVISION "201508290000Z" DESCRIPTION "V3.31, modified the value range of hwAclActiveDirection." REVISION "201507030000Z" DESCRIPTION "V3.30, deleted hwAclActiveToCPU in hwAclActiveTable." REVISION "201506270000Z" DESCRIPTION "V3.29, added hwAclActiveToCPU in hwAclActiveTable." REVISION "201407080000Z" DESCRIPTION "V3.28, modified the description and value range of hwAclActiveAclIndex." REVISION "201406100000Z" DESCRIPTION "V3.27, modified the mib file name and the max-access of some leaves" REVISION "201312310000Z" DESCRIPTION "V3.26, modified the description of V3.25" REVISION "201202100000Z" DESCRIPTION "V3.25, modified the description of some leaves of hwAclNumGroupTable, hwAclAdvancedRuleTable, hwAclLinkTable, hwAclUserTable, hwAclActiveTable." REVISION "201109301200Z" DESCRIPTION "V3.24, modified the description of hwAclActiveAclIndex." REVISION "201109101200Z" DESCRIPTION "V3.23, modified the description of hwAclActiveTable." REVISION "201107211200Z" DESCRIPTION "V3.22, added hwAclNumGroupAclType and hwAclNumGroupAclNumAllocMethod in hwAclNumGroupTable to allocate the ACL group index automatically." REVISION "201101170000Z" DESCRIPTION "V3.21, added hwAclActiveIpv6AclNum and hwAclActiveIpv6AclSubitem in hwAclActiveTable, modified data type definition and description of hwAclUserFrameType in hwAclUserEntry." REVISION "201011200000Z" DESCRIPTION "V3.20, modified the description of hwAclLinkVlanPri and hwAclLinkInnerVlanPri." REVISION "201011090000Z" DESCRIPTION "V3.19, modified the description of some leaves of hwAclNumGroupTable, hwAclBasicRuleTable hwAclAdvancedRuleTable, hwAclLinkTable, hwAclUserTable, hwAclActiveTable." REVISION "201007130000Z" DESCRIPTION "V3.18, modified description." REVISION "201004250000Z" DESCRIPTION "V3.17, modified the description of all leaves." REVISION "201003250000Z" DESCRIPTION "V3.16, modified the description of all leaves." REVISION "201002101100Z" DESCRIPTION "V3.15, modified format of enumerations." REVISION "201001181100Z" DESCRIPTION "V3.14, added hwAclLinkInnerVlanPri and hwAclLinkSrcInnerVlanId in hwAclLinkTable. Modified the description of hwAclUserFrameType's value." REVISION "201001211500Z" DESCRIPTION "V3.13, cleared compiling warning." REVISION "200912241100Z" DESCRIPTION "V3.12, modified datatype definition and description of objects." REVISION "200912020000Z" DESCRIPTION "V3.11, added hwAclUserPriority in hwAclUserTable, add hwAclLinkPriority in hwAclLinkTable, added hwAclAdvancedPriority in hwAclAdvancedRuleTable, and added hwAclBasicPriority in hwAclBasicRuleTable." REVISION "200810230000Z" DESCRIPTION "V3.04, added hwAclUserFrameType in hwAclUserEntry." REVISION "200803290000Z" DESCRIPTION "V2.03, modified description of hwAclActiveIfIndex." REVISION "200512130000Z" DESCRIPTION "V2.00, initial revision." ::= { huaweiMgmt 1 } -- 1.3.6.1.4.1.2011.5.1.1 hwAclMibObjects OBJECT IDENTIFIER ::= { hwAcl 1 } -- 1.3.6.1.4.1.2011.5.1.1.2 hwAclNumGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclNumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the configured ACL rule groups in the system and basic information about each group, such as the number of rules, steps, and ACL rule descriptions. The index of this table is hwAclNumGroupAclNum. " ::= { hwAclMibObjects 2 } -- 1.3.6.1.4.1.2011.5.1.1.2.1 hwAclNumGroupEntry OBJECT-TYPE SYNTAX HwAclNumGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the configured ACL rule groups in the system and basic information about each group, such as the number of rules, steps, and ACL rule descriptions. The index of this entry is hwAclNumGroupAclNum. " INDEX { hwAclNumGroupAclNum } ::= { hwAclNumGroupTable 1 } HwAclNumGroupEntry ::= SEQUENCE { hwAclNumGroupAclNum Integer32, hwAclNumGroupMatchOrder INTEGER, hwAclNumGroupSubitemNum Counter32, hwAclNumGroupStep Integer32, hwAclNumGroupDescription OCTET STRING, hwAclNumGroupCountClear INTEGER, hwAclNumGroupRowStatus RowStatus, hwAclNumGroupAclType INTEGER, hwAclNumGroupAclNumAllocMethod INTEGER } -- 1.3.6.1.4.1.2011.5.1.1.2.1.1 hwAclNumGroupAclNum OBJECT-TYPE SYNTAX Integer32 (-1|2000..5999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Uniquely identifies an ACL rule group. Range: 2000-5999, -1 The ACL rule groups with indexes ranging from 2000 to 2999 are basic ACL rule groups. When hwAclBasicRuleTable is used to create basic ACL rules, a basic ACL rule group with an index of the specified hwAclBasicAclNum value must be created through hwAclNumGroupTable. The ACL rule groups with indexes ranging from 3000 to 3999 are advanced ACL rule groups. When hwAclAdvancedRuleTable is used to create advanced ACL rule, an advanced ACL rule group with an index of the specified hwAclAdvancedAclNum value must be created through hwAclNumGroupTable. The ACL rule groups with indexes ranging from 4000 to 4999 are L2 ACL rule groups. When hwAclLinkTable is used to create layer 2 ACL rules, layer 2 ACL rule group with an index of the specified hwAclLinkAclNum value must be created through hwAclNumGroupTable. The ACL rule groups with indexes ranging from 5000 to 5999 are user-defined ACL rule groups. When hwAclUserTable is used to create user-defined ACL rules, a user-defined ACL rule group with an index of the specified hwAclUserAclNum value must be created through hwAclNumGroupTable. The value -1 means to allocate the group index automatically, which is only valid in the set operation. " ::= { hwAclNumGroupEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.2 hwAclNumGroupMatchOrder OBJECT-TYPE SYNTAX INTEGER { config(1), auto(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the priority order of an ACL rule group. Options: 1. config(1) -the priority order of an ACL rule group is configuration order 2. auto(2) -the priority order of an ACL rule group is auto Currently, this leaf is read-only. The value is fixed to config(1), that is, the configuration order. " ::= { hwAclNumGroupEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.3 hwAclNumGroupSubitemNum OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the number of ACL rules in an ACL rule group. This leaf is read-only. The value increases by one when an ACL rule is added to the ACL rule group. " ::= { hwAclNumGroupEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.4 hwAclNumGroupStep OBJECT-TYPE SYNTAX Integer32 (1..20) MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the step of adding ACL rules to an ACL rule group. Range: 1-20 When an ACL rule is added and its ID is not specified, the ID of the ACL rule is: step+last ACL rule ID. If a user does not enter a value for hwAclNumGroupStep, the system uses the value 5 by default. " DEFVAL { 5 } ::= { hwAclNumGroupEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.5 hwAclNumGroupDescription OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..127)) MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the description of an ACL rule group. It is used for users to identify different ACL rule groups. Up to 127 characters are supported. If hwAclNumGroupDescription is not set, the description is null by default. " ::= { hwAclNumGroupEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.6 hwAclNumGroupCountClear OBJECT-TYPE SYNTAX INTEGER { cleared(1), nouse(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Used for clearing the software statistics of an ACL rule group. Options: 1. cleared(1) -clear the software statistics of an ACL rule group 2. nouse(2) -indicates no operation To clear the software statistics of an ACL rule group, set hwAclNumGroupCountClear to cleared(1) and hwAclNumGroupRowStatus to createAndGo(4). When this leaf is queried, the value is fixed to cleared(1). " ::= { hwAclNumGroupEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.7 hwAclNumGroupRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. Options: 1. active(1) -when this leaf is queried, the value is fixed to active(1). 2. createAndGo(4) -create an ACL rule group 3. destroy(6) -delete an ACL rule group It is used for creating or deleting an ACL rule group, and clearing the software statistics of an ACL rule group. To create an ACL rule group, set hwAclNumGroupRowStatus to createAndGo(4). The hwAclNumGroupStep and hwAclNumGroupDescription parameters are optional. To delete an ACL rule group, set hwAclNumGroupRowStatus to destroy(6). To clear the software statistics of an ACL rule group, set hwAclNumGroupCountClear to cleared(1) and hwAclNumGroupRowStatus to createAndGo(4). When this leaf is queried, the value is fixed to active(1). " ::= { hwAclNumGroupEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.8 hwAclNumGroupAclType OBJECT-TYPE SYNTAX INTEGER { basicAcl(2), advAcl(3), linkAcl(4), userAcl(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "indicates the type of the ACL group. Options: 1. basicAcl(2) -Indicates that the type of the ACL group is basic. 2. advAcl(3) -Indicates that the type of the ACL group is advanced. 3. linkAcl(4) -Indicates that the type of the ACL group is link. 4. userAcl(5) -Indicates that the type of the ACL group is user-defined. " ::= { hwAclNumGroupEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.2.1.9 hwAclNumGroupAclNumAllocMethod OBJECT-TYPE SYNTAX INTEGER { minFreeId(1), maxFreeId(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "indicates the method of allocating the ACL group index automatically. When this leaf is queried, the value is fixed to minFreeId(1). Options: 1. minFreeId(1) -means to allocate the ACL group index from the minimal free index. 2. maxFreeId(2) -means to allocate the ACL group index from the maximal free index. Default: minFreeId(1) " ::= { hwAclNumGroupEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.4 hwAclBasicRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclBasicRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the details about a basic ACL rule in a basic ACL rule group, including the source IP address, mask, and other attributes of the rule. The indexes of this table are hwAclBasicAclNum and hwAclBasicSubitem. hwAclBasicAclNum is the ID of a basic ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable. hwAclBasicSubitem is the ID of a basic ACL rule in the basic ACL rule group. " ::= { hwAclMibObjects 4 } -- 1.3.6.1.4.1.2011.5.1.1.4.1 hwAclBasicRuleEntry OBJECT-TYPE SYNTAX HwAclBasicRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the details about a basic ACL rule in a basic ACL rule group, including the source IP address, mask, and other attributes of the rule. The indexes of this entry are hwAclBasicAclNum and hwAclBasicSubitem. hwAclBasicAclNum is the ID of a basic ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable. hwAclBasicSubitem is the ID of a basic ACL rule in the basic ACL rule group. " INDEX { hwAclBasicAclNum, hwAclBasicSubitem } ::= { hwAclBasicRuleTable 1 } HwAclBasicRuleEntry ::= SEQUENCE { hwAclBasicAclNum Integer32, hwAclBasicSubitem Unsigned32, hwAclBasicAct INTEGER, hwAclBasicSrcIp IpAddress, hwAclBasicSrcWild IpAddress, hwAclBasicTimeRangeIndex Integer32, hwAclBasicFragments TruthValue, hwAclBasicLog TruthValue, hwAclBasicEnable TruthValue, hwAclBasicCount Counter32, hwAclBasicCountClear INTEGER, hwAclBasicRowStatus RowStatus, hwAclBasicPriority Integer32 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.1 hwAclBasicAclNum OBJECT-TYPE SYNTAX Integer32 (2000..2999) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Uniquely identifies a basic ACL rule group. Range: 2000-2999 Make sure that the ID of the ACL rule group is already created in hwAclNumGroupTable. " ::= { hwAclBasicRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.2 hwAclBasicSubitem OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Describes the ID of a basic ACL rule in the basic ACL rule group, uniquely identifying a basic ACL rule. Range: 0-4294967295 In the create operation, if the value is 4294967295, the ID of a basic ACL rule is generated automatically. Otherwise, the ID of a basic ACL rule is already created according to the specified value. The automatically generated ID of an ACL rule depends on the value of hwAclNumGroupStep, which corresponds to a basic ACL rule group in hwAclNumGroupTable. The generated ID of an ACL rule equals the last basic ACL rule ID plus the value of hwAclNumGroupStep. " ::= { hwAclBasicRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.3 hwAclBasicAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the action of an ACL rule. Options: 1. permit(1) -indicates that the data packets that meet the conditions can pass 2. deny(2) -indicates that the data packets that meet the conditions are discarded " ::= { hwAclBasicRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.4 hwAclBasicSrcIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the source IP address or network segment of data frames that needs to match a basic ACL rule. You can set or not set it. If you do not set it, any source IP address matches the basic ACL rule. " ::= { hwAclBasicRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.5 hwAclBasicSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the mask of the source IP address or network segment of data frames that needs to match a basic ACL rule. To match the basic ACL rule with a subnet, use this parameter. The value of this parameter is the inverse mask of the source IP address. For example, 0.0.0.255 indicates that the first three bytes of the source IP address are the same as the value of hwAclBasicSrcIp. This leaf can be specified or not specified together with hwAclBasicSrcIp. If hwAclBasicSrcIp is configured, hwAclBasicSrcWild must be configured. This leaf, in the inverse mask mode, together with hwAclBasicSrcIp determines the source IP address segment to be matched. " ::= { hwAclBasicRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.6 hwAclBasicTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the time range index of a basic ACL rule. It is used when the effective time of a basic ACL rule needs to be configured. By default, the value is 0, which indicates invalid time. The index depends on hwTrngIndex in hwTrngCreateTimerangeTable. The value of hwAclBasicTimeRangeIndex must be created in hwTrngCreateTimerangeTable. " DEFVAL { 0 } ::= { hwAclBasicRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.7 hwAclBasicFragments OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Describes whether a basic ACL rule is effective on only non-tail fragment packets. Options: 1. true(1) -indicates that a basic ACL rule is effective on only non-tail fragment packets 2. false(2) -indicates that a basic ACL rule is effective on only non-fragment packets or tail packets of fragment packets Default: false(2) " ::= { hwAclBasicRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.8 hwAclBasicLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Describes whether to record the log of a basic ACL rule. Options: 1. true(1) -records the log of a basic ACL rule 2. false(2) -does not record the log of a basic ACL rule Currently, the log record function is not supported, and thus the value of this leaf does not take effect. " ::= { hwAclBasicRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.9 hwAclBasicEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Describes whether a basic ACL rule is valid. Options: 1. true(1) -a basic ACL rule is valid 2. false(2) -a basic ACL rule is invalid If the basic ACL rule is associated with a time range parameter through hwAclBasicTimeRangeIndex and the current time is within the defined time range, the value is true(1), which indicates that the basic ACL rule is valid. If the current time is not within the defined time range, the value is false(2), which indicates that the basic ACL rule is invalid. If the basic ACL rule is not associated with a time range parameter, the basic ACL rule is valid all the time. " ::= { hwAclBasicRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.10 hwAclBasicCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Describes the statistics of packets that match the basic ACL rule. " ::= { hwAclBasicRuleEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.11 hwAclBasicCountClear OBJECT-TYPE SYNTAX INTEGER { cleared(1), nouse(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Clears the statistics of packets that match the basic ACL rule. Options: 1. cleared(1) -clear the statistics of packets that match the basic ACL rules 2. nouse(2) -indicates no operation To clear the statistics of packets that match the basic ACL rules, set hwAclBasicCountClear to cleared(1) and hwAclBasicRowStatus to createAndGo(4). When this leaf is queried, the value is fixed to cleared(1). " ::= { hwAclBasicRuleEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.12 hwAclBasicRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. Options: 1. active(1) -when this leaf is queried, the value is fixed to active(1). 2. createAndGo(4) -create a basic ACL rule 3. destroy(6) -delete a basic ACL rule and clear the packet statistics of a basic ACL rule It is used for creating or deleting a basic ACL rule and clearing the packet statistics of a basic ACL rule. To create a basic ACL rule, enter hwAclBasicAct and set hwAclBasicRowStatus to createAndGo(4). hwAclBasicSrcIp, hwAclBasicSrcWild, hwAclBasicTimeRangeIndex and hwAclBasicFragments are optional. To delete a basic ACL rule, set hwAclBasicRowStatus to destroy(6). To clear the packet statistics of a basic ACL rule, you must set hwAclBasicCountClear to cleared(1) and hwAclBasicRowStatus to createAndGo(4). When this leaf is queried, the value is fixed to active(1). " ::= { hwAclBasicRuleEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.4.1.13 hwAclBasicPriority OBJECT-TYPE SYNTAX Integer32 (0..9) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the priority of a basic ACL rule. Range: 0-9 Default: 0 The priority ascends with the value. When multiple rules are matched at the same time, the rule with the highest priority prevails. If multiple rules are matched and the priorities are the same, software does not manage the rules and the hardware logic determines which priority prevails. To prevent such a case, you can set different priorities for the rules. " ::= { hwAclBasicRuleEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.5 hwAclAdvancedRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclAdvancedRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the details about an advanced ACL rule in an advanced ACL rule group. The indexes of this table are hwAclAdvancedAclNum and hwAclAdvancedSubitem. hwAclAdvancedAclNum is the ID of an advanced ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable. hwAclAdvancedSubitem is the ID of an advanced ACL rule in the advance ACL rule group. " ::= { hwAclMibObjects 5 } -- 1.3.6.1.4.1.2011.5.1.1.5.1 hwAclAdvancedRuleEntry OBJECT-TYPE SYNTAX HwAclAdvancedRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the details about an advanced ACL rule in an advanced ACL rule group. The indexes of this entry are hwAclAdvancedAclNum and hwAclAdvancedSubitem. hwAclAdvancedAclNum is the ID of an advanced ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable. hwAclAdvancedSubitem is the ID of an advanced ACL rule in the advance ACL rule group. " INDEX { hwAclAdvancedAclNum, hwAclAdvancedSubitem } ::= { hwAclAdvancedRuleTable 1 } HwAclAdvancedRuleEntry ::= SEQUENCE { hwAclAdvancedAclNum Integer32, hwAclAdvancedSubitem Unsigned32, hwAclAdvancedAct INTEGER, hwAclAdvancedProtocol Integer32, hwAclAdvancedSrcIp IpAddress, hwAclAdvancedSrcWild IpAddress, hwAclAdvancedSrcOp INTEGER, hwAclAdvancedSrcPort1 Integer32, hwAclAdvancedSrcPort2 Integer32, hwAclAdvancedDestIp IpAddress, hwAclAdvancedDestWild IpAddress, hwAclAdvancedDestOp INTEGER, hwAclAdvancedDestPort1 Integer32, hwAclAdvancedDestPort2 Integer32, hwAclAdvancedPrecedence INTEGER, hwAclAdvancedTos Integer32, hwAclAdvancedDscp Integer32, hwAclAdvancedEstablish TruthValue, hwAclAdvancedTimeRangeIndex Integer32, hwAclAdvancedIcmpType Integer32, hwAclAdvancedIcmpCode Integer32, hwAclAdvancedFragments TruthValue, hwAclAdvancedLog TruthValue, hwAclAdvancedEnable TruthValue, hwAclAdvancedCount Counter32, hwAclAdvancedCountClear INTEGER, hwAclAdvancedRowStatus RowStatus, hwAclAdvancedPriority Integer32 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.1 hwAclAdvancedAclNum OBJECT-TYPE SYNTAX Integer32 (3000..3999) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Uniquely identifies an advanced ACL rule group. Range: 3000-3999 Make sure that the ID of the ACL rule group is already created in hwAclNumGroupTable. " ::= { hwAclAdvancedRuleEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.2 hwAclAdvancedSubitem OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Describes the ID of an advanced ACL rule in an advanced ACL rule group, uniquely identifying an advanced ACL rule. Range: 0-4294967295 In the create operation, if the value is 4294967295, the ID of an advanced ACL rule is generated automatically. Otherwise, the ID of an advanced ACL rule is already created according to the specified value. The automatically generated ID of an advanced ACL rule depends on the value of hwAclNumGroupStep, which corresponds to an advanced ACL rule group in hwAclNumGroupTable. The generated ID of an ACL rule last basic ACL rule ID plus the value of hwAclNumGroupStep. " ::= { hwAclAdvancedRuleEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.3 hwAclAdvancedAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the action of an advanced ACL rule. Options: 1. permit(1) -indicates that the data packets that meet the conditions can pass 2. deny(2) -indicates that the data packets that meet the conditions are discarded " ::= { hwAclAdvancedRuleEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.4 hwAclAdvancedProtocol OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the protocol of IP packets that matches an advanced ACL rule. Range: 0-255 Default: 0 If the value is not specified for an advanced ACL rule, the invalid value 0 is obtained in the query operation. The common types include: TCP: indicates the Transmission Control Protocol with protocol ID 6 UDP: indicates the User Datagram Protocol with protocol ID 17 ICMP: indicates the Internet Control Message Protocol with protocol ID 1 GRE: indicates the Generic Routing Encapsulation with protocol ID 47 IPinIP: indicates the IP in IP Encapsulation with protocol ID 4 " DEFVAL { 0 } ::= { hwAclAdvancedRuleEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.5 hwAclAdvancedSrcIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the source IP address or network segment of data frames that needs to match an advanced ACL rule. You can set or not set it. If you do not set it, any source IP address matches the basic ACL rule. " ::= { hwAclAdvancedRuleEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.6 hwAclAdvancedSrcWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the mask of the source IP address or network segment of data frames that needs to match an advanced ACL rule. To match an advanced ACL rule with a subnet, use this parameter. The value of this parameter is the inverse mask of the source IP address. For example, 0.0.0.255 indicates that the first three bytes of the source IP address are the same as the value of hwAclAdvancedSrcIp. This leaf can be specified or not specified together with hwAclAdvancedSrcIp. If hwAclAdvancedSrcIp is configured, hwAclAdvancedSrcWild must be configured. This leaf, in the inverse mask mode, together with hwAclAdvancedSrcIp determines the source IP address segment to be matched. " ::= { hwAclAdvancedRuleEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.7 hwAclAdvancedSrcOp OBJECT-TYPE SYNTAX INTEGER { invalid(0), lt(1), eq(2), gt(3), neq(4), range(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the operation types of comparing packet source ports when the type of hwAclAdvancedProtocol is set to TCP or UDP. Range: 0-5 Options: 1. invalid(0) -indicates an invalid field. 2. lt(1) -indicates '<' 3. eq(2) -indicates '=' 4. gt(3) -indicates '>' 5. neq(4) -indicates '!=' 6. range(5) -indicates within the range Enter hwAclAdvancedSrcPort1 and hwAclAdvancedSrcPort2 for the comparison operation only when range(5) is entered. For other values, enter only hwAclAdvancedSrcPort1. " ::= { hwAclAdvancedRuleEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.8 hwAclAdvancedSrcPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535|65536) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the operation value of port 1 in the comparison operation types of the source port in hwAclAdvancedSrcOp when hwAclAdvancedProtocol is set to TCP or UDP. Range: 0-65535, 65536 For example, when hwAclAdvancedSrcOp is set to eq(2) (=), it indicates that the source port ID of matched packets equals to the value of hwAclAdvancedSrcPort1. If the value is not specified for an advanced ACL rule, the invalid value 65536 is obtained in the query operation. The number in the brackets is the port IDs that are commonly used. The port names and meanings of different port names are as follows: bgp: Border Gateway Protocol(179) chargen: Character generator (19) cmd: Remote commands (514) daytime: Daytime (13) discard: Discard (9) domain: Domain Name Service (53) echo: Echo (7) exec: Exec (512) finger: Finger (79) ftp: File Transfer Protocol (21) ftp-data: FTP data connections (20) gopher: Gopher (70) hostname: NIC hostname server (101) irc: Internet Relay Chat (194) klogin: Kerberos login (543) kshell: Kerberos shell (544) login: Login (rlogin, 513) lpd: Printer service (515) nntp: Network News Transport Protocol (119) pop2: Post Office Protocol v2 (109) pop3: Post Office Protocol v3 (110) smtp: Simple Mail Transport Protocol (25) sunrpc: SUN Remote Procedure Call (111) tacacs: TAC Access Control System (49) talk: Talk (517) telnet: Telnet (23) time: Time (37) uucp: Unix-to-Unix Copy Program (540) whois: Nicname (43) www: World Wide Web (HTTP, 80) " ::= { hwAclAdvancedRuleEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.9 hwAclAdvancedSrcPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535|65536) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the operation value of port 2 in the comparison operation types of the source port in hwAclAdvancedSrcOp when hwAclAdvancedProtocol is set to TCP or UDP. Range: 0-65535, 65536 The operation value of port 2 is needed only when hwAclAdvancedSrcOp is set to range(5). It is dedicated to describe the upper threshold of ports. If the value is not specified for an advanced ACL rule , the invalid value 65536 is obtained in the query operation. For the port IDs that are commonly used, port names and meanings of different port names, see the descriptions in hwAclAdvancedSrcPort1. " ::= { hwAclAdvancedRuleEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.10 hwAclAdvancedDestIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the destination IP address or network segment of data frames that an advanced ACL rule needs to match. You can set or not set it. If you do not set it, any destination IP address matches the advanced ACL rule. " ::= { hwAclAdvancedRuleEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.11 hwAclAdvancedDestWild OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the mask of the destination IP address or network segment of data frames that an advanced ACL rule needs to match. To match an advanced ACL rule with a subnet, use this parameter. The value of this parameter is the inverse mask of the destination IP address. For example, 0.0.0.255 indicates that the first three bytes of the source IP address are the same as the value of hwAclAdvancedDestIp. This leaf can be specified or not specified together with hwAclAdvancedDestIp. If hwAclAdvancedDestIp is configured, hwAclAdvancedDestWild must be configured. This leaf, in the inverse mask mode, together with hwAclAdvancedDestIp, determines the destination IP address segment to be matched. " ::= { hwAclAdvancedRuleEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.12 hwAclAdvancedDestOp OBJECT-TYPE SYNTAX INTEGER { invalid(0), lt(1), eq(2), gt(3), neq(4), range(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the operation type of comparing protocol destination ports when hwAclAdvancedProtocol is set to TCP or UDP. Ranges: 0-5 Options: 1. invalid(0) -indicates an invalid field 2. lt(1) -indicates '<' 3. eq(2) -indicates '=' 4. gt(3) -indicates '>' 5. neq(4) -indicates '!=' 6. range(5) -indicates within the range Enter hwAclAdvancedDestPort1 and hwAclAdvancedDestPort2 for the comparison operation only when range(5) is entered. For other values, enter only hwAclAdvancedDestPort1. " ::= { hwAclAdvancedRuleEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.13 hwAclAdvancedDestPort1 OBJECT-TYPE SYNTAX Integer32 (0..65535|65536) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the operation value of port 1 in the comparison operation types of the destination port in hwAclAdvancedDestOp when hwAclAdvancedProtocol is set to TCP or UDP. Range: 0-65535, 65536 For example, when hwAclAdvancedDestOp is set to eq(2) (=), it indicates that the ID of the destination port that match packets equals to the value of hwAclAdvancedSrcPort1. If the value is not specified for an advanced ACL rule, the invalid value 65536 is obtained in the query operation. For the port IDs that are commonly used, port names and meanings of different port names, see the descriptions in hwAclAdvancedSrcPort1. " ::= { hwAclAdvancedRuleEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.14 hwAclAdvancedDestPort2 OBJECT-TYPE SYNTAX Integer32 (0..65535|65536) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the operation value of port 2 in the comparison operation types of the destination port in hwAclAdvancedDestOp when hwAclAdvancedProtocol is set to TCP or UDP. Range: 0-65535, 65536 The operation value of port 2 is needed only when hwAclAdvancedDestOp is set to range(5). It is dedicated to describe the upper threshold of ports. If the value is not specified for an advanced ACL rule, the invalid value 65536 is obtained in the query operation. For the port IDs that are commonly used, port names and meanings of different port names, see the descriptions in hwAclAdvancedSrcPort1. " ::= { hwAclAdvancedRuleEntry 14 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.15 hwAclAdvancedPrecedence OBJECT-TYPE SYNTAX INTEGER { routine(0), priority(1), immediate(2), flash(3), flashOverride(4), critical(5), internet(6), network(7), invalid(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the priority field of data frames that an advanced ACL rule needs to match. If the value is not specified for an advanced ACL rule, the invalid value 255 is obtained in the query operation. The meanings of the values are as follows: Options: 1. routine(0) -routine priority 2. priority(1) -priority 3. immediate(2) -immediate priority 4. flash(3) -flash priority 5. flashOverride(4) -flash-override priority 6. critical(5) -critical priority 7. internet(6) -internetwork control priority 8. network(7) -network control priority 9. invalid(255) -invalid field " ::= { hwAclAdvancedRuleEntry 15 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.16 hwAclAdvancedTos OBJECT-TYPE SYNTAX Integer32 (0..15|255) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the type of service (ToS) field of data frames that an advanced ACL rule needs to match. Range: 0-15, 255 If the value is not specified for an advanced ACL rule, the invalid value 255 is obtained in the query operation. The number in the brackets is the ToS value. The meanings of ToS names are as follows: normal Normal service (0) min-monetary-cost: the service with minimum monetary cost (1) max-reliability: the service with maximum reliability (2) max-throughput: the service with maximum throughput (4) min-delay: the service with minimum delay (8) " ::= { hwAclAdvancedRuleEntry 16 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.17 hwAclAdvancedDscp OBJECT-TYPE SYNTAX Integer32 (0..63|255) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the differentiated services code point (DSCP) value of data frames that an advanced ACL rule needs to match. Range: 0-63, 255 If the value is not specified for an advanced ACL rule, the invalid value 255 is obtained in the query operation. The number in the brackets is the DSCP value. The names and meanings of the DSCP names are as follows: af1: service of Assured Forwarding 1 (10) af2: service of Assured Forwarding 2 (18) af3: service of Assured Forwarding 3 (26) af4: service of Assured Forwarding 4 (34) be: Best Effort service (0) cs1: service of Class Seletor 1 (8) cs2: service of Class Seletor 2 (16) cs3: service of Class Seletor 3 (24) cs4: service of Class Seletor 4 (32) cs5: service of Class Seletor 5 (40) cs6: service of Class Seletor 6 (48) cs7: service of Class Seletor 7 (56) ef: Expedited Forwarding service (46) " ::= { hwAclAdvancedRuleEntry 17 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.18 hwAclAdvancedEstablish OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Describes whether to match the first SYN packet for TCP connection establishment when hwAclAdvancedProtocol is set to TCP. When filter the packets for TCP connection establishment, use this parameter. Options: 1. true(1) -indicates matching the first SYN packet for TCP connection establishment 2. false(2) -indicates not matching the first SYN packet for TCP connection establishment Default: false(2) " ::= { hwAclAdvancedRuleEntry 18 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.19 hwAclAdvancedTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the time range index of an advanced ACL rule. It is used when the effective time of an advanced ACL rule needs to be configured. By default, the value is 0, which indicates invalid time. The index depends on hwTrngIndex in hwTrngCreateTimerangeTable. The value of hwAclAdvancedTimeRangeIndex must be created in hwTrngCreateTimerangeTable. " ::= { hwAclAdvancedRuleEntry 19 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.20 hwAclAdvancedIcmpType OBJECT-TYPE SYNTAX Integer32 (0..255|256) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the ICMP type when packets are filtered by ICMP type and when hwAclAdvancedProtocol is set to ICMP. Range: 0-255, 256 If the value is not specified for an advanced ACL rule, the invalid value 256 is obtained in the query operation. Type: Indicates the ICMP packet type Code: Indicates the ICMP code. The meanings are as follows: echo: Type=8, Code=0 echo-reply: Type=0, Code=0 fragmentneed-DFset: Type=3, Code=4 host-redirect: Type=5, Code=1 host-tos-redirect: Type=5, Code=3 host-unreachable: Type=3, Code=1 information-reply: Type=16, Code=0 information-request: Type=15, Code=0 net-redirect: Type=5, Code=0 net-tos-redirect: Type=5, Code=2 net-unreachable: Type=3, Code=0 parameter-problem: Type=12, Code=0 port-unreachable: Type=3, Code=3 protocol-unreachable: Type=3, Code=2 reassembly-timeout: Type=11, Code=1 source-quench: Type=4, Code=0 source-route-failed: Type=3, Code=5 timestamp-reply: Type=14, Code=0 timestamp-request: Type=13, Code=0 ttl-exceeded: Type=11, Code=0 " ::= { hwAclAdvancedRuleEntry 20 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.21 hwAclAdvancedIcmpCode OBJECT-TYPE SYNTAX Integer32 (0..255|256) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes ICMP codes that the ICMP packets are filtered both by ICMP type and ICMP code when hwAclAdvancedProtocol is set to ICMP. Range: 0-255, 256 If the value is not specified for an advanced ACL rule, the invalid value 256 is obtained in the query operation. For the definition and meanings of ICMP codes, see the description in hwAclAdvancedIcmpType. " ::= { hwAclAdvancedRuleEntry 21 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.22 hwAclAdvancedFragments OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Describes whether an advanced ACL rule is effective on only non-tail fragment packets. Options: 1. true(1) -indicates that an advanced ACL rule is effective on only non-tail fragment packets 2. false(2) -indicates that an advanced ACL rule is effective on only non-fragment packets or tail packets of fragment packets Default: false(2) " ::= { hwAclAdvancedRuleEntry 22 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.23 hwAclAdvancedLog OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Describes whether to record the log flag byte of an advanced ACL rule. Options: 1. true(1) -records the log flag byte of an advanced ACL rule 2. false(2) -does not recording the log flag byte of an advanced ACL rule Currently, the log record function is not supported, and thus the values of this leaf is meaningless. " ::= { hwAclAdvancedRuleEntry 23 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.24 hwAclAdvancedEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Describes whether an advanced ACL rule is valid. Options: 1. true(1) -indicates that an advanced ACL rule is valid 2. false(2) -indicates that an advanced ACL rule is invalid If the advanced ACL rule is associated with a time range parameter through hwAclBasicTimeRangeIndex and the current time is within the defined time range, the value is true(1), which indicates validity. If the current time is not within the defined time range, the value is false(2), which indicates invalidity. If the advanced ACL rule is not associated with a time range parameter, the advanced ACL rule is valid all the time. " ::= { hwAclAdvancedRuleEntry 24 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.25 hwAclAdvancedCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Describes the statistics of packets that match the advanced ACL rule. " ::= { hwAclAdvancedRuleEntry 25 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.26 hwAclAdvancedCountClear OBJECT-TYPE SYNTAX INTEGER { cleared(1), nouse(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Clears the statistics of packets that match the advanced ACL rule. Options: 1. cleared(1) -clear the statistics of packets that match the advanced ACL rule 2. nouse(2) -indicates no operation To clear the statistics of packets that match the advanced ACL rules, hwAclAdvancedCountClear must be set to cleared(1) and hwAclAdvancedRowStatus must be set to createAndGo(4). When this leaf is queried, the value is fixed to cleared(1). " ::= { hwAclAdvancedRuleEntry 26 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.27 hwAclAdvancedRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. Options: 1. active(1) -when this leaf is queried, the value is fixed to active(1). 2. createAndGo(4) -create an advanced ACL rule 3. destroy(6) -delete an advanced ACL rule and clear the packet statistics of an advanced ACL rule It is used for creating or deleting an advanced ACL rule and clearing the packet statistics of an advanced ACL rule. To create an advanced ACL rule, enter hwAclAdvancedAct and set hwAclAdvancedRowStatus to createAndGo(4). Other parameters are optional. The operator of the source port and destination port and port 1 and port 2 take effect only when the protocol type is specified as TCP or UDP. Port 2 needs to be specified only when the port operator character is specified as a value range. The IDs of the two ports are not differentiated, which are automatically adjusted after delivery. hwAclAdvancedIcmpType and hwAclAdvancedIcmpCode are specified only when the protocol type is ICMP. To delete an advanced ACL rule, set hwAclAdvancedRowStatus to destroy(6). To clear the statistics of packets that match the advanced ACL rules, set hwAclAdvancedCountClear to cleared(1) and hwAclAdvancedRowStatus to createAndGo(4). When this leaf is queried, the value is fixed to active(1). " ::= { hwAclAdvancedRuleEntry 27 } -- 1.3.6.1.4.1.2011.5.1.1.5.1.28 hwAclAdvancedPriority OBJECT-TYPE SYNTAX Integer32 (0..9) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the priority of advanced ACL rules. Range: 0-9 Default: 0 The priority ascends with the value. When multiple rules are matched at the same time, the rule with the highest priority prevails. If multiple rules are matched and their priorities are the same, software does not manage the rules and the hardware logic determines which priority prevails. To prevent such a case, you can set different priorities for the rules. " ::= { hwAclAdvancedRuleEntry 28 } -- 1.3.6.1.4.1.2011.5.1.1.7 hwAclLinkTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclLinkEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the details about an L2 ACL rule in an L2 ACL rule group, including the MAC address and VLAN. The indexes of this table are hwAclLinkAclNum and hwAclLinkSubitem. hwAclLinkAclNum is the ID of an L2 ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable. hwAclLinkSubitem is the ID of an L2 ACL rule in an L2 ACL rule group. " ::= { hwAclMibObjects 7 } -- 1.3.6.1.4.1.2011.5.1.1.7.1 hwAclLinkEntry OBJECT-TYPE SYNTAX HwAclLinkEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the details about an L2 ACL rule in an L2 ACL rule group, including the MAC address and VLAN. The indexes of this entry are hwAclLinkAclNum and hwAclLinkSubitem. hwAclLinkAclNum is the ID of an L2 ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable. hwAclLinkSubitem is the ID of an L2 ACL rule in an L2 ACL rule group. " INDEX { hwAclLinkAclNum, hwAclLinkSubitem } ::= { hwAclLinkTable 1 } HwAclLinkEntry ::= SEQUENCE { hwAclLinkAclNum Integer32, hwAclLinkSubitem Unsigned32, hwAclLinkAct INTEGER, hwAclLinkProtocol Integer32, hwAclLinkFormatType INTEGER, hwAclLinkVlanTag INTEGER, hwAclLinkVlanPri INTEGER, hwAclLinkSrcVlanId Integer32, hwAclLinkSrcMac MacAddress, hwAclLinkSrcMacWild MacAddress, hwAclLinkSrcIfIndex Unsigned32, hwAclLinkSrcAny TruthValue, hwAclLinkDestVlanId Integer32, hwAclLinkDestMac MacAddress, hwAclLinkDestMacWild MacAddress, hwAclLinkDestIfIndex Unsigned32, hwAclLinkDestAny TruthValue, hwAclLinkTimeRangeIndex Integer32, hwAclLinkEnable TruthValue, hwAclLinkRowStatus RowStatus, hwAclLinkPriority Integer32, hwAclLinkInnerVlanPri INTEGER, hwAclLinkSrcInnerVlanId Integer32 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.1 hwAclLinkAclNum OBJECT-TYPE SYNTAX Integer32 (4000..4999) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Uniquely identifies an L2 ACL rule group. Range: 4000-4999 Make sure that the ID of the L2 ACL rule group is already created in hwAclNumGroupTable. " ::= { hwAclLinkEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.2 hwAclLinkSubitem OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Describes the ID of an L2 ACL rule, uniquely identifying an L2 ACL rule in an L2 ACL rule group. Range: 0-4294967295 In the create operation, if the value is 4294967295, the ID of an L2 ACL rule is generated automatically. Otherwise, the ID of an L2 ACL rule is already created according to the specified value. The automatically generated ID of an L2 ACL rule depends on the value of hwAclNumGroupStep, which corresponds to L2 ACL rule groups in hwAclNumGroupTable. The generated ID of an L2 ACL rule last basic ACL rule ID plus the value of hwAclNumGroupStep. " ::= { hwAclLinkEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.3 hwAclLinkAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the value of an L2 ACL rule. Options: 1. permit(1) -indicates that the data packets that meet the conditions can pass. When you need to configure an L2 ACL rule for data packets that meet the conditions to pass, user this value. 2. deny(2) -indicates that the data packets that meet the conditions are discarded. When you need to configure an L2 ACL rule to discard data packets that meet the conditions to pass, user this value. " ::= { hwAclLinkEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.4 hwAclLinkProtocol OBJECT-TYPE SYNTAX Integer32 (1..65535|65536) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the protocol types of Ethernet packets that the L2 ACL rules need to match. Range:1-65536 If the value of an L2 ACL rule is not specified, the invalid value 65536 is obtained in the query operation. Common protocol types are as follows: ip: 0x0800 arp: 0x0806 rarp: 0x8035 pppoe-control: 0x8863 pppoe-data: 0x8864 " DEFVAL { 65536 } ::= { hwAclLinkEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.5 hwAclLinkFormatType OBJECT-TYPE SYNTAX INTEGER { invalid(0), ethernetII(1), snap(2), ieee802Dot3And2(3), ieee802Dot4(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "Describes the types of packets that the L2 ACL rules need to match. Options: 1. invalid(0) -in the query operation, invalid(0) is always returned. 2. ethernetII(1) -indicates the type of packets that the L2 ACL rules need to match is ethernetII 3. snap(2) -indicates the type of packets that the L2 ACL rules need to match is snap 4. ieee802Dot3And2(3) -indicates the type of packets that the L2 ACL rules need to match is ieee802Dot3And2 5. ieee802Dot4(4) -indicates the type of packets that the L2 ACL rules need to match is ieee802Dot4 Currently, only ethernetII(1) is supported. Therefore, this leaf cannot be modified. In the query operation, invalid(0) is always returned. " ::= { hwAclLinkEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.6 hwAclLinkVlanTag OBJECT-TYPE SYNTAX INTEGER { invalid(0), tagged(1), untagged(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Describes whether a VLAN tag is carried in the packets that the L2 ACL rules need to match. Options: 1. invalid(0) -in the query operation, invalid(0) is always returned. 2. tagged(1) -indicates the VLAN tag is carried in the packets that the L2 ACL rules need to match 3. untagged(2) -indicates no VLAN tag is carried in the packets that the L2 ACL rules need to match Currently, packets always carry VLAN tags. Therefore, this leaf cannot be modified. In the query operation, invalid(0) is always returned. " ::= { hwAclLinkEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.7 hwAclLinkVlanPri OBJECT-TYPE SYNTAX INTEGER { bestEffort(0), background(1), spare(2), excellentEffort(3), controlledLoad(4), video(5), voice(6), networkManagement(7), invalid(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the 802.1p priority of data frames that an L2 ACL rule needs to match. Options: 1. bestEffort(0) -indicates best-effort priority 2. background(1) -indicates background priority 3. spare(2) -indicates spare priority 4. excellentEffort(3) -indicates excellent-effort priority 5. controlledLoad(4) -indicates controlled-load priority 6. video(5) -indicates video priority 7. voice(6) -indicates voice priority 8. networkManagement(7) -indicates network-management priority 9. invalid(255) -indicates invalid priority If the value of an L2 ACL rule is not specified, the invalid value 255 is obtained in the query operation. " ::= { hwAclLinkEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.8 hwAclLinkSrcVlanId OBJECT-TYPE SYNTAX Integer32 (0..4093) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the VLAN ID of data frames that an L2 ACL rule needs to match. Range: 0-4093 If the value of an L2 ACL rule is not specified, the invalid value 0 is obtained in the query operation. " ::= { hwAclLinkEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.9 hwAclLinkSrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the source MAC address of data frames that an L2 ACL rule needs to match. Default: 0x00 0x00 0x00 0x00 0x00 0x00 It is a 6-byte hexadecimal string, for example, 0x00 0xe0 0xfc 0x11 0x00 0x00. " ::= { hwAclLinkEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.10 hwAclLinkSrcMacWild OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the source MAC address wildcard of data frames that an L2 ACL rule needs to match. It is the inverse mask of the source MAC address. Default: 0xff 0xff 0xff 0xff 0xff 0xff It together with hwAclLinkSrcMac sets the range of a source MAC address. If the corresponding bytes of hwAclLinkSrcMacWild are 0, it indicates that hwAclLinkSrcMacWild determines whether the corresponding bytes of source MAC address of packets are the same as those in hwAclLinkSrcMac. For example, the value of hwAclLinkSrcMacWild is 0x00 0x00 0x00 0x00 0xff 0xff, which indicates that packets are filtered by the first 32 bytes of the source MAC address. It is a 6-byte hexadecimal string, for example, 0x00 0x00 0x00 0x00 0xff 0xff. " ::= { hwAclLinkEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.11 hwAclLinkSrcIfIndex OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity. " ::= { hwAclLinkEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.12 hwAclLinkSrcAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Describes whether an L2 ACL rule matches a source MAC address. Options: 1. true(1) -indicates that the source MAC address of data frames can be any address 2. false(2) -indicates that the source MAC address of data frames should be the value of hwAclLinkSrcMac Default: true(1) In the set operation, this leaf and hwAclLinkSrcMac cannot be delivered at the same time. When this leaf and hwAclLinkSrcMac are delivered at the same time, the value of hwAclLinkSrcMac prevails. " ::= { hwAclLinkEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.13 hwAclLinkDestVlanId OBJECT-TYPE SYNTAX Integer32 (0..4093) MAX-ACCESS read-only STATUS current DESCRIPTION "This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity. " ::= { hwAclLinkEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.14 hwAclLinkDestMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the inner VLAN ID of the packets that an L2 ACL rule needs to match. Default: 0x00 0x00 0x00 0x00 0x00 0x00 It is a 6-byte hexadecimal string, for example, 0x00 0xe0 0xfc 0x11 0x00 0x00. " ::= { hwAclLinkEntry 14 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.15 hwAclLinkDestMacWild OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the destination MAC address wildcard of data frames that an L2 ACL rule needs to match. It is the inverse mask of the destination MAC address. Default: 0xff 0xff 0xff 0xff 0xff 0xff It together with hwAclLinkDestMac sets the range of a destination MAC address. If the corresponding bytes of hwAclLinkDestMacWild are 0, it indicates that it determines whether the corresponding bytes of destination MAC address of packets are the same as those in hwAclLinkSrcMac. For example: The value of wAclLinkDestMacWild is 0000-0000-ffff, which indicates that packets are filtered by the first 32 bytes of the destination MAC address. It is a 6-byte hexadecimal string, for example, 0x00 0x00 0x00 0x00 0xff 0xff. " ::= { hwAclLinkEntry 15 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.16 hwAclLinkDestIfIndex OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity. " ::= { hwAclLinkEntry 16 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.17 hwAclLinkDestAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Describes whether an L2 ACL rule matches a destination MAC address. Options: 1. true(1) -indicates that the destination MAC address of data frames can be any address 2. false(2) -indicates that the destination MAC address of data frames should be the value of hwAclLinkDestMac Default: true(1) In the set operation, this leaf and hwAclLinkDestMac cannot be delivered at the same time. When this leaf and hwAclLinkDestMac are delivered at the same time, the value of hwAclLinkDestMac prevails. " ::= { hwAclLinkEntry 17 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.18 hwAclLinkTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the time range index of an L2 ACL rule. It is used when the effective time of an L2 ACL rule needs to be configured. By default, the value is 0, which indicates an invalid index. The index depends on hwTrngIndex in hwTrngCreateTimerangeTable. The value of hwAclLinkTimeRangeIndex must be created in hwTrngCreateTimerangeTable. " ::= { hwAclLinkEntry 18 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.19 hwAclLinkEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Describes whether an L2 ACL rule is valid. Options: 1. true(1) -indicates validity 2. false(2) -indicates invalidity If the L2 ACL rule is associated with a time range parameter through hwAclLinkTimeRangeIndex and the current time is within the defined time range, the value is true(1), which indicates validity. If the current time is not within the defined time range, the value is false(2), which indicates invalidity. If the L2 ACL rule is not associated with a time range parameter, the L2 ACL rule is valid all the time. " ::= { hwAclLinkEntry 19 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.20 hwAclLinkRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. Options: 1. active(1) -when this leaf is queried, the value is fixed to active(1). 2. createAndGo(4) -create an L2 ACL rule 3. destroy(6) -delete an L2 ACL rule It is used for creating or deleting an L2 ACL rule. To create an L2 ACL rule, enter hwAcLinkAct and set hwAclLinkRowStatus to createAndGo(4). Other parameters are optional. To delete an L2 ACL rule, set hwAclLinkRowStatus to destroy(6). When this leaf is queried, the value is fixed to active(1). " ::= { hwAclLinkEntry 20 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.21 hwAclLinkPriority OBJECT-TYPE SYNTAX Integer32 (0..9) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the priority of L2 ACL rules. Range: 0-9 Default: 0 The priority ascends with the value. When multiple rules are matched at the same time, the rule with the highest priority prevails. If multiple rules are matched and their priorities are the same, software does not manage the rules and the hardware logic determines which priority prevails. To prevent such a case, you can set different priorities for the rules. " ::= { hwAclLinkEntry 21 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.22 hwAclLinkInnerVlanPri OBJECT-TYPE SYNTAX INTEGER { bestEffort(0), background(1), spare(2), excellentEffort(3), controlledLoad(4), video(5), voice(6), networkManagement(7), invalid(255) } MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the 802.1p priority in the inner VLAN of the packet that an L2 ACL rules needs to match. Range: 0-7, 255 The priority ascends with the value. Options: 1. bestEffort(0) -indicates best-effort priority 2. background(1) -indicates background priority 3. spare(2) -indicates spare priority 4. excellentEffort(3) -indicates excellent-effort priority 5. controlledLoad(4) -indicates controlled-load priority 6. video(5) -indicates video priority 7. voice(6) -indicates voice priority 8. networkManagement(7) -indicates network-management priority 9. invalid(255) -indicates invalid priority If the value of an L2 ACL rule is not specified, the invalid value 255 is obtained in the query operation. " ::= { hwAclLinkEntry 22 } -- 1.3.6.1.4.1.2011.5.1.1.7.1.23 hwAclLinkSrcInnerVlanId OBJECT-TYPE SYNTAX Integer32 (0..4093) MAX-ACCESS read-create STATUS current DESCRIPTION "The source inner VLAN ID of the packet. Value range: 0-4093 0 indicates the hwAclLinkSrcVlanId is invalid. " ::= { hwAclLinkEntry 23 } -- 1.3.6.1.4.1.2011.5.1.1.8 hwAclUserTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the details about a user-defined ACL rule in a user-defined ACL rule group, including the matched character string and mask. The two fields are a binary character string of 80 bytes each. The index of this table is a combination of hwAclUserAclNum and hwAclUserSubitem. hwAclUserAclNum is the ID of a user-defined ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable. hwAclUserSubitem is the ID of a user-defined ACL rule. " ::= { hwAclMibObjects 8 } -- 1.3.6.1.4.1.2011.5.1.1.8.1 hwAclUserEntry OBJECT-TYPE SYNTAX HwAclUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the details about a user-defined ACL rule in a user-defined ACL rule group, including the matched character string and mask. The two fields are a binary character string of 80 bytes each. The index of this entry is a combination of hwAclUserAclNum and hwAclUserSubitem. hwAclUserAclNum is the ID of a user-defined ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable. hwAclUserSubitem is the ID of a user-defined ACL rule. " INDEX { hwAclUserAclNum, hwAclUserSubitem } ::= { hwAclUserTable 1 } HwAclUserEntry ::= SEQUENCE { hwAclUserAclNum Integer32, hwAclUserSubitem Unsigned32, hwAclUserAct INTEGER, hwAclUserFormatType INTEGER, hwAclUserVlanTag INTEGER, hwAclUserRuleStr OCTET STRING, hwAclUserRuleMask OCTET STRING, hwAclUserRowOffset Integer32, hwAclUserTimeRangeIndex Integer32, hwAclUserEnable TruthValue, hwAclUserRowStatus RowStatus, hwAclUserFrameType INTEGER, hwAclUserPriority Integer32 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.1 hwAclUserAclNum OBJECT-TYPE SYNTAX Integer32 (5000..5999) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Uniquely identifies a user-defined ACL rule group. Range: 5000-5999 Make sure that the ID of a user-defined ACL rule group is already created in hwAclNumGroupTable. " ::= { hwAclUserEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.2 hwAclUserSubitem OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Describes the ID of a user-defined ACL rule, uniquely identifying a user-defined ACL rule in a user-defined ACL rule group. Range: 0-4294967295 In the create operation, if the value is 4294967295, the ID of a user-defined ACL rule is generated automatically. Otherwise, it indicates that the ID of an ACL rule is already created according to the specified value. The automatically generated ID of a user-defined ACL rule depends on the value of hwAclNumGroupStep, which corresponds to a user-defined ACL rule group in hwAclNumGroupTable. The generated ID of a user-defined ACL rule last basic ACL rule ID plus the value of hwAclNumGroupStep. " ::= { hwAclUserEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.3 hwAclUserAct OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the value of a user-defined ACL rule. Options: 1. permit(1) -indicates that the data packets that meet the conditions can pass. When you need to configure a user-defined ACL rule for data packets that meet the conditions to pass, use this value. 2. deny(2) -indicates that the data packets that meet the conditions are discarded. When you need to configure a user-defined ACL rule to discard data packets that meet the conditions to pass, use this value. " ::= { hwAclUserEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.4 hwAclUserFormatType OBJECT-TYPE SYNTAX INTEGER { invalid(0), ethernetII(1), snap(2), ieee802Dot2And3(3), ieee802Dot4(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity. Options: 1. invalid(0) -invalid value 2. ethernetII(1) -ethernetII 3. snap(2) -smart notification and alarm protocol 4. ieee802Dot2And3(3) -IEEE 802.2 and 802.3 5. ieee802Dot4(4) -IEEE 802.4 " ::= { hwAclUserEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.5 hwAclUserVlanTag OBJECT-TYPE SYNTAX INTEGER { invalid(0), tagged(1), untagged(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity. Options: 1. invalid(0) -invalid value 2. tagged(1) -tagged packet 3. untagged(2) -untagged packet " ::= { hwAclUserEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.6 hwAclUserRuleStr OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..80)) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the character string of a user-defined ACL rule. It is used to match the first bytes of packets. The character string must be hexadecimal and bytes. For example: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xAA " ::= { hwAclUserEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.7 hwAclUserRuleMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..80)) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the mask of the user-defined ACL rule. It is a positive mask. When it is 1, it indicates that matching is required. The device determines the field value of a packet that needs to match based on the mask, and then matches the corresponding field in hwAclUserRuleStr. If they are consistent, it indicates that matching is successful. The character string must be hexadecimal and bytes. The valid length, that is, the length of corresponding bytes whose value are 1, cannot exceed 32 bytes. Whether this leaf is delivered successfully also depends on the hardware chip. " ::= { hwAclUserEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.8 hwAclUserRowOffset OBJECT-TYPE SYNTAX Integer32 (0..79) MAX-ACCESS read-only STATUS current DESCRIPTION "This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity. " ::= { hwAclUserEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.9 hwAclUserTimeRangeIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the time range index of a user-defined ACL rule. It is used when the effective time of a user-defined ACL rule needs to be configured. By default, the value is 0, which indicates invalid time. The index depends on hwTrngIndex in hwTrngCreateTimerangeTable. The time range that corresponds to the value of this leaf must be created in hwTrngCreateTimerangeTable. " ::= { hwAclUserEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.10 hwAclUserEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Describes whether a user-defined ACL rule is valid. Options: 1. true(1) -indicates the user-defined ACL rule is valid 2. false(2) -indicates the user-defined ACL rule is invalid If the user-defined ACL rule is associated with a time range parameter through hwAclLinkTimeRangeIndex and the current time is within the defined time range, the value is true(1), which indicates validity. If the current time is not within the defined time range, the value is false(2), which indicates invalidity. If the user-defined ACL rule is not associated with a time range parameter, the user-defined ACL rule is valid all the time. " ::= { hwAclUserEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.11 hwAclUserRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. Options: 1. active(1) -when this leaf is queried, the value is fixed to active(1). 2. createAndGo(4) -create a user-defined ACL rule 3. destroy(6) -delete a user-defined ACL rule It is used for creating or deleting a user-defined ACL rule. To create a user-defined ACL rule, enter hwAclUserAct, hwAclUserRuleStr, and hwAclUserRuleMask and set hwAclUserRowStatus to createAndGo(4). Other parameters are optional. To delete a user-defined ACL rule, set hwAclUserRowStatus to destroy(6). When this leaf is queried, the value is fixed to active(1). " ::= { hwAclUserEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.12 hwAclUserFrameType OBJECT-TYPE SYNTAX INTEGER { ipoe(0), nonIpoe(1), ipv6oe(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Describes the type of a VLAN tag in the packet that matches the user-defined ACL rule. Options: 1. ipoe(0) -indicates that IP packets carrying no VLAN tags and IP packets that carrying one VLAN tag are matched 2. nonIpoe(1) -indicates that other packets, including non-IP packets carrying one VLAN tag are matched 3. ipv6oe(2) -indicates that IPv6 packets carrying no VLAN tags and IPv6 packets that carrying one VLAN tag are matched Currently, two types are supported. If this leaf is not specified, the default value is ipoe(0). " ::= { hwAclUserEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.8.1.13 hwAclUserPriority OBJECT-TYPE SYNTAX Integer32 (0..9) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the priority of user-defined ACL rules. Range: 0-9 Default: 0 The priority ascends with the value. When multiple rules are matched at the same time, the rule with the highest priority prevails. If multiple rules are matched and their priorities are the same, software does not manage the rules and the hardware logic determines which priory prevails. To prevent such a case, you can set different priorities for the rules. " ::= { hwAclUserEntry 13 } -- 1.3.6.1.4.1.2011.5.1.1.9 hwAclActiveTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAclActiveEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the relationships between an ACL rule and a port or a slot. You can deliver an ACL rule to a port or a slot and make it take effect on the port or a slot through hwAclActiveTable. In addition, You can query the relationships between an ACL rule and a port or a slot. The indexes of this table are hwAclActiveAclIndex, hwAclActiveIfIndex, and hwAclActiveDirection, indicating the ACL index, the port index or the slot index, and direction respectively. Make sure that an ACL rule to be delivered through hwAclActiveTable is already created in hwAclBasicRuleTable, hwAclAdvancedRuleTable, hwAclLinkTable or hwAclUserTable. " ::= { hwAclMibObjects 9 } -- 1.3.6.1.4.1.2011.5.1.1.9.1 hwAclActiveEntry OBJECT-TYPE SYNTAX HwAclActiveEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the relationships between an ACL rule and a port or a slot. You can deliver an ACL rule to a port or a slot and make it take effect on the port or a slot through hwAclActiveTable. In addition, You can query the relationships between an ACL rule and a port or a slot. The indexes of this entry are hwAclActiveAclIndex, hwAclActiveIfIndex, and hwAclActiveDirection, indicating the ACL index, the port index or the slot index, and direction respectively. Make sure that an ACL rule to be delivered through hwAclActiveTable is already created in hwAclBasicRuleTable, hwAclAdvancedRuleTable, hwAclLinkTable or hwAclUserTable. " INDEX { hwAclActiveAclIndex, hwAclActiveIfIndex, hwAclActiveDirection } ::= { hwAclActiveTable 1 } HwAclActiveEntry ::= SEQUENCE { hwAclActiveAclIndex Integer32, hwAclActiveIfIndex Integer32, hwAclActiveDirection INTEGER, hwAclActiveUserAclNum Integer32, hwAclActiveUserAclSubitem Unsigned32, hwAclActiveIpAclNum Integer32, hwAclActiveIpAclSubitem Unsigned32, hwAclActiveLinkAclNum Integer32, hwAclActiveLinkAclSubitem Unsigned32, hwAclActiveRuntime TruthValue, hwAclActiveRowStatus RowStatus, hwAclActiveIpv6AclNum Integer32, hwAclActiveIpv6AclSubitem Unsigned32 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.1 hwAclActiveAclIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The delivery entry index of an ACL rule is a delivery record entry index used by software, which is meaningless to users. The index of is used in hwAclActiveTable to search the delivery entries fast. In the create operation, the device automatically allocates a delivery entry index. There is a suggestion that users can always input 0. In the destroy operation, this index must be input with the value that the device automatically allocates. " ::= { hwAclActiveEntry 1 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.2 hwAclActiveIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Indicates the port index or the slot index when the device delivers an ACL rule to a specified port or a specified slot. The index uniquely identifies a port or a slot. The value and algorithm are the same as those of ifIndex. If the configuration based on a slot, the bits map is shown as follows: --------------------------------------------------------------------------------------------------------------- | 31-25 bits | 24-19 bits | 18-13 bits | 12-6 bits | 5-0 bits is reserved | | indicate iftype | indicate frame ID | indicate slot ID | indicate port ID | | --------------------------------------------------------------------------------------------------------------- | the value of iftype | frame ID | slot ID | the value of port ID | the reserved value | | is always 0x68 | | | is always 0 | is always 0 | --------------------------------------------------------------------------------------------------------------- " ::= { hwAclActiveEntry 2 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.3 hwAclActiveDirection OBJECT-TYPE SYNTAX INTEGER { invalid(0), inbound(1), outbound(2), tocpu-inbound(3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Indicates the direction where an ACL rule takes effect when the device delivers an ACL rule to a specified port or a specified slot. Options: 1. invalid(0) -indicates an invalid parameter 2. inbound(1) -indicates the inbound direction of a port or a slot. It is used when inbound packets are filtered based on the ACL rule. 3. outbound(2) -indicates the outbound direction of a port or a slot. It is used when outbound packets are filtered based on the ACL rule. 4. tocpu-inbound(3) -indicates the inbound direction of a port. It is used when inbound packets to cpu are filtered based on the ACL rule. " ::= { hwAclActiveEntry 3 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.4 hwAclActiveUserAclNum OBJECT-TYPE SYNTAX Integer32 (0|5000..5999) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the user-defined ACL rule group that are used when a user-defined ACL rule is delivered to a specified port or a specified slot and the inbound or outbound packets are filtered based on the user-defined ACL rule. Range: 0, 5000-5999 Make sure that the user-defined ACL rule group is already created. In the query operation, if the user-defined ACL rule group is not used, the value obtained is 0. " ::= { hwAclActiveEntry 4 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.5 hwAclActiveUserAclSubitem OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the user-defined ACL rule that is used when a user-defined ACL rule is delivered to a specified port or a specified slot and the inbound or outbound packets are filtered based on the user-defined ACL rule. This leaf must be used together with hwAclActiveUserAclNum, uniquely identifying an ACL rule. Range: 0-4294967295 Make sure that the user-defined ACL rule is already created. In the query operation, if the user-defined ACL rule is not used, the value obtained is 4294967295. " ::= { hwAclActiveEntry 5 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.6 hwAclActiveIpAclNum OBJECT-TYPE SYNTAX Integer32 (0|2000..3999) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the basic or advanced ACL rule group that are used when an ACL rule is delivered to a specified port or a specified slot and the inbound or outbound packets are filtered based on the ACL rule. Range: 0, 2000-3999 Make sure that the basic or advanced ACL rule group is already created. In the query operation, if the basic or advanced ACL rule group is not used, the value obtained is 0. " ::= { hwAclActiveEntry 6 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.7 hwAclActiveIpAclSubitem OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the basic or advanced ACL rule that is used when an ACL rule is delivered to a specified port or a specified slot and the inbound or outbound packets are filtered based on the ACL rule. This leaf must be used together with hwAclActiveIpAclNum, uniquely identifying an ACL rule. Range: 0-4294967295 Make sure that the basic or advanced ACL rule is already created. In the query operation, if the basic or advanced ACL rule is not used, the value obtained is 4294967295. " ::= { hwAclActiveEntry 7 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.8 hwAclActiveLinkAclNum OBJECT-TYPE SYNTAX Integer32 (0|4000..4999) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the L2 ACL rule group that are used when an L2 ACL rule is delivered to a specified port or a specified slot and the inbound or outbound packets are filtered based on the L2 ACL rule. Range: 0, 4000-4999 Make sure that the L2 ACL rule group is already created. In the query operation, if the L2 ACL rule group is not used, the value obtained is 0. " ::= { hwAclActiveEntry 8 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.9 hwAclActiveLinkAclSubitem OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the L2 ACL rule that is used when an L2 ACL rule is delivered to a specified port or a specified slot and the inbound or outbound packets are filtered based on the L2 ACL rule. This leaf must be used together with hwAclActiveLinkAclNum, uniquely identifying an ACL rule. Range: 0-4294967295 Make sure that the L2 ACL rule is already created. In the query operation, if the L2 ACL rule is not used, the value obtained is 4294967295. " ::= { hwAclActiveEntry 9 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.10 hwAclActiveRuntime OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Describes whether the ACL rule delivered to a specified port or a specified slot takes effect. Options: 1. true(1) -indicates that the ACL rule delivered to a specified port or a specified slot is effective 2. false(2) -indicates that the ACL rule delivered to a specified port or a specified slot is invalid If the ACL rule is associated with a time range parameter through and the current time is within the defined time range, the value is true(1), which indicates validity. If the current time is not within the defined time range, the value is false(2), which indicates invalidity. If the ACL rule is not associated with a time range parameter, the value is always true(1). " ::= { hwAclActiveEntry 10 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.11 hwAclActiveRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. It is used for delivering an ACL rule to a specified port or a specified slot and deleting the delivered ACL rule in a port or a slot. Options: 1. active(1) -when this leaf is queried, the value is fixed to active(1) 2. createAndGo(4) -deliver an ACL rule to a specified port or a specified slot 3. destroy(6) -delete a delivered ACL rule in a port or a specified slot When an ACL rule is delivered to a specified port or a specified slot, make sure that at least one of the following group is configured. (1)hwAclActiveUserAclNum and hwAclActiveUserAclSubitem (2)hwAclActiveIpAclNum and hwAclActiveIpAclSubitem (3)hwAclActiveLinkAclNum and hwAclActiveLinkAclSubitem In addition to independent configuration of each group, the combined configuration of group (2) and (3) is permitted. The combined configuration of group (1) and (2) or combining group (1) and (3) is prohibited. In addition, hwAclActiveRowStatus must be set to createAndGo(4). To delete the ACL rule delivered to a port or a slot, set hwAclActiveRowStatus to destroy(6). When this leaf is queried, the value is fixed to active(1). " ::= { hwAclActiveEntry 11 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.12 hwAclActiveIpv6AclNum OBJECT-TYPE SYNTAX Integer32 (0 | 2000..3999) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the basic or advanced ACLv6 rule group that are used when an ACLv6 rule is delivered to a specified port or a specified slot and the inbound or outbound packets are filtered based on the ACLv6 rule. Range: 0, 2000-3999 Make sure that the basic or advanced ACLv6 rule group is already created. In the query operation, if the basic or advanced ACLv6 rule group is not used, the value obtained is 0. " ::= { hwAclActiveEntry 12 } -- 1.3.6.1.4.1.2011.5.1.1.9.1.13 hwAclActiveIpv6AclSubitem OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "Describes the basic or advanced ACLv6 rule that is used when an ACLv6 rule is delivered to a specified port or a specified slot and the inbound or outbound packets are filtered based on the ACLv6 rule. This leaf must be used together with hwAclActiveIpAclNum, uniquely identifying an ACLv6 rule. Range: 0-4294967295 Make sure that the basic or advanced ACLv6 rule is already created. In the query operation, if the basic or advanced ACLv6 rule is not used, the value obtained is 4294967295. " ::= { hwAclActiveEntry 13 } -- add trap hwAclTraps OBJECT IDENTIFIER ::= { hwAcl 2} hwAclCommonTraps OBJECT IDENTIFIER ::= { hwAclTraps 1 } hwAclCommonTrapsPrefix OBJECT IDENTIFIER ::= { hwAclCommonTraps 0 } hwAclAlarmTraps OBJECT IDENTIFIER ::= { hwAclTraps 2 } -- add basic acl hwAclAddBasicAclTrap NOTIFICATION-TYPE OBJECTS { hwAclBasicAclNum , hwAclBasicSubitem } STATUS current DESCRIPTION "The hwAclAddBasicAclTrap will be sent when the basic acl is added." ::= { hwAclCommonTraps 0 1 } -- delete basic acl hwAclDeleteBasicAclTrap NOTIFICATION-TYPE OBJECTS { hwAclBasicAclNum , hwAclBasicSubitem } STATUS current DESCRIPTION "The hwAclDeleteBasicAclTrap will be sent when the basic acl is deleted." ::= { hwAclCommonTraps 0 2 } -- add adv acl hwAclAddAdvancedAclTrap NOTIFICATION-TYPE OBJECTS { hwAclAdvancedAclNum , hwAclAdvancedSubitem } STATUS current DESCRIPTION "The hwAclAddAdvancedAclTrap will be sent when the advanced acl is added." ::= { hwAclCommonTraps 0 3 } -- delete adv acl hwAclDeleteAdvancedAclTrap NOTIFICATION-TYPE OBJECTS { hwAclAdvancedAclNum , hwAclAdvancedSubitem } STATUS current DESCRIPTION "The hwAclDeleteAdvancedAclTrap will be sent when the advanced acl is deleted." ::= { hwAclCommonTraps 0 4 } -- add link acl hwAclAddLinkAclTrap NOTIFICATION-TYPE OBJECTS { hwAclLinkAclNum , hwAclLinkSubitem } STATUS current DESCRIPTION "The hwAclAddLinkAclTrap will be sent when the link acl is added." ::= { hwAclCommonTraps 0 5 } -- delete link acl hwAclDeleteLinkAclTrap NOTIFICATION-TYPE OBJECTS { hwAclLinkAclNum , hwAclLinkSubitem } STATUS current DESCRIPTION "The hwAclDeleteLinkAclTrap will be sent when the link acl is deleted." ::= { hwAclCommonTraps 0 6 } -- add user acl hwAclAddUserAclTrap NOTIFICATION-TYPE OBJECTS { hwAclUserAclNum , hwAclUserSubitem } STATUS current DESCRIPTION "The hwAclAddUserAclTrap will be sent when the user acl is added." ::= { hwAclCommonTraps 0 7 } -- delete user acl hwAclDeleteUserAclTrap NOTIFICATION-TYPE OBJECTS { hwAclUserAclNum , hwAclUserSubitem } STATUS current DESCRIPTION "The hwAclDeleteUserAclTrap will be sent when the user acl is deleted." ::= { hwAclCommonTraps 0 8 } -- active acl hwAclActiveAclTrap NOTIFICATION-TYPE OBJECTS { hwAclActiveAclIndex , hwAclActiveIfIndex , hwAclActiveDirection } STATUS current DESCRIPTION "The hwAclActiveAclTrap will be sent when the acl is activated." ::= { hwAclCommonTraps 0 9 } -- deactivate acl hwAclDeactiveAclTrap NOTIFICATION-TYPE OBJECTS { hwAclActiveAclIndex , hwAclActiveIfIndex , hwAclActiveDirection } STATUS current DESCRIPTION "The hwAclDeactiveAclTrap will be sent when the user acl is deactivated." ::= { hwAclCommonTraps 0 10 } END -- -- HUAWEI-DSLAM-ACL-MIB.my --