-- ============================================================================ -- Copyright (C) 2019 by HUAWEI TECHNOLOGIES. All rights reserved. -- Description: The mib is used for configuring the security for the DSLAM. -- Reference: -- Version: V1.82 -- -- ============================================================================ HUAWEI-IPDSLAM-SECURITY-MIB DEFINITIONS ::= BEGIN IMPORTS hwFrameIndex, hwSlotIndex, hwPortIndex, hwPortDesc FROM HUAWEI-DEVICE-MIB hwGponDevicePortidObjectIndex FROM HUAWEI-GPON-MIB hwEponDeviceOntIndex, hwGponDeviceOntIndex, hwGponDeviceLineProfGemCfgGemIndex FROM HUAWEI-XPON-MIB hwExtSrvFlowIndex, hwFlowID FROM HUAWEI-ETHERLIKE-EXT-MIB ifIndex FROM IF-MIB hwVlanIndex FROM HUAWEI-VLAN-MIB huaweiUtility FROM HUAWEI-MIB IpAddress, OBJECT-TYPE, Unsigned32, Counter32, Counter64, Integer32,MODULE-IDENTITY,NOTIFICATION-TYPE FROM SNMPv2-SMI RowStatus, MacAddress, TruthValue, TEXTUAL-CONVENTION, DateAndTime FROM SNMPv2-TC InetAddress, InetAddressType FROM INET-ADDRESS-MIB; hwIpDslamSecurity MODULE-IDENTITY LAST-UPDATED "201907260000Z" ORGANIZATION "Huawei Technologies Co.,Ltd." CONTACT-INFO "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com " DESCRIPTION "The mib is used for configuring the security for the DSLAM." -- Revision history REVISION "201907260000Z" DESCRIPTION "V1.82, modified the description of hwIpDslamDosBlackListOntID." REVISION "201905060000Z" DESCRIPTION "V1.81, modified the description of hwIpDslamAntiDosPacketLimitValue, hwIpDslamAntiDosIgmpPacketLimitValue, hwIpDslamAntiDosDhcpPacketLimitValue, hwIpDslamAntiDosArpPacketLimitValue, and hwIpDslamAntiDosPppoePacketLimitValue." REVISION "201902270000Z" DESCRIPTION "V1.80, added hwIpDslamSecurityFlowBundleOutboundPolicy." REVISION "201809210000Z" DESCRIPTION "V1.79, modified the description of hwIpDslamArpUnicastTable." REVISION "201803170000Z" DESCRIPTION "V1.78, added hwIpDslamSecurityUserInfoSwitch." REVISION "201711070000Z" DESCRIPTION "V1.77, added hwIpDslamArpDetectMaxUserCountSwitch." REVISION "201709280000Z" DESCRIPTION "V1.76, added hwIpDslamAntiDosDhcpPacketLimitPeriod." REVISION "201708140000Z" DESCRIPTION "V1.75, added hwIpDslamSecurityUserDynamicIpv6." REVISION "201708070000Z" DESCRIPTION "V1.74, modified the max-access value of hwIpDslamSrcMacFilteringIndex and hwIpDslamDesMacFilteringIndex." REVISION "201707180000Z" DESCRIPTION "V1.73, modified the value range of hwIpDslamAntiMacExcludeSwitch added hwIpDslamAntiIpv6ExcludeSwitch and hwIpDslamSecurityUserAutoBackupFileName." REVISION "201706240000Z" DESCRIPTION "V1.72, modified the max-access value of hwIpDslamAntiIpServicePortIndex." REVISION "201703240000Z" DESCRIPTION "V1.71, added hwIpDslamAntiDosTtlExceedPacketRate and hwIpDslamAntiDosOversizePacketRate." REVISION "201702080000Z" DESCRIPTION "V1.70, added hwIpDslamIpOptionPacketPolicy." REVISION "201610200000Z" DESCRIPTION "V1.69, added hwIpDslamArpUnicastTable." REVISION "201609180000Z" DESCRIPTION "V1.68, added hwIpDslamAntiIllegalHopLimitNDStatus" REVISION "201605210000Z" DESCRIPTION "V1.67, added hwCableSystemIPv4SourceVerify" REVISION "201601130000Z" DESCRIPTION "V1.66, modified the value range of hwIpDslamIpAddrDynamicBindingIpIndex and hwIpDslamMacAddrDynamicBindingMacIndex" REVISION "201509280000Z" DESCRIPTION "V1.65, added hwIpDslamAntiIpv6Status and hwIpDslamAntiIcmpv6Status" REVISION "201508280000Z" DESCRIPTION "V1.64, added hwIpDslamAntiMacDuplicateAlarmStatus" REVISION "201506100000Z" DESCRIPTION "V1.63, added hwIpDslamUserDeleteDelay" REVISION "201504140000Z" DESCRIPTION "V1.62, modified the hwIpDslamIpAddrDynamicBindingIpAddr of hwIpDslamCMTSIpDifferFromBindIpTrap to hwIpAddressCarriedInPackets" REVISION "201503280000Z" DESCRIPTION "V1.61, modified the description of hwIpDslamSecurityExIpv6ConflictCount, hwIpDslamSecurityExMacConflictCount, hwIpDslamSecurityExIllegalARPCount. " REVISION "201501120000Z" DESCRIPTION "V1.60, added hwCableSystemIPv6SourceVerify and hwIpDslamCMTSIpv6DifferFromBindIpv6Trap" REVISION "201501080000Z" DESCRIPTION "V1.59, modified the value of hwIpDslamIpv6DynamicBindingItemIndex from [0..7] to [0..2047]." REVISION "201409120000Z" DESCRIPTION "V1.58, added hwIpDslamAntiMacServicePortTable." REVISION "201407290000Z" DESCRIPTION "V1.57, added hwIpDslamSecurityUserAutoBackupSwitch ,hwIpDslamSecurityUserAutoBackupPeriod, hwIpDslamSecurityUserAutoLoadAttemptTimeout, and hwIpDslamSecurityUserAutoLoadAttemptPeriod. " REVISION "201406190000Z" DESCRIPTION "V1.56, modified the name of hwIpDslamP2pPortDataPackageIpDifferFromBindIpTrap to hwIpDslamP2pPortDataPackageIpSpoofingTrap, and modified the name of hwIpDslamDistributingModeGponPortDataPackageIpDifferFromBindIpTrap to hwIpDslamDistributingModeGponPortDataPackageIpSpoofingTrap, and modified the name of hwIpDslamProfileModeGponPortDataPackageIpDifferFromBindIpTrap to hwIpDslamProfileModeGponPortDataPackageIpSpoofingTrap, and modified the name of hwIpDslamP2pPortDataPackageIpv6DifferFromBindIpv6Trap to hwIpDslamP2pPortDataPackageIpv6SpoofingTrap, and modified the name of hwIpDslamDistributingModeGponPortDataPackageIpv6DifferFromBindIpv6Trap to hwIpDslamDistributingModeGponPortDataPackageIpv6SpoofingTrap, and modified the name of hwIpDslamProfileModeGponPortDataPackageIpv6DifferFromBindIpv6Trap to hwIpDslamProfileModeGponPortDataPackageIpv6SpoofingTrap, and modified the name of hwIpDslamP2pPortDataPackageMacDifferFromBindMacTrap to hwIpDslamP2pPortDataPackageMacSpoofingTrap, and modified the name of hwIpDslamDistributingModeGponPortDataPackageMacDifferFromBindMacTrap to hwIpDslamDistributingModeGponPortDataPackageMacSpoofingTTrap, and modified the name of hwIpDslamProfileModeGponPortDataPackageMacDifferFromBindMacTrap to hwIpDslamProfileModeGponPortDataPackageMacSpoofingTrap. " REVISION "201401200000Z" DESCRIPTION "V1.55, added hwIpDslamAntiBcAttackTrafficLimitSwitch, hwIpDslamAntiBcAttackPortRateTable and hwIpDslamAntiBcAttackOntRateTable. modified the name of hwIpDslamAntiBcAttackOntTable to hwIpDslamAntiBcAttackOntQueryTable. modified the value range of hwIpDslamAntiBcAttackOntQueryRemainTime. " REVISION "201312160000Z" DESCRIPTION "V1.54, added hwIpDslamAntiIllegalArpStatus, hwIpDslamAntiIllegalNdStatus, hwIpDslamAntiBcAttackXponPortDefaultRate, hwIpDslamAntiBcAttackXponOntDefaultRate, hwIpDslamAntiBcAttackOntResumeInterval, hwIpDslamAntiBcAttackOntTable and hwIpDslamOntBcAttackOccurTrap. " REVISION "201311180000Z" DESCRIPTION "V1.53, added hwIpDslamSecurityConflictLogCmIndex, hwIpDslamCmtsMacAddrDynamicBindingTable, hwIpDslamNotifyCMIndex, hwIpDslamNotifyCMMacAddress, hwIpDslamCMTSMacAddressBoundToAnotherPortTrap, and hwIpDslamCMTSIpDifferFromBindIpTrap. " REVISION "201308060000Z" DESCRIPTION "V1.52, added hwIpDslamAntiMacIgnoreSwitch. " REVISION "201306210000Z" DESCRIPTION "V1.51, modified the description of hwIpDslamAntiDosPacketLimitTable, hwIpDslamAntiDosPacketLimitIfIndex, hwIpDslamAntiDosPacketLimitSecondIndex, hwIpDslamAntiDosPacketLimitThirdIndex. " REVISION "201305280000Z" DESCRIPTION "V1.50, added hwIpDslamIpAddrDynamicBindingUserMacAddr, hwIpDslamIpAddrDynamicBindingSubnetMask, hwIpDslamIpAddrDynamicBindingGatewayIpAddr, hwIpDslamIpAddrDynamicBindingAllocatedLeaseTime and hwIpDslamIpAddrDynamicBindingDhcpServerIpAddr. " REVISION "201304280000Z" DESCRIPTION "V1.49, add hwIpDslamDoSAttackOccurCMMacAddress in hwIpDslamCMPortDoSAttackOccurTrap and hwIpDslamCMPortDoSAttackDisappearTrap. " REVISION "201303260000Z" DESCRIPTION "V1.48, added hwIpDslamSourceRouteStatus. " REVISION "201303130000Z" DESCRIPTION "V1.47, modified the status of hwIpDslamDosBlackListCid from current to deprecated, modifyied the description of hwIpDslamDosBlackListCid, pDslamDosBlackListOntID, hwIpDslamDosBlackListLLIndex, hwIpDslamSecurityConflictStatIfindex, and hwIpDslamSecurityConflictStatClear. " REVISION "201302040000Z" DESCRIPTION "V1.46, modified the value range of hwIpDslamDosBlackListMatchpara. modified the max-access of hwIpDslamDosBlackListIfIndex,hwIpDslamDosBlackListType,hwIpDslamDosBlackListMode, hwIpDslamDosBlackListTime,hwIpDslamDosBlackListMatchpara,hwIpDslamDosBlackListCid and hwIpDslamDosBlackListLLIndex. " REVISION "201301100000Z" DESCRIPTION "V1.45, modified the type of hwFirewallStatus and hwFirewallDefault from Integer32 to INTEGER. " REVISION "201210170000Z" DESCRIPTION "V1.44, modified the value range of hwIpDslamSecurityConflictLogIndex. " REVISION "201205170000Z" DESCRIPTION "V1.43, added hwIpDslamCMPortDoSAttackOccurTrap, hwIpDslamCMPortDoSAttackDisappearTrap and hwIpDslamDoSAttackOccurCMIndex. " REVISION "201203140000Z" DESCRIPTION "V1.42, modified the value range of hwIpDslamMacAddrDynamicBindingFlowId, hwIpDslamIpAddrDynamicBindingFlowId, hwIpDslamAntiIpServicePortIndex, hwIpDslamIpv6AddrDynamicBindingFlowId, and hwIpDslamDynamicBindingFlowId. " REVISION "201203070000Z" DESCRIPTION "V1.41, added hwIpv6IfAccessTable. " REVISION "201201070000Z" DESCRIPTION "V1.40, modified the value range of hwIpDslamDynSrcMacFilteringIndex, added hwIpDslamDynSrcMacFilteringVlan. modified the value range of hwIpDslamAntiDosPacketLimitValue. " REVISION "201111170000Z" DESCRIPTION "V1.39, added hwFirewallDefendTracert. modified the value range of hwIpDslamAntiIpExcludeSwitch. " REVISION "201109190000Z" DESCRIPTION "V1.38, modified the value range of hwIpDslamAntiDosIgmpPacketLimitValue, hwIpDslamAntiDosDhcpPacketLimitValue, hwIpDslamAntiDosArpPacketLimitValue, hwIpDslamAntiDosPppoePacketLimitValue. " REVISION "201108180000Z" DESCRIPTION "V1.37, modified the value range of hwIpDslamAntiDosIgmpPacketLimitValue, hwIpDslamAntiDosDhcpPacketLimitValue, hwIpDslamAntiDosArpPacketLimitValue, hwIpDslamAntiDosPppoePacketLimitValue. " REVISION "201108050000Z" DESCRIPTION "V1.36, modified the default value of hwIpDslamAntiMacExcludeSwitch, modified the syntax of hwIpDslamServerIpAddress. " REVISION "201107130000Z" DESCRIPTION "V1.35, modified the value range of hwIpDslamAntiDosIgmpPacketLimitValue, hwIpDslamAntiDosDhcpPacketLimitValue, hwIpDslamAntiDosArpPacketLimitValue, hwIpDslamAntiDosPppoePacketLimitValue, added hwIpDslamServerIpAddress, hwIpDslamServerIpv6Address. modified the leaf of hwIpDslamAllocatedIpConflictTrap, hwIpDslamAllocatedIpv6ConflictTrap. added hwFirewallStatus, hwFirewallDefault,hwFirewallPacketFilterTable, hwFirewallPacketFilterStatisticsTable, hwFirewallPacketFilterDefaultStatisticsTable, hwIpDslamSecurityExConflictStatisticTable. " REVISION "201105260000Z" DESCRIPTION "V1.34, added hwIpDslamAllocatedIpConflictTrap, hwIpDslamAllocatedIpv6ConflictTrap, hwIpDslamAddressAllocationMode, hwIpDslamSecurityConflictLogType, hwIpDslamAntiDosIgmpPacketLimitValue, hwIpDslamAntiDosDhcpPacketLimitValue, hwIpDslamAntiDosArpPacketLimitValue, hwIpDslamAntiDosPppoePacketLimitValue, hwIpDslamSecurityDhcpClientIdentifier, hwIpDslamP2pPortDataPackageIpDifferFromBindIpTrap, hwIpDslamDistributingModeGponPortDataPackageIpDifferFromBindIpTrap, hwIpDslamProfileModeGponPortDataPackageIpDifferFromBindIpTrap, hwIpDslamP2pPortDataPackageIpv6DifferFromBindIpv6Trap, hwIpDslamDistributingModeGponPortDataPackageIpv6DifferFromBindIpv6Trap, hwIpDslamProfileModeGponPortDataPackageIpv6DifferFromBindIpv6Trap, hwIpDslamP2pPortDataPackageMacDifferFromBindMacTrap, hwIpDslamDistributingModeGponPortDataPackageMacDifferFromBindMacTrap, hwIpDslamProfileModeGponPortDataPackageMacDifferFromBindMacTrap, hwIpDslamP2pPortIllegleArpTrap,hwIpDslamDistributingModeGponPortIllegleArpTrap, hwIpDslamProfileModeGponPortIllegleArpTrap, hwIpDslamAntiMacSpoofingControlprotocolIpv6oeStatus, and modified the description of hwIpDslamAntiDosPacketLimitTable. " REVISION "201105120000Z" DESCRIPTION "V1.33, added hwIpDslamDynamicBindingTable and hwIpDslamAntiMacExcludeSwitch, modifyied the description of hwIpDslamAntiIpExcludeSwitch. " REVISION "201104200000Z" DESCRIPTION "V1.32, added hwIpDslamIpv6AddressPrefixlengthCarriedInPackets, modifyied the definition of hwIpDslamIpv6DifferFromBindIpv6Trap. modifyied the description of hwIpDslamAntiIpExcludeSwitch. " REVISION "201101240000Z" DESCRIPTION "V1.31, added hwIpDslamIpv6NsReplySwitch, hwIpDslamIpv6NsReplyUnknownPolicy, hwIpDslamAntiIpv6SpoofingStatus, hwIpDslamAntiIpv6ServicePortStatus, hwIpDslamIpv6BindRouteAndNdSwitch, hwIpDslamSecurityIPv6ConflictLogIpv6Prefix and hwIpDslamAntiIpExcludeSwitch. " REVISION "201011220000Z" DESCRIPTION "V1.30, added hwIpDslamDoSAttackOccurEocCnuID, hwIpDslamEocPortDoSAttackOccurTrap and hwIpDslamEocPortDoSAttackDisappearTrap. Modifyied the description of hwIpDslamSecurityConflictStatisticTable, hwIpDslamDosBlackListMode and hwIpDslamDosBlackListOntID. " REVISION "201011120000Z" DESCRIPTION "V1.29, modifyied the format of the MIB file." REVISION "201011090000Z" DESCRIPTION "V1.28, changed the value range of hwIpDslamAntiDosPacketLimitValue." REVISION "201008130900Z" DESCRIPTION "V1.27, added hwIpDslamSecurityIllegalARPCount in hwIpDslamSecurityConflictStatisticTable." REVISION "201007231500Z" DESCRIPTION "V1.26, added hwIpDslamSecurityConflictStatClear and hwIpDslamSecurityConflictLogClear. Modified the copyright&contact-info of this file. Modified the description of hwIpDslamAntiIcmpStatus, hwIpDslamAntiIpStatus, hwIpDslamIpAddrDynamicBindingStatus, hwIpDslamAntiMacSpoofingStatus, hwIpDslamAntiDosStatus, hwIpDslamSrcMacFilteringRowStatus, hwIpDslamDosBlackListRowStatus, hwIpDslamDesMacFilteringRowStatus, hwIpDslamAntiDosPacketLimitRowStatus. " REVISION "201005291600Z" DESCRIPTION "V1.25, modifyied the OID of parameter of hwIpDslamMacAddressBoundToAnotherXponPortTrap. Modify the value rangge of hwIpDslamDosBlackListLLIndex from (0..127|255) to (0..1023|65535)." REVISION "201005050900Z" DESCRIPTION "V1.24, modifyied the errors of the MIB file." REVISION "201004251600Z" DESCRIPTION "V1.23, modifyied description of all leaves." REVISION "201004151600Z" DESCRIPTION "V1.22, added hwIpDslamAntiMacDuplicateStatus and modify description of leaves." REVISION "201001251600Z" DESCRIPTION "V1.21, added hwIpDslamSecurityConflictStatisticTable and hwIpDslamSecurityConflictStatisticTable." REVISION "201001121600Z" DESCRIPTION "V1.20, added traps,Add hwIpDslamBindIpFailedIpAddr,hwIpDslamBindMacFailedMacAddr to hwIpDslamTrapsVbOids." REVISION "200912250000Z" DESCRIPTION "V1.19, modifyied the datatype definition." REVISION "200905120000Z" DESCRIPTION "V1.16, modifyied the value range of hwIpDslamAntiMacSpoofingPppoeOverallAgingTime, hwIpDslamAntiMacSpoofingPppoeAgingPeriod and hwIpDslamAntiMacSpoofingDhcpOverallAgingTime." REVISION "200809090000Z" DESCRIPTION "V1.15, modifyied the value range of hwIpDslamSecurityVlanCtrlIndex: 1-4095" REVISION "200804140000Z" DESCRIPTION "V1.12, added leasetime in hwIpDslamIpAddrDynamicBindingTable." REVISION "200511080000Z" DESCRIPTION "V1.00, first draft." ::= { huaweiUtility 47 } EnabledStatus ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A simple status value for the object." SYNTAX INTEGER { enabled(1), disabled(2) } hwIpDslamAntiIcmpStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-ICMP-attack status. Options: 1. enabled(1) -indicates the anti-ICMP-attack status is enabled 2. disabled(2) -indicates the anti-ICMP-attack status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 1 } hwIpDslamAntiIpStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-IP-attack status. Options: 1. enabled(1) -indicates the anti-IP-attack status is enabled 2. disabled(2) -indicates the anti-IP-attack status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 2 } hwIpDslamIpAddrDynamicBindingStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the global status of IP address dynamic binding. Options: 1. enabled(1) -indicates the global status of IP address dynamic binding is enabled 2. disabled(2) -indicates the global status of IP address dynamic binding is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 3 } hwIpDslamAntiMacSpoofingStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the global anti-MAC-spoofing status. Options: 1. enabled(1) -indicates the global anti-MAC-spoofing status is enabled 2. disabled(2) -indicates the global anti-MAC-spoofing status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 4 } hwIpDslamAntiDosStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the global anti-DoS-attack status. Options: 1. enabled(1) -indicates the global anti-DoS-attack status is enabled 2. disabled(2) -indicates the global anti-DoS-attack status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 5 } hwIpDslamSrcMacAddrFilteringTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamSrcMacAddrFilteringEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the MAC address filtering function. With this function, the system checks the source MAC address of the user packet based on the configured MAC address entry. If the source MAC address of the user packet is the same as the MAC address configured in this table, the packet is discarded. The index of this table is hwIpDslamSrcMacFilteringIndex, which uniquely identifies the MAC address entry to be filtered by the system. " ::= { hwIpDslamSecurity 6 } hwIpDslamSrcMacAddrFilteringEntry OBJECT-TYPE SYNTAX HwIpDslamSrcMacAddrFilteringEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the MAC address filtering function. With this function, the system checks the source MAC address of the user packet based on the configured MAC address entry. If the source MAC address of the user packet is the same as the MAC address configured in this table, the packet is discarded. The index of this entry is hwIpDslamSrcMacFilteringIndex, which uniquely identifies the MAC address entry to be filtered by the system. " INDEX { hwIpDslamSrcMacFilteringIndex } ::= { hwIpDslamSrcMacAddrFilteringTable 1 } HwIpDslamSrcMacAddrFilteringEntry ::= SEQUENCE { hwIpDslamSrcMacFilteringIndex Integer32, hwIpDslamSrcMacFilteringSrcMac MacAddress, hwIpDslamSrcMacFilteringRowStatus RowStatus } hwIpDslamSrcMacFilteringIndex OBJECT-TYPE SYNTAX Integer32(1..4) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index, which uniquely identifies the MAC address entry to be filtered by the system. " ::= { hwIpDslamSrcMacAddrFilteringEntry 1 } hwIpDslamSrcMacFilteringSrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the MAC address to be filtered. " ::= { hwIpDslamSrcMacAddrFilteringEntry 2 } hwIpDslamSrcMacFilteringRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. Creating, deleting, and querying MAC address filtering are supported. In the creation, reserve hwIpDslamSrcMacFilteringIndex, hwIpDslamSrcMacFilteringSrcMac, and hwIpDslamSrcMacFilteringRowStatus; set hwIpDslamSrcMacFilteringRowStatus to createAndGo(4). The range of hwIpDslamSrcMacFilteringIndex is [1, 4] and the index must be specified. In the deletion, reserve hwIpDslamSrcMacFilteringSrcMac and hwIpDslamSrcMacFilteringRowStatus; set hwIpDslamSrcMacFilteringSrcMac to the MAC address to be deleted, set hwIpDslamSrcMacFilteringRowStatus to destroy(6), and then click set to delete the MAC address. hwIpDslamSrcMacFilteringIndex must be specified and issued in the query. Options: 1. active(1) -indicates query operation 2. createAndGo(4) -create MAC address filtering 3. destroy(6) -delete MAC address filtering " ::= { hwIpDslamSrcMacAddrFilteringEntry 3 } hwIpDslamMacAddrDynamicBindingTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamMacAddrDynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is the table for the dynamic binding between the MAC address and the service port and is used for querying the entry of the dynamic binding between the MAC address and the service port. After anti-MAC-spoofing is enabled, the MAC address of the user is bound to the corresponding service port. If the MAC address of the user packet is not the MAC address bound to the service port, the packet is discarded. The indexes of this table are hwIpDslamMacAddrDynamicBindingFlowId and hwIpDslamMacAddrDynamicBindingMacIndex. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. hwIpDslamMacAddrDynamicBindingMacIndex is the index of the MAC address bound to the service port. " ::= { hwIpDslamSecurity 7 } hwIpDslamMacAddrDynamicBindingEntry OBJECT-TYPE SYNTAX HwIpDslamMacAddrDynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is the table for the dynamic binding between the MAC address and the service port and is used for querying the entry of the dynamic binding between the MAC address and the service port. After anti-MAC-spoofing is enabled, the MAC address of the user is bound to the corresponding service port. If the MAC address of the user packet is not the MAC address bound to the service port, the packet is discarded. The indexes of this entry are hwIpDslamMacAddrDynamicBindingFlowId and hwIpDslamMacAddrDynamicBindingMacIndex. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. hwIpDslamMacAddrDynamicBindingMacIndex is the index of the MAC address bound to the service port. " INDEX { hwIpDslamMacAddrDynamicBindingFlowId, hwIpDslamMacAddrDynamicBindingMacIndex } ::= { hwIpDslamMacAddrDynamicBindingTable 1 } HwIpDslamMacAddrDynamicBindingEntry ::= SEQUENCE { hwIpDslamMacAddrDynamicBindingFlowId Integer32, hwIpDslamMacAddrDynamicBindingMacIndex Integer32, hwIpDslamMacAddrDynamicBindingMacAddr MacAddress } hwIpDslamMacAddrDynamicBindingFlowId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the index of the service port bound to a specified MAC address. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. Range: Begin with 1 " ::= { hwIpDslamMacAddrDynamicBindingEntry 1 } hwIpDslamMacAddrDynamicBindingMacIndex OBJECT-TYPE SYNTAX Integer32(0..31) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the index of the MAC address bound to the service port. Range: 0-31 " ::= { hwIpDslamMacAddrDynamicBindingEntry 2 } hwIpDslamMacAddrDynamicBindingMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the MAC address bound to a specified service port. " ::= { hwIpDslamMacAddrDynamicBindingEntry 3 } hwIpDslamIpAddrDynamicBindingTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamIpAddrDynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is the table for the dynamic binding between the IP address and the service port and is used for querying the entry of the dynamic binding between the IP address and the service port. After anti-IP-spoofing is enabled and the user goes online, the IP address obtained by the user is bound to the corresponding service port. The packet can be transmitted upstream through the device only when the source IP address of the packet is the same as the bound IP address. Otherwise, the packet is discarded. The indexes of this table are hwIpDslamIpAddrDynamicBindingFlowId and hwIpDslamIpAddrDynamicBindingIpIndex. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. hwIpDslamIpAddrDynamicBindingIpIndex is the index of the IP address bound to the service port. " ::= { hwIpDslamSecurity 8 } hwIpDslamIpAddrDynamicBindingEntry OBJECT-TYPE SYNTAX HwIpDslamIpAddrDynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is the table for the dynamic binding between the IP address and the service port and is used for querying the entry of the dynamic binding between the IP address and the service port. After anti-IP-spoofing is enabled and the user goes online, the IP address obtained by the user is bound to the corresponding service port. The packet can be transmitted upstream through the device only when the source IP address of the packet is the same as the bound IP address. Otherwise, the packet is discarded. The indexes of this entry are hwIpDslamIpAddrDynamicBindingFlowId and hwIpDslamIpAddrDynamicBindingIpIndex. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. hwIpDslamIpAddrDynamicBindingIpIndex is the index of the IP address bound to the service port. " INDEX { hwIpDslamIpAddrDynamicBindingFlowId, hwIpDslamIpAddrDynamicBindingIpIndex } ::= { hwIpDslamIpAddrDynamicBindingTable 1 } HwIpDslamIpAddrDynamicBindingEntry ::= SEQUENCE { hwIpDslamIpAddrDynamicBindingFlowId Integer32, hwIpDslamIpAddrDynamicBindingIpIndex Integer32, hwIpDslamIpAddrDynamicBindingIpAddr IpAddress, hwIpDslamIpAddrDynamicBindingLeaseTime Integer32, hwIpDslamIpAddrDynamicBindingUserMacAddr MacAddress, hwIpDslamIpAddrDynamicBindingSubnetMask IpAddress, hwIpDslamIpAddrDynamicBindingGatewayIpAddr IpAddress, hwIpDslamIpAddrDynamicBindingAllocatedLeaseTime Integer32, hwIpDslamIpAddrDynamicBindingDhcpServerIpAddr IpAddress } hwIpDslamIpAddrDynamicBindingFlowId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the index of the service port bound to a specified IP address. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. Range: Begin with 1 " ::= { hwIpDslamIpAddrDynamicBindingEntry 1 } hwIpDslamIpAddrDynamicBindingIpIndex OBJECT-TYPE SYNTAX Integer32(0..31) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the index of the IP address bound to the service port. Range: 0-31 " ::= { hwIpDslamIpAddrDynamicBindingEntry 2 } hwIpDslamIpAddrDynamicBindingIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the IP address bound to a specified service port. " ::= { hwIpDslamIpAddrDynamicBindingEntry 3 } hwIpDslamIpAddrDynamicBindingLeaseTime OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the remaining lease time of the DHCP user bound to a specified service port. Unit: second " ::= { hwIpDslamIpAddrDynamicBindingEntry 4 } hwIpDslamIpAddrDynamicBindingUserMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the Mac address of the DHCP user bound to a specified service port. " ::= { hwIpDslamIpAddrDynamicBindingEntry 5 } hwIpDslamIpAddrDynamicBindingSubnetMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the Subnet Mask of the DHCP user bound to a specified service port. " ::= { hwIpDslamIpAddrDynamicBindingEntry 6 } hwIpDslamIpAddrDynamicBindingGatewayIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the Gateway IP Address of the DHCP user bound to a specified service port. " ::= { hwIpDslamIpAddrDynamicBindingEntry 7 } hwIpDslamIpAddrDynamicBindingAllocatedLeaseTime OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the initialized lease time of the DHCP user bound to a specified service port. Unit: second " ::= { hwIpDslamIpAddrDynamicBindingEntry 8 } hwIpDslamIpAddrDynamicBindingDhcpServerIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the IP address of the DHCP Server allocated the IP address to the DHCP user bound to a specified service port. " ::= { hwIpDslamIpAddrDynamicBindingEntry 9 } hwIpDslamDosBlackListTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamDosBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying or deleting the entry of the current blacklist in the system. The index of this table is hwIpDslamDosBlackListIndex, which uniquely identifies an entry of the blacklist. " ::= { hwIpDslamSecurity 9 } hwIpDslamDosBlackListEntry OBJECT-TYPE SYNTAX HwIpDslamDosBlackListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying or deleting the entry of the current blacklist in the system. The index of this entry is hwIpDslamDosBlackListIndex, which uniquely identifies an entry of the blacklist. " INDEX { hwIpDslamDosBlackListIndex } ::= { hwIpDslamDosBlackListTable 1 } HwIpDslamDosBlackListEntry ::= SEQUENCE { hwIpDslamDosBlackListIndex Integer32, hwIpDslamDosBlackListIfIndex Integer32, hwIpDslamDosBlackListType INTEGER, hwIpDslamDosBlackListMode INTEGER, hwIpDslamDosBlackListTime DateAndTime, hwIpDslamDosBlackListRowStatus RowStatus, hwIpDslamDosBlackListMatchpara Integer32, hwIpDslamDosBlackListCid Integer32, hwIpDslamDosBlackListOntID Integer32, hwIpDslamDosBlackListLLIndex Integer32 } hwIpDslamDosBlackListIndex OBJECT-TYPE SYNTAX Integer32 (1..4096) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index, which uniquely identifies an entry of the blacklist. Range: 1-4096 " ::= { hwIpDslamDosBlackListEntry 1 } hwIpDslamDosBlackListIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the Ifindex of the port that generates the DoS attack blacklist. You can query IfTable by Ifindex to obtain the port type, shelf ID, slot ID, and port ID. " ::= { hwIpDslamDosBlackListEntry 2 } hwIpDslamDosBlackListType OBJECT-TYPE SYNTAX INTEGER { unknown(1), pppoe(2), dhcp(3), icmp(4), arp(5), pppoa(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the type of the packet used for the DoS attack. Currently, judging the packet type is not supported and the value is fixed to unknown(1). Options: 1. unknown(1) -indicates the type of the packet used for the DoS attack is unknown 2. pppoe(2) -indicates the type of the packet used for the DoS attack is pppoe 3. dhcp(3) -indicates the type of the packet used for the DoS attack is dhcp 4. icmp(4) -indicates the type of the packet used for the DoS attack is icmp 5. arp(5) -indicates the type of the packet used for the DoS attack is arp 6. pppoa(6) -indicates the type of the packet used for the DoS attack is pppoa " ::= { hwIpDslamDosBlackListEntry 3 } hwIpDslamDosBlackListMode OBJECT-TYPE SYNTAX INTEGER{ dynamic(1), static(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether the blacklist is dynamically generated based on the DoS attack or manually and statically configured by the user. Options: 1. dynamic(1) -The blacklist is dynamically generated based on the DoS attack or manually and statically configured by the user. 2. static(2) -The blacklist is not dynamically generated based on the DoS attack or manually and statically configured by the user. Currently, the value is fixed to dynamic(1). " ::= { hwIpDslamDosBlackListEntry 4 } hwIpDslamDosBlackListTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the DoS attack time. " ::= { hwIpDslamDosBlackListEntry 5 } hwIpDslamDosBlackListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. Currently, only the get operation is supported. In the query operation, the value of this leaf is always active(1). Options: 1. active(1) -indicates query operation " ::= { hwIpDslamDosBlackListEntry 6 } hwIpDslamDosBlackListMatchpara OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the ID of the PON port that generates the DoS attack blacklist. You can query IfTable by ifIndex to obtain the port type, shelf ID, slot ID, and port ID. The returned value 65535 indicates an invalid value. " ::= { hwIpDslamDosBlackListEntry 7 } hwIpDslamDosBlackListCid OBJECT-TYPE SYNTAX Integer32 (1..8092) MAX-ACCESS read-only STATUS deprecated DESCRIPTION "Indicates the CID value of the PVC to which the DoS attack user belongs, that is, the connection ID of the PVC.The returned value 32 indicates an invalid value. Range: 1-8092 " ::= { hwIpDslamDosBlackListEntry 8 } hwIpDslamDosBlackListOntID OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the ID of the ONT that generates the DoS attack blacklist in the case of xPON port. Or indicates the ID of the CNU that generates the DoS attack blacklist in the case of EoC port. The returned value 65535 indicates an invalid value. " ::= { hwIpDslamDosBlackListEntry 9 } hwIpDslamDosBlackListLLIndex OBJECT-TYPE SYNTAX Integer32 (0..1023|65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the LLIndex for generating the DoS attack blacklist in the case of xPON port, indicates gemindex in the case of GPON, and indicates LLIndex in the case EPON. Currently, the value is fixed to 0 to facilitate future extension.The returned value 65535 indicates an invalid value. " ::= { hwIpDslamDosBlackListEntry 10 } hwIpDslamAntiMacSpoofingPppoeOverallAgingTime OBJECT-TYPE SYNTAX Integer32 (0|30..3600) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the aging time of the PPPoE user when anti-MAC-spoofing is enabled. The aging time must be larger than the aging period (the value of hwIpDslamAntiMacSpoofingPppoeAgingPeriod). The system checks whether the PPPoE user is online in every aging period. If no response is received in the entire aging time, the system considers that the PPPoE user is offline abnormally. Range: 0, 30-3600 The value 0 is invalid in current version. Unit: second Default: 360 " ::= { hwIpDslamSecurity 10 } hwIpDslamAntiMacSpoofingPppoeAgingPeriod OBJECT-TYPE SYNTAX Integer32 (0|30..120) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the aging period of the PPPoE user when anti-MAC spoofing is enabled. The system checks whether the PPPoE user is online after every aging period. If no response is received in the entire aging time, the system considers that the PPPoE user is offline abnormally. Range: 0, 30-120 The value 0 is invalid in current version. Unit: second Default: 90 " ::= { hwIpDslamSecurity 11 } hwIpDslamAntiMacSpoofingDhcpOverallAgingTime OBJECT-TYPE SYNTAX Integer32(0|360..3600 ) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of DHCP Overall Aging Time when enable the Mac spoofing. The value 0 is invalid in current version. Unit: second Default: 1560 " ::= { hwIpDslamSecurity 12 } hwIpDslamDesMacAddrFilteringTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamDesMacAddrFilteringEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the destination MAC address filtering function. With this function, the system checks the destination MAC address of the user packet based on the configured MAC address entry. If the destination MAC address of the user packet is the same as the MAC address configured in this table, the packet is discarded. The index of this table is hwIpDslamDesMacFilteringIndex, which uniquely identifies the MAC address entry to be filtered by the system. " ::= { hwIpDslamSecurity 13 } hwIpDslamDesMacAddrFilteringEntry OBJECT-TYPE SYNTAX HwIpDslamDesMacAddrFilteringEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes the destination MAC address filtering function. With this function, the system checks the destination MAC address of the user packet based on the configured MAC address entry. If the destination MAC address of the user packet is the same as the MAC address configured in this table, the packet is discarded. The index of this entry is hwIpDslamDesMacFilteringIndex, which uniquely identifies the MAC address entry to be filtered by the system. " INDEX { hwIpDslamDesMacFilteringIndex } ::= { hwIpDslamDesMacAddrFilteringTable 1 } HwIpDslamDesMacAddrFilteringEntry ::= SEQUENCE { hwIpDslamDesMacFilteringIndex Integer32, hwIpDslamDesMacFilteringDesMac MacAddress, hwIpDslamDesMacFilteringRowStatus RowStatus } hwIpDslamDesMacFilteringIndex OBJECT-TYPE SYNTAX Integer32(1..4) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index, which uniquely identifies the MAC address entry to be filtered by the system. " ::= { hwIpDslamDesMacAddrFilteringEntry 1 } hwIpDslamDesMacFilteringDesMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the MAC address to be filtered. " ::= { hwIpDslamDesMacAddrFilteringEntry 2 } hwIpDslamDesMacFilteringRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. Creating, deleting, and querying MAC address filtering are supported. In the creation, reserve hwIpDslamDesMacFilteringIndex, hwIpDslamDesMacFilteringDesMac, and hwIpDslamDesMacFilteringRowStatus; set hwIpDslamDesMacFilteringRowStatus to createAndGo(4). The range of hwIpDslamDesMacFilteringIndex is [1, 4] and the index must be specified. In the deletion, you only need to reserve hwIpDslamDesMacFilteringDesMac and hwIpDslamDesMacFilteringRowStatus; set hwIpDslamDesMacFilteringDesMac to the MAC address to be deleted, set hwIpDslamDesMacFilteringRowStatus to destroy(6), and then click set to delete the MAC address. hwIpDslamDesMacFilteringIndex must be specified and issued in the query. Options: 1. active(1) -indicates query operation 2. createAndGo(4) -create MAC address filtering 3. destroy(6) -delete MAC address filtering " ::= { hwIpDslamDesMacAddrFilteringEntry 3 } hwIpDslamDynSrcMacAddrFilteringTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamDynSrcMacAddrFilteringEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying the dynamically learned MAC address on the network side. The system checks the source MAC address of the user packet based on this MAC address entry. If the source MAC address of the user packet is the same as the MAC address in this table, the packet is discarded. The index of this table is hwIpDslamDynSrcMacFilteringIndex, which uniquely identifies the MAC address entry to be filtered by the system. " ::= { hwIpDslamSecurity 14 } hwIpDslamDynSrcMacAddrFilteringEntry OBJECT-TYPE SYNTAX HwIpDslamDynSrcMacAddrFilteringEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying the dynamically learned MAC address on the network side. The system checks the source MAC address of the user packet based on this MAC address entry. If the source MAC address of the user packet is the same as the MAC address in this table, the packet is discarded. The index of this entry is hwIpDslamDynSrcMacFilteringIndex, which uniquely identifies the MAC address entry to be filtered by the system. " INDEX { hwIpDslamDynSrcMacFilteringIndex } ::= { hwIpDslamDynSrcMacAddrFilteringTable 1 } HwIpDslamDynSrcMacAddrFilteringEntry ::= SEQUENCE { hwIpDslamDynSrcMacFilteringIndex Integer32, hwIpDslamDynSrcMacFilteringSrcMac MacAddress, hwIpDslamDynSrcMacFilteringVlan Unsigned32 } hwIpDslamDynSrcMacFilteringIndex OBJECT-TYPE SYNTAX Integer32(1..1040) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the index, which uniquely identifies the MAC address entry to be filtered by the system. Range: 1-1040 " ::= { hwIpDslamDynSrcMacAddrFilteringEntry 1 } hwIpDslamDynSrcMacFilteringSrcMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the MAC address to be filtered. " ::= { hwIpDslamDynSrcMacAddrFilteringEntry 2 } hwIpDslamDynSrcMacFilteringVlan OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates VLAN ID of the MAC address to be filtered. " ::= { hwIpDslamDynSrcMacAddrFilteringEntry 3 } hwIpDslamMacAbnormalDetectStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The switch of the Mac-Abnormal-Detect function. Options: 1. enabled(1) -indicates the Mac-Abnormal-Detect function is enabled 2. disabled(2) -indicates the Mac-Abnormal-Detect function is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 15 } hwIpDslamMacAbnormalDetectIntervalTime OBJECT-TYPE SYNTAX Integer32 ( 30..3600 ) MAX-ACCESS read-write STATUS current DESCRIPTION "The interval of the Mac-Abnormal-Detect. Range: 30-3600 Unit: second Default: 60 " ::= { hwIpDslamSecurity 16 } hwIpDslamAntiIpServicePortTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamAntiIpServicePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for enabling or disabling anti-IP-spoofing of the service port. Anti-IP-spoofing on a service port takes effect only when it is enabled globally and is enabled on this service port. The index of this table is hwIpDslamAntiIpServicePortIndex, indicating the index of the service port. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. " ::= { hwIpDslamSecurity 17 } hwIpDslamAntiIpServicePortEntry OBJECT-TYPE SYNTAX HwIpDslamAntiIpServicePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for enabling or disabling anti-IP-spoofing of the service port. Anti-IP-spoofing on a service port takes effect only when it is enabled globally and is enabled on this service port. The index of this entry is hwIpDslamAntiIpServicePortIndex, indicating the index of the service port. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. " INDEX { hwIpDslamAntiIpServicePortIndex } ::= { hwIpDslamAntiIpServicePortTable 1 } HwIpDslamAntiIpServicePortEntry ::= SEQUENCE { hwIpDslamAntiIpServicePortIndex Integer32, hwIpDslamAntiIpServicePortStatus EnabledStatus, hwIpDslamAntiIpv6ServicePortStatus EnabledStatus } hwIpDslamAntiIpServicePortIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the service port bound to a specified IP address. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. Range: Begin with 1 " ::= { hwIpDslamAntiIpServicePortEntry 1 } hwIpDslamAntiIpServicePortStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the anti-IP-spoofing status of the service port. Options: 1. enabled(1) -indicates the anti-IP-spoofing status is enabled 2. disabled(2) -indicates the anti-IP-spoofing status is disabled Default: enabled(1) " ::= { hwIpDslamAntiIpServicePortEntry 2 } hwIpDslamAntiIpv6ServicePortStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the anti-IPv6-spoofing status of the service port. Options: 1. enabled(1) -indicates the anti-IPv6-spoofing status is enabled 2. disabled(2) -indicates the anti-IPv6-spoofing status is disabled Default: enabled(1) " ::= { hwIpDslamAntiIpServicePortEntry 3 } hwIpDslamAntiDosAlarmThreshold OBJECT-TYPE SYNTAX Integer32 ( 10..200 ) MAX-ACCESS read-write STATUS current DESCRIPTION "The alarm threshold of ANTI-DOS. if a PVC send the packets to CPU more than the threshold in one second, the DoS generated. Range: 10-200 Default: 20 " ::= { hwIpDslamSecurity 18 } hwIpDslamAntiDosPortAction OBJECT-TYPE SYNTAX INTEGER{ deactive(1), none(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The port action of DoS occurs. Options: 1. deactive(1) -disactive the user. 2. none(2) -do nothing. Default: deactive(1) " ::= { hwIpDslamSecurity 19 } hwIpDslamAntiDosResumeTime OBJECT-TYPE SYNTAX Integer32 ( 10..2880 ) UNITS "minute" MAX-ACCESS read-write STATUS current DESCRIPTION "The port resume time of ANTI-DOS, it must be a multiple of 10. Range: 10-2880 Unit: minute Default: 60 " ::= { hwIpDslamSecurity 20 } hwIpDslamArpDetectMode OBJECT-TYPE SYNTAX INTEGER{ gateway(1), dummy(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the arp detection mode. when dhcp spoofing send the arp detecting packet,use the gateway mode, the source mac will be the gateway mac,or if use the dummy mode, the source mac will be the mac of the bridge and the ip address should set to 0. Options: 1. gateway(1) -the source mac will be the gateway mac 2. dummy(2) -the source mac will be the bridge mac Default: dummy(2) " ::= { hwIpDslamSecurity 21 } hwIpDslamSecurityVlanCtrlTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamSecurityVlanCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table used to configure the IP-spoofing based on VLAN. The index of this table is hwIpDslamSecurityVlanCtrlIndex. " ::= { hwIpDslamSecurity 22 } hwIpDslamSecurityVlanCtrlEntry OBJECT-TYPE SYNTAX HwIpDslamSecurityVlanCtrlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table used to configure the IP-spoofing based on VLAN. The index of this entry is hwIpDslamSecurityVlanCtrlIndex. " INDEX { hwIpDslamSecurityVlanCtrlIndex } ::= { hwIpDslamSecurityVlanCtrlTable 1 } HwIpDslamSecurityVlanCtrlEntry ::= SEQUENCE { hwIpDslamSecurityVlanCtrlIndex Integer32, hwIpDslamSecurityVlanCtrlIpSpoofing INTEGER } hwIpDslamSecurityVlanCtrlIndex OBJECT-TYPE SYNTAX Integer32 (1..4093) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The index of the table, identifier a VLAN ID. " ::= { hwIpDslamSecurityVlanCtrlEntry 1 } hwIpDslamSecurityVlanCtrlIpSpoofing OBJECT-TYPE SYNTAX INTEGER { disable(1), enable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The status of anti-ipspoofing switch. Options: 1. disable(1) -disable the switch 2. enable(2) -enable the switch " ::= { hwIpDslamSecurityVlanCtrlEntry 2 } -- ANTI-DoS attack policy hwIpDslamAntiDosPolicy OBJECT-TYPE SYNTAX INTEGER { default(1), deactivePorts(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The Policy of ANTI-DOS. Options: 1. default(1) -default process 2. deactivePorts(2) -deactive the xdsl port which detects dos attack happened based on default process Default: default(1) " ::= { hwIpDslamSecurity 23 } -- anti-dos attack packet process policy hwIpDslamAntiDosPacketProcPolicy OBJECT-TYPE SYNTAX INTEGER {deny(1),permit(2)} MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the policy for processing packets in anti-DoS-attack. Options: 1. deny(1) -denies processing packets in anti-DoS-attack 2. permit(2) -permits processing packets in anti-DoS-attack Default: deny(1) " ::= { hwIpDslamSecurity 24 } -- anti-dos attack packet limit table hwIpDslamAntiDosPacketLimitTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamAntiDosPacketLimitEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for setting or querying the threshold for the port-based packet rate in anti-DoS-attack. The traffic exceeding this threshold is discarded. The indexes of this table are hwIpDslamAntiDosPacketLimitIfIndex, hwIpDslamAntiDosPacketLimitSecondIndex, and hwIpDslamAntiDosPacketLimitThirdIndex. hwIpDslamAntiDosPacketLimitIfIndex is the port index and its meaning is the same as that of ifIndex in ifTable of rfc1213 IF_MIB. hwIpDslamAntiDosPacketLimitSecondIndex is the second index of the table. The meaning varies with the port type. It must be 0xFFFFFFFF for the DSL or ETH port, and is the ONT ID or 0xFFFFFFFF for the xPON port. hwIpDslamAntiDosPacketLimitThirdIndex is the third index of the table. The meaning varies with the port type. It must be 0xFFFFFFFF for the DSL, ETH, or EPON port, and its value is gemindex or gemport ID for the GPON port. When hwIpDslamAntiDosPacketLimitIfIndex is 0xFFFFFFFD, hwIpDslamAntiDosPacketLimitSecondIndex indicates the GPON end to end service flow index and hwIpDslamAntiDosPacketLimitThirdIndex is invalid value 0xFFFFFFFF. " ::= { hwIpDslamSecurity 25 } hwIpDslamAntiDosPacketLimitEntry OBJECT-TYPE SYNTAX HwIpDslamAntiDosPacketLimitEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for setting or querying the threshold for the port-based packet rate in anti-DoS-attack. The traffic exceeding this threshold is discarded. The indexes of this entry are hwIpDslamAntiDosPacketLimitIfIndex, hwIpDslamAntiDosPacketLimitSecondIndex, and hwIpDslamAntiDosPacketLimitThirdIndex. hwIpDslamAntiDosPacketLimitIfIndex is the port index and its meaning is the same as that of ifIndex in ifTable of rfc1213 IF_MIB. hwIpDslamAntiDosPacketLimitSecondIndex is the second index of the table. The meaning varies with the port type. It must be 0xFFFFFFFF for the DSL or ETH port, and is the ONT ID or 0xFFFFFFFF for the xPON port. hwIpDslamAntiDosPacketLimitThirdIndex is the third index of the table. The meaning varies with the port type. It must be 0xFFFFFFFF for the DSL, ETH, or EPON port, and its value is gemindex or gemport ID for the GPON port. When hwIpDslamAntiDosPacketLimitIfIndex is 0xFFFFFFFD, hwIpDslamAntiDosPacketLimitSecondIndex indicates the GPON end to end service flow index and hwIpDslamAntiDosPacketLimitThirdIndex is invalid value 0xFFFFFFFF. " INDEX { hwIpDslamAntiDosPacketLimitIfIndex, hwIpDslamAntiDosPacketLimitSecondIndex, hwIpDslamAntiDosPacketLimitThirdIndex } ::= { hwIpDslamAntiDosPacketLimitTable 1 } HwIpDslamAntiDosPacketLimitEntry ::= SEQUENCE { hwIpDslamAntiDosPacketLimitIfIndex Integer32, hwIpDslamAntiDosPacketLimitSecondIndex Integer32, hwIpDslamAntiDosPacketLimitThirdIndex Integer32, hwIpDslamAntiDosPacketLimitValue Integer32, hwIpDslamAntiDosPacketLimitRowStatus RowStatus, hwIpDslamAntiDosIgmpPacketLimitValue Integer32, hwIpDslamAntiDosDhcpPacketLimitValue Integer32, hwIpDslamAntiDosArpPacketLimitValue Integer32, hwIpDslamAntiDosPppoePacketLimitValue Integer32 } hwIpDslamAntiDosPacketLimitIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Its meaning is the same as that of ifIndex in ifTable of rfc1213 IF_MIB. " ::= { hwIpDslamAntiDosPacketLimitEntry 1 } hwIpDslamAntiDosPacketLimitSecondIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the second index. The meaning varies with the port type. It must be 0xFFFFFFFF for the DSL or ETH port, and is the ONT ID or 0xFFFFFFFF for the xPON port. When hwIpDslamAntiDosPacketLimitIfIndex is 0xFFFFFFFD, hwIpDslamAntiDosPacketLimitSecondIndex indicates the GPON end to end service flow index. " ::= { hwIpDslamAntiDosPacketLimitEntry 2 } hwIpDslamAntiDosPacketLimitThirdIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the third index. The meaning varies with the port type. It must be 0xFFFFFFFF for the DSL, ETH, or EPON port and its value is gemindex or gemport ID for the GPON port. It must be 0xFFFFFFFF When hwIpDslamAntiDosPacketLimitIfIndex is 0xFFFFFFFD. " ::= { hwIpDslamAntiDosPacketLimitEntry 3 } hwIpDslamAntiDosPacketLimitValue OBJECT-TYPE SYNTAX Integer32 (-1|0..254) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the threshold for the packet rate of the port. The value -1 is returned if the port does not support this operation. The unit is pps. " DEFVAL { 63 } ::= { hwIpDslamAntiDosPacketLimitEntry 4 } hwIpDslamAntiDosPacketLimitRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status and is used for setting or querying the threshold for the packet rate in anti-DoS-attack. The option createAndGo(4) or destroy(6) is not supported during setting or query. During query, active(1) is fixedly returned for this leaf. Options: 1. active(1) -indicates query operation " DEFVAL { active } ::= { hwIpDslamAntiDosPacketLimitEntry 5 } hwIpDslamAntiDosIgmpPacketLimitValue OBJECT-TYPE SYNTAX Integer32 (-1|0..63|65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the threshold for the IGMP packet rate of the port. The value -1 is returned if the port does not support this operation. The value 65535 means that the port does not limit the IGMP packet rate. The unit is pps. " DEFVAL { 65535 } ::= { hwIpDslamAntiDosPacketLimitEntry 6 } hwIpDslamAntiDosDhcpPacketLimitValue OBJECT-TYPE SYNTAX Integer32 (-1|0..63|65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the threshold for the DHCP packet rate of the port. The value -1 is returned if the port does not support this operation. The value 65535 means that the port does not limit the DHCP packet rate. The unit is the number of packets per period. The period is defined in hwIpDslamAntiDosDhcpPacketLimitPeriod. " DEFVAL { 65535 } ::= { hwIpDslamAntiDosPacketLimitEntry 7 } hwIpDslamAntiDosArpPacketLimitValue OBJECT-TYPE SYNTAX Integer32 (-1|0..63|65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the threshold for the ARP packet rate of the port. The value -1 is returned if the port does not support this operation. The value 65535 means that the port does not limit the ARP packet rate. The unit is pps. " DEFVAL { 65535 } ::= { hwIpDslamAntiDosPacketLimitEntry 8 } hwIpDslamAntiDosPppoePacketLimitValue OBJECT-TYPE SYNTAX Integer32 (-1|0..63|65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the threshold for the PPPoE packet rate of the port. The value -1 is returned if the port does not support this operation. The value 65535 means that the port does not limit the PPPoE packet rate. The unit is pps. " DEFVAL { 65535 } ::= { hwIpDslamAntiDosPacketLimitEntry 9 } -- the traps VbOids hwIpDslamTrapsVbOids OBJECT IDENTIFIER ::= { hwIpDslamSecurity 26 } hwMacAddressBoundToAnotherPort OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Mac address bound to another port. " ::= { hwIpDslamTrapsVbOids 1 } hwIpAddressCarriedInPackets OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IP Address carried in the packets. " ::= { hwIpDslamTrapsVbOids 2 } hwIpDslamBindIpFailedIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IP Address." ::= { hwIpDslamTrapsVbOids 3 } hwIpDslamBindMacFailedMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "MAC Address." ::= { hwIpDslamTrapsVbOids 4 } hwIpDslamSecurityXponOntIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "xPON ONT ID." ::= { hwIpDslamTrapsVbOids 5 } hwIpDslamDoSAttackOccurEocCnuID OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "EoC CNU ID." ::= { hwIpDslamTrapsVbOids 6 } hwIpDslamBindIpFailedIpv6Addr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IPv6 Address." ::= { hwIpDslamTrapsVbOids 7 } hwIpDslamBindIpFailedIpv6PrefixLength OBJECT-TYPE SYNTAX Integer32(1..128) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IPv6 Address Prefix Length." ::= { hwIpDslamTrapsVbOids 8 } hwIpDslamIpv6AddressCarriedInPackets OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IPv6 Address carried in the packets." ::= { hwIpDslamTrapsVbOids 9 } hwIpDslamIpv6AddressPrefixlengthCarriedInPackets OBJECT-TYPE SYNTAX Integer32(1..128) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "IPv6 Address Prefix length carried in the packets." ::= { hwIpDslamTrapsVbOids 10 } hwIpDslamAddressAllocationMode OBJECT-TYPE SYNTAX INTEGER { dhcp(1), dhcpv6(2), slaac(3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The allocation mode of IP Address or IPv6 Address. Options: 1. dhcp(1) -indicates IP Address is allocated by DHCP 2. dhcpv6(2) -indicates IPv6 Address is allocated by DHCPv6 3. slaac(3) -indicates IPv6 Address is allocated by SLAAC " ::= { hwIpDslamTrapsVbOids 11 } hwIpDslamServerIpAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IP address of DHCP Server. " ::= { hwIpDslamTrapsVbOids 12 } hwIpDslamServerIpv6Address OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IPv6 address of Server. " ::= { hwIpDslamTrapsVbOids 13 } hwIpDslamDoSAttackOccurCMIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "CM Index." ::= { hwIpDslamTrapsVbOids 14 } hwIpDslamDoSAttackOccurCMMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "CM MAC address, is same with docsIfCmtsCmMac from DOCS-IF-MIB." ::= { hwIpDslamTrapsVbOids 15 } hwIpDslamNotifyCMIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "CM Index." ::= { hwIpDslamTrapsVbOids 16 } hwIpDslamNotifyCMMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "CM MAC address, same as docsIfCmtsCmMac from DOCS-IF-MIB." ::= { hwIpDslamTrapsVbOids 17 } hwIpDslamTraps OBJECT IDENTIFIER ::= { hwIpDslamSecurity 27 } hwIpDslamCommonTraps OBJECT IDENTIFIER ::= { hwIpDslamTraps 1 } hwIpDslamCommonTrapsPrefix OBJECT IDENTIFIER ::= { hwIpDslamCommonTraps 0 } hwIpDslamAlarmTraps OBJECT IDENTIFIER ::= { hwIpDslamTraps 2 } hwIpDslamAlarmTrapsPrefix OBJECT IDENTIFIER ::= { hwIpDslamAlarmTraps 0 } -- common traps hwIpDslamBindMacFailedTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwIpDslamBindIpFailedIpAddr, hwIpDslamBindMacFailedMacAddr } STATUS current DESCRIPTION "The hwIpDslamBindMacFailedTrap will be sent when bind mac failed. The hwIpDslamBindIpFailedIpAddr is the user ip address, the hwIpDslamBindMacFailedMacAddr is the user mac address, they are defined in hwIpDslamTrapsVbOids. " ::= { hwIpDslamCommonTraps 0 1 } hwIpDslamBindIpFailedTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwIpDslamBindIpFailedIpAddr, hwIpDslamBindMacFailedMacAddr } STATUS current DESCRIPTION "The hwIpDslamBindIpFailedTrap will be sent when bind ip failed. The hwIpDslamBindIpFailedIpAddr is the user ip address, the hwIpDslamBindMacFailedMacAddr is the user mac address, they are defined in hwIpDslamTrapsVbOids. " ::= { hwIpDslamCommonTraps 0 2 } hwIpDslamBindIpv6FailedTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwIpDslamBindMacFailedMacAddr, hwIpDslamBindIpFailedIpv6Addr, hwIpDslamBindIpFailedIpv6PrefixLength } STATUS current DESCRIPTION "The hwIpDslamBindIpv6FailedTrap will be sent when bind ipv6 failed. The hwIpDslamBindIpFailedIpv6Addr is the user ipv6 address, the hwIpDslamBindMacFailedMacAddr is the user mac address, hwIpDslamBindIpFailedIpv6PrefixLength is prefix length of ipv6 address. they are defined in hwIpDslamTrapsVbOids. " ::= { hwIpDslamCommonTraps 0 3 } -- alarm traps hwIpDslamP2pPortDoSAttackOccurTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex } STATUS current DESCRIPTION "The hwIpDslamP2pPortDoSAttackOccurTrap will be sent when a DoS attack occurred in the P2P port. " ::= { hwIpDslamAlarmTraps 0 1 } hwIpDslamP2pPortDoSAttackDisappearTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex } STATUS current DESCRIPTION "The hwIpDslamP2pPortDoSAttackDisappearTrap will be sent when a DoS attack disappearss from the P2P port. " ::= { hwIpDslamAlarmTraps 0 2 } hwIpDslamDistributingModeGponPortDoSAttackOccurTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDevicePortidObjectIndex } STATUS current DESCRIPTION "The hwIpDslamDistributingModeGponPortDoSAttackOccurtTrap will be sent when a DoS attack occurred on the GPON port. " ::= { hwIpDslamAlarmTraps 0 3 } hwIpDslamDistributingModeGponPortDoSAttackDisappearTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDevicePortidObjectIndex } STATUS current DESCRIPTION "The hwIpDslamDistributingModeGponPortDoSAttackDisappearTrap will be sent when a DoS attack disappears from the GPON port. " ::= { hwIpDslamAlarmTraps 0 4 } hwIpDslamEponPortDoSAttackOccurTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwEponDeviceOntIndex } STATUS current DESCRIPTION "The hwIpDslamEponPortDoSAttackOccurTrap will be sent when a DoS attack occurred on the EPON port. " ::= { hwIpDslamAlarmTraps 0 5 } hwIpDslamEponPortDoSAttackDisappearTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwEponDeviceOntIndex } STATUS current DESCRIPTION "The hwIpDslamEponPortDoSAttackDisappearTrap will be sent when a DoS attack disappears from the EPON port. " ::= { hwIpDslamAlarmTraps 0 6 } hwIpDslamProfileModeGponPortDoSAttackOccurTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDeviceOntIndex, hwGponDeviceLineProfGemCfgGemIndex } STATUS current DESCRIPTION "The hwIpDslamProfileModeGponPortDoSAttackOccurTrap will be sent when a DoS attack occurred on the GPON port. " ::= { hwIpDslamAlarmTraps 0 7 } hwIpDslamProfileModeGponPortDoSAttackDisappearTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDeviceOntIndex, hwGponDeviceLineProfGemCfgGemIndex } STATUS current DESCRIPTION "The hwIpDslamProfileModeGponPortDoSAttackDisappearTrap will be sent when a DoS attack disappears from the GPON port. " ::= { hwIpDslamAlarmTraps 0 8 } hwIpDslamMacAddressBoundToAnotherPortTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwVlanIndex, hwExtSrvFlowIndex, hwMacAddressBoundToAnotherPort } STATUS current DESCRIPTION "The hwIpDslamMacAddressBoundToAnotherPortTrap will be sent when a MAC address that is bound to another port occurred on the port. The hwMacAddressBoundToAnotherPort is the mac address bound to another port, defined in hwIpDslamTrapsVbOids. " ::= { hwIpDslamAlarmTraps 0 9 } hwIpDslamIpDifferFromBindIpTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwVlanIndex, hwIpDslamIpAddrDynamicBindingFlowId, hwIpDslamIpAddrDynamicBindingIpAddr, hwIpAddressCarriedInPackets } STATUS current DESCRIPTION "The hwIpDslamIpDifferFromBindIpTrap will be sent when the IP address which is different from the binding IP address. The hwIpAddressCarriedInPackets is ip address carried in packets, defined in hwIpDslamTrapsVbOids. " ::= { hwIpDslamAlarmTraps 0 10 } hwIpDslamMacAddressBoundToAnotherXponPortTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwVlanIndex, hwExtSrvFlowIndex, hwIpDslamSecurityXponOntIndex, hwMacAddressBoundToAnotherPort } STATUS current DESCRIPTION "The hwIpDslamMacAddressBoundToAnotherXponPortTrap will be sent when a MAC address that is bound to another port occurred on the port. The hwMacAddressBoundToAnotherPort is the mac address bound to another port, defined in hwIpDslamTrapsVbOids. " ::= { hwIpDslamAlarmTraps 0 11 } hwIpDslamEocPortDoSAttackOccurTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwIpDslamDoSAttackOccurEocCnuID } STATUS current DESCRIPTION "The hwIpDslamEocPortDoSAttackOccurTrap will be sent when a DoS attack occurred on the EoC port. " ::= { hwIpDslamAlarmTraps 0 12 } hwIpDslamEocPortDoSAttackDisappearTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwIpDslamDoSAttackOccurEocCnuID } STATUS current DESCRIPTION "The hwIpDslamEocPortDoSAttackDisappearTrap will be sent when a DoS attack disappears from the EoC port. " ::= { hwIpDslamAlarmTraps 0 13 } hwIpDslamIpv6DifferFromBindIpv6Trap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwVlanIndex, hwFlowID, hwIpDslamIpv6AddressCarriedInPackets, hwIpDslamIpv6AddressPrefixlengthCarriedInPackets } STATUS current DESCRIPTION "The hwIpDslamIpv6DifferFromBindIpv6Trap will be sent when the IPv6 address which is different from the binding IPv6 address. The hwIpDslamIpv6AddressCarriedInPackets is IPv6 address carried in packets, the hwIpDslamIpv6AddressPrefixlengthCarriedInPackets is prefix length of IPv6 address carried in packets, they are defined in hwIpDslamTrapsVbOids. " ::= { hwIpDslamAlarmTraps 0 14 } hwIpDslamAllocatedIpConflictTrap NOTIFICATION-TYPE OBJECTS { hwVlanIndex, hwIpDslamServerIpAddress, hwIpDslamAddressAllocationMode, hwIpAddressCarriedInPackets } STATUS current DESCRIPTION "The hwIpDslamAllocatedIpConflictTrap will be sent when the IP address allocated by the server is the same as the IP address bound to an existing user, hwIpDslamServerIpAddress is the IP address of DHCP server, defined in hwIpDslamTrapsVbOids, hwIpDslamAddressAllocationMode is the allocation mode of IP Address or IPv6 Address, defined in hwIpDslamTrapsVbOids. " ::= { hwIpDslamAlarmTraps 0 15 } hwIpDslamAllocatedIpv6ConflictTrap NOTIFICATION-TYPE OBJECTS { hwVlanIndex, hwIpDslamServerIpv6Address, hwIpDslamAddressAllocationMode, hwIpDslamIpv6AddressCarriedInPackets, hwIpDslamIpv6AddressPrefixlengthCarriedInPackets } STATUS current DESCRIPTION "The hwIpDslamAllocatedIpv6ConflictTrap will be sent when the IPv6 address allocated by the server is the same as the IPv6 address bound to an existing user, hwIpDslamServerIpv6Address is the IPv6 address of server, defined in hwIpDslamTrapsVbOids. " ::= { hwIpDslamAlarmTraps 0 16 } hwIpDslamP2pPortDataPackageIpSpoofingTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex } STATUS current DESCRIPTION "The hwIpDslamP2pPortDataPackageIpSpoofingTrap will be sent when the port receives the forwarding plane IPv4 spoofing packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 17 } hwIpDslamDistributingModeGponPortDataPackageIpSpoofingTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDevicePortidObjectIndex } STATUS current DESCRIPTION "The hwIpDslamDistributingModeGponPortDataPackageIpSpoofingTrap will be sent when the GEM port receives the forwarding plane IPv4 spoofing packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 18 } hwIpDslamProfileModeGponPortDataPackageIpSpoofingTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDeviceOntIndex, hwGponDeviceLineProfGemCfgGemIndex } STATUS current DESCRIPTION "The hwIpDslamProfileModeGponPortDataPackageIpSpoofingTrap will be sent when the GEM port receives the forwarding plane IPv4 spoofing packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 19 } hwIpDslamP2pPortDataPackageIpv6SpoofingTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex } STATUS current DESCRIPTION "The hwIpDslamP2pPortDataPackageIpv6SpoofingTrap will be sent when the port receives the forwarding plane IPv6 spoofing packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 20 } hwIpDslamDistributingModeGponPortDataPackageIpv6SpoofingTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDevicePortidObjectIndex } STATUS current DESCRIPTION "The hwIpDslamDistributingModeGponPortDataPackageIpv6SpoofingTrap will be sent when the GEM port receives the forwarding plane IPv6 spoofing packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 21 } hwIpDslamProfileModeGponPortDataPackageIpv6SpoofingTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDeviceOntIndex, hwGponDeviceLineProfGemCfgGemIndex } STATUS current DESCRIPTION "The hwIpDslamProfileModeGponPortDataPackageIpv6SpoofingTrap will be sent when the GEM port receives the forwarding plane IPv6 spoofing packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 22 } hwIpDslamP2pPortDataPackageMacSpoofingTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex } STATUS current DESCRIPTION "The hwIpDslamP2pPortDataPackageMacSpoofingTrap will be sent when the port receives the forwarding plane MAC spoofing packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 23 } hwIpDslamDistributingModeGponPortDataPackageMacSpoofingTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDevicePortidObjectIndex } STATUS current DESCRIPTION "The hwIpDslamDistributingModeGponPortDataPackageMacSpoofingTrap will be sent when the GEM port receives the forwarding plane MAC spoofing packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 24 } hwIpDslamProfileModeGponPortDataPackageMacSpoofingTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDeviceOntIndex, hwGponDeviceLineProfGemCfgGemIndex } STATUS current DESCRIPTION "The hwIpDslamProfileModeGponPortDataPackageMacSpoofingTrap will be sent when the GEM port receives the forwarding plane MAC spoofing packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 25 } hwIpDslamP2pPortIllegleArpTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex } STATUS current DESCRIPTION "The hwIpDslamP2pPortIllegleArpTrap will be sent when the port receives the forwarding plane invalid ARP packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 26 } hwIpDslamDistributingModeGponPortIllegleArpTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDevicePortidObjectIndex } STATUS current DESCRIPTION "The hwIpDslamDistributingModeGponPortIllegleArpTrap will be sent when the GEM port receives the forwarding plane invalid ARP packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 27 } hwIpDslamProfileModeGponPortIllegleArpTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwGponDeviceOntIndex, hwGponDeviceLineProfGemCfgGemIndex } STATUS current DESCRIPTION "The hwIpDslamProfileModeGponPortIllegleArpTrap will be sent when the GEM port receives the forwarding plane invalid ARP packet sent by the user. " ::= { hwIpDslamAlarmTraps 0 28 } hwIpDslamCMPortDoSAttackOccurTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwIpDslamDoSAttackOccurCMIndex, hwIpDslamDoSAttackOccurCMMacAddress } STATUS current DESCRIPTION "The hwIpDslamCMPortDoSAttackOccurTrap will be sent when a DoS attack occurred on the CMC. " ::= { hwIpDslamAlarmTraps 0 29 } hwIpDslamCMPortDoSAttackDisappearTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwIpDslamDoSAttackOccurCMIndex, hwIpDslamDoSAttackOccurCMMacAddress } STATUS current DESCRIPTION "The hwIpDslamCMPortDoSAttackDisappearTrap will be sent when a DoS attack disappears from the CMC. " ::= { hwIpDslamAlarmTraps 0 30 } hwIpDslamOntBcAttackOccurTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwIpDslamAntiBcAttackOntQueryOntId } STATUS current DESCRIPTION "The hwIpDslamOntBcAttackOccurTrap will be sent when the ONT occurred the broadcast-attack. " ::= { hwIpDslamAlarmTraps 0 31 } hwIpDslamCMTSMacAddressBoundToAnotherPortTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwVlanIndex, hwIpDslamNotifyCMIndex, hwIpDslamNotifyCMMacAddress, hwMacAddressBoundToAnotherPort } STATUS current DESCRIPTION "The hwIpDslamCMTSMacAddressBoundToAnotherPortTrap will be sent when the user of this CM uses a MAC address bound to another user or not bound to this user. " ::= { hwIpDslamAlarmTraps 0 32 } hwIpDslamCMTSIpDifferFromBindIpTrap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwVlanIndex, hwIpDslamNotifyCMIndex, hwIpDslamNotifyCMMacAddress, hwIpAddressCarriedInPackets } STATUS current DESCRIPTION "The hwIpDslamCMTSIpDifferFromBindIpTrap will be sent when the user of this CM uses an IP address not bound to this user. " ::= { hwIpDslamAlarmTraps 0 33 } hwIpDslamCMTSIpv6DifferFromBindIpv6Trap NOTIFICATION-TYPE OBJECTS { hwFrameIndex, hwSlotIndex, hwPortIndex, hwVlanIndex, hwIpDslamNotifyCMIndex, hwIpDslamNotifyCMMacAddress, hwIpDslamIpv6AddressCarriedInPackets, hwIpDslamIpv6AddressPrefixlengthCarriedInPackets } STATUS current DESCRIPTION "The hwIpDslamCMTSIpv6DifferFromBindIpv6Trap will be sent when the user of this CM uses an IPv6 address not bound to this user. " ::= { hwIpDslamAlarmTraps 0 34 } -- Security conflict log table hwIpDslamSecurityConflictLogTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamSecurityConflictLogEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying the IP/MAC conflict logs of the DHCP, PPPOE, SLAAC and DHCPv6 packets when the anti-IP-spoofing or anti-MAC-spoofing is enabled. The index of this table is hwIpDslamSecurityConflictLogIndex, which is the index of the control module of the system conflict logs. " ::= { hwIpDslamSecurity 28 } hwIpDslamSecurityConflictLogEntry OBJECT-TYPE SYNTAX HwIpDslamSecurityConflictLogEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying the IP/MAC conflict logs of the DHCP, PPPOE, SLAAC and DHCPv6 packets when the anti-IP-spoofing or anti-MAC-spoofing is enabled. The index of this entry is hwIpDslamSecurityConflictLogIndex, which is the index of the control module of the system conflict logs. " INDEX { hwIpDslamSecurityConflictLogIndex } ::= { hwIpDslamSecurityConflictLogTable 1 } HwIpDslamSecurityConflictLogEntry ::= SEQUENCE { hwIpDslamSecurityConflictLogIndex Unsigned32, hwIpDslamSecurityConflictLogVLAN Unsigned32, hwIpDslamSecurityConflictLogMAC MacAddress, hwIpDslamSecurityConflictLogIP IpAddress, hwIpDslamSecurityConflictLogFlowid Unsigned32, hwIpDslamSecurityConflictLogTime DateAndTime, hwIpDslamSecurityConflictLogClear INTEGER, hwIpDslamSecurityIPv6ConflictLogIpv6Prefix InetAddress, hwIpDslamSecurityConflictLogType INTEGER, hwIpDslamSecurityConflictLogCmIndex Unsigned32 } hwIpDslamSecurityConflictLogIndex OBJECT-TYPE SYNTAX Unsigned32(0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "Index of the log. The range of index is 1 to 256 when get the system conflict logs. The range of index is 0 to 4294967295 when clear the system conflict logs. The device will ignore the index and clear all the system conflict logs. " ::= { hwIpDslamSecurityConflictLogEntry 1 } hwIpDslamSecurityConflictLogVLAN OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "VLAN ID of the log, recorded when IP/MAC conflict occurred. " ::= { hwIpDslamSecurityConflictLogEntry 2 } hwIpDslamSecurityConflictLogMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "MAC address of the log, recorded when IP/MAC conflict occurred. " ::= { hwIpDslamSecurityConflictLogEntry 3 } hwIpDslamSecurityConflictLogIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "IP address of the log, recorded when IP/MAC conflict occurred. " ::= { hwIpDslamSecurityConflictLogEntry 4 } hwIpDslamSecurityConflictLogFlowid OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Service port index of the log, recorded when IP/MAC conflict occurred. " ::= { hwIpDslamSecurityConflictLogEntry 5 } hwIpDslamSecurityConflictLogTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The date and time of the log generated. For example, Tuesday May 26, 1992 at 1:30:15 PM EDT would be displayed as: 1992-5-26,13:30:15.0,-4:0 " ::= { hwIpDslamSecurityConflictLogEntry 6 } hwIpDslamSecurityConflictLogClear OBJECT-TYPE SYNTAX INTEGER { invalid(1), clearLog(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Clear the conflict log. Options: 1. invalid(1) -indicates query operation 2. clearLog(2) -clear the conflict log " ::= { hwIpDslamSecurityConflictLogEntry 7 } hwIpDslamSecurityIPv6ConflictLogIpv6Prefix OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates IPv6 prefix in the log. It is recorded when IPv6 conflict occurred. For example, 1111:1111::2232/128. It is a null string when IPv4 conflict occurred. " ::= { hwIpDslamSecurityConflictLogEntry 8 } hwIpDslamSecurityConflictLogType OBJECT-TYPE SYNTAX INTEGER { macconflict(1), ipconflict(2), ipv6conflict(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "the type of conflict log. Options: 1. macconflict(1) -indicates the Mac conflict log 2. ipconflict(2) -indicates the IPv4 conflict log 3. ipv6conflict(3) -indicates the IPv6 conflict log " ::= { hwIpDslamSecurityConflictLogEntry 9 } hwIpDslamSecurityConflictLogCmIndex OBJECT-TYPE SYNTAX Unsigned32(1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "CM index of the log, which is recorded when IP/MAC conflict occurrs. When the conflict user does not belong to any CM, the value of hwIpDslamSecurityConflictLogCmIndex is 0xFFFFFFFF(an invalid value). " ::= { hwIpDslamSecurityConflictLogEntry 10 } -- display IP/MAC conflict statistics table hwIpDslamSecurityConflictStatisticTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamSecurityConflictStatisticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying the statistics of the packets with IP/MAC conflict and illegal arp packets. The index of this table is hwIpDslamSecurityConflictStatIfindex, which is the index of the port. The meaning of hwIpDslamSecurityConflictStatIfindex is the same as that of ifIndex in ifTable of rfc1213 IF_MIB. " ::= { hwIpDslamSecurity 29 } hwIpDslamSecurityConflictStatisticEntry OBJECT-TYPE SYNTAX HwIpDslamSecurityConflictStatisticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying the statistics of the packets with IP/MAC conflict and illegal arp packets. The index of this entry is hwIpDslamSecurityConflictStatIfindex, which is the index of the port. The meaning of hwIpDslamSecurityConflictStatIfindex is the same as that of ifIndex in ifTable of rfc1213 IF_MIB. " INDEX { hwIpDslamSecurityConflictStatIfindex } ::= { hwIpDslamSecurityConflictStatisticTable 1 } HwIpDslamSecurityConflictStatisticEntry ::= SEQUENCE { hwIpDslamSecurityConflictStatIfindex Integer32, hwIpDslamSecurityConflictStatCount Counter32, hwIpDslamSecurityConflictStatClear INTEGER, hwIpDslamSecurityIllegalARPCount Counter32 } hwIpDslamSecurityConflictStatIfindex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The meaning of hwIpDslamSecurityConflictStatIfindex is the same as that of ifindex in standard IF MIB, which contains frame ID,slot ID and port ID. " ::= { hwIpDslamSecurityConflictStatisticEntry 1 } hwIpDslamSecurityConflictStatCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets which IP or MAC conflicted, this number is less than 65535. When the number is 0xffffffff(4294967295), it means the board is not supported. " ::= { hwIpDslamSecurityConflictStatisticEntry 2 } hwIpDslamSecurityConflictStatClear OBJECT-TYPE SYNTAX INTEGER { invalid(1), clearStatistic(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Clear the conflict statistic. If the value of hwIpDslamSecurityConflictStatIfindex is 4294967295, it means clearing all conflict statistics. Options: 1. invalid(1) -indicates query operation 2. clearStatistic(2) -clear the conflict statistic " ::= { hwIpDslamSecurityConflictStatisticEntry 3 } hwIpDslamSecurityIllegalARPCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of illegal arp packet. When the number is 0xffffffff(4294967295), it means the board is not supported. " ::= { hwIpDslamSecurityConflictStatisticEntry 4 } hwIpDslamAntiMacDuplicateStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-MAC-duplicate status. Options: 1. enabled(1) -indicates the anti-MAC-duplicate status is enabled 2. disabled(2) -indicates the anti-MAC-duplicate status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 30 } hwIpDslamIpv6NsReplySwitch OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The switch of the Ns-Reply function. Options: 1. enabled(1) -indicates the Ns-Reply function is enabled 2. disabled(2) -indicates the Ns-Reply function is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 31 } hwIpDslamIpv6NsReplyUnknownPolicy OBJECT-TYPE SYNTAX INTEGER {forward(1),discard(2)} MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting how to transmit the NS packets received from the network side. It takes effect only when the Ns-Reply function is enabled. It indicates whether the packet forwarded to users or not when the user is not on-line. If the Ns-Reply function is disabled, the node's setting is invalid. Options: 1. forward(1) -indicates the packet is forward. 2. discard(2) -indicates the packet is discarded. Default: forward(1) " ::= { hwIpDslamSecurity 32 } hwIpDslamAntiIpv6SpoofingStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-IPv6-spoofing status. Options: 1. enabled(1) -indicates the anti-IPv6-spoofing status is enabled 2. disabled(2) -indicates the anti-IPv6-spoofing status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 33 } hwIpv6NdDetectMode OBJECT-TYPE SYNTAX INTEGER{ gateway(1), dummy(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the ND detection mode. It takes effect to detect the user on-line or not. If using the dummy mode, the source IP/MAC in the ND detecting packet is the IP/MAC of the gateway. Otherwise, the source MAC is the MAC of the bridge and the source IP is the unspecified address. Options: 1. gateway(1) -the source MAC will be the gateway MAC 2. dummy(2) -the source MAC will be the bridge MAC Default: gateway(1) " ::= { hwIpDslamSecurity 34 } hwIpDslamIpv6DynamicBindingTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamIpv6DynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is the table for querying the dynamic binding item between the IPv6 address and the service port. If anti-IPv6-spoofing is enabled, the IPv6 address obtained by the user is bound to the corresponding service port when a user goes online. The packet can be transmitted upstream through the device only when the source IPv6 address of the packet is the same as the bound IPv6 address. Otherwise, the packet is discarded. At most two IPv6 addresses are supported for one user. If only one IPv6 address is allocated, the results of nodes hwIpDslamIpv6DynamicBindingIpv6Address2, hwIpDslamIpv6DynamicBindingPrefixLength2 and hwIpDslamIpv6DynamicBindingLeaseTime2 are invalid. The indexes of this table are hwIpDslamIpAddrDynamicBindingFlowId and hwIpDslamIpv6DynamicBindingItemIndex. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. The node hwIpDslamIpv6DynamicBindingItemIndex is the index of the IPv6 address bound to the service port. " ::= { hwIpDslamSecurity 35 } hwIpDslamIpv6DynamicBindingEntry OBJECT-TYPE SYNTAX HwIpDslamIpv6DynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is the table for querying the dynamic binding item between the IPv6 address and the service port. If anti-IPv6-spoofing is enabled, the IPv6 address obtained by the user is bound to the corresponding service port when a user goes online. The packet can be transmitted upstream through the device only when the source IPv6 address of the packet is the same as the bound IPv6 address. Otherwise, the packet is discarded. At most two IPv6 addresses are supported for one user. If only one IPv6 address is allocated, the results of nodes hwIpDslamIpv6DynamicBindingIpv6Address2, hwIpDslamIpv6DynamicBindingPrefixLength2 and hwIpDslamIpv6DynamicBindingLeaseTime2 are invalid. The indexes of this entry are hwIpDslamIpAddrDynamicBindingFlowId and hwIpDslamIpv6DynamicBindingItemIndex. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. The node hwIpDslamIpv6DynamicBindingItemIndex is the index of the IPv6 address bound to the service port. " INDEX { hwIpDslamIpv6AddrDynamicBindingFlowId, hwIpDslamIpv6DynamicBindingItemIndex } ::= { hwIpDslamIpv6DynamicBindingTable 1 } HwIpDslamIpv6DynamicBindingEntry ::= SEQUENCE { hwIpDslamIpv6AddrDynamicBindingFlowId Integer32, hwIpDslamIpv6DynamicBindingItemIndex Integer32, hwIpDslamIpv6DynamicBindingIpv6Address InetAddress, hwIpDslamIpv6DynamicBindingPrefixLength Integer32, hwIpDslamIpv6DynamicBindingLeaseTime Integer32, hwIpDslamIpv6DynamicBindingIpv6Address2 InetAddress, hwIpDslamIpv6DynamicBindingPrefixLength2 Integer32, hwIpDslamIpv6DynamicBindingLeaseTime2 Integer32 } hwIpDslamIpv6AddrDynamicBindingFlowId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the service port which a specified IPv6 address bound to. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. Range: Begin with 1 " ::= { hwIpDslamIpv6DynamicBindingEntry 1 } hwIpDslamIpv6DynamicBindingItemIndex OBJECT-TYPE SYNTAX Integer32(0..2047) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the IPv6 address bound to the service port. Range: 0-2047 " ::= { hwIpDslamIpv6DynamicBindingEntry 2 } hwIpDslamIpv6DynamicBindingIpv6Address OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the IPv6 address or prefix bound to a specified service port. The returned value :: indicates an invalid value. " ::= { hwIpDslamIpv6DynamicBindingEntry 3 } hwIpDslamIpv6DynamicBindingPrefixLength OBJECT-TYPE SYNTAX Integer32(0..128) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the IPv6 prefix length bound to a specified service port. Range: 0-128 The returned value 0 indicates an invalid value. " ::= { hwIpDslamIpv6DynamicBindingEntry 4 } hwIpDslamIpv6DynamicBindingLeaseTime OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the remaining lease time of the IPv6 address bound to a specified service port. Unit: second The returned value 0 indicates an invalid value. " ::= { hwIpDslamIpv6DynamicBindingEntry 5 } hwIpDslamIpv6DynamicBindingIpv6Address2 OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the IPv6 address or prefix bound to a specified service port. The returned value :: indicates an invalid value. " ::= { hwIpDslamIpv6DynamicBindingEntry 6 } hwIpDslamIpv6DynamicBindingPrefixLength2 OBJECT-TYPE SYNTAX Integer32(0..128) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the IPv6 prefix length bound to a specified service port. Range: 0-128 The returned value 0 indicates an invalid value. " ::= { hwIpDslamIpv6DynamicBindingEntry 7 } hwIpDslamIpv6DynamicBindingLeaseTime2 OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the remaining lease time of the IPv6 address bound to a specified service port. Unit: second The returned value 0 indicates an invalid value. " ::= { hwIpDslamIpv6DynamicBindingEntry 8 } hwIpDslamIpv4ArpReplySwitch OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The switch of the Arp-Reply function. Options: 1. enable(1) -indicates that the arp reply function is enabled 2. disable(2) -indicates that the arp reply function is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 36 } hwIpDslamIpv4ArpReplyUnknownPolicy OBJECT-TYPE SYNTAX INTEGER { forward(1), discard(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting how to transmit the ARP packets received from the network side. It takes effect only when the Arp-Reply function is enabled. It indicates whether the packet forwarded to users or not when the user is not on-line. If the Arp-Reply function is disabled, the node's setting is invalid. Options: 1. forward(1) -indicates the packet is forward. 2. discard(2) -indicates the packet is discarded. Default: forward(1) " ::= { hwIpDslamSecurity 37 } hwIpDslamIpv6BindRouteAndNdSwitch OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The status of the Bind-Route-ND function. Options: 1. enabled(1) -indicates the Bind-Route-ND function is enabled 2. disabled(2) -indicates the Bind-Route-ND function is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 38 } hwIpDslamIpv6DadProxySwitch OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The status of the DAD Proxy. Options: 1. enabled(1) -indicates the Dad Proxy function is enabled 2. disabled(2) -indicates the Dad Proxy function is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 39 } hwIpDslamAntiIpExcludeSwitch OBJECT-TYPE SYNTAX BITS { igmp(0), dhcp(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to specify the type of the packet that is not affected by anti-IP-spoofing. Options: 1. igmp(0) -indicates that anti-IP-spoofing is invalid for IGMP packets 2. dhcp(1) -indicates that anti-IP-spoofing is invalid for DHCP packets Default: 0x00 " ::= { hwIpDslamSecurity 40 } hwIpDslamAntiMacExcludeSwitch OBJECT-TYPE SYNTAX BITS { igmp(0), mld(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to specify the type of the packet that is not affected by anti-MAC-spoofing. Options: 1. igmp(0) -indicates that anti-MAC-spoofing is invalid for IGMP packets 2. mld(1) -indicates that anti-MAC-spoofing is invalid for MLD packets Default: 0x80 " ::= { hwIpDslamSecurity 41 } --Dynamic Binding Table hwIpDslamDynamicBindingTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamDynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is the table for deleting the dynamic binding table. If anti-IP-spoofing function is enabled, the dynamic binding table can be deleted by the service port and IP address. If anti-IPv6-spoofing function is enabled, the dynamic binding table can be deleted by the service port and IPv6 address. If anti-MAC-spoofing function is enabled, the dynamic binding table can be deleted by the service port and MAC address. The index of this table is hwIpDslamDynamicBindingFlowId. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. " ::= { hwIpDslamSecurity 42 } hwIpDslamDynamicBindingEntry OBJECT-TYPE SYNTAX HwIpDslamDynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is the table for deleting the dynamic binding table. If anti-IP-spoofing function is enabled, the dynamic binding table can be deleted by the service port and IP address. If anti-IPv6-spoofing function is enabled, the dynamic binding table can be deleted by the service port and IPv6 address. If anti-MAC-spoofing function is enabled, the dynamic binding table can be deleted by the service port and MAC address. The index of this entry is hwIpDslamDynamicBindingFlowId. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. " INDEX { hwIpDslamDynamicBindingFlowId } ::= { hwIpDslamDynamicBindingTable 1 } HwIpDslamDynamicBindingEntry ::= SEQUENCE { hwIpDslamDynamicBindingFlowId Integer32, hwIpDslamDynamicBindingAddrType InetAddressType, hwIpDslamDynamicBindingAddr InetAddress, hwIpDslamDynamicBindingMacAddr MacAddress, hwIpDslamDynamicBindingRowStatus RowStatus } hwIpDslamDynamicBindingFlowId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the service port which a specified dynamic binding table is bound to. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. Range: Begin with 1 " ::= { hwIpDslamDynamicBindingEntry 1 } hwIpDslamDynamicBindingAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the type of the IP address bound to a specified service port. Options: 1. ipv4(1) -indicates that the IP address type is ipv4 2. ipv6(2) -indicates that the IP address type is ipv6 " ::= { hwIpDslamDynamicBindingEntry 2 } hwIpDslamDynamicBindingAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the IP address bound to a specified service port. " ::= { hwIpDslamDynamicBindingEntry 3 } hwIpDslamDynamicBindingMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the MAC address bound to a specified service port. " ::= { hwIpDslamDynamicBindingEntry 4 } hwIpDslamDynamicBindingRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status and is used for unbinding the specified dynamic binding table. The option destroy(6) is only supported. " ::= { hwIpDslamDynamicBindingEntry 5 } hwIpDslamSecurityDhcpClientIdentifier OBJECT-TYPE SYNTAX INTEGER { chaddr(1), option61(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to specify the dhcp client identifier. Options: 1. chaddr(1) -indicates that DHCP user is always identified based on chaddr in the packet. 2. option61(2) -indicates that if the packet sent by the DHCP user carries option 61, and option 61 contains the user MAC address, this user is identified based on option 61 in the packet. Otherwise, this user is still identified based on chaddr in the packet. Default: chaddr(1) " ::= { hwIpDslamSecurity 43 } hwIpDslamAntiMacSpoofingControlprotocolIpv6oeStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-MAC-spoofing control protocol IPv6oE status. Options: 1. enabled(1) -indicates the anti-MAC-spoofing control protocol IPv6oE status is enabled 2. disabled(2) -indicates the anti-MAC-spoofing control protocol IPv6oE status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 44 } -- display IP/IPv6/MAC conflict statistics and illegal arp table hwIpDslamSecurityExConflictStatisticTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamSecurityExConflictStatisticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying the statistics of the packets with IP,IPv6,MAC conflict and illegal arp packets. The indexes of this table are hwIpDslamSecurityExConflictStatIfindex, hwIpDslamSecurityExConflictStatSecondIndex and hwIpDslamSecurityExConflictStatThirdIndex. hwIpDslamSecurityExConflictStatIfindex is the index of the port and its meaning is the same as that of ifIndex in ifTable of rfc1213 IF_MIB. hwIpDslamSecurityExConflictStatSecondIndex is the second index of the table, the meaning varies with the port type. It must be 0x7FFFFFFF for the DSL or P2P port and the value is ONT ID for the GPON port. hwIpDslamAntiDosPacketLimitThirdIndex is the third index of the table, the meaning varies with the port type. It must be 0x7FFFFFFF for the DSL or P2P port, its value is gemindex for the GPON port. " ::= { hwIpDslamSecurity 45 } hwIpDslamSecurityExConflictStatisticEntry OBJECT-TYPE SYNTAX HwIpDslamSecurityExConflictStatisticEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for querying the statistics of the packets with IP,IPv6,MAC conflict and illegal arp packets. The indexes of this entry are hwIpDslamSecurityExConflictStatIfindex, hwIpDslamSecurityExConflictStatSecondIndex and hwIpDslamSecurityExConflictStatThirdIndex. hwIpDslamSecurityExConflictStatIfindex is the index of the port and its meaning is the same as that of ifIndex in ifTable of rfc1213 IF_MIB. hwIpDslamSecurityExConflictStatSecondIndex is the second index of the table, the meaning varies with the port type. It must be 0x7FFFFFFF for the DSL or P2P port and the value is ONT ID for the GPON port. hwIpDslamAntiDosPacketLimitThirdIndex is the third index of the table, the meaning varies with the port type. It must be 0x7FFFFFFF for the DSL or P2P port, its value is gemindex for the GPON port . " INDEX { hwIpDslamSecurityExConflictStatIfindex, hwIpDslamSecurityExConflictStatSecondIndex, hwIpDslamSecurityExConflictStatThirdIndex } ::= { hwIpDslamSecurityExConflictStatisticTable 1 } HwIpDslamSecurityExConflictStatisticEntry ::= SEQUENCE { hwIpDslamSecurityExConflictStatIfindex Integer32, hwIpDslamSecurityExConflictStatSecondIndex Integer32, hwIpDslamSecurityExConflictStatThirdIndex Integer32, hwIpDslamSecurityExIpConflictCount Counter32, hwIpDslamSecurityExIpv6ConflictCount Counter32, hwIpDslamSecurityExMacConflictCount Counter32, hwIpDslamSecurityExIllegalARPCount Counter32, hwIpDslamSecurityExConflictStatClear INTEGER } hwIpDslamSecurityExConflictStatIfindex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "statistic index same as ifindex in standard IF MIB, which contains frame ID,slot ID and port ID. " ::= { hwIpDslamSecurityExConflictStatisticEntry 1 } hwIpDslamSecurityExConflictStatSecondIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the second index. The meaning varies with the port type. It must be 0x7FFFFFFF for the DSL or ETH port and is the ONT ID for the xPON port. " ::= { hwIpDslamSecurityExConflictStatisticEntry 2 } hwIpDslamSecurityExConflictStatThirdIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the third index. The meaning varies with the port type. It must be 0x7FFFFFFF for the DSL, ETH, or EPON port and its value is gemindex for the GPON port. " ::= { hwIpDslamSecurityExConflictStatisticEntry 3 } hwIpDslamSecurityExIpConflictCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets which IP conflicted, this number is less than 65535. When the number is 0xffffffff(4294967295), it means the board is not supported. " ::= { hwIpDslamSecurityExConflictStatisticEntry 4 } hwIpDslamSecurityExIpv6ConflictCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets which IPv6 conflicted, this number is less than 65535. When the number is 0xffffffff(4294967295), it means the board is not supported. " ::= { hwIpDslamSecurityExConflictStatisticEntry 5 } hwIpDslamSecurityExMacConflictCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets which MAC conflicted, this number is less than 65535. When the number is 0xffffffff(4294967295), it means the board is not supported. " ::= { hwIpDslamSecurityExConflictStatisticEntry 6 } hwIpDslamSecurityExIllegalARPCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of illegal arp packets, this number is less than 65535. When the number is 0xffffffff(4294967295), it means the board is not supported. " ::= { hwIpDslamSecurityExConflictStatisticEntry 7 } hwIpDslamSecurityExConflictStatClear OBJECT-TYPE SYNTAX INTEGER { invalid(1), clearStatistic(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Clear the conflict Statistic. Options: 1. invalid(1) -indicates query operation 2. clearStatistic(2) -clear the conflict Statistic " ::= { hwIpDslamSecurityExConflictStatisticEntry 8 } hwFirewallStatus OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "indicate the firewall switch status. Options: 1. enable(1) -indicates the firewall status is enable. 2. disable(2) -indicates the firewall status is disable. default:disable(2) " ::= { hwIpDslamSecurity 46 } hwFirewallDefault OBJECT-TYPE SYNTAX INTEGER { permit(1), deny(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "indicate the firewall default operation to the packet which does not match the acl rules existed in the interface. Options: 1. permit(1) -indicates the firewall permit the packet defaultly. 2. deny(2) -indicates the firewall deny the packet defaultly. default:permit(1) " ::= { hwIpDslamSecurity 47 } hwFirewallPacketFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF HwFirewallPacketFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is used to config the ACL rules of appointed interface. The number of ACL rule added or deleted is hwFirewallPacketFilterAclNumber. There are two directions in one interface, and at most eight ACL rules in every direction. The number of a ACL rule must be different from the others. The indexes of this table are hwFirewallPacketFilterIfIndex,hwFirewallPacketFilterDirection,hwFirewallPacketFilterAclNumber. " ::= { hwIpDslamSecurity 48 } hwFirewallPacketFilterEntry OBJECT-TYPE SYNTAX HwFirewallPacketFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is used to config the ACL rules of appointed interface. The number of ACL rule added or deleted is hwFirewallPacketFilterAclNumber. There are two directions in one interface, and at most eight ACL rules in every direction. The number of a ACL rule must be different from the others. The indexes of this entry are hwFirewallPacketFilterIfIndex,hwFirewallPacketFilterDirection,hwFirewallPacketFilterAclNumber. " INDEX { hwFirewallPacketFilterIfIndex,hwFirewallPacketFilterDirection,hwFirewallPacketFilterAclNumber } ::= { hwFirewallPacketFilterTable 1 } HwFirewallPacketFilterEntry ::= SEQUENCE { hwFirewallPacketFilterIfIndex Unsigned32, hwFirewallPacketFilterDirection INTEGER, hwFirewallPacketFilterAclNumber Integer32, hwFirewallPacketFilterAclSequenceID Unsigned32, hwFirewallPacketFilterRowStatus RowStatus } hwFirewallPacketFilterIfIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "indicates the index of interface, the type of the interface must be vlanif or meth. " ::= { hwFirewallPacketFilterEntry 1 } hwFirewallPacketFilterDirection OBJECT-TYPE SYNTAX INTEGER { inbound(1), outbound(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "indicates the direction ,it must be inbound or outbound. Options: 1. inbound(1) -indicates that the packet is entering the firewall. 2. outbound(2) -indicates that the packet is leaving the firewall. " ::= { hwFirewallPacketFilterEntry 2 } hwFirewallPacketFilterAclNumber OBJECT-TYPE SYNTAX Integer32(2000..3999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "the number of ACL,the range is 2000-3999,there are two types of the ACL can be used: basic ACL:the number range is 2000-2999, advance ACL:the number range is 3000-3999. " ::= { hwFirewallPacketFilterEntry 3 } hwFirewallPacketFilterAclSequenceID OBJECT-TYPE SYNTAX Unsigned32(0..7) MAX-ACCESS read-only STATUS current DESCRIPTION "indicates the priority of the ACL rules, this value is smaller,the priority is higher. " ::= { hwFirewallPacketFilterEntry 4 } hwFirewallPacketFilterRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status. Creating, deleting, and querying ACL number are supported. Options: 1. active(1) -indicates query operation 2. createAndGo(4) -add ACL number to interface 3. destroy(6) -delete ACL number from interface " ::= { hwFirewallPacketFilterEntry 5 } hwFirewallPacketFilterStatisticsTable OBJECT-TYPE SYNTAX SEQUENCE OF HwFirewallPacketFilterStatisticsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is used to count the number of the packet which is permitted or denied by the ACL rules, if there are not ACL rules in the interface,it will not be counted and displayed. The indexes of this table are hwFirewallPacketFilterStatisticsIfIndex,hwFirewallPacketFilterStatisticsDirection,hwFirewallPacketFilterStatisticsAclIndex. " ::= { hwIpDslamSecurity 49 } hwFirewallPacketFilterStatisticsEntry OBJECT-TYPE SYNTAX HwFirewallPacketFilterStatisticsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is used to count the number of the packet which is permitted or denied by the ACL rules, if there are not ACL rules in the interface,it will not be counted and displayed. The indexes of this entry are hwFirewallPacketFilterStatisticsIfIndex,hwFirewallPacketFilterStatisticsDirection,hwFirewallPacketFilterStatisticsAclIndex. " INDEX { hwFirewallPacketFilterStatisticsIfIndex,hwFirewallPacketFilterStatisticsDirection,hwFirewallPacketFilterStatisticsAclIndex } ::= { hwFirewallPacketFilterStatisticsTable 1 } HwFirewallPacketFilterStatisticsEntry ::= SEQUENCE { hwFirewallPacketFilterStatisticsIfIndex Unsigned32, hwFirewallPacketFilterStatisticsDirection INTEGER, hwFirewallPacketFilterStatisticsAclIndex Integer32, hwFirewallPacketFilterPermitted Counter64, hwFirewallPacketFilterDenied Counter64, hwFirewallPacketFilterStatisticsClear INTEGER } hwFirewallPacketFilterStatisticsIfIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "indicates the index of interface, the type of the interface must be vlanif or meth. " ::= { hwFirewallPacketFilterStatisticsEntry 1 } hwFirewallPacketFilterStatisticsDirection OBJECT-TYPE SYNTAX INTEGER { inbound(1), outbound(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "indicates the direction ,it must be inbound or outbound Options: 1. inbound(1) -indicates that the packet is entering the firewall. 2. outbound(2) -indicates that the packet is leaving the firewall. " ::= { hwFirewallPacketFilterStatisticsEntry 2 } hwFirewallPacketFilterStatisticsAclIndex OBJECT-TYPE SYNTAX Integer32(2000..3999) MAX-ACCESS not-accessible STATUS current DESCRIPTION "the number of ACL,the range is 2000-3999,there are two types of the ACL can be used: basic ACL:the number range is 2000-2999, advance ACL:the number range is 3000-3999. " ::= { hwFirewallPacketFilterStatisticsEntry 3 } hwFirewallPacketFilterPermitted OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "indicates the statistics of packet which is permitted by one ACL rule. " ::= { hwFirewallPacketFilterStatisticsEntry 4 } hwFirewallPacketFilterDenied OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "indicates the statistics of packet which is denied by one ACL rule. " ::= { hwFirewallPacketFilterStatisticsEntry 5 } hwFirewallPacketFilterStatisticsClear OBJECT-TYPE SYNTAX INTEGER { clear(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "it is used to reset the statistics of the packet that is permitted and denied by ACL rule. Options: 1. clear(1) -reset the statistics of the packet that is permitted and denied by ACL rule. " ::= { hwFirewallPacketFilterStatisticsEntry 6 } hwFirewallPacketFilterDefaultStatisticsTable OBJECT-TYPE SYNTAX SEQUENCE OF HwFirewallPacketFilterDefaultStatisticsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is used to count the number of the packet which is permitted or denied by default operation, if there are not ACL rules in the interface,it will not be counted and displayed. The indexes of this table are hwFirewallPacketFilterDefaultStatisticsIfIndex,hwFirewallPacketFilterDefaultStatisticsDirection. " ::= { hwIpDslamSecurity 50 } hwFirewallPacketFilterDefaultStatisticsEntry OBJECT-TYPE SYNTAX HwFirewallPacketFilterDefaultStatisticsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is used to count the number of the packet which is permitted or denied by default operation, if there are not ACL rules in the interface,it will not be counted and displayed. The indexes of this entry are hwFirewallPacketFilterDefaultStatisticsIfIndex,hwFirewallPacketFilterDefaultStatisticsDirection. " INDEX { hwFirewallPacketFilterDefaultStatisticsIfIndex,hwFirewallPacketFilterDefaultStatisticsDirection } ::= { hwFirewallPacketFilterDefaultStatisticsTable 1 } HwFirewallPacketFilterDefaultStatisticsEntry ::= SEQUENCE { hwFirewallPacketFilterDefaultStatisticsIfIndex Unsigned32, hwFirewallPacketFilterDefaultStatisticsDirection INTEGER, hwFirewallPacketFilterPermittedDefault Counter64, hwFirewallPacketFilterDeniedDefault Counter64, hwFirewallPacketFilterDefaultStatisticsClear INTEGER } hwFirewallPacketFilterDefaultStatisticsIfIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "indicates the index of interface, the type of the interface must be vlanif or meth. " ::= { hwFirewallPacketFilterDefaultStatisticsEntry 1 } hwFirewallPacketFilterDefaultStatisticsDirection OBJECT-TYPE SYNTAX INTEGER { inbound(1), outbound(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "indicates the direction ,it must be inbound or outbound. Options: 1. inbound(1) -indicates that the packet is entering the firewall. 2. outbound(2) -indicates that the packet is leaving the firewall. " ::= { hwFirewallPacketFilterDefaultStatisticsEntry 2 } hwFirewallPacketFilterPermittedDefault OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "indicates the statistics of packet which is permitted by default operation of the firewall. " ::= { hwFirewallPacketFilterDefaultStatisticsEntry 3 } hwFirewallPacketFilterDeniedDefault OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "indicates the statistics of packet which is permitted by default operation of the firewall. " ::= { hwFirewallPacketFilterDefaultStatisticsEntry 4 } hwFirewallPacketFilterDefaultStatisticsClear OBJECT-TYPE SYNTAX INTEGER { clear(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "it is used to reset the statistics of the packet that is permitted and denied by default operation of the firewall in appointed interface. Options: 1. clear(1) -reset the statistics of the packet that is permitted and denied by default operation of the firewall in appointed interface. " ::= { hwFirewallPacketFilterDefaultStatisticsEntry 5 } hwFirewallDefendTracert OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "indicate the firewall tracert defense status. Options: 1. enable(1) -indicates the firewall tracert defense is enable. 2. disable(2) -indicates the firewall tracert defense is disable. default:disable(2) " ::= { hwIpDslamSecurity 51 } --IPV6 IFACCESS Table hwIpv6IfAccessTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpv6IfAccessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is used to set two access features about Ipv6 on vlanif interface. The features are denying the packet which target ip is link local address and limiting the nerghbor entry number that our equipment can learn. The index of this table is hwIpv6IfAccessIfIndex. " ::= { hwIpDslamSecurity 52 } hwIpv6IfAccessEntry OBJECT-TYPE SYNTAX HwIpv6IfAccessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "It is used to set two access features about Ipv6 on vlanif interface. The features are denying the packet which target ip is link local address and limiting the nerghbor entry number that our equipment can learn. The index of this entry is hwIpv6IfAccessIfIndex. " INDEX { hwIpv6IfAccessIfIndex } ::= { hwIpv6IfAccessTable 1 } HwIpv6IfAccessEntry ::= SEQUENCE { hwIpv6IfAccessIfIndex Unsigned32, hwIpv6LlaDeny INTEGER, hwIPv6NeighborNumber Integer32 } hwIpv6IfAccessIfIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "indicates the index of interface, the type of the interface must be vlanif,otherwise you can't set the instance of the index. " ::= { hwIpv6IfAccessEntry 1 } hwIpv6LlaDeny OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The object is used to set the feature that deny the packet which target ip is link local address of equipment's interface. Options: 1.deny(1) -deny the packet which target ip is link local address. 2.permit(2) -permit the packet which target ip is link local address. " ::= { hwIpv6IfAccessEntry 2 } hwIPv6NeighborNumber OBJECT-TYPE SYNTAX Integer32 (-1|1..4) MAX-ACCESS read-write STATUS current DESCRIPTION "The object is used to set the max neighbor entry number that our equipment can learn per MAC. If we want to enable the feature,we can set the value as 1 to 4,otherwise it is set as the default value -1. " ::= { hwIpv6IfAccessEntry 3 } hwIpDslamSourceRouteStatus OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the source route filtering status. Options: 1. enable(1) -indicates the source route filtering status is enable. 2. disable(2) -indicates the source route filtering status is disable. default:disable(2) " ::= { hwIpDslamSecurity 53 } hwIpDslamAntiMacIgnoreSwitch OBJECT-TYPE SYNTAX BITS {downstramPadt(0)} MAX-ACCESS read-write STATUS current DESCRIPTION "Used to specify the type of the packet that is ignored by anti-MAC-spoofing. Options: 1. downstramPadt(0) -indicates that anti-MAC-spoofing is invalid for downstream PADT packets Default: 0x00 " ::= { hwIpDslamSecurity 54 } hwIpDslamAntiBcAttackXponPortDefaultRate OBJECT-TYPE SYNTAX Integer32 (0 | 2..25000) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the default threshold of the xPon port anti-broadcast-attack rate. 0: The broadcast packet rate is not limited. Range: 0, 2-25000 Default: 0 Unit: pps " ::= { hwIpDslamSecurity 55 } hwIpDslamAntiBcAttackXponOntDefaultRate OBJECT-TYPE SYNTAX Integer32 (0 | 2..25000) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the default threshold of the ONT anti-broadcast-attack rate. 0: The broadcast packet rate is not limited. Range: 0, 2-25000 Default: 0 Unit: pps " ::= { hwIpDslamSecurity 56 } hwIpDslamAntiBcAttackOntResumeInterval OBJECT-TYPE SYNTAX Integer32 (-1 | 0..1440) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the resume interval when the ONT was deactive because of anti-broadcast-attack. In the set operation, if it is set to -1, it indicates an undo operation. In the query operation, if it is not set, the value obtained is -1. Range: -1, 0-1440 Default: -1 Unit: minute " ::= { hwIpDslamSecurity 57 } hwIpDslamAntiBcAttackOntQueryTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamAntiBcAttackOntQueryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the information of the ONT, which occurred the broadcast-attack. The indexes of this table are hwIpDslamAntiBcAttackOntQueryIfIndex and hwIpDslamAntiBcAttackOntQueryOntId. " ::= { hwIpDslamSecurity 58 } hwIpDslamAntiBcAttackOntQueryEntry OBJECT-TYPE SYNTAX HwIpDslamAntiBcAttackOntQueryEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the information of the ONT, which occurred the broadcast-attack. The indexes of this entry are hwIpDslamAntiBcAttackOntQueryIfIndex and hwIpDslamAntiBcAttackOntQueryOntId. " INDEX { hwIpDslamAntiBcAttackOntQueryIfIndex, hwIpDslamAntiBcAttackOntQueryOntId } ::= { hwIpDslamAntiBcAttackOntQueryTable 1 } HwIpDslamAntiBcAttackOntQueryEntry ::= SEQUENCE { hwIpDslamAntiBcAttackOntQueryIfIndex Integer32, hwIpDslamAntiBcAttackOntQueryOntId Integer32, hwIpDslamAntiBcAttackOntQueryRemainTime Integer32 } hwIpDslamAntiBcAttackOntQueryIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the port on which the anti-broadcast-attack is configured. The value and algorithm are the same as those of ifIndex. " ::= { hwIpDslamAntiBcAttackOntQueryEntry 1 } hwIpDslamAntiBcAttackOntQueryOntId OBJECT-TYPE SYNTAX Integer32 (-1 | 0..255) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Indicates the ID of the ONT on which the anti-broadcast-attack is configured. Range: -1, 0-255 when the value is -1 indicates that the anti-broadcast-attack occurred on port. " ::= { hwIpDslamAntiBcAttackOntQueryEntry 2 } hwIpDslamAntiBcAttackOntQueryRemainTime OBJECT-TYPE SYNTAX Integer32 (1..1440) MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the resume interval when the ONT was deactive because of anti-broadcast-attack. Range: 1-1440 Unit: minute " ::= { hwIpDslamAntiBcAttackOntQueryEntry 3 } -- Dynamic MAC Binding for CMTS(Cable Modem Termination System) hwIpDslamCmtsMacAddrDynamicBindingTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamCmtsMacAddrDynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used for querying dynamic bound MAC address entries of all service ports on a CM. After MAC anti-spoofing is enabled, the user's MAC address is bound to a corresponding service port. Up to eight MAC addresses can be bound to a service port. The table lists all MAC address bound to all service ports on a CM. The indexes of this table are hwIpDslamCmtsMacAddrDynamicBindingCmIndex and hwIpDslamCmtsMacAddrDynamicBindingMacIndex. hwIpDslamCmtsMacAddrDynamicBindingCmIndex is the index of the CM, defined in docsIf3CmtsCmRegStatusId. hwIpDslamMacAddrDynamicBindingMacIndex is the index of the MAC address bound to all service ports on a CM. " ::= { hwIpDslamSecurity 59 } hwIpDslamCmtsMacAddrDynamicBindingEntry OBJECT-TYPE SYNTAX HwIpDslamCmtsMacAddrDynamicBindingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used for querying dynamic bound MAC address entries of all service ports on a CM. After MAC anti-spoofing is enabled, the user's MAC address is bound to a corresponding service port. Up to eight MAC addresses can be bound to a service port. The table lists all MAC address bound to all service ports on a CM. The indexes of this entry are hwIpDslamCmtsMacAddrDynamicBindingCmIndex and hwIpDslamCmtsMacAddrDynamicBindingMacIndex. hwIpDslamCmtsMacAddrDynamicBindingCmIndex is the index of the CM, defined in docsIf3CmtsCmRegStatusId. hwIpDslamMacAddrDynamicBindingMacIndex is the index of the MAC address bound to all service ports on a CM. " INDEX { hwIpDslamCmtsMacAddrDynamicBindingCmIndex, hwIpDslamCmtsMacAddrDynamicBindingMacIndex } ::= { hwIpDslamCmtsMacAddrDynamicBindingTable 1 } HwIpDslamCmtsMacAddrDynamicBindingEntry ::= SEQUENCE { hwIpDslamCmtsMacAddrDynamicBindingCmIndex Unsigned32, hwIpDslamCmtsMacAddrDynamicBindingMacIndex Integer32, hwIpDslamCmtsMacAddrDynamicBindingVLAN Unsigned32, hwIpDslamCmtsMacAddrDynamicBindingMacAddr MacAddress } hwIpDslamCmtsMacAddrDynamicBindingCmIndex OBJECT-TYPE SYNTAX Unsigned32(1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the CM. " ::= { hwIpDslamCmtsMacAddrDynamicBindingEntry 1 } hwIpDslamCmtsMacAddrDynamicBindingMacIndex OBJECT-TYPE SYNTAX Integer32(0..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the MAC address bound to all service ports on the CM. " ::= { hwIpDslamCmtsMacAddrDynamicBindingEntry 2 } hwIpDslamCmtsMacAddrDynamicBindingVLAN OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the VLAN ID of the MAC address bound to all service ports on the CM. " ::= { hwIpDslamCmtsMacAddrDynamicBindingEntry 3 } hwIpDslamCmtsMacAddrDynamicBindingMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the MAC address bound to a specified service port on the CM. " ::= { hwIpDslamCmtsMacAddrDynamicBindingEntry 4 } hwIpDslamAntiIllegalArpStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-illegal-arp status. Options: 1. enabled(1) -indicates the anti-illegal-arp status is enabled 2. disabled(2) -indicates the anti-illegal-arp status is disabled Default: enabled(1) " ::= { hwIpDslamSecurity 60 } hwIpDslamAntiIllegalNdStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-illegal-nd status. Options: 1. enabled(1) -indicates the anti-illegal-nd status is enabled 2. disabled(2) -indicates the anti-illegal-nd status is disabled Default: enabled(1) " ::= { hwIpDslamSecurity 61 } hwIpDslamAntiBcAttackTrafficLimitSwitch OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the broadcast packet rate limitation function is enabled for the ONT. Options: 1. enable(1) -indicates that the broadcast packet rate limitation function is enabled. 2. disable(2) -indicates that the broadcast packet rate limitation function is disabled. Default: disable(2) " ::= { hwIpDslamSecurity 62 } hwIpDslamAntiBcAttackPortRateTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamAntiBcAttackPortRateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the broadcast packet rate threshold of the port. The index of this table is hwIpDslamAntiBcAttackPortRateIfIndex. " ::= { hwIpDslamSecurity 63 } hwIpDslamAntiBcAttackPortRateEntry OBJECT-TYPE SYNTAX HwIpDslamAntiBcAttackPortRateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the broadcast packet rate threshold of the port. The index of this entry is hwIpDslamAntiBcAttackPortRateIfIndex. " INDEX { hwIpDslamAntiBcAttackPortRateIfIndex } ::= { hwIpDslamAntiBcAttackPortRateTable 1 } HwIpDslamAntiBcAttackPortRateEntry ::= SEQUENCE { hwIpDslamAntiBcAttackPortRateIfIndex Integer32, hwIpDslamAntiBcAttackPortRate Integer32 } hwIpDslamAntiBcAttackPortRateIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the port. The value and algorithm are the same as those of ifIndex. " ::= { hwIpDslamAntiBcAttackPortRateEntry 1 } hwIpDslamAntiBcAttackPortRate OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 2..25000) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the broadcast packet rate threshold of the port. 0: The broadcast packet rate is not limited. -1: The broadcast packet rate is not configured. The globally default rate threshold is used. 2..25000: Valid values of the rate threshold. Range: -1, 0, 2-25000 Default: -1 Unit: pps " ::= { hwIpDslamAntiBcAttackPortRateEntry 2 } hwIpDslamAntiBcAttackOntRateTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamAntiBcAttackOntRateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the broadcast packet rate threshold of the ONT. The indexes of this table are hwIpDslamAntiBcAttackOntRateIfIndex and hwIpDslamAntiBcAttackOntRateOntId. " ::= { hwIpDslamSecurity 64 } hwIpDslamAntiBcAttackOntRateEntry OBJECT-TYPE SYNTAX HwIpDslamAntiBcAttackOntRateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the broadcast packet rate threshold of the ONT. The indexes of this entry are hwIpDslamAntiBcAttackOntRateIfIndex and hwIpDslamAntiBcAttackOntRateOntId. " INDEX { hwIpDslamAntiBcAttackOntRateIfIndex, hwIpDslamAntiBcAttackOntRateOntId } ::= { hwIpDslamAntiBcAttackOntRateTable 1 } HwIpDslamAntiBcAttackOntRateEntry ::= SEQUENCE { hwIpDslamAntiBcAttackOntRateIfIndex Integer32, hwIpDslamAntiBcAttackOntRateOntId Integer32, hwIpDslamAntiBcAttackOntRate Integer32 } hwIpDslamAntiBcAttackOntRateIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the port. The value and algorithm are the same as those of ifIndex. " ::= { hwIpDslamAntiBcAttackOntRateEntry 1 } hwIpDslamAntiBcAttackOntRateOntId OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the ID of the ONT. Range: 0-255 " ::= { hwIpDslamAntiBcAttackOntRateEntry 2 } hwIpDslamAntiBcAttackOntRate OBJECT-TYPE SYNTAX Integer32 (-1 | 0 | 2..25000) MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the broadcast packet rate threshold of the ONT. 0: The broadcast packet rate is not limited. -1: The broadcast packet rate is not configured. The globally default rate threshold is used. 2..25000: Valid values of the rate threshold. Range: -1, 0, 2-25000 Default: -1 Unit: pps " ::= { hwIpDslamAntiBcAttackOntRateEntry 3 } hwIpDslamSecurityUserAutoBackupSwitch OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the security user auto-backup function is enabled. Options: 1. enable(1) -indicates that the security user auto-backup function is enabled. 2. disable(2) -indicates that the security user auto-backup function is disabled. Default: disable(2) " ::= { hwIpDslamSecurity 65 } hwIpDslamSecurityUserAutoBackupPeriod OBJECT-TYPE SYNTAX Integer32 ( 5..60 ) UNITS "minute" MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the security user auto-backup period. Range: 5-60 Unit: minute Default: 30 " ::= { hwIpDslamSecurity 66 } hwIpDslamSecurityUserAutoLoadAttemptTimeout OBJECT-TYPE SYNTAX Integer32 ( 1..60 ) UNITS "minute" MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the security user auto-load attempt overall time. Range: 1-60 Unit: minute Default: 15 " ::= { hwIpDslamSecurity 67 } hwIpDslamSecurityUserAutoLoadAttemptPeriod OBJECT-TYPE SYNTAX Integer32 ( 1..30 ) UNITS "minute" MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the security user auto-load attempt interval time. Range: 1-30 Unit: minute Default: 5 " ::= { hwIpDslamSecurity 68 } hwIpDslamAntiMacServicePortTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamAntiMacServicePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for enabling or disabling anti-MAC-spoofing of the service port. Anti-MAC-spoofing on a service port takes effect only when it is enabled globally and is enabled on the VLAN corresponding to this service port and is enabled on this service port. The index of this table is hwIpDslamAntiMacServicePortIndex, indicating the index of the service port. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. " ::= { hwIpDslamSecurity 69 } hwIpDslamAntiMacServicePortEntry OBJECT-TYPE SYNTAX HwIpDslamAntiMacServicePortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Used for enabling or disabling anti-MAC-spoofing of the service port. Anti-MAC-spoofing on a service port takes effect only when it is enabled globally and is enabled on the VLAN corresponding to this service port and is enabled on this service port. The index of this entry is hwIpDslamAntiMacServicePortIndex, indicating the index of the service port. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. " INDEX { hwIpDslamAntiMacServicePortIndex } ::= { hwIpDslamAntiMacServicePortTable 1 } HwIpDslamAntiMacServicePortEntry ::= SEQUENCE { hwIpDslamAntiMacServicePortIndex Integer32, hwIpDslamAntiMacServicePortStatus EnabledStatus } hwIpDslamAntiMacServicePortIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of the service port bound to a specified MAC address. The service port corresponding to this index must already be created in hwExtSrvFlowEntry. Range: Begin with 1 " ::= { hwIpDslamAntiMacServicePortEntry 1 } hwIpDslamAntiMacServicePortStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the anti-MAC-spoofing status of the service port. Options: 1. enabled(1) -indicates the anti-MAC-spoofing status is enabled 2. disabled(2) -indicates the anti-MAC-spoofing status is disabled Default: enabled(1) " ::= { hwIpDslamAntiMacServicePortEntry 2 } hwCableSystemIPv6SourceVerify OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates IPv6 Source Address Verification (SAV) function for CM configured policies. Options: 1. enable(1) -indicates that the IPv6 Source Address Verification for CM configured policies are enabled. 2. disable(2) -indicates that the IPv6 Source Address Verification for CM configured policies are disabled. Default: disable(2) " ::= { hwIpDslamSecurity 70 } hwIpDslamUserDeleteDelay OBJECT-TYPE SYNTAX Integer32 ( 0..120 ) UNITS "second" MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the security user delete delay time. Range: 0-120 Unit: second Default: 0 " ::= { hwIpDslamSecurity 71 } hwIpDslamAntiMacDuplicateAlarmStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-MAC-duplicate alarm status. Options: 1. enabled(1) -indicates the anti-MAC-duplicate alarm status is enabled 2. disabled(2) -indicates the anti-MAC-duplicate alarm status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 72 } hwIpDslamAntiIpv6Status OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-IPv6-attack status. Options: 1. enabled(1) -indicates the anti-IPv6-attack status is enabled 2. disabled(2) -indicates the anti-IPv6-attack status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 73 } hwIpDslamAntiIcmpv6Status OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-ICMPv6-attack status. Options: 1. enabled(1) -indicates the anti-ICMPv6-attack status is enabled 2. disabled(2) -indicates the anti-ICMPv6-attack status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 74 } hwCableSystemIPv4SourceVerify OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates IPv4 Source Address Verification (SAV) function for CM configured policies. Options: 1. enable(1) -indicates that the IPv4 Source Address Verification for CM configured policies are enabled. 2. disable(2) -indicates that the IPv4 Source Address Verification for CM configured policies are disabled. Default: disable(2) " ::= { hwIpDslamSecurity 75 } hwIpDslamAntiIllegalHopLimitNDStatus OBJECT-TYPE SYNTAX EnabledStatus MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the anti-illegal-hoplimit-nd status. Options: 1. enabled(1) -indicates the anti-illegal-hoplimit-nd status is enabled 2. disabled(2) -indicates the anti-illegal-hoplimit-nd status is disabled Default: disabled(2) " ::= { hwIpDslamSecurity 76 } hwIpDslamArpUnicastTable OBJECT-TYPE SYNTAX SEQUENCE OF HwIpDslamArpUnicastEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to create static entries for network-side ARP broadcast-to-unicast conversion. To transmit an ARP request packet with a specified target IP address received on the network side to the user on a specified service port, use this table. With ARP broadcast-to-unicast conversion enabled on the network side, when static IP address binding entries are created successfully for ARP broadcast-to-unicast conversion, the device transmits the ARP request packet with a specified target IP address received on the network side to the user on a specified service port. The indexes of this table are hwIpDslamArpUnicastIndex and hwIpDslamArpUnicastSubIndex. " ::= { hwIpDslamSecurity 77 } hwIpDslamArpUnicastEntry OBJECT-TYPE SYNTAX HwIpDslamArpUnicastEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to create static entries for network-side ARP broadcast-to-unicast conversion. To transmit an ARP request packet with a specified target IP address received on the network side to the user on a specified service port, use this table. With ARP broadcast-to-unicast conversion enabled on the network side, when static IP address binding entries are created successfully for ARP broadcast-to-unicast conversion, the device transmits the ARP request packet with a specified target IP address received on the network side to the user on a specified service port. The indexes of this entry are hwIpDslamArpUnicastIndex and hwIpDslamArpUnicastSubIndex. " INDEX { hwIpDslamArpUnicastIndex, hwIpDslamArpUnicastSubIndex } ::= { hwIpDslamArpUnicastTable 1 } HwIpDslamArpUnicastEntry ::= SEQUENCE { hwIpDslamArpUnicastIndex Integer32, hwIpDslamArpUnicastSubIndex Integer32, hwIpDslamArpUnicastIpAddressType InetAddressType, hwIpDslamArpUnicastIpAddress InetAddress, hwIpDslamArpUnicastRowStatus RowStatus } hwIpDslamArpUnicastIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the index of a static entry for network-side ARP broadcast-to-unicast conversion, that is, the service port ID corresponding to entries. " ::= { hwIpDslamArpUnicastEntry 1 } hwIpDslamArpUnicastSubIndex OBJECT-TYPE SYNTAX Integer32(0..63) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Indicates the sub-index of a static entry for network-side ARP broadcast-to-unicast conversion, that is, the entry IDs corresponding to a service port. " ::= { hwIpDslamArpUnicastEntry 2 } hwIpDslamArpUnicastIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the user IP address type in a static entry for network-side ARP broadcast-to-unicast conversion. " ::= { hwIpDslamArpUnicastEntry 3 } hwIpDslamArpUnicastIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the user IP address in a static entry for network-side ARP broadcast-to-unicast conversion. " ::= { hwIpDslamArpUnicastEntry 4 } hwIpDslamArpUnicastRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the row status of a static entry for network-side ARP broadcast-to-unicast conversion. Creating, deleting, and querying a static entry for network-side ARP broadcast-to-unicast conversion are supported. Options: 1. active(1) -indicates query operation 2. createAndGo(4) -Creates a static entry for network-side ARP broadcast-to-unicast conversion 3. destroy(6) -Deletes a static entry for network-side ARP broadcast-to-unicast conversion " ::= { hwIpDslamArpUnicastEntry 5 } hwIpDslamIpOptionPacketPolicy OBJECT-TYPE SYNTAX INTEGER { tocpu(1), forward(2), discard(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the ip option packet-policy. Options: 1. tocpu(1) -indicates the ip option packet-policy is to cpu 2. forward(2) -indicates the ip option packet-policy is forward 3. discard(3) -indicates the ip option packet-policy is discard Default: tocpu(1) " ::= { hwIpDslamSecurity 78 } hwIpDslamAntiDosTtlExceedPacketRate OBJECT-TYPE SYNTAX Integer32 (-1|10..150) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the threshold for the rate of sending ttl-exceeded packets to the CPU. The value -1 indicates that the threshold for the rate of sending ttl-exceeded packets to the CPU is default value, which depends on hardware specifications. Range: -1, 10-150 Default: -1 Unit: pps " ::= { hwIpDslamSecurity 79 } hwIpDslamAntiDosOversizePacketRate OBJECT-TYPE SYNTAX Integer32 (-1|10..150) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the threshold for the rate of sending oversize packets to the CPU. The value -1 indicates that the threshold for the rate of sending oversize packets to the CPU is default value, which depends on hardware specifications. Range: -1, 10-150 Default: -1 Unit: pps " ::= { hwIpDslamSecurity 80 } hwIpDslamAntiIpv6ExcludeSwitch OBJECT-TYPE SYNTAX BITS { mld(0) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to specify the type of the packet that is not affected by anti-IPv6-spoofing. Options: 1. mld(0) -indicates that anti-IPv6-spoofing is invalid for MLD packets Default: 0x00 " ::= { hwIpDslamSecurity 81 } hwIpDslamSecurityUserAutoBackupFileName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS read-write STATUS current DESCRIPTION "Used for setting or querying the security user auto-backup filename. The value STRING(0) indicates that the configured security user auto-backup filename is cleared. Range: 1-64 characters Default: STRING(0) " ::= { hwIpDslamSecurity 82 } hwIpDslamSecurityUserDynamicIpv6 OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the security user dynamic-ipv6 function is enabled. Options: 1. enable(1) -indicates that the security user dynamic-ipv6 function is enabled. 2. disable(2) -indicates that the security user dynamic-ipv6 function is disabled. Default: disable(2) " ::= { hwIpDslamSecurity 83 } hwIpDslamAntiDosDhcpPacketLimitPeriod OBJECT-TYPE SYNTAX Integer32 ( 1..1800 ) UNITS "second" MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the detection period of anti-DoS-attack for DHCP packet to cpu. Range: 1-1800 Unit: second Default: 1 " ::= { hwIpDslamSecurity 84 } hwIpDslamArpDetectMaxUserCountSwitch OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the arp-detect max-user-count function is enabled. Options: 1. enable(1) -indicates that the arp-detect max-user-count function is enabled. 2. disable(2) -indicates that the arp-detect max-user-count function is disabled. Default: enable(1) " ::= { hwIpDslamSecurity 85 } hwIpDslamSecurityUserInfoSwitch OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates whether the security user info function is enabled. Options: 1. enable(1) -indicates that the security user info function is enabled. 2. disable(2) -indicates that the security user info function is disabled. Default: disable(2) " ::= { hwIpDslamSecurity 86 } hwIpDslamSecurityFlowBundleOutboundPolicy OBJECT-TYPE SYNTAX INTEGER { record(1), priority(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Indicates the outbound policy of service port bundle. Options: 1. record(1) -indicates that the outbound policy is record. 2. priority(2) -indicates that the outbound policy is priority. Default: record(1) " ::= { hwIpDslamSecurity 87 } END