-- ============================================================================ -- Copyright (C) 2018 by HUAWEI TECHNOLOGIES. All rights reserved. -- Description: The MIB object implements the management of the CLI and NE users. -- Reference: -- Version: V1.55 -- ============================================================================ HUAWEI-MNGT-MIB DEFINITIONS ::= BEGIN IMPORTS TimeTicks, IpAddress, Integer32, Unsigned32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI DisplayString, DateAndTime, TruthValue, RowStatus FROM SNMPv2-TC huaweiUtility FROM HUAWEI-MIB hwLogSynType FROM HUAWEI-SNMP-NOTIFICATION-MIB hwDev, hwConfigLockState FROM HUAWEI-DEVICE-MIB InetAddressType,InetAddress,InetAddressPrefixLength,InetPortNumber FROM INET-ADDRESS-MIB Ipv6Address FROM IPV6-TC; hwCliUserMgmt MODULE-IDENTITY LAST-UPDATED "201811150000Z" ORGANIZATION "Huawei Technologies Co.,Ltd." CONTACT-INFO "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com " DESCRIPTION " The MIB object implements the management of the CLI and NE users. " -- Revision history REVISION "201811150000Z" DESCRIPTION "V1.55, 1. FIREWALL IPV6 NEW." REVISION "201811150000Z" DESCRIPTION "V1.54, 1. Add trap node hwMngtIpv6UserLockedTrap. 2. Add trap node hwMngtIpv6UserUnlockedTrap. 3. Add the hwCliIPv6ManualUnlock to hwCliSysCmdTable" REVISION "201809190000Z" DESCRIPTION "V1.53, 1. Modified description in hwCliClientInetAddressType." REVISION "201808200000Z" DESCRIPTION "V1.52, 1. Add the hwCliClientInetAddressType to hwCliClientEntry. 2. Add the hwCliClientInetAddress to hwCliClientEntry. 3. Add the hwSourceIPv6Address to hwSysManSourceInterfaceEntry. 4. Add trap node hwMngtUserLogonStateInetTrap. 5. Add trap node hwMngtUserStateChangeInetTrap" REVISION "201801230000Z" DESCRIPTION "V1.51, 1. Deleted the invalid reference hwLogSynType." REVISION "201702080000Z" DESCRIPTION "V1.50, 1. Add the hwSourceInterfaceIPAddress to hwSysManSourceInterfaceEntry" REVISION "201611030000Z" DESCRIPTION "V1.49, 1. Modify the number of user login attempts in one time of the hwCliUserLogins from 16 to 20." REVISION "201607270000Z" DESCRIPTION "V1.48, 1. Modified the description of hwCliOnlineUserNum." REVISION "201607140000Z" DESCRIPTION "V1.47, 1. Add the hwCliOnlineUserNum node to hwMngtUserAlarmTrapsVbOids. 2. Add trap node hwMngtUserLogonStateTrap. 3. Add enumerate value adminVs(14) for hwUserLogMode. 4. Add enumerate value adminVs(7) for hwCliClientType." REVISION "201512220000Z" DESCRIPTION "V1.46, 1. Added enumerated value tftpproxy(12) in hwSysManProtocolType. " REVISION "201411080000Z" DESCRIPTION "V1.45, 1. Added the hwCliSysNewUserLevel node to hwMngtUserAlarmTrapsVbOids." REVISION "201409250000Z" DESCRIPTION "V1.44, 1. modify the description of hwCliClientID." REVISION "201409090000Z" DESCRIPTION "V1.43, 1. modify the description of hwSysManSourceInterfaceTable. 2. modify the description of hwSysManSourceInterfaceEntry." REVISION "201408270000Z" DESCRIPTION "V1.42, 1. modify the size of hwCliAuthenDefaultDomainName." REVISION "201408190000Z" DESCRIPTION "V1.41, 1. modify hwCliUserProfileName index types is implied index." REVISION "201407030000Z" DESCRIPTION "V1.40, 1. modified 'MAX-ACCESS not-accessible' to 'MAX-ACCESS accessible-for-notify' of hwCliUserName. 2. removed all hyphens (-) from enumerated values of hwCliUserDeclarSwitch. 3. removed all hyphens (-) from enumerated values of hwUserLogMode. 4. delete node hwConfigLock. 5. added enumerate value omci(5) and ethoam(6) for hwCliClientType." REVISION "201403110000Z" DESCRIPTION "V1.39, 1. Added enumerate value ethoam(13) for hwUserLogMode." REVISION "201403060000Z" DESCRIPTION "V1.38, 1. Modified the description of hwCliSysUnlockType." REVISION "201402260000Z" DESCRIPTION "V1.37, 1. Modified the description of hwCliUserPassword." REVISION "201402210000Z" DESCRIPTION "V1.36, 1. Added enumerate value toolbox(11) and toolbox-ssh(12) for hwUserLogMode." REVISION "201311140000Z" DESCRIPTION "V1.35, 1. add trap node hwConfigLockStateTrap." REVISION "201311110000Z" DESCRIPTION "V1.34, 1. Added enumerate value modem(9) and none(10) for hwUserLogMode. 2. Modify access type of hwCliSysOldUserLevel." REVISION "201308100000Z" DESCRIPTION "V1.33, 1. Modified the description of hwCliUserPassword." REVISION "201308080000Z" DESCRIPTION "V1.32, 1. Modified the description of hwCliUserPassword." REVISION "201308080000Z" DESCRIPTION "V1.31, 1. add trap node hwMngtUserModifyAuthTrap. 2. add hwCliSysOldUserLevel node for hwMngtUserAlarmTrapsVbOids" REVISION "201305270000Z" DESCRIPTION "V1.30, 1. modify the max length of the hwCliUserPassword from 32 to 64. 2. Modified the description of hwCliUserPassword." REVISION "201305040000Z" DESCRIPTION "V1.29, 1. Added enumerated value ipdr(11) in hwSysManProtocolType. " REVISION "201303070000Z" DESCRIPTION "V1.28, 1. Modified the description of hwCliSysUnlockType." REVISION "201303070000Z" DESCRIPTION "V1.27, 1. Added trap node hwMngtUserUnlockedTrap. 2. Added hwCliSysUnlockType node for hwCliSysPara." REVISION "201205300000Z" DESCRIPTION "V1.26, 1. Added trap node hwUserPasswordFaultTrap and hwUserPasswordRestoreTrap. " REVISION "201203080000Z" DESCRIPTION "V1.25, 1. Added enumerated value stelnet(10) in hwSysManProtocolType. 2. modify the max vale of the hwSNMPUserName from 34 to 32. " REVISION "201202100000Z" DESCRIPTION "V1.24, 1. Modified the description of hwCliUserNameLastDays, hwCliUserPwdLastDays, hwSourceInterfaceNumber. " REVISION "201112150000Z" DESCRIPTION "V1.23, 1. Added hwModemCallbackMngt node for modem callback function." REVISION "201111300000Z" DESCRIPTION "V1.22, added enumerate value ssh(4) for hwCliClientType." REVISION "201011090000Z" DESCRIPTION "V1.21, The description of this MIB is modified according to the tool." REVISION "201008250000Z" DESCRIPTION "V1.20, modified the contact-info and the revision history. Modified the description of leaves." REVISION "201006170000Z" DESCRIPTION "V1.19, 1. Modified and supplemented the description of the object. 2. Added hwUserLogMode node for DT requirements. 3. Added hwUserLogType node for trap node hwUserLogWillFullTrap. 4. Modified the OBJECTS of hwUserLogWillFullTrap as hwUserLogType." REVISION "201005200000Z" DESCRIPTION "V1.18, implemented DT requirements and changed the syntax and semantics of SIMPLETEST." REVISION "201004140000Z" DESCRIPTION "V1.17, added CliConsole table hwCliConsolePara." REVISION "201004070000Z" DESCRIPTION "V1.16, modified the value of hwCliAuthenDefaultDomainName. Changed the MAX-ACCESS of hwCliUserPwdLastDays from accessible-for-notify to read-only according to simpletest rules. Changed the state of hwCliUserTimeout from current to obsolete." REVISION "201003030000Z" DESCRIPTION "V1.15, implemented DT requirements and changed the syntax and semantics of SIMPLETEST." REVISION "200901290000Z" DESCRIPTION "V1.14, supported the definitions of standard trap nodes and associated trap parameter nodes." REVISION "200901260000Z" DESCRIPTION "V1.13, cleared alarms and errors of MIB BROWSER. Added MIB description according to new requirements." REVISION "200901200000Z" DESCRIPTION "V1.12, added NMS user table hwSNMPUserTable." REVISION "200807310000Z" DESCRIPTION "V1.11, modified description of the hwCliSysLoginModifyPwd object." REVISION "200801260000Z" DESCRIPTION "V1.10, 1. Modified function description and creation & access constraints in hwCliUserParaTable. 2. Modified function description and creation & access constraints in hwCliClientTable. 3. Modified function description in hwCliUserProfileParaTable. 4. Modified function description in hwCliSysPara. 5. Modified function description in hwFirewallSwitchTable. 6. Modified function description in hwAccessIpTable. 7. Modified function description in hwRefuseIpTable. 8. Modified function description and constraints in hwCliSysCmdTable." REVISION "200801090000Z" DESCRIPTION "V1.08, added objects for unblocking users, IP addresses and legal statement." REVISION "200711140000Z" DESCRIPTION "V1.07, added MIB object for locking system resources." REVISION "200705280000Z" DESCRIPTION "V1.02, completed Interface Specifications." REVISION "200611270000Z" DESCRIPTION "V1.00, completed the first draft." ::= { hwDev 10 } hwCliUserParaTable OBJECT-TYPE SYNTAX SEQUENCE OF HwCliUserParaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " User parameter configuration table, which supports the functions of querying, adding, deleting and modifying a user. The index of this table is hwCliUserName. " ::= { hwCliUserMgmt 1 } hwCliUserParaEntry OBJECT-TYPE SYNTAX HwCliUserParaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " User parameter configuration table, which supports the functions of querying, adding, deleting and modifying a user. The index of this entry is hwCliUserName. " INDEX { IMPLIED hwCliUserName } ::= { hwCliUserParaTable 1 } HwCliUserParaEntry ::= SEQUENCE { hwCliUserName OCTET STRING, hwCliUserPassword OCTET STRING, hwCliUserLevel INTEGER, hwCliUserLogins Integer32, hwCliUserDecr OCTET STRING, hwCliUserRowStatus RowStatus, hwCliUserprofile OCTET STRING, hwCliUserAccessType INTEGER, hwCliUserTimeout Integer32, hwCliUserNameLastDays Integer32, hwCliUserPwdLastDays Integer32 } hwCliUserName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..34)) MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION " Name of the CLI user. The user name is case insensitive and the user name consists of 6-15 characters. The minimum length of the name can be configured by user. The range of the valid characters of the user name is 0x21- 0x7e and the user name cannot be 'all', 'online', 'index', or 'security'. " ::= { hwCliUserParaEntry 1 } hwCliUserPassword OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..64)) MAX-ACCESS read-create STATUS current DESCRIPTION " Password of the CLI user. The user can directly modify the password of the CLI user and need not verify the original password of the CLI user. The user password consists of 16 characters, including at least one letter and one digit, and should be encrypted by MD5 or SCRYPT. The SCRYPT encryption mode is recommended. The user password is not reported to the NMS and a null character string is returned when the user password is queried. " ::= { hwCliUserParaEntry 2 } hwCliUserLevel OBJECT-TYPE SYNTAX INTEGER { common(1), operator(2), administrator(3), super(4), guest(5), custom(6) } MAX-ACCESS read-create STATUS current DESCRIPTION " The levels of CLI users. Options: 1. common(1) -indicates the common user. 2. operator(2) -indicates the operator. 3. administrator(3) -indicates the administrator. 4. super(4) -indicates the super administrator. 5. guest(5) -indicates the guest user 6. custom(6) -indicates the custom user The higher the user level is, the more rights the user has. The user level must be bound to the user when the user is added. The super administrator cannot be added. " ::= { hwCliUserParaEntry 3 } hwCliUserLogins OBJECT-TYPE SYNTAX Integer32 (0..20) MAX-ACCESS read-create STATUS current DESCRIPTION " The number of user login attempts in one time. The same user name can be used for login to the device repeatedly. For example, when two users log in to the device with the same name, the number of times of re-login is two. This object is used to define the number of times of re-login. When the number of times of re-login is changed to 0, the user is forbidden to log in to the device. " ::= { hwCliUserParaEntry 4 } hwCliUserDecr OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..100)) MAX-ACCESS read-create STATUS current DESCRIPTION " Description of CLI user. You can add the basic information about the user, such as the email box, telephone number, or other contact information. " ::= { hwCliUserParaEntry 5 } hwCliUserRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION " Operation status of CLI user, the CLI user can be added, deleted and modified. The user level, number of times of re-login, user profile, available user password and user description must be bound to the user when the user is added. The online user cannot be deleted. createAndGo(4) is supplied to create a new instance of a conceptual row. destroy(6) is supplied to delete the instances associated with an existing conceptual row. " ::= { hwCliUserParaEntry 6 } hwCliUserprofile OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..15)) MAX-ACCESS read-create STATUS current DESCRIPTION " The name of user profile that CLI user belongs to. " ::= { hwCliUserParaEntry 7 } hwCliUserAccessType OBJECT-TYPE SYNTAX INTEGER { cli(1), oss(2), web(4) } MAX-ACCESS read-create STATUS current DESCRIPTION " The user can log in to the device through the following three modes. Options: 1. cli(1) -indicates CLI terminal. 2. oss(2) -indicates OSS terminal. 3. web(4) -indicates Web terminal. " DEFVAL { cli } ::= { hwCliUserParaEntry 8 } hwCliUserTimeout OBJECT-TYPE SYNTAX Integer32 (1..120) MAX-ACCESS read-create STATUS obsolete DESCRIPTION " This object is not used any longer. Login timeout duration of the user. If the CLI user performs no operation during a period, the user automatically quits the system. This object is used to query and set the login timeout duration. " ::= { hwCliUserParaEntry 9 } hwCliUserNameLastDays OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION " Service life of the user name. The hwCliUserNameLastDays value of -1 indicates the username expired. " ::= { hwCliUserParaEntry 10 } hwCliUserPwdLastDays OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION " Service life of the user password. The hwCliUserPwdLastDays value of -1 indicates the user password expired. " ::= { hwCliUserParaEntry 11 } hwCliClientTable OBJECT-TYPE SYNTAX SEQUENCE OF HwCliClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " CLI online user information table, which can be used to force an online user to go offline. The table cannot be created and deleted. The table supports only the functions of querying the user terminal status and forcing an online user to go offline. The index of this table is hwCliClientID. " ::= { hwCliUserMgmt 2 } hwCliClientEntry OBJECT-TYPE SYNTAX HwCliClientEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " CLI online user information table, which can be used to force an online user to go offline. The table cannot be created and deleted. The table supports only the functions of querying the user terminal status and forcing an online user to go offline. The index of this entry is hwCliClientID. " INDEX { hwCliClientID } ::= { hwCliClientTable 1 } HwCliClientEntry ::= SEQUENCE { hwCliClientID Integer32, hwCliClientUserName OCTET STRING, hwCliClientType INTEGER, hwCliClientIp IpAddress, hwCliClientLoginTime DateAndTime, hwCliClientAdminStatus INTEGER, hwCliUserIdleTimeOut Integer32, hwCliClientInetAddressType InetAddressType, hwCliClientInetAddress InetAddress } hwCliClientID OBJECT-TYPE SYNTAX Integer32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION " Client ID(1..255). Index object, this ID is allocated by device. Value 255 indicates that the device does not allocate client IDs. " ::= { hwCliClientEntry 1 } hwCliClientUserName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..34)) MAX-ACCESS read-only STATUS current DESCRIPTION " User name of client. " ::= { hwCliClientEntry 2 } hwCliClientType OBJECT-TYPE SYNTAX INTEGER { serial(1), telnet(2), proxy(3), ssh(4), omci(5), ethoam(6), adminVs(7) } MAX-ACCESS read-only STATUS current DESCRIPTION " Type of client. The modes of login to the client are as follows: Options: 1. serial(1) -indicates serial port. 2. telnet(2) -indicates telnet. 3. proxy(3) -indicates proxy. 4. ssh(4) -indicates ssh. 5. omci(5) -indicates omci. 6. ethoam(6) -indicates ethoam. 7. adminVs(7) -indicates adminVs. " ::= { hwCliClientEntry 3 } hwCliClientIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION " The IP address of client. " ::= { hwCliClientEntry 4 } hwCliClientLoginTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION " The login time of client. " ::= { hwCliClientEntry 5 } hwCliClientAdminStatus OBJECT-TYPE SYNTAX INTEGER { disconnect(1), connect(-1) } MAX-ACCESS read-write STATUS current DESCRIPTION " Admin status of client, can disconnect client. Options: 1. disconnect(1) -indicates the user who logs in to the system in the modes except serial port mode can be forced to go offline when the object value is set to disconnect(1). 2. connect(-1) -indicates the user is online. " ::= { hwCliClientEntry 6 } hwCliUserIdleTimeOut OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION " This object is not used any longer.Idleness timeout duration of the online user. When the online user is idle for a period longer than the preset time, the online user automatically quits the system. This object is used to set the timeout duration. " ::= { hwCliClientEntry 7 } hwCliClientInetAddressType OBJECT-TYPE SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2) } MAX-ACCESS read-only STATUS current DESCRIPTION " The type of address in hwCliClientInetAddress. Options: 1. unknown(0) -If a user accesses through the serial port, the IP address type is unknown(0). 2. ipv4(1) -indicates that the IP address type is ipv4. 3. ipv6(2) -indicates that the IP address type is ipv6. " ::= { hwCliClientEntry 8 } hwCliClientInetAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION " The object specifies the IP address of client. " ::= { hwCliClientEntry 9 } hwCliSysCmdTable OBJECT IDENTIFIER ::= { hwCliUserMgmt 3 } hwCliUserManualUnlock OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-write STATUS current DESCRIPTION " Unlock users manually. Enter the user name to unlock the user. " ::= { hwCliSysCmdTable 2 } hwCliUserDeclarSwitch OBJECT-TYPE SYNTAX INTEGER { show(1), notShow(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " The object specifies whether show the declaration after users login successfully. Options: 1. show(1) -indicates that show the declaration after users login successfully. 2. notShow(2) -indicates that does not show the declaration after users login successfully. " ::= { hwCliSysCmdTable 3 } hwCliIPManualUnlock OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION " Unlock IP manually. Enter the IP address of the user to unlock the user who uses the IP address to log in to the device. " ::= { hwCliSysCmdTable 4 } hwCliIPv6ManualUnlock OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION " Unlock IP manually. Enter the IPv6 address of the user to unlock the user who uses the IPv6 address to log in to the device. " ::= { hwCliSysCmdTable 5 } hwTelnetMaxSessionNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION " The max number of simultaneous telnet sessions. This object is used to set the maximum number of users who can log in to the system through telnet at a time. If the current number of users is equal to the maximum number, the rest users cannot log in to the system through telnet. " ::= { hwCliUserMgmt 4 } hwCliUserProfileParaTable OBJECT-TYPE SYNTAX SEQUENCE OF HwCliUserProfileParaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " User profile management table, which is used to query, modify, add and delete the user profile. The user profile is a set of public user attributes, including the user name and password validity period, permitted earliest time of login, and permitted latest time of login. The MIB supports the functions of querying and setting the values of the preceding parameters. A user needs to be created based on a user profile. In this case, the new user inherits the preceding parameter values in the user profile. The index of this table is hwCliUserProfileName. The index value is the user profile name, it uniquely identifies the user profile. By default, four system profiles exist in the system. The names of the four system profiles are as follows: root, admin, operator and commonuser. " ::= { hwCliUserMgmt 5 } hwCliUserProfileParaEntry OBJECT-TYPE SYNTAX HwCliUserProfileParaEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " User profile management table, which is used to query, modify, add and delete the user profile. The user profile is a set of public user attributes, including the user name and password validity period, permitted earliest time of login, and permitted latest time of login. The MIB supports the functions of querying and setting the values of the preceding parameters. A user needs to be created based on a user profile. In this case, the new user inherits the preceding parameter values in the user profile. The index of this entry is hwCliUserProfileName. The index value is the user profile name, it uniquely identifies the user profile. By default, four system profiles exist in the system. The names of the four system profiles are as follows: root, admin, operator and commonuser. " INDEX { IMPLIED hwCliUserProfileName } ::= { hwCliUserProfileParaTable 1 } HwCliUserProfileParaEntry ::= SEQUENCE { hwCliUserProfileName OCTET STRING, hwCliUserNameAvailableInterval Unsigned32, hwCliUserPwdAvailableInterval Unsigned32, hwCliUserLoginTime OCTET STRING, hwCliUserLogoutTime OCTET STRING, hwCliUserProfileRowStatus RowStatus } hwCliUserProfileName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..15)) MAX-ACCESS not-accessible STATUS current DESCRIPTION " The name of the user profile. The name of the new profile must be different from the names of the system profiles. The profile name consists of 1-15 characters. " ::= { hwCliUserProfileParaEntry 1 } hwCliUserNameAvailableInterval OBJECT-TYPE SYNTAX Unsigned32 (0..999) UNITS "day" MAX-ACCESS read-create STATUS current DESCRIPTION " Validity period of user name. For example, if the validity period of the user name is 10, it indicates that the user name cannot be used for login after ten days since it is created. In addition, a message is displayed indicating that the user name expires, that is, the validity period of the user name times out. 0 indicates that the user name is valid forever. Range: 0-999 Default: 0 Unit: day " DEFVAL { 0 } ::= { hwCliUserProfileParaEntry 4 } hwCliUserPwdAvailableInterval OBJECT-TYPE SYNTAX Unsigned32 (0..999) UNITS "day" MAX-ACCESS read-create STATUS current DESCRIPTION " Validity period of user password. For example, if the validity period of the user password is 10, it indicates that the user password cannot be used for login after ten days since it is created. In addition, a message is displayed indicating that the user password expires, that is, the validity period of the user password times out. 0 indicates that the user password is valid forever. Range: 0-999 Default: 0 Unit: day " DEFVAL { 0 } ::= { hwCliUserProfileParaEntry 5 } hwCliUserLoginTime OBJECT-TYPE SYNTAX OCTET STRING (SIZE (5..5)) MAX-ACCESS read-create STATUS current DESCRIPTION " Permitted earliest time of login. The user can log in to the system at any time between 00:00 and 23:59. " ::= { hwCliUserProfileParaEntry 6 } hwCliUserLogoutTime OBJECT-TYPE SYNTAX OCTET STRING (SIZE (5..5)) MAX-ACCESS read-create STATUS current DESCRIPTION " Permitted latest time of login. The user can log in to the system at the time from the permitted earliest time to the permitted latest time. In other periods, the user cannot log in to the system. " ::= { hwCliUserProfileParaEntry 7 } hwCliUserProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION " This object is used to operate the user profile. The system profile cannot be modified or deleted. When a user is bound with the user profile, the user profile cannot be modified or deleted. The parameter settings of the user profile can be queried through the user profile name. In addition, the information about the system profile can be queried. createAndGo(4) is supplied to create a new instance of a conceptual row. destroy(6) is supplied to delete the instances associated with an existing conceptual row. " ::= { hwCliUserProfileParaEntry 10 } hwCliSysPara OBJECT IDENTIFIER ::= { hwCliUserMgmt 6 } hwCliSyslockInterval OBJECT-TYPE SYNTAX Integer32 (1..65535) UNITS "minute" MAX-ACCESS read-write STATUS current DESCRIPTION " The time interval of user locked. When the number of times of login failure reaches the preset value for locking, the user is locked. This object is used to query and set the locking duration. Unit: minute DEFVAL { 15 } " ::= { hwCliSysPara 1 } hwCliSyslockCondition OBJECT-TYPE SYNTAX Integer32 (1..15) MAX-ACCESS read-write STATUS current DESCRIPTION " The times of login failure. This object is used to query and set the times of login failure. When the number of login failure reaches the preset value, the user is locked. DEFVAL { 3 } " ::= { hwCliSysPara 2 } hwCliSysLoginModifyPwd OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " The flag of whether the password need to be changed in the case of first login. Options: 1. enable(1) -indicates that the password needs to be changed for the first login. 2. disable(2) -indicates that the password need not be changed for the first login. DEFVAL { disable } " ::= { hwCliSysPara 3 } hwCliSysLockType OBJECT-TYPE SYNTAX INTEGER { none(0), user(1), ip(2), all(3) } MAX-ACCESS read-write STATUS current DESCRIPTION " Lock type. When the number of times of repeated login failure exceeds the preset value, the system automatically locks the user. This object is used to set the locking type. Options: 1. none(0) -indicates that the user need not be locked. 2. user(1) -indicates that the user name is locked. When the user logs in to the system with the user name again, 'The user has been locked and you cannot log on.' message is displayed. 3. ip(2) -indicates that the IP address with which the user logs in to the system is locked. When the user logs in to the system with the IP address again, the 'The IP address has been locked and you cannot log on.' message is displayed. 4. all(3) -indicates that both the user name and the IP address are locked. DEFVAL { none } " ::= { hwCliSysPara 4 } hwCliSysSecurityMode OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " The object specifies whether security mode is enable. Options: 1. enable(1) -indicates that the security administrator, whose name is security, can log in to the system. 2. disable(2) -indicates that the rights of user root are separated and are assigned to user security. User security can perform the querying operation and the operations corresponding to the rights separated from the rights of user root. That is, when the security mode switch is enabled(1), certain operations that can be performed by user root originally cannot be performed by user root but by user security. When the security mode is set to disable(2), the rights of user root and user security are combined and all the rights are owned by user root. In this case, user security cannot log in to the system. DEFVAL { disable } " ::= { hwCliSysPara 5 } hwCliAuthenDefaultDomainName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION " Domain name in the AAA authentication mode. When the value is null, it indicates that the authentication mode is local mode. If the AAA authentication mode is set successfully, the system changes to the AAA authentication mode. " ::= { hwCliSysPara 6 } hwCliSysUnlockType OBJECT-TYPE SYNTAX INTEGER { none(0), user(1), ip(2), all(3) } MAX-ACCESS read-only STATUS current DESCRIPTION " Unlock type. When a user is unlocked manually using commands or the preset locking criteria times out, the system generates an unlock event. This object is used to set the unlocking type. Options: 1. none(0) -user need not be unlocked . 2. user(1) -Unlock user. 3. ip(2) -Unlock IP. 4. all(3) -Unlock user and IP. DEFVAL { none } " ::= { hwCliSysPara 7 } hwSNMPUserTable OBJECT-TYPE SYNTAX SEQUENCE OF HwSNMPUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " NMS user management table, which supports the login and logout of the NMS user and the function of querying the information about the online NMS user. The index of this table is hwSNMPUserID. The index value is the user ID. " ::= { hwCliUserMgmt 7 } hwSNMPUserEntry OBJECT-TYPE SYNTAX HwSNMPUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " NMS user management table, which supports the login and logout of the NMS user and the function of querying the information about the online NMS user. The index of this entry is hwSNMPUserID. The index value is the user ID. " INDEX { hwSNMPUserID } ::= { hwSNMPUserTable 1 } HwSNMPUserEntry ::= SEQUENCE { hwSNMPUserID Integer32, hwSNMPUserName OCTET STRING, hwSNMPUserAdminStatus INTEGER, hwSNMPUserType INTEGER, hwSNMPUserIP IpAddress } hwSNMPUserID OBJECT-TYPE SYNTAX Integer32 (1..8) MAX-ACCESS not-accessible STATUS current DESCRIPTION " SNMP user ID(1..8) and index object. The value that the device returns to the NMS, which uniquely identifies a user. " ::= { hwSNMPUserEntry 1 } hwSNMPUserName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..32)) MAX-ACCESS read-write STATUS current DESCRIPTION " Name of the SNMP user. " ::= { hwSNMPUserEntry 2 } hwSNMPUserAdminStatus OBJECT-TYPE SYNTAX INTEGER { logon(1), logoff(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " SNMP user admin status(1:logon,2:logoff). Visual local craft terminal (LCT). Options: 1. logon(1) -indicates that the user can be set to go online. 2. logoff(2) -indicates that the user can be set to go offline. The user needs to be bound with the hwSNMPUserType object when the user is set to go online. " ::= { hwSNMPUserEntry 3 } hwSNMPUserType OBJECT-TYPE SYNTAX INTEGER { lct(1) } MAX-ACCESS read-write STATUS current DESCRIPTION " SNMP user type(1:lct). Options: 1.lct(1) -indicates that visual LCT, which is an NMS user type. " ::= { hwSNMPUserEntry 4 } hwSNMPUserIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION " IP address that SNMP user use. " ::= { hwSNMPUserEntry 5 } hwMngtUserAlarmTrapsVbOids OBJECT IDENTIFIER ::= { hwCliUserMgmt 8 } hwUserAdminStatus OBJECT-TYPE SYNTAX INTEGER { logon(0), logoff(1), logonfail(2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION " The Status of the user login. Options: 1. logon(0) -indicates that the user goes online. 2. logoff(1) -indicates that the user goes offline. 3. logonfail(2) -indicates that the user login fails. " ::= { hwMngtUserAlarmTrapsVbOids 1 } hwUserLogMode OBJECT-TYPE SYNTAX INTEGER { serial(0), clipry(1), telnet(2), ssh(3), web(4), xml(5), nms(6), omci(7), lct(8), modem(9), none(10), toolbox(11), toolboxSsh(12), ethoam(13), adminVs(14) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION " The modes of login to the client. Options: 1. serial(0) -serial mode. 2. clipry(1) -clipry mode. 3. telnet(2) -telnet mode. 4. ssh(3) -ssh mode. 5. web(4) -web mode. 6. xml(5) -xml mode. 7. nms(6) -nms mode. 8. omci(7) -omci mode. 9. lct(8) -lct mode. 10. modem(9) -modem mode. 11. none(10) -none(Indicates that the user does not log in). 12. toolbox(11) -toolbox mode. 13. toolboxSsh(12) -toolbox ssh mode. 14. ethoam(13) -ethoam mode. 15. adminVs(14) -adminVs mode. " ::= { hwMngtUserAlarmTrapsVbOids 2 } hwUserLogType OBJECT-TYPE SYNTAX INTEGER { operating(0), security(1) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION " Types of the user log. Currently, the logs are classified into two types. Options: 1. operating(0) -indicates the operating log. 2. security(1) -indicates the security log. " ::= { hwMngtUserAlarmTrapsVbOids 3 } hwCliSysOldUserLevel OBJECT-TYPE SYNTAX INTEGER { common(1), operator(2), administrator(3), super(4), guest(5), custom(6) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION " The levels of CLI users. Options: 1. common(1) -indicates the common user. 2. operator(2) -indicates the operator. 3. administrator(3) -indicates the administrator. 4. super(4) -indicates the super administrator. 5. guest(5) -indicates the guest user 6. custom(6) -indicates the custom user The higher the user level is, the more rights the user has. The user level must be bound to the user when the user is added. The super administrator cannot be added. " ::= { hwMngtUserAlarmTrapsVbOids 4 } hwCliSysNewUserLevel OBJECT-TYPE SYNTAX INTEGER { common(1), operator(2), administrator(3), super(4), guest(5), custom(6) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION " The levels of CLI users after modification. Options: 1. common(1) -indicates the common user. 2. operator(2) -indicates the operator. 3. administrator(3) -indicates the administrator. 4. super(4) -indicates the super administrator. 5. guest(5) -indicates the guest user 6. custom(6) -indicates the custom user The higher the user level is, the more rights the user has. The user level must be bound to the user when the user is added. The super administrator cannot be added. " ::= { hwMngtUserAlarmTrapsVbOids 5 } hwCliOnlineUserNum OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION " The number of online users. " ::= { hwMngtUserAlarmTrapsVbOids 6 } hwMngtUserTraps OBJECT IDENTIFIER ::= { hwCliUserMgmt 9 } hwMngtUserCommonTraps OBJECT IDENTIFIER ::= { hwMngtUserTraps 1 } hwMngtUserCommonTrapsPrefix OBJECT IDENTIFIER ::= { hwMngtUserCommonTraps 0 } hwMngtUserLogonStateTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwUserLogMode, hwCliClientIp, hwUserAdminStatus, hwCliOnlineUserNum } STATUS current DESCRIPTION " This trap message is reported when the user login or logoff. " ::= { hwMngtUserCommonTrapsPrefix 1 } hwMngtUserLogonStateInetTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwUserLogMode, hwCliClientInetAddress, hwUserAdminStatus, hwCliOnlineUserNum } STATUS current DESCRIPTION " This trap message is reported when the user login or logoff. " ::= { hwMngtUserCommonTrapsPrefix 2 } hwMngtUserAlarmTraps OBJECT IDENTIFIER ::= { hwMngtUserTraps 2 } hwMngtUserAlarmTrapsPrefix OBJECT IDENTIFIER ::= { hwMngtUserAlarmTraps 0 } hwUserLogWillFullTrap NOTIFICATION-TYPE OBJECTS { hwUserLogType } STATUS current DESCRIPTION " This trap message is reported when the system log database will be full. " ::= { hwMngtUserAlarmTrapsPrefix 1 } hwMngtUserLockedTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwUserLogMode, hwCliClientIp, hwCliSysLockType } STATUS current DESCRIPTION " This trap message is reported when the managing user of the equipment is locked. " ::= { hwMngtUserAlarmTrapsPrefix 2 } hwMngtUserStateChangeTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwUserLogMode, hwCliClientIp, hwUserAdminStatus } STATUS current DESCRIPTION " This trap message is reported when the maintenance user's state changes. " ::= { hwMngtUserAlarmTrapsPrefix 3 } hwMngtUserNameWillExpireTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwCliUserNameLastDays } STATUS current DESCRIPTION " This trap message is reported when the user name will expire soon. " ::= { hwMngtUserAlarmTrapsPrefix 4 } hwMngtUserPasswordWillExpireTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwCliUserPwdLastDays } STATUS current DESCRIPTION " This trap message is reported when the user password will expire soon. " ::= { hwMngtUserAlarmTrapsPrefix 5 } hwUserPasswordFaultTrap NOTIFICATION-TYPE STATUS current DESCRIPTION " This trap is sent when the default password for user root is not changed. " ::= { hwMngtUserAlarmTrapsPrefix 6 } hwUserPasswordRestoreTrap NOTIFICATION-TYPE STATUS current DESCRIPTION " This trap is sent when the default password for user root is changed. " ::= { hwMngtUserAlarmTrapsPrefix 7 } hwMngtUserUnlockedTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwCliClientIp, hwCliSysUnlockType } STATUS current DESCRIPTION " This trap message is reported when the managing user of the equipment is unlocked. " ::= { hwMngtUserAlarmTrapsPrefix 8 } hwMngtUserModifyAuthTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwCliSysOldUserLevel, hwCliSysNewUserLevel } STATUS current DESCRIPTION " This trap message is reported when the managing user change the permissions . " ::= { hwMngtUserAlarmTrapsPrefix 9 } hwConfigLockStateTrap NOTIFICATION-TYPE OBJECTS { hwConfigLockState } STATUS current DESCRIPTION " This trap message is reported when user change the config lock state. " ::= { hwMngtUserAlarmTrapsPrefix 10 } hwMngtUserStateChangeInetTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwUserLogMode, hwCliClientInetAddress, hwUserAdminStatus } STATUS current DESCRIPTION " This trap message is reported when the maintenance user's state changes. " ::= { hwMngtUserAlarmTrapsPrefix 11 } hwMngtIpv6UserLockedTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwUserLogMode, hwCliClientInetAddress, hwCliSysLockType } STATUS current DESCRIPTION " This trap message is reported when the managing user of the equipment is locked. " ::= { hwMngtUserAlarmTrapsPrefix 12 } hwMngtIpv6UserUnlockedTrap NOTIFICATION-TYPE OBJECTS { hwCliUserName, hwCliClientInetAddress, hwCliSysUnlockType } STATUS current DESCRIPTION " This trap message is reported when the managing user of the equipment is unlocked. " ::= { hwMngtUserAlarmTrapsPrefix 13 } hwCliConsolePara OBJECT IDENTIFIER ::= { hwCliUserMgmt 10 } hwCliConsoleSwitch OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " Enable/disable management serial port. Options: 1. enable(1) -indicates that the serial port is in the open state and the serial port is available. 2. disable(2) -indicates that the serial port is in the shutdown state and the serial port is unavailable. " ::= { hwCliConsolePara 1 } hwSysManFirewall OBJECT IDENTIFIER ::= { hwDev 12 } hwFirewallSwitchTable OBJECT-TYPE SYNTAX SEQUENCE OF HwFirewallSwitchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Firewall switch table, which supports the functions of querying, enabling and disabling the protocol-type firewall switch. The index of this table is hwFirewallProtocolType. " ::= { hwSysManFirewall 1 } hwFirewallSwitchEntry OBJECT-TYPE SYNTAX HwFirewallSwitchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Firewall switch table, which supports the functions of querying, enabling and disabling the protocol-type firewall switch. The index of this entry is hwFirewallProtocolType. " INDEX { hwFirewallProtocolType } ::= { hwFirewallSwitchTable 1 } HwFirewallSwitchEntry ::= SEQUENCE { hwFirewallProtocolType INTEGER, hwFirewallSwitch INTEGER } hwFirewallProtocolType OBJECT-TYPE SYNTAX INTEGER { telnet(1), ssh(2), snmp(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION " Index object, index of the hwFirewallSwitchTable object. Options: 1.telnet(1) -indicates that the firewall protocols is telnet. 2.ssh(2) -indicates that the firewall protocols is ssh. 3.snmp(3) -indicates that the firewall protocols is snmp. " ::= { hwFirewallSwitchEntry 1 } hwFirewallSwitch OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " Firewall switch. Options: 1. enable(1) -indicates that when the device needs to control the protocol used to access the device, this command can be executed to enable(1) the firewall switch of the protocol. After the firewall switch of the protocol is enabled(1), the device can control the operator who accesses the device with the protocol and reject the access of the operator whose IP address is not in the permitted address segment. 2. disable(2)-indicates that if the operator is already online, the device forces the operator to go offline. The firewall switch can be disabled when the firewall switch mode is set to disable(2). After the firewall switch is disabled(2), the device does not control the operator who accesses the device with the protocol. By default, the firewall in the system is in the disabled state. " DEFVAL { disable } ::= { hwFirewallSwitchEntry 2 } hwAccessIpTable OBJECT-TYPE SYNTAX SEQUENCE OF HwAccessIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Access IP table, which supports the functions of querying, adding and deleting the access IP table of a specified protocol. The access IP table is used to configure the address segments of the accessible devices under the specified protocol. This can prevent the invalid users from logging in to the device, that is, the operators whose IP addresses are not in the address segments and access protocols do not meet the requirements cannot access the device. The indexes of this table are hwFirewallProtocolType and hwAccessIpStartAddr. For the hwFirewallProtocolType object, refer to hwFirewallSwitchTable. hwAccessIpTable is used for configuring a list of accessible IP addresses. The IP address list takes effect only when the protocol corresponding to hwFirewallSwitchTable is enabled. " ::= { hwSysManFirewall 2 } hwAccessIpEntry OBJECT-TYPE SYNTAX HwAccessIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Access IP table, which supports the functions of querying, adding and deleting the access IP table of a specified protocol. The access IP table is used to configure the address segments of the accessible devices under the specified protocol. This can prevent the invalid users from logging in to the device, that is, the operators whose IP addresses are not in the address segments and access protocols do not meet the requirements cannot access the device. The indexes of this entry are hwFirewallProtocolType and hwAccessIpStartAddr. For the hwFirewallProtocolType object, refer to hwFirewallSwitchTable. hwAccessIpTable is used for configuring a list of accessible IP addresses. The IP address list takes effect only when the protocol corresponding to hwFirewallSwitchTable is enabled. " INDEX { hwFirewallProtocolType, hwAccessIpStartAddr } ::= { hwAccessIpTable 1 } HwAccessIpEntry ::= SEQUENCE { hwAccessIpStartAddr IpAddress, hwAccessIpEndAddr IpAddress, hwAccessIpRowStatus RowStatus } hwAccessIpStartAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION " Start IP address of one record in access Ip table. The IP address in the new record of the table must be valid, that is, the IP address is not a class 0 address or class D address. The record in which the start address is the same as the existing one cannot be added to the table. " ::= { hwAccessIpEntry 1 } hwAccessIpEndAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION " End IP address of one record in access Ip table. The new IP address must be valid, that is, the IP address is not a class 0 address or class D address. The record in which the end address is smaller than the start address cannot be added and each protocol supports a maximum of 10 IP addresses. " ::= { hwAccessIpEntry 2 } hwAccessIpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION " Operation status of row. The specified protocol type and the start and end addresses in the start address permitting table can be modified. createAndGo(4) is supplied to create a new instance of a conceptual row. destroy(6) is supplied to delete the instances associated with an existing conceptual row. " ::= { hwAccessIpEntry 3 } hwRefuseIpTable OBJECT-TYPE SYNTAX SEQUENCE OF HwRefuseIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Refuse IP table. The table is used to configure the address segment (under a specified protocol) with which the user cannot access the device. This can prevent the invalid users from logging in to the device. After address segment is configured in the table, the operators with the IP addresses in the address segment cannot access the device. The indexes of this table are hwFirewallProtocolType and hwRefuseIpStartAddr. For the hwFirewallProtocolType object, refer to hwFirewallSwitchTable. hwRefuseIpTable is used for configuring a list of prohibited IP addresses. The IP address list takes effect only when the protocol corresponding to hwFirewallSwitchTable is enabled. " ::= { hwSysManFirewall 3 } hwRefuseIpEntry OBJECT-TYPE SYNTAX HwRefuseIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Refuse IP table. The table is used to configure the address segment (under a specified protocol) with which the user cannot access the device. This can prevent the invalid users from logging in to the device. After address segment is configured in the table, the operators with the IP addresses in the address segment cannot access the device. The indexes of this entry are hwFirewallProtocolType and hwRefuseIpStartAddr. For the hwFirewallProtocolType object, refer to hwFirewallSwitchTable. hwRefuseIpTable is used for configuring a list of prohibited IP addresses. The IP address list takes effect only when the protocol corresponding to hwFirewallSwitchTable is enabled. " INDEX { hwFirewallProtocolType, hwRefuseIpStartAddr } ::= { hwRefuseIpTable 1 } HwRefuseIpEntry ::= SEQUENCE { hwRefuseIpStartAddr IpAddress, hwRefuseIpEndAddr IpAddress, hwRefuseIpRowStatus RowStatus } hwRefuseIpStartAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION " Start IP address of one record in refuse Ip table. The IP address in the new record of the table must be valid, that is, the IP address is neither a class 0 address nor class D address. The record in which the start address is the same as the existing one cannot be added to the table. " ::= { hwRefuseIpEntry 1} hwRefuseIpEndAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION " End IP address of one record in refuse Ip table. The IP address in the new record of the table must be valid, that is, the IP address is not a class 0 address or class D address. The record in which the end address is smaller than the start address cannot be added and each protocol supports a maximum of 10 IP addresses. " ::= { hwRefuseIpEntry 2} hwRefuseIpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION " Operation status of row. The specified protocol type and the start and end addresses in the start address rejecting table can be modified. createAndGo(4) is supplied to create a new instance of a conceptual row. destroy(6) is supplied to delete the instances associated with an existing conceptual row. " ::= { hwRefuseIpEntry 3 } hwFirewallSwitchV6Table OBJECT-TYPE SYNTAX SEQUENCE OF HwFirewallSwitchV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " IPv6 Firewall switch table, which supports the functions of querying, enabling and disabling the protocol-type firewall switch. The index of this table is hwFirewallV6ProtocolType. " ::= { hwSysManFirewall 4 } hwFirewallSwitchV6Entry OBJECT-TYPE SYNTAX HwFirewallSwitchV6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " IPv6 Firewall switch table, which supports the functions of querying, enabling and disabling the protocol-type firewall switch. The index of this entry is hwFirewallV6ProtocolType. " INDEX { hwFirewallV6ProtocolType } ::= { hwFirewallSwitchV6Table 1 } HwFirewallSwitchV6Entry ::= SEQUENCE { hwFirewallV6ProtocolType INTEGER, hwFirewallSwitchV6 INTEGER } hwFirewallV6ProtocolType OBJECT-TYPE SYNTAX INTEGER { telnet(1), ssh(2), snmp(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION " Index object, index of the hwFirewallSwitchV6Table object. Options: 1.telnet(1) -indicates that the IPv6 firewall protocols is telnet. 2.ssh(2) -indicates that the IPv6 firewall protocols is ssh. 3.snmp(3) -indicates that the IPv6 firewall protocols is snmp. " ::= { hwFirewallSwitchV6Entry 1 } hwFirewallSwitchV6 OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " Firewall switch. Options: 1. enable(1) -indicates that when the device needs to control the protocol used to access the device, this command can be executed to enable(1) the firewall switch of the protocol. After the IPv6 firewall switch of the protocol is enabled(1), the device can control the operator who accesses the device with the protocol and reject the access of the operator whose IP address is not in the permitted address segment. 2. disable(2)-indicates that if the operator is already online, the device forces the operator to go offline. The firewall switch can be disabled when the firewall switch mode is set to disable(2). After the IPv6 firewall switch is disabled(2), the device does not control the operator who accesses the device with the protocol. By default, the firewall in the system is in the disabled state. " DEFVAL { disable } ::= { hwFirewallSwitchV6Entry 2 } hwAccessIpv6Table OBJECT-TYPE SYNTAX SEQUENCE OF HwAccessIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Access IPv6 table, which supports the functions of querying, adding and deleting the access IPv6 table of a specified protocol. The access IPv6 table is used to configure the address segments of the accessible devices under the specified protocol. This can prevent the invalid users from logging in to the device, that is, the operators whose IPv6 addresses are not in the address segments and access protocols do not meet the requirements cannot access the device. The indexes of this table are hwFirewallV6ProtocolType and hwAccessIpv6StartAddr. For the hwFirewallV6ProtocolType object, refer to hwFirewallSwitchV6Table. hwAccessIpv6Table is used for configuring a list of accessible IPv6 addresses. The IPv6 address list takes effect only when the protocol corresponding to hwFirewallSwitchV6Table is enabled. " ::= { hwSysManFirewall 5 } hwAccessIpv6Entry OBJECT-TYPE SYNTAX HwAccessIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Access IPv6 table, which supports the functions of querying, adding and deleting the access IPv6 table of a specified protocol. The access IPv6 table is used to configure the address segments of the accessible devices under the specified protocol. This can prevent the invalid users from logging in to the device, that is, the operators whose IP addresses are not in the address segments and access protocols do not meet the requirements cannot access the device. The indexes of this entry are hwFirewallV6ProtocolType and hwAccessIpv6StartAddr. For the hwFirewallV6ProtocolType object, refer to hwFirewallSwitchV6Table. hwAccessIpv6Table is used for configuring a list of accessible IPv6 addresses. The IPv6 address list takes effect only when the protocol corresponding to hwFirewallSwitchV6Table is enabled. " INDEX { hwFirewallV6ProtocolType, hwAccessIpv6StartAddr } ::= { hwAccessIpv6Table 1 } HwAccessIpv6Entry ::= SEQUENCE { hwAccessIpv6StartAddr Ipv6Address, hwAccessIpv6EndAddr Ipv6Address, hwAccessIpv6RowStatus RowStatus } hwAccessIpv6StartAddr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS not-accessible STATUS current DESCRIPTION " Start IPv6 address of one record in access IPv6 table. The IPv6 address in the new record of the table must be valid. The record in which the start address is the same as the existing one cannot be added to the table. " ::= { hwAccessIpv6Entry 1 } hwAccessIpv6EndAddr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION " End IPv6 address of one record in access IPv6 table. The new IPv6 address must be valid, that is. The record in which the end address is smaller than the start address cannot be added and each protocol supports a maximum of 10 IPv6 addresses. " ::= { hwAccessIpv6Entry 2 } hwAccessIpv6RowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION " Operation status of row. The specified protocol type and the start and end addresses in the start address permitting table can be modified. createAndGo(4) is supplied to create a new instance of a conceptual row. destroy(6) is supplied to delete the instances associated with an existing conceptual row. " ::= { hwAccessIpv6Entry 3 } hwRefuseIpv6Table OBJECT-TYPE SYNTAX SEQUENCE OF HwRefuseIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Refuse IPv6 table. The table is used to configure the address segment (under a specified protocol) with which the user cannot access the device. This can prevent the invalid users from logging in to the device. After address segment is configured in the table, the operators with the IPv6 addresses in the address segment cannot access the device. The indexes of this table are hwFirewallV6ProtocolType and hwRefuseIpv6StartAddr. For the hwFirewallV6ProtocolType object, refer to hwFirewallSwitchV6Table. hwRefuseIpv6Table is used for configuring a list of prohibited IPv6 addresses. The IPv6 address list takes effect only when the protocol corresponding to hwFirewallSwitchV6Table is enabled. " ::= { hwSysManFirewall 6 } hwRefuseIpv6Entry OBJECT-TYPE SYNTAX HwRefuseIpv6Entry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Refuse IPv6 table. The table is used to configure the address segment (under a specified protocol) with which the user cannot access the device. This can prevent the invalid users from logging in to the device. After address segment is configured in the table, the operators with the IPv6 addresses in the address segment cannot access the device. The indexes of this entry are hwFirewallV6ProtocolType and hwRefuseIpv6StartAddr. For the hwFirewallV6ProtocolType object, refer to hwFirewallSwitchV6Table. hwRefuseIpv6Table is used for configuring a list of prohibited IPv6 addresses. The IPv6 address list takes effect only when the protocol corresponding to hwFirewallSwitchV6Table is enabled. " INDEX { hwFirewallV6ProtocolType, hwRefuseIpv6StartAddr } ::= { hwRefuseIpv6Table 1 } HwRefuseIpv6Entry ::= SEQUENCE { hwRefuseIpv6StartAddr Ipv6Address, hwRefuseIpv6EndAddr Ipv6Address, hwRefuseIpv6RowStatus RowStatus } hwRefuseIpv6StartAddr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS not-accessible STATUS current DESCRIPTION " Start IPv6 address of one record in refuse IPv6 table. The IPv6 address in the new record of the table must be valid. The record in which the start address is the same as the existing one cannot be added to the table. " ::= { hwRefuseIpv6Entry 1} hwRefuseIpv6EndAddr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION " End IPv6 address of one record in refuse IPv6 table. The IPv6 address in the new record of the table must be valid, that is. The record in which the end address is smaller than the start address cannot be added and each protocol supports a maximum of 10 IP addresses. " ::= { hwRefuseIpv6Entry 2} hwRefuseIpv6RowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION " Operation status of row. The specified protocol type and the start and end addresses in the start address rejecting table can be modified. createAndGo(4) is supplied to create a new instance of a conceptual row. destroy(6) is supplied to delete the instances associated with an existing conceptual row. " ::= { hwRefuseIpv6Entry 3 } hwSysManSourceInterface OBJECT IDENTIFIER ::= { hwDev 19 } hwSysManSourceInterfaceTable OBJECT-TYPE SYNTAX SEQUENCE OF HwSysManSourceInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Sysman source interface table. The table is used to configure the source interfaces under the protocols such as SNMP trap, TFTP, FTP, SFTP, Telnet, Ping and Tracert. The addresses of the Loopback, meth and VLANIF interfaces can be used as the source addresses from which the system sends packets. The system uses the bound interface address as the source address to send the protocol packet. The index of this table is hwSysManProtocolType. " ::= { hwSysManSourceInterface 1 } hwSysManSourceInterfaceEntry OBJECT-TYPE SYNTAX HwSysManSourceInterfaceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Sysman source interface table. The table is used to configure the source interfaces under the protocols such as SNMP trap, TFTP, FTP, SFTP, Telnet, Ping and Tracert. The addresses of the Loopback, meth and VLANIF interfaces can be used as the source addresses from which the system sends packets. The system uses the bound interface address as the source address to send the protocol packet. The index of this entry is hwSysManProtocolType. " INDEX { hwSysManProtocolType } ::= { hwSysManSourceInterfaceTable 1 } HwSysManSourceInterfaceEntry ::= SEQUENCE { hwSysManProtocolType INTEGER, hwSourceInterfaceType INTEGER, hwSourceInterfaceNumber Integer32, hwSourceInterfaceIPAddress IpAddress, hwSourceIPv6Address InetAddress } hwSysManProtocolType OBJECT-TYPE SYNTAX INTEGER { trap(1), syslog(2), tftp(3), ftp(4), sftp(5), telnet(6), ping(7), tracert(8), license(9), stelnet(10), ipdr(11), tftpproxy(12) } MAX-ACCESS read-only STATUS current DESCRIPTION " Application-layer packet type. Options: 1. trap(1) -indicates the trap packet. 2. syslog(2) -indicates the syslog packet. 3. tftp(3) -indicates the tftp packet. 4. ftp(4) -indicates the ftp packet. 5. sftp(5) -indicates the sftp packet. 6. telnet(6) -indicates the telnet packet. 7. ping(7) -indicates the ping packet. 8. tracert(8) -indicates the tracert packet. 9. license(9) -indicates the license packet. 10.stelnet(10)-indicates the stelnet packet. 11.ipdr(11) -indicates the ipdr packet. 12.tftpproxy(12)-indicates the tftp-proxy packet. " ::= { hwSysManSourceInterfaceEntry 1} hwSourceInterfaceType OBJECT-TYPE SYNTAX INTEGER { auto(1), loopback(2), meth(3), vlanif(4) } MAX-ACCESS read-write STATUS current DESCRIPTION " Source interface type, which is used with the interface number to determine the interface from which packets are sent. Options: 1. auto(1) -indicates the function of automatically searching for the source interface according to the route. 2. loopback(2) -indicates the loopback interface. 3. meth(3) -indicates the meth interface. 4. vlanif(4) -indicates the vlanif interface. " DEFVAL { auto } ::= { hwSysManSourceInterfaceEntry 2} hwSourceInterfaceNumber OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION " Source interface number, which is the interface number under the source interface type object and is used with the interface type to determine the interface from which packets are sent. The hwSourceInterfaceNumber value of -1 indicates the source interface is not configured. " ::= { hwSysManSourceInterfaceEntry 3 } hwSourceInterfaceIPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION " Source interface ip address, which is the ip address set by user directly for the the source interface type object. Currently this node is only used for tftp-proxy,which means other protocol doesn't support this operation. 0.0.0.0 - indicates the IP address is not configured for the corresponding protocol. " ::= { hwSysManSourceInterfaceEntry 4 } hwSourceIPv6Address OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION " Source interface ipv6 address, which is the ipv6 address set by user directly for the source interface type object. Currently this node is used for tftp, ftp, sftp, telnet, stelnet, trap, syslog. " ::= { hwSysManSourceInterfaceEntry 5 } hwModemCallbackMngt OBJECT IDENTIFIER ::= { hwCliUserMgmt 11 } hwModemCallbackSwitch OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION " The object specifies whether callback function is enable. Options: 1. enable(1) -indicates that the callback function is enable. 2. disable(2) -indicates that the callback function is disable. Default: disable(2) " ::= { hwModemCallbackMngt 1 } hwModemCallbackMngtTable OBJECT-TYPE SYNTAX SEQUENCE OF HwModemCallbackMngtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The callback security configuration table. This table is used to manage the callback telephone numbers and passwords. The index of this table is hwModemCallbackIndex." ::= { hwModemCallbackMngt 2 } hwModemCallbackMngtEntry OBJECT-TYPE SYNTAX HwModemCallbackMngtEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The callback security configuration table. This table is used to manage the callback telephone numbers and passwords. The index of this entry is hwModemCallbackIndex." INDEX { hwModemTelNumber } ::= { hwModemCallbackMngtTable 1 } HwModemCallbackMngtEntry ::= SEQUENCE { hwModemTelNumber DisplayString, hwModemPassword DisplayString, hwModemCallbackRowStatus RowStatus } hwModemTelNumber OBJECT-TYPE SYNTAX DisplayString (SIZE (1..20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Telephone number" ::= { hwModemCallbackMngtEntry 1 } hwModemPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (1..16)) MAX-ACCESS read-write STATUS current DESCRIPTION "User password. The password must be cipher encrypted by MD5, it consists of 16 characters." ::= { hwModemCallbackMngtEntry 2 } hwModemCallbackRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION " Operation user configration of the modem callback function, the user configration can be added and deleted. The user telephone number and password must be bound when the user is added. The exist telephone number or password cannot be added. createAndGo(4) is supplied to create a new instance of a conceptual row. destroy(6) is supplied to delete the instances associated with an existing conceptual row. " ::= { hwModemCallbackMngtEntry 3 } END -- -- HUAWEI-MNGT-MIB.mib --