G6-ACL-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Counter32, enterprises,NOTIFICATION-TYPE FROM SNMPv2-SMI DisplayString, MacAddress FROM SNMPv2-TC g6 FROM MICROSENS-G6-MIB ; management MODULE-IDENTITY --Category LAST-UPDATED "201802121619Z" ORGANIZATION "MICROSENS GmbH & Co. KG" CONTACT-INFO "Kueferstrasse 16 D-59067 Hamm Germany support@microsens.de http://www.microsens.de" DESCRIPTION "Microsens private MIB for Generation 6 Ethernet Switches" REVISION "201802121619Z" DESCRIPTION "File creation" ::= { g6 3 } acl OBJECT IDENTIFIER ::= { management 51 } -- *************************** CONFIGURATION SECTION ******************************** aclEnableAclFiltering OBJECT-TYPE -- enable_acl_filtering SYNTAX INTEGER { disabled(0), enabled(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "General enable of access control list operation. Note that this function need only be enabled when port filtering is used. For wifi, dhcp or arp inspection function this enable parameter is meaningless.." ::= { acl 1 } -- ******************* Begin of activeFilterPortConfigTable ************************* activeFilterPortConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF ActiveFilterPortConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the parameter for access control of incoming data." ::= { acl 2 } activeFilterPortConfigEntry OBJECT-TYPE SYNTAX ActiveFilterPortConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { activeFilterPortConfigPortIndex } ::= { activeFilterPortConfigTable 1 } ActiveFilterPortConfigEntry ::= SEQUENCE { activeFilterPortConfigPortIndex INTEGER, activeFilterPortConfigEnableAclFiltering INTEGER , activeFilterPortConfigAclListName DisplayString } activeFilterPortConfigPortIndex OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Automatically generated" ::= { activeFilterPortConfigEntry 1 } activeFilterPortConfigEnableAclFiltering OBJECT-TYPE -- enable_acl_filtering SYNTAX INTEGER { disabled(0), enabled(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "Generally enables access control checking for this particular port. The details need to be configured in the list and rules tables." ::= { activeFilterPortConfigEntry 2 } activeFilterPortConfigAclListName OBJECT-TYPE -- acl_list_name SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Name of the ACL (access control list) which apply to this port. Several ACL lists may be specified with a comma separated list. Example acl1, otherlist" ::= { activeFilterPortConfigEntry 3 } -- ********************* End of activeFilterPortConfigTable *********************** -- ******************* Begin of listTable ************************* listTable OBJECT-TYPE SYNTAX SEQUENCE OF ListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to combine and group individual rules for easier reference." ::= { acl 3 } listEntry OBJECT-TYPE SYNTAX ListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { listIndex } ::= { listTable 1 } ListEntry ::= SEQUENCE { listIndex INTEGER, listName DisplayString, listDescription DisplayString, listRules DisplayString } listIndex OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Automatically generated" ::= { listEntry 1 } listName OBJECT-TYPE -- name SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Unique name to reference this entry and to remember whose MAC address is entered." ::= { listEntry 2 } listDescription OBJECT-TYPE -- description SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Enter any information required to remember what this rule is intended to do." ::= { listEntry 3 } listRules OBJECT-TYPE -- rules SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Contains the names of rules that apply to this list separated by commas. Please beware of typing errors. Example: rule1,rule2,other_rule" ::= { listEntry 4 } -- ********************* End of listTable *********************** -- ******************* Begin of rulesTable ************************* rulesTable OBJECT-TYPE SYNTAX SEQUENCE OF RulesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "For filtering of incoming data this table defines the filter rules. The same table also applies to arp inspection. In this use this table statically defines valid MAC/IP/VLAN relationships." ::= { acl 4 } rulesEntry OBJECT-TYPE SYNTAX RulesEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { rulesIndex } ::= { rulesTable 1 } RulesEntry ::= SEQUENCE { rulesIndex INTEGER, rulesName DisplayString, rulesDescription DisplayString, rulesMode INTEGER , rulesEtherType Integer32 , rulesProtocol Integer32 , rulesVlanId Integer32 , rulesSourceMac MacAddress, rulesSourceIp OCTET STRING , rulesSourceMask OCTET STRING , rulesSourcePort Integer32 , rulesDestinationMac MacAddress, rulesDestinationIp OCTET STRING , rulesDestinationMask OCTET STRING , rulesDestinationPort Integer32 } rulesIndex OBJECT-TYPE SYNTAX INTEGER (0..127) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Automatically generated" ::= { rulesEntry 1 } rulesName OBJECT-TYPE -- name SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Unique name to reference this entry and to remember whose MAC address is entered." ::= { rulesEntry 2 } rulesDescription OBJECT-TYPE -- description SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION "Enter any information required to remember what this rule is intended to do." ::= { rulesEntry 3 } rulesMode OBJECT-TYPE -- mode SYNTAX INTEGER { unused (0), permit (1), deny (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Use UNUSED to temporarily suspend an entry. Use ACCEPT when the matched entry should be treated as valid. Use DENY when a matched entry should be treated as invalid match." ::= { rulesEntry 4 } rulesEtherType OBJECT-TYPE -- ether_type SYNTAX Integer32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "Use 2048 to match IPv4 (0x800), 34525 to match IPv6 (0x86DD). A value of 0 ignores this field. The field is also ignored for ARP inspection rules." ::= { rulesEntry 5 } rulesProtocol OBJECT-TYPE -- protocol SYNTAX Integer32 (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Use 6 to specifiy tcp, 17 for udp, etc. Use to ignore the protocol field. This field is also ignored for arp inspection rules." ::= { rulesEntry 6 } rulesVlanId OBJECT-TYPE -- vlan_id SYNTAX Integer32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "VLAN ID for which this entry is valid. A value of 0 ignores this field." ::= { rulesEntry 7 } rulesSourceMac OBJECT-TYPE -- source_mac SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "MAC address entry." ::= { rulesEntry 8 } rulesSourceIp OBJECT-TYPE -- source_ip SYNTAX OCTET STRING (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "IP address associated with the given MAC." ::= { rulesEntry 9 } rulesSourceMask OBJECT-TYPE -- source_mask SYNTAX OCTET STRING (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "The mask my be used to create a valid address range." ::= { rulesEntry 10 } rulesSourcePort OBJECT-TYPE -- source_port SYNTAX Integer32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "May be used to specify a specific udp/tcp port. A value of 0 ignores this field. The field is also ignored for ARP inspection rules." ::= { rulesEntry 11 } rulesDestinationMac OBJECT-TYPE -- destination_mac SYNTAX MacAddress MAX-ACCESS read-write STATUS current DESCRIPTION "MAC address entry. This field is ignored for ARP inspection rules." ::= { rulesEntry 12 } rulesDestinationIp OBJECT-TYPE -- destination_ip SYNTAX OCTET STRING (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "IP address associated with the given MAC. This field is ignored for ARP inspection rules." ::= { rulesEntry 13 } rulesDestinationMask OBJECT-TYPE -- destination_mask SYNTAX OCTET STRING (SIZE (0..20)) MAX-ACCESS read-write STATUS current DESCRIPTION "The mask my be used to create a valid address range. This field is ignored for ARP inspection rules." ::= { rulesEntry 14 } rulesDestinationPort OBJECT-TYPE -- destination_port SYNTAX Integer32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "May be used to specify a specific udp/tcp port. A value of 0 ignores this field. The field is also ignored for ARP inspection rules." ::= { rulesEntry 15 } -- ********************* End of rulesTable *********************** -- ****************************** STATUS SECTION ******************************** END