-------------------------------------------------------------------------------- -- File Name : ZTE-AN-SECURITY-SERVICE-MIB.mib -- Date : 2008-06-17 -- Author : ZTE Nms dept. -- -- Zte Service Mib for Access Node -- -- -------------------------------------------------------------------------------- ZTE-AN-SECURITY-SERVICE-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32 FROM SNMPv2-SMI MacAddress,TruthValue,RowStatus FROM SNMPv2-TC ifIndex FROM RFC1213-MIB ZxAnIfindex FROM ZTE-AN-TC-MIB InetAddress,InetAddressType,InetAddressPrefixLength FROM INET-ADDRESS-MIB zxAn, VlanId FROM ZTE-AN-TC-MIB; zxAnSecSvcMib MODULE-IDENTITY LAST-UPDATED "200806171630Z" ORGANIZATION "ZTE Corporation" CONTACT-INFO "Guo Jingwen Mail: guo.jingwen@zte.com.cn Tel : 021-68897124" DESCRIPTION "This MIB defines zte Access Node managed objects." ::= { zxAn 11 } zxAnSecSvcObjects OBJECT IDENTIFIER ::= { zxAnSecSvcMib 1 } zxAnSecSvcTrapObjects OBJECT IDENTIFIER ::= { zxAnSecSvcMib 2 } -------------------------------------------------------------------------------- -- Following objects are defined. -- 1.Security Mgmt -- 1.7 IP Source Guard Mgmt -- 1.8 Reserved MAC Mgmt -- 1.9 L2CP Mgmt -- 1.10 Ipv6Filter Mgmt -- 2.Trap -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- 1.Security Mgmt -------------------------------------------------------------------------------- zxAnSecSvcAntiAttack OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 1 } zxAnSecSvcPktLimit OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 2 } zxAnSecSvcMacAntiSnoofing OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 3 } zxAnSecSvcPrivateNetwork OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 4 } -- zxAnSecSvcVlanTable OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 5 } zxAnSecSvcIpSourceGuard OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 7 } zxAnSecSvcReservedMac OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 8 } zxAnSecSvcL2cp OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 9 } zxAnSecSvcIpv6Filter OBJECT IDENTIFIER ::= { zxAnSecSvcObjects 10} -------------------------------------------------------------------------------- -- 1.1 Security Mgmt-AntiAttack -------------------------------------------------------------------------------- zxAnSecSvcAntiDosMgmt OBJECT IDENTIFIER ::= { zxAnSecSvcAntiAttack 1 } zxAnSecSvcAntiDosAdminState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The desired state of the anti-dos.If the state is disable, anti-dos doesnot work up,and also there will be not any alarm raised." DEFVAL { disable } ::= { zxAnSecSvcAntiDosMgmt 1 } zxAnSecSvcAntiDosDropState OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The desired state of the drop packets.If the state is enable, system will discard packets from MAC which in blacklist." DEFVAL { disable } ::= { zxAnSecSvcAntiDosMgmt 2 } zxAnSecSvcAntiDosCurrentPackets OBJECT-TYPE SYNTAX Integer32 UNITS "pps" MAX-ACCESS read-only STATUS current DESCRIPTION "The current packets per second that system checking." ::= { zxAnSecSvcAntiDosMgmt 3 } zxAnSecSvcAntiDosAscThreshold OBJECT-TYPE SYNTAX Integer32 UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The threshold that if current packets per second over it, system will put the source MAC of packet into blacklist and raise a alarm." ::= { zxAnSecSvcAntiDosMgmt 4 } zxAnSecSvcAntiDosDescThreshold OBJECT-TYPE SYNTAX Integer32 UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The threshold that if current packets per second below it, system will remove the source MAC of packet from blacklist and raise a alarm restore." ::= { zxAnSecSvcAntiDosMgmt 5 } zxAnSecSvcAntiDosSourceMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The source MAC of packets,which will put into blacklist or remove from blaklist." ::= { zxAnSecSvcAntiDosMgmt 6 } zxAnSecSvcAntiDosPortVlan OBJECT-TYPE SYNTAX VlanId MAX-ACCESS read-only STATUS current DESCRIPTION "The port VLAN that attack packet from." ::= { zxAnSecSvcAntiDosMgmt 7 } zxAnSecSvrAntiDosBlockDuration OBJECT-TYPE SYNTAX Integer32(1..600) UNITS "Seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "Blocking duration indicates how long the packet which the source MAC address is in the blacklist is blocked. When zxAnSecSvcAntiDosDropState is enabled(1), the blocked packets will be discarded." DEFVAL { 1 } ::= { zxAnSecSvcAntiDosMgmt 8 } zxAnSecAntiDosPktLmtByHwEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable/disable the packet limit by hardware." DEFVAL { disabled } ::= { zxAnSecSvcAntiDosMgmt 9 } zxAnSecAntiDosVportShutdownDur OBJECT-TYPE SYNTAX Integer32(0..60) UNITS "Seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "VPort shutdown duration. The VPort will be shutdown when receiving the packets which the source MAC address is in the blacklist. Value 0 means not to shutdown VPort." DEFVAL { 0 } ::= { zxAnSecSvcAntiDosMgmt 10 } -------------------------------------------------------------------------------- -- 1.2 MAC Snoofing Mgmt -------------------------------------------------------------------------------- zxAnMasEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable Mac drift.1-truth,2-false. " DEFVAL { 1 } ::= { zxAnSecSvcMacAntiSnoofing 1 } zxAnMasUplinkProtectEnable OBJECT-TYPE SYNTAX INTEGER { nniprotectenable(1), nniprotectdisable(2), uniprotect(3), unimacprotect(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable uplink protect Mac drift." DEFVAL { nniprotectenable } ::= { zxAnSecSvcMacAntiSnoofing 2 } zxAnGlobalMacAntiSpfMacTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnGlobalMacAntiSpfMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { zxAnSecSvcMacAntiSnoofing 3 } zxAnGlobalMacAntiSpfMacEntry OBJECT-TYPE SYNTAX ZxAnGlobalMacAntiSpfMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing anti drift mac address information." INDEX { zxAnGlobalMacAntiSpfMacAddress } ::= { zxAnGlobalMacAntiSpfMacTable 1 } ZxAnGlobalMacAntiSpfMacEntry ::= SEQUENCE { zxAnGlobalMacAntiSpfMacAddress MacAddress, zxAnGlobalMacAntiSpfMacRowStatus RowStatus } zxAnGlobalMacAntiSpfMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "MAC address" ::= { zxAnGlobalMacAntiSpfMacEntry 1 } zxAnGlobalMacAntiSpfMacRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { zxAnGlobalMacAntiSpfMacEntry 50} zxAnSecSvcMacAntiSpfGlobalObject OBJECT IDENTIFIER ::= { zxAnSecSvcMacAntiSnoofing 50 } zxAnMasMacMoveReportEnable OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable zxAnIfMacDriftTrap and zxAnIfMacAntiDriftNotify." DEFVAL { disable } ::= { zxAnSecSvcMacAntiSpfGlobalObject 1 } zxAnSecSvcMacDriftAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the MAC address that is drifted between zxAnSecSvcMacDriftFromIfIndex and zxAnSecSvcMacDriftToIfIndex on zxAnSecSvcMacDriftVlanId. This object is instantiated only when zxAnMasEnable and zxAnMasMacMoveReportEnable value is set to enable(1) and a MAC drift is detected by the MAC drift notification feature." ::= { zxAnSecSvcMacAntiSpfGlobalObject 2 } zxAnSecSvcMacDriftVlanId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the VLAN on which the zxAnSecSvcMacDriftAddress is drifted from zxAnSecSvcMacDriftFromIfIndex to zxAnSecSvcMacDriftToIfIndex. This object is instantiated only when zxAnMasEnable and zxAnMasMacMoveReportEnable value is set to enable(1) and a MAC drift is detected by the MAC drift notification feature." ::= { zxAnSecSvcMacAntiSpfGlobalObject 3 } zxAnSecSvcMacDriftFromIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the port from which the zxAnSecSvcMacDriftAddress is drifted to zxAnSecSvcMacDriftToIfIndex on zxAnSecSvcMacDriftVlanId. This object is instantiated only when zxAnMasEnable and zxAnMasMacMoveReportEnable value is set to enable(1) and a MAC drift is detected by the MAC drift notification feature." ::= { zxAnSecSvcMacAntiSpfGlobalObject 4 } zxAnSecSvcMacDriftToIfIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the port to which the zxAnSecSvcMacDriftAddress is drifted from zxAnSecSvcMacDriftFromIfIndex on zxAnSecSvcMacDriftVlanId. This object is instantiated only when zxAnMasEnable and zxAnMasMacMoveReportEnable value is set to enable(1) and a MAC drift is detected by the MAC drift notification feature." ::= { zxAnSecSvcMacAntiSpfGlobalObject 5 } zxAnMasMacMoveReportInterval OBJECT-TYPE SYNTAX INTEGER(1..300) UNITS "minute" MAX-ACCESS read-write STATUS current DESCRIPTION "The report interval of zxAnIfMacAntiDriftNotify which has the same VLAN and MAC address. " DEFVAL { 30 } ::= { zxAnSecSvcMacAntiSpfGlobalObject 6 } ----------------------------------------------------------- zxAnVlanMacAntiSpfTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnVlanMacAntiSpfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { zxAnSecSvcMacAntiSnoofing 4 } zxAnVlanMacAntiSpfEntry OBJECT-TYPE SYNTAX ZxAnVlanMacAntiSpfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing anti drift mac address information." INDEX { zxAnVlanMacAntiSpfVlanId } ::= { zxAnVlanMacAntiSpfTable 1 } ZxAnVlanMacAntiSpfEntry ::= SEQUENCE { zxAnVlanMacAntiSpfVlanId Integer32, zxAnVlanMacAntiSpfEnable INTEGER, zxAnVlanMacAntiSpfType INTEGER, zxAnVlanMacAntiSpfRowStatus RowStatus } zxAnVlanMacAntiSpfVlanId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "mac address" ::= { zxAnVlanMacAntiSpfEntry 1 } zxAnVlanMacAntiSpfEnable OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "mac address" ::= { zxAnVlanMacAntiSpfEntry 2 } zxAnVlanMacAntiSpfType OBJECT-TYPE SYNTAX INTEGER { nniprotect(1), nnimacprotext(2), uniprotect(3), unimacprotect(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "mac address" ::= { zxAnVlanMacAntiSpfEntry 3 } zxAnVlanMacAntiSpfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { zxAnVlanMacAntiSpfEntry 50} --------------------------------------------------------------- zxAnVlanMacAntiSpfMacTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnVlanMacAntiSpfMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { zxAnSecSvcMacAntiSnoofing 5 } zxAnVlanMacAntiSpfMacEntry OBJECT-TYPE SYNTAX ZxAnVlanMacAntiSpfMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing anti drift mac address information." INDEX { zxAnVlanMacAntiSpfVlanId, zxAnVlanMacAntiSpfMacAddress } ::= { zxAnVlanMacAntiSpfMacTable 1 } ZxAnVlanMacAntiSpfMacEntry ::= SEQUENCE { zxAnVlanMacAntiSpfMacAddress MacAddress, zxAnVlanMacAntiSpfMacRowStatus RowStatus } zxAnVlanMacAntiSpfMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "mac address" ::= { zxAnVlanMacAntiSpfMacEntry 1 } zxAnVlanMacAntiSpfMacRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { zxAnVlanMacAntiSpfMacEntry 50} -------------------------------------------------------------------------------- -- 1.3 Packet Limit -------------------------------------------------------------------------------- zxAnSecSvcPacketLimitAllEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 1 } zxAnSecSvcPacketLimitAll OBJECT-TYPE SYNTAX INTEGER(100..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 2 } zxAnSecSvcPacketLimitArpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 3 } zxAnSecSvcPacketLimitArp OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 4 } zxAnSecSvcPacketLimitIcmpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 5 } zxAnSecSvcPacketLimitIcmp OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 6 } zxAnSecSvcPacketLimitIgmpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 7 } zxAnSecSvcPacketLimitIgmp OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 8 } zxAnSecSvcPacketLimitBpduEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 9 } zxAnSecSvcPacketLimitBpdu OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 10 } zxAnSecSvcPacketLimitDhcpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 11 } zxAnSecSvcPacketLimitDhcp OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 12 } zxAnSecSvcPacketLimitVbasEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 13 } zxAnSecSvcPacketLimitVbas OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 14 } zxAnSecSvcPacketLimitPPPOEEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 15 } zxAnSecSvcPacketLimitPPPOE OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 16 } zxAnSecSvcPacketLimitSNMPEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 17 } zxAnSecSvcPacketLimitSNMP OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "" ::= { zxAnSecSvcPktLimit 18 } zxAnSecSvcPktLimitV6IcmpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The IPv6 ICMP packets rate limit switch. It will limit ICMPv6 rate first when zxAnSecSvcPktLimitV6IcmpEnable is enabled and at least one of the other four subtype switchs is enabled at the same time. Subtype switchs include zxAnSecSvcPktLimitV6NsEnable, zxAnSecSvcPktLimitV6NaEnable, zxAnSecSvcPktLimitV6RsEnable and zxAnSecSvcPktLimitV6RaEnable." DEFVAL { disable } ::= { zxAnSecSvcPktLimit 19 } zxAnSecSvcPktLimitV6Icmp OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum packets per second of IPv6 ICMP and unit is pps. It can be set value when zxAnSecSvcPktLimitV6IcmpEnable is enabled. " DEFVAL { 1 } ::= { zxAnSecSvcPktLimit 20 } zxAnSecSvcPktLimitV6NsEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The neighbor solicitation packets rate limit switch." DEFVAL { disable } ::= { zxAnSecSvcPktLimit 21 } zxAnSecSvcPktLimitV6Ns OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum packets per second of neighbor solicitation and unit is pps. It can be set value when zxAnSecSvcPktLimitV6NsEnable is enabled." DEFVAL { 1 } ::= { zxAnSecSvcPktLimit 22 } zxAnSecSvcPktLimitV6NaEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The neighbor advertisement packets rate limit switch." DEFVAL { disable } ::= { zxAnSecSvcPktLimit 23 } zxAnSecSvcPktLimitV6Na OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum packets per second of neighbor advertisement and unit is pps. It can be set value when zxAnSecSvcPktLimitV6NaEnable is enabled." DEFVAL { 1 } ::= { zxAnSecSvcPktLimit 24 } zxAnSecSvcPktLimitV6RsEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The router solicitation packets rate limit switch." DEFVAL { disable } ::= { zxAnSecSvcPktLimit 25 } zxAnSecSvcPktLimitV6Rs OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum packets per second of router solicitation and unit is pps. It can be set value when zxAnSecSvcPktLimitV6RsEnable is enabled." DEFVAL { 1 } ::= { zxAnSecSvcPktLimit 26 } zxAnSecSvcPktLimitV6RaEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The router advertisement packets rate limit switch." DEFVAL { disable } ::= { zxAnSecSvcPktLimit 27 } zxAnSecSvcPktLimitV6Ra OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum packets per second of router advertisement and unit is pps. It can be set value when zxAnSecSvcPktLimitV6RaEnable is enabled." DEFVAL { 1 } ::= { zxAnSecSvcPktLimit 28 } zxAnSecSvcPktLimitV6DhcpEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The IPv6 DHCP packets rate limit switch." DEFVAL { disable } ::= { zxAnSecSvcPktLimit 29 } zxAnSecSvcPktLimitV6Dhcp OBJECT-TYPE SYNTAX INTEGER(1..200) MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum packets per second of IPv6 DHCP and unit is pps. It can be set value when zxAnSecSvcPktLimitV6DhcpEnable is enabled. " DEFVAL { 1 } ::= { zxAnSecSvcPktLimit 30 } zxAnSecSvcPktLimitSshEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The SSH packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 31 } zxAnSecSvcPktLimitSsh OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The SSH packet rate limit. It can be set value when zxAnSecSvcPktLimitSshEnable is enabled. " ::= { zxAnSecSvcPktLimit 32 } zxAnSecSvcPktLimitTelnetEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The telnet packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 33 } zxAnSecSvcPktLimitTelnet OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The telnet packet rate limit. It can be set value when zxAnSecSvcPktLimitTelnetEnable is enabled. " ::= { zxAnSecSvcPktLimit 34 } zxAnSecSvcPktLimitBfdEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The bidirectional forwarding detection packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 35 } zxAnSecSvcPktLimitBfd OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The bidirectional forwarding detection packet rate limit. It can be set value when zxAnSecSvcPktLimitBfdEnable is enabled. " ::= { zxAnSecSvcPktLimit 36 } zxAnSecSvcPktLimitZesrEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The ZTE ethernet switch ring packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 37 } zxAnSecSvcPktLimitZesr OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The ZTE ethernet switch ring packet rate limit. It can be set value when zxAnSecSvcPktLimitZesrEnable is enabled. " ::= { zxAnSecSvcPktLimit 38 } zxAnSecSvcPktLimitStpEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The spanning tree protocol packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 39 } zxAnSecSvcPktLimitStp OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The spanning tree protocol packet rate limit. It can be set value when zxAnSecSvcPktLimitStpEnable is enabled. " ::= { zxAnSecSvcPktLimit 40 } zxAnSecSvcPktLimitLacpEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The link aggregation control protocol packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 41 } zxAnSecSvcPktLimitLacp OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The link aggregation control protocol packet rate limit. It can be set value when zxAnSecSvcPktLimitLacpEnable is enabled. " ::= { zxAnSecSvcPktLimit 42 } zxAnSecSvcPktLimitLldpEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The link layer discovery protocol packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 43 } zxAnSecSvcPktLimitLldp OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The link layer discovery protocol packet rate limit. It can be set value when zxAnSecSvcPktLimitLldpEnable is enabled. " ::= { zxAnSecSvcPktLimit 44 } zxAnSecSvcPktLimitRipEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The routing information protocol packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 45 } zxAnSecSvcPktLimitRip OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The routing information protocol packet rate limit. It can be set value when zxAnSecSvcPktLimitRipEnable is enabled. " ::= { zxAnSecSvcPktLimit 46 } zxAnSecSvcPktLimitBgpEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The border gateway protocol packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 47 } zxAnSecSvcPktLimitBgp OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The border gateway protocol packet rate limit. It can be set value when zxAnSecSvcPktLimitBgpEnable is enabled. " ::= { zxAnSecSvcPktLimit 48 } zxAnSecSvcPktLimitOspfEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The open shortest path first packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 49 } zxAnSecSvcPktLimitOspf OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The open shortest path first packet rate limit. It can be set value when zxAnSecSvcPktLimitOspfEnable is enabled. " ::= { zxAnSecSvcPktLimit 50 } zxAnSecSvcPktLimitIsisEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The intermediate system to intermediate system packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 51 } zxAnSecSvcPktLimitIsis OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The intermediate system to intermediate system packet rate limit. It can be set value when zxAnSecSvcPktLimitIsisEnable is enabled. " ::= { zxAnSecSvcPktLimit 52 } zxAnSecSvcPktLimitLdpEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The label distribution protocol packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 53 } zxAnSecSvcPktLimitLdp OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The label distribution protocol packet rate limit. It can be set value when zxAnSecSvcPktLimitLdpEnable is enabled. " ::= { zxAnSecSvcPktLimit 54 } zxAnSecSvcPktLimitCfmEnable OBJECT-TYPE SYNTAX INTEGER{ enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The connectivity fault management packet rate limit switch." DEFVAL { disabled } ::= { zxAnSecSvcPktLimit 55 } zxAnSecSvcPktLimitCfm OBJECT-TYPE SYNTAX Integer32(1..200) UNITS "pps" MAX-ACCESS read-write STATUS current DESCRIPTION "The connectivity fault management packet rate limit. It can be set value when zxAnSecSvcPktLimitCfmEnable is enabled. " ::= { zxAnSecSvcPktLimit 56 } -------------------------------------------------------------------------------- -- 1.4 Private net work -------------------------------------------------------------------------------- zxAnSecSvcPortInterworkInVlan OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0 .. 512)) MAX-ACCESS read-write STATUS current DESCRIPTION " This function in order to connect private network in accordance with the specified VLAN .The use of 512-octet specifies 4094 VLAN. Each octet within this field specifies a set of eight VLAN, with the first octet specifying ports 1 through 8, the second octet specifying ports 9 through 16, etc. Within each octet, the most significant bit represents the lowest numbered VLAN, and the least significant bit represents the highest numbered VLAN. Thus, each VLAN of the service entity is represented by a single bit within the value of this object. If that bit has a value of '1' then that VLAN is interwork VLAN; the VLAN is not interwork VLAN if its bit has a value of '0'. " ::= { zxAnSecSvcPrivateNetwork 1} -------------------------------------------------------------------------------- zxAnSecSvcVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecSvcVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { zxAnSecSvcObjects 5 } zxAnSecSvcVlanEntry OBJECT-TYPE SYNTAX ZxAnSecSvcVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { zxAnSecSvcVlanId} ::= { zxAnSecSvcVlanTable 1 } ZxAnSecSvcVlanEntry ::= SEQUENCE { zxAnSecSvcVlanId VlanId, zxAnSecSvcVlanBroadcastRateLimit Integer32, zxAnSecSvcVlanMulticastRateLimit Integer32, zxAnSecSvcVlanUnknUcastRateLimit Integer32, zxAnSecSvcVlanMulticastFloodMode INTEGER, zxAnSecSvcVlanRateLimitRowStatus RowStatus } zxAnSecSvcVlanId OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "VlanId for Vlan interface." ::= { zxAnSecSvcVlanEntry 1 } zxAnSecSvcVlanBroadcastRateLimit OBJECT-TYPE SYNTAX Integer32 UNITS "kbps" MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates broadcast rate-limit" ::= { zxAnSecSvcVlanEntry 5 } zxAnSecSvcVlanMulticastRateLimit OBJECT-TYPE SYNTAX Integer32(0..1024000) UNITS "kbs" MAX-ACCESS read-create STATUS current DESCRIPTION "Max Multicast rate limit." DEFVAL { 1024000 } ::= { zxAnSecSvcVlanEntry 6 } zxAnSecSvcVlanUnknUcastRateLimit OBJECT-TYPE SYNTAX Integer32(0..1024000) UNITS "kbs" MAX-ACCESS read-create STATUS current DESCRIPTION "Unknowcast rate limit." DEFVAL { 1024000 } ::= { zxAnSecSvcVlanEntry 7 } zxAnSecSvcVlanMulticastFloodMode OBJECT-TYPE SYNTAX INTEGER { floodingAll(1), floodingOnlyUnknown(2), dropUnknown(3), unsupported(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Vlan multicast packets flooding mode." DEFVAL { floodingOnlyUnknown } ::= { zxAnSecSvcVlanEntry 8 } zxAnSecSvcVlanRateLimitRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus of this table." ::= { zxAnSecSvcVlanEntry 10 } zxAnSecGlbVlanIsolationEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is in accordance with 'zxAnSecSvcPortInterworkInVlan', if the value is true then indicates 'zxAnSecSvcPortInterworkInVlan' is enable." ::= { zxAnSecSvcPrivateNetwork 2} zxAnSecSvcPortBridgeEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is in accordance with 'zxAnSecSvcPortBridgeEnable', if the value is true then indicates 'zxAnSecSvcPortBridgeEnable' is enable." ::= { zxAnSecSvcPrivateNetwork 3} zxAnSecSvcOnuSwitchEnable OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is in accordance with 'zxAnSecSvcOnuSwitchEnable', if the value is true then indicates 'zxAnSecSvcOnuSwitchEnable' is enable." ::= { zxAnSecSvcPrivateNetwork 4} ---------------------------------------------------------------------------- -- zxAnSecSvcInterworkVlanTable ---------------------------------------------------------------------------- zxAnSecSvcInterworkVlanTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecSvcInterworkVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "When the value of 'zxAnSecGlbVlanIsolationEnable ' is enable,the table allowed be created,deleted,or the table can not be created and deleted." ::= { zxAnSecSvcPrivateNetwork 5 } zxAnSecSvcInterworkVlanEntry OBJECT-TYPE SYNTAX ZxAnSecSvcInterworkVlanEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in zxAnSecSvcInterworkVlanTable." INDEX { zxAnSecVlanIsolationSVid,zxAnSecVlanIsolationCVid } ::= { zxAnSecSvcInterworkVlanTable 1 } ZxAnSecSvcInterworkVlanEntry ::= SEQUENCE { zxAnSecVlanIsolationSVid VlanId, zxAnSecVlanIsolationCVid Integer32, zxAnSecVlanIsolationRowStatus RowStatus } zxAnSecVlanIsolationSVid OBJECT-TYPE SYNTAX VlanId MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates SVLAN id " ::= { zxAnSecSvcInterworkVlanEntry 1 } zxAnSecVlanIsolationCVid OBJECT-TYPE SYNTAX Integer32(0..4094) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates CVLAN id " ::= { zxAnSecSvcInterworkVlanEntry 2 } zxAnSecVlanIsolationRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus of this table. " ::= { zxAnSecSvcInterworkVlanEntry 30 } -------------------------------------------------------------------------------- -- .reserved MAC table -------------------------------------------------------------------------------- zxAnSecRsvdForwardMacTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecRsvdForwardMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table includes the reserved MAC for forwarding." ::= { zxAnSecSvcObjects 6 } zxAnSecRsvdForwardMacEntry OBJECT-TYPE SYNTAX ZxAnSecRsvdForwardMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in zxAnSecRsvdForwardMacTable." INDEX { zxAnSecRsvdForwardMacIndex } ::= { zxAnSecRsvdForwardMacTable 1 } ZxAnSecRsvdForwardMacEntry ::= SEQUENCE { zxAnSecRsvdForwardMacIndex Integer32, zxAnSecRsvdForwardMac MacAddress, zxAnSecRsvdForwardMacMask MacAddress, zxAnSecRsvdForwardMacRowStatus RowStatus } zxAnSecRsvdForwardMacIndex OBJECT-TYPE SYNTAX Integer32(1..48) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the mac index for forwarding. " ::= { zxAnSecRsvdForwardMacEntry 1 } zxAnSecRsvdForwardMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the mac address for forwarding. " ::= { zxAnSecRsvdForwardMacEntry 2 } zxAnSecRsvdForwardMacMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the mac address mask for forwarding. " DEFVAL { 'FFFFFFFFFFFF'H } ::= { zxAnSecRsvdForwardMacEntry 3 } zxAnSecRsvdForwardMacRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus of this table." ::= { zxAnSecRsvdForwardMacEntry 10 } -------------------------------------------------------------------------------- -- 1.7 IP Source Guard Mgmt -------------------------------------------------------------------------------- zxAnSecSvcSrcGuardGlobalGroup OBJECT IDENTIFIER ::= { zxAnSecSvcIpSourceGuard 1 } zxAnIpSrcGuardGlobalEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether IP Source Guard is enabled. If this object is set to 'true', IP Source Guard is enabled. If this object is set to 'false', IP Source Guard is disabled. " DEFVAL { false } ::= { zxAnSecSvcSrcGuardGlobalGroup 1 } zxAnSecSvcSrcGuardIpv4BindLimit OBJECT-TYPE SYNTAX Integer32(0..8) MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the maximum number of IPv4 addresses per U reference point in the upstream.The total number of IPv4 and IPv6 can not exceed 8." DEFVAL { 8 } ::= { zxAnSecSvcSrcGuardGlobalGroup 2 } zxAnSecSvcSrcGuardIpv6BindLimit OBJECT-TYPE SYNTAX Integer32(0..8) MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates the maximum number of IPv6 prefixes per U reference point in the upstream.The total number of IPv4 and IPv6 can not exceed 8." DEFVAL { 8 } ::= { zxAnSecSvcSrcGuardGlobalGroup 3 } zxAnIpSrcGuardBindType OBJECT-TYPE SYNTAX INTEGER { ip(1), ipAndMac(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "IP source guar binding type. ip(1) - IP source guard bind IP address only. IipAndMac(2) - IP source guard bind both IP address and MAC address." DEFVAL { ip } ::= { zxAnSecSvcSrcGuardGlobalGroup 4 } zxAnSecSvcIfSrcGuardConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecSvcIfSrcGuardConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the mechanism to enable or disable IP Source Guard at each interface capable of this feature. When DHCP Snooping is enabled at an interface, a list of IP addresses is obtained through DHCP Snooping for this particular interface. If IP Source Guard is enabled, only traffic from these IP addresses is allowed to pass through the interface." ::= { zxAnSecSvcIpSourceGuard 2 } zxAnSecSvcIfSrcGuardConfigEntry OBJECT-TYPE SYNTAX ZxAnSecSvcIfSrcGuardConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the configuration to enable or disable IP Source Guard at each physical interface capable of this feature." INDEX { zxAnSecSvcRack,zxAnSecSvcShelf,zxAnSecSvcSlot, zxAnSecSvcPort,zxAnSecSvcOnu,zxAnSecSvcCircuitType, zxAnSecSvcLogicalId } ::= { zxAnSecSvcIfSrcGuardConfigTable 1 } ZxAnSecSvcIfSrcGuardConfigEntry ::= SEQUENCE { zxAnSecSvcRack INTEGER, zxAnSecSvcShelf INTEGER, zxAnSecSvcSlot INTEGER, zxAnSecSvcPort INTEGER, zxAnSecSvcOnu INTEGER, zxAnSecSvcCircuitType INTEGER, zxAnSecSvcLogicalId OBJECT IDENTIFIER, zxAnIpSrcGuardIfEnable TruthValue } zxAnSecSvcRack OBJECT-TYPE SYNTAX INTEGER(1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the rack number." ::= { zxAnSecSvcIfSrcGuardConfigEntry 1 } zxAnSecSvcShelf OBJECT-TYPE SYNTAX INTEGER(1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the shelf number." ::= { zxAnSecSvcIfSrcGuardConfigEntry 2 } zxAnSecSvcSlot OBJECT-TYPE SYNTAX INTEGER(1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the slot number." ::= { zxAnSecSvcIfSrcGuardConfigEntry 3 } zxAnSecSvcPort OBJECT-TYPE SYNTAX INTEGER(1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the physical port number." ::= { zxAnSecSvcIfSrcGuardConfigEntry 4 } zxAnSecSvcOnu OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "When zxAnSecSvcCircuitType are 'onu' or 'gemportOrLlid' or 'servicePort' this object indicates 'onu ID'. When zxAnSecSvcCircuitType are 'physicalPort' or 'bridgePort' its value is '0'. " ::= { zxAnSecSvcIfSrcGuardConfigEntry 5 } zxAnSecSvcCircuitType OBJECT-TYPE SYNTAX INTEGER { physicalPort(1), bridgePort(2), onu(3), gemportOrLlid(4), servicePort(11) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the type of port. " ::= { zxAnSecSvcIfSrcGuardConfigEntry 6 } zxAnSecSvcLogicalId OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS not-accessible STATUS current DESCRIPTION "This value is an oid which indicats the logical index. When zxAnSecSvcCircuitType is 'physicalPort' its value is '0'. When zxAnSecSvcCircuitType is 'bridgePort' this object includes {pvc} , such as oid {1} indicates pvc1 . When zxAnSecSvcCircuitType is 'onu' its value is '0'. When zxAnSecSvcCircuitType is 'gemportOrLlid' this object includes {gemport/llid} , such as oid {1} indicates gemport1/llid1 . When zxAnSecSvcCircuitType is 'servicePort' this object includes {serviceportID} , such as oid {1} indicates serviceportID1 . " ::= { zxAnSecSvcIfSrcGuardConfigEntry 7 } zxAnIpSrcGuardIfEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object indicates whether IP Source Guard is enabled at this interface.If this object is set to 'true', IP Source Guard is enabled. Traffic coming to this interface will be forwarded if it is from the list of IP addresses obtained through DHCP Snooping. Otherwise, it is denied. If this object is set to 'false', IP Source Guard is disabled. 1-truth,2-false." DEFVAL { false } ::= { zxAnSecSvcIfSrcGuardConfigEntry 8 } zxAnSecSvcIfSrcGuardAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecSvcIfSrcGuardAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table provides the information on IP addresses used for IP Source Guard purpose at each interface capable of this feature. " ::= { zxAnSecSvcIpSourceGuard 3 } zxAnSecSvcIfSrcGuardAddrEntry OBJECT-TYPE SYNTAX ZxAnSecSvcIfSrcGuardAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row instance contains the IP address type and IP address used for IP Source Guard purpose at each interface capable of this feature." INDEX { zxAnSecSvcRack,zxAnSecSvcShelf, zxAnSecSvcSlot,zxAnSecSvcPort,zxAnSecSvcOnu, zxAnSecSvcCircuitType, zxAnSecSvcLogicalId, zxAnSecSvcIfSrcGuardClntBindType, zxAnSecSvcIfSrcGuardIpAddrType, zxAnSecSvcIfSrcGuardIpAddress } ::= { zxAnSecSvcIfSrcGuardAddrTable 1 } ZxAnSecSvcIfSrcGuardAddrEntry ::= SEQUENCE { zxAnSecSvcIfSrcGuardClntBindType INTEGER, zxAnSecSvcIfSrcGuardIpAddrType InetAddressType, zxAnSecSvcIfSrcGuardIpAddress InetAddress, zxAnSecSvcIfSrcGuardPfxLen InetAddressPrefixLength, zxAnSecSvcIfSrcGuardMacAddr MacAddress, zxAnSecSvcIfSrcGuardVlan INTEGER, zxAnSecSvcIfSrcGuardRowStatus RowStatus } zxAnSecSvcIfSrcGuardClntBindType OBJECT-TYPE SYNTAX INTEGER { static(1), dynamic(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates bind type of client ip address. If this value is 'static' zxAnSecSvcIfSrcGuardPfxLen and zxAnSecSvcIfSrcGuardVlan are optional property." ::= { zxAnSecSvcIfSrcGuardAddrEntry 1 } zxAnSecSvcIfSrcGuardIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the type of IP address denoted in zxAnSecSvcIfSrcGuardIpAddress object." ::= { zxAnSecSvcIfSrcGuardAddrEntry 2 } zxAnSecSvcIfSrcGuardIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the IP address obtained at this interface through DHCP Snooping or static configuration." ::= { zxAnSecSvcIfSrcGuardAddrEntry 3 } zxAnSecSvcIfSrcGuardPfxLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the IPv6 address mask obtained at this interface through DHCP Snooping or static configuration. This object is an optional property,only available to IPv6. If this object is invalid the value will be '0'. " ::= { zxAnSecSvcIfSrcGuardAddrEntry 4 } zxAnSecSvcIfSrcGuardMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the MAC address obtained at this interface through DHCP Snooping or static configuration." ::= { zxAnSecSvcIfSrcGuardAddrEntry 5 } zxAnSecSvcIfSrcGuardVlan OBJECT-TYPE SYNTAX INTEGER(0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the vlan obtained at this interface through DHCP Snooping or static configuration. If this object is invalid the value will be '0'." ::= { zxAnSecSvcIfSrcGuardAddrEntry 6 } zxAnSecSvcIfSrcGuardRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { zxAnSecSvcIfSrcGuardAddrEntry 20} -------------------------------------------------------------------------------- -- 1.8 Reserved MAC Mgmt -------------------------------------------------------------------------------- zxAnSecSvcIfRsvdMacTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecSvcIfRsvdMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table includes the reserved MAC address. L2 packets will be forworded by the policy of this table first. The note:the NE need to support get-next to the slot level." ::= { zxAnSecSvcReservedMac 1 } zxAnSecSvcIfRsvdMacEntry OBJECT-TYPE SYNTAX ZxAnSecSvcIfRsvdMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in zxAnSecSvcIfRsvdMacTable." INDEX { zxAnSecSvcIfRsvdMacRack, zxAnSecSvcIfRsvdMacShelf, zxAnSecSvcIfRsvdMacSlot, zxAnSecSvcIfRsvdMacPort, zxAnSecSvcIfRsvdMacNumber} ::= { zxAnSecSvcIfRsvdMacTable 1 } ZxAnSecSvcIfRsvdMacEntry ::= SEQUENCE { zxAnSecSvcIfRsvdMacRack Integer32, zxAnSecSvcIfRsvdMacShelf Integer32, zxAnSecSvcIfRsvdMacSlot Integer32, zxAnSecSvcIfRsvdMacPort Integer32, zxAnSecSvcIfRsvdMacNumber Integer32, zxAnSecSvcIfRsvdMacStartAddr MacAddress, zxAnSecSvcIfRsvdMacEndAddr MacAddress, zxAnSecSvcIfRsvdMacForwardPolicy INTEGER, zxAnSecSvcIfRsvdMacRowStatus RowStatus } zxAnSecSvcIfRsvdMacRack OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Rack number of the port. " ::= { zxAnSecSvcIfRsvdMacEntry 1 } zxAnSecSvcIfRsvdMacShelf OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Shelf number of the port. " ::= { zxAnSecSvcIfRsvdMacEntry 2 } zxAnSecSvcIfRsvdMacSlot OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Slot number of the port. " ::= { zxAnSecSvcIfRsvdMacEntry 3 } zxAnSecSvcIfRsvdMacPort OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The port number. " ::= { zxAnSecSvcIfRsvdMacEntry 4 } zxAnSecSvcIfRsvdMacNumber OBJECT-TYPE SYNTAX Integer32(1..64) MAX-ACCESS not-accessible STATUS current DESCRIPTION "MAC address number. " ::= { zxAnSecSvcIfRsvdMacEntry 5 } zxAnSecSvcIfRsvdMacStartAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Start MAC address. " ::= { zxAnSecSvcIfRsvdMacEntry 6 } zxAnSecSvcIfRsvdMacEndAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "End MAC address. " ::= { zxAnSecSvcIfRsvdMacEntry 7 } zxAnSecSvcIfRsvdMacForwardPolicy OBJECT-TYPE SYNTAX INTEGER { discard(1), transparent(2), localProcessing(3), snooping(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the forwarding policy of L2 packets, its values are as follow: discard (1) - discard this packet; transparent (2) - this packet is transmitted transparently; localProcessing (3) - this packet is processed by local; snooping (4) - transparent(2) + localProcessing(3); " DEFVAL { transparent } ::= { zxAnSecSvcIfRsvdMacEntry 8 } zxAnSecSvcIfRsvdMacRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus of this table." ::= { zxAnSecSvcIfRsvdMacEntry 30 } zxAnSecSvcRsvdMacTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecSvcRsvdMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table includes the reserved MAC address. L2 packets will be forworded by the policy of this table first. " ::= { zxAnSecSvcReservedMac 2 } zxAnSecSvcRsvdMacEntry OBJECT-TYPE SYNTAX ZxAnSecSvcRsvdMacEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in zxAnSecSvcRsvdMacTable." INDEX { zxAnSecSvcRsvdMacNumber } ::= { zxAnSecSvcRsvdMacTable 1 } ZxAnSecSvcRsvdMacEntry ::= SEQUENCE { zxAnSecSvcRsvdMacNumber Integer32, zxAnSecSvcRsvdMacStartAddr MacAddress, zxAnSecSvcRsvdMacEndAddr MacAddress, zxAnSecSvcRsvdMacForwardPolicy INTEGER, zxAnSecSvcRsvdMacRowStatus RowStatus } zxAnSecSvcRsvdMacNumber OBJECT-TYPE SYNTAX Integer32(1..64) MAX-ACCESS not-accessible STATUS current DESCRIPTION "MAC address number." ::= { zxAnSecSvcRsvdMacEntry 1 } zxAnSecSvcRsvdMacStartAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Starting MAC address. " ::= { zxAnSecSvcRsvdMacEntry 2 } zxAnSecSvcRsvdMacEndAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Ending MAC address. " ::= { zxAnSecSvcRsvdMacEntry 3 } zxAnSecSvcRsvdMacForwardPolicy OBJECT-TYPE SYNTAX INTEGER { discard(1), transparent(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the forwarding policy of L2 packets, its values are as follow: discard (1) - discard this packet; transparent (2) - this packet is transmitted transparently; " DEFVAL { discard } ::= { zxAnSecSvcRsvdMacEntry 4 } zxAnSecSvcRsvdMacRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus of this table." ::= { zxAnSecSvcRsvdMacEntry 30 } -------------------------------------------------------------------------------- -- 1.9 L2CP Mgmt -------------------------------------------------------------------------------- zxAnSecSvcL2cpGlobal OBJECT IDENTIFIER ::= { zxAnSecSvcL2cp 1 } zxAnSecSvcL2cpVlanConfNextId OBJECT-TYPE SYNTAX Integer32(0..32) MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains an unused value for zxAnSecSvcL2cpVlanConfId in the zxAnSecSvcL2cpVlanConfTable,or 0 to indicate that none exist. " ::= { zxAnSecSvcL2cpGlobal 1 } zxAnSecSvcL2cpVlanConfTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecSvcL2cpVlanConfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table includes the L2CP records for forwarding or discarding." ::= { zxAnSecSvcL2cp 2 } zxAnSecSvcL2cpVlanConfEntry OBJECT-TYPE SYNTAX ZxAnSecSvcL2cpVlanConfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in zxAnSecSvcL2cpVlanConfTable." INDEX { zxAnSecSvcL2cpVlanConfId } ::= { zxAnSecSvcL2cpVlanConfTable 1 } ZxAnSecSvcL2cpVlanConfEntry ::= SEQUENCE { zxAnSecSvcL2cpVlanConfId Integer32, zxAnSecSvcL2cpVlanConfDestMac MacAddress, zxAnSecSvcL2cpVlanConfMacMask MacAddress, zxAnSecSvcL2cpVlanConfVid Integer32, zxAnSecSvcL2cpVlanConfVlanMask Integer32, zxAnSecSvcL2cpVlanConfFwdPolicy INTEGER, zxAnSecSvcL2cpVlanConfRowStatus RowStatus } zxAnSecSvcL2cpVlanConfId OBJECT-TYPE SYNTAX Integer32(1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the L2CP records ID. " ::= { zxAnSecSvcL2cpVlanConfEntry 1 } zxAnSecSvcL2cpVlanConfDestMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the packet destination MAC address of the L2CP record. " ::= { zxAnSecSvcL2cpVlanConfEntry 2 } zxAnSecSvcL2cpVlanConfMacMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This is the wildcard mask for the zxAnSecSvcL2cpVlanConfDestMac bits that must match. 1 bits in the mask indicate the corresponding bits in the zxAnSecSvcL2cpVlanConfDestMac must match in order for the matching to be successful, and 0 bits are don't care bits in the matching. A value of zero causes only packets of source address the same as zxAnSecSvcL2cpVlanConfDestMac to match." DEFVAL { 'FFFFFFFFFFFF'H } ::= { zxAnSecSvcL2cpVlanConfEntry 3 } zxAnSecSvcL2cpVlanConfVid OBJECT-TYPE SYNTAX Integer32(1..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the VLAN value of the packet." ::= { zxAnSecSvcL2cpVlanConfEntry 4 } zxAnSecSvcL2cpVlanConfVlanMask OBJECT-TYPE SYNTAX Integer32(0..4095) MAX-ACCESS read-create STATUS current DESCRIPTION "This is the wildcard mask for the zxAnSecSvcL2cpVlanConfVid bits that must match. 1 bits in the mask indicate the corresponding bits in the zxAnSecSvcL2cpVlanConfVid must match in order for the matching to be successful, and 0 bits are don't care bits in the matching. A value of zero causes only packets of source address the same as zxAnSecSvcL2cpVlanConfVid to match." DEFVAL { 4095 } ::= { zxAnSecSvcL2cpVlanConfEntry 5 } zxAnSecSvcL2cpVlanConfFwdPolicy OBJECT-TYPE SYNTAX INTEGER { discard(1), forward(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the forwarding policy of L2 packets, its values are as follow: discard (1) - discard this packet; forward (2) - the packet is transmitted transparently. " DEFVAL { discard } ::= { zxAnSecSvcL2cpVlanConfEntry 6 } zxAnSecSvcL2cpVlanConfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus of the zxAnSecSvcL2cpVlanConfTable table." ::= { zxAnSecSvcL2cpVlanConfEntry 50 } zxAnSecSvcL2cpDefaultTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecSvcL2cpDefaultEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table includes the default L2CP records." ::= { zxAnSecSvcL2cp 3 } zxAnSecSvcL2cpDefaultEntry OBJECT-TYPE SYNTAX ZxAnSecSvcL2cpDefaultEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in zxAnSecSvcL2cpDefaultTable." INDEX { zxAnSecSvcL2cpDefaultId } ::= { zxAnSecSvcL2cpDefaultTable 1 } ZxAnSecSvcL2cpDefaultEntry ::= SEQUENCE { zxAnSecSvcL2cpDefaultId Integer32, zxAnSecSvcL2cpDefaultDestMac MacAddress, zxAnSecSvcL2cpDefaultMacMask MacAddress, zxAnSecSvcL2cpDefaultFwdPolicy INTEGER } zxAnSecSvcL2cpDefaultId OBJECT-TYPE SYNTAX Integer32(1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the default L2CP records ID." ::= { zxAnSecSvcL2cpDefaultEntry 1 } zxAnSecSvcL2cpDefaultDestMac OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the packet destination MAC address of the default L2CP record. " ::= { zxAnSecSvcL2cpDefaultEntry 2 } zxAnSecSvcL2cpDefaultMacMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This is the wildcard mask for the zxAnSecSvcL2cpDefaultDestMac bits that must match. 1 bits in the mask indicate the corresponding bits in the zxAnAclHybridRuleDestMac must match in order for the matching to be successful, and 0 bits are don't care bits in the matching. A value of zero causes only packets of source address the same as zxAnSecSvcL2cpDefaultDestMac to match." DEFVAL { 'FFFFFFFFFFFF'H } ::= { zxAnSecSvcL2cpDefaultEntry 3 } zxAnSecSvcL2cpDefaultFwdPolicy OBJECT-TYPE SYNTAX INTEGER { discard(1), forward(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the forwarding policy of L2 packets, its values are as follow: discard (1) - discard this packet; forward (2) - the packet is transmitted transparently. " DEFVAL { discard } ::= { zxAnSecSvcL2cpDefaultEntry 6 } -------------------------------------------------------------------------------- -- 1.10 Ipv6Filter Mgmt -------------------------------------------------------------------------------- zxAnSecSvcIpv6FiltGlobalObjects OBJECT IDENTIFIER ::= { zxAnSecSvcIpv6Filter 1 } zxAnIpv6FiltVlanConfNextId OBJECT-TYPE SYNTAX Integer32(0..32) MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains an unused value for zxAnIpv6FiltVlanConfId in the zxAnSecSvcIpv6FiltVlanConfTable. The value 0 indicates that no unassigned entries are available. " ::= { zxAnSecSvcIpv6FiltGlobalObjects 1 } zxAnSecSvcIpv6FiltVlanConfTable OBJECT-TYPE SYNTAX SEQUENCE OF ZxAnSecSvcIpv6FiltVlanConfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table includes the IPv6 filter records." ::= { zxAnSecSvcIpv6Filter 2 } zxAnSecSvcIpv6FiltVlanConfEntry OBJECT-TYPE SYNTAX ZxAnSecSvcIpv6FiltVlanConfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in zxAnSecSvcIpv6FiltVlanConfTable." INDEX { zxAnIpv6FiltVlanConfId } ::= { zxAnSecSvcIpv6FiltVlanConfTable 1 } ZxAnSecSvcIpv6FiltVlanConfEntry ::= SEQUENCE { zxAnIpv6FiltVlanConfId Integer32, zxAnIpv6FiltVlanConfVid Integer32, zxAnIpv6FiltVlanConfVlanMask Integer32, zxAnIpv6FiltVlanConfRowStatus RowStatus } zxAnIpv6FiltVlanConfId OBJECT-TYPE SYNTAX Integer32(1..32) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the IPv6 filter records ID. " ::= { zxAnSecSvcIpv6FiltVlanConfEntry 1 } zxAnIpv6FiltVlanConfVid OBJECT-TYPE SYNTAX Integer32(1..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the VLAN value of the packet." ::= { zxAnSecSvcIpv6FiltVlanConfEntry 2 } zxAnIpv6FiltVlanConfVlanMask OBJECT-TYPE SYNTAX Integer32(0..4095) MAX-ACCESS read-create STATUS current DESCRIPTION "This is the wildcard mask for the zxAnIpv6FiltVlanConfVid bits that must match. 1 bits in the mask indicate the corresponding bits in the zxAnIpv6FiltVlanConfVid must match in order for the matching to be successful, and 0 bits are don't care bits in the matching. A value of zero causes only packets of source address the same as zxAnIpv6FiltVlanConfVid to match." DEFVAL { 4095 } ::= { zxAnSecSvcIpv6FiltVlanConfEntry 3 } zxAnIpv6FiltVlanConfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "RowStatus of the zxAnSecSvcIpv6FiltVlanConfTable table." ::= { zxAnSecSvcIpv6FiltVlanConfEntry 50 } -------------------------------------------------------------------------------- -- 2.Trap -------------------------------------------------------------------------------- zxAnSecSvcAntiDosFault NOTIFICATION-TYPE OBJECTS { ifIndex, zxAnSecSvcAntiDosSourceMac, zxAnSecSvcAntiDosPortVlan } STATUS current DESCRIPTION "It indicate current packets per second over zxAnSecSvcAntiDosAscThreshold, The source MAC of packet will put into blacklist.The variable ifIndex indicate trap position,it's type is ZxAnIfindex,detail info about ZxAnIfindex please refer to ZTE-AN-TC-MIB.mib file." ::= { zxAnSecSvcTrapObjects 1 } zxAnSecSvcAntiDosFaultCleared NOTIFICATION-TYPE OBJECTS { ifIndex, zxAnSecSvcAntiDosSourceMac, zxAnSecSvcAntiDosPortVlan } STATUS current DESCRIPTION "It indicate current packets per second below zxAnSecSvcAntiDosDescThreshold, The source MAC of packet will remove from blacklist.The variable ifIndex indicate trap position,it's type is ZxAnIfindex,detail info about ZxAnIfindex please refer to ZTE-AN-TC-MIB.mib file." ::= { zxAnSecSvcTrapObjects 2 } zxAnIfMacAntiDriftNotify NOTIFICATION-TYPE OBJECTS { zxAnSecSvcMacDriftAddress, zxAnSecSvcMacDriftVlanId, zxAnSecSvcMacDriftFromIfIndex, zxAnSecSvcMacDriftToIfIndex } STATUS current DESCRIPTION "If both zxAnMasEnable and zxAnMasMacMoveReportEnable is enable, zxAnIfMacAntiDriftNotify is generated when a MAC address is drifted between two interfaces." ::= { zxAnSecSvcTrapObjects 3 } END