WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/aricent/ARICENT-ISS-ACL-MIB

1666 lines
62 KiB
Plaintext
Raw Permalink Blame History

-- Copyright (C) 2009-2012 Aricent Group . All Rights Reserved
-- $Id: fsissacl.mib,v 1.11 2015/03/04 10:30:07 siva Exp $
ARICENT-ISS-ACL-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Counter32, enterprises, IpAddress, Integer32, Unsigned32
FROM SNMPv2-SMI
InetAddressType, InetAddress, InetAddressPrefixLength,
InetPortNumber
FROM INET-ADDRESS-MIB
RowStatus, TEXTUAL-CONVENTION, MacAddress, TruthValue
FROM SNMPv2-TC;
issAcl MODULE-IDENTITY
LAST-UPDATED "201209050000Z"
ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE"
CONTACT-INFO "support@aricent.com"
DESCRIPTION
"Proprietary MIB definition for Access Control Feature"
REVISION "201209050000Z"
DESCRIPTION
"Proprietary MIB definition for Access Control Feature"
::= { enterprises aricent-communication-holding-ltd(29601) iss(2) 21 }
PortList ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Each octet within this value specifies a set of eight
ports, with the first octet specifying ports 1 through
8, the second octet specifying ports 9 through 16, etc.
Within each octet, the most significant bit represents
the lowest numbered port, and the least significant bit
represents the highest numbered port. Thus, each port
of the bridge is represented by a single bit within the
value of this object. If that bit has a value of '1'
then that port is included in the set of ports; the port
is not included if its bit has a value of '0'."
SYNTAX OCTET STRING
IndexInteger ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"An integer which may be used as a table index. If 0 then it is invalid"
SYNTAX Unsigned32 (1..65535)
IndexIntegerNextFree ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"An integer which may be used as a new Index in a table.
The special value of 0 indicates that no more new entries can be
created in the relevant table.
When a MIB is used for configuration, an object with this SYNTAX
always contains a legal value (if non-zero) for an index that is
not currently used in the relevant table. The Command Generator
(Network Management Application) reads this variable and uses the
(non-zero) value read when creating a new row with an SNMP SET.
When the SET is performed, the Command Responder (agent) must
determine whether the value is indeed still unused; Two Network
Management Applications may attempt to create a row
(configuration entry) simultaneously and use the same value. If
it is currently unused, the SET succeeds and the Command
Responder (agent) changes the value of this object, according to
an implementation-specific algorithm. If the value is in use,
however, the SET fails. The Network Management Application must
then re-read this variable to obtain a new usable value.
An OBJECT-TYPE definition using this SYNTAX MUST specify the
relevant table for which the object is providing this
functionality."
SYNTAX Unsigned32 (0..4294967295)
iss OBJECT IDENTIFIER ::= { enterprises 2076 81 }
EnabledStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A simple status value for the object."
SYNTAX INTEGER { enabled(1), disabled(2) }
-- ----------------------------------------------------------------- --
-- groups in the MIB
-- ----------------------------------------------------------------- --
issAclRateControl OBJECT IDENTIFIER ::= { issAcl 1 }
issAclL2Filter OBJECT IDENTIFIER ::= { issAcl 2 }
issAclL3Filter OBJECT IDENTIFIER ::= { issAcl 3 }
issAclUserDefinedFilter OBJECT IDENTIFIER ::= { issAcl 4 }
issRedirectInterfaceGrp OBJECT IDENTIFIER ::= { issAcl 5 }
issRedirectIdNextFree OBJECT IDENTIFIER ::= { issAcl 6 }
issAclTrafficControl OBJECT IDENTIFIER ::= { issAcl 7 }
-- Rate Control Group --------------------------------------------- --
issAclRateCtrlTable OBJECT-TYPE
SYNTAX SEQUENCE OF IssAclRateCtrlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table to control the rate limiting parameters
either for the entire switch or for each physical and port-channel
interface in the switch."
::= { issAclRateControl 1 }
issAclRateCtrlEntry OBJECT-TYPE
SYNTAX IssAclRateCtrlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry appears in this table for each physical and port-channel
interface in the switch."
INDEX { issAclRateCtrlIndex }
::= { issAclRateCtrlTable 1 }
IssAclRateCtrlEntry ::=
SEQUENCE {
issAclRateCtrlIndex
Integer32,
issAclRateCtrlDLFLimitValue
Integer32,
issAclRateCtrlBCASTLimitValue
Integer32,
issAclRateCtrlMCASTLimitValue
Integer32,
issAclRateCtrlPortRateLimit
Integer32,
issAclRateCtrlPortBurstSize
Integer32
}
issAclRateCtrlIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The interface index for which the configuration in this
entry applies."
::= { issAclRateCtrlEntry 1 }
issAclRateCtrlDLFLimitValue OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Allows to configure the limiting value for the maximum number
of dlf packets that can be transmitted per second over this interface.
Setting this object to the value zero disables rate limiting for
Destination lookup failure packets on this interface. The value that
can be set for this object is limited by the underlying hardware"
DEFVAL {0}
::= { issAclRateCtrlEntry 2 }
issAclRateCtrlBCASTLimitValue OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Allows to configure the limiting value for the maximum number
of broadcast packets that can be transmitted per second over this
interface. Setting this object to the value zero disables rate
limiting for Broadcast packets on this interface. The value that
can be set for this object is limited by the underlying hardware"
DEFVAL {0}
::= { issAclRateCtrlEntry 3 }
issAclRateCtrlMCASTLimitValue OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Allows to configure the limiting value for the maximum number
of multicast packets that can be transmitted per second over this
interface. Setting this object to the value zero disables rate
limiting for Multicast packets on this interface. The value that
can be set for this object is limited by the underlying hardware"
DEFVAL {0}
::= { issAclRateCtrlEntry 4}
issAclRateCtrlPortRateLimit OBJECT-TYPE
SYNTAX Integer32 (0..80000000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures interface Rate Limit (Packet that can be transferred
on a port at a particular second).
This object's value will take effect on the interface speed. Based
on the operating speed of the port, the rate limit will be applied.
This value can also be affected by the metering. A value of zero(0)
disable rate limiting i.e. sets the port to full speed."
::= { issAclRateCtrlEntry 5 }
issAclRateCtrlPortBurstSize OBJECT-TYPE
SYNTAX Integer32 (0..80000000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Configures interface Burst Pkt Rate. (Packet Burst that can be
transferred on a port at a particular second)
This object's value will take effect on the interface speed. Based
on the operating speed of the port, the burst size of the port
will be applied. This value can also be affected by the metering. A
value of zero(0) disable burst rate limiting i.e. sets the port burst
rate limit to full speed."
::= { issAclRateCtrlEntry 6 }
-- ------------------------------------------------------------------
-- L2 Filter Group --------------------------------------------------
issAclL2FilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF IssAclL2FilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table to configure L2 filter rules in the system."
::= { issAclL2Filter 1 }
issAclL2FilterEntry OBJECT-TYPE
SYNTAX IssAclL2FilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in this table is a L2 filter rule.
Index to the table is the L2 filter number."
INDEX { issAclL2FilterNo}
::= { issAclL2FilterTable 1 }
IssAclL2FilterEntry ::=
SEQUENCE {
issAclL2FilterNo
Integer32,
issAclL2FilterPriority
Integer32,
issAclL2FilterEtherType
Integer32,
issAclL2FilterProtocolType
Unsigned32,
issAclL2FilterDstMacAddr
MacAddress,
issAclL2FilterSrcMacAddr
MacAddress,
issAclL2FilterVlanId
Integer32,
issAclL2FilterInPortList
PortList,
issAclL2FilterAction
INTEGER,
issAclL2FilterMatchCount
Counter32,
issAclL2FilterStatus
RowStatus,
issAclL2FilterOutPortList
PortList,
issAclL2FilterDirection
INTEGER,
issAclL2FilterSubAction
INTEGER,
issAclL2FilterSubActionId
Integer32,
issAclL2FilterRedirectId
Integer32,
issAclL2NextFilterNo
Integer32,
issAclL2NextFilterType
INTEGER,
issAclL2FilterCreationMode
INTEGER,
issAclL2FilterInPortChannelList
PortList,
issAclL2FilterOutPortChannelList
PortList,
issAclL2FilterStatsEnabledStatus
EnabledStatus,
issAclClearL2FilterStats
TruthValue
}
issAclL2FilterNo OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"L2 Filter rule number."
::= { issAclL2FilterEntry 1 }
issAclL2FilterPriority OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The priority of the L2 filter can be used to decide which filter rule
is applicable when
--> the packet matches with more than one filter rules
--> All the filter rules result in 'allow'ing the packet
Higher value of 'filter priority' implies a higher priority.
Usage of 'L2FilterPriority' is implementation dependant."
DEFVAL { 1 }
::= { issAclL2FilterEntry 2 }
issAclL2FilterEtherType OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value in the Type/Len field of a frame that will
be matched to trigger this filter. The default value of
this object is '0'. When this object is SET with the default
value, frames are not matched for the value in the Type/Len
field with the value set for this object."
DEFVAL { 0 }
::= { issAclL2FilterEntry 3 }
issAclL2FilterProtocolType OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the non IP protocol type to be filtered.
aarp | amber | dec-spanning | decnet-iv |
diagnostic | dsm |etype-6000 | etype-8042 |
lat | lavc-sca | mop-console | mop-dump |
msdos | mumps | netbios | vines-echo |
vines-ip | xns-idp: A non-IP protocol.
A value of '0' means, the filter is applicable for all protocols."
DEFVAL { 0 }
::= { issAclL2FilterEntry 4 }
issAclL2FilterDstMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Destination MAC address to be matched with the packet. By Default, the
Destination Mac Address will be zero which means dont care condition ie)
any Dst Mac Address ."
::= { issAclL2FilterEntry 5 }
issAclL2FilterSrcMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Source MAC address to be matched with the packet. By Default, the Source
Mac Address will be zero which means dont care condition ie) any Src Mac
address"
::= { issAclL2FilterEntry 6 }
issAclL2FilterVlanId OBJECT-TYPE
SYNTAX Integer32 (0..4094)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Vlan Id to be filtered. In case of Provider bridges, This Vlan Id will
be treated as customer Vlan Id.
A value of '0' means, this object is unused. Configuring this value is not
allowed."
DEFVAL { 0 }
::= { issAclL2FilterEntry 7 }
issAclL2FilterInPortList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the complete set of ports over which this filter is applied
for packets ingress at ports in this list.
If the In port list is '0', the filter rule is applicable for the
incoming packets on all ports.
Even though the issAclL2FilterInPortList is configured, It is applicable only
if issAclL2FilterDirection is configured as 'in'.
By default inport list is maintained as '0'."
::= { issAclL2FilterEntry 8 }
issAclL2FilterAction OBJECT-TYPE
SYNTAX INTEGER {
allow (1),
drop (2),
redirect (3),
switchandcopytocpu (4),
dropandcopytocpu (5)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the action to be taken on the packet if the filter
rule matches.
If the action is 'allow', the packet will be forwarded according
to the forwarding rules.
If the action is 'drop', the packet will be discarded.
If the action is 'redirect', the packet will be switched according
to the redirect rules.
If the action is 'switch-and-copy-to-cpu', packet is switched and a copy of the
packet is sent to the CPU.
If the action is 'drop-and-copy-to-cpu', packet is not switched but only
sent to the CPU."
DEFVAL { allow }
::= { issAclL2FilterEntry 9 }
issAclL2FilterMatchCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of times this filter is matched."
::= { issAclL2FilterEntry 10 }
issAclL2FilterStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the status of this entry. An entry is
created in this table when this object is SET to 'createAndWait'.
The entry in this table is used when the status of this object
is SET 'active'. The entry in this table is not used when this
object is SET 'notInService'. An entry created in this table is
be deleted when this object is SET 'destroy'. The entry status will
be made 'active' only if either of In/Out PortList or In/Out
PortChannelList are configured in case of l2Filter."
::= { issAclL2FilterEntry 11 }
issAclL2FilterOutPortList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the complete set of ports over which this filter is applied
for packets egress at Ports in this list.
If the Out port list is '0', the filter rule is applicable for the
outgoing packets on all ports.
Even though the issAclL2FilterOutPortList is configured, It is applicable only
if issAclL2FilterDirection is configured as 'out'.
By default outport list is maintained as '0'."
::= { issAclL2FilterEntry 12 }
issAclL2FilterDirection OBJECT-TYPE
SYNTAX INTEGER {
in (1),
out (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the direction of this filter to be applied. By Default the
filter will be applied on ingress direction.
When the direction of this filter is 'in', It is applied on specified
ports of the issAclL2FilterInPortList.
When the direction of this filter is 'out', It is applied on specified
ports of the issAclL2FilterOutPortList."
DEFVAL { in }
::= { issAclL2FilterEntry 13 }
issAclL2FilterSubAction OBJECT-TYPE
SYNTAX INTEGER {
none (0),
modifyVlan (1),
nestedVlan (2),
modifyCVlan (3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The action to be taken on the incoming packet is detailed below -
none - no action
modifyVlan - Traffic matching ACL rule will have VLAN ID
classified/modified to value specified by this object.
nestedVlan - Traffic matching ACL rule will have one additional VLAN Tag
added to the packet ( on top of existing VLAN tags, if any).
modifyCVlan - Traffic matching ACL rule will have Customer VLAN ID
classified/modified to value specified by this object.
Note - VLANID added is specified by mib object issAclL2FilterSubActionId
strip-etherhdr-apply-nextfilter - Traffic matching ACL rule will have
outer ethernet header stripped, Ex This can be used for stripping the
outer ethernet header for MPLS packet."
DEFVAL { none }
::= { issAclL2FilterEntry 14 }
issAclL2FilterSubActionId OBJECT-TYPE
SYNTAX Integer32 (0..4094)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Id to be used if the object as specified by issAclL2FilterSubAction is either modifyvlan or nestedvlan only.
Non-Zero value need to be specify when issAclL2FilterSubAction is modify or Nested Vlan. Value of Zero need to be specify when issAclL2FilterSubAction is none"
DEFVAL { 0 }
::= { issAclL2FilterEntry 15 }
issAclL2FilterRedirectId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the redirect index associated with L2Filter entry."
::= { issAclL2FilterEntry 16 }
issAclL2NextFilterNo OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Next Filter rule number to be matched for traffic matching
the current ACL rule "
::= { issAclL2FilterEntry 17 }
issAclL2NextFilterType OBJECT-TYPE
SYNTAX INTEGER {
l2filter (0),
l3filter (1),
userdefined (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object specifies the type of the next access-control list. The type could take the value 'l2filter' for MAC-based
ACLs and 'l3filter' for IP-based ACLs. It takes the value 'userdefined' for filtering based on user-defined
filters."
::= { issAclL2FilterEntry 18 }
issAclL2FilterCreationMode OBJECT-TYPE
SYNTAX INTEGER {
internal (1),
external (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the filter created mode.
internal: Indicates filter is created by the system internally.
external: Indicates filter is created externally by user configuration.
Filter table with the mode 'internal' is readonly, and cannot be deleted
by setting 'destroy' to table row status."
DEFVAL { external }
::= { issAclL2FilterEntry 19 }
issAclL2FilterInPortChannelList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the complete set of port channel interfaces over which
the filter is applied for packets arriving at the ports in this list.
By default InPortChannel list is '0'."
::= { issAclL2FilterEntry 20 }
issAclL2FilterOutPortChannelList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the complete set of portchannel interfaces over which the filter is applied
for packets egress at ports in this list.
This configuration is applicable only if issAclL2FilterDirection is configured as 'out'.
By default the OutPortChannel list is '0'."
::= { issAclL2FilterEntry 21 }
issAclL2FilterStatsEnabledStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the status of L2 filter statistics collection.
When set as enabled, the number of hits for the specific
filter entry is collected and can be verified using the
issAclL2FilterMatchCount object.
When set as disabled, the number of hits for the specific filter
entry is not collected."
DEFVAL { disabled }
::= { issAclL2FilterEntry 22 }
issAclClearL2FilterStats OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object clears the hit count of the specific filter.
When this object is set as 'true'(1), the hit count for the filter is
cleared and the object value is reset to 'false'(2). The get routine for
this object always returns 'false'(2)."
DEFVAL { false }
::= { issAclL2FilterEntry 23 }
-- ------------------------------------------------------------------
-- L3 Filter Group --------------------------------------------------
issAclL3FilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF IssAclL3FilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" A table to configure L3 filter rules in the system.
"
::= { issAclL3Filter 1 }
issAclL3FilterEntry OBJECT-TYPE
SYNTAX IssAclL3FilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
" Each entry in this table is a L3 filter rule.
Index to the table is L3 filter number. "
INDEX { issAclL3FilterNo}
::= { issAclL3FilterTable 1 }
IssAclL3FilterEntry ::=
SEQUENCE {
issAclL3FilterNo
Integer32,
issAclL3FilterPriority
Integer32,
issAclL3FilterProtocol
Integer32,
issAclL3FilterMessageType
Integer32,
issAclL3FilterMessageCode
Integer32,
issAclL3FilteAddrType
InetAddressType,
issAclL3FilterDstIpAddr
InetAddress,
issAclL3FilterSrcIpAddr
InetAddress,
issAclL3FilterDstIpAddrPrefixLength
InetAddressPrefixLength,
issAclL3FilterSrcIpAddrPrefixLength
InetAddressPrefixLength,
issAclL3FilterMinDstProtPort
Unsigned32,
issAclL3FilterMaxDstProtPort
Unsigned32,
issAclL3FilterMinSrcProtPort
Unsigned32,
issAclL3FilterMaxSrcProtPort
Unsigned32,
issAclL3FilterInPortList
PortList,
issAclL3FilterOutPortList
PortList,
issAclL3FilterAckBit
INTEGER,
issAclL3FilterRstBit
INTEGER,
issAclL3FilterTos
Integer32,
issAclL3FilterDscp
Integer32,
issAclL3FilterDirection
INTEGER,
issAclL3FilterAction
INTEGER,
issAclL3FilterMatchCount
Counter32,
issAclL3FilterFlowId
Unsigned32,
issAclL3FilterStatus
RowStatus,
issAclL3FilterSubAction
INTEGER,
issAclL3FilterSubActionId
Integer32,
issAclL3FilterRedirectId
Integer32,
issAclL3FilterCreationMode
INTEGER,
issAclL3FilterInPortChannelList
PortList,
issAclL3FilterOutPortChannelList
PortList,
issAclL3FilterStatsEnabledStatus
EnabledStatus,
issAclClearL3FilterStats
TruthValue
}
issAclL3FilterNo OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"L3 Filter rule number."
::= { issAclL3FilterEntry 1 }
issAclL3FilterPriority OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The priority of the filter can be used to decide which filter rule
is applicable when
--> the packet matches with more than one filter rules
--> All the filter rules result in 'allow'ing the packet
Higher value of 'L3 filter priority' implies a higher priority.
Usage of 'L3FilterPriority' is implementation dependant."
DEFVAL { 1 }
::= { issAclL3FilterEntry 2 }
issAclL3FilterProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" The type of protocol to be checked against the packet. The
default value is 255. If the value is 255, it means that the
protocol type can be anything and it will not be checked to
decide the action. "
DEFVAL { 255 }
::= { issAclL3FilterEntry 3 }
issAclL3FilterMessageType OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" The message type to be checked against the packet. If the
message type matches with the packet, then the packet will be
dropped / allowed based on the action set in issAclL3FilterAction.
The default value is 255. It means that message type is not
configured and need not be checked.
Generally the value zero is given as default. But here
zero can be an ICMP Type value. Hence 255 is given as the
default value.
Some ICMP message types are:
echoReply(0),
destinationUnreachable(3),
sourceQuench(4),
redirect(5),
echoRequest(8),
timeExceeded(11),
parameterProblem(12),
timestampRequest(13),
timestampReply(14),
informationRequest(15),
informationReply(16),
addressMaskRequest(17),
addressMaskReply (18),
noICMPType(255)
"
DEFVAL { 255 }
::= { issAclL3FilterEntry 4 }
issAclL3FilterMessageCode OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" The message code to be checked against the packet. If the
packet matches with the message code, then the packet will
be dropped / allowed based on the action set in issAclL3FilterAction.
The default value is 255. It means that message code is not
configured and need not be checked. Generally the value zero
will be given as default. But here, zero can be an ICMP Code
value. Hence 255 is given as the default value.
Some ICMP message codes are :
networkUnreachable(0),
hostUnreachable(1),
protocolUnreachable(2),
portUnreachable(3),
fragmentNeed(4),
sourceRouteFail(5),
destNetworkUnknown(6),
destHostUnknown(7),
srcHostIsolated(8),
destNetworkAdminProhibited(9),
destHostAdminProhibited(10),
networkUnreachableTOS(11),
hostUnreachableTOS(12),
noICMPCode(255)
"
DEFVAL { 255 }
::= { issAclL3FilterEntry 5 }
issAclL3FilteAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of IP address used by this classifier entry. While
other types of addresses are defined in the InetAddressType
textual convention, and DNS names, a classifier can only look at
packets on the wire. Therefore, this object is limited to IPv4
and IPv6 addresses."
::= { issAclL3FilterEntry 6 }
issAclL3FilterDstIpAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The IP address to match against the packet's destination IP
address. This may not be a DNS name, but may be an IPv4 or IPv6
prefix. issAclL3FilterDstIpAddrPrefixLength indicates the
number of bits that are relevant."
::= { issAclL3FilterEntry 7 }
issAclL3FilterSrcIpAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The IP address to match against the packet's source IP address.
This may not be a DNS name, but may be an IPv4 or IPv6 prefix.
issAclL3FilterSrcIpAddrPrefixLength indicates the number of
bits that are relevant."
::= { issAclL3FilterEntry 8 }
issAclL3FilterDstIpAddrPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
UNITS "bits"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The length of the CIDR Prefix carried in
issAclL3FilterDstIpAddr. In IPv4 addresses, a length of 0
indicates a match of any address; a length of 32 indicates a
match of a single host address, and a length between 0 and 32
indicates the use of a CIDR Prefix. IPv6 is similar, except that
prefix lengths range from 0..128."
DEFVAL { 0 }
::= { issAclL3FilterEntry 9 }
issAclL3FilterSrcIpAddrPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
UNITS "bits"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The length of the CIDR Prefix carried in
issAclL3FilterSrcIpAddr. In IPv4 addresses, a length of 0
indicates a match of any address; a length of 32 indicates a
match of a single host address, and a length between 0 and 32
indicates the use of a CIDR Prefix. IPv6 is similar, except that
prefix lengths range from 0..128."
DEFVAL { 0 }
::= { issAclL3FilterEntry 10 }
issAclL3FilterMinDstProtPort OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The minimum port in the destination port range. Please note
these ports are the TCP / UDP ports."
DEFVAL { 0 }
::= { issAclL3FilterEntry 11 }
issAclL3FilterMaxDstProtPort OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The maximum port in the destination port range. Please note
these ports are the TCP / UDP ports."
DEFVAL { 65535 }
::= { issAclL3FilterEntry 12 }
issAclL3FilterMinSrcProtPort OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The minimum port in the source port range. Please note
these ports are the TCP / UDP ports."
DEFVAL { 0 }
::= { issAclL3FilterEntry 13 }
issAclL3FilterMaxSrcProtPort OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The maximum port in the source port range. Please note
these ports are the TCP / UDP ports."
DEFVAL { 65535 }
::= { issAclL3FilterEntry 14 }
issAclL3FilterInPortList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the complete set of ports over which if the packet arrives
this filter rule will be applicable.
If the incoming port list is '0', the filter rule is applicable for all the
incoming ports.
By default inport list is maintained as '0'."
::= { issAclL3FilterEntry 15 }
issAclL3FilterOutPortList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the complete set of ports over which if the packet goes out,
this filter rule will be applicable.
If the outgoing port list is '0', the filter rule is applicable for all the
outgoing packets in all ports.
By default outport list is maintained as '0'."
::= { issAclL3FilterEntry 16 }
issAclL3FilterAckBit OBJECT-TYPE
SYNTAX INTEGER {
establish(1),
notEstablish(2),
any(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The TCP ACK bit to be checked against the packet. The default
value is 'any'(3). It means that ACK bit will not be checked
to decide the action. "
DEFVAL { any }
::= { issAclL3FilterEntry 17 }
issAclL3FilterRstBit OBJECT-TYPE
SYNTAX INTEGER {
set(1),
notSet(2),
any(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The TCP RST bit to be checked against the packet. The default
value is 'any'(3). It means that RST bit will not be checked to
decide the action. "
DEFVAL { any }
::= { issAclL3FilterEntry 18 }
issAclL3FilterTos OBJECT-TYPE
SYNTAX Integer32 (-1..7)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The IP TOS bit to be checked against the packet. This is a
single byte integer of which the last three bits (least
significant bits) indicate Delay, Throughput and Reliability
i.e 'uuuuudtr', u-unused, d-delay, t-throughput, r-reliability.
For example '6' indicates low delay and high throughput.
A value of '-1' means, the Tos Field becomes dont care"
DEFVAL { -1 }
::= { issAclL3FilterEntry 19 }
issAclL3FilterDscp OBJECT-TYPE
SYNTAX Integer32 (-1..63)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
" The IP Dscp value to be checked against the packet.
A value of '-1' means, the Dscp Field becomes dont care."
DEFVAL { -1 }
::= { issAclL3FilterEntry 20 }
issAclL3FilterDirection OBJECT-TYPE
SYNTAX INTEGER {
in (1),
out(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the direction of this filter to be applied. By Default the
filter will be applied on ingress direction.
When the direction of this filter is 'in', It is applied on specified
ports of the issAclL3FilterInPortList.
When the direction of this filter is 'out', It is applied on specified
ports of the issAclL3FilterOutPortList."
DEFVAL { in }
::= { issAclL3FilterEntry 21 }
issAclL3FilterAction OBJECT-TYPE
SYNTAX INTEGER {
allow (1),
drop (2),
redirect (3),
switchandcopytocpu (4),
dropandcopytocpu (5)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the action to be taken on the packet if the filter
rule matches.
If the action is 'allow', the packet will be sent to the
ports in 'out port list'. If the out port list is '0',
the port over which the packet is to be switched will be decided
based on further processing on the packet.
If the action is 'drop', the packet will be discarded.
If the action is 'switch-and-copy-to-cpu', packet is switched and a copy of
the packet is sent to the CPU.
If the action is 'drop-and-copy-to-cpu', packet is not switched but only
sent to the CPU."
DEFVAL { allow }
::= { issAclL3FilterEntry 22 }
issAclL3FilterMatchCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of times this filter is matched."
::= { issAclL3FilterEntry 23 }
issAclL3FilterFlowId OBJECT-TYPE
SYNTAX Unsigned32 (0..1048575)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The flow identifier in an IPv6 header."
::= { issAclL3FilterEntry 24 }
issAclL3FilterStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the status of this entry. An entry is
created in this table when this object is SET to 'createAndWait'.
The entry in this table is used when the status of this object
is SET 'active'. The entry in this table is not used when this
object is SET 'notInService'. An entry created in this table is
be deleted when this object is SET 'destroy'. The entry status will be made
'active' only if either of In/Out PortList or In/Out PortChannelList are
configured in case of l3Filter."
::= { issAclL3FilterEntry 25 }
issAclL3FilterSubAction OBJECT-TYPE
SYNTAX INTEGER {
none (0),
modifyVlan (1),
nestedVlan (2),
modifyCVlan (3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The action to be taken on the incoming packet on the incoming packet
value specified by this object is detailed below -
none - no action
modifyVlan - Traffic matching ACL rule will have VLAN ID classified/modified
to value specified by this object.
nestedVlan - Traffic matching ACL rule will have one additional VLAN Tag
added to the packet ( on top of existing VLAN tags, if any).
modifyCVlan - Traffic matching ACL rule will have Customer VLAN ID
classified/modified to value specified by this object.
Note - VLANID added is specified by mib object issAclL3FilterSubActionId."
DEFVAL { none }
::= { issAclL3FilterEntry 26 }
issAclL3FilterSubActionId OBJECT-TYPE
SYNTAX Integer32 (0..4094)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Id to be used if the object as specified by issAcl3FilterSubAction is either modifyvlan or nestedvlan only.
Non-Zero value need to be specify when issAclL3FilterSubAction is modify or Nested Vlan. Value of Zero need to be specify when issAclL3FilterSubAction is none"
DEFVAL { 0 }
::= { issAclL3FilterEntry 27 }
issAclL3FilterRedirectId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the redirect index associated with L3Filter entry."
::= { issAclL3FilterEntry 28 }
issAclL3FilterCreationMode OBJECT-TYPE
SYNTAX INTEGER {
internal (1),
external (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the filter created mode.
internal: Indicates filter is created by the system internally.
external: Indicates filter is created externally by user configuration.
Filter table with the mode 'internal' is readonly, and cannot be deleted
by setting 'destroy' to table row status."
DEFVAL { external }
::= { issAclL3FilterEntry 29 }
issAclL3FilterInPortChannelList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the complete set of port channel interfaces over which
the filter is applied for packets arriving at the ports in this list.
By default InPortChannel list is '0'."
::= { issAclL3FilterEntry 30 }
issAclL3FilterOutPortChannelList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the complete set of portchannel interfaces over which the filter is applied
for packets egress at ports in this list.
This configuration is applicable only if issAclL3FilterDirection is configured as 'out'.
By default the OutPortChannel list is '0'."
::= { issAclL3FilterEntry 31 }
issAclL3FilterStatsEnabledStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the status of L3 filter statistics collection.
When set as enabled, the number of hits for the specific
filter entry is collected and can be verified using the
issAclL3FilterMatchCount object.
When set as disabled, the number of hits for the filter entry is not
collected."
DEFVAL { disabled }
::= { issAclL3FilterEntry 32 }
issAclClearL3FilterStats OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object clears the hit count of the specific filter.
When this object is set as 'true'(1), the hit count for the filter is
cleared and the object value is reset to 'false'(2). The get routine for
this object always returns 'false'(2)."
DEFVAL { false }
::= { issAclL3FilterEntry 33 }
------------------------------------------------------------------------------------------
-- User Defined Filter Table for specifying user defined packet header elements
-- Also used for supporting AND/OR/NOT operations on existing ACL rules
-- and deriving new user defined ACL rules
------------------------------------------------------------------------------------------
issAclUserDefinedFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF FsIssAclUserDefinedFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table to configure user defined filter rules in the system. This table is used for
specifying the user defined packet header elements for application of filter rules.
This table could also be used for supporting AND, OR,NOT operations on existing filter
rules and deriving new user defined ACL rules."
::= { issAclUserDefinedFilter 1 }
issAclUserDefinedFilterEntry OBJECT-TYPE
SYNTAX FsIssAclUserDefinedFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies user defined filter entry indexed uniquely by issAclUserDefinedFilterId"
INDEX { issAclUserDefinedFilterId }
::= { issAclUserDefinedFilterTable 1 }
FsIssAclUserDefinedFilterEntry ::=
SEQUENCE {
issAclUserDefinedFilterId IndexInteger,
issAclUserDefinedFilterPktType INTEGER,
issAclUserDefinedFilterOffSetBase Integer32,
issAclUserDefinedFilterOffSetValue OCTET STRING,
issAclUserDefinedFilterOffSetMask OCTET STRING,
issAclUserDefinedFilterPriority Integer32,
issAclUserDefinedFilterAction INTEGER,
issAclUserDefinedFilterInPortList PortList,
issAclUserDefinedFilterIdOneType INTEGER,
issAclUserDefinedFilterIdOne Unsigned32,
issAclUserDefinedFilterIdTwoType INTEGER,
issAclUserDefinedFilterIdTwo Unsigned32,
issAclUserDefinedFilterSubAction INTEGER,
issAclUserDefinedFilterSubActionId Integer32,
issAclUserDefinedFilterRedirectId Integer32,
issAclUserDefinedFilterStatus RowStatus,
issAclUserDefinedFilterMatchCount Counter32,
issAclUserDefinedFilterStatsEnabledStatus EnabledStatus,
issAclClearUserDefinedFilterStats TruthValue
}
issAclUserDefinedFilterId OBJECT-TYPE
SYNTAX IndexInteger
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index to uniquely identify the User defined filter table entry."
::= { issAclUserDefinedFilterEntry 1 }
issAclUserDefinedFilterPktType OBJECT-TYPE
SYNTAX INTEGER {
userDef(0), -- user defined packet type
ethernet(1), -- ethernet packet
ipv4(2), -- packet type is IPv4
ipv6(3), -- packet type is IPv6
ipv4tcp(4), -- packet type is IPv4 TCP
ipv6tcp(5), -- packet type is IPv6 TCP
ipv4udp(6), -- packet type is IPv4 UDP
ipv6udp(7), -- packet type is IPv6 UDP
mpls(8), -- packet type is MPLS
fragip(9) -- fragmented IPv4/v6 packet
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the type of packet for which packet-filter match needs to be applied on incoming traffic."
DEFVAL {0}
::= { issAclUserDefinedFilterEntry 2 }
issAclUserDefinedFilterOffSetBase OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the offset base from the start of packet header ( beginning of full packet) for which the match needs to
be applied on incoming traffic. A value of 0 indicates Start of L2 Header, value 1 indicates start of L3 Header, value 2 start of L4 Header, value 3 start of IPv6 start header, value 4 start from Ethertype and value 5 indicated start from MPLS Header(minus2). Other value are correctly invlaid and reserved for future use."
DEFVAL { 0 }
::= { issAclUserDefinedFilterEntry 3 }
issAclUserDefinedFilterOffSetValue OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..128))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the offset value for which packet-filter match needs to be applied on incoming traffic. A value
of zero indicates that this field is dont-care. The offset value is a contiguous set of 128 bytes from the OffSetBase.
For specifying non-contiguous elements in the packet header, the OffSetValue is ANDed with the OffsetMask to result in
the appropriate match on non-contiguous elements of the packet header."
::= { issAclUserDefinedFilterEntry 4 }
issAclUserDefinedFilterOffSetMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..128))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the mask for the offset value. The actual user defined value to be used for matching incoming
traffic is obtained after ANDing the OffsetValue and OffsetMask. A value of 0 indicates that this field is dont-care."
::= { issAclUserDefinedFilterEntry 5 }
issAclUserDefinedFilterPriority OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The priority of the filter can be used to decide which filter rule
is applicable when
--> the packet matches with more than one filter rules
--> All the filter rules result in 'allow'ing the packet
Higher value of 'UserDefined filter priority' implies a higher priority.
Usage of 'UserDefinedFilterPriority' is implementation dependant."
DEFVAL { 1 }
::= { issAclUserDefinedFilterEntry 6 }
issAclUserDefinedFilterAction OBJECT-TYPE
SYNTAX INTEGER {
allow (1),
drop (2),
redirect (3),
and (4),
or (5),
not (6)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Action value allow/drop/redirect specify the action to be taken on the packet if the filter rule matches.
--> If the action is 'allow', the packet will be sent to the
ports as specified by issRedirectInterfaceGrpPortList.
--> If the action is 'drop', the packet will be discarded.
--> If the action is 'redirect', the packet will be switched based on the redirect rule.
Action value and/or/not specify the operation that is applied on base
access filter rules to derive a new user defined ACL rule.
For the below actions, the user defined offset values are not used for packet
match.
--> and : Apply AND operation on base filter rules identified uniquely by <issAclUserDefinedFilterIdOneType, issAclUserDefinedFilterIdOne> AND <issAclUserDefinedFilterIdTwoType, issAclUserDefinedFilterIdTwo > to derive new user defined filter rule.
--> or : Apply OR operation on base filter rules identified uniquely by <issAclUserDefinedFilterIdOneType, issAclUserDefinedFilterIdOne> AND <issAclUserDefinedFilterIdTwoType, issAclUserDefinedFilterIdTwo > The FilterAction corresponding to issAclUserDefinedFilterIdOne will be applied on issAclUserDefinedFilterIdTwo.
--> not : Apply NOT operation on base filter rule identified uniquely by <issAclUserDefinedFilterIdOneType, issAclUserDefinedFilterIdOne> to derive new user defined filter rule."
DEFVAL { allow }
::= { issAclUserDefinedFilterEntry 7 }
issAclUserDefinedFilterInPortList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the complete set of ports over which this filter is applied
for packets ingress at ports in this list. Filter will be applied in
chip when port list is not null.
If the In port list is '0', the filter rule will not be installed in hardware.
By default inport list is maintained as '0'."
::= { issAclUserDefinedFilterEntry 8 }
issAclUserDefinedFilterIdOneType OBJECT-TYPE
SYNTAX INTEGER { macbased (1), ipbased (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object specifies the type of the Base ACL rule 1 that is used for
deriving new ACL rule."
::= { issAclUserDefinedFilterEntry 9 }
issAclUserDefinedFilterIdOne OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object specifies the ID of the Base ACL rule 1 (MAC-based or IP-based) that is used for
deriving new ACL rule."
::= { issAclUserDefinedFilterEntry 10 }
issAclUserDefinedFilterIdTwoType OBJECT-TYPE
SYNTAX INTEGER { macbased (1) , ipbased (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object specifies the type of the Base ACL rule 2 that is used for
deriving new ACL rule."
::= { issAclUserDefinedFilterEntry 11 }
issAclUserDefinedFilterIdTwo OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object specifies the ID of the Base ACL rule 2 (MAC-based or IP-based) that is used for
deriving new ACL rule."
::= { issAclUserDefinedFilterEntry 12 }
issAclUserDefinedFilterSubAction OBJECT-TYPE
SYNTAX INTEGER {
none (0),
modifyVlan (1),
nestedVlan (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The action to be taken on the incoming packet is detailed below -
none - no action
modifyVlan - Traffic matching ACL rule will have VLAN ID classified/modified
to value specified by this object.
The direction of VLAN ID modification is determined as follows -
nestedVlan - Traffic matching ACL rule will have one additional VLAN Tag
added to the packet ( on top of existing VLAN tags, if any).
NOte - VLANID added is specified by issAclUserDefinedFilterSubActionId."
DEFVAL { none }
::= { issAclUserDefinedFilterEntry 13 }
issAclUserDefinedFilterSubActionId OBJECT-TYPE
SYNTAX Integer32 (0..4094)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Id to be used if the object as specified by issAclUserDefinedFilterSubAction is either modifyvlan or nestedvlan only.
Non-Zero value need to be specify when issAclUserDefinedFilterSubAction is modify
or Nested Vlan. Value of Zero need to be specify
when issAclUserDefinedFilterSubAction is none."
DEFVAL { 0 }
::= { issAclUserDefinedFilterEntry 14 }
issAclUserDefinedFilterRedirectId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Specifies the redirect index associated with UserDefinedFilter entry."
::= { issAclUserDefinedFilterEntry 15 }
issAclUserDefinedFilterStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the status of this entry. An entry is
created in this table when this object is SET to 'createAndWait'.
The entry in this table is used when the status of this object
is SET 'active'. The entry in this table is not used when this
object is SET 'notInService'. An entry created in this table is
be deleted when this object is SET 'destroy'."
::= { issAclUserDefinedFilterEntry 16 }
issAclUserDefinedFilterMatchCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object specifies the number of times the filter is matched."
::= { issAclUserDefinedFilterEntry 17 }
issAclUserDefinedFilterStatsEnabledStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies the status of User Defined filter statistics collection.
When set as enabled, the number of hits for the specific
filter entry is collected and can be verified using the
issAclUserDefinedFilterMatchCount object.
When set as disabled, the number of hits for the filter entry is not
collected."
DEFVAL { disabled }
::= { issAclUserDefinedFilterEntry 18 }
issAclClearUserDefinedFilterStats OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object clears the hit count of the specific filter.
When this object is set as 'true'(1), the hit count for the filter is
cleared and the object value is reset to 'false'(2). The get routine for
this object always returns 'false'(2)."
DEFVAL { false }
::= { issAclUserDefinedFilterEntry 19 }
----------------------------------------
-- Redirect Interface Group Table
----------------------------------------
issRedirectInterfaceGrpTable OBJECT-TYPE
SYNTAX SEQUENCE OF FsRedirectInterfaceGrpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An interface group is a collection of physical ports ( or ) trunks that
are grouped together for distributing traffic received on an ingress interface.
Based on the access-list match on an incoming interface, traffic is distributed
among the member ports of an interface-group/virtual trunk."
::= { issRedirectInterfaceGrp 1 }
issRedirectInterfaceGrpEntry OBJECT-TYPE
SYNTAX FsRedirectInterfaceGrpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"There is one entry in this table for each created Interface-Group. An interface-group/virtual trunk is
uniquely identified by the object 'issRedirectInterfaceGrpId'."
INDEX { issRedirectInterfaceGrpId }
::= { issRedirectInterfaceGrpTable 1 }
FsRedirectInterfaceGrpEntry ::=
SEQUENCE {
issRedirectInterfaceGrpId IndexInteger,
issRedirectInterfaceGrpFilterType INTEGER,
issRedirectInterfaceGrpFilterId Unsigned32,
issRedirectInterfaceGrpDistByte Integer32,
issRedirectInterfaceGrpPortList PortList,
issRedirectInterfaceGrpType INTEGER,
issRedirectInterfaceGrpUdbPosition Integer32,
issRedirectInterfaceGrpStatus RowStatus
}
issRedirectInterfaceGrpId OBJECT-TYPE
SYNTAX IndexInteger
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index to the Redirect Interface Group table entry. Uniquely identifies the interface-group."
::= { issRedirectInterfaceGrpEntry 1 }
issRedirectInterfaceGrpFilterType OBJECT-TYPE
SYNTAX INTEGER {
l2filter (0),
l3filter (1),
userdefined (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
" This object specifies the type of the access-control list. The type could take the value 'l2filter' for MAC-based
ACLs and 'l3filter' for IP-based ACLs. It takes the value 'userdefined' for filtering based on user-defined
filters."
::= { issRedirectInterfaceGrpEntry 2 }
issRedirectInterfaceGrpFilterId OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This Object specifies the ID of the MAC-based, IP-based or UserDefined access control list/filter-rule, the details of
which should be matched against the incoming packet. The corresponding ACL/filter-rule can be applied to
this Interface Redirect Group only if the following objects are set with values mentioned below -
a. 'issAclL2FilterAction'/'issAclL3FilterAction' - redirect."
::= { issRedirectInterfaceGrpEntry 3 }
issRedirectInterfaceGrpDistByte OBJECT-TYPE
SYNTAX Integer32 (0..140)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Specifies the Distribution Byte that needs to be used for deriving the traffic distribution hash-logic for the
set of interfaces in the interface-group/virtual-trunk. The output of the hash-logic is an egress
interface from amongst the member ports of a virtual trunk. Traffic would get redirected to this egress interface.
'udb' can take any value between (0..128). If srcip is selected, then Source IP in the packet header would be
used for distributing traffic. For encapsulated IP packets, inner IP can be used for traffic distribution."
::= { issRedirectInterfaceGrpEntry 4 }
issRedirectInterfaceGrpPortList OBJECT-TYPE
SYNTAX PortList
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Each octet in this object specifies the IfIndex of a physical interface or manually aggregated trunk.Based on the value specified by issRedirectInterfaceGrpType This PortList specifies either of the below.
-> if issRedirectInterfaceGrpType is portList it specifies
List of interfaces that comprise the redirect interface-group with Most Significant Bit Represents
Lowest Port.
-> if issRedirectInterfaceGrpType is port then it specifies Single interface with Least Significant Octets
taking up the interface Value ."
::= { issRedirectInterfaceGrpEntry 5 }
issRedirectInterfaceGrpType OBJECT-TYPE
SYNTAX INTEGER { port (1) , portList (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object specifies whether the redirected interface is a single port
or portlist.If the value of this object is port(1) then the redirected
interface is a single interface .If the value of this object is
portlist(2) then the redirected interface consists of a group of ports."
::= { issRedirectInterfaceGrpEntry 6 }
issRedirectInterfaceGrpUdbPosition OBJECT-TYPE
SYNTAX Integer32 (0..128)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the User defined postion of a byte in
the packet when the value of the object as specified by
issRedirectInterfaceGrpDistByte is udb."
DEFVAL { 0 }
::= { issRedirectInterfaceGrpEntry 7 }
issRedirectInterfaceGrpStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the status of this entry. An entry is
created in this table when this object is SET to 'createAndWait'.
The entry is 'not-ready' when the mandatory parameters are not specified.
Following objects are mandatory parameters that need to be set before this object
can be SET to 'active' -
a. issRedirectInterfaceGrpFilterId
b. issRedirectInterfaceGrpPortList
The entry in this table is used when the status of this object is
SET to 'active'. The entry in this table is not used when this object is SET to 'notInService'.
An entry created in this table is deleted when this object is SET to 'destroy'."
::= { issRedirectInterfaceGrpEntry 8 }
-------------------------------------------------------------------
--SCALAR OBJECT
-------------------------------------------------------------------
issRedirectInterfaceGrpIdNextFree OBJECT-TYPE
SYNTAX IndexIntegerNextFree
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object value the next free index (issRedirectInterfaceGrpId)
to be used for creation of redirect interface entry, or a
zero to indicate that none exist"
::= { issRedirectIdNextFree 1 }
-- Traffic Control Group ------------------------------------------ --
issAclTrafficSeperationCtrl OBJECT-TYPE
SYNTAX INTEGER {
systemdefault (1),
userconfig (2)
}
MAX-ACCESS read-write
STATUS deprecated
DESCRIPTION
"This object provides control to administrator, to have system default or
user defined ACL/QoS rules to carry control traffic to CPU.
system-default: ACL/QoS rules for all the control packets will be
automatically installed by the ISS software at system init time.Either a
'switch-and-copy-to-cpu'filter (or) 'drop-and-copy-to-cpu' filter will be
installed, as appropriate, for getting the control packets to CPU, for
processing.
user-config: The ACL/QoS rules for receiving all the control packets to
CPU for processing, will NOT be automatically installed by the the ISS
software.The administrator is expected to install required rules for the
control packets as requried.
If the configuration is changed from 'systemdefault' to 'userconfig'
option, then all the default ACL/QoS rules for carrying protocol control
packets to CPU are removed.Then user has to install the specific ACL/QoS
rules, to carry the intended control packets to CPU for the processing.
If the configuration is changed from 'userconfig' to 'systemdefault',
all the default ACL/QoS rules are installed. Already existing(if any)
user configured ACL rules in the system are not removed.
Above two options can be configured during system runtime.
This object is deprecated, corresponding functionality can be
realised by issTrafficSeperationCtrl from fsiss.mib"
DEFVAL { systemdefault }
::= { issAclTrafficControl 1 }
END
View Git Blame Copy Permalink