6344 lines
232 KiB
Plaintext
6344 lines
232 KiB
Plaintext
-- -----------------------------------------------------------------------------
|
|
-- MIB NAME : Access Control List(ACL) Common mib
|
|
-- FILE NAME: ACL.mib
|
|
-- DATE : 2010/12/21
|
|
-- VERSION : 2.15
|
|
-- PURPOSE : To construct the MIB structure of Access Control List
|
|
-- for proprietary enterprise
|
|
-- -----------------------------------------------------------------------------
|
|
-- MODIFICTION HISTORY:
|
|
-- -----------------------------------------------------------------------------
|
|
-- Version, Date, Author
|
|
-- Description:
|
|
-- [New Object]
|
|
-- [Modification]
|
|
-- Notes: (Requested by who and which project)
|
|
--
|
|
-- Version 2.15, 2010/12/21, Marco Visaya
|
|
-- Description
|
|
-- 1. remove value range of swACLPktContMaskOption2OffsetsValue
|
|
-- Requested by Marco Visaya for project DES3200
|
|
--
|
|
-- Version 2.14, 2009/03/18, Marco Visaya
|
|
-- Description
|
|
-- 1. add swACLPktContMaskOption2
|
|
-- 2. add swACLPktContRuleOption2
|
|
-- 3. add swACLEthernetVlanMask
|
|
-- 4. add swACLIpVlanMask
|
|
-- Requested by Marco Visaya for project DES3200
|
|
--
|
|
-- Version 2.13, 2009/01/05, Oran Tang
|
|
-- Description:
|
|
-- 1.add swACLEtherRuleMatchVID in swACLEtherRuleTable
|
|
-- 2.add swACLIpRuleMatchVID in swACLIpRuleTable
|
|
-- 3.add swCpuAclEtherRuleMatchVID in swCpuAclEtherRuleTable
|
|
-- 4.add swCpuAclIpRuleMatchVID in swCpuAclIpRuleTable
|
|
-- for config the VLAN-ID which has the access rule.
|
|
-- 5.modify the description of swACLEtherRuleVlan
|
|
-- 6.modify the description of swACLEtherRuleVID
|
|
-- 7.modify the description of swACLIpRuleVlan
|
|
-- 8.modify the description of swACLIpRuleVID
|
|
-- 9.modify the description of swCpuAclEtherRuleVlan
|
|
-- 10.modify the description of swCpuAclIpRuleVlan
|
|
-- Requested by Oran Tang for project DGS3700.
|
|
--
|
|
-- Revision 2.12 2008/12/26 by Ronald Hsu, Yedda Liao
|
|
-- Description:
|
|
-- 1.Add 'arp-spoofing(11)' and 'bpdu-tunnel(12)' in the value list of objects swACLEthernetOwner,
|
|
-- swACLIpOwner, swACLPktContMaskOwner, swACLIpv6MaskOwner, swACLEtherRuleOwner, swACLIpRuleOwner,
|
|
-- swACLPktContRuleOwner and swACLIpv6RuleOwner.
|
|
-- For arp spoofing and bpdu tunnel function, we need to add the two types of the owner on these objects.
|
|
-- 2.Add 'pppoe(10)','arp-spoofing(11)' and 'bpdu-tunnel(12)' in the value list of objects
|
|
-- swACLPktContMaskOptionOwner,swACLPktContRuleOptionOwner.
|
|
-- For PPPoE circuit ID insertion, ARP spoofing and BPDU tunnel functions, we need to add the three types
|
|
-- of the owner on these objects.
|
|
--
|
|
-- Revision 2.11 2008/11/21 by Ronald Hsu
|
|
-- 1.Add 'set-drop-precedence(5)' in the value list of object swACLEtherRulePermit,
|
|
-- swACLIpRulePermit, swACLPktContRulePermit, swACLIpv6RulePermit.
|
|
--
|
|
-- Revision 2.10 2008/10/16 by Ronald Hsu
|
|
-- Description:
|
|
-- 1.Add pppoe(10) in the value list of objects swACLEthernetOwner, swACLIpOwner, swACLPktContMaskOwner,
|
|
-- swACLIpv6MaskOwner, swACLEtherRuleOwner, swACLIpRuleOwner, swACLPktContRuleOwner and swACLIpv6RuleOwner.
|
|
-- Requested by project DES3500.
|
|
--
|
|
-- Version 2.09, 2008/05/05, Bonnnie
|
|
-- Description:
|
|
-- 1.add ismvlan(8) and dhcp-relay(9) in the value list of objects swACLEthernetOwner,swACLIpOwner,swACLPktContMaskOwner,
|
|
-- swACLIpv6MaskOwner, swACLPktContMaskOptionOwner,swACLEtherRuleOwner,swACLIpRuleOwner,swACLPktContRuleOwner,
|
|
-- swACLIpv6RuleOwner and swACLPktContRuleOptionOwner.
|
|
-- Requested by Bonnnie cheng for project DHS3628.
|
|
--
|
|
-- Version 2.08, 2008/04/18, Marco
|
|
-- Description:
|
|
-- [New Object]
|
|
-- [Modification]
|
|
-- 1. change range of the ff nodes to include case node is not active:
|
|
-- swACLEtherRule8021P
|
|
-- swACLIpRuleDscp
|
|
-- swAclIpRuleType
|
|
-- swAclIpRuleCode
|
|
-- swACLIpRuleSrcPort
|
|
-- swACLIpRuleDstPort
|
|
-- swACLIpRuleProtoID
|
|
-- swCpuAclEtherRule8021P
|
|
-- swCpuAclIpRuleDscp
|
|
-- swCpuAclIpRuleType
|
|
-- swCpuAclIpRuleCode
|
|
-- swCpuAclIpRuleSrcPort
|
|
-- swCpuAclIpRuleDstPort
|
|
-- swCpuAclIpRuleProtoID
|
|
-- removed *replaceprioritywith objects
|
|
-- Requested by Marco Visaya for project DES30XXP.
|
|
--
|
|
-- Version 2.07, 2008/04/11, Marco
|
|
-- Description:
|
|
-- [New Object]
|
|
-- 1. Added swACLEtherRuleReplacePriorityWith
|
|
-- 2. Added swACLIPRuleReplacePriorityWith
|
|
-- [Modification]
|
|
-- 1. Remove the range of xxxProfileID, and xxxRxRate. The maximum value of the objects depend on the device.
|
|
-- Requested by Marco Visaya for project DES30XXP.
|
|
--
|
|
--
|
|
-- Version 2.06, 2008/04/02, Kelvin
|
|
-- Description:
|
|
-- [New Object]
|
|
-- 1.add objects swACLIpv6MaskUseProtoType, swACLIpv6MaskTcpOption, swACLIpv6MaskUdpOption
|
|
-- swACLIpv6MaskTCPorUDPSrcPortMask, swACLIpv6MaskTCPorUDPDstPortMask in swACLIpv6MaskTable.
|
|
-- 2.add objects swACLIpv6RuleProtocol, swACLIpv6RuleSrcPort, swACLIpv6RuleDstPort in swACLIpv6RuleTable.
|
|
-- Requested by Kelvin Tao for project DGS3700.
|
|
--
|
|
-- Version 2.05, 2008/02/20, Kelvin
|
|
-- Description:
|
|
-- [New Object]
|
|
-- 1.add objects swACLEtherRuleVID in swACLEtherRuleTable.
|
|
-- 2.add objects swACLIpRuleVID in swACLIpRuleTable.
|
|
-- 3.add objects swACLPktContRuleVID in swACLPktContRuleTable.
|
|
-- 4.add objects swACLIpv6RuleVID in swACLIpv6RuleTable.
|
|
-- 5.add objects swACLPktContRuleOptionVID in swACLPktContRuleOptionTable.
|
|
-- Requested by Kelvin Tao for project DGS3700.
|
|
--
|
|
-- Version 2.04, 2008/01/15, Yan
|
|
-- Description:
|
|
-- [New Object]
|
|
-- 1.add objects swACLEtherRuleEnableReplaceTosPrecedence, swACLEtherRuleRepTosPrecedence in swACLEtherRuleTable.
|
|
-- 2.add objects swACLIpRuleEnableReplaceTosPrecedence, swACLIpRuleRepTosPrecedence in swACLIpRuleTable.
|
|
-- 3.add objects swACLPktContRuleEnableReplaceTosPrecedence, swACLPktContRuleRepTosPrecedence in swACLPktContRuleTable.
|
|
-- 4.add objects swACLIpv6RuleEnableReplaceDscp, swACLIpv6RuleRepDscp, swACLIpv6RuleEnableReplaceTosPrecedence and
|
|
-- swACLIpv6RuleRepTosPrecedence in swACLIpv6RuleTable.
|
|
-- 5.add objects swACLPktContRuleOptionEnableReplaceTosPrecedence, swACLPktContRuleOptionRepTosPrecedence in
|
|
-- swACLPktContRuleOptionTable.
|
|
-- Requested by Yan Zhang for project DES35XX.
|
|
--
|
|
-- Version 2.03, 2007/12/27 by Ronald Hsu
|
|
-- 1.Add 'lease-renew(4)' in the value list of object swACLPktContRulePermit.
|
|
-- Requested by Ronald Hsu for project DES3828R4.
|
|
--
|
|
-- Version 2.02, 2007/12/18, Jenny
|
|
-- Description:
|
|
-- [New Object]
|
|
-- 1.add object swACLPktContMaskOptionProfileName in swACLPktContMaskOptionTable.
|
|
-- 2.add object swACLIpv6MaskProfileName in swACLIpv6MaskTable.
|
|
-- 3.add object swACLIpProfileName in swACLIpTable.
|
|
-- 4.add object swACLEthernetProfileName in swACLEthernetTable.
|
|
-- 5.add object swACLPktContMaskProfileName in swACLPktContMaskTable.
|
|
-- Requested by Jenny for project DES35XX.
|
|
--
|
|
-- Version 2.01, 2007/05/15, Yan
|
|
-- Description:
|
|
-- [Modification]
|
|
-- 1. add Value List remark-dscp(4) of object swAclMeterActionForRateExceed, change the access
|
|
-- of objects swAclMeterRate and swAclMeterActionForRateExceed from read-write to read-create for CLI.
|
|
-- 2. change the access of object swACLIpRuleProtocol from read-only to read-write for supporting
|
|
-- the new chip of project DGS3600R2.
|
|
-- [New Object]
|
|
-- 1. add objects swACLIpSrcMacAddrMask, swACLIpRuleSrcMacAddress for supporting the lab-out project DGS3400R2.
|
|
-- 2. add tables swACLCounterTable, swACLPktContMaskOptionTable and swACLPktContRuleOptionTable for CLI.
|
|
-- 3. add read-only objects swACLTotalUsedRuleEntries, swACLTotalUnusedRuleEntries, swACLEthernetUnusedRuleEntries,
|
|
-- swACLIpUnusedRuleEntries, swACLPktContMaskUnusedRuleEntries, swACLIpv6MaskUnusedRuleEntries for CLI.
|
|
-- 4. add objects swCpuAclEtherRuleEtherPort, swCpuAclIpRulePort, swCpuAclPktContRulePort, swCpuAclIpv6RulePort for CLI.
|
|
-- 5. add object swCpuACLMaskDelAllState for supporting the lab-out project DGS3400R2.
|
|
-- 6. add objects swAclMeterRemarkDscp, swAclMeterBurstSize, swAclMeterMode, swAclMeterTrtcmCir, swAclMeterTrtcmCbs,
|
|
-- swAclMeterTrtcmPir, swAclMeterTrtcmPbs, swAclMeterTrtcmColorMode, swAclMeterTrtcmConformState, swAclMeterTrtcmConformReplaceDscp,
|
|
-- swAclMeterTrtcmConformCounterState, swAclMeterTrtcmExceedState, swAclMeterTrtcmExceedReplaceDscp, swAclMeterTrtcmExceedCounterState,
|
|
-- swAclMeterTrtcmViolateState, swAclMeterTrtcmViolateReplaceDscp, swAclMeterTrtcmViolateCounterState, swAclMeterSrtcmCir,
|
|
-- swAclMeterSrtcmCbs, swAclMeterSrtcmEbs, swAclMeterSrtcmColorMode, swAclMeterSrtcmConformState, swAclMeterSrtcmConformReplaceDscp,
|
|
-- swAclMeterSrtcmConformCounterState, swAclMeterSrtcmExceedState, swAclMeterSrtcmExceedReplaceDscp, swAclMeterSrtcmExceedCounterState,
|
|
-- swAclMeterSrtcmViolateState, swAclMeterSrtcmViolateReplaceDscp, swAclMeterSrtcmViolateCounterState, swAclMeterRowStatus for CLI.
|
|
-- 7. add objects swACLEtherRuleRxRate, swACLIpRuleRxRate, swACLPktContRuleRxRate, swACLIpv6RuleRxRate for supporting
|
|
-- the older CLI Command, and these objects could be used for some projects.
|
|
-- 8. add swIBPACLEthernetTable, swIBPACLIpTable, swIBPACLEtherRuleTable, swIBPACLIpRuleTable for keeping the OID
|
|
-- of lab-out project DGS3400R2, but these objects can not be used for other project, so the status is obsolete.
|
|
-- Requested by Yan for DGS3600R2.
|
|
--
|
|
-- Version 2.00, 2007/03/27, Yedda
|
|
-- This is the first formal version for universal MIB definition.
|
|
-- -----------------------------------------------------------------------------
|
|
|
|
ACLMGMT-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE,
|
|
MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32
|
|
FROM SNMPv2-SMI
|
|
MacAddress, RowStatus FROM SNMPv2-TC
|
|
DisplayString FROM RFC1213-MIB
|
|
SnmpAdminString FROM SNMP-FRAMEWORK-MIB
|
|
dlink-common-mgmt FROM DLINK-ID-REC-MIB;
|
|
|
|
swAclMgmtMIB MODULE-IDENTITY
|
|
LAST-UPDATED "0903180000Z"
|
|
ORGANIZATION "D-Link Corp."
|
|
CONTACT-INFO
|
|
"http://support.dlink.com"
|
|
DESCRIPTION
|
|
"The structure of Access Control List information for the
|
|
proprietary enterprise."
|
|
::= { dlink-common-mgmt 9 }
|
|
|
|
PortList ::= OCTET STRING(SIZE (0..127))
|
|
|
|
swAclCtrl OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 }
|
|
swAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 }
|
|
swAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 3 }
|
|
swCpuAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 4 }
|
|
swCpuAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 5 }
|
|
swAclMeteringMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 6 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- Textual Conventions
|
|
-- -----------------------------------------------------------------------------
|
|
-- This definition may be excluded if IPv6 Supported
|
|
Ipv6Address ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "2x:"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This data type is used to model IPv6 addresses.
|
|
This is a binary string of 16 octets in network
|
|
byte-order."
|
|
SYNTAX OCTET STRING (SIZE (16))
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swAclCtrl
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuInterfacefilterState OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable or disable CPU Interface Filtering (also called Software ACL).
|
|
The default is disabled. If enabled, the filtering entries in the
|
|
swAclRuleMgmt tables will be set to active if its RuleSwAclState is
|
|
enabled. If disabled, the software ACL function will be disabled."
|
|
::={ swAclCtrl 1}
|
|
|
|
swACLTotalUsedRuleEntries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of used ACL rule entries."
|
|
::={ swAclCtrl 2}
|
|
|
|
swACLTotalUnusedRuleEntries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of unused ACL rule entries."
|
|
::={ swAclCtrl 3}
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLEthernetTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLEthernetTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLEthernetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains ACL mask Ethernet information.
|
|
The access profile will be created on the switch to define which
|
|
part of each incoming frame's layer 2 header will be examined
|
|
by the switch. Masks entered will be combined with the
|
|
values the switch finds in the specified frame header fields."
|
|
::= { swAclMaskMgmt 1 }
|
|
|
|
swACLEthernetEntry OBJECT-TYPE
|
|
SYNTAX SwACLEthernetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the ACL for Ethernet."
|
|
INDEX { swACLEthernetProfileID }
|
|
::= { swACLEthernetTable 1 }
|
|
|
|
SwACLEthernetEntry ::=
|
|
SEQUENCE {
|
|
swACLEthernetProfileID
|
|
INTEGER,
|
|
-- swACLEthernetPort
|
|
-- PortList,
|
|
swACLEthernetUsevlan
|
|
INTEGER,
|
|
swACLEthernetMacAddrMaskState
|
|
INTEGER,
|
|
swACLEthernetSrcMacAddrMask
|
|
MacAddress,
|
|
swACLEthernetDstMacAddrMask
|
|
MacAddress,
|
|
swACLEthernetUse8021p
|
|
INTEGER,
|
|
swACLEthernetUseEthernetType
|
|
INTEGER,
|
|
swACLEthernetRowStatus
|
|
RowStatus,
|
|
swACLEthernetOwner
|
|
INTEGER,
|
|
swACLEthernetUnusedRuleEntries
|
|
INTEGER,
|
|
swACLEthernetProfileName
|
|
DisplayString,
|
|
swACLEthernetVlanMask
|
|
OCTET STRING
|
|
}
|
|
|
|
swACLEthernetProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLEthernetEntry 1 }
|
|
|
|
-- swACLEthernetPort OBJECT-TYPE
|
|
-- SYNTAX PortList
|
|
-- MAX-ACCESS read-create
|
|
-- STATUS current
|
|
-- DESCRIPTION
|
|
-- "This object indicates which port(s) should be filtered."
|
|
-- ::= { swACLEthernetEntry 2 }
|
|
|
|
swACLEthernetUsevlan OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the switch will examine the VLAN part of each packet header."
|
|
::= { swACLEthernetEntry 2 }
|
|
|
|
swACLEthernetMacAddrMaskState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-mac-addr(2),
|
|
src-mac-addr(3),
|
|
dst-src-mac-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the MAC address mask.
|
|
other (1) - Neither source MAC address nor destination MAC address are masked.
|
|
dst-mac-addr (2) - Destination MAC addresses within received frames are
|
|
to be filtered when matched with the MAC address entry for the table.
|
|
src-mac-addr (3) - Source MAC addresses within received frames are to
|
|
be filtered when matched with the MAC address entry for the table.
|
|
dst-src-mac-addr (4) - Source or destination MAC addresses within received
|
|
frames are to be filtered when matched with the MAC address entry of the table."
|
|
::= { swACLEthernetEntry 3 }
|
|
|
|
swACLEthernetSrcMacAddrMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC address mask for the source MAC address."
|
|
::= { swACLEthernetEntry 4 }
|
|
|
|
swACLEthernetDstMacAddrMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC address mask for the destination MAC address."
|
|
::= { swACLEthernetEntry 5 }
|
|
|
|
swACLEthernetUse8021p OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will examine the 802.1p priority value in the frame's header
|
|
or not."
|
|
::= { swACLEthernetEntry 6 }
|
|
|
|
swACLEthernetUseEthernetType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will examine the Ethernet type value in each frame's header
|
|
or not."
|
|
::= { swACLEthernetEntry 7 }
|
|
|
|
swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLEthernetEntry 8 }
|
|
|
|
swACLEthernetOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL mask entry. The type of ACL entry created. ACL type
|
|
entries can only be modified when being configured through the same
|
|
type command. For example IP-MAC Binding entries can only be modified
|
|
or deleted through the IP-MAC Binding configurations or commands."
|
|
::= { swACLEthernetEntry 9 }
|
|
|
|
swACLEthernetUnusedRuleEntries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of unused rule entries of this Ethernet profile entry."
|
|
::={ swACLEthernetEntry 10}
|
|
|
|
swACLEthernetProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE(1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the ACL mask entry unique to the mask list."
|
|
::= { swACLEthernetEntry 11 }
|
|
|
|
swACLEthernetVlanMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask used for the VLAN ID.
|
|
Valid values are from 0x0000 to 0x0FFF.
|
|
Default value is 0x0FFF
|
|
"
|
|
::= { swACLEthernetEntry 12 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLIpTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the ACL mask for IP information.
|
|
Access profiles will be created on the switch to define which
|
|
part of the incoming frame's IP layer packet header will be
|
|
examined by the switch. Masks entered will be combined
|
|
with the values the switch finds in the specified frame
|
|
header fields."
|
|
::= { swAclMaskMgmt 2 }
|
|
|
|
swACLIpEntry OBJECT-TYPE
|
|
SYNTAX SwACLIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the ACL of the IP Layer."
|
|
INDEX { swACLIpProfileID }
|
|
::= { swACLIpTable 1 }
|
|
|
|
SwACLIpEntry ::=
|
|
SEQUENCE {
|
|
swACLIpProfileID
|
|
INTEGER,
|
|
-- swACLIpPort
|
|
-- PortList,
|
|
swACLIpUsevlan
|
|
INTEGER,
|
|
swACLIpIpAddrMaskState
|
|
INTEGER,
|
|
swACLIpSrcIpAddrMask
|
|
IpAddress,
|
|
swACLIpDstIpAddrMask
|
|
IpAddress,
|
|
swACLIpUseDSCP
|
|
INTEGER,
|
|
swACLIpUseProtoType
|
|
INTEGER,
|
|
swACLIpIcmpOption
|
|
INTEGER,
|
|
swACLIpIgmpOption
|
|
INTEGER,
|
|
swACLIpTcpOption
|
|
INTEGER,
|
|
swACLIpUdpOption
|
|
INTEGER,
|
|
swACLIpTCPorUDPSrcPortMask
|
|
OCTET STRING,
|
|
swACLIpTCPorUDPDstPortMask
|
|
OCTET STRING,
|
|
swACLIpTCPFlagBit
|
|
INTEGER,
|
|
swACLIpTCPFlagBitMask
|
|
INTEGER,
|
|
swACLIpProtoIDOption
|
|
INTEGER,
|
|
swACLIpProtoID
|
|
INTEGER,
|
|
swACLIpProtoIDMask
|
|
OCTET STRING,
|
|
swACLIpRowStatus
|
|
RowStatus,
|
|
swACLIpOwner
|
|
INTEGER,
|
|
swACLIpSrcMacAddrMask
|
|
MacAddress,
|
|
swACLIpUnusedRuleEntries
|
|
INTEGER,
|
|
swACLIpProfileName
|
|
DisplayString,
|
|
swACLIpVlanMask
|
|
OCTET STRING
|
|
}
|
|
swACLIpProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLIpEntry 1 }
|
|
|
|
-- swACLIpPort OBJECT-TYPE
|
|
-- SYNTAX PortList
|
|
-- MAX-ACCESS read-create
|
|
-- STATUS current
|
|
-- DESCRIPTION
|
|
-- "This object indicates which port(s) should be filtered."
|
|
-- ::= { swACLIpEntry 2 }
|
|
|
|
swACLIpUsevlan OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the IP layer VLAN part is examined or not."
|
|
::= { swACLIpEntry 2 }
|
|
|
|
swACLIpIpAddrMaskState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-ip-addr(2),
|
|
src-ip-addr(3),
|
|
dst-src-ip-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of IP address mask.
|
|
|
|
other (1) - Neither source IP address nor destination IP address are
|
|
masked.
|
|
dst-ip-addr (2) - Destination IP addresses within received frames
|
|
are to be filtered when matched with the IP address entry of the table.
|
|
src-ip-addr (3) - Source IP addresses within received frames are
|
|
to be filtered when matched with the IP address entry of the table.
|
|
dst-src-ip-addr (4) - Destination or source IP addresses within received
|
|
frames are to be filtered when matched with the IP address entry of the
|
|
table."
|
|
::= { swACLIpEntry 3 }
|
|
|
|
swACLIpSrcIpAddrMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the IP address mask for the source IP address."
|
|
::= { swACLIpEntry 4 }
|
|
|
|
swACLIpDstIpAddrMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the IP address mask for the destination IP address."
|
|
::= { swACLIpEntry 5 }
|
|
|
|
swACLIpUseDSCP OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the DSCP protocol in the packet header
|
|
is to be examined or not."
|
|
::= { swACLIpEntry 6 }
|
|
|
|
swACLIpUseProtoType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
icmp(2),
|
|
igmp(3),
|
|
tcp(4),
|
|
udp(5),
|
|
protocolId(6)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"That object indicates which protocol will be examined."
|
|
::= { swACLIpEntry 7 }
|
|
|
|
swACLIpIcmpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
type(2),
|
|
code(3),
|
|
type-code(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates which fields are defined for ICMP.
|
|
none (1)- Both fields are null.
|
|
type (2)- Type field identified.
|
|
code (3)- Code field identified.
|
|
type-code (4)- Both ICMP fields identified.
|
|
"
|
|
::= { swACLIpEntry 8 }
|
|
|
|
swACLIpIgmpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates if the IGMP options field is identified or not."
|
|
::= { swACLIpEntry 9 }
|
|
|
|
swACLIpTcpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-addr(2),
|
|
src-addr(3),
|
|
dst-src-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the filtered address of TCP.
|
|
|
|
other (1) - Neither source port nor destination port are
|
|
masked.
|
|
dst-addr (2) - Packets will be filtered if this destination port
|
|
is identified in received frames.
|
|
src-addr (3) - Packets will be filtered if this source port is
|
|
identified in received frames.
|
|
dst-src-addr (4) - Packets will be filtered if this destination
|
|
or source port is identified in received frames."
|
|
::= { swACLIpEntry 10 }
|
|
|
|
swACLIpUdpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-addr(2),
|
|
src-addr(3),
|
|
dst-src-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the filtered address of UDP .
|
|
|
|
other (1) - Neither source port nor destination port are
|
|
masked.
|
|
dst-addr (2) - Packets will be filtered if this destination port
|
|
is identified in received frames.
|
|
src-addr (3) - Packets will be filtered if this source port is
|
|
identified in received frames.
|
|
dst-src-addr (4) - Packets will be filtered if this destination
|
|
or source port is identified in received frames."
|
|
|
|
::= { swACLIpEntry 11 }
|
|
|
|
swACLIpTCPorUDPSrcPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP port mask for the source port if swACLIpUseProtoType is TCP
|
|
Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP.
|
|
"
|
|
::= { swACLIpEntry 12 }
|
|
|
|
swACLIpTCPorUDPDstPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP port mask for the destination port if swACLIpUseProtoType is TCP
|
|
Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP."
|
|
::= { swACLIpEntry 13 }
|
|
|
|
swACLIpTCPFlagBit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP connection flag mask."
|
|
::= { swACLIpEntry 14 }
|
|
|
|
swACLIpTCPFlagBitMask OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A value which indicates the set of TCP flags that this
|
|
entity may potentially offer. The value is a sum of flag bits.
|
|
This sum initially takes the value zero. Then, for each flag, L,
|
|
is added in the range 1 through 6, for which this node performs
|
|
transactions where 2^(L-1) is added to the sum.
|
|
Note that values should be calculated accordingly:
|
|
|
|
Flag functionality
|
|
6 urg bit
|
|
5 ack bit
|
|
4 psh bit
|
|
3 rst bit
|
|
2 syn bit
|
|
1 fin bit
|
|
For example, if you want to enable urg bit and ack bit, you
|
|
should set value 48{2^(5-1) + 2^(6-1)}."
|
|
::= { swACLIpEntry 15 }
|
|
|
|
swACLIpProtoIDOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will examine each frame's protocol ID field or not."
|
|
::= { swACLIpEntry 16 }
|
|
|
|
swACLIpProtoID OBJECT-TYPE
|
|
SYNTAX INTEGER(0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IP protocol ID behind the IP header."
|
|
::= { swACLIpEntry 17 }
|
|
|
|
swACLIpProtoIDMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(20))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IP protocol ID and the mask options
|
|
behind the IP header."
|
|
::= { swACLIpEntry 18 }
|
|
|
|
swACLIpRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLIpEntry 19 }
|
|
|
|
swACLIpOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL mask entry. The type of ACL entry created. ACL type
|
|
entries can only be modified when being configured through the same
|
|
type command. For example, IP-MAC Binding entries can only be modified
|
|
or deleted through the IP-MAC Binding configurations or commands."
|
|
::= { swACLIpEntry 20 }
|
|
|
|
swACLIpSrcMacAddrMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC address mask for the source MAC address."
|
|
::= { swACLIpEntry 21 }
|
|
|
|
swACLIpUnusedRuleEntries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of unused rule entries this IP profile entry."
|
|
::={ swACLIpEntry 22}
|
|
|
|
swACLIpProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE(1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the ACL mask entry unique to the mask list."
|
|
::= { swACLIpEntry 23 }
|
|
|
|
swACLIpVlanMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask used for the VLAN ID.
|
|
Valid values are from 0x0000 to 0x0FFF.
|
|
Default value is 0x0FFF.
|
|
"
|
|
::= { swACLIpEntry 24 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLPktContMaskTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLPktContMaskTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPktContMaskEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the ACL mask for user-defined information.
|
|
An access profile will be created on the switch to define which part
|
|
of each incoming frame's user-defined part of the packet header
|
|
will be examined by switch. Masks entered will be combined
|
|
with the values the switch finds in the specified frame header fields."
|
|
::= { swAclMaskMgmt 3 }
|
|
|
|
swACLPktContMaskEntry OBJECT-TYPE
|
|
SYNTAX SwACLPktContMaskEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about user-defined ACLs."
|
|
INDEX { swACLPktContMaskProfileID }
|
|
::= { swACLPktContMaskTable 1 }
|
|
|
|
SwACLPktContMaskEntry ::=
|
|
SEQUENCE {
|
|
swACLPktContMaskProfileID
|
|
INTEGER,
|
|
-- swACLPktContMaskPort
|
|
-- PortList,
|
|
swACLPktContMaskOffset0to15
|
|
OCTET STRING,
|
|
swACLPktContMaskOffset16to31
|
|
OCTET STRING,
|
|
swACLPktContMaskOffset32to47
|
|
OCTET STRING,
|
|
swACLPktContMaskOffset48to63
|
|
OCTET STRING,
|
|
swACLPktContMaskOffset64to79
|
|
OCTET STRING,
|
|
swACLPktContMaskRowStatus
|
|
RowStatus,
|
|
swACLPktContMaskOwner
|
|
INTEGER,
|
|
swACLPktContMaskUnusedRuleEntries
|
|
INTEGER,
|
|
swACLPktContMaskProfileName
|
|
DisplayString
|
|
}
|
|
swACLPktContMaskProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLPktContMaskEntry 1 }
|
|
|
|
-- swACLPktContMaskPort OBJECT-TYPE
|
|
-- SYNTAX PortList
|
|
-- MAX-ACCESS read-create
|
|
-- STATUS current
|
|
-- DESCRIPTION
|
|
-- "This object indicates which port(s) should be filtered."
|
|
-- ::= { swACLPktContMaskEntry 2 }
|
|
|
|
swACLPktContMaskOffset0to15 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset0to15) and
|
|
the mask options."
|
|
::= { swACLPktContMaskEntry 2 }
|
|
|
|
swACLPktContMaskOffset16to31 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset16to31) and
|
|
the mask options."
|
|
::= { swACLPktContMaskEntry 3 }
|
|
|
|
swACLPktContMaskOffset32to47 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset32to47) and
|
|
the mask options."
|
|
::= { swACLPktContMaskEntry 4 }
|
|
|
|
swACLPktContMaskOffset48to63 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset48to63) and
|
|
the mask options."
|
|
::= { swACLPktContMaskEntry 5 }
|
|
|
|
swACLPktContMaskOffset64to79 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset64to79) and
|
|
the mask options."
|
|
::= { swACLPktContMaskEntry 6 }
|
|
|
|
swACLPktContMaskRowStatus OBJECT-TYPE --swACLEthernetState
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLPktContMaskEntry 7 }
|
|
|
|
swACLPktContMaskOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL mask entry. The type of ACL entry created. ACL type
|
|
entries can only be modified when being configured through the same
|
|
type command. For example, IP-MAC Binding entries can only be modified
|
|
or deleted through the IP-MAC Binding configurations or commands."
|
|
::= { swACLPktContMaskEntry 8 }
|
|
|
|
swACLPktContMaskUnusedRuleEntries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of unused rule entries of this IP profile entry."
|
|
::={ swACLPktContMaskEntry 9}
|
|
|
|
swACLPktContMaskProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE(1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the ACL mask entry unique to the mask list."
|
|
::= { swACLPktContMaskEntry 10 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLIpv6MaskTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLIpv6MaskTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLIpv6MaskEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains user-defined ACL mask information.
|
|
An access profile will be created on the switch to define which
|
|
parts of each incoming frame's IPv6 part of the packet header will
|
|
be examined by the switch. Masks entered will be combined
|
|
with the values the switch finds in the specified frame header fields."
|
|
::= { swAclMaskMgmt 4 }
|
|
|
|
swACLIpv6MaskEntry OBJECT-TYPE
|
|
SYNTAX SwACLIpv6MaskEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about user-defined ACLs."
|
|
INDEX { swACLIpv6MaskProfileID }
|
|
::= { swACLIpv6MaskTable 1 }
|
|
|
|
SwACLIpv6MaskEntry ::=
|
|
SEQUENCE {
|
|
swACLIpv6MaskProfileID
|
|
INTEGER,
|
|
-- swACLIpv6MaskPort
|
|
-- PortList,
|
|
swACLIpv6MaskClass
|
|
INTEGER,
|
|
swACLIpv6MaskFlowlabel
|
|
INTEGER,
|
|
swACLIpv6IpAddrMaskState
|
|
INTEGER,
|
|
swACLIpv6MaskSrcIpv6Mask
|
|
Ipv6Address,
|
|
swACLIpv6MaskDstIpv6Mask
|
|
Ipv6Address,
|
|
swACLIpv6MaskRowStatus
|
|
RowStatus,
|
|
swACLIpv6MaskOwner
|
|
INTEGER,
|
|
swACLIpv6MaskUnusedRuleEntries
|
|
INTEGER,
|
|
swACLIpv6MaskProfileName
|
|
DisplayString,
|
|
swACLIpv6MaskUseProtoType
|
|
INTEGER,
|
|
swACLIpv6MaskTcpOption
|
|
INTEGER,
|
|
swACLIpv6MaskUdpOption
|
|
INTEGER,
|
|
swACLIpv6MaskTCPorUDPSrcPortMask
|
|
OCTET STRING,
|
|
swACLIpv6MaskTCPorUDPDstPortMask
|
|
OCTET STRING
|
|
}
|
|
swACLIpv6MaskProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLIpv6MaskEntry 1 }
|
|
|
|
-- swACLIpv6MaskPort OBJECT-TYPE
|
|
-- SYNTAX PortList
|
|
-- MAX-ACCESS read-create
|
|
-- STATUS current
|
|
-- DESCRIPTION
|
|
-- "This object indicates which port(s) should be filtered."
|
|
-- ::= { swACLIpv6MaskEntry 2 }
|
|
|
|
swACLIpv6MaskClass OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IPv6 class field and the mask options."
|
|
::= { swACLIpv6MaskEntry 2 }
|
|
|
|
swACLIpv6MaskFlowlabel OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IPv6 flowlabel field and the mask options."
|
|
::= { swACLIpv6MaskEntry 3 }
|
|
|
|
swACLIpv6IpAddrMaskState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-ipv6-addr(2),
|
|
src-ipv6-addr(3),
|
|
dst-src-ipv6-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the IPv6 address mask.
|
|
|
|
other (1) - Neither source IPv6 address nor destination IPv6 address are
|
|
masked.
|
|
dst-ipv6-addr (2) - Received frame destination IPv6 address is
|
|
currently used to be filtered as it meets with the IPv6
|
|
address entry of the table.
|
|
src-ipv6-addr (3) - Received frame source IPv6 address is currently
|
|
used to be filtered as it meets with the IPv6 address entry of
|
|
the table.
|
|
dst-src-ipv6-addr (4) - Received frame destination IPv6 address or
|
|
source IPv6 address is currently used to be filtered as it meets
|
|
with the IPv6 address entry of the table."
|
|
::= { swACLIpv6MaskEntry 4 }
|
|
|
|
swACLIpv6MaskSrcIpv6Mask OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the Source IPv6 address and the mask options.
|
|
This should be a 16 byte octet string."
|
|
::= { swACLIpv6MaskEntry 5 }
|
|
|
|
swACLIpv6MaskDstIpv6Mask OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the Destination IPv6 address and the mask options.
|
|
This should be a 16 byte octet string."
|
|
::= { swACLIpv6MaskEntry 6 }
|
|
|
|
swACLIpv6MaskRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLIpv6MaskEntry 7 }
|
|
|
|
swACLIpv6MaskOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL mask entry. The type of ACL entry created. ACL type
|
|
entries can only be modified when being configured through the same
|
|
type command. For example, IP-MAC Binding entries can only be modified
|
|
or deleted through the IP-MAC Binding configurations or commands."
|
|
::= { swACLIpv6MaskEntry 8 }
|
|
|
|
swACLIpv6MaskUnusedRuleEntries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of unused rule entries of this IP profile entry."
|
|
::={ swACLIpv6MaskEntry 9}
|
|
|
|
swACLIpv6MaskProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE(1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the ACL mask entry unique to the mask list."
|
|
::= { swACLIpv6MaskEntry 10 }
|
|
|
|
swACLIpv6MaskUseProtoType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
tcp(2),
|
|
udp(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"That object indicates which protocol will be examined."
|
|
::= { swACLIpv6MaskEntry 11 }
|
|
|
|
swACLIpv6MaskTcpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-addr(2),
|
|
src-addr(3),
|
|
dst-src-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the filtered address of TCP.
|
|
|
|
other (1) - Neither source port nor destination port are
|
|
masked.
|
|
dst-addr (2) - Packets will be filtered if this destination port
|
|
is identified in received frames.
|
|
src-addr (3) - Packets will be filtered if this source port is
|
|
identified in received frames.
|
|
dst-src-addr (4) - Packets will be filtered if this destination
|
|
or source port is identified in received frames."
|
|
::= { swACLIpv6MaskEntry 12 }
|
|
|
|
swACLIpv6MaskUdpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-addr(2),
|
|
src-addr(3),
|
|
dst-src-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the filtered address of UDP.
|
|
|
|
other (1) - Neither source port nor destination port is
|
|
masked.
|
|
dst-addr (2) - Packets will be filtered if this destination port
|
|
is identified in received frames.
|
|
src-addr (3) - Packets will be filtered if this source port is
|
|
identified in received frames.
|
|
dst-src-addr (4) - Packets will be filtered if this destination
|
|
or source port is identified in received frames."
|
|
|
|
::= { swACLIpv6MaskEntry 13 }
|
|
|
|
swACLIpv6MaskTCPorUDPSrcPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP port mask for the source port if swACLIpv6MaskUseProtoType is TCP
|
|
Specifies a UDP port mask for the source port if swACLIpv6MaskUseProtoType is UDP.
|
|
"
|
|
::= { swACLIpv6MaskEntry 14 }
|
|
|
|
swACLIpv6MaskTCPorUDPDstPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP port mask for the destination port if swACLIpv6MaskUseProtoType is TCP
|
|
Specifies a UDP port mask for the destination port if swACLIpv6MaskUseProtoType is UDP."
|
|
::= { swACLIpv6MaskEntry 15 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLMaskDelAllState
|
|
-- -----------------------------------------------------------------------------
|
|
swACLMaskDelAllState OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
none(1),
|
|
start(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Used to delete all ACL masks."
|
|
::= { swAclMaskMgmt 5 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
--swIBPACLEthernetTable
|
|
-- -----------------------------------------------------------------------------
|
|
swIBPACLEthernetTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwIBPACLEthernetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"This table contains IP-MAC-Binding ACL mask Ethernet information.
|
|
Access profiles will be created on the switch by row creation and to
|
|
define which parts of each incoming frame's layer 2 header part
|
|
the switch will examine. Masks can be entered that will be combined
|
|
with the values the switch finds in the specified frame header fields."
|
|
::= { swAclMaskMgmt 6 }
|
|
|
|
swIBPACLEthernetEntry OBJECT-TYPE
|
|
SYNTAX SwIBPACLEthernetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"A list of information about the Ethernet ACL."
|
|
INDEX { swIBPACLEthernetProfileID }
|
|
::= { swIBPACLEthernetTable 1 }
|
|
|
|
SwIBPACLEthernetEntry ::=
|
|
SEQUENCE {
|
|
swIBPACLEthernetProfileID
|
|
INTEGER,
|
|
swIBPACLEthernetUseEthernetType
|
|
INTEGER
|
|
}
|
|
swIBPACLEthernetProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
|
|
::= { swIBPACLEthernetEntry 1 }
|
|
|
|
swIBPACLEthernetUseEthernetType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Specifies if the switch will examine the Ethernet type value in each frame's header
|
|
or not."
|
|
::= { swIBPACLEthernetEntry 2 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
--swIBPACLIpTable
|
|
-- -----------------------------------------------------------------------------
|
|
swIBPACLIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwIBPACLIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"This table contains IP-MAC-Binding IP ACL mask information.
|
|
Access profiles will be created on the switch by row creation and to
|
|
define which parts of each incoming frame's IP layer part of the header
|
|
the switch will examine. Masks can be entered that will be combined
|
|
with the values the switch finds in the specified frame header fields."
|
|
::= { swAclMaskMgmt 7 }
|
|
|
|
swIBPACLIpEntry OBJECT-TYPE
|
|
SYNTAX SwIBPACLIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"A list of information about the IP layer of the ACL."
|
|
INDEX { swIBPACLIpProfileID }
|
|
::= { swIBPACLIpTable 1 }
|
|
|
|
SwIBPACLIpEntry ::=
|
|
SEQUENCE {
|
|
swIBPACLIpProfileID
|
|
INTEGER,
|
|
swIBPACLIpSrcMacAddrMask
|
|
MacAddress,
|
|
swIBPACLIpSrcIpAddrMask
|
|
IpAddress
|
|
}
|
|
swIBPACLIpProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
|
|
::= { swIBPACLIpEntry 1 }
|
|
|
|
swIBPACLIpSrcMacAddrMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"This object specifies the MAC address mask for the source MAC address."
|
|
::= { swIBPACLIpEntry 2 }
|
|
|
|
swIBPACLIpSrcIpAddrMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"This object specifies IP address masks for the source IP address."
|
|
::= { swIBPACLIpEntry 3 }
|
|
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLPktContMaskOptionTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLPktContMaskOptionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPktContMaskOptionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the ACL mask for user-defined option information.
|
|
An access profile will be created on the switch to define which part
|
|
of each incoming frame's user-defined part of the packet header
|
|
will be examined by switch. Masks entered will be combined
|
|
with the values the switch finds in the specified frame header fields."
|
|
::= { swAclMaskMgmt 8 }
|
|
|
|
swACLPktContMaskOptionEntry OBJECT-TYPE
|
|
SYNTAX SwACLPktContMaskOptionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the user-defined ACL."
|
|
INDEX { swACLPktContMaskOptionProfileID }
|
|
::= { swACLPktContMaskOptionTable 1 }
|
|
|
|
SwACLPktContMaskOptionEntry ::=
|
|
SEQUENCE {
|
|
swACLPktContMaskOptionProfileID
|
|
INTEGER,
|
|
swACLPktContMaskOffsetChunk1State
|
|
INTEGER,
|
|
swACLPktContMaskOffsetChunk1OffsetValue
|
|
INTEGER,
|
|
swACLPktContMaskOffsetChunk1Mask
|
|
OCTET STRING,
|
|
swACLPktContMaskOffsetChunk2State
|
|
INTEGER,
|
|
swACLPktContMaskOffsetChunk2OffsetValue
|
|
INTEGER,
|
|
swACLPktContMaskOffsetChunk2Mask
|
|
OCTET STRING,
|
|
swACLPktContMaskOffsetChunk3State
|
|
INTEGER,
|
|
swACLPktContMaskOffsetChunk3OffsetValue
|
|
INTEGER,
|
|
swACLPktContMaskOffsetChunk3Mask
|
|
OCTET STRING,
|
|
swACLPktContMaskOffsetChunk4State
|
|
INTEGER,
|
|
swACLPktContMaskOffsetChunk4OffsetValue
|
|
INTEGER,
|
|
swACLPktContMaskOffsetChunk4Mask
|
|
OCTET STRING,
|
|
swACLPktContMaskOptionRowStatus
|
|
RowStatus,
|
|
swACLPktContMaskOptionOwner
|
|
INTEGER,
|
|
swACLPktContMaskOptionUnusedRuleEntries
|
|
INTEGER,
|
|
swACLPktContMaskOptionProfileName
|
|
DisplayString
|
|
}
|
|
swACLPktContMaskOptionProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLPktContMaskOptionEntry 1 }
|
|
|
|
swACLPktContMaskOffsetChunk1State OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the state of chunk1."
|
|
::= { swACLPktContMaskOptionEntry 2 }
|
|
|
|
swACLPktContMaskOffsetChunk1OffsetValue OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content offset of chunk1."
|
|
::= { swACLPktContMaskOptionEntry 3 }
|
|
|
|
swACLPktContMaskOffsetChunk1Mask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content mask of chunk1."
|
|
::= { swACLPktContMaskOptionEntry 4 }
|
|
|
|
swACLPktContMaskOffsetChunk2State OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the state of chunk2."
|
|
::= { swACLPktContMaskOptionEntry 5 }
|
|
|
|
swACLPktContMaskOffsetChunk2OffsetValue OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content offset of chunk2."
|
|
::= { swACLPktContMaskOptionEntry 6 }
|
|
|
|
swACLPktContMaskOffsetChunk2Mask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content mask of chunk2."
|
|
::= { swACLPktContMaskOptionEntry 7 }
|
|
|
|
swACLPktContMaskOffsetChunk3State OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the state of chunk3."
|
|
::= { swACLPktContMaskOptionEntry 8 }
|
|
|
|
swACLPktContMaskOffsetChunk3OffsetValue OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content offset of chunk3."
|
|
::= { swACLPktContMaskOptionEntry 9 }
|
|
|
|
swACLPktContMaskOffsetChunk3Mask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content mask of chunk3."
|
|
::= { swACLPktContMaskOptionEntry 10 }
|
|
|
|
swACLPktContMaskOffsetChunk4State OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the state of chunk4."
|
|
::= { swACLPktContMaskOptionEntry 11 }
|
|
|
|
swACLPktContMaskOffsetChunk4OffsetValue OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content offset of chunk4."
|
|
::= { swACLPktContMaskOptionEntry 12 }
|
|
|
|
swACLPktContMaskOffsetChunk4Mask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content mask of chunk4."
|
|
::= { swACLPktContMaskOptionEntry 13 }
|
|
|
|
swACLPktContMaskOptionRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLPktContMaskOptionEntry 14 }
|
|
|
|
swACLPktContMaskOptionOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL mask entry. The type of ACL entry created. ACL type
|
|
entries can only be modified when being configured through the same
|
|
type command. For example, IP-MAC Binding entries can only be modified
|
|
or deleted through the IP-MAC Binding configurations or commands."
|
|
::= { swACLPktContMaskOptionEntry 15 }
|
|
|
|
swACLPktContMaskOptionUnusedRuleEntries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of unused rule entries of this IP profile entry."
|
|
::={ swACLPktContMaskOptionEntry 16}
|
|
|
|
swACLPktContMaskOptionProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE(1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the ACL mask entry unique to the mask list."
|
|
::= { swACLPktContMaskOptionEntry 17 }
|
|
|
|
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLPktContMaskOption2
|
|
-- -----------------------------------------------------------------------------
|
|
|
|
swACLPktContMaskOption2 OBJECT IDENTIFIER ::= { swAclMaskMgmt 10 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLPktContMaskOption2Table
|
|
-- -----------------------------------------------------------------------------
|
|
swACLPktContMaskOption2Table OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPktContMaskOption2Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the ACL mask for user-defined option 2 information.
|
|
An access profile will be created on the switch to define which part
|
|
of each incoming frame's user-defined part of the packet header
|
|
will be examined by switch. Masks entered will be combined
|
|
with the values the switch finds in the specified frame header fields.
|
|
|
|
To create a packet content field with respect to an offset, an entry in the
|
|
swACLPktContMaskOption2OffsetsTable must be created first.
|
|
|
|
On row creation, all entries in the corresponding profile defined in the
|
|
swACLPktContMaskOption2OffsetsTable will be associated to the profile mask.
|
|
|
|
If any rule is using the profile mask the entries cannot be modified.
|
|
|
|
"
|
|
::= { swACLPktContMaskOption2 1 }
|
|
|
|
swACLPktContMaskOption2Entry OBJECT-TYPE
|
|
SYNTAX SwACLPktContMaskOption2Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the user-defined ACL."
|
|
INDEX { swACLPktContMaskOption2ProfileID }
|
|
::= { swACLPktContMaskOption2Table 1 }
|
|
|
|
SwACLPktContMaskOption2Entry ::=
|
|
SEQUENCE {
|
|
swACLPktContMaskOption2ProfileID
|
|
INTEGER,
|
|
swACLPktContMaskOption2SrcMac
|
|
MacAddress,
|
|
swACLPktContMaskOption2DstMac
|
|
MacAddress,
|
|
swACLPktContMaskOption2CTag
|
|
OCTET STRING,
|
|
swACLPktContMaskOption2STag
|
|
OCTET STRING,
|
|
swACLPktContMaskOption2Owner
|
|
INTEGER,
|
|
swACLPktContMaskOption2UnusedRuleEntries
|
|
INTEGER,
|
|
swACLPktContMaskOption2ProfileName
|
|
DisplayString,
|
|
swACLPktContMaskOption2RowStatus
|
|
RowStatus
|
|
}
|
|
swACLPktContMaskOption2ProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLPktContMaskOption2Entry 1 }
|
|
|
|
|
|
swACLPktContMaskOption2SrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for source MAC address"
|
|
::= { swACLPktContMaskOption2Entry 2 }
|
|
|
|
|
|
swACLPktContMaskOption2DstMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for destination MAC address"
|
|
::= { swACLPktContMaskOption2Entry 3 }
|
|
|
|
swACLPktContMaskOption2CTag OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for customer VLAN tag, valid values are only from 0x0000 to 0xFFFF."
|
|
::= { swACLPktContMaskOption2Entry 4 }
|
|
|
|
swACLPktContMaskOption2STag OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for service VLAN tag, valid values are only from 0x0000 to 0xFFFF."
|
|
::= { swACLPktContMaskOption2Entry 5 }
|
|
|
|
swACLPktContMaskOption2Owner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL mask entry. The type of ACL entry created. ACL type
|
|
entries can only be modified when being configured through the same
|
|
type command. For example, IP-MAC Binding entries can only be modified
|
|
or deleted through the IP-MAC Binding configurations or commands."
|
|
::= { swACLPktContMaskOption2Entry 6 }
|
|
|
|
swACLPktContMaskOption2UnusedRuleEntries OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of unused rule entries of this IP profile entry."
|
|
::={ swACLPktContMaskOption2Entry 7 }
|
|
|
|
swACLPktContMaskOption2ProfileName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE(1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the ACL mask entry unique to the mask list."
|
|
::= { swACLPktContMaskOption2Entry 8 }
|
|
|
|
swACLPktContMaskOption2RowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLPktContMaskOption2Entry 9 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLPktContMaskOption2OffsetsTable
|
|
-- -----------------------------------------------------------------------------
|
|
|
|
|
|
swACLPktContMaskOption2OffsetsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPktContMaskOption2OffsetsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the ACL masks for the individual packet content offset user-defined option 2 information.
|
|
Entries created in this table will not set into the TCAM until a valid entry in the swACLPktContMaskOption2Table
|
|
is created.
|
|
|
|
If any rule is using the profile mask the entries cannot be modified.
|
|
."
|
|
::= { swACLPktContMaskOption2 2 }
|
|
|
|
swACLPktContMaskOption2OffsetsEntry OBJECT-TYPE
|
|
SYNTAX SwACLPktContMaskOption2OffsetsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the individual offsets for user-defined ACL."
|
|
INDEX { swACLPktContMaskOption2OffsetsProfileID,swACLPktContMaskOption2OffsetsNum }
|
|
::= { swACLPktContMaskOption2OffsetsTable 1 }
|
|
|
|
SwACLPktContMaskOption2OffsetsEntry ::=
|
|
SEQUENCE {
|
|
swACLPktContMaskOption2OffsetsProfileID
|
|
INTEGER,
|
|
swACLPktContMaskOption2OffsetsNum
|
|
INTEGER,
|
|
swACLPktContMaskOption2OffsetsReference
|
|
INTEGER,
|
|
swACLPktContMaskOption2OffsetsValue
|
|
INTEGER,
|
|
swACLPktContMaskOption2OffsetsMask
|
|
OCTET STRING,
|
|
swACLPktContMaskOption2OffsetsRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
swACLPktContMaskOption2OffsetsProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, unique to the mask list.
|
|
This is the profile id to which this packet content field entry will be associated to.
|
|
"
|
|
::= { swACLPktContMaskOption2OffsetsEntry 1 }
|
|
|
|
swACLPktContMaskOption2OffsetsNum OBJECT-TYPE
|
|
SYNTAX INTEGER (1..11)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the offset number with respect to the profile."
|
|
::= { swACLPktContMaskOption2OffsetsEntry 2 }
|
|
|
|
swACLPktContMaskOption2OffsetsReference OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
l2(1),
|
|
l3(2),
|
|
l4(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the reference of the offset.
|
|
L2 - The offset will start counting from the byte
|
|
after the end of the VLAN tags (start of ether type)
|
|
L3 - The offset will start counting right after the ether type field.
|
|
The packet must have a valid L2 header and a recognizeable ether type in
|
|
order to be recognized.
|
|
L4 - The offset will start counting right after the end of ip header.
|
|
The packet must have a valid IP header in order to be recognized.
|
|
"
|
|
::= { swACLPktContMaskOption2OffsetsEntry 3 }
|
|
|
|
|
|
swACLPktContMaskOption2OffsetsValue OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the amount of bytes from the reference to the packet content field"
|
|
::= { swACLPktContMaskOption2OffsetsEntry 4 }
|
|
|
|
|
|
swACLPktContMaskOption2OffsetsMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for the packet content field"
|
|
::= { swACLPktContMaskOption2OffsetsEntry 5 }
|
|
|
|
swACLPktContMaskOption2OffsetsRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLPktContMaskOption2OffsetsEntry 6 }
|
|
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLEtherRuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLEtherRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLEtherRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains Ethernet ACL information."
|
|
::= { swAclRuleMgmt 1 }
|
|
|
|
swACLEtherRuleEntry OBJECT-TYPE
|
|
SYNTAX SwACLEtherRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the ACL rule of the layer 2 part of each packet."
|
|
INDEX { swACLEtherRuleProfileID,swACLEtherRuleAccessID }
|
|
::= { swACLEtherRuleTable 1 }
|
|
|
|
SwACLEtherRuleEntry ::=
|
|
SEQUENCE {
|
|
swACLEtherRuleProfileID
|
|
INTEGER,
|
|
swACLEtherRuleAccessID
|
|
INTEGER,
|
|
swACLEtherRuleVlan
|
|
SnmpAdminString,
|
|
swACLEtherRuleSrcMacAddress
|
|
MacAddress,
|
|
swACLEtherRuleDstMacAddress
|
|
MacAddress,
|
|
swACLEtherRule8021P
|
|
INTEGER,
|
|
swACLEtherRuleEtherType
|
|
OCTET STRING,
|
|
swACLEtherRuleEnablePriority
|
|
INTEGER,
|
|
swACLEtherRulePriority
|
|
INTEGER,
|
|
swACLEtherRuleReplacePriority
|
|
INTEGER,
|
|
swACLEtherRuleEnableReplaceDscp
|
|
INTEGER,
|
|
swACLEtherRuleRepDscp
|
|
INTEGER,
|
|
swACLEtherRulePermit
|
|
INTEGER,
|
|
swACLEtherRulePort
|
|
-- INTEGER,
|
|
PortList,
|
|
-- swACLEtherRuleSwAclState
|
|
-- INTEGER,
|
|
swACLEtherRuleRowStatus
|
|
RowStatus,
|
|
swACLEtherRuleOwner
|
|
INTEGER,
|
|
swACLEtherRuleRxRate
|
|
INTEGER,
|
|
swACLEtherRuleEnableReplaceTosPrecedence
|
|
INTEGER,
|
|
swACLEtherRuleRepTosPrecedence
|
|
INTEGER,
|
|
swACLEtherRuleVID
|
|
INTEGER,
|
|
swACLEtherRuleMatchVID
|
|
INTEGER,
|
|
swACLEtherRuleMaskVlan
|
|
OCTET STRING,
|
|
swACLEtherRuleMaskSrcMacAddress
|
|
MacAddress,
|
|
swACLEtherRuleMaskDstMacAddress
|
|
MacAddress
|
|
}
|
|
swACLEtherRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry, which is unique to the mask list.
|
|
The maximum value of this object depends on the device."
|
|
::= { swACLEtherRuleEntry 1 }
|
|
|
|
swACLEtherRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the the ACL rule entry relates to the swACLEtherRuleProfileID.
|
|
When row creation is set to 0, assignment of an Access ID for ports is automatic
|
|
and the swACLEtherRulePort creates Rule entries for the swACLEtherRulePort accordingly.
|
|
When set from 1 to 65535, an access ID will be created for the swACLEtherRulePort.
|
|
The swACLEtherRulePort must be set to one port only otherwise the row creation will fail.
|
|
"
|
|
::= { swACLEtherRuleEntry 2 }
|
|
|
|
swACLEtherRuleVlan OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to the packet with the VLAN ID indexed by this VLAN name."
|
|
::= { swACLEtherRuleEntry 3 }
|
|
|
|
swACLEtherRuleSrcMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply to only packets with
|
|
this source MAC address."
|
|
::= { swACLEtherRuleEntry 4 }
|
|
|
|
swACLEtherRuleDstMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply to only packets
|
|
with this destination MAC address."
|
|
::= { swACLEtherRuleEntry 5 }
|
|
|
|
swACLEtherRule8021P OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with
|
|
this 802.1p priority value. A value of -1 indicates that this node
|
|
is not actively used."
|
|
::= { swACLEtherRuleEntry 6 }
|
|
|
|
swACLEtherRuleEtherType OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with this
|
|
hexadecimal 802.1Q Ethernet type value in the packet header."
|
|
::= { swACLEtherRuleEntry 7 }
|
|
|
|
swACLEtherRuleEnablePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with
|
|
priority value."
|
|
::= { swACLEtherRuleEntry 8 }
|
|
|
|
swACLEtherRulePriority OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the priority will be changed in packets while the swACLEtherRuleEnablePriority
|
|
is enabled ."
|
|
::= { swACLEtherRuleEntry 9 }
|
|
|
|
swACLEtherRuleReplacePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
802.1p priority tag field or not ."
|
|
::= { swACLEtherRuleEntry 10 }
|
|
|
|
swACLEtherRuleEnableReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
DSCP field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported.
|
|
"
|
|
::= { swACLEtherRuleEntry 11 }
|
|
|
|
swACLEtherRuleRepDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the DSCP field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the DSCP field of the packet."
|
|
::= { swACLEtherRuleEntry 12 }
|
|
|
|
swACLEtherRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2),
|
|
mirror(3),
|
|
set-drop-precedence(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the packet examination is 'permit' or 'deny'.
|
|
The default is 'permit'.
|
|
permit - Specifies that packets matching the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets matching the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered.
|
|
mirror - Specifies that packets matching the access profile are copied to the mirror port.
|
|
Note : The ACL mirror function will start functioning after mirror has been enabled
|
|
and the mirror port has been configured.
|
|
set-drop-precedence - Specifies that packets that matching the access profile are set
|
|
to drop precedence."
|
|
::= { swACLEtherRuleEntry 13 }
|
|
|
|
swACLEtherRulePort OBJECT-TYPE
|
|
-- SYNTAX INTEGER (1..65535)
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s).
|
|
This object and swACLEtherRuleVID can not be set together."
|
|
::= { swACLEtherRuleEntry 14 }
|
|
|
|
-- swACLEtherRuleSwAclState OBJECT-TYPE
|
|
-- SYNTAX INTEGER {
|
|
-- enable(1),
|
|
-- disable(2)
|
|
-- }
|
|
-- MAX-ACCESS read-create
|
|
-- STATUS current
|
|
-- DESCRIPTION
|
|
-- "Specifies that the access rule will only apply to the software ACL state."
|
|
-- ::= { swACLEtherRuleEntry 15 }
|
|
|
|
swACLEtherRuleRowStatus OBJECT-TYPE --swACLEtherRuleState
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLEtherRuleEntry 15 }
|
|
|
|
swACLEtherRuleOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL rule entry. Only owners can modify this entry."
|
|
::= { swACLEtherRuleEntry 16 }
|
|
|
|
swACLEtherRuleRxRate OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the rx rate, 0 denotes no_limit. The maximum value of this object depends on the device."
|
|
::= { swACLEtherRuleEntry 17 }
|
|
|
|
swACLEtherRuleEnableReplaceTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
ToS precedence field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported.
|
|
"
|
|
::= { swACLEtherRuleEntry 18 }
|
|
|
|
swACLEtherRuleRepTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the ToS precedence field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the ToS precedence field of the packet."
|
|
::= { swACLEtherRuleEntry 19 }
|
|
|
|
swACLEtherRuleVID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the VLAN-based ACL rule. There are two conditions:
|
|
1. this rule will apply to all the ports;
|
|
2. packets must belong to this VLAN.
|
|
|
|
This object and swACLEtherRulePort can not be set together.
|
|
When you set swACLEtherRulePort, the value of this object will automatically change to 0.
|
|
And this object can not be set to 0."
|
|
::= { swACLEtherRuleEntry 20 }
|
|
|
|
swACLEtherRuleMatchVID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with
|
|
this VLAN ID. It is applied to the specified ports configured by swACLEtherRulePort."
|
|
::= { swACLEtherRuleEntry 21 }
|
|
|
|
|
|
swACLEtherRuleMaskVlan OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask for the VLAN field as defined in swACLEtherRuleVlan object.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
"
|
|
::= { swACLEtherRuleEntry 22 }
|
|
|
|
swACLEtherRuleMaskSrcMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask for the source MAC addres field as defined in swACLEtherRuleSrcMacAddress object.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
"
|
|
::= { swACLEtherRuleEntry 23 }
|
|
|
|
swACLEtherRuleMaskDstMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask for the destination MAC addres field as defined in swACLEtherRuleDstMacAddress object.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
"
|
|
::= { swACLEtherRuleEntry 24 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLIpRuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLIpRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swAclRuleMgmt 2 }
|
|
|
|
swACLIpRuleEntry OBJECT-TYPE
|
|
SYNTAX SwACLIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { swACLIpRuleProfileID , swACLIpRuleAccessID }
|
|
::= { swACLIpRuleTable 1 }
|
|
|
|
SwACLIpRuleEntry ::=
|
|
SEQUENCE {
|
|
swACLIpRuleProfileID
|
|
INTEGER,
|
|
swACLIpRuleAccessID
|
|
INTEGER,
|
|
swACLIpRuleVlan
|
|
SnmpAdminString,
|
|
swACLIpRuleSrcIpaddress
|
|
IpAddress,
|
|
swACLIpRuleDstIpaddress
|
|
IpAddress,
|
|
swACLIpRuleDscp
|
|
INTEGER,
|
|
swACLIpRuleProtocol
|
|
INTEGER,
|
|
swACLIpRuleType
|
|
INTEGER,
|
|
swACLIpRuleCode
|
|
INTEGER,
|
|
swACLIpRuleSrcPort
|
|
INTEGER,
|
|
swACLIpRuleDstPort
|
|
INTEGER,
|
|
swACLIpRuleFlagBits
|
|
INTEGER,
|
|
swACLIpRuleProtoID
|
|
INTEGER,
|
|
swACLIpRuleUserMask
|
|
OCTET STRING,
|
|
swACLIpRuleEnablePriority
|
|
INTEGER,
|
|
swACLIpRulePriority
|
|
INTEGER,
|
|
swACLIpRuleReplacePriority
|
|
INTEGER,
|
|
swACLIpRuleEnableReplaceDscp
|
|
INTEGER,
|
|
swACLIpRuleRepDscp
|
|
INTEGER,
|
|
swACLIpRulePermit
|
|
INTEGER,
|
|
swACLIpRulePort
|
|
-- INTEGER,
|
|
PortList,
|
|
-- swACLIpRuleSwAclState
|
|
-- INTEGER,
|
|
swACLIpRuleRowStatus
|
|
RowStatus,
|
|
swACLIpRuleOwner
|
|
INTEGER,
|
|
swACLIpRuleRxRate
|
|
INTEGER,
|
|
swACLIpRuleSrcMacAddress
|
|
MacAddress,
|
|
swACLIpRuleEnableReplaceTosPrecedence
|
|
INTEGER,
|
|
swACLIpRuleRepTosPrecedence
|
|
INTEGER,
|
|
swACLIpRuleVID
|
|
INTEGER,
|
|
swACLIpRuleMatchVID
|
|
INTEGER,
|
|
swACLIpRuleMaskVlan
|
|
OCTET STRING,
|
|
swACLIpRuleMaskSrcIpaddress
|
|
IpAddress,
|
|
swACLIpRuleMaskDstIpaddress
|
|
IpAddress,
|
|
swACLIpRuleMaskSrcPort
|
|
OCTET STRING,
|
|
swACLIpRuleMaskDstPort
|
|
OCTET STRING
|
|
}
|
|
|
|
swACLIpRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLIpRuleEntry 1 }
|
|
|
|
swACLIpRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry relates to swACLIPRuleProfileID.
|
|
Row creation set to 0 indicates automatic assignment of the Access ID
|
|
for the ports in the swACLIpRulePort to create Rule entries
|
|
for swACLIpRulePort accordingly.
|
|
Set to 1-65535 causes creation of an access ID for the swACLIpRulePort.
|
|
The swACLIpRulePort must be set to one port only otherwise the row
|
|
creation will fail."
|
|
::= { swACLIpRuleEntry 2 }
|
|
|
|
swACLIpRuleVlan OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to packets with the VLAN ID indexed by this VLAN name."
|
|
::= { swACLIpRuleEntry 3 }
|
|
|
|
swACLIpRuleSrcIpaddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies an IP source address."
|
|
::= { swACLIpRuleEntry 4 }
|
|
|
|
swACLIpRuleDstIpaddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies an IP destination address."
|
|
::= { swACLIpRuleEntry 5 }
|
|
|
|
swACLIpRuleDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of DSCP. The value can be configured from 0 to 63.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swACLIpRuleEntry 6 }
|
|
|
|
swACLIpRuleProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
icmp(2),
|
|
igmp(3),
|
|
tcp(4),
|
|
udp(5),
|
|
protocolId(6)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IP protocol.
|
|
For some older chips, this object can not be set. When getting this object,
|
|
it always returns the type which has been configured in swACLIpEntry.
|
|
|
|
For some newer chips, this object can only set the type which
|
|
has been configured in swACLIpEntry. The default value is none (1).
|
|
"
|
|
::= { swACLIpRuleEntry 7 }
|
|
|
|
swACLIpRuleType OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the value of ICMP type traffic.
|
|
A value of -1 denotes that this object is not active."
|
|
::= { swACLIpRuleEntry 8 }
|
|
|
|
swACLIpRuleCode OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the value of ICMP code traffic.
|
|
A value of -1 denotes that this object is not active."
|
|
::= { swACLIpRuleEntry 9 }
|
|
|
|
swACLIpRuleSrcPort OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the range of the TCP/UDP source ports.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swACLIpRuleEntry 10 }
|
|
|
|
swACLIpRuleDstPort OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the TCP/UDP destination port range.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swACLIpRuleEntry 11 }
|
|
|
|
swACLIpRuleFlagBits OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A value which indicates the set of TCP flags that this
|
|
entity may potentially offer. The value is a sum of flag bits.
|
|
This sum initially takes the value zero. Then, for each flag, L
|
|
is added in the range 1 through 6, for which this node performs
|
|
transactions, where 2^(L - 1) is added to the sum.
|
|
Note that values should be calculated accordingly:
|
|
|
|
Flag functionality
|
|
6 urg bit
|
|
5 ack bit
|
|
4 psh bit
|
|
3 rst bit
|
|
2 syn bit
|
|
1 fin bit
|
|
For example, it you want to enable urg bit and ack bit, you
|
|
should set value 48{2^(5-1) + 2^(6-1)}."
|
|
::= { swACLIpRuleEntry 12 }
|
|
|
|
swACLIpRuleProtoID OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the value of IP protocol ID traffic.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swACLIpRuleEntry 13 }
|
|
|
|
swACLIpRuleUserMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(20))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IP protocol ID and the range of
|
|
options behind the IP header."
|
|
::= { swACLIpRuleEntry 14 }
|
|
|
|
swACLIpRuleEnablePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with this
|
|
priority value."
|
|
::= { swACLIpRuleEntry 15 }
|
|
|
|
swACLIpRulePriority OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the priority will change in packets while the swACLIpRuleEnablePriority
|
|
is enabled."
|
|
::= { swACLIpRuleEntry 16 }
|
|
|
|
swACLIpRuleReplacePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether the packets that match the access profile will change the
|
|
802.1p priority tag field by the switch or not."
|
|
::= { swACLIpRuleEntry 17 }
|
|
|
|
swACLIpRuleEnableReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
DSCP field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported.
|
|
"
|
|
::= { swACLIpRuleEntry 18 }
|
|
|
|
swACLIpRuleRepDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the DSCP field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the DSCP field of the packet."
|
|
::= { swACLIpRuleEntry 19 }
|
|
|
|
swACLIpRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2),
|
|
mirror(3),
|
|
set-drop-precedence(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the packet examination is 'permit' or 'deny'.
|
|
The default is 'permit'.
|
|
permit - Specifies that packets matching the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets matching the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered.
|
|
mirror - Specifies the packets matching the access profile are copied
|
|
to the mirror port.
|
|
Note : The ACL mirror function will work after the mirror is enabled and the mirror port has
|
|
been configured.
|
|
set-drop-precedence - Specifies the packets that match the access profile are set
|
|
to drop precedence."
|
|
::= { swACLIpRuleEntry 20 }
|
|
|
|
swACLIpRulePort OBJECT-TYPE
|
|
-- SYNTAX INTEGER (1..65535)
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s).
|
|
This object and swACLIpRuleVID can not be set together. "
|
|
::= { swACLIpRuleEntry 21 }
|
|
|
|
-- swACLIpRuleSwAclState OBJECT-TYPE
|
|
-- SYNTAX INTEGER {
|
|
-- enable(1),
|
|
-- disable(2)
|
|
-- }
|
|
-- MAX-ACCESS read-create
|
|
-- STATUS current
|
|
-- DESCRIPTION
|
|
-- "Specifies that the access rule will only apply to the software ACL state."
|
|
-- ::= { swACLIpRuleEntry 22 }
|
|
|
|
swACLIpRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLIpRuleEntry 22 }
|
|
|
|
swACLIpRuleOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL rule entry. Only owners can modify this entry."
|
|
::= { swACLIpRuleEntry 23 }
|
|
|
|
swACLIpRuleRxRate OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
|
|
::= { swACLIpRuleEntry 24 }
|
|
|
|
swACLIpRuleSrcMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access will only apply to packets with
|
|
this source MAC address."
|
|
::= { swACLIpRuleEntry 25 }
|
|
|
|
swACLIpRuleEnableReplaceTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
ToS precedence field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported.
|
|
"
|
|
::= { swACLIpRuleEntry 26 }
|
|
|
|
swACLIpRuleRepTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the ToS precedence field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the ToS precedence field of the packet."
|
|
::= { swACLIpRuleEntry 27 }
|
|
|
|
swACLIpRuleVID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the VLAN-based rule. There are two conditions:
|
|
1. this rule will apply to all the ports;
|
|
2. packets must belong to this VLAN.
|
|
|
|
This object and swACLIpRulePort can not be set together.
|
|
When you set swACLIpRulePort, the value of this object will automatically change to 0.
|
|
And this object can not be set 0."
|
|
::= { swACLIpRuleEntry 28 }
|
|
|
|
swACLIpRuleMatchVID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with
|
|
this VLAN ID. It is applied to the specified ports configured by swACLIpRulePort."
|
|
::= { swACLIpRuleEntry 29 }
|
|
|
|
swACLIpRuleMaskVlan OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask for the VLAN as defined in swACLIpRuleVlan object.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
This object is writeable only once.
|
|
"
|
|
::= { swACLIpRuleEntry 30 }
|
|
|
|
swACLIpRuleMaskSrcIpaddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask for the source IP address as defined in swACLIpRuleSrcIpaddress object.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
This object is writeable only once.
|
|
"
|
|
::= { swACLIpRuleEntry 31 }
|
|
|
|
swACLIpRuleMaskDstIpaddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask for the destination IP address as defined in swACLIpRuleMaskDstIpaddress object.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
This object is writeable only once.
|
|
"
|
|
::= { swACLIpRuleEntry 32 }
|
|
|
|
|
|
swACLIpRuleMaskSrcPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask for the L4 source port as defined in swACLIpRuleSrcPort object.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
This object is writeable only once.
|
|
"
|
|
::= { swACLIpRuleEntry 33 }
|
|
|
|
swACLIpRuleMaskDstPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask for the L4 destination port as defined in swACLIpRuleDstPort object.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
This object is writeable only once.
|
|
"
|
|
::= { swACLIpRuleEntry 34 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLPktContRuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLPktContRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPktContRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains ACL rules regarding user-defined information."
|
|
::= { swAclRuleMgmt 3 }
|
|
|
|
swACLPktContRuleEntry OBJECT-TYPE
|
|
SYNTAX SwACLPktContRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the ACL rule of the user-defined part of each packet."
|
|
INDEX { swACLPktContRuleProfileID,swACLPktContRuleAccessID }
|
|
::= { swACLPktContRuleTable 1 }
|
|
|
|
SwACLPktContRuleEntry ::=
|
|
SEQUENCE {
|
|
swACLPktContRuleProfileID
|
|
INTEGER,
|
|
swACLPktContRuleAccessID
|
|
INTEGER,
|
|
swACLPktContRuleOffset0to15
|
|
OCTET STRING,
|
|
swACLPktContRuleOffset16to31
|
|
OCTET STRING,
|
|
swACLPktContRuleOffset32to47
|
|
OCTET STRING,
|
|
swACLPktContRuleOffset48to63
|
|
OCTET STRING,
|
|
swACLPktContRuleOffset64to79
|
|
OCTET STRING,
|
|
swACLPktContRuleEnablePriority
|
|
INTEGER,
|
|
swACLPktContRulePriority
|
|
INTEGER,
|
|
swACLPktContRuleReplacePriority
|
|
INTEGER,
|
|
swACLPktContRuleEnableReplaceDscp
|
|
INTEGER,
|
|
swACLPktContRuleRepDscp
|
|
INTEGER,
|
|
swACLPktContRulePermit
|
|
INTEGER,
|
|
swACLPktContRulePort
|
|
-- INTEGER,
|
|
PortList,
|
|
-- swACLPktContRuleSwAclState
|
|
-- INTEGER,
|
|
swACLPktContRuleRowStatus
|
|
RowStatus,
|
|
swACLPktContRuleOwner
|
|
INTEGER,
|
|
swACLPktContRuleRxRate
|
|
INTEGER,
|
|
swACLPktContRuleEnableReplaceTosPrecedence
|
|
INTEGER,
|
|
swACLPktContRuleRepTosPrecedence
|
|
INTEGER,
|
|
swACLPktContRuleVID
|
|
INTEGER
|
|
}
|
|
swACLPktContRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLPktContRuleEntry 1 }
|
|
|
|
swACLPktContRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID.
|
|
When row creation is set to 0, an access ID is automatically created
|
|
for the ports in the swACLPktContRulePort to create rule entries
|
|
for swACLPktContRulePort accordingly.
|
|
Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID
|
|
for the swACLPktContRulePort. The swACLPktContRulePort must be set to
|
|
one port only, otherwise the row creation will fail."
|
|
::= { swACLPktContRuleEntry 2 }
|
|
|
|
swACLPktContRuleOffset0to15 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swACLPktContRuleEntry 3 }
|
|
|
|
swACLPktContRuleOffset16to31 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swACLPktContRuleEntry 4 }
|
|
|
|
swACLPktContRuleOffset32to47 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swACLPktContRuleEntry 5 }
|
|
|
|
swACLPktContRuleOffset48to63 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swACLPktContRuleEntry 6 }
|
|
|
|
swACLPktContRuleOffset64to79 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swACLPktContRuleEntry 7 }
|
|
|
|
swACLPktContRuleEnablePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with this
|
|
priority value."
|
|
::= { swACLPktContRuleEntry 8 }
|
|
|
|
swACLPktContRulePriority OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the priority will change for the packets while the swACLPktContRuleReplacePriority
|
|
is enabled ."
|
|
::= { swACLPktContRuleEntry 9 }
|
|
|
|
swACLPktContRuleReplacePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
802.1p priority tag or not."
|
|
::= { swACLPktContRuleEntry 10 }
|
|
|
|
swACLPktContRuleEnableReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
DSCP field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported. "
|
|
::= { swACLPktContRuleEntry 11 }
|
|
|
|
swACLPktContRuleRepDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the DSCP field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the DSCP field of the packet."
|
|
::= { swACLPktContRuleEntry 12 }
|
|
|
|
swACLPktContRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2),
|
|
mirror(3),
|
|
lease-renew(4),
|
|
set-drop-precedence(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the packet examination is 'permit' or 'deny'.
|
|
The default is 'permit'.
|
|
permit - Specifies that packets matching the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets matching the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered.
|
|
mirror - Specifies that the packets matching the access profile are copied to
|
|
the mirror port.
|
|
Note : The ACL mirror function will function after mirror is enabled
|
|
and a mirror port has been configured.
|
|
lease-renew - Specifies the packets matching the access profile are copied to
|
|
the CPU.
|
|
Note : After a user enables the port's lease-renew state, all kinds of DHCP packets
|
|
(including unicast and broadcast DHCP packets) will be copied to the CPU
|
|
(using user ACL mask and rule).
|
|
set-drop-precedence - Specifies that packets matching the access profile are set
|
|
to drop precedence."
|
|
::= { swACLPktContRuleEntry 13 }
|
|
|
|
swACLPktContRulePort OBJECT-TYPE
|
|
-- SYNTAX INTEGER (1..65535)
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s).
|
|
This object and swACLPktContRuleVID can not be set together. "
|
|
::= { swACLPktContRuleEntry 14 }
|
|
|
|
-- swACLPktContRuleSwAclState OBJECT-TYPE
|
|
-- SYNTAX INTEGER {
|
|
-- enable(1),
|
|
-- disable(2)
|
|
-- }
|
|
-- MAX-ACCESS read-create
|
|
-- STATUS current
|
|
-- DESCRIPTION
|
|
-- "Specifies that the access rule will only apply to the software ACL state."
|
|
-- ::= { swACLPktContRuleEntry 15 }
|
|
|
|
swACLPktContRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLPktContRuleEntry 15 }
|
|
|
|
swACLPktContRuleOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL rule entry. Only owners can modify this entry."
|
|
::= { swACLPktContRuleEntry 16 }
|
|
|
|
swACLPktContRuleRxRate OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
|
|
::= { swACLPktContRuleEntry 17 }
|
|
|
|
swACLPktContRuleEnableReplaceTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
ToS precedence field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported.
|
|
"
|
|
::= { swACLPktContRuleEntry 18 }
|
|
|
|
swACLPktContRuleRepTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the ToS precedence field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the ToS precedence field of the packet."
|
|
::= { swACLPktContRuleEntry 19 }
|
|
|
|
swACLPktContRuleVID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies this rule only applies to the specified VLAN. There are two conditions:
|
|
1.only the portlist that belongs to this VLAN will be included;
|
|
2.packets must belong to this VLAN.
|
|
|
|
This object and swACLPktContRulePort can not be set together.
|
|
When you set swACLPktContRulePort, the value of this object will automatically change to 0.
|
|
And this object can not be set 0."
|
|
::= { swACLPktContRuleEntry 20 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLIpv6RuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLIpv6RuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLIpv6RuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the IPv6 ACL rule information."
|
|
::= { swAclRuleMgmt 4 }
|
|
|
|
swACLIpv6RuleEntry OBJECT-TYPE
|
|
SYNTAX SwACLIpv6RuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about ACL rules regarding the IPv6 part of each packet."
|
|
INDEX { swACLIpv6RuleProfileID,swACLIpv6RuleAccessID }
|
|
::= { swACLIpv6RuleTable 1 }
|
|
|
|
SwACLIpv6RuleEntry ::=
|
|
SEQUENCE {
|
|
swACLIpv6RuleProfileID
|
|
INTEGER,
|
|
swACLIpv6RuleAccessID
|
|
INTEGER,
|
|
swACLIpv6RuleClass
|
|
INTEGER,
|
|
swACLIpv6RuleFlowlabel
|
|
OCTET STRING,
|
|
swACLIpv6RuleSrcIpv6Addr
|
|
Ipv6Address,
|
|
swACLIpv6RuleDstIpv6Addr
|
|
Ipv6Address,
|
|
swACLIpv6RuleEnablePriority
|
|
INTEGER,
|
|
swACLIpv6RulePriority
|
|
INTEGER,
|
|
swACLIpv6RuleReplacePriority
|
|
INTEGER,
|
|
swACLIpv6RulePermit
|
|
INTEGER,
|
|
swACLIpv6RulePort
|
|
-- INTEGER,
|
|
PortList,
|
|
-- swACLIpv6RuleSwAclState
|
|
-- INTEGER,
|
|
swACLIpv6RuleRowStatus
|
|
RowStatus,
|
|
swACLIpv6RuleOwner
|
|
INTEGER,
|
|
swACLIpv6RuleRxRate
|
|
INTEGER,
|
|
swACLIpv6RuleEnableReplaceDscp
|
|
INTEGER,
|
|
swACLIpv6RuleRepDscp
|
|
INTEGER,
|
|
swACLIpv6RuleEnableReplaceTosPrecedence
|
|
INTEGER,
|
|
swACLIpv6RuleRepTosPrecedence
|
|
INTEGER,
|
|
swACLIpv6RuleVID
|
|
INTEGER,
|
|
swACLIpv6RuleProtocol
|
|
INTEGER,
|
|
swACLIpv6RuleSrcPort
|
|
INTEGER,
|
|
swACLIpv6RuleDstPort
|
|
INTEGER,
|
|
swACLIpv6RuleMaskSrcIpv6Addr
|
|
Ipv6Address,
|
|
swACLIpv6RuleMaskDstIpv6Addr
|
|
Ipv6Address,
|
|
swACLIpv6RuleMaskSrcPort
|
|
OCTET STRING,
|
|
swACLIpv6RuleMaskDstPort
|
|
OCTET STRING
|
|
}
|
|
swACLIpv6RuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLIpv6RuleEntry 1 }
|
|
|
|
swACLIpv6RuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry relates to swACLIpv6RuleProfileID.
|
|
When row creation is set to 0, this indicates the access ID
|
|
will be assigned automatically for the ports in the swACLIpv6RulePort
|
|
to create rule entries for swACLIpv6RulePort accordingly.
|
|
Set to 1-65535 indicates creation of an access ID for the swACLIpv6RulePort.
|
|
The swACLIpv6RulePort must be set to one port only, otherwise
|
|
the row creation will fail."
|
|
::= { swACLIpv6RuleEntry 2 }
|
|
|
|
swACLIpv6RuleClass OBJECT-TYPE
|
|
SYNTAX INTEGER (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IPv6 class field."
|
|
::= { swACLIpv6RuleEntry 3 }
|
|
|
|
swACLIpv6RuleFlowlabel OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IPv6 flow label field."
|
|
::= { swACLIpv6RuleEntry 4 }
|
|
|
|
swACLIpv6RuleSrcIpv6Addr OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the source IPv6 address.
|
|
This should be a 16 byte octet string."
|
|
::= { swACLIpv6RuleEntry 5 }
|
|
|
|
swACLIpv6RuleDstIpv6Addr OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the destination IPv6 address.
|
|
This should be a 16 byte octet string."
|
|
::= { swACLIpv6RuleEntry 6 }
|
|
|
|
swACLIpv6RuleEnablePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with
|
|
priority value."
|
|
::= { swACLIpv6RuleEntry 7 }
|
|
|
|
swACLIpv6RulePriority OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the priority will change in packets while the swACLIpv6RuleReplacePriority
|
|
is enabled."
|
|
::= { swACLIpv6RuleEntry 8 }
|
|
|
|
swACLIpv6RuleReplacePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
802.1p priority tag or not."
|
|
::= { swACLIpv6RuleEntry 9 }
|
|
|
|
swACLIpv6RulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2),
|
|
mirror(3),
|
|
set-drop-precedence(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the packet examination is 'permit' or 'deny'.
|
|
The default is 'permit'.
|
|
permit - Specifies that packets matching the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets matching the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered.
|
|
mirror - Specifies that the packets matching the access profile are copied to
|
|
the mirror port.
|
|
Note : The ACL mirror function will function after mirror has been enabled
|
|
and a mirror port has been configured.
|
|
set-drop-precedence - Specifies the packets matching the access profile are set
|
|
to drop precedence."
|
|
::= { swACLIpv6RuleEntry 10 }
|
|
|
|
swACLIpv6RulePort OBJECT-TYPE
|
|
-- SYNTAX INTEGER (1..65535)
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to port(s).
|
|
This object and swACLIpv6RuleVID can not be set together. "
|
|
::= { swACLIpv6RuleEntry 11 }
|
|
|
|
-- swACLIpv6RuleSwAclState OBJECT-TYPE
|
|
-- SYNTAX INTEGER {
|
|
-- enable(1),
|
|
-- disable(2)
|
|
-- }
|
|
-- MAX-ACCESS read-create
|
|
-- STATUS current
|
|
-- DESCRIPTION
|
|
-- "Specifies that the access rule will only apply to the software ACL state."
|
|
-- ::= { swACLIpv6RuleEntry 13 }
|
|
|
|
swACLIpv6RuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLIpv6RuleEntry 12 }
|
|
|
|
swACLIpv6RuleOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL rule entry. Only owners can modify this entry."
|
|
::= { swACLIpv6RuleEntry 13 }
|
|
|
|
swACLIpv6RuleRxRate OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
|
|
::= { swACLIpv6RuleEntry 14 }
|
|
|
|
swACLIpv6RuleEnableReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
DSCP field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported.
|
|
"
|
|
::= { swACLIpv6RuleEntry 15 }
|
|
|
|
swACLIpv6RuleRepDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the DSCP field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the DSCP field of the packet."
|
|
::= { swACLIpv6RuleEntry 16 }
|
|
|
|
swACLIpv6RuleEnableReplaceTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
ToS precedence field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported.
|
|
"
|
|
::= { swACLIpv6RuleEntry 17 }
|
|
|
|
swACLIpv6RuleRepTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the ToS precedence field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the ToS precedence field of the packet."
|
|
::= { swACLIpv6RuleEntry 18 }
|
|
|
|
swACLIpv6RuleVID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies this rule only applies to the specified VLAN. There are two conditions:
|
|
1.only the portlist that belongs to this VLAN will be included;
|
|
2.packets must belong to this VLAN.
|
|
|
|
This object and swACLIpv6RulePort can not be set together.
|
|
When you set swACLIpv6RulePort, the value of this object will automatically change to 0.
|
|
And this object can not be set 0."
|
|
::= { swACLIpv6RuleEntry 19 }
|
|
|
|
swACLIpv6RuleProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
tcp(2),
|
|
udp(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IPv6 protocol.
|
|
For some older chips, this object can not be set. When getting this object,
|
|
it always returns the type which has been configured in swACLIpv6Entry.
|
|
|
|
For some newer chips, this object can only set the type which
|
|
has been configured in swACLIpv6Entry. The default value is none (1).
|
|
"
|
|
::= { swACLIpv6RuleEntry 20 }
|
|
|
|
swACLIpv6RuleSrcPort OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the range of the TCP/UDP source ports."
|
|
::= { swACLIpv6RuleEntry 21 }
|
|
|
|
swACLIpv6RuleDstPort OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the TCP/UDP destination ports range."
|
|
::= { swACLIpv6RuleEntry 22 }
|
|
|
|
swACLIpv6RuleMaskSrcIpv6Addr OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the per rule mask of swACLIpv6RuleSrcIpv6Addr.
|
|
This should be a 16 byte octet string.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
This object is writeable only once.
|
|
"
|
|
::= { swACLIpv6RuleEntry 23 }
|
|
|
|
swACLIpv6RuleMaskDstIpv6Addr OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the destination IPv6 address.
|
|
This should be a 16 byte octet string."
|
|
::= { swACLIpv6RuleEntry 24 }
|
|
|
|
swACLIpv6RuleMaskSrcPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the per rule mask of swACLIpv6RuleSrcPort.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
This object is writeable only once.
|
|
"
|
|
::= { swACLIpv6RuleEntry 25 }
|
|
|
|
swACLIpv6RuleMaskDstPort OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask of swACLIpv6RuleDstPort.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
This object is writeable only once.
|
|
"
|
|
::= { swACLIpv6RuleEntry 26 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
--swIBPACLEtherRuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swIBPACLEtherRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwIBPACLEtherRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"This table contains IP-MAC-Binding Ethernet ACL Rule information."
|
|
::= { swAclRuleMgmt 5 }
|
|
|
|
swIBPACLEtherRuleEntry OBJECT-TYPE
|
|
SYNTAX SwIBPACLEtherRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"A list of information about the ACL rule of the layer 2 part of each packet."
|
|
INDEX { swIBPACLEtherRuleProfileID,swIBPACLEtherRuleAccessID }
|
|
::= { swIBPACLEtherRuleTable 1 }
|
|
|
|
SwIBPACLEtherRuleEntry ::=
|
|
SEQUENCE {
|
|
swIBPACLEtherRuleProfileID
|
|
INTEGER,
|
|
swIBPACLEtherRuleAccessID
|
|
INTEGER,
|
|
swIBPACLEtherRuleEtherType
|
|
OCTET STRING,
|
|
swIBPACLEtherRulePermit
|
|
INTEGER,
|
|
swIBPACLEtherRulePort
|
|
PortList
|
|
}
|
|
swIBPACLEtherRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
|
|
::= { swIBPACLEtherRuleEntry 1 }
|
|
|
|
swIBPACLEtherRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry in relation to swACLEtherRuleProfileID.
|
|
When row creation is set to 0, this indicates automatically assigning an Access
|
|
for the ports in the swACLEtherRulePort to create rule entries for swACLEtherRulePort
|
|
accordingly.
|
|
Set to 1-65535 indicates to create the exact access ID for the swACLEtherRulePort
|
|
and the swACLEtherRulePort must set one port only, otherwise the row creation will
|
|
fail."
|
|
::= { swIBPACLEtherRuleEntry 2 }
|
|
|
|
swIBPACLEtherRuleEtherType OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (2))
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with this
|
|
802.1Q Ethernet type value in the packet header."
|
|
::= { swIBPACLEtherRuleEntry 3 }
|
|
|
|
swIBPACLEtherRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"This object indicates if the result of the examination is 'permit' or 'deny'.
|
|
The default is 'permit' (1).
|
|
permit - Specifies that packets that match the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets that match the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered."
|
|
::= { swIBPACLEtherRuleEntry 4 }
|
|
|
|
swIBPACLEtherRulePort OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s)."
|
|
::= { swIBPACLEtherRuleEntry 5 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
--swIBPACLIpRuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swIBPACLIpRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwIBPACLIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
""
|
|
::= { swAclRuleMgmt 6 }
|
|
|
|
swIBPACLIpRuleEntry OBJECT-TYPE
|
|
SYNTAX SwIBPACLIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
""
|
|
INDEX { swIBPACLIpRuleProfileID , swIBPACLIpRuleAccessID }
|
|
::= { swIBPACLIpRuleTable 1 }
|
|
|
|
SwIBPACLIpRuleEntry ::=
|
|
SEQUENCE {
|
|
swIBPACLIpRuleProfileID
|
|
INTEGER,
|
|
swIBPACLIpRuleAccessID
|
|
INTEGER,
|
|
swIBPACLIpRuleSrcMacAddress
|
|
MacAddress,
|
|
swIBPACLIpRuleSrcIpaddress
|
|
IpAddress,
|
|
swIBPACLIpRulePermit
|
|
INTEGER,
|
|
swIBPACLIpRulePort
|
|
PortList
|
|
}
|
|
swIBPACLIpRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device."
|
|
::= { swIBPACLIpRuleEntry 1 }
|
|
|
|
swIBPACLIpRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry in relation to swACLIPRuleProfileID.
|
|
When the row creation is set to 0, this indicates assigning an access ID automatically
|
|
for the ports in the swACLIpRulePort to create rule entries for swACLIpRulePort
|
|
accordingly.
|
|
Set to 1-65535 indicates to create the exact access ID for the swACLIpRulePort
|
|
and the swACLIpRulePort must be set for one port only, otherwise the row creation will
|
|
fail."
|
|
::= { swIBPACLIpRuleEntry 2 }
|
|
|
|
swIBPACLIpRuleSrcMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply to only packets with
|
|
this source MAC address."
|
|
::= { swIBPACLIpRuleEntry 3 }
|
|
|
|
swIBPACLIpRuleSrcIpaddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Specifies an IP source address."
|
|
::= { swIBPACLIpRuleEntry 4 }
|
|
|
|
swIBPACLIpRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"This object indicates if the result of the examination is 'permit' or 'deny'; the default is 'permit' (1)
|
|
permit - Specifies that packets that match the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets that match the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered."
|
|
::= { swIBPACLIpRuleEntry 5 }
|
|
|
|
swIBPACLIpRulePort OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-only
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s)."
|
|
::= { swIBPACLIpRuleEntry 6 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
--swACLPktContRuleOptionTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLPktContRuleOptionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPktContRuleOptionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains user-defined ACL information."
|
|
::= { swAclRuleMgmt 7 }
|
|
|
|
swACLPktContRuleOptionEntry OBJECT-TYPE
|
|
SYNTAX SwACLPktContRuleOptionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the ACL rule regarding the user-defined part of each packet."
|
|
INDEX { swACLPktContRuleOptionProfileID,swACLPktContRuleOptionAccessID }
|
|
::= { swACLPktContRuleOptionTable 1 }
|
|
|
|
SwACLPktContRuleOptionEntry ::=
|
|
SEQUENCE {
|
|
swACLPktContRuleOptionProfileID
|
|
INTEGER,
|
|
swACLPktContRuleOptionAccessID
|
|
INTEGER,
|
|
swACLPktContRuleOffsetChunk1OffsetValue
|
|
INTEGER,
|
|
swACLPktContRuleOffsetChunk1Content
|
|
OCTET STRING,
|
|
swACLPktContRuleOffsetChunk2OffsetValue
|
|
INTEGER,
|
|
swACLPktContRuleOffsetChunk2Content
|
|
OCTET STRING,
|
|
swACLPktContRuleOffsetChunk3OffsetValue
|
|
INTEGER,
|
|
swACLPktContRuleOffsetChunk3Content
|
|
OCTET STRING,
|
|
swACLPktContRuleOffsetChunk4OffsetValue
|
|
INTEGER,
|
|
swACLPktContRuleOffsetChunk4Content
|
|
OCTET STRING,
|
|
swACLPktContRuleOptionEnablePriority
|
|
INTEGER,
|
|
swACLPktContRuleOptionPriority
|
|
INTEGER,
|
|
swACLPktContRuleOptionReplacePriority
|
|
INTEGER,
|
|
swACLPktContRuleOptionEnableReplaceDscp
|
|
INTEGER,
|
|
swACLPktContRuleOptionRepDscp
|
|
INTEGER,
|
|
swACLPktContRuleOptionPermit
|
|
INTEGER,
|
|
swACLPktContRuleOptionPort
|
|
PortList,
|
|
swACLPktContRuleOptionRowStatus
|
|
RowStatus,
|
|
swACLPktContRuleOptionOwner
|
|
INTEGER,
|
|
swACLPktContRuleOptionRxRate
|
|
INTEGER,
|
|
swACLPktContRuleOptionEnableReplaceTosPrecedence
|
|
INTEGER,
|
|
swACLPktContRuleOptionRepTosPrecedence
|
|
INTEGER,
|
|
swACLPktContRuleOptionVID
|
|
INTEGER
|
|
}
|
|
swACLPktContRuleOptionProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLPktContRuleOptionEntry 1 }
|
|
|
|
swACLPktContRuleOptionAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID.
|
|
When row creation is set to 0, access ID is automatically created
|
|
for the ports in the swACLPktContRulePort to create rule entries
|
|
for swACLPktContRulePort accordingly.
|
|
Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID
|
|
for the swACLPktContRulePort. The swACLPktContRulePort must be set to
|
|
one port only, otherwise the row creation will fail."
|
|
::= { swACLPktContRuleOptionEntry 2 }
|
|
|
|
swACLPktContRuleOffsetChunk1OffsetValue OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Displays the frame content offset of chunk1."
|
|
::= { swACLPktContRuleOptionEntry 3 }
|
|
|
|
swACLPktContRuleOffsetChunk1Content OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content of chunk1."
|
|
::= { swACLPktContRuleOptionEntry 4 }
|
|
|
|
swACLPktContRuleOffsetChunk2OffsetValue OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Displays the frame content offset of chunk2."
|
|
::= { swACLPktContRuleOptionEntry 5 }
|
|
|
|
swACLPktContRuleOffsetChunk2Content OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content of chunk2."
|
|
::= { swACLPktContRuleOptionEntry 6 }
|
|
|
|
swACLPktContRuleOffsetChunk3OffsetValue OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Displays the frame content offset of chunk3."
|
|
::= { swACLPktContRuleOptionEntry 7 }
|
|
|
|
swACLPktContRuleOffsetChunk3Content OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content of chunk3."
|
|
::= { swACLPktContRuleOptionEntry 8 }
|
|
|
|
swACLPktContRuleOffsetChunk4OffsetValue OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Displays the frame content offset of chunk4."
|
|
::= { swACLPktContRuleOptionEntry 9 }
|
|
|
|
swACLPktContRuleOffsetChunk4Content OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content of chunk4."
|
|
::= { swACLPktContRuleOptionEntry 10 }
|
|
|
|
swACLPktContRuleOptionEnablePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to packets with this
|
|
priority value."
|
|
::= { swACLPktContRuleOptionEntry 11 }
|
|
|
|
swACLPktContRuleOptionPriority OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the priority will change for the packets while the swACLPktContRuleReplacePriority
|
|
is enabled ."
|
|
::= { swACLPktContRuleOptionEntry 12 }
|
|
|
|
swACLPktContRuleOptionReplacePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
802.1p priority tag or not."
|
|
::= { swACLPktContRuleOptionEntry 13 }
|
|
|
|
swACLPktContRuleOptionEnableReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
DSCP field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported. "
|
|
::= { swACLPktContRuleOptionEntry 14 }
|
|
|
|
swACLPktContRuleOptionRepDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the DSCP field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the DSCP field of the packet."
|
|
::= { swACLPktContRuleOptionEntry 15 }
|
|
|
|
swACLPktContRuleOptionPermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2),
|
|
mirror(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the packet examination is 'permit' or 'deny'.
|
|
The default is 'permit'.
|
|
permit - Specifies that packets that match the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets that match the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered.
|
|
mirror - Specifies that the packets that match the access profile are copied to
|
|
the mirror port.
|
|
Note: The ACL mirror function will function after mirror is enabled
|
|
and a mirror port has been configured."
|
|
::= { swACLPktContRuleOptionEntry 16 }
|
|
|
|
swACLPktContRuleOptionPort OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s).
|
|
This object and swACLPktContRuleOptionVID can not be set together. "
|
|
::= { swACLPktContRuleOptionEntry 17 }
|
|
|
|
swACLPktContRuleOptionRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLPktContRuleOptionEntry 18 }
|
|
|
|
swACLPktContRuleOptionOwner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL rule entry. Only owners can modify this entry."
|
|
::= { swACLPktContRuleOptionEntry 19 }
|
|
|
|
swACLPktContRuleOptionRxRate OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device."
|
|
::= { swACLPktContRuleOptionEntry 20 }
|
|
|
|
swACLPktContRuleOptionEnableReplaceTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
ToS precedence field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported.
|
|
"
|
|
::= { swACLPktContRuleOptionEntry 21 }
|
|
|
|
swACLPktContRuleOptionRepTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the ToS precedence field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the ToS precedence field of the packet."
|
|
::= { swACLPktContRuleOptionEntry 22 }
|
|
|
|
swACLPktContRuleOptionVID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies this rule only applies to the specified VLAN. There are two conditions:
|
|
1.only the portlist that belongs to this VLAN will be included;
|
|
2.packets must belong to this VLAN.
|
|
|
|
This object and swACLPktContRuleOptionPort can not be set together.
|
|
When you set swACLPktContRuleOptionPort, the value of this object will automatically change to 0.
|
|
And this object can not be set 0."
|
|
::= { swACLPktContRuleOptionEntry 23 }
|
|
|
|
|
|
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLCounterTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLCounterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLCounterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maintains counter information associated with a specific
|
|
rule in the ACL rule table. Please refer to the swACLEtherRuleTable,
|
|
swACLIpRuleTable, swACLIpv6RuleTable and swACLPktContRuleTable
|
|
for detailed ACL rule information."
|
|
::= { swAclRuleMgmt 8 }
|
|
|
|
swACLCounterEntry OBJECT-TYPE
|
|
SYNTAX SwACLCounterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry maintains counter information associated with the ACL
|
|
rule table."
|
|
INDEX { swACLCounterProfileID, swACLCounterAccessID}
|
|
::= { swACLCounterTable 1 }
|
|
|
|
SwACLCounterEntry ::=
|
|
SEQUENCE {
|
|
swACLCounterProfileID
|
|
INTEGER,
|
|
swACLCounterAccessID
|
|
INTEGER,
|
|
swACLCounterState
|
|
INTEGER,
|
|
swACLCounterTotalCounter
|
|
Counter64,
|
|
swACLCounterGreenCounter
|
|
Counter64,
|
|
swACLCounterYellowCounter
|
|
Counter64,
|
|
swACLCounterRedCounter
|
|
Counter64
|
|
}
|
|
|
|
swACLCounterProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, which is unique in the mask
|
|
list."
|
|
::= { swACLCounterEntry 1 }
|
|
|
|
swACLCounterAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER(1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry as related to the
|
|
swACLCounterProfileID."
|
|
::= { swACLCounterEntry 2 }
|
|
|
|
swACLCounterState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies whether the counter feature will be enabled/disabled.
|
|
1. This is optional. The default is disable.
|
|
2. If the rule is not bound with flow_meter, then all packets that match will be counted.
|
|
If the rule is bound with flow_meter, then the 'counter' will be overridden.
|
|
"
|
|
::= { swACLCounterEntry 3 }
|
|
|
|
swACLCounterTotalCounter OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of matched packets."
|
|
::= { swACLCounterEntry 4 }
|
|
|
|
swACLCounterGreenCounter OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of matched green packets."
|
|
::= { swACLCounterEntry 5 }
|
|
|
|
swACLCounterYellowCounter OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of matched yellow packets."
|
|
::= { swACLCounterEntry 6 }
|
|
|
|
swACLCounterRedCounter OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of matched red packets."
|
|
::= { swACLCounterEntry 7 }
|
|
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swACLPktContRuleOption2
|
|
-- -----------------------------------------------------------------------------
|
|
|
|
swACLPktContRuleOption2 OBJECT IDENTIFIER ::= { swAclRuleMgmt 10 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
--swACLPktContRuleOption2Table
|
|
-- -----------------------------------------------------------------------------
|
|
swACLPktContRuleOption2Table OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPktContRuleOption2Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains user-defined ACL information for option 2 type
|
|
of packet contnet syntax.
|
|
|
|
To qualify the data of a packet content field with respect to an offset, an entry in the
|
|
swACLPktContRuleOption2OffsetsTable must be created first.
|
|
|
|
On row creation, all entries in the corresponding profile defined in the
|
|
swACLPktContRuleOption2OffsetsTable will be associated to the ACL rule.
|
|
"
|
|
::= { swACLPktContRuleOption2 1 }
|
|
|
|
swACLPktContRuleOption2Entry OBJECT-TYPE
|
|
SYNTAX SwACLPktContRuleOption2Entry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the ACL rule regarding the user-defined part of each packet."
|
|
INDEX { swACLPktContRuleOption2ProfileID,swACLPktContRuleOption2AccessID }
|
|
::= { swACLPktContRuleOption2Table 1 }
|
|
|
|
SwACLPktContRuleOption2Entry ::=
|
|
SEQUENCE {
|
|
swACLPktContRuleOption2ProfileID
|
|
INTEGER,
|
|
swACLPktContRuleOption2AccessID
|
|
INTEGER,
|
|
swACLPktContRuleOption2SrcMac
|
|
MacAddress,
|
|
swACLPktContRuleOption2DstMac
|
|
MacAddress,
|
|
swACLPktContRuleOption2CTag
|
|
OCTET STRING,
|
|
swACLPktContRuleOption2STag
|
|
OCTET STRING,
|
|
swACLPktContRuleOption2EnablePriority
|
|
INTEGER,
|
|
swACLPktContRuleOption2Priority
|
|
INTEGER,
|
|
swACLPktContRuleOption2ReplacePriority
|
|
INTEGER,
|
|
swACLPktContRuleOption2EnableReplaceDscp
|
|
INTEGER,
|
|
swACLPktContRuleOption2RepDscp
|
|
INTEGER,
|
|
swACLPktContRuleOption2Permit
|
|
INTEGER,
|
|
swACLPktContRuleOption2Port
|
|
PortList,
|
|
swACLPktContRuleOption2Owner
|
|
INTEGER,
|
|
swACLPktContRuleOption2EnableReplaceTosPrecedence
|
|
INTEGER,
|
|
swACLPktContRuleOption2RepTosPrecedence
|
|
INTEGER,
|
|
swACLPktContRuleOption2VID
|
|
INTEGER,
|
|
swACLPktContRuleOption2RowStatus
|
|
RowStatus,
|
|
swACLPktContRuleOption2MaskSrcMac
|
|
MacAddress,
|
|
swACLPktContRuleOption2MaskDstMac
|
|
MacAddress,
|
|
swACLPktContRuleOption2MaskCTag
|
|
OCTET STRING,
|
|
swACLPktContRuleOption2MaskSTag
|
|
OCTET STRING
|
|
}
|
|
|
|
swACLPktContRuleOption2ProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swACLPktContRuleOption2Entry 1 }
|
|
|
|
swACLPktContRuleOption2AccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry in relation to the swACLPktContRuleOption2ProfileID.
|
|
When row creation is set to 0, access ID is automatically assigned.
|
|
"
|
|
::= { swACLPktContRuleOption2Entry 2 }
|
|
|
|
|
|
swACLPktContRuleOption2SrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply to only packets with
|
|
this source MAC address."
|
|
::= { swACLPktContRuleOption2Entry 3 }
|
|
|
|
|
|
swACLPktContRuleOption2DstMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply to only packets with
|
|
this destination MAC address."
|
|
::= { swACLPktContRuleOption2Entry 4 }
|
|
|
|
swACLPktContRuleOption2CTag OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content of the customer VLAN tag, valid values are only from 0x0000 to 0xFFFF."
|
|
::= { swACLPktContRuleOption2Entry 5 }
|
|
|
|
swACLPktContRuleOption2STag OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the frame content of the service VLAN tag, valid values are only from 0x0000 to 0xFFFF."
|
|
::= { swACLPktContRuleOption2Entry 6 }
|
|
|
|
|
|
swACLPktContRuleOption2EnablePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to packets with this
|
|
priority value."
|
|
::= { swACLPktContRuleOption2Entry 7 }
|
|
|
|
swACLPktContRuleOption2Priority OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the priority will change for the packets while the swACLPktContRuleOption2ReplacePriority
|
|
is enabled ."
|
|
::= { swACLPktContRuleOption2Entry 8 }
|
|
|
|
swACLPktContRuleOption2ReplacePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
802.1p priority tag or not."
|
|
::= { swACLPktContRuleOption2Entry 9 }
|
|
|
|
swACLPktContRuleOption2EnableReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
DSCP field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported. "
|
|
::= { swACLPktContRuleOption2Entry 10 }
|
|
|
|
swACLPktContRuleOption2RepDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the DSCP field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the DSCP field of the packet."
|
|
::= { swACLPktContRuleOption2Entry 11 }
|
|
|
|
swACLPktContRuleOption2Permit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2),
|
|
mirror(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the packet examination is 'permit' or 'deny'.
|
|
The default is 'permit'.
|
|
permit - Specifies that packets that match the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets that match the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered.
|
|
mirror - Specifies that the packets that match the access profile are copied to
|
|
the mirror port.
|
|
Note: The ACL mirror function will function after mirror is enabled
|
|
and a mirror port has been configured."
|
|
::= { swACLPktContRuleOption2Entry 12 }
|
|
|
|
swACLPktContRuleOption2Port OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s).
|
|
This object and swACLPktContRuleOption2VID can not be set together. "
|
|
::= { swACLPktContRuleOption2Entry 13 }
|
|
|
|
|
|
|
|
swACLPktContRuleOption2Owner OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any(1),
|
|
acl(2),
|
|
ipbind(3),
|
|
other(4),
|
|
dhcp(5),
|
|
netbios(6),
|
|
ext-netbios(7),
|
|
ismvlan(8),
|
|
dhcp-relay(9),
|
|
pppoe(10),
|
|
arp-spoofing(11),
|
|
bpdu-tunnel(12)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The owner of the ACL rule entry. Only owners can modify this entry."
|
|
::= { swACLPktContRuleOption2Entry 17}
|
|
|
|
swACLPktContRuleOption2EnableReplaceTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will change priorities of packets that match the access profile
|
|
ToS precedence field or not.
|
|
Replace DSCP and replace ToS precedence can not both be supported.
|
|
"
|
|
::= { swACLPktContRuleOption2Entry 18 }
|
|
|
|
swACLPktContRuleOption2RepTosPrecedence OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a value to be written to the ToS precedence field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the ToS precedence field of the packet."
|
|
::= { swACLPktContRuleOption2Entry 19 }
|
|
|
|
swACLPktContRuleOption2VID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies this rule only applies to the specified VLAN. There are two conditions:
|
|
1.only the portlist that belongs to this VLAN will be included;
|
|
2.packets must belong to this VLAN.
|
|
|
|
This object and swACLPktContRuleOption2Port can not be set together.
|
|
When you set swACLPktContRuleOption2Port, the value of this object will automatically change to 0.
|
|
And this object can not be set 0."
|
|
::= { swACLPktContRuleOption2Entry 20 }
|
|
|
|
swACLPktContRuleOption2RowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLPktContRuleOption2Entry 21 }
|
|
|
|
swACLPktContRuleOption2MaskSrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask of source MAC address field as defined in swACLPktContRuleOption2SrcMac object
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
"
|
|
::= { swACLPktContRuleOption2Entry 22 }
|
|
|
|
|
|
swACLPktContRuleOption2MaskDstMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask of source MAC address field as defined in swACLPktContRuleOption2DstMac object
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
"
|
|
::= { swACLPktContRuleOption2Entry 23 }
|
|
|
|
swACLPktContRuleOption2MaskCTag OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask of the customer VLAN tag field as defined in swACLPktContRuleOption2CTag object
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
"
|
|
::= { swACLPktContRuleOption2Entry 24 }
|
|
|
|
swACLPktContRuleOption2MaskSTag OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask of the service VLAN tag field as defined in swACLPktContRuleOption2STag object
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
"
|
|
::= { swACLPktContRuleOption2Entry 25 }
|
|
|
|
|
|
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
--swACLPktContRuleOption2OffsetsTable
|
|
-- -----------------------------------------------------------------------------
|
|
swACLPktContRuleOption2OffsetsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPktContRuleOption2OffsetsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains the ACL rules for the individual packet
|
|
content offset user-defined option 2 information.
|
|
|
|
Entries created in this table will not set into the TCAM until a
|
|
valid entry in the swACLPktContMaskOption2Table is created.
|
|
"
|
|
::= { swACLPktContRuleOption2 2 }
|
|
|
|
swACLPktContRuleOption2OffsetsEntry OBJECT-TYPE
|
|
SYNTAX SwACLPktContRuleOption2OffsetsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the ACL rule regarding the user-defined part of each packet."
|
|
INDEX { swACLPktContRuleOption2OffsetsProfileID,swACLPktContRuleOption2OffsetsAccessID,swACLPktContRuleOption2OffsetsNum }
|
|
::= { swACLPktContRuleOption2OffsetsTable 1 }
|
|
|
|
SwACLPktContRuleOption2OffsetsEntry ::=
|
|
SEQUENCE {
|
|
swACLPktContRuleOption2OffsetsProfileID
|
|
INTEGER,
|
|
swACLPktContRuleOption2OffsetsAccessID
|
|
INTEGER,
|
|
swACLPktContRuleOption2OffsetsNum
|
|
INTEGER,
|
|
swACLPktContRuleOption2OffsetsData
|
|
OCTET STRING,
|
|
swACLPktContRuleOption2OffsetsRowStatus
|
|
RowStatus,
|
|
swACLPktContRuleOption2OffsetsMask
|
|
OCTET STRING
|
|
}
|
|
|
|
swACLPktContRuleOption2OffsetsProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL profile id to which this packet content field entry will be associated."
|
|
::= { swACLPktContRuleOption2OffsetsEntry 1 }
|
|
|
|
swACLPktContRuleOption2OffsetsAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL access id to which this packet content field entry will be associated."
|
|
::= { swACLPktContRuleOption2OffsetsEntry 2 }
|
|
|
|
swACLPktContRuleOption2OffsetsNum OBJECT-TYPE
|
|
SYNTAX INTEGER (1..11)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sequence number of the packet content field to qualify the packet content."
|
|
::= { swACLPktContRuleOption2OffsetsEntry 3 }
|
|
|
|
swACLPktContRuleOption2OffsetsData OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The data of the packet content field."
|
|
::= { swACLPktContRuleOption2OffsetsEntry 4 }
|
|
|
|
|
|
swACLPktContRuleOption2OffsetsRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLPktContRuleOption2OffsetsEntry 5 }
|
|
|
|
swACLPktContRuleOption2OffsetsMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the per rule mask of the frame content of each packet content offset field.
|
|
The value of this object when not in use is the corresponding mask in the profile mask.
|
|
Once the value of this object is modified, the per rule mask will take effect.
|
|
"
|
|
::= { swACLPktContRuleOption2OffsetsEntry 6 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swCpuAclEthernetTable
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuAclEthernetTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwCpuAclEthernetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains software ACL mask Ethernet information.
|
|
Access profiles will be created on the switch to define which
|
|
part of each incoming frame's layer 2 header will be examined by
|
|
the switch. Masks entered will be combined with the values
|
|
the switch finds in the specified frame header fields."
|
|
::= { swCpuAclMaskMgmt 1 }
|
|
|
|
swCpuAclEthernetEntry OBJECT-TYPE
|
|
SYNTAX SwCpuAclEthernetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about Ethernet ACL masks."
|
|
INDEX { swCpuAclEthernetProfileID }
|
|
::= { swCpuAclEthernetTable 1 }
|
|
|
|
SwCpuAclEthernetEntry ::=
|
|
SEQUENCE {
|
|
swCpuAclEthernetProfileID
|
|
INTEGER,
|
|
swCpuAclEthernetUsevlan
|
|
INTEGER,
|
|
swCpuAclEthernetMacAddrMaskState
|
|
INTEGER,
|
|
swCpuAclEthernetSrcMacAddrMask
|
|
MacAddress,
|
|
swCpuAclEthernetDstMacAddrMask
|
|
MacAddress,
|
|
swCpuAclEthernetUse8021p
|
|
INTEGER,
|
|
swCpuAclEthernetUseEthernetType
|
|
INTEGER,
|
|
swCpuAclEthernetRowStatus
|
|
RowStatus
|
|
}
|
|
swCpuAclEthernetProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swCpuAclEthernetEntry 1 }
|
|
|
|
swCpuAclEthernetUsevlan OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the switch will examine the VLAN part of each packet header."
|
|
::= { swCpuAclEthernetEntry 2 }
|
|
|
|
swCpuAclEthernetMacAddrMaskState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-mac-addr(2),
|
|
src-mac-addr(3),
|
|
dst-src-mac-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the MAC address mask.
|
|
|
|
other (1) - Neither source MAC addresses nor destination MAC addresses are
|
|
masked.
|
|
dst-mac-addr (2) - Destination MAC addresses within received frames are
|
|
to be filtered when matched with the MAC address entry of the table.
|
|
src-mac-addr (3) - Source MAC address within received frames are to
|
|
be filtered when matched with the MAC address entry of the table.
|
|
dst-src-mac-addr (4) - Source or destination MAC addresses within received
|
|
frames are to be filtered when matched with the MAC address entry of this table."
|
|
::= { swCpuAclEthernetEntry 3 }
|
|
|
|
swCpuAclEthernetSrcMacAddrMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC address mask for the source MAC address."
|
|
::= { swCpuAclEthernetEntry 4 }
|
|
|
|
swCpuAclEthernetDstMacAddrMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the MAC address mask for the destination MAC address."
|
|
::= { swCpuAclEthernetEntry 5 }
|
|
|
|
swCpuAclEthernetUse8021p OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will examine the 802.1p priority value in the frame's header
|
|
or not."
|
|
::= { swCpuAclEthernetEntry 6 }
|
|
|
|
swCpuAclEthernetUseEthernetType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will examine the Ethernet type value in each frame's header
|
|
or not."
|
|
::= { swCpuAclEthernetEntry 7 }
|
|
|
|
swCpuAclEthernetRowStatus OBJECT-TYPE --swCpuAclEthernetState
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swCpuAclEthernetEntry 8 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swCpuAclIpTable
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuAclIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwCpuAclIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains software ACL mask IP information.
|
|
Access profiles will be created on the switch to define which
|
|
parts of each incoming frame's IP layer 2 header will be examined
|
|
by the switch. Masks entered will be combined with the
|
|
values the switch finds in the specified frame header fields."
|
|
::= { swCpuAclMaskMgmt 2 }
|
|
|
|
swCpuAclIpEntry OBJECT-TYPE
|
|
SYNTAX SwCpuAclIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the software ACL of the IP Layer."
|
|
INDEX { swCpuAclIpProfileID }
|
|
::= { swCpuAclIpTable 1 }
|
|
|
|
SwCpuAclIpEntry ::=
|
|
SEQUENCE {
|
|
swCpuAclIpProfileID
|
|
INTEGER,
|
|
swCpuAclIpUsevlan
|
|
INTEGER,
|
|
swCpuAclIpIpAddrMaskState
|
|
INTEGER,
|
|
swCpuAclIpSrcIpAddrMask
|
|
IpAddress,
|
|
swCpuAclIpDstIpAddrMask
|
|
IpAddress,
|
|
swCpuAclIpUseDSCP
|
|
INTEGER,
|
|
swCpuAclIpUseProtoType
|
|
INTEGER,
|
|
swCpuAclIpIcmpOption
|
|
INTEGER,
|
|
swCpuAclIpIgmpOption
|
|
INTEGER,
|
|
swCpuAclIpTcpOption
|
|
INTEGER,
|
|
swCpuAclIpUdpOption
|
|
INTEGER,
|
|
swCpuAclIpTCPorUDPSrcPortMask
|
|
OCTET STRING,
|
|
swCpuAclIpTCPorUDPDstPortMask
|
|
OCTET STRING,
|
|
swCpuAclIpTCPFlagBit
|
|
INTEGER,
|
|
swCpuAclIpTCPFlagBitMask
|
|
INTEGER,
|
|
swCpuAclIpProtoIDOption
|
|
INTEGER,
|
|
swCpuAclIpProtoID
|
|
INTEGER,
|
|
swCpuAclIpProtoIDMask
|
|
OCTET STRING,
|
|
swCpuAclIpRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
swCpuAclIpProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swCpuAclIpEntry 1 }
|
|
|
|
swCpuAclIpUsevlan OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the IP layer VLAN part is examined or not."
|
|
::= { swCpuAclIpEntry 2 }
|
|
|
|
swCpuAclIpIpAddrMaskState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-ip-addr(2),
|
|
src-ip-addr(3),
|
|
dst-src-ip-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of IP address mask.
|
|
|
|
other (1) - Neither source IP addresses nor destination IP address are
|
|
masked.
|
|
dst-ip-addr (2) - Destination IP addresses within received frames are
|
|
to be filtered when matched with the IP address entry of this table.
|
|
src-ip-addr (3) - Source IP addresses within received frames are to
|
|
be filtered when matched with the IP address entry of this table.
|
|
dst-src-ip-addr (4) - Destination or source IP addresses within received
|
|
frames are to be filtered when matched with the IP address entry of the
|
|
table."
|
|
::= { swCpuAclIpEntry 3 }
|
|
|
|
swCpuAclIpSrcIpAddrMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the IP address mask for the source IP address."
|
|
::= { swCpuAclIpEntry 4 }
|
|
|
|
swCpuAclIpDstIpAddrMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the IP address mask for the destination IP address."
|
|
::= { swCpuAclIpEntry 5 }
|
|
|
|
swCpuAclIpUseDSCP OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the DSCP protocol in the packet header is to be examined or not."
|
|
::= { swCpuAclIpEntry 6 }
|
|
|
|
swCpuAclIpUseProtoType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
icmp(2),
|
|
igmp(3),
|
|
tcp(4),
|
|
udp(5),
|
|
protocolId(6)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates which protocol will be examined."
|
|
::= { swCpuAclIpEntry 7 }
|
|
|
|
swCpuAclIpIcmpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
type(2),
|
|
code(3),
|
|
type-code(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates which fields are identified for ICMP.
|
|
none (1)- Both fields are null.
|
|
type (2)- Type field identified.
|
|
code (3)- Code field identified.
|
|
type-code (4)- Both ICMP fields identified.
|
|
"
|
|
::= { swCpuAclIpEntry 8 }
|
|
|
|
swCpuAclIpIgmpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the IGMP options field is identified or not."
|
|
::= { swCpuAclIpEntry 9 }
|
|
|
|
swCpuAclIpTcpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-addr(2),
|
|
src-addr(3),
|
|
dst-src-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of filtered addresses of TCP.
|
|
|
|
other (1) - Neither source port nor destination port are
|
|
masked.
|
|
dst-addr (2) - Packets will be filtered if this destination port is
|
|
identified in received frames.
|
|
src-addr (3) - Packets will be filtered if this source port is
|
|
identified in received frames.
|
|
dst-src-addr (4) - Packets will be filtered is this destination or
|
|
source port is identified in received frames."
|
|
::= { swCpuAclIpEntry 10 }
|
|
|
|
swCpuAclIpUdpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-addr(2),
|
|
src-addr(3),
|
|
dst-src-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of filtered addresses of UDP.
|
|
|
|
other (1) - Neither source port nor destination port are
|
|
masked.
|
|
dst-addr (2) - Packets will be filtered if this destination port
|
|
is identified in received frames.
|
|
src-addr (3) - Packets will be filtered if this source port
|
|
is identified in received frames.
|
|
dst-src-addr (4) - Packets will be filtered if this destination
|
|
or source port is identified in received frames."
|
|
|
|
::= { swCpuAclIpEntry 11 }
|
|
|
|
swCpuAclIpTCPorUDPSrcPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP port mask for the source port if swCpuAclIpUseProtoType is TCP.
|
|
Specifies a UDP port mask for the source port if swCpuAclIpUseProtoType is UDP.
|
|
"
|
|
::= { swCpuAclIpEntry 12 }
|
|
|
|
swCpuAclIpTCPorUDPDstPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP port mask for the destination port if swCpuAclIpUseProtoType is TCP.
|
|
Specifies a UDP port mask for the destination port if swCpuAclIpUseProtoType is UDP."
|
|
::= { swCpuAclIpEntry 13 }
|
|
|
|
swCpuAclIpTCPFlagBit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP connection flag mask."
|
|
::= { swCpuAclIpEntry 14 }
|
|
|
|
swCpuAclIpTCPFlagBitMask OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A value which indicates the set of TCP flags that this
|
|
entity may potentially offer. The value is a sum of flag bits.
|
|
This sum initially takes the value zero. Then, for each flag, L
|
|
is added in the range 1 through 6, for which this node performs
|
|
transactions where 2^(L - 1) is added to the sum.
|
|
Note that values should be calculated accordingly:
|
|
|
|
Flag functionality
|
|
6 urg bit
|
|
5 ack bit
|
|
4 psh bit
|
|
3 rst bit
|
|
2 syn bit
|
|
1 fin bit
|
|
For example, if you want to enable urg bit and ack bit, you
|
|
should set value 48{2^(5-1) + 2^(6-1)}."
|
|
::= { swCpuAclIpEntry 15 }
|
|
|
|
swCpuAclIpProtoIDOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will examine each frame's Protocol ID field or not."
|
|
::= { swCpuAclIpEntry 16 }
|
|
|
|
swCpuAclIpProtoID OBJECT-TYPE
|
|
SYNTAX INTEGER(0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swCpuAclIpEntry 17 }
|
|
|
|
|
|
swCpuAclIpProtoIDMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(20))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IP protocol ID and the mask options
|
|
behind the IP header."
|
|
::= { swCpuAclIpEntry 18 }
|
|
|
|
swCpuAclIpRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swCpuAclIpEntry 19 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swCpuAclPktContMaskTable
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuAclPktContMaskTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwCpuAclPktContMaskEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains user-defined software ACL information.
|
|
Access profiles will be created on the switch to define which
|
|
part of each incoming frame's user-defined part of the packet header
|
|
will be examined by the switch. Masks entered will be combined
|
|
with the values the switch finds in the specified frame header fields."
|
|
::= { swCpuAclMaskMgmt 3 }
|
|
|
|
swCpuAclPktContMaskEntry OBJECT-TYPE
|
|
SYNTAX SwCpuAclPktContMaskEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about user-defined software ACLs."
|
|
INDEX { swCpuAclPktContMaskProfileID }
|
|
::= { swCpuAclPktContMaskTable 1 }
|
|
|
|
SwCpuAclPktContMaskEntry ::=
|
|
SEQUENCE {
|
|
swCpuAclPktContMaskProfileID
|
|
INTEGER,
|
|
swCpuAclPktContMaskOffset0to15
|
|
OCTET STRING,
|
|
swCpuAclPktContMaskOffset16to31
|
|
OCTET STRING,
|
|
swCpuAclPktContMaskOffset32to47
|
|
OCTET STRING,
|
|
swCpuAclPktContMaskOffset48to63
|
|
OCTET STRING,
|
|
swCpuAclPktContMaskOffset64to79
|
|
OCTET STRING,
|
|
swCpuAclPktContMaskRowStatus
|
|
RowStatus
|
|
}
|
|
swCpuAclPktContMaskProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swCpuAclPktContMaskEntry 1 }
|
|
|
|
swCpuAclPktContMaskOffset0to15 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset0to15) and
|
|
the mask options."
|
|
::= { swCpuAclPktContMaskEntry 2 }
|
|
|
|
swCpuAclPktContMaskOffset16to31 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset16to31) and
|
|
the mask options."
|
|
::= { swCpuAclPktContMaskEntry 3 }
|
|
|
|
swCpuAclPktContMaskOffset32to47 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset32to47) and
|
|
the mask options."
|
|
::= { swCpuAclPktContMaskEntry 4 }
|
|
|
|
swCpuAclPktContMaskOffset48to63 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset48to63) and
|
|
the mask options."
|
|
::= { swCpuAclPktContMaskEntry 5 }
|
|
|
|
swCpuAclPktContMaskOffset64to79 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the packet content (Offset64to79) and
|
|
the mask options."
|
|
::= { swCpuAclPktContMaskEntry 6 }
|
|
|
|
swCpuAclPktContMaskRowStatus OBJECT-TYPE --swCpuAclEthernetState
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swCpuAclPktContMaskEntry 7 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swCpuAclIpv6MaskTable
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuAclIpv6MaskTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwCpuAclIpv6MaskEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains IPv6 software ACL mask information.
|
|
An access profile will be created on the switch to define which
|
|
part of each incoming frame's IPv6 part of the packet header
|
|
will be examined by switch. Masks entered will be combined
|
|
with the values the switch finds in the specified frame header fields. "
|
|
::= { swCpuAclMaskMgmt 4 }
|
|
|
|
swCpuAclIpv6MaskEntry OBJECT-TYPE
|
|
SYNTAX SwCpuAclIpv6MaskEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about user-defined software ACLs."
|
|
INDEX { swCpuAclIpv6MaskProfileID }
|
|
::= { swCpuAclIpv6MaskTable 1 }
|
|
|
|
SwCpuAclIpv6MaskEntry ::=
|
|
SEQUENCE {
|
|
swCpuAclIpv6MaskProfileID
|
|
INTEGER,
|
|
swCpuAclIpv6MaskClass
|
|
INTEGER,
|
|
swCpuAclIpv6MaskFlowlabel
|
|
INTEGER,
|
|
swCpuAclIpv6IpAddrMaskState
|
|
INTEGER,
|
|
swCpuAclIpv6MaskSrcIpv6Mask
|
|
Ipv6Address,
|
|
swCpuAclIpv6MaskDstIpv6Mask
|
|
Ipv6Address,
|
|
swCpuAclIpv6MaskRowStatus
|
|
RowStatus
|
|
}
|
|
swCpuAclIpv6MaskProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swCpuAclIpv6MaskEntry 1 }
|
|
|
|
swCpuAclIpv6MaskClass OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IPv6 class field and the mask options."
|
|
::= { swCpuAclIpv6MaskEntry 2 }
|
|
|
|
swCpuAclIpv6MaskFlowlabel OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IPv6 flowlabel field and the mask options."
|
|
::= { swCpuAclIpv6MaskEntry 3 }
|
|
|
|
swCpuAclIpv6IpAddrMaskState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-ipv6-addr(2),
|
|
src-ipv6-addr(3),
|
|
dst-src-ipv6-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of IPv6 address mask.
|
|
|
|
other (1) - Neither source IPv6 address nor destination IPv6 address are
|
|
masked.
|
|
dst-ipv6-addr (2) - Packets will be filtered if this destination IPv6 address
|
|
is identified as a match in received frames.
|
|
src-ipv6-addr (3) - Packets will be filtered if this source IPv6 address
|
|
is identified as a match in received frames.
|
|
dst-src-ipv6-addr (4) - Packets will be filtered if this destination or source
|
|
IPv6 address is identified as a match in received frames."
|
|
::= { swCpuAclIpv6MaskEntry 4 }
|
|
|
|
swCpuAclIpv6MaskSrcIpv6Mask OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the source IPv6 address and the mask options.
|
|
This should be a 16 byte octet string."
|
|
::= { swCpuAclIpv6MaskEntry 5 }
|
|
|
|
swCpuAclIpv6MaskDstIpv6Mask OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the destination IPv6 address and the mask options.
|
|
This should be a 16 byte octet string."
|
|
::= { swCpuAclIpv6MaskEntry 6 }
|
|
|
|
swCpuAclIpv6MaskRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swCpuAclIpv6MaskEntry 7 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
--swCpuACLMaskDelAllState
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuACLMaskDelAllState OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
none(1),
|
|
start(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Used to delete all software ACL masks."
|
|
::= { swCpuAclMaskMgmt 5 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swCpuAclEtherRuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuAclEtherRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwCpuAclEtherRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains Ethernet software ACL rule information."
|
|
::= { swCpuAclRuleMgmt 1 }
|
|
|
|
swCpuAclEtherRuleEntry OBJECT-TYPE
|
|
SYNTAX SwCpuAclEtherRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the software ACL rule of the layer 2 part of each packet."
|
|
INDEX { swCpuAclEtherRuleProfileID,swCpuAclEtherRuleAccessID }
|
|
::= { swCpuAclEtherRuleTable 1 }
|
|
|
|
SwCpuAclEtherRuleEntry ::=
|
|
SEQUENCE {
|
|
swCpuAclEtherRuleProfileID
|
|
INTEGER,
|
|
swCpuAclEtherRuleAccessID
|
|
INTEGER,
|
|
swCpuAclEtherRuleVlan
|
|
SnmpAdminString,
|
|
swCpuAclEtherRuleSrcMacAddress
|
|
MacAddress,
|
|
swCpuAclEtherRuleDstMacAddress
|
|
MacAddress,
|
|
swCpuAclEtherRule8021P
|
|
INTEGER,
|
|
swCpuAclEtherRuleEtherType
|
|
OCTET STRING,
|
|
swCpuAclEtherRulePermit
|
|
INTEGER,
|
|
swCpuAclEtherRuleRowStatus
|
|
RowStatus,
|
|
swCpuAclEtherRulePort
|
|
PortList,
|
|
swCpuAclEtherRuleMatchVID
|
|
INTEGER
|
|
}
|
|
|
|
swCpuAclEtherRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swCpuAclEtherRuleEntry 1 }
|
|
|
|
swCpuAclEtherRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL rule entry as it relates to swCpuAclEtherRuleProfileID."
|
|
::= { swCpuAclEtherRuleEntry 2 }
|
|
|
|
swCpuAclEtherRuleVlan OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to packets with the VLAN ID indexed by this VLAN name."
|
|
::= { swCpuAclEtherRuleEntry 3 }
|
|
|
|
swCpuAclEtherRuleSrcMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to the packets with
|
|
this source MAC address."
|
|
::= { swCpuAclEtherRuleEntry 4 }
|
|
|
|
swCpuAclEtherRuleDstMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to the packets with this destination MAC address."
|
|
::= { swCpuAclEtherRuleEntry 5 }
|
|
|
|
swCpuAclEtherRule8021P OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to packets with
|
|
this 802.1p priority value. A value of -1 indicates that this node is not actively used."
|
|
::= { swCpuAclEtherRuleEntry 6 }
|
|
|
|
swCpuAclEtherRuleEtherType OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to packets with this
|
|
802.1Q Ethernet type value in the packet header."
|
|
::= { swCpuAclEtherRuleEntry 7 }
|
|
|
|
swCpuAclEtherRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the packet examination is to 'permit' or 'deny'.
|
|
The default is 'permit'.
|
|
permit - Specifies that packets that match the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets that match the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered."
|
|
::= { swCpuAclEtherRuleEntry 8 }
|
|
|
|
swCpuAclEtherRuleRowStatus OBJECT-TYPE --swCpuAclEtherRuleState
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swCpuAclEtherRuleEntry 9 }
|
|
|
|
swCpuAclEtherRulePort OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s)."
|
|
::= { swCpuAclEtherRuleEntry 10 }
|
|
|
|
swCpuAclEtherRuleMatchVID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with
|
|
this VLAN ID."
|
|
::= { swCpuAclEtherRuleEntry 11 }
|
|
-- -----------------------------------------------------------------------------
|
|
-- swCpuAclIpRuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuAclIpRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwCpuAclIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains IPv4 software ACL rule information."
|
|
::= { swCpuAclRuleMgmt 2 }
|
|
|
|
swCpuAclIpRuleEntry OBJECT-TYPE
|
|
SYNTAX SwCpuAclIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about this software ACL rule."
|
|
INDEX { swCpuAclIpRuleProfileID , swCpuAclIpRuleAccessID }
|
|
::= { swCpuAclIpRuleTable 1 }
|
|
|
|
SwCpuAclIpRuleEntry ::=
|
|
SEQUENCE {
|
|
swCpuAclIpRuleProfileID
|
|
INTEGER,
|
|
swCpuAclIpRuleAccessID
|
|
INTEGER,
|
|
swCpuAclIpRuleVlan
|
|
SnmpAdminString,
|
|
swCpuAclIpRuleSrcIpaddress
|
|
IpAddress,
|
|
swCpuAclIpRuleDstIpaddress
|
|
IpAddress,
|
|
swCpuAclIpRuleDscp
|
|
INTEGER,
|
|
swCpuAclIpRuleProtocol
|
|
INTEGER,
|
|
swCpuAclIpRuleType
|
|
INTEGER,
|
|
swCpuAclIpRuleCode
|
|
INTEGER,
|
|
swCpuAclIpRuleSrcPort
|
|
INTEGER,
|
|
swCpuAclIpRuleDstPort
|
|
INTEGER,
|
|
swCpuAclIpRuleFlagBits
|
|
INTEGER,
|
|
swCpuAclIpRuleProtoID
|
|
INTEGER,
|
|
swCpuAclIpRuleUserMask
|
|
OCTET STRING,
|
|
swCpuAclIpRulePermit
|
|
INTEGER,
|
|
swCpuAclIpRuleRowStatus
|
|
RowStatus,
|
|
swCpuAclIpRulePort
|
|
PortList,
|
|
swCpuAclIpRuleMatchVID
|
|
INTEGER
|
|
}
|
|
|
|
swCpuAclIpRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swCpuAclIpRuleEntry 1 }
|
|
|
|
swCpuAclIpRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..65535)
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL for the IPv4 rule entry."
|
|
::= { swCpuAclIpRuleEntry 2 }
|
|
|
|
swCpuAclIpRuleVlan OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with the VLAN ID indexed by this VLAN name."
|
|
::= { swCpuAclIpRuleEntry 3 }
|
|
|
|
swCpuAclIpRuleSrcIpaddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies an IP source address."
|
|
::= { swCpuAclIpRuleEntry 4 }
|
|
|
|
swCpuAclIpRuleDstIpaddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies an IP destination address."
|
|
::= { swCpuAclIpRuleEntry 5 }
|
|
|
|
swCpuAclIpRuleDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of DSCP. The value can be configured from 0 to 63.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swCpuAclIpRuleEntry 6 }
|
|
|
|
swCpuAclIpRuleProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
icmp(2),
|
|
igmp(3),
|
|
tcp(4),
|
|
udp(5),
|
|
protocolId(6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IP protocol which has been configured in swCpuAclIpEntry."
|
|
::= { swCpuAclIpRuleEntry 7 }
|
|
|
|
swCpuAclIpRuleType OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the rule applies to the value of ICMP type traffic.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swCpuAclIpRuleEntry 8 }
|
|
|
|
swCpuAclIpRuleCode OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the rule applies to the value of ICMP code traffic.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swCpuAclIpRuleEntry 9 }
|
|
|
|
swCpuAclIpRuleSrcPort OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the rule applies to the range of TCP/UDP source ports.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swCpuAclIpRuleEntry 10 }
|
|
|
|
swCpuAclIpRuleDstPort OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the range of TCP/UDP destination ports.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swCpuAclIpRuleEntry 11 }
|
|
|
|
swCpuAclIpRuleFlagBits OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A value which indicates the set of TCP flags that this
|
|
entity may potentially offer. The value is a sum of flag bits.
|
|
This sum initially takes the value zero. Then, for each flag, L
|
|
is added in the range 1 through 6, for which this node performs
|
|
transactions where, 2^(L - 1) is added to the sum.
|
|
Note that values should be calculated accordingly:
|
|
|
|
Flag functionality
|
|
6 urg bit
|
|
5 ack bit
|
|
4 psh bit
|
|
3 rst bit
|
|
2 syn bit
|
|
1 fin bit
|
|
For example, it you want to enable urg bit and ack bit, you
|
|
should set the value 48{2^(5-1) + 2^(6-1)}."
|
|
::= { swCpuAclIpRuleEntry 12 }
|
|
|
|
swCpuAclIpRuleProtoID OBJECT-TYPE
|
|
SYNTAX INTEGER(-1..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the rule applies to the value of IP protocol ID traffic.
|
|
A value of -1 indicates that this node is not actively used."
|
|
::= { swCpuAclIpRuleEntry 13 }
|
|
|
|
swCpuAclIpRuleUserMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(20))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IP protocol ID and the range of
|
|
options behind the IP header."
|
|
::= { swCpuAclIpRuleEntry 14 }
|
|
|
|
swCpuAclIpRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the packet examination is to 'permit' or 'deny'.
|
|
The default is 'permit'.
|
|
permit - Specifies that packets that match the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets that match the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered."
|
|
::= { swCpuAclIpRuleEntry 15 }
|
|
|
|
swCpuAclIpRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swCpuAclIpRuleEntry 16 }
|
|
|
|
swCpuAclIpRulePort OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s)."
|
|
::= { swCpuAclIpRuleEntry 17 }
|
|
|
|
swCpuAclIpRuleMatchVID OBJECT-TYPE
|
|
SYNTAX INTEGER (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to packets with
|
|
this VLAN ID."
|
|
::= { swCpuAclIpRuleEntry 18 }
|
|
-- -----------------------------------------------------------------------------
|
|
-- swCpuAclPktContRuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuAclPktContRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwCpuAclPktContRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains user-defined software ACL rule information."
|
|
::= { swCpuAclRuleMgmt 3 }
|
|
|
|
swCpuAclPktContRuleEntry OBJECT-TYPE
|
|
SYNTAX SwCpuAclPktContRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the software ACL rule of the user-defined part of each packet."
|
|
INDEX { swCpuAclPktContRuleProfileID,swCpuAclPktContRuleAccessID }
|
|
::= { swCpuAclPktContRuleTable 1 }
|
|
|
|
SwCpuAclPktContRuleEntry ::=
|
|
SEQUENCE {
|
|
swCpuAclPktContRuleProfileID
|
|
INTEGER,
|
|
swCpuAclPktContRuleAccessID
|
|
INTEGER,
|
|
swCpuAclPktContRuleOffset0to15
|
|
OCTET STRING,
|
|
swCpuAclPktContRuleOffset16to31
|
|
OCTET STRING,
|
|
swCpuAclPktContRuleOffset32to47
|
|
OCTET STRING,
|
|
swCpuAclPktContRuleOffset48to63
|
|
OCTET STRING,
|
|
swCpuAclPktContRuleOffset64to79
|
|
OCTET STRING,
|
|
swCpuAclPktContRulePermit
|
|
INTEGER,
|
|
swCpuAclPktContRuleRowStatus
|
|
RowStatus,
|
|
swCpuAclPktContRulePort
|
|
PortList
|
|
}
|
|
swCpuAclPktContRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device."
|
|
::= { swCpuAclPktContRuleEntry 1 }
|
|
|
|
swCpuAclPktContRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the software ACL rule entry related to swCpuAclPktContRuleProfileID."
|
|
::= { swCpuAclPktContRuleEntry 2 }
|
|
|
|
swCpuAclPktContRuleOffset0to15 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swCpuAclPktContRuleEntry 3 }
|
|
|
|
swCpuAclPktContRuleOffset16to31 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swCpuAclPktContRuleEntry 4 }
|
|
|
|
swCpuAclPktContRuleOffset32to47 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swCpuAclPktContRuleEntry 5 }
|
|
|
|
swCpuAclPktContRuleOffset48to63 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swCpuAclPktContRuleEntry 6 }
|
|
|
|
swCpuAclPktContRuleOffset64to79 OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the user-defined packet."
|
|
::= { swCpuAclPktContRuleEntry 7 }
|
|
|
|
swCpuAclPktContRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the packet examination is to 'permit' or 'deny'.
|
|
The default is 'permit'.
|
|
permit - Specifies that packets that match the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets that match the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered."
|
|
::= { swCpuAclPktContRuleEntry 8 }
|
|
|
|
swCpuAclPktContRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swCpuAclPktContRuleEntry 9 }
|
|
|
|
swCpuAclPktContRulePort OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will only apply to port(s)."
|
|
::= { swCpuAclPktContRuleEntry 10 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swCpuAclIpv6RuleTable
|
|
-- -----------------------------------------------------------------------------
|
|
swCpuAclIpv6RuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwCpuAclIpv6RuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contains user-defined ACL rule information."
|
|
::= { swCpuAclRuleMgmt 4 }
|
|
|
|
swCpuAclIpv6RuleEntry OBJECT-TYPE
|
|
SYNTAX SwCpuAclIpv6RuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about the ACL rule of the user-defined part of each packet."
|
|
INDEX { swCpuAclIpv6RuleProfileID,swCpuAclIpv6RuleAccessID }
|
|
::= { swCpuAclIpv6RuleTable 1 }
|
|
|
|
SwCpuAclIpv6RuleEntry ::=
|
|
SEQUENCE {
|
|
swCpuAclIpv6RuleProfileID
|
|
INTEGER,
|
|
swCpuAclIpv6RuleAccessID
|
|
INTEGER,
|
|
swCpuAclIpv6RuleClass
|
|
INTEGER,
|
|
swCpuAclIpv6RuleFlowlabel
|
|
OCTET STRING,
|
|
swCpuAclIpv6RuleSrcIpv6Addr
|
|
Ipv6Address,
|
|
swCpuAclIpv6RuleDstIpv6Addr
|
|
Ipv6Address,
|
|
swCpuAclIpv6RulePermit
|
|
INTEGER,
|
|
swCpuAclIpv6RuleRowStatus
|
|
RowStatus,
|
|
swCpuAclIpv6RulePort
|
|
PortList
|
|
}
|
|
swCpuAclIpv6RuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry. This is unique in the mask list. The maximum value of this object depends on the device."
|
|
::= { swCpuAclIpv6RuleEntry 1 }
|
|
|
|
swCpuAclIpv6RuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry in relation to swCpuAclIpv6RuleProfileID."
|
|
::= { swCpuAclIpv6RuleEntry 2 }
|
|
|
|
swCpuAclIpv6RuleClass OBJECT-TYPE
|
|
SYNTAX INTEGER (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IPv6 class field."
|
|
::= { swCpuAclIpv6RuleEntry 3 }
|
|
|
|
swCpuAclIpv6RuleFlowlabel OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IPv6 flowlabel field."
|
|
::= { swCpuAclIpv6RuleEntry 4 }
|
|
|
|
swCpuAclIpv6RuleSrcIpv6Addr OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the source IPv6 address.
|
|
This should be a 16 byte octet string."
|
|
::= { swCpuAclIpv6RuleEntry 5 }
|
|
|
|
swCpuAclIpv6RuleDstIpv6Addr OBJECT-TYPE
|
|
SYNTAX Ipv6Address
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the destination IPv6 address.
|
|
This should be a 16 byte octet string."
|
|
::= { swCpuAclIpv6RuleEntry 6 }
|
|
|
|
swCpuAclIpv6RulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if the result of the examination is to 'permit' or 'deny'.
|
|
The default is 'permit' (1).
|
|
permit - Specifies that packets that match the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets that match the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered."
|
|
::= { swCpuAclIpv6RuleEntry 7 }
|
|
|
|
swCpuAclIpv6RuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swCpuAclIpv6RuleEntry 8 }
|
|
|
|
swCpuAclIpv6RulePort OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access rule will apply only to port(s)."
|
|
::= { swCpuAclIpv6RuleEntry 9 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
-- swAclMeteringMgmt
|
|
-- -----------------------------------------------------------------------------
|
|
swAclMeterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwAclMeterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used to configure the flow-based metering function.
|
|
The access rule must first be created before the parameters of this
|
|
function can be applied. Users may set the preferred bandwidth for
|
|
this rule, in Kbps; once the bandwidth has been exceeded, overflow
|
|
packets will be either dropped or set for a drop precedence,
|
|
depending on user configuration."
|
|
::= { swAclMeteringMgmt 1 }
|
|
|
|
swAclMeterEntry OBJECT-TYPE
|
|
SYNTAX SwAclMeterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This entry displays parameters and configurations set for the flow
|
|
metering function."
|
|
INDEX { swAclMeterProfileID, swAclMeterAccessID}
|
|
::= { swAclMeterTable 1 }
|
|
|
|
SwAclMeterEntry ::=
|
|
SEQUENCE {
|
|
swAclMeterProfileID
|
|
INTEGER,
|
|
swAclMeterAccessID
|
|
INTEGER,
|
|
swAclMeterRate
|
|
INTEGER,
|
|
swAclMeterActionForRateExceed
|
|
INTEGER,
|
|
swAclMeterRemarkDscp
|
|
INTEGER,
|
|
swAclMeterBurstSize
|
|
INTEGER,
|
|
swAclMeterMode
|
|
INTEGER,
|
|
swAclMeterTrtcmCir
|
|
INTEGER,
|
|
swAclMeterTrtcmCbs
|
|
INTEGER,
|
|
swAclMeterTrtcmPir
|
|
INTEGER,
|
|
swAclMeterTrtcmPbs
|
|
INTEGER,
|
|
swAclMeterTrtcmColorMode
|
|
INTEGER,
|
|
swAclMeterTrtcmConformState
|
|
INTEGER,
|
|
swAclMeterTrtcmConformReplaceDscp
|
|
INTEGER,
|
|
swAclMeterTrtcmConformCounterState
|
|
INTEGER,
|
|
swAclMeterTrtcmExceedState
|
|
INTEGER,
|
|
swAclMeterTrtcmExceedReplaceDscp
|
|
INTEGER,
|
|
swAclMeterTrtcmExceedCounterState
|
|
INTEGER,
|
|
swAclMeterTrtcmViolateState
|
|
INTEGER,
|
|
swAclMeterTrtcmViolateReplaceDscp
|
|
INTEGER,
|
|
swAclMeterTrtcmViolateCounterState
|
|
INTEGER,
|
|
swAclMeterSrtcmCir
|
|
INTEGER,
|
|
swAclMeterSrtcmCbs
|
|
INTEGER,
|
|
swAclMeterSrtcmEbs
|
|
INTEGER,
|
|
swAclMeterSrtcmColorMode
|
|
INTEGER,
|
|
swAclMeterSrtcmConformState
|
|
INTEGER,
|
|
swAclMeterSrtcmConformReplaceDscp
|
|
INTEGER,
|
|
swAclMeterSrtcmConformCounterState
|
|
INTEGER,
|
|
swAclMeterSrtcmExceedState
|
|
INTEGER,
|
|
swAclMeterSrtcmExceedReplaceDscp
|
|
INTEGER,
|
|
swAclMeterSrtcmExceedCounterState
|
|
INTEGER,
|
|
swAclMeterSrtcmViolateState
|
|
INTEGER,
|
|
swAclMeterSrtcmViolateReplaceDscp
|
|
INTEGER,
|
|
swAclMeterSrtcmViolateCounterState
|
|
INTEGER,
|
|
swAclMeterRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
swAclMeterProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL mask entry is unique in the mask list. The maximum value of this object depends on the device."
|
|
::= { swAclMeterEntry 1 }
|
|
|
|
swAclMeterAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER(1..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the ACL rule entry as related to the swAclMeterProfileID."
|
|
::= { swAclMeterEntry 2 }
|
|
|
|
swAclMeterRate OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the committed bandwidth in Kbps for the flow.
|
|
NOTE:
|
|
1. Specifying 0 will disable this flow meter setting.
|
|
2. Users must set the swAclMeterActionForRateExceed object to activate this entry."
|
|
::= { swAclMeterEntry 3 }
|
|
|
|
swAclMeterActionForRateExceed OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
drop-packet(2),
|
|
set-drop-precedence(3),
|
|
remark-dscp(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action to take for those packets exceeding the committed rate.
|
|
NOTE:
|
|
Users must also set the swAclMeterRate to activate this entry."
|
|
::= { swAclMeterEntry 4 }
|
|
|
|
swAclMeterRemarkDscp OBJECT-TYPE
|
|
SYNTAX INTEGER (0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Mark the packet with a specified DSCP.
|
|
It can be set when swAclMeterActionForRateExceed sets remark-dscp (3)."
|
|
::= { swAclMeterEntry 5 }
|
|
|
|
swAclMeterBurstSize OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This specifies the burst size for the single rate two color mode.
|
|
The unit is Kbytes. That is to say, 1 means 1kbytes.
|
|
The set value range is 0..n, the value n is determined by project,
|
|
the value of 0 means to delete this flow_meter setting."
|
|
::= { swAclMeterEntry 6 }
|
|
|
|
swAclMeterMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
tr-tcm(2),
|
|
sr-tcm(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"tr-tcm: two rate three color mode;
|
|
sr-tcm: single rate three color mode.
|
|
"
|
|
::= { swAclMeterEntry 7 }
|
|
|
|
swAclMeterTrtcmCir OBJECT-TYPE
|
|
SYNTAX INTEGER (1..156249)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the 'committed information rate' of 'two rate three color mode'.
|
|
The unit is Kbps."
|
|
::= { swAclMeterEntry 8 }
|
|
|
|
swAclMeterTrtcmCbs OBJECT-TYPE
|
|
SYNTAX INTEGER (1..16384)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the 'committed burst size' of 'two rate three color mode'.
|
|
1. The unit is Kbytes. That is to say, 1 means 1Kbytes.
|
|
2. This parameter is an optional parameter. The default value is 4*1024.
|
|
3. The max set value is 16*1024.
|
|
"
|
|
::= { swAclMeterEntry 9 }
|
|
|
|
swAclMeterTrtcmPir OBJECT-TYPE
|
|
SYNTAX INTEGER (1..156249)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the 'Peak Information Rate' of 'two rate three color mode'.
|
|
The unit is Kbps."
|
|
::= { swAclMeterEntry 10 }
|
|
|
|
swAclMeterTrtcmPbs OBJECT-TYPE
|
|
SYNTAX INTEGER (1..16384)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the 'peak burst size' of 'two rate three color mode'.
|
|
1. The unit is Kbytes. That is to say, 1 means 1kbytes.
|
|
2. This parameter is an optional parameter. The default value is 4*1024.
|
|
3. The max set value is 16*1024.
|
|
"
|
|
::= { swAclMeterEntry 11 }
|
|
|
|
swAclMeterTrtcmColorMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
color-blind(1),
|
|
color-aware(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the meter mode.
|
|
The default is color-blind mode. The final color of the packet is determined
|
|
by the initial color of the packet and the metering result."
|
|
::= { swAclMeterEntry 12 }
|
|
|
|
swAclMeterTrtcmConformState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
permit(2),
|
|
replace-dscp(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action state when packet is in 'green color'.
|
|
permit: permit the packet.
|
|
replace-dscp: change the DSCP value of packet.
|
|
"
|
|
::= { swAclMeterEntry 13 }
|
|
|
|
swAclMeterTrtcmConformReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER (0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the DSCP value of the packet when the packet is in 'green color'."
|
|
::= { swAclMeterEntry 14 }
|
|
|
|
swAclMeterTrtcmConformCounterState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the counter state when the packet is in 'green color'.
|
|
1. This is optional. The default is 'disable'.
|
|
2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
|
|
3. counter will be cleared when the function is disabled.
|
|
"
|
|
::= { swAclMeterEntry 15 }
|
|
|
|
swAclMeterTrtcmExceedState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
permit(2),
|
|
replace-dscp(3),
|
|
drop(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action state when packet is in 'yellow color'.
|
|
permit: permit the packet.
|
|
replace-dscp: change the DSCP value of the packet.
|
|
drop: drop the packet.
|
|
"
|
|
::= { swAclMeterEntry 16 }
|
|
|
|
swAclMeterTrtcmExceedReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER (0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the DSCP value of packet when packet is in 'yellow color'."
|
|
::= { swAclMeterEntry 17 }
|
|
|
|
swAclMeterTrtcmExceedCounterState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the counter state when packet is in 'yellow color'.
|
|
1. This is optional. The default is 'disable'.
|
|
2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
|
|
3. counter will be cleared when the function is disabled.
|
|
"
|
|
::= { swAclMeterEntry 18 }
|
|
|
|
swAclMeterTrtcmViolateState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
permit(2),
|
|
replace-dscp(3),
|
|
drop(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action state when packet is in 'red color'.
|
|
permit: permit the packet.
|
|
replace-dscp: change the DSCP value of packet.
|
|
drop: drop the packet.
|
|
"
|
|
::= { swAclMeterEntry 19 }
|
|
|
|
swAclMeterTrtcmViolateReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER (0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the DSCP value of the packet when packet is in 'red color'."
|
|
::= { swAclMeterEntry 20 }
|
|
|
|
swAclMeterTrtcmViolateCounterState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the counter state when packet is in 'red color'.
|
|
1. This is optional. The default is 'disable'.
|
|
2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
|
|
3. counter will be cleared when the function is disabled.
|
|
"
|
|
::= { swAclMeterEntry 21 }
|
|
|
|
swAclMeterSrtcmCir OBJECT-TYPE
|
|
SYNTAX INTEGER (1..156249)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the 'committed information rate' of 'single rate three color mode'.
|
|
The unit is Kbps."
|
|
::= { swAclMeterEntry 22 }
|
|
|
|
swAclMeterSrtcmCbs OBJECT-TYPE
|
|
SYNTAX INTEGER (1..16384)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the 'committed burst size' of 'single rate three color mode'.
|
|
1. The unit is Kbytes. That is to say, 1 means 1Kbytes.
|
|
2. The max set value is 16*1024.
|
|
"
|
|
::= { swAclMeterEntry 23 }
|
|
|
|
swAclMeterSrtcmEbs OBJECT-TYPE
|
|
SYNTAX INTEGER (1..16384)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the 'Excess burst size' of 'single rate three color mode'.
|
|
1. The unit is Kbytes. That is to say, 1 means 1kbytes.
|
|
2. The max set value is 16*1024.
|
|
"
|
|
::= { swAclMeterEntry 24 }
|
|
|
|
swAclMeterSrtcmColorMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
color-blind(1),
|
|
color-aware(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the meter mode.
|
|
The default is color-blind mode. The final color of packet is determined
|
|
by the initial color of the packet and the metering result."
|
|
::= { swAclMeterEntry 25 }
|
|
|
|
swAclMeterSrtcmConformState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
permit(2),
|
|
replace-dscp(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action state when the packet is in 'green color'.
|
|
permit: permit the packet.
|
|
replace-dscp: change the DSCP value of packet.
|
|
"
|
|
::= { swAclMeterEntry 26 }
|
|
|
|
swAclMeterSrtcmConformReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER (0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the DSCP value of the packet when packet is in 'green color'."
|
|
::= { swAclMeterEntry 27 }
|
|
|
|
swAclMeterSrtcmConformCounterState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the counter state when the packet is in 'green color'.
|
|
1. This is optional. The default is 'disable'.
|
|
2. The resource may be limited such that counter can not be turned on. The limitation is project dependent.
|
|
3. counter will be cleared when the function is disabled.
|
|
"
|
|
::= { swAclMeterEntry 28 }
|
|
|
|
swAclMeterSrtcmExceedState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
permit(2),
|
|
replace-dscp(3),
|
|
drop(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action state when the packet is in 'yellow color'.
|
|
permit: permit the packet.
|
|
replace-dscp: change the DSCP value of packet.
|
|
drop: drop the packet.
|
|
"
|
|
::= { swAclMeterEntry 29 }
|
|
|
|
swAclMeterSrtcmExceedReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER (0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the DSCP value of the packet when packet is in 'yellow color'."
|
|
::= { swAclMeterEntry 30 }
|
|
|
|
swAclMeterSrtcmExceedCounterState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the counter state when the packet is in 'yellow color'.
|
|
1. This is optional. The default is 'disable'.
|
|
2. The resource may be limited such that counter can not be turned on. The limitation is project dependent.
|
|
3. counter will be cleared when the function is disabled.
|
|
"
|
|
::= { swAclMeterEntry 31 }
|
|
|
|
swAclMeterSrtcmViolateState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
permit(2),
|
|
replace-dscp(3),
|
|
drop(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action state when the packet is in 'red color'.
|
|
permit: permit the packet.
|
|
replace-dscp: change the DSCP value of packet.
|
|
drop: drop the packet.
|
|
"
|
|
::= { swAclMeterEntry 32 }
|
|
|
|
swAclMeterSrtcmViolateReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER (0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the DSCP value of the packet when packet is in 'red color'."
|
|
::= { swAclMeterEntry 33 }
|
|
|
|
swAclMeterSrtcmViolateCounterState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the counter state when the packet is in 'red color'.
|
|
1. This is optional. The default is 'disable'.
|
|
2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent.
|
|
3. counter will be cleared when the function is disabled.
|
|
"
|
|
::= { swAclMeterEntry 34 }
|
|
|
|
swAclMeterRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swAclMeterEntry 35 }
|
|
|
|
swAclMeteringNumOfEntryInUse OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Used to display total entries of the flow metering."
|
|
::= { swAclMeteringMgmt 2 }
|
|
|
|
|
|
|
|
|
|
END
|
|
|
|
|