1224 lines
41 KiB
Plaintext
1224 lines
41 KiB
Plaintext
-- ACLMGMT mib
|
|
-- Draft Ver 0.3 2003/3/30 04:04¤U¤È
|
|
-- History:
|
|
-- Index in the Mask and Rule table, change their ACCESS from read-create to read-only
|
|
-- --------------------------------------------------------------------------------------
|
|
-- Draft Ver 0.1 2003/2/27 02:44¤U¤È by Scott Sung
|
|
-- Draft Ver 0.2 2003/3/12 10:43¤U¤È by Richard Chang
|
|
-- Draft Ver 0.3 2003/8/13 10:43¤U¤È by Scott Sung ,add swACLIpTCPFlagBit for DGS3x12S
|
|
-- --------------------------------------------------------------------------------------
|
|
SW-DES3x50-ACLMGMT-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE,
|
|
MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32
|
|
FROM SNMPv2-SMI
|
|
MacAddress, RowStatus FROM SNMPv2-TC
|
|
DisplayString FROM RFC1213-MIB
|
|
SnmpAdminString FROM SNMP-FRAMEWORK-MIB
|
|
PortList FROM Q-BRIDGE-MIB
|
|
dlink-mgmt FROM DLINK-ID-REC-MIB;
|
|
|
|
swAclMgmtMIB MODULE-IDENTITY
|
|
LAST-UPDATED "0007150000Z"
|
|
ORGANIZATION "enterprise, Inc."
|
|
CONTACT-INFO
|
|
" Customer Service
|
|
|
|
Postal:
|
|
|
|
Tel:
|
|
|
|
E-mail: "
|
|
DESCRIPTION
|
|
"The Structure of Access Control List Information for the
|
|
proprietary enterprise."
|
|
::= { dlink-mgmt 5 }
|
|
|
|
swAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 }
|
|
swAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 }
|
|
|
|
|
|
--***************************************************************************
|
|
--swACLEthernetTable
|
|
--***************************************************************************
|
|
swACLEthernetTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLEthernetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contain ACL mask of Ethernet information.
|
|
Access profiles will be created on the switch by row creation and to
|
|
define which parts of each incoming frame's layer 2 part of header
|
|
the switch will examine. Masks can be entered that will be combined
|
|
with the values the switch finds in the specified frame header fields. "
|
|
::= { swAclMaskMgmt 1 }
|
|
|
|
swACLEthernetEntry OBJECT-TYPE
|
|
SYNTAX SwACLEthernetEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about ACL of Ethernet."
|
|
INDEX { swACLEthernetProfileID }
|
|
::= { swACLEthernetTable 1 }
|
|
|
|
SwACLEthernetEntry ::=
|
|
SEQUENCE {
|
|
swACLEthernetProfileID
|
|
INTEGER,
|
|
swACLEthernetUsevlan
|
|
INTEGER,
|
|
swACLEthernetMacAddrMaskState
|
|
INTEGER,
|
|
swACLEthernetSrcMacAddrMask
|
|
MacAddress,
|
|
swACLEthernetDstMacAddrMask
|
|
MacAddress,
|
|
swACLEthernetUse8021p
|
|
INTEGER,
|
|
swACLEthernetUseEthernetType
|
|
INTEGER,
|
|
swACLEthernetPort
|
|
PortList,
|
|
swACLEthernetRowStatus
|
|
RowStatus
|
|
}
|
|
swACLEthernetProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..255)
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of ACL mask entry ,and is unique in the mask list."
|
|
::= { swACLEthernetEntry 1 }
|
|
|
|
swACLEthernetUsevlan OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the switch will examine the VLAN part of each packet header."
|
|
::= { swACLEthernetEntry 2 }
|
|
|
|
swACLEthernetMacAddrMaskState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-mac-addr(2),
|
|
src-mac-addr(3),
|
|
dst-src-mac-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of MAC address mask.
|
|
|
|
other(1) - Neither source MAC address nor destination MAC address are
|
|
masked.
|
|
dst-mac-addr(2) - recieved frames's destination MAC address are
|
|
currently used to be filtered as it meets with the MAC
|
|
address entry of the table.
|
|
src-mac-addr(3) - recieved frames's source MAC address are currently
|
|
used to be filtered as it meets with the MAC address entry
|
|
of the table.
|
|
dst-src-mac-addr(4) - recieved frames's destination MAC address or
|
|
source MAC address are currently used to be filtered as it meets
|
|
with the MAC address entry of the table."
|
|
::= { swACLEthernetEntry 3 }
|
|
|
|
swACLEthernetSrcMacAddrMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object Specifies the MAC address mask for the source MAC address."
|
|
::= { swACLEthernetEntry 4 }
|
|
|
|
swACLEthernetDstMacAddrMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object Specifies the MAC address mask for the destination MAC address."
|
|
::= { swACLEthernetEntry 5 }
|
|
|
|
swACLEthernetUse8021p OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will examine the 802.1p priority value in the frame's header
|
|
or not."
|
|
::= { swACLEthernetEntry 6 }
|
|
|
|
swACLEthernetUseEthernetType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies if the switch will examine the Ethernet type value in each frame's header
|
|
or not."
|
|
::= { swACLEthernetEntry 7 }
|
|
|
|
swACLEthernetPort OBJECT-TYPE
|
|
SYNTAX PortList(SIZE (0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swACLEthernetEntry 8 }
|
|
|
|
swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLEthernetEntry 9 }
|
|
|
|
|
|
--***************************************************************************
|
|
--swACLIpTable
|
|
--***************************************************************************
|
|
swACLIpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contain ACL mask of IP information.
|
|
Access profiles will be created on the switch by row creation and to
|
|
define which parts of each incoming frame's IP layer part of header
|
|
the switch will examine. Masks can be entered that will be combined
|
|
with the values the switch finds in the specified frame header fields."
|
|
::= { swAclMaskMgmt 2 }
|
|
|
|
swACLIpEntry OBJECT-TYPE
|
|
SYNTAX SwACLIpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about ACL of IP Layer."
|
|
INDEX { swACLIpProfileID }
|
|
::= { swACLIpTable 1 }
|
|
|
|
SwACLIpEntry ::=
|
|
SEQUENCE {
|
|
swACLIpProfileID
|
|
INTEGER,
|
|
swACLIpUsevlan
|
|
INTEGER,
|
|
swACLIpIpAddrMaskState
|
|
INTEGER,
|
|
swACLIpSrcIpAddrMask
|
|
IpAddress,
|
|
swACLIpDstIpAddrMask
|
|
IpAddress,
|
|
swACLIpUseDSCP
|
|
INTEGER,
|
|
swACLIpUseProtoType
|
|
INTEGER,
|
|
swACLIpIcmpOption
|
|
INTEGER,
|
|
swACLIpIgmpOption
|
|
INTEGER,
|
|
swACLIpTcpOption
|
|
INTEGER,
|
|
swACLIpUdpOption
|
|
INTEGER,
|
|
swACLIpTCPorUDPSrcPortMask
|
|
OCTET STRING,
|
|
swACLIpTCPorUDPDstPortMask
|
|
OCTET STRING,
|
|
swACLIpTCPFlagBit
|
|
INTEGER,
|
|
swACLIpProtoIDOption
|
|
INTEGER,
|
|
swACLIpProtoIDMask
|
|
OCTET STRING,
|
|
swACLIpPort
|
|
PortList,
|
|
swACLIpRowStatus
|
|
RowStatus
|
|
}
|
|
swACLIpProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of ACL mask entry ,and is unique in the mask list."
|
|
::= { swACLIpEntry 1 }
|
|
|
|
swACLIpUsevlan OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates if IP layer vlan is examined or not."
|
|
::= { swACLIpEntry 2 }
|
|
|
|
swACLIpIpAddrMaskState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-ip-addr(2),
|
|
src-ip-addr(3),
|
|
dst-src-ip-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of IP address mask.
|
|
|
|
other(1) - Neither source IP address nor destination IP address are
|
|
masked.
|
|
dst-ip-addr(2) - recieved frames's destination IP address are
|
|
currently used to be filtered as it meets with the IP
|
|
address entry of the table.
|
|
src-ip-addr(3) - recieved frames's source IP address are currently
|
|
used to be filtered as it meets with the IP address entry of
|
|
the table.
|
|
dst-src-ip-addr(4) - recieved frames's destination IP address or
|
|
source IP address are currently used to be filtered as it meets
|
|
with the IP address entry of the table."
|
|
::= { swACLIpEntry 3 }
|
|
|
|
swACLIpSrcIpAddrMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object Specifies IP address mask for the source IP address."
|
|
::= { swACLIpEntry 4 }
|
|
|
|
swACLIpDstIpAddrMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object Specifies the IP address mask for the destination IP address."
|
|
::= { swACLIpEntry 5 }
|
|
|
|
swACLIpUseDSCP OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates DSCP protocol is is examined or not."
|
|
::= { swACLIpEntry 6 }
|
|
|
|
swACLIpUseProtoType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
icmp(2),
|
|
igmp(3),
|
|
tcp(4),
|
|
udp(5),
|
|
protocolId(6)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"That object indicates which protocol will be examined."
|
|
::= { swACLIpEntry 7 }
|
|
|
|
swACLIpIcmpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
type(2),
|
|
code(3),
|
|
type-code(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates which fields should be filled in of ICMP.
|
|
none(1)- two fields are null.
|
|
type(2)- type field should be filled in.
|
|
code(3)- code field should be filled in.
|
|
type-code(4)- not only type fileld but code field should be filled in.
|
|
"
|
|
::= { swACLIpEntry 8 }
|
|
|
|
swACLIpIgmpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates Options of IGMP is examined or not."
|
|
::= { swACLIpEntry 9 }
|
|
|
|
swACLIpTcpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-addr(2),
|
|
src-addr(3),
|
|
dst-src-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of filtered address of TCP.
|
|
|
|
other(1) - Neither source port nor destination port are
|
|
masked.
|
|
dst-addr(2) - recieved frames's destination port are
|
|
currently used to be filtered .
|
|
src-addr(3) - recieved frames's source port are currently
|
|
used to be filtered .
|
|
dst-src-addr(4) - both recieved frames's destination port and
|
|
source port are currently used to be filtered ."
|
|
::= { swACLIpEntry 10 }
|
|
|
|
swACLIpUdpOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
other(1),
|
|
dst-addr(2),
|
|
src-addr(3),
|
|
dst-src-addr(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of filtered address of UDP .
|
|
|
|
other(1) - Neither source port nor destination port are
|
|
masked.
|
|
dst-addr(2) - recieved frames's destination port are
|
|
currently used to be filtered .
|
|
src-addr(3) - recieved frames's source port are currently
|
|
used to be filtered .
|
|
dst-src-addr(4) - recieved frames's destination port or
|
|
source port are currently used to be filtered."
|
|
|
|
::= { swACLIpEntry 11 }
|
|
|
|
swACLIpTCPorUDPSrcPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP port mask for the source port if swACLIpUseProtoType is TCP
|
|
Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP.
|
|
"
|
|
::= { swACLIpEntry 12 }
|
|
|
|
swACLIpTCPorUDPDstPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP port mask for the destination port if swACLIpUseProtoType is TCP
|
|
Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP."
|
|
::= { swACLIpEntry 13 }
|
|
|
|
swACLIpTCPFlagBit OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a TCP connection flag mask."
|
|
::= { swACLIpEntry 14 }
|
|
|
|
swACLIpProtoIDOption OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enable(1),
|
|
disable(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the switch will examine each frame's Protocol ID field or not."
|
|
::= { swACLIpEntry 15 }
|
|
|
|
swACLIpProtoIDMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the rule applies to the IP protocol ID and the mask options
|
|
behind the IP header."
|
|
::= { swACLIpEntry 16 }
|
|
|
|
swACLIpPort OBJECT-TYPE
|
|
SYNTAX PortList(SIZE (0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swACLIpEntry 17 }
|
|
|
|
swACLIpRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLIpEntry 18 }
|
|
|
|
--****************************************************************************
|
|
--swACLPayloadEntry
|
|
--****************************************************************************
|
|
swACLPayloadTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPayloadEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swAclMaskMgmt 3 }
|
|
|
|
swACLPayloadEntry OBJECT-TYPE
|
|
SYNTAX SwACLPayloadEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { swACLPayloadProfileID }
|
|
::= { swACLPayloadTable 1 }
|
|
|
|
SwACLPayloadEntry ::=
|
|
SEQUENCE {
|
|
swACLPayloadProfileID
|
|
INTEGER,
|
|
swACLPayloadOffSet0to15
|
|
OCTET STRING,
|
|
swACLPayloadOffSet16to31
|
|
OCTET STRING,
|
|
swACLPayloadOffSet32to47
|
|
OCTET STRING,
|
|
swACLPayloadOffSet48to63
|
|
OCTET STRING,
|
|
swACLPayloadOffSet64to79
|
|
OCTET STRING,
|
|
swACLPayloadPort
|
|
PortList,
|
|
swACLPayloadRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
swACLPayloadProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swACLPayloadEntry 1 }
|
|
|
|
swACLPayloadOffSet0to15 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swACLPayloadEntry 2}
|
|
|
|
swACLPayloadOffSet16to31 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swACLPayloadEntry 3}
|
|
|
|
swACLPayloadOffSet32to47 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swACLPayloadEntry 4 }
|
|
|
|
|
|
swACLPayloadOffSet48to63 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swACLPayloadEntry 5 }
|
|
|
|
swACLPayloadOffSet64to79 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swACLPayloadEntry 6 }
|
|
|
|
swACLPayloadPort OBJECT-TYPE
|
|
SYNTAX PortList(SIZE (0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swACLPayloadEntry 7 }
|
|
|
|
swACLPayloadRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= {swACLPayloadEntry 8}
|
|
|
|
--***************************************************************************
|
|
--swACLEtherRuleTable
|
|
--***************************************************************************
|
|
swACLEtherRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLEtherRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table contain ACL rule of ethernet information."
|
|
::= { swAclRuleMgmt 1 }
|
|
|
|
swACLEtherRuleEntry OBJECT-TYPE
|
|
SYNTAX SwACLEtherRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A list of information about ACL rule of the layer 2 part of each packet."
|
|
INDEX { swACLEtherRuleProfileID,swACLEtherRuleAccessID }
|
|
::= { swACLEtherRuleTable 1 }
|
|
|
|
SwACLEtherRuleEntry ::=
|
|
SEQUENCE {
|
|
swACLEtherRuleProfileID
|
|
INTEGER,
|
|
swACLEtherRuleAccessID
|
|
INTEGER,
|
|
swACLEtherRuleVlan
|
|
SnmpAdminString,
|
|
swACLEtherRuleSrcMacAddress
|
|
MacAddress,
|
|
swACLEtherRuleDstMacAddress
|
|
MacAddress,
|
|
swACLEtherRule8021P
|
|
INTEGER,
|
|
swACLEtherRuleEtherType
|
|
OCTET STRING,
|
|
swACLEtherRuleEnablePriority
|
|
INTEGER,
|
|
swACLEtherRulePriority
|
|
INTEGER,
|
|
swACLEtherRuleReplacePriority
|
|
INTEGER,
|
|
swACLEtherRuleEnableReplaceDscp
|
|
INTEGER,
|
|
swACLEtherRuleRepDscp
|
|
INTEGER,
|
|
swACLEtherRulePermit
|
|
INTEGER,
|
|
swACLEtherRuleRowStatus
|
|
RowStatus
|
|
}
|
|
swACLEtherRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of ACL mask entry ,and is unique in the mask list."
|
|
::= { swACLEtherRuleEntry 1 }
|
|
|
|
swACLEtherRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of ACL rule entry relate to swACLEtherRuleProfileID."
|
|
::= { swACLEtherRuleEntry 2 }
|
|
|
|
swACLEtherRuleVlan OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access will apply to only to this VLAN."
|
|
::= { swACLEtherRuleEntry 3 }
|
|
|
|
swACLEtherRuleSrcMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access will apply to only packets with
|
|
this source MAC address."
|
|
::= { swACLEtherRuleEntry 4 }
|
|
|
|
swACLEtherRuleDstMacAddress OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access will apply to only packets
|
|
with this destination MAC address."
|
|
::= { swACLEtherRuleEntry 5 }
|
|
|
|
swACLEtherRule8021P OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access will apply only to packets with
|
|
this 802.1p priority value."
|
|
::= { swACLEtherRuleEntry 6 }
|
|
|
|
swACLEtherRuleEtherType OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access will apply only to packets with this
|
|
hexidecimal 802.1Q Ethernet type value in the packet header."
|
|
::= { swACLEtherRuleEntry 7 }
|
|
|
|
swACLEtherRuleEnablePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access will apply only to packets with
|
|
priority value."
|
|
::= { swACLEtherRuleEntry 8 }
|
|
|
|
swACLEtherRulePriority OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific the priority will change to the packets while the swACLEtherRuleReplacePriority
|
|
is enabled ."
|
|
::= { swACLEtherRuleEntry 9 }
|
|
|
|
swACLEtherRuleReplacePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific the packets that match the access profile will changed the
|
|
802.1p priority tag field by the switch or not ."
|
|
::= { swACLEtherRuleEntry 10 }
|
|
|
|
swACLEtherRuleEnableReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific the packets that match the access profile will replaced the
|
|
DSCP field by the switch or not ."
|
|
::= { swACLEtherRuleEntry 11 }
|
|
|
|
swACLEtherRuleRepDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"specify a value to be written to the DSCP field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the DSCP field of the packet."
|
|
::= { swACLEtherRuleEntry 12 }
|
|
|
|
swACLEtherRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates resoult of examination is permit or deny;default is permit(1)
|
|
permit - Specifies that packets that match the access profile are
|
|
permitted to be forwarded by the switch.
|
|
deny - Specifies that packets that do not match the access profile
|
|
are not permitted to be forwarded by the switch and will be filtered."
|
|
::= { swACLEtherRuleEntry 13 }
|
|
|
|
swACLEtherRuleRowStatus OBJECT-TYPE --swACLEtherRuleState
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLEtherRuleEntry 14 }
|
|
|
|
--***************************************************************************
|
|
--swACLIpRuleTable
|
|
--***************************************************************************
|
|
swACLIpRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
::= { swAclRuleMgmt 2 }
|
|
|
|
swACLIpRuleEntry OBJECT-TYPE
|
|
SYNTAX SwACLIpRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"."
|
|
INDEX { swACLIpRuleProfileID , swACLIpRuleAccessID }
|
|
::= { swACLIpRuleTable 1 }
|
|
|
|
SwACLIpRuleEntry ::=
|
|
SEQUENCE {
|
|
swACLIpRuleProfileID
|
|
INTEGER,
|
|
swACLIpRuleAccessID
|
|
INTEGER,
|
|
swACLIpRuleVlan
|
|
SnmpAdminString,
|
|
swACLIpRuleSrcIpaddress
|
|
IpAddress,
|
|
swACLIpRuleDstIpaddress
|
|
IpAddress,
|
|
swACLIpRuleDscp
|
|
INTEGER,
|
|
swACLIpRuleProtocol
|
|
INTEGER,
|
|
swACLIpRuleType
|
|
INTEGER,
|
|
swACLIpRuleCode
|
|
INTEGER,
|
|
swACLIpRuleSrcPort
|
|
INTEGER,
|
|
swACLIpRuleDstPort
|
|
INTEGER,
|
|
swACLIpRuleFlagBits
|
|
INTEGER,
|
|
swACLIpRuleProtoID
|
|
INTEGER,
|
|
swACLIpRuleUserMask
|
|
OCTET STRING,
|
|
swACLIpRuleEnablePriority
|
|
INTEGER,
|
|
swACLIpRulePriority
|
|
INTEGER,
|
|
swACLIpRuleReplacePriority
|
|
INTEGER,
|
|
swACLIpRuleEnableReplaceDscp
|
|
INTEGER,
|
|
swACLIpRuleRepDscp
|
|
INTEGER,
|
|
swACLIpRulePermit
|
|
INTEGER,
|
|
swACLIpRuleRowStatus
|
|
RowStatus
|
|
}
|
|
swACLIpRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of ACL mask entry ,and is unique in the mask list."
|
|
::= { swACLIpRuleEntry 1 }
|
|
|
|
swACLIpRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..255)
|
|
MAX-ACCESS read-only --read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of ACL IP rule entry ."
|
|
::= { swACLIpRuleEntry 2 }
|
|
|
|
swACLIpRuleVlan OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access will apply to only to this VLAN."
|
|
::= { swACLIpRuleEntry 3 }
|
|
|
|
swACLIpRuleSrcIpaddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific an IP source address."
|
|
::= { swACLIpRuleEntry 4 }
|
|
|
|
swACLIpRuleDstIpaddress OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific an IP destination address."
|
|
::= { swACLIpRuleEntry 5 }
|
|
|
|
swACLIpRuleDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific the value of dscp, the value can be configured 0 to 63"
|
|
::= { swACLIpRuleEntry 6 }
|
|
|
|
swACLIpRuleProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
icmp(2),
|
|
igmp(3),
|
|
tcp(4),
|
|
udp(5),
|
|
protocolId(6)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IP protocol which has been configured in swACLIpEntry ."
|
|
::= { swACLIpRuleEntry 7 }
|
|
|
|
swACLIpRuleType OBJECT-TYPE
|
|
SYNTAX INTEGER(0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific that the rule applies to the value of icmp type traffic."
|
|
::= { swACLIpRuleEntry 8 }
|
|
|
|
swACLIpRuleCode OBJECT-TYPE
|
|
SYNTAX INTEGER(0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific that the rule applies to the value of icmp code traffic."
|
|
::= { swACLIpRuleEntry 9 }
|
|
|
|
swACLIpRuleSrcPort OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific that the rule applies the range of tcp/udp source port"
|
|
::= { swACLIpRuleEntry 10 }
|
|
|
|
swACLIpRuleDstPort OBJECT-TYPE
|
|
SYNTAX INTEGER(0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific the range of tcp/udp destination port range"
|
|
::= { swACLIpRuleEntry 11 }
|
|
|
|
swACLIpRuleFlagBits OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A value which indicates the set of TCP flags that this
|
|
entity may potentially offers. The value is a sum. This
|
|
sum initially takes the value zero, Then, for each flag, L,
|
|
in the range 1 through 6, that this node performs
|
|
transactions for, 2 raised to (L - 1) is added to the sum.
|
|
Note that values should be calculated accordingly:
|
|
|
|
Flag functionality
|
|
6 urg bit
|
|
5 ack bit
|
|
4 rsh bit
|
|
3 rst bit
|
|
2 syn bit
|
|
1 fin bit
|
|
For example,it you want to enable urg bit and ack bit,you
|
|
should set vlaue 48(2^(5-1) + 2^(6-1))."
|
|
::= { swACLIpRuleEntry 12 }
|
|
|
|
swACLIpRuleProtoID OBJECT-TYPE
|
|
SYNTAX INTEGER(0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific that the rule applies to the value of ip protocol id traffic"
|
|
::= { swACLIpRuleEntry 13 }
|
|
|
|
swACLIpRuleUserMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(4))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific that the rule applies to the ip protocol id and the range of
|
|
options behind the IP header."
|
|
::= { swACLIpRuleEntry 14 }
|
|
|
|
swACLIpRuleEnablePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access will apply only to packets with
|
|
priority value."
|
|
::= { swACLIpRuleEntry 15 }
|
|
|
|
swACLIpRulePriority OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access profile will apply to packets that contain
|
|
this value in their 802.1p priority field of their header."
|
|
::= { swACLIpRuleEntry 16 }
|
|
|
|
swACLIpRuleReplacePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specific the packets that match the access profile will changed the
|
|
802.1p priority tag field by the switch or not ."
|
|
::= { swACLIpRuleEntry 17 }
|
|
|
|
swACLIpRuleEnableReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicate weather the DSCP field can be over-write or not. "
|
|
::= { swACLIpRuleEntry 18 }
|
|
|
|
swACLIpRuleRepDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"specify a value to be written to the DSCP field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the DSCP field of the packet."
|
|
::= { swACLIpRuleEntry 19 }
|
|
|
|
swACLIpRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
deny(1),
|
|
permit(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates filter is permit or deny;
|
|
default is permit(1)"
|
|
::= { swACLIpRuleEntry 20 }
|
|
|
|
swACLIpRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry."
|
|
::= { swACLIpRuleEntry 21 }
|
|
|
|
--****************************************************************************
|
|
--swACLPayloadEntry
|
|
--****************************************************************************
|
|
swACLPayloadRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF SwACLPayloadRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swAclRuleMgmt 3 }
|
|
|
|
swACLPayloadRuleEntry OBJECT-TYPE
|
|
SYNTAX SwACLPayloadRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { swACLPayloadRuleProfileID,swACLPayloadRuleAccessID }
|
|
::= { swACLPayloadRuleTable 1 }
|
|
|
|
|
|
SwACLPayloadRuleEntry ::=
|
|
SEQUENCE {
|
|
swACLPayloadRuleProfileID
|
|
INTEGER,
|
|
swACLPayloadRuleAccessID
|
|
INTEGER,
|
|
swACLPayloadRuleOffSet0to15
|
|
OCTET STRING,
|
|
swACLPayloadRuleOffSet16to31
|
|
OCTET STRING,
|
|
swACLPayloadRuleOffSet32to47
|
|
OCTET STRING,
|
|
swACLPayloadRuleOffSet48to63
|
|
OCTET STRING,
|
|
swACLPayloadRuleOffSet64to79
|
|
OCTET STRING,
|
|
swACLPayloadRuleEnablePriority
|
|
INTEGER,
|
|
swACLPayloadRulePriority
|
|
INTEGER,
|
|
swACLPayloadRuleReplacePriority
|
|
INTEGER,
|
|
swACLPayloadRuleEnableReplaceDscp
|
|
INTEGER,
|
|
swACLPayloadRuleRepDscp
|
|
INTEGER,
|
|
swACLPayloadRulePermit
|
|
INTEGER,
|
|
swACLPayloadRuleRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
swACLPayloadRuleProfileID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 1 }
|
|
|
|
swACLPayloadRuleAccessID OBJECT-TYPE
|
|
SYNTAX INTEGER (1..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 2 }
|
|
|
|
swACLPayloadRuleOffSet0to15 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 3 }
|
|
|
|
swACLPayloadRuleOffSet16to31 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 4 }
|
|
|
|
swACLPayloadRuleOffSet32to47 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 5 }
|
|
|
|
|
|
swACLPayloadRuleOffSet48to63 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 6 }
|
|
|
|
swACLPayloadRuleOffSet64to79 OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE (16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 7 }
|
|
|
|
swACLPayloadRuleEnablePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 8 }
|
|
|
|
swACLPayloadRulePriority OBJECT-TYPE
|
|
SYNTAX INTEGER(0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies that the access profile will apply to packets that contain
|
|
this value in their 802.1p priority field of their header."
|
|
::= { swACLPayloadRuleEntry 9 }
|
|
|
|
swACLPayloadRuleReplacePriority OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 10 }
|
|
|
|
swACLPayloadRuleEnableReplaceDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
enabled(1),
|
|
disabled(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicate wether the DSCP field can be over-write or not "
|
|
::= { swACLPayloadRuleEntry 11 }
|
|
|
|
swACLPayloadRuleRepDscp OBJECT-TYPE
|
|
SYNTAX INTEGER(0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"specify a value to be written to the DSCP field of an incoming packet
|
|
that meets the criteria specified in the first part of the command.
|
|
This value will over-write the value in the DSCP field of the packet."
|
|
::= { swACLPayloadRuleEntry 12 }
|
|
|
|
swACLPayloadRulePermit OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 13 }
|
|
|
|
swACLPayloadRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
::= { swACLPayloadRuleEntry 14 }
|
|
|
|
END
|