7341 lines
258 KiB
Plaintext
7341 lines
258 KiB
Plaintext
-- ============================================================================
|
|
-- Copyright (c) 2004-2015 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
|
|
--
|
|
-- Description:
|
|
-- Reference:
|
|
-- Version: V3.4
|
|
-- History:
|
|
-- V1.0 created by yuhui.
|
|
-- V2.0 2004-10-12 updated by gaolong
|
|
-- Define MODULE-IDENTITY for h3cAcl
|
|
-- Remove chinese characters
|
|
-- Add limitation(0..65535) for some table index
|
|
-- Fix a default value error of h3cAclAdvancedEstablish
|
|
-- V2.1 2004-11-18 updated by yubo
|
|
-- Add 'h3cAclIDSTable' for IDS
|
|
-- V2.2 2004-12-13
|
|
-- Fix syntax bugs and adjust format of the whole file by jinyi
|
|
-- Modify description of h3cAclAdvancedDscp by zhuangyu
|
|
-- V2.3 2005-1-26 updated by WuZhao02557
|
|
-- Change MAX-ACCESS from read-create to not-accessible for the
|
|
-- following MIB nodes:
|
|
-- h3cAclNumGroupAclNum, h3cAclNameGroupIndex, h3cAclBasicAclNum,
|
|
-- h3cAclBasicSubitem, h3cAclAdvancedAclNum, h3cAclAdvancedSubitem
|
|
-- h3cAclIfAclNum, h3cAclIfSubitem, h3cAclLinkAclNum, h3cAclLinkSubitem
|
|
-- h3cAclUserAclNum, h3cAclUserSubitem, h3cAclActiveAclIndex,
|
|
-- h3cAclActiveIfIndex, h3cAclActiveVlanID, h3cAclActiveDirection
|
|
-- Adjust format of whole file.
|
|
-- 2005-01-27 updated by zhangyinxi
|
|
-- 1. Add objects h3cAclLinkL2LabelRangeOp, h3cAclLinkL2LabelRangeBegin
|
|
-- h3cAclLinkL2LabelRangeEnd and h3cAclLinkMplsExp in h3cAclLinkTable
|
|
-- 2. Add an enumeration mpls(34887) to object h3cAclLinkProtocol
|
|
-- 3. Expand the range of object h3cAclActiveVlanID to Integer32
|
|
-- V2.4 2005-2-24
|
|
-- Make the index of h3cAclIDSTable IMPLIED by fuzhenyu because IDS devices
|
|
-- require fixed length index to be used. IDS devices only provide index
|
|
-- with no sub-identifier indicating the length of the string.
|
|
-- Modify enum name(value is 4) of h3cAclLinkFormatType to ieee802Dot3 by daishijun
|
|
-- V2.5 2005-7-25
|
|
-- Add objects h3cAclMib2Mode, h3cAclVersion, h3cAclMib2ObjectsCapabilities,
|
|
-- h3cAclIPAclNumGroupTable, h3cAclIPAclBasicTable, h3cAclIPAclAdvancedTable,
|
|
-- h3cAclMACTable, h3cAclEnUserTable by tangshun.
|
|
-- V2.6 2006-01-03
|
|
-- Add objects h3cAclIPAclBasicComment, h3cAclIPAclAdvancedComment,
|
|
-- h3cAclMACComment, h3cAclEnUserComment by tangshun.
|
|
-- V2.7 2006-03-09 updated by changhuifeng
|
|
-- Add object h3cAclIPAclAdvancedReflective in h3cAclIPAclAdvancedTable.
|
|
-- Modify the description of object h3cAclIPAclAdvancedFragmentFlag.
|
|
-- Modify the description of object h3cAclMib2Version.
|
|
-- Modify the description of object h3cAclLinkDestAny for text error.
|
|
-- Modify the description of object h3cAclMib2CharacteristicsValue.
|
|
-- V2.8 2006-07-06 updated by xialei
|
|
-- Modify the description of h3cAclIPAclAdvancedIcmpType
|
|
-- and h3cAclIPAclAdvancedIcmpCode.
|
|
-- Change value range of h3cAclIPAclAdvancedIcmpCode.
|
|
-- V2.9 2006-08-08 updated by chenzhaojie
|
|
-- Add enumeration value to h3cAclActiveDirection.
|
|
-- V3.0 2010-09-01 updated by zhaixiaoxiang
|
|
-- Add h3cAclResourceUsageTable.
|
|
-- V3.1 2012-02-06 updated by wangchenxiao
|
|
-- Add h3cPacketfilterTrapObjects
|
|
-- Add h3cPacketfilterTrap
|
|
-- 2012-02-14 updated by mouxuanli
|
|
-- Add h3cAclMib2ProcessingStatus of object h3cAclMib2NodesGroup
|
|
-- Add h3cAclNumberGroupName of object h3cAclNumberGroupTable
|
|
-- Add h3cAclIPAclBasicCounting of object h3cAclIPAclBasicTable
|
|
-- Add h3cAclIPAclBasicRouteTypeAny of object h3cAclIPAclBasicTable
|
|
-- Add h3cAclIPAclBasicRouteTypeValue of object h3cAclIPAclBasicTable
|
|
-- Add h3cAclIPAclAdvancedCounting of object h3cAclIPAclAdvancedTable
|
|
-- Add h3cAclIPAclAdvancedTCPFlagMask of object h3cAclIPAclAdvancedTable
|
|
-- Add h3cAclIPAclAdvancedTCPFlagValue of object h3cAclIPAclAdvancedTable
|
|
-- Add h3cAclIPAclAdvancedRouteTypeAny of object h3cAclIPAclAdvancedTable
|
|
-- Add h3cAclIPAclAdvancedRouteTypeValue of object h3cAclIPAclAdvancedTable
|
|
-- Add h3cAclIPAclAdvancedFlowLabel of object h3cAclIPAclAdvancedTable
|
|
-- Add h3cAclMACLog of object h3cAclMACTable
|
|
-- Add h3cAclMACCounting of object h3cAclMACTable
|
|
-- Add h3cAclEnUserLog of object h3cAclEnUserTable
|
|
-- Add h3cAclEnUserCounting of object h3cAclEnUserTable
|
|
-- Modify the description of h3cAclResourceType
|
|
-- Add h3cAclResourceTypeDescription of object h3cAclResourceUsageTable
|
|
-- Add h3cAclPacketFilterObjects
|
|
-- V3.2 2012-11-30 updated by gaoyu
|
|
-- Add h3cPfilterRunApplyObjType of object h3cPfilterAclGroupRunInfoTable
|
|
-- Add h3cPfilterRunApplyObjIndex of object h3cPfilterAclGroupRunInfoTable
|
|
-- Add h3cPfilterRunApplyDirection of object h3cPfilterAclGroupRunInfoTable
|
|
-- Add h3cPfilterRunApplyAclType of object h3cPfilterAclGroupRunInfoTable
|
|
-- Add h3cPfilterRunApplyAclIndex of object h3cPfilterAclGroupRunInfoTable
|
|
-- modify the h3cPfilterRunApplyObjType of object h3cPfilterAclRuleRunInfoTable
|
|
-- modify the h3cPfilterRunApplyObjIndex of object h3cPfilterAclRuleRunInfoTable
|
|
-- modify the h3cPfilterRunApplyDirection of object h3cPfilterAclRuleRunInfoTable
|
|
-- modify the h3cPfilterRunApplyAclType of object h3cPfilterAclRuleRunInfoTable
|
|
-- modify the h3cPfilterRunApplyAclIndex of object h3cPfilterAclRuleRunInfoTable
|
|
-- V3.3 2013-11-30 updated by gaoyu
|
|
-- Add h3cAclNamedGroupTable to object h3cAclMib2GlobalGroup
|
|
-- Add h3cAclIPAclNamedBscTable to object h3cAclIPAclGroup
|
|
-- Add h3cAclIPAclNamedAdvTable to object h3cAclIPAclGroup
|
|
-- Add h3cAclNamedMACTable to object h3cAclMACAclGroup
|
|
-- Add h3cAclIntervalGroup to object h3cAclMib2Objects
|
|
-- Modify h3cPfilterApplyAclType of object h3cPfilterApplyTable
|
|
-- Modify h3cPfilterRunApplyAclType of object h3cPfilterAclGroupRunInfoTable
|
|
-- Modify h3cPfilterSumAclType of object h3cPfilterStatisticSumTable
|
|
-- Add h3cPfilter2ApplyTable to object h3cAclPacketFilterObjects
|
|
-- Add h3cPfilter2AclGroupRunInfoTable to object h3cAclPacketFilterObjects
|
|
-- Add h3cPfilter2AclRuleRunInfoTable to object h3cAclPacketFilterObjects
|
|
-- Add h3cPfilter2StatisticSumTable to object h3cAclPacketFilterObjects
|
|
-- Add h3cAclPacketIfName to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketDirection to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketBAGG to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketVlanID to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketSrcIP to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketDstIP to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketProtocol to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketDscp to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketFlowLabel to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketIcmpIgmpType to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketIcmpIgmpCode to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketTcpFlags to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketSrcPort to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketDstPort to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketSrcMacAddr to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketDstMacAddr to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketMacTypeLen to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclPacketVlanPCP to object h3cAclPacketfilterTrapObjects
|
|
-- Add h3cAclRuleMatchCount to object h3cPfilterTrapPrefix
|
|
-- Add h3cAclFirstIPv4PktCaptured to object h3cPfilterTrapPrefix
|
|
-- Add h3cAclFirstIPv6PktCaptured to object h3cPfilterTrapPrefix
|
|
-- Add h3cAclFirstEthernetPktCaptured to object h3cPfilterTrapPrefix
|
|
-- 2014-2-20 updated by gaoyu
|
|
-- Add h3cAclNamedUserTable to object h3cAclEnUserAclGroup
|
|
-- 2014-07-08 updated by gaoyu
|
|
-- Add h3cAclIPAclAdvancedSrcSuffix to object h3cAclIPAclAdvancedTable
|
|
-- Add h3cAclIPAclAdvancedDestSuffix to object h3cAclIPAclAdvancedTable
|
|
-- Add h3cAclIPAclNamedAdvSrcSuffix to object h3cAclIPAclNamedAdvTable
|
|
-- Add h3cAclIPAclNamedAdvDstSuffix to object h3cAclIPAclNamedAdvTable
|
|
-- V3.4 2014-10-20 updated by gaoyu
|
|
-- Add h3cAclMib2ResourceThreshold to object h3cAclMib2NodesGroup
|
|
-- Add h3cAclMib2ResourceLogInterval to object h3cAclMib2NodesGroup
|
|
-- Add h3cAclResourceTypeName to object h3cAclTrapObjects
|
|
-- Add h3cAclResourceUsage to object h3cAclTrapObjects
|
|
-- Add h3cAclResourceUsedEntries to object h3cAclTrapObjects
|
|
-- Add h3cAclResourceTotalEntries to object h3cAclTrapObjects
|
|
-- Add h3cAclResourceChassisID to object h3cAclTrapObjects
|
|
-- Add h3cAclResourceSlotID to object h3cAclTrapObjects
|
|
-- Add h3cAclResourceTrap to object h3cAclTrapPrefix
|
|
-- ============================================================================
|
|
H3C-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
h3cCommon
|
|
FROM HUAWEI-3COM-OID-MIB
|
|
IpAddress, Integer32, Counter32, OBJECT-TYPE, MODULE-IDENTITY,
|
|
NOTIFICATION-TYPE, Unsigned32, Counter64
|
|
FROM SNMPv2-SMI
|
|
InetAddressType, InetAddress, InetAddressPrefixLength
|
|
FROM INET-ADDRESS-MIB
|
|
RowStatus, TruthValue, MacAddress, TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC;
|
|
|
|
--
|
|
-- Node definitions
|
|
--
|
|
|
|
h3cAcl MODULE-IDENTITY
|
|
LAST-UPDATED "201410201000Z" -- Oct 20, 2014 at 10:00 GMT
|
|
ORGANIZATION
|
|
"Hangzhou H3C Technologies Co., Ltd."
|
|
CONTACT-INFO
|
|
"Platform Team Hangzhou H3C Technologies Co., Ltd.
|
|
Hai-Dian District Beijing P.R. China
|
|
http://www.h3c.com
|
|
Zip:100085
|
|
"
|
|
DESCRIPTION
|
|
"ACL management information base for managing devices
|
|
that support access control list and packet filtering.
|
|
"
|
|
REVISION "201410201000Z" -- Oct 22, 2014 at 10:00 GMT
|
|
DESCRIPTION
|
|
"Added 2 ndoes to configure TCAM function and 6 nodes to show trap info."
|
|
::= { h3cCommon 8 }
|
|
|
|
-- Rule action value
|
|
RuleAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of rule's action.
|
|
permit: The packet matching the rule will be permitted to forward.
|
|
deny: The packet matching the rule will be denied.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(1),
|
|
permit(2),
|
|
deny(3)
|
|
}
|
|
|
|
-- CounterClear value
|
|
CounterClear ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"cleared: Reset the value of the rule's counter.
|
|
nouse: 'nouse' will be returned when getting.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
|
|
-- PortOp value
|
|
PortOp ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The operation type of TCP and UDP.
|
|
lt : Less than given port number.
|
|
eq : Equal to given port number.
|
|
gt : Greater than given port number.
|
|
neq : Not equal to given port number.
|
|
range : Between two port numbers.
|
|
Default value is 'invalid'.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
lt(1),
|
|
eq(2),
|
|
gt(3),
|
|
neq(4),
|
|
range(5)
|
|
}
|
|
|
|
-- DSCP value
|
|
DSCPValue ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "d"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of DSCP.
|
|
<0-63> Value of DSCP
|
|
af11 Specify Assured Forwarding 11 service(10)
|
|
af12 Specify Assured Forwarding 12 service(12)
|
|
af13 Specify Assured Forwarding 13 service(14)
|
|
af21 Specify Assured Forwarding 21 service(18)
|
|
af22 Specify Assured Forwarding 22 service(20)
|
|
af23 Specify Assured Forwarding 23 service(22)
|
|
af31 Specify Assured Forwarding 31 service(26)
|
|
af32 Specify Assured Forwarding 32 service(28)
|
|
af33 Specify Assured Forwarding 33 service(30)
|
|
af41 Specify Assured Forwarding 41 service(34)
|
|
af42 Specify Assured Forwarding 42 service(36)
|
|
af43 Specify Assured Forwarding 43 service(38)
|
|
be Specify Best Effort service(0)
|
|
cs1 Specify Class Selector 1 service(8)
|
|
cs2 Specify Class Selector 2 service(16)
|
|
cs3 Specify Class Selector 3 service(24)
|
|
cs4 Specify Class Selector 4 service(32)
|
|
cs5 Specify Class Selector 5 service(40)
|
|
cs6 Specify Class Selector 6 service(48)
|
|
cs7 Specify Class Selector 7 service(56)
|
|
ef Specify Expedited Forwarding service(46)
|
|
"
|
|
SYNTAX Integer32 (0..63|255)
|
|
|
|
-- TCP Flags
|
|
TCPFlag ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of TCP.
|
|
invalid(0)
|
|
tcpack(1) TCP protocol ACK Packet
|
|
tcpfin(2) TCP protocol PIN Packet
|
|
tcppsh(3) TCP protocol PUSH Packet
|
|
tcprst(4) TCP protocol RST Packet
|
|
tcpsyn(5) TCP protocol SYN Packet
|
|
tcpurg(6) TCP protocol URG Packet
|
|
Default value is 'invalid'.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
tcpack(1),
|
|
tcpfin(2),
|
|
tcppsh(3),
|
|
tcprst(4),
|
|
tcpsyn(5),
|
|
tcpurg(6)
|
|
}
|
|
|
|
-- Fragment Flags
|
|
FragmentFlag ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of fragment.
|
|
invalid(0)
|
|
fragment(1) Frag-Type Fragment
|
|
fragmentSubseq(2) Frag-Type Fragment-subsequent
|
|
nonFragment(3) Frag-Type non-Fragment
|
|
nonSubseq(4) Frag-Type non-subsequent
|
|
Default value is 'invalid'.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
fragment(1),
|
|
fragmentSubseq(2),
|
|
nonFragment(3),
|
|
nonSubseq(4)
|
|
}
|
|
|
|
-- Address Flags
|
|
AddressFlag ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Address flag to select IPv6 Address.
|
|
Default value is 'invalid'.
|
|
|
|
t64SrcAddrPre64DestAddrPre(1):
|
|
The mean of the enumeration 't64SrcAddrPre64DestAddrPre' is
|
|
that system gets the 64 bits prefix of source address and
|
|
the 64 bits prefix of destination address.
|
|
|
|
t64SrcAddrPre64DestAddrSuf(2):
|
|
The mean of the enumeration 't64SrcAddrPre64DestAddrSuf' is
|
|
that system gets the 64 bits prefix of source address and
|
|
the 64 bits suffix of destination address.
|
|
|
|
t64SrcAddrSuf64DestAddrPre(3):
|
|
The mean of the enumeration 't64SrcAddrSuf64DestAddrPre' is
|
|
that system gets the 64 bits suffix of source address and
|
|
the 64 bits prefix of destination address.
|
|
|
|
t64SrcAddrSuf64DestAddrSuf(4):
|
|
The mean of the enumeration 't64SrcAddrSuf64DestAddrSuf' is
|
|
that system gets the 64 bits suffix of source address and
|
|
the 64 bits suffix of destination address.
|
|
|
|
t128SourceAddress(5):
|
|
The mean of the enumeration 't128SourceAddress' is that
|
|
system gets the 128 bits of source address.
|
|
|
|
t128DestinationAddress(6):
|
|
The mean of the enumeration 't128SourceAddress' is that
|
|
system gets the 128 bits of destination address.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
t64SrcAddrPre64DestAddrPre(1),
|
|
t64SrcAddrPre64DestAddrSuf(2),
|
|
t64SrcAddrSuf64DestAddrPre(3),
|
|
t64SrcAddrSuf64DestAddrSuf(4),
|
|
t128SourceAddress(5),
|
|
t128DestinationAddress(6)
|
|
}
|
|
|
|
-- Direction type
|
|
DirectionType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction: inbound or outbound."
|
|
SYNTAX INTEGER
|
|
{
|
|
inbound(1),
|
|
outbound(2)
|
|
}
|
|
|
|
--
|
|
-- nodes defined
|
|
--
|
|
h3cAclMibObjects OBJECT IDENTIFIER ::= { h3cAcl 1 }
|
|
|
|
h3cAclMode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
linkBased(1),
|
|
ipBased(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access-list mode."
|
|
DEFVAL { ipBased }
|
|
::= { h3cAclMibObjects 1 }
|
|
|
|
--
|
|
-- Node of h3cAclNumGroupTable
|
|
--
|
|
h3cAclNumGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclNumGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the match-order of number-acl group."
|
|
::= { h3cAclMibObjects 2 }
|
|
|
|
h3cAclNumGroupEntry OBJECT-TYPE
|
|
SYNTAX H3cAclNumGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of h3cAclNumGroupTable."
|
|
INDEX { h3cAclNumGroupAclNum }
|
|
::= { h3cAclNumGroupTable 1 }
|
|
|
|
H3cAclNumGroupEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclNumGroupAclNum
|
|
Integer32,
|
|
h3cAclNumGroupMatchOrder
|
|
INTEGER,
|
|
h3cAclNumGroupSubitemNum
|
|
Integer32,
|
|
h3cAclNumGroupDescription
|
|
OCTET STRING,
|
|
h3cAclNumGroupCountClear
|
|
INTEGER,
|
|
h3cAclNumGroupRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cAclNumGroupAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (1000..5999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of number-acl group
|
|
Interface type:1000..1999
|
|
Basic type:2000..2999
|
|
Advance type:3000..3999
|
|
Link type:4000..4999
|
|
User type:5000..5999"
|
|
::= { h3cAclNumGroupEntry 1 }
|
|
|
|
h3cAclNumGroupMatchOrder OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
config(1),
|
|
auto(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The match-order of number-acl group."
|
|
DEFVAL { config }
|
|
::= { h3cAclNumGroupEntry 2 }
|
|
|
|
h3cAclNumGroupSubitemNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of number-acl group's node."
|
|
::= { h3cAclNumGroupEntry 3 }
|
|
|
|
h3cAclNumGroupDescription OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of this acl group."
|
|
::= { h3cAclNumGroupEntry 4 }
|
|
|
|
h3cAclNumGroupCountClear OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of rules' counter, which belong to this group."
|
|
::= { h3cAclNumGroupEntry 5 }
|
|
|
|
h3cAclNumGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { h3cAclNumGroupEntry 6 }
|
|
|
|
--
|
|
-- Node of h3cAclNameGroupTable
|
|
--
|
|
h3cAclNameGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclNameGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Create acl-group that identified by name."
|
|
::= { h3cAclMibObjects 3 }
|
|
|
|
h3cAclNameGroupEntry OBJECT-TYPE
|
|
SYNTAX H3cAclNameGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of h3cAclNameGroupTable."
|
|
INDEX { h3cAclNameGroupIndex }
|
|
::= { h3cAclNameGroupTable 1 }
|
|
|
|
H3cAclNameGroupEntry ::=
|
|
SEQUENCE {
|
|
h3cAclNameGroupIndex
|
|
Integer32,
|
|
h3cAclNameGroupCreateName
|
|
OCTET STRING,
|
|
h3cAclNameGroupTypes
|
|
INTEGER,
|
|
h3cAclNameGroupMatchOrder
|
|
INTEGER,
|
|
h3cAclNameGroupSubitemNum
|
|
Integer32,
|
|
h3cAclNameGroupRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cAclNameGroupIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of name-acl group."
|
|
::= { h3cAclNameGroupEntry 1 }
|
|
|
|
h3cAclNameGroupCreateName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of name-acl group."
|
|
::= { h3cAclNameGroupEntry 2 }
|
|
|
|
h3cAclNameGroupTypes OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
basic(1),
|
|
advanced(2),
|
|
ifBased(3),
|
|
link(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of name-acl group."
|
|
::= { h3cAclNameGroupEntry 3 }
|
|
|
|
h3cAclNameGroupMatchOrder OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
config(1),
|
|
auto(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The match-order of name-acl group."
|
|
DEFVAL { config }
|
|
::= { h3cAclNameGroupEntry 4 }
|
|
|
|
h3cAclNameGroupSubitemNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0..128)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of name-acl group's node."
|
|
::= { h3cAclNameGroupEntry 5 }
|
|
|
|
h3cAclNameGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { h3cAclNameGroupEntry 6 }
|
|
|
|
--
|
|
-- h3cAclBasicRuleTable
|
|
--
|
|
h3cAclBasicRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclBasicRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the rule for basic acl group."
|
|
::= { h3cAclMibObjects 4 }
|
|
|
|
h3cAclBasicRuleEntry OBJECT-TYPE
|
|
SYNTAX H3cAclBasicRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of h3cAclBasicRuleTable."
|
|
INDEX { h3cAclBasicAclNum, h3cAclBasicSubitem }
|
|
::= { h3cAclBasicRuleTable 1 }
|
|
|
|
H3cAclBasicRuleEntry ::=
|
|
SEQUENCE {
|
|
h3cAclBasicAclNum
|
|
Integer32,
|
|
h3cAclBasicSubitem
|
|
Integer32,
|
|
h3cAclBasicAct
|
|
INTEGER,
|
|
h3cAclBasicSrcIp
|
|
IpAddress,
|
|
h3cAclBasicSrcWild
|
|
IpAddress,
|
|
h3cAclBasicTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclBasicFragments
|
|
TruthValue,
|
|
h3cAclBasicLog
|
|
TruthValue,
|
|
h3cAclBasicEnable
|
|
TruthValue,
|
|
h3cAclBasicCount
|
|
Counter32,
|
|
h3cAclBasicCountClear
|
|
INTEGER,
|
|
h3cAclBasicRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cAclBasicAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|2000..2999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of basic acl group."
|
|
::= { h3cAclBasicRuleEntry 1 }
|
|
|
|
h3cAclBasicSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subindex of basic acl group."
|
|
::= { h3cAclBasicRuleEntry 2 }
|
|
|
|
h3cAclBasicAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of basic acl rule."
|
|
::= { h3cAclBasicRuleEntry 3 }
|
|
|
|
h3cAclBasicSrcIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address of basic acl rule."
|
|
::= { h3cAclBasicRuleEntry 4 }
|
|
|
|
h3cAclBasicSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address wild of basic acl rule."
|
|
::= { h3cAclBasicRuleEntry 5 }
|
|
|
|
h3cAclBasicTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of basic acl rule."
|
|
::= { h3cAclBasicRuleEntry 6 }
|
|
|
|
h3cAclBasicFragments OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packet."
|
|
::= { h3cAclBasicRuleEntry 7 }
|
|
|
|
h3cAclBasicLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of log."
|
|
::= { h3cAclBasicRuleEntry 8 }
|
|
|
|
h3cAclBasicEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { h3cAclBasicRuleEntry 9 }
|
|
|
|
h3cAclBasicCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by basic rule."
|
|
::= { h3cAclBasicRuleEntry 10 }
|
|
|
|
h3cAclBasicCountClear OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
::= { h3cAclBasicRuleEntry 11 }
|
|
|
|
h3cAclBasicRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { h3cAclBasicRuleEntry 12 }
|
|
|
|
--
|
|
-- h3cAclAdvancedRuleTable
|
|
--
|
|
h3cAclAdvancedRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclAdvancedRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the rule for advanced acl group."
|
|
::= { h3cAclMibObjects 5 }
|
|
|
|
h3cAclAdvancedRuleEntry OBJECT-TYPE
|
|
SYNTAX H3cAclAdvancedRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of h3cAclAdvancedRuleTable."
|
|
INDEX { h3cAclAdvancedAclNum, h3cAclAdvancedSubitem }
|
|
::= { h3cAclAdvancedRuleTable 1 }
|
|
|
|
H3cAclAdvancedRuleEntry ::=
|
|
SEQUENCE {
|
|
h3cAclAdvancedAclNum
|
|
Integer32,
|
|
h3cAclAdvancedSubitem
|
|
Integer32,
|
|
h3cAclAdvancedAct
|
|
INTEGER,
|
|
h3cAclAdvancedProtocol
|
|
Integer32,
|
|
h3cAclAdvancedSrcIp
|
|
IpAddress,
|
|
h3cAclAdvancedSrcWild
|
|
IpAddress,
|
|
h3cAclAdvancedSrcOp
|
|
INTEGER,
|
|
h3cAclAdvancedSrcPort1
|
|
Integer32,
|
|
h3cAclAdvancedSrcPort2
|
|
Integer32,
|
|
h3cAclAdvancedDestIp
|
|
IpAddress,
|
|
h3cAclAdvancedDestWild
|
|
IpAddress,
|
|
h3cAclAdvancedDestOp
|
|
INTEGER,
|
|
h3cAclAdvancedDestPort1
|
|
Integer32,
|
|
h3cAclAdvancedDestPort2
|
|
Integer32,
|
|
h3cAclAdvancedPrecedence
|
|
Integer32,
|
|
h3cAclAdvancedTos
|
|
Integer32,
|
|
h3cAclAdvancedDscp
|
|
Integer32,
|
|
h3cAclAdvancedEstablish
|
|
TruthValue,
|
|
h3cAclAdvancedTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclAdvancedIcmpType
|
|
Integer32,
|
|
h3cAclAdvancedIcmpCode
|
|
Integer32,
|
|
h3cAclAdvancedFragments
|
|
TruthValue,
|
|
h3cAclAdvancedLog
|
|
TruthValue,
|
|
h3cAclAdvancedEnable
|
|
TruthValue,
|
|
h3cAclAdvancedCount
|
|
Counter32,
|
|
h3cAclAdvancedCountClear
|
|
INTEGER,
|
|
h3cAclAdvancedRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cAclAdvancedAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|3000..3999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of advanced acl group."
|
|
::= { h3cAclAdvancedRuleEntry 1 }
|
|
|
|
h3cAclAdvancedSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subindex of advanced acl group."
|
|
::= { h3cAclAdvancedRuleEntry 2 }
|
|
|
|
h3cAclAdvancedAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of Advance acl rule."
|
|
|
|
::= { h3cAclAdvancedRuleEntry 3 }
|
|
|
|
h3cAclAdvancedProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-type of advanced acl group.
|
|
<1-255> Protocol number
|
|
gre GRE tunneling(47)
|
|
icmp Internet Control Message Protocol(1)
|
|
igmp Internet Group Management Protocol(2)
|
|
ip Any IP protocol
|
|
ipinip IP in IP tunneling(4)
|
|
ospf OSPF routing protocol(89)
|
|
tcp Transmission Control Protocol (6)
|
|
udp User Datagram Protocol (17)"
|
|
::= { h3cAclAdvancedRuleEntry 4 }
|
|
|
|
h3cAclAdvancedSrcIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address of advanced acl group."
|
|
::= { h3cAclAdvancedRuleEntry 5 }
|
|
|
|
h3cAclAdvancedSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address wild of advanced acl group."
|
|
::= { h3cAclAdvancedRuleEntry 6 }
|
|
|
|
h3cAclAdvancedSrcOp OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
lt(1),
|
|
eq(2),
|
|
gt(3),
|
|
neq(4),
|
|
range(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IP-address's operator of advanced acl group."
|
|
::= { h3cAclAdvancedRuleEntry 7 }
|
|
|
|
h3cAclAdvancedSrcPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port1."
|
|
::= { h3cAclAdvancedRuleEntry 8 }
|
|
|
|
h3cAclAdvancedSrcPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port2."
|
|
::= { h3cAclAdvancedRuleEntry 9 }
|
|
|
|
h3cAclAdvancedDestIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP-address of advanced acl group."
|
|
::= { h3cAclAdvancedRuleEntry 10 }
|
|
|
|
h3cAclAdvancedDestWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP-address wild of advanced acl group."
|
|
::= { h3cAclAdvancedRuleEntry 11 }
|
|
|
|
h3cAclAdvancedDestOp OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
lt(1),
|
|
eq(2),
|
|
gt(3),
|
|
neq(4),
|
|
range(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination IP-address's operator of advanced acl group."
|
|
::= { h3cAclAdvancedRuleEntry 12 }
|
|
|
|
h3cAclAdvancedDestPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port1."
|
|
::= { h3cAclAdvancedRuleEntry 13 }
|
|
|
|
h3cAclAdvancedDestPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port2."
|
|
::= { h3cAclAdvancedRuleEntry 14 }
|
|
|
|
h3cAclAdvancedPrecedence OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's precedence.
|
|
<0-7> Value of precedence
|
|
routine Specify routine precedence(0)
|
|
priority Specify priority precedence(1)
|
|
immediate Specify immediate precedence(2)
|
|
flash Specify flash precedence(3)
|
|
flash-override Specify flash-override precedence(4)
|
|
critical Specify critical precedence(5)
|
|
internet Specify internetwork control precedence(6)
|
|
network Specify network control precedence(7) "
|
|
::= { h3cAclAdvancedRuleEntry 15 }
|
|
|
|
h3cAclAdvancedTos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..15|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's TOS.
|
|
<0-15> Value of TOS(type of service)
|
|
max-reliability Match packets with max reliable TOS(2)
|
|
max-throughput Match packets with max throughput TOS(4)
|
|
min-delay Match packets with min delay TOS(8)
|
|
min-monetary-cost Match packets with min monetary cost TOS(1)
|
|
normal Match packets with normal TOS(0) "
|
|
::= { h3cAclAdvancedRuleEntry 16 }
|
|
|
|
h3cAclAdvancedDscp OBJECT-TYPE
|
|
SYNTAX Integer32 (0..63|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of DSCP.
|
|
<0-63> Value of DSCP
|
|
af11 Specify Assured Forwarding 11 service(10)
|
|
af12 Specify Assured Forwarding 12 service(12)
|
|
af13 Specify Assured Forwarding 13 service(14)
|
|
af21 Specify Assured Forwarding 21 service(18)
|
|
af22 Specify Assured Forwarding 22 service(20)
|
|
af23 Specify Assured Forwarding 23 service(22)
|
|
af31 Specify Assured Forwarding 31 service(26)
|
|
af32 Specify Assured Forwarding 32 service(28)
|
|
af33 Specify Assured Forwarding 33 service(30)
|
|
af41 Specify Assured Forwarding 41 service(34)
|
|
af42 Specify Assured Forwarding 42 service(36)
|
|
af43 Specify Assured Forwarding 43 service(38)
|
|
be Specify Best Effort service(0)
|
|
cs1 Specify Class Selector 1 service(8)
|
|
cs2 Specify Class Selector 2 service(16)
|
|
cs3 Specify Class Selector 3 service(24)
|
|
cs4 Specify Class Selector 4 service(32)
|
|
cs5 Specify Class Selector 5 service(40)
|
|
cs6 Specify Class Selector 6 service(48)
|
|
cs7 Specify Class Selector 7 service(56)
|
|
ef Specify Expedited Forwarding service(46)"
|
|
::= { h3cAclAdvancedRuleEntry 17 }
|
|
|
|
h3cAclAdvancedEstablish OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Establish flag."
|
|
DEFVAL { false }
|
|
::= { h3cAclAdvancedRuleEntry 18 }
|
|
|
|
h3cAclAdvancedTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of advanced acl rule."
|
|
::= { h3cAclAdvancedRuleEntry 19 }
|
|
|
|
h3cAclAdvancedIcmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of ICMP packet.
|
|
Integer32 ICMP type
|
|
echo Type=8, Code=0
|
|
echo-reply Type=0, Code=0
|
|
fragmentneed-DFset Type=3, Code=4
|
|
host-redirect Type=5, Code=1
|
|
host-tos-redirect Type=5, Code=3
|
|
host-unreachable Type=3, Code=1
|
|
information-reply Type=16, Code=0
|
|
information-request Type=15, Code=0
|
|
net-redirect Type=5, Code=0
|
|
net-tos-redirect Type=5, Code=2
|
|
net-unreachable Type=3, Code=0
|
|
parameter-problem Type=12, Code=0
|
|
port-unreachable Type=3, Code=3
|
|
protocol-unreachable Type=3, Code=2
|
|
reassembly-timeout Type=11, Code=1
|
|
source-quench Type=4, Code=0
|
|
source-route-failed Type=3, Code=5
|
|
timestamp-reply Type=14, Code=0
|
|
timestamp-request Type=13, Code=0
|
|
ttl-exceeded Type=11, Code=0 "
|
|
::= { h3cAclAdvancedRuleEntry 20 }
|
|
|
|
h3cAclAdvancedIcmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The code of ICMP packet."
|
|
::= { h3cAclAdvancedRuleEntry 21 }
|
|
|
|
h3cAclAdvancedFragments OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packet."
|
|
::= { h3cAclAdvancedRuleEntry 22 }
|
|
|
|
h3cAclAdvancedLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of log."
|
|
::= { h3cAclAdvancedRuleEntry 23 }
|
|
|
|
h3cAclAdvancedEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { h3cAclAdvancedRuleEntry 24 }
|
|
|
|
h3cAclAdvancedCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by advanced rule."
|
|
::= { h3cAclAdvancedRuleEntry 25 }
|
|
|
|
h3cAclAdvancedCountClear OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
::= { h3cAclAdvancedRuleEntry 26 }
|
|
|
|
h3cAclAdvancedRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { h3cAclAdvancedRuleEntry 27 }
|
|
--
|
|
-- h3cAclIfRuleTable
|
|
--
|
|
h3cAclIfRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclIfRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the rule for interface-based acl group."
|
|
::= { h3cAclMibObjects 6 }
|
|
|
|
h3cAclIfRuleEntry OBJECT-TYPE
|
|
SYNTAX H3cAclIfRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of h3cAclIfRuleTable."
|
|
INDEX { h3cAclIfAclNum, h3cAclIfSubitem }
|
|
::= { h3cAclIfRuleTable 1 }
|
|
|
|
H3cAclIfRuleEntry ::=
|
|
SEQUENCE {
|
|
h3cAclIfAclNum
|
|
Integer32,
|
|
h3cAclIfSubitem
|
|
Integer32,
|
|
h3cAclIfAct
|
|
INTEGER,
|
|
h3cAclIfIndex
|
|
Integer32,
|
|
h3cAclIfAny
|
|
TruthValue,
|
|
h3cAclIfTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclIfLog
|
|
TruthValue,
|
|
h3cAclIfEnable
|
|
TruthValue,
|
|
h3cAclIfCount
|
|
Counter32,
|
|
h3cAclIfCountClear
|
|
INTEGER,
|
|
h3cAclIfRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cAclIfAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|1000..1999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of interface-based acl group."
|
|
::= { h3cAclIfRuleEntry 1 }
|
|
|
|
h3cAclIfSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subindex of interface-based acl group."
|
|
::= { h3cAclIfRuleEntry 2 }
|
|
|
|
h3cAclIfAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of interface-based acl group."
|
|
::= { h3cAclIfRuleEntry 3 }
|
|
|
|
h3cAclIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of interface."
|
|
::= { h3cAclIfRuleEntry 4 }
|
|
|
|
h3cAclIfAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any interface."
|
|
::= { h3cAclIfRuleEntry 5 }
|
|
|
|
h3cAclIfTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of interface-based acl rule."
|
|
::= { h3cAclIfRuleEntry 6 }
|
|
|
|
h3cAclIfLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of log."
|
|
::= { h3cAclIfRuleEntry 7 }
|
|
|
|
h3cAclIfEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { h3cAclIfRuleEntry 8 }
|
|
|
|
h3cAclIfCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by basic rule."
|
|
::= { h3cAclIfRuleEntry 9 }
|
|
|
|
h3cAclIfCountClear OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of the rule's counter."
|
|
::= { h3cAclIfRuleEntry 10 }
|
|
|
|
h3cAclIfRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { h3cAclIfRuleEntry 11 }
|
|
|
|
--
|
|
-- h3cAclLinkTable
|
|
--
|
|
h3cAclLinkTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclLinkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Create link acl."
|
|
::= { h3cAclMibObjects 7 }
|
|
|
|
h3cAclLinkEntry OBJECT-TYPE
|
|
SYNTAX H3cAclLinkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of the link acl table."
|
|
INDEX { h3cAclLinkAclNum, h3cAclLinkSubitem }
|
|
::= { h3cAclLinkTable 1 }
|
|
|
|
H3cAclLinkEntry ::=
|
|
SEQUENCE {
|
|
h3cAclLinkAclNum
|
|
Integer32,
|
|
h3cAclLinkSubitem
|
|
Integer32,
|
|
h3cAclLinkAct
|
|
INTEGER,
|
|
h3cAclLinkProtocol
|
|
INTEGER,
|
|
h3cAclLinkFormatType
|
|
INTEGER,
|
|
h3cAclLinkVlanTag
|
|
INTEGER,
|
|
h3cAclLinkVlanPri
|
|
Integer32,
|
|
h3cAclLinkSrcVlanId
|
|
Integer32,
|
|
h3cAclLinkSrcMac
|
|
MacAddress,
|
|
h3cAclLinkSrcMacWild
|
|
MacAddress,
|
|
h3cAclLinkSrcIfIndex
|
|
Integer32,
|
|
h3cAclLinkSrcAny
|
|
TruthValue,
|
|
h3cAclLinkDestVlanId
|
|
Integer32,
|
|
h3cAclLinkDestMac
|
|
MacAddress,
|
|
h3cAclLinkDestMacWild
|
|
MacAddress,
|
|
h3cAclLinkDestIfIndex
|
|
Integer32,
|
|
h3cAclLinkDestAny
|
|
TruthValue,
|
|
h3cAclLinkTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclLinkEnable
|
|
TruthValue,
|
|
h3cAclLinkRowStatus
|
|
RowStatus,
|
|
h3cAclLinkTypeCode
|
|
OCTET STRING,
|
|
h3cAclLinkTypeMask
|
|
OCTET STRING,
|
|
h3cAclLinkLsapCode
|
|
OCTET STRING,
|
|
h3cAclLinkLsapMask
|
|
OCTET STRING,
|
|
h3cAclLinkL2LabelRangeOp
|
|
INTEGER,
|
|
h3cAclLinkL2LabelRangeBegin
|
|
Integer32,
|
|
h3cAclLinkL2LabelRangeEnd
|
|
Integer32,
|
|
h3cAclLinkMplsExp
|
|
Integer32
|
|
}
|
|
|
|
h3cAclLinkAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|4000..4999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of link-based acl group."
|
|
::= { h3cAclLinkEntry 1 }
|
|
|
|
h3cAclLinkSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subindex of link-based acl group."
|
|
::= { h3cAclLinkEntry 2 }
|
|
|
|
h3cAclLinkAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of link-based acl group."
|
|
::= { h3cAclLinkEntry 3 }
|
|
|
|
h3cAclLinkProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
ip(2048),
|
|
arp(2054),
|
|
rarp(32821),
|
|
mpls(34887),
|
|
pppoeControl(34915),
|
|
pppoeData(34916)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The layer 2 protocol-type of link acl rule."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclLinkEntry 4 }
|
|
|
|
h3cAclLinkFormatType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
ethernetII(1),
|
|
snap(2),
|
|
ieee802Dot3And2(3),
|
|
ieee802Dot3(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Format type of link acl rule."
|
|
::= { h3cAclLinkEntry 5 }
|
|
|
|
h3cAclLinkVlanTag OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
tagged(1),
|
|
untagged(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of vlan tag of link acl rule."
|
|
::= { h3cAclLinkEntry 6 }
|
|
|
|
h3cAclLinkVlanPri OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7 | 255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan priority of link acl rule."
|
|
::= { h3cAclLinkEntry 7 }
|
|
|
|
h3cAclLinkSrcVlanId OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source vlan ID of link acl rule."
|
|
::= { h3cAclLinkEntry 8 }
|
|
|
|
h3cAclLinkSrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source mac of link acl rule."
|
|
::= { h3cAclLinkEntry 9 }
|
|
|
|
h3cAclLinkSrcMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source mac wildzard of link acl rule."
|
|
::= { h3cAclLinkEntry 10 }
|
|
|
|
h3cAclLinkSrcIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IfIndex of link acl rule."
|
|
::= { h3cAclLinkEntry 11 }
|
|
|
|
h3cAclLinkSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any source."
|
|
::= { h3cAclLinkEntry 12 }
|
|
|
|
h3cAclLinkDestVlanId OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination vlan ID of link acl rule."
|
|
::= { h3cAclLinkEntry 13 }
|
|
|
|
h3cAclLinkDestMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination mac of link acl rule."
|
|
::= { h3cAclLinkEntry 14 }
|
|
|
|
h3cAclLinkDestMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination mac wildzard of link acl rule."
|
|
::= { h3cAclLinkEntry 15 }
|
|
|
|
h3cAclLinkDestIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IfIndex of link acl rule."
|
|
::= { h3cAclLinkEntry 16 }
|
|
|
|
h3cAclLinkDestAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any destination."
|
|
::= { h3cAclLinkEntry 17 }
|
|
|
|
h3cAclLinkTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of link-based acl rule."
|
|
::= { h3cAclLinkEntry 18 }
|
|
|
|
h3cAclLinkEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { h3cAclLinkEntry 19 }
|
|
|
|
h3cAclLinkRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { h3cAclLinkEntry 20 }
|
|
|
|
h3cAclLinkTypeCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..32) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of layer 2 protocol.0x0000...0xffff."
|
|
::= { h3cAclLinkEntry 21 }
|
|
|
|
h3cAclLinkTypeMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..32) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of layer 2 protocol.0x0000...0xffff."
|
|
::= { h3cAclLinkEntry 22 }
|
|
|
|
h3cAclLinkLsapCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of LSAP.0x0000...0xffff."
|
|
::= { h3cAclLinkEntry 23 }
|
|
|
|
h3cAclLinkLsapMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of LSAP.0x0000...0xffff."
|
|
::= { h3cAclLinkEntry 24 }
|
|
|
|
h3cAclLinkL2LabelRangeOp OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
lt(1),
|
|
eq(2),
|
|
gt(3),
|
|
neq(4),
|
|
range(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Operation symbol of the MPLS label.
|
|
If the symbol is range(5), the objects h3cAclLinkL2LabelRangeBegin and
|
|
h3cAclLinkL2LabelRangeEnd should have different values indicating a range.
|
|
Otherwise, only h3cAclLinkL2LabelRangeBegin counts,
|
|
object h3cAclLinkL2LabelRangeEnd is ignored.
|
|
|
|
invalid(0) -- unavailable
|
|
lt(1) -- less than
|
|
eq(2) -- equal
|
|
gt(3) -- great than
|
|
neq(4) -- not equal
|
|
range(5) -- a range with two ends included
|
|
"
|
|
::= { h3cAclLinkEntry 25 }
|
|
|
|
h3cAclLinkL2LabelRangeBegin OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The beginning of VPLS VC label."
|
|
::= { h3cAclLinkEntry 26 }
|
|
|
|
h3cAclLinkL2LabelRangeEnd OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The end of VPLS VC label."
|
|
::= { h3cAclLinkEntry 27 }
|
|
|
|
h3cAclLinkMplsExp OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of MPLS-packet's Exp."
|
|
::= { h3cAclLinkEntry 28 }
|
|
--
|
|
-- h3cAclUserTable
|
|
--
|
|
h3cAclUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Create user acl."
|
|
::= { h3cAclMibObjects 8 }
|
|
|
|
h3cAclUserEntry OBJECT-TYPE
|
|
SYNTAX H3cAclUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of user acl table."
|
|
INDEX { h3cAclUserAclNum, h3cAclUserSubitem }
|
|
::= { h3cAclUserTable 1 }
|
|
|
|
H3cAclUserEntry ::=
|
|
SEQUENCE {
|
|
h3cAclUserAclNum
|
|
Integer32,
|
|
h3cAclUserSubitem
|
|
Integer32,
|
|
h3cAclUserAct
|
|
INTEGER,
|
|
h3cAclUserFormatType
|
|
INTEGER,
|
|
h3cAclUserVlanTag
|
|
INTEGER,
|
|
h3cAclUserRuleStr
|
|
OCTET STRING,
|
|
h3cAclUserRuleMask
|
|
OCTET STRING,
|
|
h3cAclUserTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclUserEnable
|
|
TruthValue,
|
|
h3cAclUserRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cAclUserAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|5000..5999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the user acl."
|
|
::= { h3cAclUserEntry 1 }
|
|
|
|
h3cAclUserSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the user acl."
|
|
::= { h3cAclUserEntry 2 }
|
|
|
|
h3cAclUserAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of the user acl."
|
|
::= { h3cAclUserEntry 3 }
|
|
|
|
h3cAclUserFormatType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
ethernetII(1),
|
|
snap(2),
|
|
ieee802Dot2And3(3),
|
|
ieee802Dot4(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Format type."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclUserEntry 4 }
|
|
|
|
h3cAclUserVlanTag OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
tagged(1),
|
|
untagged(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan tag exits or not."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclUserEntry 5 }
|
|
|
|
h3cAclUserRuleStr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..80))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rule string."
|
|
::= { h3cAclUserEntry 6 }
|
|
|
|
h3cAclUserRuleMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..80))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rule mask."
|
|
::= { h3cAclUserEntry 7 }
|
|
|
|
h3cAclUserTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of the user defined acl."
|
|
::= { h3cAclUserEntry 8 }
|
|
|
|
h3cAclUserEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { h3cAclUserEntry 9 }
|
|
|
|
h3cAclUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { h3cAclUserEntry 10 }
|
|
--
|
|
-- h3cAclActiveTable
|
|
--
|
|
h3cAclActiveTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclActiveEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Active acl."
|
|
::= { h3cAclMibObjects 9 }
|
|
|
|
h3cAclActiveEntry OBJECT-TYPE
|
|
SYNTAX H3cAclActiveEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of active acl table."
|
|
INDEX { h3cAclActiveAclIndex,
|
|
h3cAclActiveIfIndex,
|
|
h3cAclActiveVlanID,
|
|
h3cAclActiveDirection
|
|
}
|
|
::= { h3cAclActiveTable 1 }
|
|
|
|
H3cAclActiveEntry ::=
|
|
SEQUENCE {
|
|
h3cAclActiveAclIndex
|
|
Integer32,
|
|
h3cAclActiveIfIndex
|
|
Integer32,
|
|
h3cAclActiveVlanID
|
|
Integer32,
|
|
h3cAclActiveDirection
|
|
INTEGER,
|
|
h3cAclActiveUserAclNum
|
|
Integer32,
|
|
h3cAclActiveUserAclSubitem
|
|
Integer32,
|
|
h3cAclActiveIpAclNum
|
|
Integer32,
|
|
h3cAclActiveIpAclSubitem
|
|
Integer32,
|
|
h3cAclActiveLinkAclNum
|
|
Integer32,
|
|
h3cAclActiveLinkAclSubitem
|
|
Integer32,
|
|
h3cAclActiveRuntime
|
|
TruthValue,
|
|
h3cAclActiveRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cAclActiveAclIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0|1..5999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Acl index."
|
|
::= { h3cAclActiveEntry 1 }
|
|
|
|
h3cAclActiveIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IfIndex."
|
|
::= { h3cAclActiveEntry 2 }
|
|
|
|
h3cAclActiveVlanID OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The lower 16 bits is Vlan ID, the higher 16 bits,
|
|
if not zero, it describes the slot ID of the L3plus board.
|
|
"
|
|
::= { h3cAclActiveEntry 3 }
|
|
|
|
h3cAclActiveDirection OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
input(1),
|
|
output(2),
|
|
both(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Direction."
|
|
::= { h3cAclActiveEntry 4 }
|
|
|
|
h3cAclActiveUserAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|5000..5999|10000..12999)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the user acl."
|
|
::= { h3cAclActiveEntry 5 }
|
|
|
|
h3cAclActiveUserAclSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the user acl."
|
|
::= { h3cAclActiveEntry 6 }
|
|
|
|
h3cAclActiveIpAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|2000..3999|10000..12999)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the IP acl."
|
|
::= { h3cAclActiveEntry 7 }
|
|
|
|
h3cAclActiveIpAclSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the IP acl."
|
|
::= { h3cAclActiveEntry 8 }
|
|
|
|
h3cAclActiveLinkAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|4000..4999|10000..12999)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The num of the link acl."
|
|
::= { h3cAclActiveEntry 9 }
|
|
|
|
h3cAclActiveLinkAclSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the link acl."
|
|
::= { h3cAclActiveEntry 10 }
|
|
|
|
h3cAclActiveRuntime OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Is run or not."
|
|
::= { h3cAclActiveEntry 11 }
|
|
|
|
h3cAclActiveRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { h3cAclActiveEntry 12 }
|
|
|
|
--
|
|
-- h3cAclIDSTable
|
|
--
|
|
h3cAclIDSTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclIDSEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the rule for IDS."
|
|
::= { h3cAclMibObjects 10 }
|
|
|
|
h3cAclIDSEntry OBJECT-TYPE
|
|
SYNTAX H3cAclIDSEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of acl ids table."
|
|
INDEX { IMPLIED h3cAclIDSName}
|
|
::= { h3cAclIDSTable 1 }
|
|
|
|
H3cAclIDSEntry ::=
|
|
SEQUENCE {
|
|
h3cAclIDSName
|
|
OCTET STRING,
|
|
h3cAclIDSSrcMac
|
|
MacAddress,
|
|
h3cAclIDSDestMac
|
|
MacAddress,
|
|
h3cAclIDSSrcIp
|
|
IpAddress,
|
|
h3cAclIDSSrcWild
|
|
IpAddress,
|
|
h3cAclIDSDestIp
|
|
IpAddress,
|
|
h3cAclIDSDestWild
|
|
IpAddress,
|
|
h3cAclIDSSrcPort
|
|
Integer32,
|
|
h3cAclIDSDestPort
|
|
Integer32,
|
|
h3cAclIDSProtocol
|
|
Integer32,
|
|
h3cAclIDSDenyTime
|
|
Unsigned32,
|
|
h3cAclIDSAct
|
|
INTEGER,
|
|
h3cAclIDSRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cAclIDSName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name index of the IDS table."
|
|
::= { h3cAclIDSEntry 1 }
|
|
|
|
h3cAclIDSSrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source mac of IDS acl rule."
|
|
::= { h3cAclIDSEntry 2 }
|
|
|
|
|
|
h3cAclIDSDestMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination mac of IDS acl rule."
|
|
::= { h3cAclIDSEntry 3 }
|
|
|
|
h3cAclIDSSrcIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address of IDS acl rule."
|
|
::= { h3cAclIDSEntry 4 }
|
|
|
|
h3cAclIDSSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address wild of IDS acl rule."
|
|
::= { h3cAclIDSEntry 5 }
|
|
|
|
h3cAclIDSDestIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP-address of IDS acl rule."
|
|
::= { h3cAclIDSEntry 6 }
|
|
|
|
h3cAclIDSDestWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP-address wild of IDS acl rule."
|
|
::= { h3cAclIDSEntry 7 }
|
|
|
|
h3cAclIDSSrcPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port."
|
|
::= { h3cAclIDSEntry 8 }
|
|
|
|
h3cAclIDSDestPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port."
|
|
::= { h3cAclIDSEntry 9 }
|
|
|
|
h3cAclIDSProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-type of advanced acl group.
|
|
<1-255> Protocol number
|
|
gre GRE tunneling(47)
|
|
icmp Internet Control Message Protocol(1)
|
|
igmp Internet Group Management Protocol(2)
|
|
ip Any IP protocol
|
|
ipinip IP in IP tunneling(4)
|
|
ospf OSPF routing protocol(89)
|
|
tcp Transmission Control Protocol (6)
|
|
udp User Datagram Protocol (17)
|
|
"
|
|
::= { h3cAclIDSEntry 10 }
|
|
|
|
h3cAclIDSDenyTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of seconds which deny for this acl rule."
|
|
DEFVAL { 0 }
|
|
::= { h3cAclIDSEntry 11 }
|
|
|
|
|
|
h3cAclIDSAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of IDS acl rule."
|
|
::= { h3cAclIDSEntry 12 }
|
|
|
|
h3cAclIDSRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now supports three states: CreateAndGo, Active, and Destroy."
|
|
::= { h3cAclIDSEntry 13 }
|
|
--
|
|
-- Nodes of h3cAclMib2Objects
|
|
--
|
|
h3cAclMib2Objects OBJECT IDENTIFIER ::= { h3cAcl 2 }
|
|
--
|
|
-- Nodes of h3cAclMib2GlobalGroup
|
|
--
|
|
h3cAclMib2GlobalGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 1 }
|
|
|
|
h3cAclMib2NodesGroup OBJECT IDENTIFIER ::= { h3cAclMib2GlobalGroup 1 }
|
|
|
|
h3cAclMib2Mode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
linkBased(1),
|
|
ipBased(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The applying mode of ACL."
|
|
::= { h3cAclMib2NodesGroup 1 }
|
|
|
|
h3cAclMib2Version OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The version of this file.
|
|
The output value has the format of 'xx'or 'xxx'.
|
|
For example: 10 means 1.0; 125 means 12.5.
|
|
"
|
|
::= { h3cAclMib2NodesGroup 2 }
|
|
|
|
h3cAclMib2ObjectsCapabilities OBJECT-TYPE
|
|
SYNTAX BITS
|
|
{
|
|
h3cAclMib2Mode(0),
|
|
h3cAclVersion(1),
|
|
h3cAclMib2ObjectsCapabilities(2),
|
|
h3cAclMib2CapabilityTable(3),
|
|
h3cAclNumberGroupTable(4),
|
|
h3cAclIPAclBasicTable(5),
|
|
h3cAclIPAclAdvancedTable(6),
|
|
h3cAclMACTable(7),
|
|
h3cAclEnUserTable(8),
|
|
h3cAclMib2ProcessingStatus(9)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The objects of h3cAclMib2Objects."
|
|
::= { h3cAclMib2NodesGroup 3 }
|
|
|
|
h3cAclMib2ProcessingStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
processing(1),
|
|
done(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The processing status of ACL operation."
|
|
::= { h3cAclMib2NodesGroup 4 }
|
|
|
|
h3cAclMib2ResourceThreshold OBJECT-TYPE
|
|
SYNTAX Integer32 (0..100)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The threshold of TCAM resources.
|
|
The value 0 indicates that cancelling the TCAM resource notification function."
|
|
::= { h3cAclMib2NodesGroup 5 }
|
|
|
|
h3cAclMib2ResourceLogInterval OBJECT-TYPE
|
|
SYNTAX Integer32 (1..60)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of interval. It must be in the range of 1 to 60.
|
|
Default value is 5."
|
|
::= { h3cAclMib2NodesGroup 6 }
|
|
|
|
h3cAclMib2CapabilityTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclMib2CapabilityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The capability of mib2."
|
|
::= { h3cAclMib2GlobalGroup 2 }
|
|
|
|
h3cAclMib2CapabilityEntry OBJECT-TYPE
|
|
SYNTAX H3cAclMib2CapabilityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The information of Capability of mib2."
|
|
INDEX { h3cAclMib2EntityType,
|
|
h3cAclMib2EntityIndex,
|
|
h3cAclMib2ModuleIndex,
|
|
h3cAclMib2CharacteristicsIndex
|
|
}
|
|
::= { h3cAclMib2CapabilityTable 1 }
|
|
|
|
H3cAclMib2CapabilityEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclMib2EntityType
|
|
INTEGER,
|
|
h3cAclMib2EntityIndex
|
|
Integer32,
|
|
h3cAclMib2ModuleIndex
|
|
INTEGER,
|
|
h3cAclMib2CharacteristicsIndex
|
|
Integer32,
|
|
h3cAclMib2CharacteristicsDesc
|
|
OCTET STRING,
|
|
h3cAclMib2CharacteristicsValue
|
|
Unsigned32
|
|
}
|
|
|
|
h3cAclMib2EntityType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
system(1),
|
|
interface(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of entity.
|
|
system: The entity is systemic level.
|
|
interface: The entity is interface level.
|
|
"
|
|
::= { h3cAclMib2CapabilityEntry 1 }
|
|
|
|
h3cAclMib2EntityIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of entity.
|
|
If h3cAclMib2EntityType is system, the value of this object is 0.
|
|
|
|
If h3cAclMib2EntityType is interface,
|
|
the value of this object is equal to 'ifIndex'.
|
|
"
|
|
::= { h3cAclMib2CapabilityEntry 2 }
|
|
|
|
h3cAclMib2ModuleIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
layer3(1),
|
|
layer2(2),
|
|
userDefined(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The module index of ACL."
|
|
::= { h3cAclMib2CapabilityEntry 3 }
|
|
|
|
h3cAclMib2CharacteristicsIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The characteristics index of mib2.
|
|
See DESCRIPTION of h3cAclMib2CharacteristicsValue
|
|
to get detail information about the value of this object.
|
|
"
|
|
::= { h3cAclMib2CapabilityEntry 4 }
|
|
|
|
h3cAclMib2CharacteristicsDesc OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of characteristics."
|
|
::= { h3cAclMib2CapabilityEntry 5 }
|
|
|
|
h3cAclMib2CharacteristicsValue OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of capability of this object.
|
|
TypeOfRuleStringValue : notSupport(0) and the length of
|
|
RuleString.
|
|
|
|
TypeOfCodeValue : OnlyOneNotSupport(0),
|
|
MoreThanOneNotSupport(1)
|
|
If h3cAclMib2CharacteristicsValue is 'moreThanOneNotSupport',
|
|
h3cAclMib2CharacteristicsDesc must be used to depict which
|
|
protocols are not supported. The output value of
|
|
h3cAclMib2CharacteristicsDesc has the format of 'a,b'.
|
|
For example, 'ip,rarp'.
|
|
|
|
layer3 Module:
|
|
Index Characteristics value
|
|
1 SourceIPAddress notSupport(0)
|
|
2 DestinationIPAddress notSupport(0)
|
|
3 SourcePort notSupport(0)
|
|
4 DestinationPort notSupport(0)
|
|
5 IPPrecedence notSupport(0)
|
|
6 TOS notSupport(0)
|
|
7 DSCP notSupport(0)
|
|
8 TCPFlag notSupport(0)
|
|
9 FragmentFlag notSupport(0)
|
|
10 Log notSupport(0)
|
|
11 RuleMatchCounter notSupport(0)
|
|
12 ResetRuleMatchCounter notSupport(0)
|
|
13 VPN notSupport(0)
|
|
15 protocol notSupport(0)
|
|
16 AddressFlag notSupport(0)
|
|
|
|
layer2 Module:
|
|
Index Characteristics value
|
|
1 ProtocolType TypeOfCodeValue
|
|
2 SourceMAC notSupport(0)
|
|
3 DestinationMAC notSupport(0)
|
|
4 LSAPType TypeOfCodeValue
|
|
5 CoS notSupport(0)
|
|
|
|
UserDefined Module:
|
|
Index Characteristics value
|
|
1 UserDefaultOffset TypeOfRuleStringValue
|
|
2 UserL2RuleOffset TypeOfRuleStringValue
|
|
3 UserMplsOffset TypeOfRuleStringValue
|
|
4 UserIPv4Offset TypeOfRuleStringValue
|
|
5 UserIPv6Offset TypeOfRuleStringValue
|
|
6 UserL4Offset TypeOfRuleStringValue
|
|
7 UserL5Offset TypeOfRuleStringValue
|
|
"
|
|
::= { h3cAclMib2CapabilityEntry 6 }
|
|
|
|
--
|
|
-- Nodes of number group
|
|
--
|
|
h3cAclNumberGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclNumberGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of the number acl group information."
|
|
::= { h3cAclMib2GlobalGroup 3 }
|
|
|
|
h3cAclNumberGroupEntry OBJECT-TYPE
|
|
SYNTAX H3cAclNumberGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number acl group information entry."
|
|
INDEX { h3cAclNumberGroupType, h3cAclNumberGroupIndex }
|
|
::= { h3cAclNumberGroupTable 1 }
|
|
|
|
H3cAclNumberGroupEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclNumberGroupType
|
|
INTEGER,
|
|
h3cAclNumberGroupIndex
|
|
Integer32,
|
|
h3cAclNumberGroupRowStatus
|
|
RowStatus,
|
|
h3cAclNumberGroupMatchOrder
|
|
INTEGER,
|
|
h3cAclNumberGroupStep
|
|
Integer32,
|
|
h3cAclNumberGroupDescription
|
|
OCTET STRING,
|
|
h3cAclNumberGroupCountClear
|
|
CounterClear,
|
|
h3cAclNumberGroupRuleCounter
|
|
Counter32,
|
|
h3cAclNumberGroupName
|
|
OCTET STRING
|
|
}
|
|
h3cAclNumberGroupType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
mac(3),
|
|
user(4)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of number group.
|
|
Basic ACL and Advanced ACL support ipv4 and ipv6.
|
|
The range of Basic ACL is from 2000 to 2999.
|
|
The range of Advanced ACL is from 3000 to 3999.
|
|
|
|
Simple ACL supports ipv6 only.
|
|
The range of Simple ACL is from 10000 to 42767.
|
|
|
|
MAC ACL support mac only.
|
|
The range of MAC ACL is from 4000 to 4999.
|
|
|
|
User-defined ACL support user only.
|
|
The range of user-defined ACL is from 5000 to 5999.
|
|
"
|
|
::= { h3cAclNumberGroupEntry 1 }
|
|
|
|
h3cAclNumberGroupIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (2000..5999|10000..42767)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group index of number acl.
|
|
Basic type:2000..2999
|
|
Advanced type:3000..3999
|
|
MAC type:4000..4999
|
|
User type:5000..5999
|
|
Simple type:10000..42767
|
|
"
|
|
::= { h3cAclNumberGroupEntry 2 }
|
|
|
|
h3cAclNumberGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclNumberGroupEntry 3 }
|
|
|
|
h3cAclNumberGroupMatchOrder OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
config(1),
|
|
auto(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The match-order of number acl group."
|
|
DEFVAL { config }
|
|
::= { h3cAclNumberGroupEntry 4 }
|
|
|
|
h3cAclNumberGroupStep OBJECT-TYPE
|
|
SYNTAX Integer32 (1..20)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The step of rule index."
|
|
DEFVAL { 5 }
|
|
::= { h3cAclNumberGroupEntry 5 }
|
|
|
|
h3cAclNumberGroupDescription OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Description of this acl group."
|
|
::= { h3cAclNumberGroupEntry 6 }
|
|
|
|
h3cAclNumberGroupCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counters of this group."
|
|
DEFVAL { nouse }
|
|
::= { h3cAclNumberGroupEntry 7 }
|
|
|
|
h3cAclNumberGroupRuleCounter OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule count of number acl group."
|
|
::= { h3cAclNumberGroupEntry 8 }
|
|
|
|
h3cAclNumberGroupName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..63))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of this acl group."
|
|
::= { h3cAclNumberGroupEntry 9 }
|
|
|
|
--
|
|
-- Nodes of named ACL group
|
|
--
|
|
h3cAclNamedGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclNamedGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of the named ACL group."
|
|
::= { h3cAclMib2GlobalGroup 4 }
|
|
|
|
h3cAclNamedGroupEntry OBJECT-TYPE
|
|
SYNTAX H3cAclNamedGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Named ACL group entry."
|
|
INDEX
|
|
{
|
|
h3cAclNumberGroupType,
|
|
h3cAclNamedGroupCategory,
|
|
h3cAclNamedGroupName
|
|
}
|
|
::= { h3cAclNamedGroupTable 1 }
|
|
|
|
H3cAclNamedGroupEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclNamedGroupCategory
|
|
INTEGER,
|
|
h3cAclNamedGroupName
|
|
OCTET STRING,
|
|
h3cAclNamedGroupRowStatus
|
|
RowStatus,
|
|
h3cAclNamedGroupMatchOrder
|
|
INTEGER,
|
|
h3cAclNamedGroupStep
|
|
Integer32,
|
|
h3cAclNamedGroupDescription
|
|
OCTET STRING,
|
|
h3cAclNamedGroupCountClear
|
|
CounterClear,
|
|
h3cAclNamedGroupRuleCounter
|
|
Counter32
|
|
}
|
|
|
|
h3cAclNamedGroupCategory OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
basic(1),
|
|
advanced(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The category of number group. 1 indicates basic ACL, 2 indicates
|
|
advanced ACL."
|
|
::= { h3cAclNamedGroupEntry 1 }
|
|
|
|
h3cAclNamedGroupName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..63))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of an ACL group, a case-insensitive string of 1 to 63
|
|
characters. It must start with an English letter.
|
|
"
|
|
::= { h3cAclNamedGroupEntry 2 }
|
|
|
|
h3cAclNamedGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclNamedGroupEntry 3 }
|
|
|
|
h3cAclNamedGroupMatchOrder OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
config(1),
|
|
auto(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The match-order of name acl group."
|
|
DEFVAL { config }
|
|
::= { h3cAclNamedGroupEntry 4 }
|
|
|
|
h3cAclNamedGroupStep OBJECT-TYPE
|
|
SYNTAX Integer32 (1..20)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numbering step of the increment of the rule index."
|
|
DEFVAL { 5 }
|
|
::= { h3cAclNamedGroupEntry 5 }
|
|
|
|
h3cAclNamedGroupDescription OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Description of this ACL group."
|
|
::= { h3cAclNamedGroupEntry 6 }
|
|
|
|
h3cAclNamedGroupCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the statistics counter of this group."
|
|
DEFVAL { nouse }
|
|
::= { h3cAclNamedGroupEntry 7 }
|
|
|
|
h3cAclNamedGroupRuleCounter OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The amount of rules of this group."
|
|
::= { h3cAclNamedGroupEntry 8 }
|
|
|
|
--
|
|
-- Node of h3cAclIPv6Group
|
|
--
|
|
h3cAclIPAclGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 2 }
|
|
|
|
--
|
|
-- Nodes of h3cAclIPAclBasicTable
|
|
--
|
|
|
|
h3cAclIPAclBasicTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclIPAclBasicEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of basic rule group.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { h3cAclIPAclGroup 2 }
|
|
|
|
h3cAclIPAclBasicEntry OBJECT-TYPE
|
|
SYNTAX H3cAclIPAclBasicEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Basic rule group information."
|
|
INDEX { h3cAclNumberGroupType,
|
|
h3cAclNumberGroupIndex,
|
|
h3cAclIPAclBasicRuleIndex
|
|
}
|
|
::= { h3cAclIPAclBasicTable 1 }
|
|
|
|
H3cAclIPAclBasicEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclIPAclBasicRuleIndex
|
|
Integer32,
|
|
h3cAclIPAclBasicRowStatus
|
|
RowStatus,
|
|
h3cAclIPAclBasicAct
|
|
RuleAction,
|
|
h3cAclIPAclBasicSrcAddrType
|
|
InetAddressType,
|
|
h3cAclIPAclBasicSrcAddr
|
|
InetAddress,
|
|
h3cAclIPAclBasicSrcPrefix
|
|
InetAddressPrefixLength,
|
|
h3cAclIPAclBasicSrcAny
|
|
TruthValue,
|
|
h3cAclIPAclBasicSrcWild
|
|
IpAddress,
|
|
h3cAclIPAclBasicTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclIPAclBasicFragmentFlag
|
|
FragmentFlag,
|
|
h3cAclIPAclBasicLog
|
|
TruthValue,
|
|
h3cAclIPAclBasicCount
|
|
Unsigned32,
|
|
h3cAclIPAclBasicCountClear
|
|
CounterClear,
|
|
h3cAclIPAclBasicEnable
|
|
TruthValue,
|
|
h3cAclIPAclBasicVpnInstanceName
|
|
OCTET STRING,
|
|
h3cAclIPAclBasicComment
|
|
OCTET STRING,
|
|
h3cAclIPAclBasicCounting
|
|
TruthValue,
|
|
h3cAclIPAclBasicRouteTypeAny
|
|
TruthValue,
|
|
h3cAclIPAclBasicRouteTypeValue
|
|
Integer32
|
|
}
|
|
|
|
h3cAclIPAclBasicRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule index of basic acl group."
|
|
::= { h3cAclIPAclBasicEntry 1 }
|
|
|
|
h3cAclIPAclBasicRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclIPAclBasicEntry 2 }
|
|
|
|
h3cAclIPAclBasicAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of basic acl rule."
|
|
::= { h3cAclIPAclBasicEntry 3 }
|
|
|
|
h3cAclIPAclBasicSrcAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP addresses type of IP pool."
|
|
::= { h3cAclIPAclBasicEntry 4 }
|
|
|
|
h3cAclIPAclBasicSrcAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of a local IP address is available for this association.
|
|
|
|
The type of this address is determined by the value of
|
|
h3cAclIPAclBasicSrcAddrType.
|
|
"
|
|
::= { h3cAclIPAclBasicEntry 5 }
|
|
|
|
h3cAclIPAclBasicSrcPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address prefix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclBasicEntry 6 }
|
|
|
|
h3cAclIPAclBasicSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { h3cAclIPAclBasicEntry 7 }
|
|
|
|
h3cAclIPAclBasicSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv4 address wildcard mask.
|
|
Only IPv4 Basic Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { h3cAclIPAclBasicEntry 8 }
|
|
|
|
h3cAclIPAclBasicTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of basic acl rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclIPAclBasicEntry 9 }
|
|
|
|
h3cAclIPAclBasicFragmentFlag OBJECT-TYPE
|
|
SYNTAX FragmentFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packets."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclBasicEntry 10 }
|
|
|
|
h3cAclIPAclBasicLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule."
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclBasicEntry 11 }
|
|
|
|
h3cAclIPAclBasicCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matches by the rule."
|
|
::= { h3cAclIPAclBasicEntry 12 }
|
|
|
|
h3cAclIPAclBasicCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
DEFVAL { nouse }
|
|
::= { h3cAclIPAclBasicEntry 13 }
|
|
|
|
h3cAclIPAclBasicEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclBasicEntry 14 }
|
|
|
|
h3cAclIPAclBasicVpnInstanceName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VPN name, to which the rule will be applied.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclIPAclBasicEntry 15 }
|
|
|
|
h3cAclIPAclBasicComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { h3cAclIPAclBasicEntry 16 }
|
|
|
|
h3cAclIPAclBasicCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclBasicEntry 17 }
|
|
|
|
h3cAclIPAclBasicRouteTypeAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any type of routing header of IPv6 packet.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclBasicEntry 18 }
|
|
|
|
h3cAclIPAclBasicRouteTypeValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Match specific type of routing header of IPv6 packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclBasicEntry 19 }
|
|
|
|
--
|
|
-- Notes of h3cAclIPAclAdvancedTable
|
|
--
|
|
h3cAclIPAclAdvancedTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclIPAclAdvancedEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of advanced and simple acl group.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed and applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { h3cAclIPAclGroup 3 }
|
|
|
|
h3cAclIPAclAdvancedEntry OBJECT-TYPE
|
|
SYNTAX H3cAclIPAclAdvancedEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Advanced acl group information."
|
|
INDEX { h3cAclNumberGroupType,
|
|
h3cAclNumberGroupIndex,
|
|
h3cAclIPAclAdvancedRuleIndex
|
|
}
|
|
::= { h3cAclIPAclAdvancedTable 1 }
|
|
|
|
H3cAclIPAclAdvancedEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclIPAclAdvancedRuleIndex
|
|
Integer32,
|
|
h3cAclIPAclAdvancedRowStatus
|
|
RowStatus,
|
|
h3cAclIPAclAdvancedAct
|
|
RuleAction,
|
|
h3cAclIPAclAdvancedProtocol
|
|
Integer32,
|
|
h3cAclIPAclAdvancedAddrFlag
|
|
AddressFlag,
|
|
h3cAclIPAclAdvancedSrcAddrType
|
|
InetAddressType,
|
|
h3cAclIPAclAdvancedSrcAddr
|
|
InetAddress,
|
|
h3cAclIPAclAdvancedSrcPrefix
|
|
InetAddressPrefixLength,
|
|
h3cAclIPAclAdvancedSrcAny
|
|
TruthValue,
|
|
h3cAclIPAclAdvancedSrcWild
|
|
IpAddress,
|
|
h3cAclIPAclAdvancedSrcOp
|
|
PortOp,
|
|
h3cAclIPAclAdvancedSrcPort1
|
|
Integer32,
|
|
h3cAclIPAclAdvancedSrcPort2
|
|
Integer32,
|
|
h3cAclIPAclAdvancedDestAddrType
|
|
InetAddressType,
|
|
h3cAclIPAclAdvancedDestAddr
|
|
InetAddress,
|
|
h3cAclIPAclAdvancedDestPrefix
|
|
InetAddressPrefixLength,
|
|
h3cAclIPAclAdvancedDestAny
|
|
TruthValue,
|
|
h3cAclIPAclAdvancedDestWild
|
|
IpAddress,
|
|
h3cAclIPAclAdvancedDestOp
|
|
PortOp,
|
|
h3cAclIPAclAdvancedDestPort1
|
|
Integer32,
|
|
h3cAclIPAclAdvancedDestPort2
|
|
Integer32,
|
|
h3cAclIPAclAdvancedIcmpType
|
|
Integer32,
|
|
h3cAclIPAclAdvancedIcmpCode
|
|
Integer32,
|
|
h3cAclIPAclAdvancedPrecedence
|
|
Integer32,
|
|
h3cAclIPAclAdvancedTos
|
|
Integer32,
|
|
h3cAclIPAclAdvancedDscp
|
|
DSCPValue,
|
|
h3cAclIPAclAdvancedTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclIPAclAdvancedTCPFlag
|
|
TCPFlag,
|
|
h3cAclIPAclAdvancedFragmentFlag
|
|
FragmentFlag,
|
|
h3cAclIPAclAdvancedLog
|
|
TruthValue,
|
|
h3cAclIPAclAdvancedCount
|
|
Unsigned32,
|
|
h3cAclIPAclAdvancedCountClear
|
|
CounterClear,
|
|
h3cAclIPAclAdvancedEnable
|
|
TruthValue,
|
|
h3cAclIPAclAdvancedVpnInstanceName
|
|
OCTET STRING,
|
|
h3cAclIPAclAdvancedComment
|
|
OCTET STRING,
|
|
h3cAclIPAclAdvancedReflective
|
|
TruthValue,
|
|
h3cAclIPAclAdvancedCounting
|
|
TruthValue,
|
|
h3cAclIPAclAdvancedTCPFlagMask
|
|
BITS,
|
|
h3cAclIPAclAdvancedTCPFlagValue
|
|
BITS,
|
|
h3cAclIPAclAdvancedRouteTypeAny
|
|
TruthValue,
|
|
h3cAclIPAclAdvancedRouteTypeValue
|
|
Integer32,
|
|
h3cAclIPAclAdvancedFlowLabel
|
|
Unsigned32,
|
|
h3cAclIPAclAdvancedSrcSuffix
|
|
Unsigned32,
|
|
h3cAclIPAclAdvancedDestSuffix
|
|
Unsigned32
|
|
}
|
|
|
|
h3cAclIPAclAdvancedRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule index of advanced acl group.
|
|
As a Simple ACL group, the value of this object must be 0.
|
|
As an Advanced ACL group, the value of this object is ranging
|
|
from 0 to 65534.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 1 }
|
|
|
|
h3cAclIPAclAdvancedRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclIPAclAdvancedEntry 2 }
|
|
|
|
h3cAclIPAclAdvancedAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of advanced acl rule."
|
|
::= { h3cAclIPAclAdvancedEntry 3 }
|
|
|
|
h3cAclIPAclAdvancedProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-type of advanced acl group. 0 indicates any IPv4 or
|
|
IPv6 protocol.
|
|
<1-255> Protocol number
|
|
gre GRE tunneling(47)
|
|
icmp Internet Control Message Protocol(1)
|
|
icmpv6 Internet Control Message Protocol6(58)
|
|
igmp Internet Group Management Protocol(2)
|
|
ipinip IP in IP tunneling(4)
|
|
ospf OSPF routing protocol(89)
|
|
tcp Transmission Control Protocol (6)
|
|
udp User Datagram Protocol (17)
|
|
ipv6-ah IPv6 Authentication Header(51)
|
|
ipv6-esp IPv6 Encapsulating Security Payload(50)
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 4 }
|
|
|
|
h3cAclIPAclAdvancedAddrFlag OBJECT-TYPE
|
|
SYNTAX AddressFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Address flag to select address."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclAdvancedEntry 5 }
|
|
|
|
h3cAclIPAclAdvancedSrcAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP addresses type of IP pool."
|
|
::= { h3cAclIPAclAdvancedEntry 6 }
|
|
|
|
h3cAclIPAclAdvancedSrcAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of a local IP address available for this association.
|
|
|
|
The type of this address is determined by the value of
|
|
h3cAclIPAclAdvancedSrcAddrType.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 7 }
|
|
|
|
h3cAclIPAclAdvancedSrcPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address prefix.
|
|
A value of n corresponds to an IP address mask
|
|
which has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 8 }
|
|
|
|
h3cAclIPAclAdvancedSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { h3cAclIPAclAdvancedEntry 9 }
|
|
|
|
h3cAclIPAclAdvancedSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv4 address wildcard mask.
|
|
Only IPv4 Advanced Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 10 }
|
|
|
|
h3cAclIPAclAdvancedSrcOp OBJECT-TYPE
|
|
SYNTAX PortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source port operation symbol of advanced acl group."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclAdvancedEntry 11 }
|
|
|
|
h3cAclIPAclAdvancedSrcPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port1."
|
|
DEFVAL { 0 }
|
|
::= { h3cAclIPAclAdvancedEntry 12 }
|
|
|
|
h3cAclIPAclAdvancedSrcPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port2."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclAdvancedEntry 13 }
|
|
|
|
h3cAclIPAclAdvancedDestAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP addresses type of IP pool."
|
|
::= { h3cAclIPAclAdvancedEntry 14 }
|
|
|
|
h3cAclIPAclAdvancedDestAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of a local IP address available for this association.
|
|
|
|
The type of this address is determined by the value of
|
|
h3cAclIPAclAdvancedDestAddrType.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 15 }
|
|
|
|
h3cAclIPAclAdvancedDestPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address prefix.
|
|
A value of n corresponds to an IP address mask
|
|
which has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 16 }
|
|
|
|
h3cAclIPAclAdvancedDestAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { h3cAclIPAclAdvancedEntry 17 }
|
|
|
|
h3cAclIPAclAdvancedDestWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IPv4 address wildcard mask.
|
|
Only IPv4 Advanced Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 18 }
|
|
|
|
h3cAclIPAclAdvancedDestOp OBJECT-TYPE
|
|
SYNTAX PortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination port operation symbol of advanced acl group."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclAdvancedEntry 19 }
|
|
|
|
h3cAclIPAclAdvancedDestPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port1."
|
|
DEFVAL { 0 }
|
|
::= { h3cAclIPAclAdvancedEntry 20 }
|
|
|
|
h3cAclIPAclAdvancedDestPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port2."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclAdvancedEntry 21 }
|
|
|
|
h3cAclIPAclAdvancedIcmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of ICMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclAdvancedEntry 22 }
|
|
|
|
h3cAclIPAclAdvancedIcmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The code of ICMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclAdvancedEntry 23 }
|
|
|
|
h3cAclIPAclAdvancedPrecedence OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's precedence.
|
|
<0-7> Value of precedence
|
|
routine Specify routine precedence(0)
|
|
priority Specify priority precedence(1)
|
|
immediate Specify immediate precedence(2)
|
|
flash Specify flash precedence(3)
|
|
flash-override Specify flash-override precedence(4)
|
|
critical Specify critical precedence(5)
|
|
internet Specify internetwork control precedence(6)
|
|
network Specify network control precedence(7)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { h3cAclIPAclAdvancedEntry 24 }
|
|
|
|
h3cAclIPAclAdvancedTos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..15|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's TOS.
|
|
<0-15> Value of TOS(type of service)
|
|
max-reliability Match packets with max reliable TOS(2)
|
|
max-throughput Match packets with max throughput TOS(4)
|
|
min-delay Match packets with min delay TOS(8)
|
|
min-monetary-cost Match packets with min monetary cost TOS(1)
|
|
normal Match packets with normal TOS(0)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { h3cAclIPAclAdvancedEntry 25 }
|
|
|
|
h3cAclIPAclAdvancedDscp OBJECT-TYPE
|
|
SYNTAX DSCPValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of DSCP of IP packet."
|
|
DEFVAL { 255 }
|
|
::= { h3cAclIPAclAdvancedEntry 26 }
|
|
|
|
h3cAclIPAclAdvancedTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of advanced acl rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 27 }
|
|
|
|
h3cAclIPAclAdvancedTCPFlag OBJECT-TYPE
|
|
SYNTAX TCPFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet type of TCP protocol."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclAdvancedEntry 28 }
|
|
|
|
h3cAclIPAclAdvancedFragmentFlag OBJECT-TYPE
|
|
SYNTAX FragmentFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packet,
|
|
and now support two value: 0 or 2."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclAdvancedEntry 29 }
|
|
|
|
h3cAclIPAclAdvancedLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log matched packets."
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclAdvancedEntry 30 }
|
|
|
|
h3cAclIPAclAdvancedCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by the rule."
|
|
::= { h3cAclIPAclAdvancedEntry 31 }
|
|
|
|
h3cAclIPAclAdvancedCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
DEFVAL { nouse }
|
|
::= { h3cAclIPAclAdvancedEntry 32 }
|
|
|
|
h3cAclIPAclAdvancedEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclAdvancedEntry 33 }
|
|
|
|
h3cAclIPAclAdvancedVpnInstanceName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VPN name that the rule will be applied.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 34 }
|
|
|
|
h3cAclIPAclAdvancedComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 35 }
|
|
|
|
h3cAclIPAclAdvancedReflective OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of reflective."
|
|
::= { h3cAclIPAclAdvancedEntry 36 }
|
|
|
|
h3cAclIPAclAdvancedCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclAdvancedEntry 37 }
|
|
|
|
h3cAclIPAclAdvancedTCPFlagMask OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
tcpack(0),
|
|
tcpfin(1),
|
|
tcppsh(2),
|
|
tcprst(3),
|
|
tcpsyn(4),
|
|
tcpurg(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP Flag Mask. This is a bit-map of possible conditions.
|
|
The various bit positions are:
|
|
|0 |tcpack |
|
|
|1 |tcpfin |
|
|
|2 |tcppsh |
|
|
|3 |tcprst |
|
|
|4 |tcpsyn |
|
|
|5 |tcpurg |
|
|
"
|
|
DEFVAL { { } }
|
|
::= { h3cAclIPAclAdvancedEntry 38 }
|
|
|
|
h3cAclIPAclAdvancedTCPFlagValue OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
tcpack(0),
|
|
tcpfin(1),
|
|
tcppsh(2),
|
|
tcprst(3),
|
|
tcpsyn(4),
|
|
tcpurg(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP Flag Value. This is a bit-map of possible conditions.
|
|
The various bit positions are:
|
|
|0 |tcpack |
|
|
|1 |tcpfin |
|
|
|2 |tcppsh |
|
|
|3 |tcprst |
|
|
|4 |tcpsyn |
|
|
|5 |tcpurg |
|
|
"
|
|
DEFVAL { { } }
|
|
::= { h3cAclIPAclAdvancedEntry 39 }
|
|
|
|
h3cAclIPAclAdvancedRouteTypeAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any type of routing header of IPv6 packet.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclAdvancedEntry 40 }
|
|
|
|
h3cAclIPAclAdvancedRouteTypeValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of routing header of IPv6 packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclAdvancedEntry 41 }
|
|
|
|
h3cAclIPAclAdvancedFlowLabel OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..1048575|4294967295)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of flow label of IPv6 packet header."
|
|
DEFVAL { 4294967295 }
|
|
::= { h3cAclIPAclAdvancedEntry 42 }
|
|
|
|
h3cAclIPAclAdvancedSrcSuffix OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address suffix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the least significant bit
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 43 }
|
|
|
|
h3cAclIPAclAdvancedDestSuffix OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address suffix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the least significant bit
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclAdvancedEntry 44 }
|
|
|
|
--
|
|
--Nodes of h3cAclIPAclNamedBscTable
|
|
--
|
|
|
|
h3cAclIPAclNamedBscTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclIPAclNamedBscEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of basic rule of named ACL.
|
|
The name of ACL group will be used as an index in this table,
|
|
which differs from the table h3cAclIPAclBasicTable.
|
|
If some objects of this table are not supported by some
|
|
products, these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are
|
|
read.
|
|
"
|
|
::= { h3cAclIPAclGroup 4 }
|
|
|
|
h3cAclIPAclNamedBscEntry OBJECT-TYPE
|
|
SYNTAX H3cAclIPAclNamedBscEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Basic named ACL rule entry."
|
|
INDEX
|
|
{
|
|
h3cAclNumberGroupType,
|
|
h3cAclNamedGroupName,
|
|
h3cAclIPAclBasicRuleIndex
|
|
}
|
|
::= { h3cAclIPAclNamedBscTable 1 }
|
|
|
|
H3cAclIPAclNamedBscEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclIPAclNamedBscRowStatus
|
|
RowStatus,
|
|
h3cAclIPAclNamedBscAct
|
|
RuleAction,
|
|
h3cAclIPAclNamedBscSrcAddrType
|
|
InetAddressType,
|
|
h3cAclIPAclNamedBscSrcAddr
|
|
InetAddress,
|
|
h3cAclIPAclNamedBscSrcPrefix
|
|
InetAddressPrefixLength,
|
|
h3cAclIPAclNamedBscSrcAny
|
|
TruthValue,
|
|
h3cAclIPAclNamedBscSrcWild
|
|
IpAddress,
|
|
h3cAclIPAclNamedBscTRangeName
|
|
OCTET STRING,
|
|
h3cAclIPAclNamedBscFragmentFlag
|
|
FragmentFlag,
|
|
h3cAclIPAclNamedBscLog
|
|
TruthValue,
|
|
h3cAclIPAclNamedBscCount
|
|
Unsigned32,
|
|
h3cAclIPAclNamedBscCountClear
|
|
CounterClear,
|
|
h3cAclIPAclNamedBscEnable
|
|
TruthValue,
|
|
h3cAclIPAclNamedBscVpnInstName
|
|
OCTET STRING,
|
|
h3cAclIPAclNamedBscComment
|
|
OCTET STRING,
|
|
h3cAclIPAclNamedBscCounting
|
|
TruthValue,
|
|
h3cAclIPAclNamedBscRouteTypeAny
|
|
TruthValue,
|
|
h3cAclIPAclNamedBscRouteTypeValue
|
|
Integer32
|
|
}
|
|
|
|
h3cAclIPAclNamedBscRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclIPAclNamedBscEntry 1 }
|
|
|
|
h3cAclIPAclNamedBscAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of basic ACL rule."
|
|
::= { h3cAclIPAclNamedBscEntry 2 }
|
|
|
|
h3cAclIPAclNamedBscSrcAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP addresses type of IP pool."
|
|
::= { h3cAclIPAclNamedBscEntry 3 }
|
|
|
|
h3cAclIPAclNamedBscSrcAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The specified source IP address.
|
|
The type of this address is determined by the value of
|
|
h3cAclIPAclNamedBscSrcAddrType.
|
|
"
|
|
::= { h3cAclIPAclNamedBscEntry 4 }
|
|
|
|
h3cAclIPAclNamedBscSrcPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specify the length of a generic Internet network address
|
|
prefix. A value of n corresponds to an IP address mask that
|
|
has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclNamedBscEntry 5 }
|
|
|
|
h3cAclIPAclNamedBscSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any source IP address."
|
|
DEFVAL { true }
|
|
::= { h3cAclIPAclNamedBscEntry 6 }
|
|
|
|
h3cAclIPAclNamedBscSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv4 address wildcard mask.
|
|
Only IPv4 Basic Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { h3cAclIPAclNamedBscEntry 7 }
|
|
|
|
h3cAclIPAclNamedBscTRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of basic acl rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclIPAclNamedBscEntry 8 }
|
|
|
|
h3cAclIPAclNamedBscFragmentFlag OBJECT-TYPE
|
|
SYNTAX FragmentFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packets."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclNamedBscEntry 9 }
|
|
|
|
h3cAclIPAclNamedBscLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule."
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclNamedBscEntry 10 }
|
|
|
|
h3cAclIPAclNamedBscCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matches by the rule."
|
|
::= { h3cAclIPAclNamedBscEntry 11 }
|
|
|
|
h3cAclIPAclNamedBscCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the statistics counter of the rule."
|
|
DEFVAL { nouse }
|
|
::= { h3cAclIPAclNamedBscEntry 12 }
|
|
|
|
h3cAclIPAclNamedBscEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclNamedBscEntry 13 }
|
|
|
|
h3cAclIPAclNamedBscVpnInstName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VPN name, to which the rule will be applied.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclIPAclNamedBscEntry 14 }
|
|
|
|
h3cAclIPAclNamedBscComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { h3cAclIPAclNamedBscEntry 15 }
|
|
|
|
h3cAclIPAclNamedBscCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclNamedBscEntry 16 }
|
|
|
|
h3cAclIPAclNamedBscRouteTypeAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any type of routing header of IPv6 packet.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclNamedBscEntry 17 }
|
|
|
|
h3cAclIPAclNamedBscRouteTypeValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Value of the routing header type of IPv6 packet,
|
|
in the range of 0 to 255.
|
|
"
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclNamedBscEntry 18 }
|
|
|
|
--
|
|
-- Notes of h3cAclIPAclNamedAdvTable
|
|
--
|
|
h3cAclIPAclNamedAdvTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclIPAclNamedAdvEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of advanced rule of named ACL.
|
|
The name of ACL group will be used as an index in this table,
|
|
which differs from the table h3cAclIPAclAdvancedTable.
|
|
If some objects of this table are not supported by some
|
|
products, these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are
|
|
read.
|
|
"
|
|
::= { h3cAclIPAclGroup 5 }
|
|
|
|
h3cAclIPAclNamedAdvEntry OBJECT-TYPE
|
|
SYNTAX H3cAclIPAclNamedAdvEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Advanced ACL rule information entry."
|
|
INDEX
|
|
{
|
|
h3cAclNumberGroupType,
|
|
h3cAclNamedGroupName,
|
|
h3cAclIPAclAdvancedRuleIndex
|
|
}
|
|
::= { h3cAclIPAclNamedAdvTable 1 }
|
|
|
|
H3cAclIPAclNamedAdvEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclIPAclNamedAdvRowStatus
|
|
RowStatus,
|
|
h3cAclIPAclNamedAdvAct
|
|
RuleAction,
|
|
h3cAclIPAclNamedAdvProtocol
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvAddrFlag
|
|
AddressFlag,
|
|
h3cAclIPAclNamedAdvSrcAddrType
|
|
InetAddressType,
|
|
h3cAclIPAclNamedAdvSrcAddr
|
|
InetAddress,
|
|
h3cAclIPAclNamedAdvSrcPrefix
|
|
InetAddressPrefixLength,
|
|
h3cAclIPAclNamedAdvSrcAny
|
|
TruthValue,
|
|
h3cAclIPAclNamedAdvSrcWild
|
|
IpAddress,
|
|
h3cAclIPAclNamedAdvSrcOp
|
|
PortOp,
|
|
h3cAclIPAclNamedAdvSrcPort1
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvSrcPort2
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvDstAddrType
|
|
InetAddressType,
|
|
h3cAclIPAclNamedAdvDstAddr
|
|
InetAddress,
|
|
h3cAclIPAclNamedAdvDstPrefix
|
|
InetAddressPrefixLength,
|
|
h3cAclIPAclNamedAdvDstAny
|
|
TruthValue,
|
|
h3cAclIPAclNamedAdvDstWild
|
|
IpAddress,
|
|
h3cAclIPAclNamedAdvDstOp
|
|
PortOp,
|
|
h3cAclIPAclNamedAdvDstPort1
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvDstPort2
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvIcmpType
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvIcmpCode
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvPrecedence
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvTos
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvDscp
|
|
DSCPValue,
|
|
h3cAclIPAclNamedAdvTRangeName
|
|
OCTET STRING,
|
|
h3cAclIPAclNamedAdvTCPFlag
|
|
TCPFlag,
|
|
h3cAclIPAclNamedAdvFragmentFlag
|
|
FragmentFlag,
|
|
h3cAclIPAclNamedAdvLog
|
|
TruthValue,
|
|
h3cAclIPAclNamedAdvCount
|
|
Unsigned32,
|
|
h3cAclIPAclNamedAdvCountClear
|
|
CounterClear,
|
|
h3cAclIPAclNamedAdvEnable
|
|
TruthValue,
|
|
h3cAclIPAclNamedAdvVpnInstName
|
|
OCTET STRING,
|
|
h3cAclIPAclNamedAdvComment
|
|
OCTET STRING,
|
|
h3cAclIPAclNamedAdvReflective
|
|
TruthValue,
|
|
h3cAclIPAclNamedAdvCounting
|
|
TruthValue,
|
|
h3cAclIPAclNamedAdvTCPFlagMask
|
|
BITS,
|
|
h3cAclIPAclNamedAdvTCPFlagValue
|
|
BITS,
|
|
h3cAclIPAclNamedAdvRouteTypeAny
|
|
TruthValue,
|
|
h3cAclIPAclNamedAdvRouteTypeValue
|
|
Integer32,
|
|
h3cAclIPAclNamedAdvFlowLabel
|
|
Unsigned32,
|
|
h3cAclIPAclNamedAdvSrcSuffix
|
|
Unsigned32,
|
|
h3cAclIPAclNamedAdvDstSuffix
|
|
Unsigned32
|
|
}
|
|
|
|
h3cAclIPAclNamedAdvRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclIPAclNamedAdvEntry 1 }
|
|
|
|
h3cAclIPAclNamedAdvAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of advanced ACL rule."
|
|
::= { h3cAclIPAclNamedAdvEntry 2 }
|
|
|
|
h3cAclIPAclNamedAdvProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-type of advanced ACL rule. 0 indicates any IPv4 or
|
|
IPv6 protocol.
|
|
<1-255> Protocol number
|
|
gre GRE tunneling(47)
|
|
icmp Internet Control Message Protocol(1)
|
|
icmpv6 Internet Control Message Protocol6(58)
|
|
igmp Internet Group Management Protocol(2)
|
|
ipinip IP in IP tunneling(4)
|
|
ospf OSPF routing protocol(89)
|
|
tcp Transmission Control Protocol (6)
|
|
udp User Datagram Protocol (17)
|
|
ipv6-ah IPv6 Authentication Header(51)
|
|
ipv6-esp IPv6 Encapsulating Security Payload(50)
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 3 }
|
|
|
|
h3cAclIPAclNamedAdvAddrFlag OBJECT-TYPE
|
|
SYNTAX AddressFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Address flag to select address."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclNamedAdvEntry 4 }
|
|
|
|
h3cAclIPAclNamedAdvSrcAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of source IP address.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 5 }
|
|
|
|
h3cAclIPAclNamedAdvSrcAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The specified source IP address.
|
|
The type of this address is determined by the value of
|
|
h3cAclIPAclNamedAdvSrcAddrType.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 6 }
|
|
|
|
h3cAclIPAclNamedAdvSrcPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specify the length of a generic Internet network address
|
|
prefix. A value of n corresponds to an IP address mask that
|
|
has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 7 }
|
|
|
|
h3cAclIPAclNamedAdvSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { h3cAclIPAclNamedAdvEntry 8 }
|
|
|
|
h3cAclIPAclNamedAdvSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv4 address wildcard mask.
|
|
Only IPv4 Advanced Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 9 }
|
|
|
|
h3cAclIPAclNamedAdvSrcOp OBJECT-TYPE
|
|
SYNTAX PortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source port operation symbol of advanced acl group."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclNamedAdvEntry 10 }
|
|
|
|
h3cAclIPAclNamedAdvSrcPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port1."
|
|
DEFVAL { 0 }
|
|
::= { h3cAclIPAclNamedAdvEntry 11 }
|
|
|
|
h3cAclIPAclNamedAdvSrcPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port2."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclNamedAdvEntry 12 }
|
|
|
|
h3cAclIPAclNamedAdvDstAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of destination IP address.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 13 }
|
|
|
|
h3cAclIPAclNamedAdvDstAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The specified destination IP address.
|
|
The type of this address is determined by the value of
|
|
h3cAclIPAclNamedAdvDstAddrType.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 14 }
|
|
|
|
h3cAclIPAclNamedAdvDstPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specify the length of a generic Internet network address
|
|
prefix. A value of n corresponds to an IP address mask that
|
|
has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 15 }
|
|
|
|
h3cAclIPAclNamedAdvDstAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { h3cAclIPAclNamedAdvEntry 16 }
|
|
|
|
h3cAclIPAclNamedAdvDstWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IPv4 address wildcard mask.
|
|
Only IPv4 Advanced Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 17 }
|
|
|
|
h3cAclIPAclNamedAdvDstOp OBJECT-TYPE
|
|
SYNTAX PortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination port operation symbol of advanced acl group."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclNamedAdvEntry 18 }
|
|
|
|
h3cAclIPAclNamedAdvDstPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port1."
|
|
DEFVAL { 0 }
|
|
::= { h3cAclIPAclNamedAdvEntry 19 }
|
|
|
|
h3cAclIPAclNamedAdvDstPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port2."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclNamedAdvEntry 20 }
|
|
|
|
h3cAclIPAclNamedAdvIcmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of ICMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclNamedAdvEntry 21 }
|
|
|
|
h3cAclIPAclNamedAdvIcmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The code of ICMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclNamedAdvEntry 22 }
|
|
|
|
h3cAclIPAclNamedAdvPrecedence OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's precedence.
|
|
<0-7> Value of precedence
|
|
routine Specify routine precedence(0)
|
|
priority Specify priority precedence(1)
|
|
immediate Specify immediate precedence(2)
|
|
flash Specify flash precedence(3)
|
|
flash-override Specify flash-override precedence(4)
|
|
critical Specify critical precedence(5)
|
|
internet Specify internetwork control precedence(6)
|
|
network Specify network control precedence(7)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { h3cAclIPAclNamedAdvEntry 23 }
|
|
|
|
h3cAclIPAclNamedAdvTos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..15|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's TOS.
|
|
<0-15> Value of TOS(type of service)
|
|
max-reliability Match packets with max reliable TOS(2)
|
|
max-throughput Match packets with max throughput TOS(4)
|
|
min-delay Match packets with min delay TOS(8)
|
|
min-monetary-cost Match packets with min monetary cost TOS(1)
|
|
normal Match packets with normal TOS(0)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { h3cAclIPAclNamedAdvEntry 24 }
|
|
|
|
h3cAclIPAclNamedAdvDscp OBJECT-TYPE
|
|
SYNTAX DSCPValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of DSCP of IP packet."
|
|
DEFVAL { 255 }
|
|
::= { h3cAclIPAclNamedAdvEntry 25 }
|
|
|
|
h3cAclIPAclNamedAdvTRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of advanced ACL rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 26 }
|
|
|
|
h3cAclIPAclNamedAdvTCPFlag OBJECT-TYPE
|
|
SYNTAX TCPFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet type of TCP protocol."
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclNamedAdvEntry 27 }
|
|
|
|
h3cAclIPAclNamedAdvFragmentFlag OBJECT-TYPE
|
|
SYNTAX FragmentFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packet,
|
|
and now support two value: 0 or 2.
|
|
"
|
|
DEFVAL { invalid }
|
|
::= { h3cAclIPAclNamedAdvEntry 28 }
|
|
|
|
h3cAclIPAclNamedAdvLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log matched packets."
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclNamedAdvEntry 29 }
|
|
|
|
h3cAclIPAclNamedAdvCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matches by the rule."
|
|
::= { h3cAclIPAclNamedAdvEntry 30 }
|
|
|
|
h3cAclIPAclNamedAdvCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the statistics counter of this rule."
|
|
DEFVAL { nouse }
|
|
::= { h3cAclIPAclNamedAdvEntry 31 }
|
|
|
|
h3cAclIPAclNamedAdvEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclNamedAdvEntry 32 }
|
|
|
|
h3cAclIPAclNamedAdvVpnInstName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VPN name to which the rule will be applied.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 33 }
|
|
|
|
h3cAclIPAclNamedAdvComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is zero-length String.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 34 }
|
|
|
|
h3cAclIPAclNamedAdvReflective OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of reflective."
|
|
::= { h3cAclIPAclNamedAdvEntry 35 }
|
|
|
|
h3cAclIPAclNamedAdvCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclNamedAdvEntry 36 }
|
|
|
|
h3cAclIPAclNamedAdvTCPFlagMask OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
tcpack(0),
|
|
tcpfin(1),
|
|
tcppsh(2),
|
|
tcprst(3),
|
|
tcpsyn(4),
|
|
tcpurg(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP Flag Mask. This is a bit-map of possible conditions.
|
|
The various bit positions are:
|
|
|0 |tcpack |
|
|
|1 |tcpfin |
|
|
|2 |tcppsh |
|
|
|3 |tcprst |
|
|
|4 |tcpsyn |
|
|
|5 |tcpurg |
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 37 }
|
|
|
|
h3cAclIPAclNamedAdvTCPFlagValue OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
tcpack(0),
|
|
tcpfin(1),
|
|
tcppsh(2),
|
|
tcprst(3),
|
|
tcpsyn(4),
|
|
tcpurg(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP Flag Value. This is a bit-map of possible conditions.
|
|
The various bit positions are:
|
|
|0 |tcpack |
|
|
|1 |tcpfin |
|
|
|2 |tcppsh |
|
|
|3 |tcprst |
|
|
|4 |tcpsyn |
|
|
|5 |tcpurg |
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 38 }
|
|
|
|
h3cAclIPAclNamedAdvRouteTypeAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any type of routing header of IPv6 packet.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclIPAclNamedAdvEntry 39 }
|
|
|
|
h3cAclIPAclNamedAdvRouteTypeValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of routing header of IPv6 packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclIPAclNamedAdvEntry 40 }
|
|
|
|
h3cAclIPAclNamedAdvFlowLabel OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..1048575|4294967295)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of flow label of IPv6 packet header."
|
|
DEFVAL { 4294967295 }
|
|
::= { h3cAclIPAclNamedAdvEntry 41 }
|
|
|
|
h3cAclIPAclNamedAdvSrcSuffix OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address suffix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the least significant bit
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 42 }
|
|
|
|
h3cAclIPAclNamedAdvDstSuffix OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address suffix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the least significant bit
|
|
and all other bits set to 0.
|
|
"
|
|
::= { h3cAclIPAclNamedAdvEntry 43 }
|
|
|
|
--
|
|
-- Node of h3cAclMACAclGroup
|
|
--
|
|
h3cAclMACAclGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 3 }
|
|
--
|
|
-- Nodes of h3cAclMACTable
|
|
--
|
|
h3cAclMACTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclMACEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of MAC acl group.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { h3cAclMACAclGroup 1 }
|
|
|
|
h3cAclMACEntry OBJECT-TYPE
|
|
SYNTAX H3cAclMACEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC acl group information."
|
|
INDEX
|
|
{
|
|
h3cAclNumberGroupType,
|
|
h3cAclNumberGroupIndex,
|
|
h3cAclMACRuleIndex
|
|
}
|
|
::= { h3cAclMACTable 1 }
|
|
|
|
H3cAclMACEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclMACRuleIndex
|
|
Integer32,
|
|
h3cAclMACRowStatus
|
|
RowStatus,
|
|
h3cAclMACAct
|
|
RuleAction,
|
|
h3cAclMACTypeCode
|
|
OCTET STRING,
|
|
h3cAclMACTypeMask
|
|
OCTET STRING,
|
|
h3cAclMACSrcMac
|
|
MacAddress,
|
|
h3cAclMACSrcMacWild
|
|
MacAddress,
|
|
h3cAclMACDestMac
|
|
MacAddress,
|
|
h3cAclMACDestMacWild
|
|
MacAddress,
|
|
h3cAclMACLsapCode
|
|
OCTET STRING,
|
|
h3cAclMACLsapMask
|
|
OCTET STRING,
|
|
h3cAclMACCos
|
|
Integer32,
|
|
h3cAclMACTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclMACCount
|
|
Unsigned32,
|
|
h3cAclMACCountClear
|
|
CounterClear,
|
|
h3cAclMACEnable
|
|
TruthValue,
|
|
h3cAclMACComment
|
|
OCTET STRING,
|
|
h3cAclMACLog
|
|
TruthValue,
|
|
h3cAclMACCounting
|
|
TruthValue
|
|
}
|
|
|
|
h3cAclMACRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule index of MAC-based acl group."
|
|
::= { h3cAclMACEntry 1 }
|
|
|
|
h3cAclMACRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclMACEntry 2 }
|
|
|
|
h3cAclMACAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of MAC acl rule."
|
|
::= { h3cAclMACEntry 3 }
|
|
|
|
h3cAclMACTypeCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of protocol."
|
|
REFERENCE
|
|
"rfc894, rfc1010."
|
|
::= { h3cAclMACEntry 4 }
|
|
|
|
h3cAclMACTypeMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of protocol."
|
|
::= { h3cAclMACEntry 5 }
|
|
|
|
h3cAclMACSrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC of MAC acl rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { h3cAclMACEntry 6 }
|
|
|
|
h3cAclMACSrcMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC wildzard of MAC acl rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { h3cAclMACEntry 7 }
|
|
|
|
h3cAclMACDestMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC of MAC acl rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { h3cAclMACEntry 8 }
|
|
|
|
h3cAclMACDestMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC wildzard of MAC acl rule.
|
|
Default value is '00:00:00:00:00:00'
|
|
"
|
|
::= { h3cAclMACEntry 9 }
|
|
|
|
h3cAclMACLsapCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of LSAP."
|
|
REFERENCE
|
|
"ANSI/IEEE Std 802.3"
|
|
::= { h3cAclMACEntry 10 }
|
|
|
|
h3cAclMACLsapMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of LSAP."
|
|
::= { h3cAclMACEntry 11 }
|
|
|
|
h3cAclMACCos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7 | 255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan priority of MAC acl rule."
|
|
DEFVAL { 255 }
|
|
::= { h3cAclMACEntry 12 }
|
|
|
|
h3cAclMACTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of MAC acl rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclMACEntry 13 }
|
|
|
|
h3cAclMACCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched frames by the rule."
|
|
::= { h3cAclMACEntry 14 }
|
|
|
|
h3cAclMACCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
DEFVAL { nouse }
|
|
::= { h3cAclMACEntry 15 }
|
|
|
|
h3cAclMACEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclMACEntry 16 }
|
|
|
|
h3cAclMACComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { h3cAclMACEntry 17 }
|
|
|
|
h3cAclMACLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclMACEntry 18 }
|
|
|
|
h3cAclMACCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclMACEntry 19 }
|
|
|
|
--
|
|
-- Nodes of named MAC ACL group
|
|
--
|
|
h3cAclNamedMACTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclNamedMACEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of named MAC ACL rule.
|
|
The name of ACL group will be used as an index in this table,
|
|
which differs from the table h3cAclMACTable.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { h3cAclMACAclGroup 2 }
|
|
|
|
h3cAclNamedMACEntry OBJECT-TYPE
|
|
SYNTAX H3cAclNamedMACEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC acl group information."
|
|
INDEX
|
|
{
|
|
h3cAclNumberGroupType,
|
|
h3cAclNamedGroupName,
|
|
h3cAclMACRuleIndex
|
|
}
|
|
::= { h3cAclNamedMACTable 1 }
|
|
|
|
H3cAclNamedMACEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclNamedMACRowStatus
|
|
RowStatus,
|
|
h3cAclNamedMACAct
|
|
RuleAction,
|
|
h3cAclNamedMACTypeCode
|
|
OCTET STRING,
|
|
h3cAclNamedMACTypeMask
|
|
OCTET STRING,
|
|
h3cAclNamedMACSrcMac
|
|
MacAddress,
|
|
h3cAclNamedMACSrcMacWild
|
|
MacAddress,
|
|
h3cAclNamedMACDstMac
|
|
MacAddress,
|
|
h3cAclNamedMACDstMacWild
|
|
MacAddress,
|
|
h3cAclNamedMACLsapCode
|
|
OCTET STRING,
|
|
h3cAclNamedMACLsapMask
|
|
OCTET STRING,
|
|
h3cAclNamedMACCos
|
|
Integer32,
|
|
h3cAclNamedMACTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclNamedMACCount
|
|
Unsigned32,
|
|
h3cAclNamedMACCountClear
|
|
CounterClear,
|
|
h3cAclNamedMACEnable
|
|
TruthValue,
|
|
h3cAclNamedMACComment
|
|
OCTET STRING,
|
|
h3cAclNamedMACLog
|
|
TruthValue,
|
|
h3cAclNamedMACCounting
|
|
TruthValue
|
|
}
|
|
|
|
h3cAclNamedMACRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclNamedMACEntry 1 }
|
|
|
|
h3cAclNamedMACAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of MAC ACL rule."
|
|
::= { h3cAclNamedMACEntry 2 }
|
|
|
|
h3cAclNamedMACTypeCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of protocol."
|
|
REFERENCE
|
|
"rfc894, rfc1010."
|
|
::= { h3cAclNamedMACEntry 3 }
|
|
|
|
h3cAclNamedMACTypeMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of protocol."
|
|
::= { h3cAclNamedMACEntry 4 }
|
|
|
|
h3cAclNamedMACSrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC of MAC ACL rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { h3cAclNamedMACEntry 5 }
|
|
|
|
h3cAclNamedMACSrcMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC wildcard of MAC ACL rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { h3cAclNamedMACEntry 6 }
|
|
|
|
h3cAclNamedMACDstMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC of MAC ACL rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { h3cAclNamedMACEntry 7 }
|
|
|
|
h3cAclNamedMACDstMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC wildcard of MAC ACL rule.
|
|
Default value is '00:00:00:00:00:00'
|
|
"
|
|
::= { h3cAclNamedMACEntry 8 }
|
|
|
|
h3cAclNamedMACLsapCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of LSAP."
|
|
REFERENCE
|
|
"ANSI/IEEE Std 802.3"
|
|
::= { h3cAclNamedMACEntry 9 }
|
|
|
|
h3cAclNamedMACLsapMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of LSAP."
|
|
::= { h3cAclNamedMACEntry 10 }
|
|
|
|
h3cAclNamedMACCos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7 | 255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan priority of MAC ACL rule."
|
|
DEFVAL { 255 }
|
|
::= { h3cAclNamedMACEntry 11 }
|
|
|
|
h3cAclNamedMACTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time-range of MAC ACL rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclNamedMACEntry 12 }
|
|
|
|
h3cAclNamedMACCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched frames by the rule."
|
|
::= { h3cAclNamedMACEntry 13 }
|
|
|
|
h3cAclNamedMACCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
DEFVAL { nouse }
|
|
::= { h3cAclNamedMACEntry 14 }
|
|
|
|
h3cAclNamedMACEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclNamedMACEntry 15 }
|
|
|
|
h3cAclNamedMACComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { h3cAclNamedMACEntry 16 }
|
|
|
|
h3cAclNamedMACLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclNamedMACEntry 17 }
|
|
|
|
h3cAclNamedMACCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclNamedMACEntry 18 }
|
|
|
|
--
|
|
-- Node of h3cAclEnUserGroup
|
|
--
|
|
h3cAclEnUserAclGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 4 }
|
|
--
|
|
-- Nodes of h3cAclEnUserTable
|
|
--
|
|
h3cAclEnUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclEnUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of user acl group information.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed and applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { h3cAclEnUserAclGroup 3 }
|
|
|
|
h3cAclEnUserEntry OBJECT-TYPE
|
|
SYNTAX H3cAclEnUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined acl group entry."
|
|
INDEX { h3cAclNumberGroupType,
|
|
h3cAclNumberGroupIndex,
|
|
h3cAclEnUserRuleIndex }
|
|
::= { h3cAclEnUserTable 1 }
|
|
|
|
H3cAclEnUserEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclEnUserRuleIndex
|
|
Integer32,
|
|
h3cAclEnUserRowStatus
|
|
RowStatus,
|
|
h3cAclEnUserAct
|
|
RuleAction,
|
|
h3cAclEnUserStartString
|
|
OCTET STRING,
|
|
h3cAclEnUserL2String
|
|
OCTET STRING,
|
|
h3cAclEnUserMplsString
|
|
OCTET STRING,
|
|
h3cAclEnUserIPv4String
|
|
OCTET STRING,
|
|
h3cAclEnUserIPv6String
|
|
OCTET STRING,
|
|
h3cAclEnUserL4String
|
|
OCTET STRING,
|
|
h3cAclEnUserL5String
|
|
OCTET STRING,
|
|
h3cAclEnUserTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclEnUserCount
|
|
Unsigned32,
|
|
h3cAclEnUserCountClear
|
|
CounterClear,
|
|
h3cAclEnUserEnable
|
|
TruthValue,
|
|
h3cAclEnUserComment
|
|
OCTET STRING,
|
|
h3cAclEnUserLog
|
|
TruthValue,
|
|
h3cAclEnUserCounting
|
|
TruthValue
|
|
}
|
|
|
|
h3cAclEnUserRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the user acl."
|
|
::= { h3cAclEnUserEntry 1 }
|
|
|
|
h3cAclEnUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclEnUserEntry 2 }
|
|
|
|
h3cAclEnUserAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of user defined acl rule."
|
|
::= { h3cAclEnUserEntry 3 }
|
|
|
|
h3cAclEnUserStartString OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value of this object is defined by product and
|
|
it indicates the offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: 10,10af,ffff.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclEnUserEntry 4 }
|
|
|
|
h3cAclEnUserL2String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 2 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclEnUserEntry 5 }
|
|
|
|
h3cAclEnUserMplsString OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching mpls packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclEnUserEntry 6 }
|
|
|
|
h3cAclEnUserIPv4String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching IPv4 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclEnUserEntry 7 }
|
|
|
|
h3cAclEnUserIPv6String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching IPv6 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclEnUserEntry 8 }
|
|
|
|
h3cAclEnUserL4String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 4 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclEnUserEntry 9 }
|
|
|
|
h3cAclEnUserL5String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 5 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclEnUserEntry 10 }
|
|
|
|
h3cAclEnUserTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of user acl rule.
|
|
Default value is zero-length."
|
|
::= { h3cAclEnUserEntry 11 }
|
|
|
|
h3cAclEnUserCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by the rule."
|
|
::= { h3cAclEnUserEntry 12 }
|
|
|
|
h3cAclEnUserCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
::= { h3cAclEnUserEntry 13 }
|
|
|
|
h3cAclEnUserEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclEnUserEntry 14 }
|
|
|
|
h3cAclEnUserComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { h3cAclEnUserEntry 15 }
|
|
|
|
h3cAclEnUserLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclEnUserEntry 16 }
|
|
|
|
h3cAclEnUserCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclEnUserEntry 17 }
|
|
|
|
--
|
|
-- Nodes of h3cAclNamedUserTable
|
|
--
|
|
h3cAclNamedUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclNamedUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of named user acl rule.
|
|
The name of ACL group will be used as an index in this table,
|
|
which differs from the table h3cAclEnUserTable.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed and applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { h3cAclEnUserAclGroup 4 }
|
|
|
|
h3cAclNamedUserEntry OBJECT-TYPE
|
|
SYNTAX H3cAclNamedUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined acl group entry."
|
|
INDEX
|
|
{
|
|
h3cAclNumberGroupType,
|
|
h3cAclNamedGroupName,
|
|
h3cAclEnUserRuleIndex
|
|
}
|
|
::= { h3cAclNamedUserTable 1 }
|
|
|
|
H3cAclNamedUserEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclNamedUserRowStatus
|
|
RowStatus,
|
|
h3cAclNamedUserAct
|
|
RuleAction,
|
|
h3cAclNamedUserStartString
|
|
OCTET STRING,
|
|
h3cAclNamedUserL2String
|
|
OCTET STRING,
|
|
h3cAclNamedUserMplsString
|
|
OCTET STRING,
|
|
h3cAclNamedUserIPv4String
|
|
OCTET STRING,
|
|
h3cAclNamedUserIPv6String
|
|
OCTET STRING,
|
|
h3cAclNamedUserL4String
|
|
OCTET STRING,
|
|
h3cAclNamedUserL5String
|
|
OCTET STRING,
|
|
h3cAclNamedUserTimeRangeName
|
|
OCTET STRING,
|
|
h3cAclNamedUserCount
|
|
Unsigned32,
|
|
h3cAclNamedUserCountClear
|
|
CounterClear,
|
|
h3cAclNamedUserEnable
|
|
TruthValue,
|
|
h3cAclNamedUserComment
|
|
OCTET STRING,
|
|
h3cAclNamedUserLog
|
|
TruthValue,
|
|
h3cAclNamedUserCounting
|
|
TruthValue
|
|
}
|
|
|
|
h3cAclNamedUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclNamedUserEntry 1 }
|
|
|
|
h3cAclNamedUserAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of user defined acl rule."
|
|
::= { h3cAclNamedUserEntry 2 }
|
|
|
|
h3cAclNamedUserStartString OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value of this object is defined by product and
|
|
it indicates the offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: 10,10af,ffff.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclNamedUserEntry 3 }
|
|
|
|
h3cAclNamedUserL2String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 2 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclNamedUserEntry 4 }
|
|
|
|
h3cAclNamedUserMplsString OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching mpls packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclNamedUserEntry 5 }
|
|
|
|
h3cAclNamedUserIPv4String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching IPv4 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclNamedUserEntry 6 }
|
|
|
|
h3cAclNamedUserIPv6String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching IPv6 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclNamedUserEntry 7 }
|
|
|
|
h3cAclNamedUserL4String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 4 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclNamedUserEntry 8 }
|
|
|
|
h3cAclNamedUserL5String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 5 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { h3cAclNamedUserEntry 9 }
|
|
|
|
h3cAclNamedUserTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of user acl rule.
|
|
Default value is zero-length."
|
|
::= { h3cAclNamedUserEntry 10 }
|
|
|
|
h3cAclNamedUserCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by the rule."
|
|
::= { h3cAclNamedUserEntry 11 }
|
|
|
|
h3cAclNamedUserCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
::= { h3cAclNamedUserEntry 12 }
|
|
|
|
h3cAclNamedUserEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclNamedUserEntry 13 }
|
|
|
|
h3cAclNamedUserComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { h3cAclNamedUserEntry 14 }
|
|
|
|
h3cAclNamedUserLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclNamedUserEntry 15 }
|
|
|
|
h3cAclNamedUserCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cAclNamedUserEntry 16 }
|
|
|
|
--
|
|
-- Node of h3cAclResourceGroup
|
|
--
|
|
h3cAclResourceGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 5 }
|
|
--
|
|
-- Nodes of h3cAclResourceUsageTable
|
|
--
|
|
h3cAclResourceUsageTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclResourceUsageEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table shows ACL resource usage information. Support for
|
|
resource types that are denoted by h3cAclResourceType object
|
|
varies with products. If a type is not supported, the
|
|
corresponding row for the type will not be instantiated
|
|
in this table.
|
|
"
|
|
::= { h3cAclResourceGroup 1 }
|
|
|
|
h3cAclResourceUsageEntry OBJECT-TYPE
|
|
SYNTAX H3cAclResourceUsageEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each row contains a brief description of the resource type,
|
|
a port range associated with the chip, total, reserved, and
|
|
configured amount of resource of this type, the percent of
|
|
resource that has been allocated, and so on.
|
|
"
|
|
INDEX
|
|
{
|
|
h3cAclResourceChassis,
|
|
h3cAclResourceSlot,
|
|
h3cAclResourceChip,
|
|
h3cAclResourceType
|
|
}
|
|
::= { h3cAclResourceUsageTable 1 }
|
|
|
|
H3cAclResourceUsageEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclResourceChassis
|
|
Unsigned32,
|
|
h3cAclResourceSlot
|
|
Unsigned32,
|
|
h3cAclResourceChip
|
|
Unsigned32,
|
|
h3cAclResourceType
|
|
Integer32,
|
|
h3cAclPortRange
|
|
OCTET STRING,
|
|
h3cAclResourceTotal
|
|
Unsigned32,
|
|
h3cAclResourceReserved
|
|
Unsigned32,
|
|
h3cAclResourceConfigured
|
|
Unsigned32,
|
|
h3cAclResourceUsagePercent
|
|
Unsigned32,
|
|
h3cAclResourceTypeDescription
|
|
OCTET STRING
|
|
}
|
|
|
|
h3cAclResourceChassis OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The chassis number. On a centralized or distributed device,
|
|
the value for this node is always zero.
|
|
"
|
|
::= { h3cAclResourceUsageEntry 1 }
|
|
|
|
h3cAclResourceSlot OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The slot number. On a centralized device, the value for
|
|
this node is always zero."
|
|
::= { h3cAclResourceUsageEntry 2 }
|
|
|
|
h3cAclResourceChip OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The chip number. On a single chip device, the value for
|
|
this node is always zero."
|
|
::= { h3cAclResourceUsageEntry 3 }
|
|
|
|
h3cAclResourceType OBJECT-TYPE
|
|
SYNTAX Integer32 (1..255)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The resource type."
|
|
::= { h3cAclResourceUsageEntry 4 }
|
|
|
|
h3cAclPortRange OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port range associated with the chip. Commas are used to
|
|
separate multiple port ranges, for example, Ethernet1/2 to
|
|
Ethernet1/12, Ethernet1/31 to Ethernet1/48.
|
|
"
|
|
::= { h3cAclResourceUsageEntry 5 }
|
|
|
|
h3cAclResourceTotal OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total TCAM entries of the resource type."
|
|
::= { h3cAclResourceUsageEntry 6 }
|
|
|
|
h3cAclResourceReserved OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The amount of reserved TCAM entries of the resource type."
|
|
::= { h3cAclResourceUsageEntry 7 }
|
|
|
|
h3cAclResourceConfigured OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The amount of configured TCAM entries of the resource type."
|
|
::= { h3cAclResourceUsageEntry 8 }
|
|
|
|
h3cAclResourceUsagePercent OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The percent of TCAM entries that have been used for
|
|
this resource type.
|
|
"
|
|
::= { h3cAclResourceUsageEntry 9 }
|
|
|
|
h3cAclResourceTypeDescription OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..31))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of this resource type."
|
|
::= { h3cAclResourceUsageEntry 10 }
|
|
|
|
--
|
|
-- Node of h3cAclIntervalGroup
|
|
--
|
|
h3cAclIntervalGroup OBJECT IDENTIFIER ::= { h3cAclMib2Objects 6 }
|
|
--
|
|
-- Nodes of h3cAclIntervalTable
|
|
--
|
|
h3cAclIntervalTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cAclIntervalEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log interval table."
|
|
::= { h3cAclIntervalGroup 1 }
|
|
|
|
h3cAclIntervalEntry OBJECT-TYPE
|
|
SYNTAX H3cAclIntervalEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log interval entry."
|
|
INDEX
|
|
{
|
|
h3cAclIntervalType
|
|
}
|
|
::= { h3cAclIntervalTable 1 }
|
|
|
|
H3cAclIntervalEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cAclIntervalType
|
|
INTEGER,
|
|
h3cAclIntervalValue
|
|
Integer32,
|
|
h3cAclIntervalRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cAclIntervalType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
logging(1),
|
|
trap(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The types of the interval specified for generating
|
|
packet filtering logs or traps.
|
|
"
|
|
::= { h3cAclIntervalEntry 1 }
|
|
|
|
h3cAclIntervalValue OBJECT-TYPE
|
|
SYNTAX Integer32 (5..1440)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of interval.
|
|
It must be a multiple of 5 and in the range of 5 to 1440.
|
|
"
|
|
::= { h3cAclIntervalEntry 2 }
|
|
|
|
h3cAclIntervalRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cAclIntervalEntry 3 }
|
|
|
|
--
|
|
-- Node of h3cAclPacketFilterObjects
|
|
--
|
|
h3cAclPacketFilterObjects OBJECT IDENTIFIER ::= { h3cAcl 3 }
|
|
|
|
h3cPfilterScalarGroup OBJECT IDENTIFIER ::= { h3cAclPacketFilterObjects 1 }
|
|
|
|
h3cPfilterDefaultAction OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The default action of packet filter.
|
|
By default, the packet filter permits packets that do not match
|
|
any ACL rule to pass.
|
|
"
|
|
::= { h3cPfilterScalarGroup 1 }
|
|
|
|
h3cPfilterProcessingStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
processing(1),
|
|
done(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the status of the system when applying packet
|
|
filter. It is forbidden to set or read in h3cAclPacketFilterObjects
|
|
MIB module when the value is processing.
|
|
"
|
|
::= { h3cPfilterScalarGroup 2 }
|
|
|
|
--
|
|
-- Nodes of h3cPfilterApplyTable
|
|
--
|
|
h3cPfilterApplyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cPfilterApplyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of packet filter application.
|
|
It's not supported to set default action on an entity,
|
|
but supported to enable hardware count of default action
|
|
on an entity.
|
|
"
|
|
::= { h3cAclPacketFilterObjects 2 }
|
|
|
|
h3cPfilterApplyEntry OBJECT-TYPE
|
|
SYNTAX H3cPfilterApplyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Packet filter application information entry."
|
|
INDEX
|
|
{
|
|
h3cPfilterApplyObjType,
|
|
h3cPfilterApplyObjIndex,
|
|
h3cPfilterApplyDirection,
|
|
h3cPfilterApplyAclType,
|
|
h3cPfilterApplyAclIndex
|
|
}
|
|
::= { h3cPfilterApplyTable 1 }
|
|
|
|
H3cPfilterApplyEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cPfilterApplyObjType
|
|
INTEGER,
|
|
h3cPfilterApplyObjIndex
|
|
Integer32,
|
|
h3cPfilterApplyDirection
|
|
DirectionType,
|
|
h3cPfilterApplyAclType
|
|
INTEGER,
|
|
h3cPfilterApplyAclIndex
|
|
Integer32,
|
|
h3cPfilterApplyHardCount
|
|
TruthValue,
|
|
h3cPfilterApplySequence
|
|
Unsigned32,
|
|
h3cPfilterApplyCountClear
|
|
CounterClear,
|
|
h3cPfilterApplyRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cPfilterApplyObjType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
interface(1),
|
|
vlan(2),
|
|
global(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object type of packet filter application.
|
|
interface: Apply an ACL to the interface to filter packets.
|
|
vlan: Apply an ACL to the VLAN to filter packets.
|
|
global: Apply an ACL globally to filter packets.
|
|
"
|
|
::= { h3cPfilterApplyEntry 1 }
|
|
|
|
h3cPfilterApplyObjIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object ID of packet filter application.
|
|
Interface: interface index, equal to ifIndex
|
|
VLAN: VLAN ID, 1..4094
|
|
Global: 0
|
|
"
|
|
::= { h3cPfilterApplyEntry 2 }
|
|
|
|
h3cPfilterApplyDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of packet filter application."
|
|
::= { h3cPfilterApplyEntry 3 }
|
|
|
|
h3cPfilterApplyAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
default(3),
|
|
mac(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Type: IPv4, IPv6, default action, MAC, and user.
|
|
Take default action as a special ACL group.
|
|
"
|
|
::= { h3cPfilterApplyEntry 4 }
|
|
|
|
h3cPfilterApplyAclIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0|2000..5999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL group index.
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
Default action type: 0
|
|
"
|
|
::= { h3cPfilterApplyEntry 5 }
|
|
|
|
h3cPfilterApplyHardCount OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Hardware count flag.
|
|
true: enable hardware count
|
|
false: disable hardware count
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cPfilterApplyEntry 6 }
|
|
|
|
h3cPfilterApplySequence OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The configure sequence of packet filter application."
|
|
::= { h3cPfilterApplyEntry 7 }
|
|
|
|
h3cPfilterApplyCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Clear the value of counters."
|
|
::= { h3cPfilterApplyEntry 8 }
|
|
|
|
h3cPfilterApplyRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cPfilterApplyEntry 9 }
|
|
|
|
--
|
|
-- Nodes of h3cPfilterAclGroupRunInfoTable
|
|
--
|
|
h3cPfilterAclGroupRunInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cPfilterAclGroupRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of group running information of ACLs
|
|
for packet filtering. If hardware count function is not
|
|
supported or not enabled to the packet filter application, the
|
|
statistics entry will be zero.
|
|
"
|
|
::= { h3cAclPacketFilterObjects 3 }
|
|
|
|
h3cPfilterAclGroupRunInfoEntry OBJECT-TYPE
|
|
SYNTAX H3cPfilterAclGroupRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL group running information entry for packet filtering."
|
|
INDEX
|
|
{
|
|
h3cPfilterRunApplyObjType,
|
|
h3cPfilterRunApplyObjIndex,
|
|
h3cPfilterRunApplyDirection,
|
|
h3cPfilterRunApplyAclType,
|
|
h3cPfilterRunApplyAclIndex
|
|
}
|
|
::= { h3cPfilterAclGroupRunInfoTable 1 }
|
|
|
|
H3cPfilterAclGroupRunInfoEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cPfilterRunApplyObjType
|
|
INTEGER,
|
|
h3cPfilterRunApplyObjIndex
|
|
Integer32,
|
|
h3cPfilterRunApplyDirection
|
|
DirectionType,
|
|
h3cPfilterRunApplyAclType
|
|
INTEGER,
|
|
h3cPfilterRunApplyAclIndex
|
|
Integer32,
|
|
h3cPfilterAclGroupStatus
|
|
INTEGER,
|
|
h3cPfilterAclGroupCountStatus
|
|
INTEGER,
|
|
h3cPfilterAclGroupPermitPkts
|
|
Counter64,
|
|
h3cPfilterAclGroupPermitBytes
|
|
Counter64,
|
|
h3cPfilterAclGroupDenyPkts
|
|
Counter64,
|
|
h3cPfilterAclGroupDenyBytes
|
|
Counter64
|
|
}
|
|
|
|
h3cPfilterRunApplyObjType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
interface(1),
|
|
vlan(2),
|
|
global(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object type of packet filter application.
|
|
interface: Apply an ACL to the interface to filter packets.
|
|
vlan: Apply an ACL to the VLAN to filter packets.
|
|
global: Apply an ACL globally to filter packets.
|
|
"
|
|
::= { h3cPfilterAclGroupRunInfoEntry 1 }
|
|
|
|
h3cPfilterRunApplyObjIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object ID of packet filter application.
|
|
Interface: interface index, equal to ifIndex
|
|
VLAN: VLAN ID, 1..4094
|
|
Global: 0
|
|
"
|
|
::= { h3cPfilterAclGroupRunInfoEntry 2 }
|
|
|
|
h3cPfilterRunApplyDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of packet filter application."
|
|
::= { h3cPfilterAclGroupRunInfoEntry 3 }
|
|
|
|
h3cPfilterRunApplyAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
default(3),
|
|
mac(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Type: IPv4, IPv6, default action, MAC, and user.
|
|
Take default action as a special ACL group.
|
|
"
|
|
::= { h3cPfilterAclGroupRunInfoEntry 4 }
|
|
|
|
h3cPfilterRunApplyAclIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..3|2000..5999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL group index.
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
MAC default action: 1
|
|
IPv4 default action: 2
|
|
IPv6 default action: 3
|
|
"
|
|
::= { h3cPfilterAclGroupRunInfoEntry 5 }
|
|
|
|
h3cPfilterAclGroupStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of ACL group applied.
|
|
success: ACL applied successfully on all slots
|
|
failed: failed to apply ACL on all slots
|
|
partialSuccess: failed to apply ACL on some slots
|
|
"
|
|
::= { h3cPfilterAclGroupRunInfoEntry 6 }
|
|
|
|
h3cPfilterAclGroupCountStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of enabling hardware count. If hardware count is
|
|
not enabled, it returns success.
|
|
success: enable hardware count successfully on all slots
|
|
failed: failed to enable hardware count on all slots
|
|
partialSuccess: failed to enable hardware count on some slots
|
|
"
|
|
::= { h3cPfilterAclGroupRunInfoEntry 7 }
|
|
|
|
h3cPfilterAclGroupPermitPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets permitted."
|
|
::= { h3cPfilterAclGroupRunInfoEntry 8 }
|
|
|
|
h3cPfilterAclGroupPermitBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes permitted."
|
|
::= { h3cPfilterAclGroupRunInfoEntry 9 }
|
|
|
|
h3cPfilterAclGroupDenyPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets denied."
|
|
::= { h3cPfilterAclGroupRunInfoEntry 10 }
|
|
|
|
h3cPfilterAclGroupDenyBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes denied."
|
|
::= { h3cPfilterAclGroupRunInfoEntry 11 }
|
|
|
|
--
|
|
-- Nodes of h3cPfilterAclRuleRunInfoTable
|
|
--
|
|
h3cPfilterAclRuleRunInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cPfilterAclRuleRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of rule's running information of ACLs
|
|
for packet filtering. If hardware count function is not
|
|
supported or not enabled to the packet filter application, the
|
|
h3cPfilterAclRuleMatchPackets and h3cPfilterAclRuleMatchBytes
|
|
will be zero.
|
|
"
|
|
::= { h3cAclPacketFilterObjects 4 }
|
|
|
|
h3cPfilterAclRuleRunInfoEntry OBJECT-TYPE
|
|
SYNTAX H3cPfilterAclRuleRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL rule's running information entry."
|
|
INDEX
|
|
{
|
|
h3cPfilterRunApplyObjType,
|
|
h3cPfilterRunApplyObjIndex,
|
|
h3cPfilterRunApplyDirection,
|
|
h3cPfilterRunApplyAclType,
|
|
h3cPfilterRunApplyAclIndex,
|
|
h3cPfilterAclRuleIndex
|
|
}
|
|
::= { h3cPfilterAclRuleRunInfoTable 1 }
|
|
|
|
H3cPfilterAclRuleRunInfoEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cPfilterAclRuleIndex
|
|
Integer32,
|
|
h3cPfilterAclRuleStatus
|
|
INTEGER,
|
|
h3cPfilterAclRuleCountStatus
|
|
INTEGER,
|
|
h3cPfilterAclRuleMatchPackets
|
|
Counter64,
|
|
h3cPfilterAclRuleMatchBytes
|
|
Counter64
|
|
}
|
|
|
|
h3cPfilterAclRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL rule index."
|
|
::= { h3cPfilterAclRuleRunInfoEntry 1 }
|
|
|
|
h3cPfilterAclRuleStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of rule application.
|
|
success: rule applied successfully on all slots
|
|
failed: failed to apply rule on all slots
|
|
partialSuccess: failed to apply rule on some slots
|
|
"
|
|
::= { h3cPfilterAclRuleRunInfoEntry 2 }
|
|
|
|
h3cPfilterAclRuleCountStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of enabling rule's hardware count.
|
|
If hardware count is not enabled, it returns success.
|
|
success: enable hardware count successfully on all slots
|
|
failed: failed to enable hardware count on all slots
|
|
partialSuccess: failed to enable hardware count on some slots
|
|
"
|
|
::= { h3cPfilterAclRuleRunInfoEntry 3 }
|
|
|
|
h3cPfilterAclRuleMatchPackets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets matched."
|
|
::= { h3cPfilterAclRuleRunInfoEntry 4 }
|
|
|
|
h3cPfilterAclRuleMatchBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes matched."
|
|
::= { h3cPfilterAclRuleRunInfoEntry 5 }
|
|
|
|
--
|
|
-- Nodes of h3cPfilterStatisticSumTable
|
|
--
|
|
h3cPfilterStatisticSumTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cPfilterStatisticSumEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of ACL rule's sum statistics information,
|
|
accumulated by all entity application on all slots.
|
|
"
|
|
::= { h3cAclPacketFilterObjects 5 }
|
|
|
|
h3cPfilterStatisticSumEntry OBJECT-TYPE
|
|
SYNTAX H3cPfilterStatisticSumEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL rule's sum statistics information entry."
|
|
INDEX
|
|
{
|
|
h3cPfilterSumDirection,
|
|
h3cPfilterSumAclType,
|
|
h3cPfilterSumAclIndex,
|
|
h3cPfilterSumRuleIndex
|
|
}
|
|
::= { h3cPfilterStatisticSumTable 1 }
|
|
|
|
H3cPfilterStatisticSumEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cPfilterSumDirection
|
|
DirectionType,
|
|
h3cPfilterSumAclType
|
|
INTEGER,
|
|
h3cPfilterSumAclIndex
|
|
Integer32,
|
|
h3cPfilterSumRuleIndex
|
|
Integer32,
|
|
h3cPfilterSumRuleMatchPackets
|
|
Counter64,
|
|
h3cPfilterSumRuleMatchBytes
|
|
Counter64
|
|
}
|
|
|
|
h3cPfilterSumDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of application."
|
|
::= { h3cPfilterStatisticSumEntry 1 }
|
|
|
|
h3cPfilterSumAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
mac(3),
|
|
user(4)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL type: IPv4, IPv6, MAC, and user."
|
|
::= { h3cPfilterStatisticSumEntry 2 }
|
|
|
|
h3cPfilterSumAclIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (2000..5999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL group index.
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
"
|
|
::= { h3cPfilterStatisticSumEntry 3 }
|
|
|
|
h3cPfilterSumRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL rule index."
|
|
::= { h3cPfilterStatisticSumEntry 4 }
|
|
|
|
h3cPfilterSumRuleMatchPackets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sum number of packets matched the ACL rule."
|
|
::= { h3cPfilterStatisticSumEntry 5 }
|
|
|
|
h3cPfilterSumRuleMatchBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sum number of bytes matched the ACL rule."
|
|
::= { h3cPfilterStatisticSumEntry 6 }
|
|
|
|
--
|
|
-- Nodes of h3cPfilter2ApplyTable
|
|
--
|
|
h3cPfilter2ApplyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cPfilter2ApplyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of packet filter application.
|
|
It's not supported to set default action on an entity,
|
|
but supported to enable hardware count of default action
|
|
on an entity.
|
|
"
|
|
::= { h3cAclPacketFilterObjects 6 }
|
|
|
|
h3cPfilter2ApplyEntry OBJECT-TYPE
|
|
SYNTAX H3cPfilter2ApplyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Packet filter application information entry."
|
|
INDEX
|
|
{
|
|
h3cPfilter2ApplyObjType,
|
|
h3cPfilter2ApplyObjIndex,
|
|
h3cPfilter2ApplyDirection,
|
|
h3cPfilter2ApplyAclType,
|
|
h3cPfilter2ApplyAclIndex
|
|
}
|
|
::= { h3cPfilter2ApplyTable 1 }
|
|
|
|
H3cPfilter2ApplyEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cPfilter2ApplyObjType
|
|
INTEGER,
|
|
h3cPfilter2ApplyObjIndex
|
|
Integer32,
|
|
h3cPfilter2ApplyDirection
|
|
DirectionType,
|
|
h3cPfilter2ApplyAclType
|
|
INTEGER,
|
|
h3cPfilter2ApplyAclIndex
|
|
OCTET STRING,
|
|
h3cPfilter2ApplyHardCount
|
|
TruthValue,
|
|
h3cPfilter2ApplySequence
|
|
Unsigned32,
|
|
h3cPfilter2ApplyCountClear
|
|
CounterClear,
|
|
h3cPfilter2ApplyRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
h3cPfilter2ApplyObjType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
interface(1),
|
|
vlan(2),
|
|
global(3)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object type of packet filter application.
|
|
interface: Apply an ACL to the interface to filter packets.
|
|
vlan: Apply an ACL to the VLAN to filter packets.
|
|
global: Apply an ACL globally to filter packets.
|
|
"
|
|
::= { h3cPfilter2ApplyEntry 1 }
|
|
|
|
h3cPfilter2ApplyObjIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object ID of packet filter application.
|
|
Interface: interface index, equal to ifIndex
|
|
VLAN: VLAN ID, 1..4094
|
|
Global: 0
|
|
"
|
|
::= { h3cPfilter2ApplyEntry 2 }
|
|
|
|
h3cPfilter2ApplyDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of packet filter application."
|
|
::= { h3cPfilter2ApplyEntry 3 }
|
|
|
|
h3cPfilter2ApplyAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
default(3),
|
|
mac(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Type: IPv4, IPv6, default action, MAC, and user.
|
|
Take default action as a special ACL group.
|
|
"
|
|
::= { h3cPfilter2ApplyEntry 4 }
|
|
|
|
h3cPfilter2ApplyAclIndex OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..63))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of ACL group used by packet-filter.
|
|
If the specified string comprises only digits, it is converted
|
|
into a numerical sequence in decimal notation, and regarded as
|
|
an ACL group index or a default action. If the string is a
|
|
character string beginning with an English letter, it is
|
|
regarded as an ACL group name.
|
|
|
|
Group index range and default action:
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
Default action type: 0
|
|
"
|
|
::= { h3cPfilter2ApplyEntry 5 }
|
|
|
|
h3cPfilter2ApplyHardCount OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Hardware count flag.
|
|
true: enable hardware count
|
|
false: disable hardware count
|
|
"
|
|
DEFVAL { false }
|
|
::= { h3cPfilter2ApplyEntry 6 }
|
|
|
|
h3cPfilter2ApplySequence OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The configure sequence of packet filter application."
|
|
::= { h3cPfilter2ApplyEntry 7 }
|
|
|
|
h3cPfilter2ApplyCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Clear the value of counters."
|
|
DEFVAL { nouse }
|
|
::= { h3cPfilter2ApplyEntry 8 }
|
|
|
|
h3cPfilter2ApplyRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { h3cPfilter2ApplyEntry 9 }
|
|
|
|
--
|
|
-- Nodes of h3cPfilter2AclGroupRunInfoTable
|
|
--
|
|
h3cPfilter2AclGroupRunInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cPfilter2AclGroupRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of group running information of ACLs
|
|
for packet filtering. If hardware count function is not
|
|
supported or not enabled to the packet filter application, the
|
|
statistics entry will be zero.
|
|
"
|
|
::= { h3cAclPacketFilterObjects 7 }
|
|
|
|
h3cPfilter2AclGroupRunInfoEntry OBJECT-TYPE
|
|
SYNTAX H3cPfilter2AclGroupRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL group running information entry for packet filtering."
|
|
INDEX
|
|
{
|
|
h3cPfilter2RunApplyObjType,
|
|
h3cPfilter2RunApplyObjIndex,
|
|
h3cPfilter2RunApplyDirection,
|
|
h3cPfilter2RunApplyAclType,
|
|
h3cPfilter2RunApplyAclIndex
|
|
}
|
|
::= { h3cPfilter2AclGroupRunInfoTable 1 }
|
|
|
|
H3cPfilter2AclGroupRunInfoEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cPfilter2RunApplyObjType
|
|
INTEGER,
|
|
h3cPfilter2RunApplyObjIndex
|
|
Integer32,
|
|
h3cPfilter2RunApplyDirection
|
|
DirectionType,
|
|
h3cPfilter2RunApplyAclType
|
|
INTEGER,
|
|
h3cPfilter2RunApplyAclIndex
|
|
OCTET STRING,
|
|
h3cPfilter2AclGroupStatus
|
|
INTEGER,
|
|
h3cPfilter2AclGroupCountStatus
|
|
INTEGER,
|
|
h3cPfilter2AclGroupPermitPkts
|
|
Counter64,
|
|
h3cPfilter2AclGroupPermitBytes
|
|
Counter64,
|
|
h3cPfilter2AclGroupDenyPkts
|
|
Counter64,
|
|
h3cPfilter2AclGroupDenyBytes
|
|
Counter64
|
|
}
|
|
|
|
h3cPfilter2RunApplyObjType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
interface(1),
|
|
vlan(2),
|
|
global(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object type of packet filter application.
|
|
interface: Apply an ACL to the interface to filter packets.
|
|
vlan: Apply an ACL to the VLAN to filter packets.
|
|
global: Apply an ACL globally to filter packets.
|
|
"
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 1 }
|
|
|
|
h3cPfilter2RunApplyObjIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object ID of packet filter application.
|
|
Interface: interface index, equal to ifIndex
|
|
VLAN: VLAN ID, 1..4094
|
|
Global: 0
|
|
"
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 2 }
|
|
|
|
h3cPfilter2RunApplyDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of packet filter application."
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 3 }
|
|
|
|
h3cPfilter2RunApplyAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
default(3),
|
|
mac(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Type: IPv4, IPv6, default action, MAC, and user.
|
|
Take default action as a special ACL group.
|
|
"
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 4 }
|
|
|
|
h3cPfilter2RunApplyAclIndex OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..63))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of ACL group used by packet-filter.
|
|
If the specified string comprises only digits, it is converted
|
|
into a numerical sequence in decimal notation, and regarded as
|
|
an ACL group index or a default action. If the string is a
|
|
character string beginning with an English letter, it is
|
|
regarded as an ACL group name.
|
|
|
|
Group index range and default action:
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
MAC default action: 1
|
|
IPv4 default action: 2
|
|
IPv6 default action: 3
|
|
"
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 5 }
|
|
|
|
h3cPfilter2AclGroupStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of ACL group applied.
|
|
success: ACL applied successfully on all slots
|
|
failed: failed to apply ACL on all slots
|
|
partialSuccess: failed to apply ACL on some slots
|
|
"
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 6 }
|
|
|
|
h3cPfilter2AclGroupCountStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of enabling hardware count. If hardware count is
|
|
not enabled, it returns success.
|
|
success: enable hardware count successfully on all slots
|
|
failed: failed to enable hardware count on all slots
|
|
partialSuccess: failed to enable hardware count on some slots
|
|
"
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 7 }
|
|
|
|
h3cPfilter2AclGroupPermitPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets permitted."
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 8 }
|
|
|
|
h3cPfilter2AclGroupPermitBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes permitted."
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 9 }
|
|
|
|
h3cPfilter2AclGroupDenyPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets denied."
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 10 }
|
|
|
|
h3cPfilter2AclGroupDenyBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes denied."
|
|
::= { h3cPfilter2AclGroupRunInfoEntry 11 }
|
|
|
|
--
|
|
-- Nodes of h3cPfilter2AclRuleRunInfoTable
|
|
--
|
|
h3cPfilter2AclRuleRunInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cPfilter2AclRuleRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of rule's running information of ACLs
|
|
for packet filtering. If hardware count function is not
|
|
supported or not enabled to the packet filter application, the
|
|
h3cPfilter2AclRuleMatchPackets and h3cPfilter2AclRuleMatchBytes
|
|
will be zero.
|
|
"
|
|
::= { h3cAclPacketFilterObjects 8 }
|
|
|
|
h3cPfilter2AclRuleRunInfoEntry OBJECT-TYPE
|
|
SYNTAX H3cPfilter2AclRuleRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL rule's running information entry."
|
|
INDEX
|
|
{
|
|
h3cPfilter2RunApplyObjType,
|
|
h3cPfilter2RunApplyObjIndex,
|
|
h3cPfilter2RunApplyDirection,
|
|
h3cPfilter2RunApplyAclType,
|
|
h3cPfilter2RunApplyAclIndex,
|
|
h3cPfilter2AclRuleIndex
|
|
}
|
|
::= { h3cPfilter2AclRuleRunInfoTable 1 }
|
|
|
|
H3cPfilter2AclRuleRunInfoEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cPfilter2AclRuleIndex
|
|
Integer32,
|
|
h3cPfilter2AclRuleStatus
|
|
INTEGER,
|
|
h3cPfilter2AclRuleCountStatus
|
|
INTEGER,
|
|
h3cPfilter2AclRuleMatchPackets
|
|
Counter64,
|
|
h3cPfilter2AclRuleMatchBytes
|
|
Counter64
|
|
}
|
|
|
|
h3cPfilter2AclRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL rule index."
|
|
::= { h3cPfilter2AclRuleRunInfoEntry 1 }
|
|
|
|
h3cPfilter2AclRuleStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of rule application.
|
|
success: rule applied successfully on all slots
|
|
failed: failed to apply rule on all slots
|
|
partialSuccess: failed to apply rule on some slots
|
|
"
|
|
::= { h3cPfilter2AclRuleRunInfoEntry 2 }
|
|
|
|
h3cPfilter2AclRuleCountStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of enabling rule's hardware count.
|
|
If hardware count is not enabled, it returns success.
|
|
success: enable hardware count successfully on all slots
|
|
failed: failed to enable hardware count on all slots
|
|
partialSuccess: failed to enable hardware count on some slots
|
|
"
|
|
::= { h3cPfilter2AclRuleRunInfoEntry 3 }
|
|
|
|
h3cPfilter2AclRuleMatchPackets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets matched."
|
|
::= { h3cPfilter2AclRuleRunInfoEntry 4 }
|
|
|
|
h3cPfilter2AclRuleMatchBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes matched."
|
|
::= { h3cPfilter2AclRuleRunInfoEntry 5 }
|
|
|
|
--
|
|
-- Nodes of h3cPfilter2StatisticSumTable
|
|
--
|
|
h3cPfilter2StatisticSumTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF H3cPfilter2StatisticSumEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of ACL rule's sum statistics information,
|
|
accumulated by all entity application on all slots.
|
|
"
|
|
::= { h3cAclPacketFilterObjects 9 }
|
|
|
|
h3cPfilter2StatisticSumEntry OBJECT-TYPE
|
|
SYNTAX H3cPfilter2StatisticSumEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL rule's sum statistics information entry."
|
|
INDEX
|
|
{
|
|
h3cPfilter2SumDirection,
|
|
h3cPfilter2SumAclType,
|
|
h3cPfilter2SumAclIndex,
|
|
h3cPfilter2SumRuleIndex
|
|
}
|
|
::= { h3cPfilter2StatisticSumTable 1 }
|
|
|
|
H3cPfilter2StatisticSumEntry ::=
|
|
SEQUENCE
|
|
{
|
|
h3cPfilter2SumDirection
|
|
DirectionType,
|
|
h3cPfilter2SumAclType
|
|
INTEGER,
|
|
h3cPfilter2SumAclIndex
|
|
OCTET STRING,
|
|
h3cPfilter2SumRuleIndex
|
|
Integer32,
|
|
h3cPfilter2SumRuleMatchPackets
|
|
Counter64,
|
|
h3cPfilter2SumRuleMatchBytes
|
|
Counter64
|
|
}
|
|
|
|
h3cPfilter2SumDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of application."
|
|
::= { h3cPfilter2StatisticSumEntry 1 }
|
|
|
|
h3cPfilter2SumAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
mac(3),
|
|
user(4)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL type: IPv4, IPv6, MAC, and user."
|
|
::= { h3cPfilter2StatisticSumEntry 2 }
|
|
|
|
h3cPfilter2SumAclIndex OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..63))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of ACL group used by packet-filter.
|
|
If the specified string comprises only digits, it is converted
|
|
into a numerical sequence in decimal notation, and regarded as
|
|
an ACL group index. If the string is a character string
|
|
beginning with an English letter, it is regarded as an ACL
|
|
group name.
|
|
|
|
Group index range and default action:
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
"
|
|
::= { h3cPfilter2StatisticSumEntry 3 }
|
|
|
|
h3cPfilter2SumRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL rule index."
|
|
::= { h3cPfilter2StatisticSumEntry 4 }
|
|
|
|
h3cPfilter2SumRuleMatchPackets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sum number of packets matched the ACL rule."
|
|
::= { h3cPfilter2StatisticSumEntry 5 }
|
|
|
|
h3cPfilter2SumRuleMatchBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sum number of bytes matched the ACL rule."
|
|
::= { h3cPfilter2StatisticSumEntry 6 }
|
|
|
|
--
|
|
-- Nodes of h3cPacketfilterTrapObjects
|
|
--
|
|
|
|
h3cAclPacketfilterTrapObjects OBJECT IDENTIFIER ::= { h3cAcl 4 }
|
|
|
|
h3cPfilterInterface OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface which policy apply."
|
|
::= { h3cAclPacketfilterTrapObjects 1 }
|
|
|
|
h3cPfilterDirection OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Inbound or outbound."
|
|
::= { h3cAclPacketfilterTrapObjects 2 }
|
|
|
|
h3cPfilterACLNumber OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL number."
|
|
::= { h3cAclPacketfilterTrapObjects 3 }
|
|
|
|
h3cPfilterAction OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Permit or deny."
|
|
::= { h3cAclPacketfilterTrapObjects 4 }
|
|
|
|
h3cMACfilterSourceMac OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC address."
|
|
::= { h3cAclPacketfilterTrapObjects 5 }
|
|
|
|
h3cMACfilterDestinationMac OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC address."
|
|
::= { h3cAclPacketfilterTrapObjects 6 }
|
|
|
|
h3cPfilterPacketNumber OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets permitted or denied by ACL."
|
|
::= { h3cAclPacketfilterTrapObjects 7 }
|
|
|
|
h3cPfilterReceiveInterface OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface where packet come from."
|
|
::= { h3cAclPacketfilterTrapObjects 8 }
|
|
|
|
h3cAclPacketIfName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the interface on which the packet is matched."
|
|
::= { h3cAclPacketfilterTrapObjects 9 }
|
|
|
|
h3cAclPacketDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction the packet is going."
|
|
::= { h3cAclPacketfilterTrapObjects 10 }
|
|
|
|
h3cAclPacketBAGG OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2048)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The bridge-aggregation-interface ID the interface belongs to.
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { h3cAclPacketfilterTrapObjects 11 }
|
|
|
|
h3cAclPacketVlanID OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4094)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The vlan the interface belongs to."
|
|
::= { h3cAclPacketfilterTrapObjects 12 }
|
|
|
|
h3cAclPacketSrcIP OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address of IPv4/IPv6 packet."
|
|
::= { h3cAclPacketfilterTrapObjects 13 }
|
|
|
|
h3cAclPacketDstIP OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address of IPv4/IPv6 packet."
|
|
::= { h3cAclPacketfilterTrapObjects 14 }
|
|
|
|
h3cAclPacketProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol of IPv4/IPv6 packet.
|
|
icmp(1),
|
|
tcp(6),
|
|
udp(17),
|
|
igmp(2),
|
|
gre(47),
|
|
ospf(89),
|
|
ipinip(4),
|
|
icmp6(58),
|
|
ipv6_ah(51),
|
|
ipv6_esp(50)
|
|
"
|
|
::= { h3cAclPacketfilterTrapObjects 15 }
|
|
|
|
h3cAclPacketDscp OBJECT-TYPE
|
|
SYNTAX DSCPValue
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DSCP of IPv4/IPv6 packet."
|
|
DEFVAL { 255 }
|
|
::= { h3cAclPacketfilterTrapObjects 16 }
|
|
|
|
h3cAclPacketFlowLabel OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..1048575|4294967295)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Flow label value of IPv6 packet."
|
|
DEFVAL { 4294967295 }
|
|
::= { h3cAclPacketfilterTrapObjects 17 }
|
|
|
|
h3cAclPacketIcmpIgmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of ICMP or IGMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclPacketfilterTrapObjects 18 }
|
|
|
|
h3cAclPacketIcmpIgmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The code of ICMP or IGMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclPacketfilterTrapObjects 19 }
|
|
|
|
h3cAclPacketTcpFlags OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
tcpack(1),
|
|
tcpfin(2),
|
|
tcppsh(3),
|
|
tcprst(4),
|
|
tcpsyn(5),
|
|
tcpurg(6),
|
|
invalid(255)
|
|
}
|
|
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flags of TCP packet.
|
|
tcpack(1),
|
|
tcpfin(2),
|
|
tcppsh(3),
|
|
tcprst(4),
|
|
tcpsyn(5),
|
|
tcpurg(6),
|
|
invalid(255)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { h3cAclPacketfilterTrapObjects 20 }
|
|
|
|
h3cAclPacketSrcPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source port of TCP or UDP packet."
|
|
DEFVAL { 0 }
|
|
::= { h3cAclPacketfilterTrapObjects 21 }
|
|
|
|
h3cAclPacketDstPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination port of TCP or UDP packet."
|
|
DEFVAL { 65535 }
|
|
::= { h3cAclPacketfilterTrapObjects 22 }
|
|
|
|
h3cAclPacketSrcMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC address of Ethernet packet."
|
|
::= { h3cAclPacketfilterTrapObjects 23 }
|
|
|
|
h3cAclPacketDstMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC address of Ethernet packet."
|
|
::= { h3cAclPacketfilterTrapObjects 24 }
|
|
|
|
h3cAclPacketMacTypeLen OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Ethertype or 802.3 length of Ethernet packet."
|
|
DEFVAL { 0 }
|
|
::= { h3cAclPacketfilterTrapObjects 25 }
|
|
|
|
h3cAclPacketVlanPCP OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7|255)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"802.1p priority code point of Ethernet packet."
|
|
DEFVAL { 255 }
|
|
::= { h3cAclPacketfilterTrapObjects 26 }
|
|
|
|
--
|
|
-- Nodes of h3cPacketfilterTrap
|
|
--
|
|
|
|
h3cAclPacketfilterTrap OBJECT IDENTIFIER ::= { h3cAcl 5 }
|
|
|
|
h3cPfilterTrapPrefix OBJECT IDENTIFIER ::= { h3cAclPacketfilterTrap 0 }
|
|
|
|
h3cMACfilterTrap NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
h3cPfilterInterface,
|
|
h3cPfilterDirection,
|
|
h3cPfilterACLNumber,
|
|
h3cPfilterAction,
|
|
h3cMACfilterSourceMac,
|
|
h3cMACfilterDestinationMac,
|
|
h3cPfilterPacketNumber,
|
|
h3cPfilterReceiveInterface
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated when a packet was processed
|
|
by MAC address filter, but not every packet will generate one
|
|
notification, the same notification only generate once in 30
|
|
seconds.
|
|
"
|
|
::= { h3cPfilterTrapPrefix 1 }
|
|
|
|
h3cAclRuleMatchCount NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
h3cPfilter2ApplyObjType,
|
|
h3cPfilter2ApplyObjIndex,
|
|
h3cPfilter2ApplyDirection,
|
|
h3cPfilter2ApplyAclType,
|
|
h3cPfilter2ApplyAclIndex,
|
|
h3cPfilter2AclRuleIndex,
|
|
h3cPfilter2AclRuleMatchPackets
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated periodically due to a timer.
|
|
The interval of the timer is configured in h3cAclIntervalTable.
|
|
The notification details the entries about the packet-filter
|
|
object, the matched ACL rule and the number of matching packets.
|
|
"
|
|
::= { h3cPfilterTrapPrefix 2 }
|
|
|
|
h3cAclFirstIPv4PktCaptured NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
h3cPfilter2ApplyAclIndex,
|
|
h3cPfilter2AclRuleIndex,
|
|
h3cAclPacketIfName,
|
|
h3cAclPacketDirection,
|
|
h3cAclPacketBAGG,
|
|
h3cAclPacketVlanID,
|
|
h3cAclPacketSrcIP,
|
|
h3cAclPacketDstIP,
|
|
h3cAclPacketProtocol,
|
|
h3cAclPacketDscp,
|
|
h3cAclPacketIcmpIgmpType,
|
|
h3cAclPacketIcmpIgmpCode,
|
|
h3cAclPacketTcpFlags,
|
|
h3cAclPacketSrcPort,
|
|
h3cAclPacketDstPort
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated immediately when the first
|
|
packet of the matched IPv4 flow is captured. Other packets
|
|
of the matched flow won't be captured.
|
|
"
|
|
::= { h3cPfilterTrapPrefix 3 }
|
|
|
|
h3cAclFirstIPv6PktCaptured NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
h3cPfilter2ApplyAclIndex,
|
|
h3cPfilter2AclRuleIndex,
|
|
h3cAclPacketIfName,
|
|
h3cAclPacketDirection,
|
|
h3cAclPacketBAGG,
|
|
h3cAclPacketVlanID,
|
|
h3cAclPacketSrcIP,
|
|
h3cAclPacketDstIP,
|
|
h3cAclPacketProtocol,
|
|
h3cAclPacketDscp,
|
|
h3cAclPacketFlowLabel,
|
|
h3cAclPacketIcmpIgmpType,
|
|
h3cAclPacketIcmpIgmpCode,
|
|
h3cAclPacketTcpFlags,
|
|
h3cAclPacketSrcPort,
|
|
h3cAclPacketDstPort
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated immediately when the first
|
|
packet of the matched IPv6 flow is captured. Other packets
|
|
of the matched flow won't be captured.
|
|
"
|
|
::= { h3cPfilterTrapPrefix 4 }
|
|
|
|
h3cAclFirstEthernetPktCaptured NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
h3cPfilter2ApplyAclIndex,
|
|
h3cPfilter2AclRuleIndex,
|
|
h3cAclPacketIfName,
|
|
h3cAclPacketDirection,
|
|
h3cAclPacketBAGG,
|
|
h3cAclPacketVlanID,
|
|
h3cAclPacketSrcMacAddr,
|
|
h3cAclPacketDstMacAddr,
|
|
h3cAclPacketMacTypeLen,
|
|
h3cAclPacketVlanPCP
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated immediately when the first
|
|
packet of the matched Ethernet flow is captured. Other packets
|
|
of the matched flow won't be captured.
|
|
"
|
|
::= { h3cPfilterTrapPrefix 5 }
|
|
|
|
--
|
|
-- Nodes of h3cAclTrapObjects
|
|
--
|
|
|
|
h3cAclTrapObjects OBJECT IDENTIFIER ::= { h3cAcl 6 }
|
|
|
|
h3cAclResourceTypeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of TCAM resources."
|
|
::= { h3cAclTrapObjects 1 }
|
|
|
|
h3cAclResourceUsage OBJECT-TYPE
|
|
SYNTAX Integer32 (1..100)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current usage of TCAM resources."
|
|
::= { h3cAclTrapObjects 2 }
|
|
|
|
h3cAclResourceUsedEntries OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The used number of entries on TCAM."
|
|
::= { h3cAclTrapObjects 3 }
|
|
|
|
h3cAclResourceTotalEntries OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of entries on TCAM."
|
|
::= { h3cAclTrapObjects 4 }
|
|
|
|
h3cAclResourceChassisID OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The chassis number. On a centralized or distributed device,
|
|
the value for this node is always zero."
|
|
::= { h3cAclTrapObjects 5 }
|
|
|
|
h3cAclResourceSlotID OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The slot number. On a centralized device, the value for
|
|
this node is always zero."
|
|
::= { h3cAclTrapObjects 6 }
|
|
|
|
--
|
|
-- Nodes of h3cAclResourceTrap
|
|
--
|
|
|
|
h3cAclTrap OBJECT IDENTIFIER ::= { h3cAcl 7 }
|
|
|
|
h3cAclTrapPrefix OBJECT IDENTIFIER ::= { h3cAclTrap 0 }
|
|
|
|
h3cAclResourceTrap NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
h3cAclResourceTypeName,
|
|
h3cAclResourceUsage,
|
|
h3cAclResourceUsedEntries,
|
|
h3cAclResourceTotalEntries,
|
|
h3cAclMib2ResourceThreshold,
|
|
h3cAclResourceChassisID,
|
|
h3cAclResourceSlotID
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated when the number of entries on TCAM
|
|
becomes equal to or greater than a preset threshold level"
|
|
::= { h3cAclTrapPrefix 1 }
|
|
|
|
END
|