WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/zte/ZTE-DSL-DEV-SECURITY-ACL-MIB

402 lines
14 KiB
Plaintext
Raw Permalink Blame History

-- File Name : ZTE-DSL-DEV-SECURITY-ACL-MIB.mib
-- Date : 2006-07-25
-- Author : Wan Guanghua
ZTE-DSL-DEV-SECURITY-ACL-MIB DEFINITIONS ::= BEGIN
IMPORTS
zxDsl
FROM ZTE-DSL-MIB
MODULE-IDENTITY, OBJECT-TYPE, IpAddress, NOTIFICATION-TYPE, Integer32
FROM SNMPv2-SMI
InetAddress,InetAddressPrefixLength,InetAddressType
FROM INET-ADDRESS-MIB
RowStatus, MacAddress
FROM SNMPv2-TC;
zxDslDevSecurityAclMib MODULE-IDENTITY
LAST-UPDATED "200607250000Z"
ORGANIZATION "ZTE Corporation"
CONTACT-INFO "Wan Guanghua
Tel: 021-68896253
email: wan.guanghua@zte.com.cn"
DESCRIPTION
"This MIB defines the managed objects of ZTE DSLAM
security access control policy.
And it is used to configure what kind of packets can
access the DSLAM."
::= { zxDsl 24 }
zxDslDevSecurityAclObjects OBJECT IDENTIFIER
::= { zxDslDevSecurityAclMib 1 }
zxDslDevSecurityAclEnable OBJECT-TYPE
SYNTAX INTEGER { enable (1), disable (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable or disable the ACL rules for the DSLAM.
the default value is disable,
which means all packets are permit to access the DSLAM."
DEFVAL { disable }
::= { zxDslDevSecurityAclObjects 1 }
zxDslDevSecurityAclTable OBJECT-TYPE
SYNTAX SEQUENCE OF ZxDslDevSecurityAclEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to define what kind of packets should be
permitted or denied.
It can help us to prevent our devices from some vicious attackes,
such as virus. By default, when the packet isn't coincident with any
rules, it's permitted.
We can define all other packets to be permitted or denied by
setting source IP and source mask to 0.0.0.0."
::= { zxDslDevSecurityAclObjects 2 }
zxDslDevSecurityAclEntry OBJECT-TYPE
SYNTAX ZxDslDevSecurityAclEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in zxDslDevSecurityAclTable."
INDEX { zxDslDevSecAclIndex }
::= { zxDslDevSecurityAclTable 1 }
ZxDslDevSecurityAclEntry ::= SEQUENCE {
zxDslDevSecAclIndex INTEGER,
zxDslDevSecAclSrcIp IpAddress,
zxDslDevSecAclSrcMask IpAddress,
zxDslDevSecAclProtocolType INTEGER,
zxDslDevSecAclSrcPortStart INTEGER,
zxDslDevSecAclSrcPortEnd INTEGER,
zxDslDevSecAclDestPortStart INTEGER,
zxDslDevSecAclDestPortEnd INTEGER,
zxDslDevSecAclAccessLevel INTEGER,
zxDslDevSecAclRuleMatchTimes Integer32,
zxDslDevSecAclRowStatus RowStatus,
ZxDslDevSecAclSrcMac MacAddress,
ZxDslDevSecAclDestMac MacAddress,
zxDslDevSecAclSrcIpType InetAddressType,
zxDslDevSecAclSrcIpv6Ip InetAddress,
zxDslDevSecAclSrcIpv6IpPfxLen InetAddressPrefixLength,
zxDslDevSecAclDestIpType InetAddressType,
zxDslDevSecAclDestIp InetAddress,
zxDslDevSecAclDestIpMask IpAddress,
zxDslDevSecAclDestIpv6PfxLen InetAddressPrefixLength,
zxDslDevSecAclEtherType INTEGER,
zxDslDevSecAclVlan INTEGER,
zxDslDevSecAclPktRateLimit INTEGER
}
zxDslDevSecAclIndex OBJECT-TYPE
SYNTAX INTEGER ( 1 .. 16 )
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index in the ACL rule table, which is the ACL rule number."
::= { zxDslDevSecurityAclEntry 1 }
zxDslDevSecAclSrcIp OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source Ipv4 IP of the ACL rule.
0.0.0.0 means not configured."
::= { zxDslDevSecurityAclEntry 2 }
zxDslDevSecAclSrcMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source IPv4 mask of the ACL rule.
0.0.0.0 means not configured."
::= { zxDslDevSecurityAclEntry 3 }
zxDslDevSecAclProtocolType OBJECT-TYPE
SYNTAX INTEGER
{
all(0),
icmp(1),
tcp(2),
udp(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Protocol type of the packets.
The default value is ALL (0), which means all protocol types.
"
DEFVAL { all }
::= { zxDslDevSecurityAclEntry 4 }
zxDslDevSecAclSrcPortStart OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 65535 )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Beginning source port of the packets.
The default value is 0, which means all source ports.
"
DEFVAL { 0 }
::= { zxDslDevSecurityAclEntry 5 }
zxDslDevSecAclSrcPortEnd OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 65535 )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Ending source port of the packets.
The default value is 0, which means all source ports.
"
DEFVAL { 0 }
::= { zxDslDevSecurityAclEntry 6 }
zxDslDevSecAclDestPortStart OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 65535 )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Beginning destination port of the packets.
The default value is 0, which means all destination ports.
"
DEFVAL { 0 }
::= { zxDslDevSecurityAclEntry 7 }
zxDslDevSecAclDestPortEnd OBJECT-TYPE
SYNTAX INTEGER ( 0 .. 65535 )
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Ending destination port of the packets.
The default value is 0, which means all destination ports.
"
DEFVAL { 0 }
::= { zxDslDevSecurityAclEntry 8 }
zxDslDevSecAclAccessLevel OBJECT-TYPE
SYNTAX INTEGER { permit (1), deny (2) }
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The level of access to DSLAM,
which means permit or deny this kind of packets.
"
::= { zxDslDevSecurityAclEntry 9 }
zxDslDevSecAclRuleMatchTimes OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times that packets match this rule."
::= { zxDslDevSecurityAclEntry 10 }
zxDslDevSecAclRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to create a new row
or delete an existing row in this table.
Set it 4 to add, and 6 to delete the ACL rule.
"
::= { zxDslDevSecurityAclEntry 11 }
zxDslDevSecAclSrcMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Source MAC of the packets."
::= { zxDslDevSecurityAclEntry 12 }
zxDslDevSecAclDestMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Destination MAC of the packets."
::= { zxDslDevSecurityAclEntry 13 }
zxDslDevSecAclSrcIpType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of Source IP address.
The value is unknown(0) means that source IP address is not
configured (include IPv4 and IPv6)."
DEFVAL{ ipv4 }
::= { zxDslDevSecurityAclEntry 14 }
zxDslDevSecAclSrcIpv6Ip OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source IPv6 IpAddress of the ACL rule.
Zero-length string means not configured."
::= { zxDslDevSecurityAclEntry 15 }
zxDslDevSecAclSrcIpv6IpPfxLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The prefix length of the IPv6 IP address.
0 means not configured."
::= { zxDslDevSecurityAclEntry 16 }
zxDslDevSecAclDestIpType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of destination IP address.
The value is unknown(0) means that destination IP address is not
configured (include IPv4 and IPv6)."
DEFVAL{ ipv4 }
::= { zxDslDevSecurityAclEntry 17 }
zxDslDevSecAclDestIp OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination IP address of the ACL rule.
Zero-length string means not configured.
"
::= { zxDslDevSecurityAclEntry 18 }
zxDslDevSecAclDestIpMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination IPv4 mask of the ACL rult.
0.0.0.0 means not configured.
"
::= { zxDslDevSecurityAclEntry 19 }
zxDslDevSecAclDestIpv6PfxLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The prefix length of the destination IPv6 IP address.
0 means not configured.
"
::= { zxDslDevSecurityAclEntry 20 }
zxDslDevSecAclEtherType OBJECT-TYPE
SYNTAX INTEGER
{
any(1),
arp(2),
ipv4(3),
ipv6(4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Ethernet type of the ACL rule.
any(1) means that the acl rule filters all packets that ethernet
type is ARP, IPv4 or IPv6.
arp(2) means that the acl rule filters all packets that ethernet
type is ARP.
ipv4(3) means that the acl rule filters all packets that ethernet
type is IPv4.
ipv6(4) means that the acl rule filters all packets that ethernet
type is IPv6.
"
DEFVAL { any }
::= { zxDslDevSecurityAclEntry 21 }
zxDslDevSecAclVlan OBJECT-TYPE
SYNTAX INTEGER (0..4094)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"VLAN ID of the ACL rule.
0 means not configured.
"
DEFVAL { 0 }
::= { zxDslDevSecurityAclEntry 22 }
zxDslDevSecAclPktRateLimit OBJECT-TYPE
SYNTAX INTEGER(0..2048)
UNITS "pps"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the rate limit of the packet filtered by
the ACL rule.
0 means the packet rate is unlimited.
"
DEFVAL { 0 }
::= { zxDslDevSecurityAclEntry 23 }
zxDslDevSecurityAclGlobalObjects OBJECT IDENTIFIER
::= { zxDslDevSecurityAclObjects 3 }
zxDslDevSecurityAclActionScope OBJECT-TYPE
SYNTAX INTEGER {
allMgmtPacket(1),
onlyPacketToMgmtIp(2)
}
MAX-ACCESS read-write
STATUS current
DEFVAL { allMgmtPacket }
DESCRIPTION
"The effect scope of device security acl.
Possible values are:
allMgmtPacket(1) - all packet received will be filter by
ACL list.
onlyPacketToMgmtIp(2)- only packet to managment IP will be
filter by ACL list.
"
::= { zxDslDevSecurityAclGlobalObjects 1 }
zxDslAclPktRateLimitTrapEnable OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enables or disables the zxDslDevAclPktOverRateLimitTrap and
zxDslDevAclPktUnderRateLimitTrap.
"
DEFVAL { disable }
::= { zxDslDevSecurityAclGlobalObjects 2 }
zxDslDevSecurityAclTrapObjects OBJECT IDENTIFIER
::= { zxDslDevSecurityAclMib 2 }
zxDslDevAclPktOverRateLimitTrap NOTIFICATION-TYPE
OBJECTS { zxDslDevSecAclPktRateLimit }
STATUS current
DESCRIPTION
"ACL packet rate is over zxDslDevSecAclPktRateLimit and the
zxDslDevAclPktOverRateLimitTrap will be sent.
"
::= { zxDslDevSecurityAclTrapObjects 1 }
zxDslDevAclPktUnderRateLimitTrap NOTIFICATION-TYPE
OBJECTS { zxDslDevSecAclPktRateLimit }
STATUS current
DESCRIPTION
"ACL packet rate is lower than zxDslDevSecAclPktRateLimit and the
zxDslDevAclPktOverRateLimitTrap will be restored.
"
::= { zxDslDevSecurityAclTrapObjects 2 }
END
View Git Blame Copy Permalink