WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/a3com/A3COM-HUAWEI-ACFP-MIB

1116 lines
38 KiB
Plaintext
Raw Blame History

-- ==================================================================
-- Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
--
-- Description: ACFP MIB
-- Reference:
-- Version: V1.5
-- History:
-- V1.0 2006-07-04 Created by Wang Haidong
-- V1.1 2007-03-23 Modified by Hao Chunbo
-- Delete the default value of h3cAcfpPolicyAdminStatus.
-- V1.2 2007-07-03 Modified by Hao Chunbo
-- Add a new trap node for h3cAcfpPolicyLifetime.
-- V1.3 2007-11-07 Modified by Li Yugang
-- Modify the value of h3cAcfpServerCurContextType.
-- Destroy the node of h3cAcfpRuleEstablish.
-- Add a new node for H3cAcfpPolicyDestIfFailAction.
-- Add a new node for H3cAcfpPolicyPriority.
-- Add a new node for h3cAcfpRuleTCPFlag.
-- V1.4 2007-12-19 Modified by Li Yugang
-- Modify the description of h3cAcfpPolicyRowStatus.
-- Modify the description of h3cAcfpRuleRowStatus.
-- Modify the status of h3cAcfpRuleEstablish.
-- Modify the value of h3cAcfpRuleTCPFlag.
-- V1.5 2009-11-30 Modified by Zhu Dengfeng
-- Add a new node for h3cAcfpRuleSrcIPV6Address
-- Add a new node for h3cAcfpRuleSrcPrefixLen
-- Add a new node for h3cAcfpRuleDstIPV6Address
-- Add a new node for h3cAcfpRuleDstPrefixLen
-- Add a new node for h3cAcfpRuleTrafficType
-- Add a new node for h3cAcfpRuleTypeOrLen
-- ==================================================================
A3COM-HUAWEI-ACFP-MIB DEFINITIONS ::= BEGIN
IMPORTS
IpAddress, Integer32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
FROM SNMPv2-SMI
RowStatus, TruthValue, MacAddress, DisplayString
FROM SNMPv2-TC
Ipv6Address
FROM IPV6-TC
InetAddressPrefixLength
FROM INET-ADDRESS-MIB
h3cCommon
FROM A3COM-HUAWEI-OID-MIB;
--
-- Node definitions
--
h3cAcfp MODULE-IDENTITY
LAST-UPDATED "200607041936Z"
ORGANIZATION
"H3C Technologies Co., Ltd."
CONTACT-INFO
"Platform Team H3C Technologies Co., Ltd.
Hai-Dian District Beijing P.R. China
Http://www.h3c.com
Zip:100085"
DESCRIPTION
"This MIB module defines a set of basic objects for
configuring switches and routers to enable ACFP."
REVISION "200607041936Z"
DESCRIPTION
"Initial version"
::= { h3cCommon 74 }
h3cAcfpObjects OBJECT IDENTIFIER ::= { h3cAcfp 1 }
h3cAcfpOAP OBJECT IDENTIFIER ::= { h3cAcfpObjects 1 }
-- ACFP server information
-- ACFP server should create this object and
-- advertise its capability
h3cAcfpServer OBJECT IDENTIFIER ::= { h3cAcfpOAP 1 }
h3cAcfpServerInfo OBJECT-TYPE
SYNTAX BITS
{
ipserver(0),
redirect(1),
mirror(2),
passThrough(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When retrieved, this object returns a set of bits
indicating the capabilities (or configuration) of the
switch or router. The set bit is indication that a
router or switch can support the action for
security rule."
::= { h3cAcfpServer 1 }
h3cAcfpServerMaxLifetime OBJECT-TYPE
SYNTAX Integer32(0..2147483647)
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When retrieved, this object returns the maximum
lifetime in seconds, that this router or switch allows
policy rules to have."
::= { h3cAcfpServer 2 }
h3cAcfpServerPersistentRules OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When retrieved, this object returns true(1) if the
ACFP MIB implementation can store policy rules
persistently. Otherwise, it returns false(2)."
::= { h3cAcfpServer 3 }
h3cAcfpServerCurContextType OBJECT-TYPE
SYNTAX INTEGER
{
no-context(1),
context-VLANID(2),
context-HG(3),
context-FlowID(4),
context-HGPlus(5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"In some circumstances, it's necessary that packets go to
ACFP client with context from ACFP server. However, the context
perhaps is different. h3cAcfpServerCurContextType is
used to distinguish this difference, ACFP client may
process distinctively."
::= { h3cAcfpServer 4 }
-- ACFP client Information.
-- This object is used for network management purpose.
h3cAcfpClientInfo OBJECT IDENTIFIER ::= { h3cAcfpOAP 2 }
h3cAcfpClientInfoTable OBJECT-TYPE
SYNTAX SEQUENCE OF H3cAcfpClientInfoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains the basic information about ACFP client."
::= { h3cAcfpClientInfo 1 }
h3cAcfpClientInfoEntry OBJECT-TYPE
SYNTAX H3cAcfpClientInfoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This list contains the basic information about ACFP client."
INDEX
{
h3cAcfpClientID
}
::= { h3cAcfpClientInfoTable 1 }
H3cAcfpClientInfoEntry ::= SEQUENCE
{
h3cAcfpClientID Integer32,
h3cAcfpClientDescription DisplayString,
h3cAcfpClientHwVersion DisplayString,
h3cAcfpClientOSVersion DisplayString,
h3cAcfpClientAppVersion DisplayString,
h3cAcfpClientIP IpAddress,
h3cAcfpClientMode BITS,
h3cAcfpClientRowStatus RowStatus
}
h3cAcfpClientID OBJECT-TYPE
SYNTAX Integer32(1..2147483647)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The identifier of ACFP client."
::= { h3cAcfpClientInfoEntry 1 }
h3cAcfpClientDescription OBJECT-TYPE
SYNTAX DisplayString(SIZE(0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Description of the application that is running on ACFP
client, eg. IPS, VCX."
::= { h3cAcfpClientInfoEntry 2 }
h3cAcfpClientHwVersion OBJECT-TYPE
SYNTAX DisplayString(SIZE(0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The hardware revision of ACFP client."
::= { h3cAcfpClientInfoEntry 3 }
h3cAcfpClientOSVersion OBJECT-TYPE
SYNTAX DisplayString(SIZE(0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The operating system version running ACFP client."
::= { h3cAcfpClientInfoEntry 4 }
h3cAcfpClientAppVersion OBJECT-TYPE
SYNTAX DisplayString(SIZE(0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The application version running on ACFP client"
::= { h3cAcfpClientInfoEntry 5 }
h3cAcfpClientIP OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"IP address of ACFP client."
::= { h3cAcfpClientInfoEntry 6 }
h3cAcfpClientMode OBJECT-TYPE
SYNTAX BITS
{
ipserver(0),
redirect(1),
mirror(2),
passThrough(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"ACFP client informs Router or switch which mode it is operating.
Router or switch checks h3cAcfpServerInfo to see whether it is
capable of fulfilling this function. If not, router or switch
generates a trap informing ACFP client such OAP mode is not
supported."
DEFVAL { 0 }
::= { h3cAcfpClientInfoEntry 7 }
h3cAcfpClientRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"RowStatus, supports three states: createAndGo, active, destroy.
Creation Operation Restriction:
Node h3cAcfpClientMode must be bound while creating a row. It is
optional for other nodes.
ACFP module must be enabled for the server while creating a row.
The number of rows created must not exceed upper limit.
Modification Operation Restriction:
Nodes that do not support modification: h3cAcfpClientMode.
Nodes that support modification: h3cAcfpClientDescription,
h3cAcfpClientHwVersion, h3cAcfpClientOSVersion,
h3cAcfpClientAppVersion and h3cAcfpClientIP.
If the row to be modified does not exist, error returns directly.
Deletion Operation Restriction:
If the row to be deleted does not exist, success returns directly.
"
::= { h3cAcfpClientInfoEntry 8 }
-- Policy Information applied to Router or switch
h3cAcfpPolicy OBJECT IDENTIFIER ::= { h3cAcfpOAP 3 }
h3cAcfpPolicyTable OBJECT-TYPE
SYNTAX SEQUENCE OF H3cAcfpPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lists all current policies for ACFP
client(s). Entries in this table are created or removed
implicitly when entries in the h3cAcfpRuleTable are
created or removed, respectively. A policy entry in this
table only exists as long as there is rule of this policy
in the h3cAcfpRuleTable. The table serves for listing the
existing policies and their remaining lifetimes and for
changing lifetimes of policies and implicitly of all policy
members and all their member policy rules can be
deleted by setting h3cAcfpPolicyLifetime to 0."
::= { h3cAcfpPolicy 1 }
h3cAcfpPolicyEntry OBJECT-TYPE
SYNTAX H3cAcfpPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list contains basic information of ACFP Policy."
INDEX
{
h3cAcfpClientID,
h3cAcfpPolicyIndex
}
::= { h3cAcfpPolicyTable 1 }
H3cAcfpPolicyEntry ::= SEQUENCE
{
h3cAcfpPolicyIndex Integer32,
h3cAcfpPolicyInIfIndex Integer32,
h3cAcfpPolicyOutIfIndex Integer32,
h3cAcfpPolicyDestIfIndex Integer32,
h3cAcfpPolicyContextID Integer32,
h3cAcfpPolicyAdminStatus INTEGER,
h3cAcfpPolicyLifetime Integer32,
h3cAcfpPolicyTimeStart OCTET STRING,
h3cAcfpPolicyTimeEnd OCTET STRING,
h3cAcfpPolicyRowStatus RowStatus,
h3cAcfpPolicyDestIfFailAction INTEGER,
h3cAcfpPolicyPriority INTEGER
}
h3cAcfpPolicyIndex OBJECT-TYPE
SYNTAX Integer32(1..2147483647)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The identifier of the Policy of ACFP client"
::= { h3cAcfpPolicyEntry 1 }
h3cAcfpPolicyInIfIndex OBJECT-TYPE
SYNTAX Integer32(0..2147483647)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Packet is received from this interface. The value of this object
contains the same value of ifIndex of ifTable."
DEFVAL {0}
::= { h3cAcfpPolicyEntry 2}
h3cAcfpPolicyOutIfIndex OBJECT-TYPE
SYNTAX Integer32(0..2147483647)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Packet is sent to this interface. The value of this object
contains the same value of ifIndex of ifTable."
DEFVAL {0}
::= { h3cAcfpPolicyEntry 3 }
h3cAcfpPolicyDestIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Through this interface, packet go to ACFP client from
ACFP server. The value of this object contains the same
value of ifIndex of ifTable."
DEFVAL {0}
::= { h3cAcfpPolicyEntry 4 }
h3cAcfpPolicyContextID OBJECT-TYPE
SYNTAX Integer32(0..2147483647)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Internal id ACFP server allocated used to map to the interface.
ACFP server may send packet with this h3cAcfpPolicyContextID to
ACFP client, ACFP client can make use of this h3cAcfpPolicyContextID
and find the policy. "
::= { h3cAcfpPolicyEntry 5 }
h3cAcfpPolicyAdminStatus OBJECT-TYPE
SYNTAX INTEGER
{
enable(1), -- policy is applied
disable(2) -- policy is not applied
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object indicates the desired status of the
policy."
::= { h3cAcfpPolicyEntry 6 }
h3cAcfpPolicyLifetime OBJECT-TYPE
SYNTAX Integer32(0..2147483647)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"When retrieved, this object delivers the maximum lifetime (seconds)
of all the rules of this, i.e., of all the rows in h3cAcfpRuleTable
that have the same values of h3cAcfpRulePolicyIndex and
h3cAcfpClientID. Successfully writing to this object modifies the
lifetime of all the rules of this. Successfully writing a value
of 0 terminates all the rules and implicitly deletes this as soon as
all member entries are removed from the h3cAcfpRuleTable. Note that
after a lifetime expired, all the corresponding entry in the
h3cAcfpRuleTable will be removed and this will be deleted
implicitly. Writing to this object is processed by the ACFP MIB
implementation by choosing a lifetime value that is greater than
or equal to zero and less than or equal to the minimum of the requested
value and the value specified by object h3cAcfpServerMaxLifetime:
0 <= lt_granted <= MINIMUM(lt_requested, lt_maximum)
whereas:
lt_granted is the actually granted lifetime by the ACFP MIB
implementation.
lt_requested is the requested lifetime of the ACFP client.
lt_maximum is the value of object h3cAcfpServerMaxLifetime.
SNMP set requests to this object may be rejected or the value of
the object after an accepted set operation may be less than the
value that was contained in the SNMP set request."
DEFVAL{ h3cAcfpServerMaxLifetime }
::= { h3cAcfpPolicyEntry 7 }
h3cAcfpPolicyTimeStart OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(8))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Beginning time of this policy every day. Eg. HH:MM:SS"
::= { h3cAcfpPolicyEntry 8 }
h3cAcfpPolicyTimeEnd OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(8))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Ending time of this policy every day. Eg. HH:MM:SS"
::= { h3cAcfpPolicyEntry 9 }
h3cAcfpPolicyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"RowStatus, supports three states: createAndGo, active, destroy.
Creation Operation Restriction:
The client corresponding to the index h3cAcfpClientID must exist
while creating a row.
Nodes h3cAcfpPolicyTimeStart and h3cAcfpPolicyTimeEnd are
bound together, and h3cAcfpPolicyTimeEnd must be greater than
h3cAcfpPolicyTimeStart.
The number of rows created on an incoming/outgoing interface
cannot exceed the upper limit.
The number of rows created cannot exceed the upper limit for each client.
A packet matches a policy in the following order:
- It first matches the policy with the highest priority.
- For two policies with the same priority,
it matches the one with the smallest client index.
- For two policies with the same client index,
it matches the one with the smallest policy index.
Modification Operation Restriction:
Nodes that do not support modification: h3cAcfpPolicyInIfIndex,
h3cAcfpPolicyOutIfIndex, h3cAcfpPolicyDestIfIndex,
h3cAcfpPolicyDestIfFailAction, h3cAcfpPolicyPriority.
Nodes that support modification: h3cAcfpPolicyAdminStatus,
h3cAcfpPolicyLifetime, h3cAcfpPolicyTimeStart and h3cAcfpPolicyTimeEnd.
While modifying a row, if the row corresponding to the index configured
does not exist, error returns directly.
While modifying a node, the restriction over h3cAcfpPolicyTimeStart
and h3cAcfpPolicyTimeEnd is the same as creating a node.
Deletion Operation Restriction:
If the row to be deleted does not exist, success returns directly.
"
::= { h3cAcfpPolicyEntry 10 }
h3cAcfpPolicyDestIfFailAction OBJECT-TYPE
SYNTAX INTEGER
{
delete(1), -- delete all rules of the policy from driver
reserve(2) -- reserve all rules of the policy in driver
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object indicates the action of the
policy when the destination interface failed."
DEFVAL { 1 }
::= { h3cAcfpPolicyEntry 11 }
h3cAcfpPolicyPriority OBJECT-TYPE
SYNTAX INTEGER
{
priority1(1), -- Priority 1 (MIN)
priority2(2), -- Priority 2
priority3(3), -- Priority 3
priority4(4), -- Priority 4
priority5(5), -- Priority 5
priority6(6), -- Priority 6
priority7(7), -- Priority 7
priority8(8) -- Priority 8 (MAX)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object indicates the priority of the
policy.
Priority8 is maximal priority.
Priority1 is minimal priority."
DEFVAL { 4 }
::= { h3cAcfpPolicyEntry 12 }
-- Individual Rule policy Information applied to Router or switch
h3cAcfpRule OBJECT IDENTIFIER ::= { h3cAcfpOAP 4 }
h3cAcfpRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF H3cAcfpRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lists all the rules. It is indexed by
h3cAcfpClientID, h3cAcfpRulePolicyIndex and h3cAcfpRuleIndex.
Entries can be deleted by writing h3cAcfpPolicyLifetime to 0."
::= { h3cAcfpRule 1 }
h3cAcfpRuleEntry OBJECT-TYPE
SYNTAX H3cAcfpRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The list contains basic information of the rule."
INDEX
{
h3cAcfpClientID,
h3cAcfpPolicyIndex,
h3cAcfpRuleIndex
}
::= { h3cAcfpRuleTable 1 }
H3cAcfpRuleEntry ::= SEQUENCE
{
h3cAcfpRuleIndex Integer32,
h3cAcfpRuleOperStatus INTEGER,
h3cAcfpRuleAction INTEGER,
h3cAcfpRuleAll TruthValue,
h3cAcfpRuleSrcMAC MacAddress,
h3cAcfpRuleDstMAC MacAddress,
h3cAcfpRuleVlanStart Integer32,
h3cAcfpRuleVlanEnd Integer32,
h3cAcfpRuleProtocol Integer32,
h3cAcfpRuleSrcIP IpAddress,
h3cAcfpRuleSrcIPMask IpAddress,
h3cAcfpRuleSrcOp INTEGER,
h3cAcfpRuleSrcStartPort Integer32,
h3cAcfpRuleSrcEndPort Integer32,
h3cAcfpRuleDstIP IpAddress,
h3cAcfpRuleDstIPMask IpAddress,
h3cAcfpRuleDstOp INTEGER,
h3cAcfpRuleDstStartPort Integer32,
h3cAcfpRuleDstEndPort Integer32,
h3cAcfpRulePrecedence Integer32,
h3cAcfpRuleTos Integer32,
h3cAcfpRuleDscp Integer32,
h3cAcfpRuleEstablish TruthValue,
h3cAcfpRuleFragment TruthValue,
h3cAcfpRulePacketRate Integer32,
h3cAcfpRuleRowStatus RowStatus,
h3cAcfpRuleTCPFlag Integer32,
h3cAcfpRuleSrcIPV6Address Ipv6Address,
h3cAcfpRuleSrcPrefixLen InetAddressPrefixLength,
h3cAcfpRuleDstIPV6Address Ipv6Address,
h3cAcfpRuleDstPrefixLen InetAddressPrefixLength,
h3cAcfpRuleTrafficType BITS,
h3cAcfpRuleTypeOrLen Integer32
}
h3cAcfpRuleIndex OBJECT-TYPE
SYNTAX Integer32(1..2147483647)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The identifier of the rules which have the same h3cAcfpPolicyIndex
and h3cAcfpClientID.h3cAcfpRuleIndex indicates rule sequence in the
same policy."
::= { h3cAcfpRuleEntry 1 }
h3cAcfpRuleOperStatus OBJECT-TYPE
SYNTAX INTEGER
{
success(1), -- rule applied successfully to interface
fail(2) -- rule failed to apply to interface
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this object indicates the status of a rule.
success : Applied rule to interface successfully.
fail : Failed to apply rule to interface.
"
DEFVAL { fail }
::= { h3cAcfpRuleEntry 2 }
h3cAcfpRuleAction OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2),
redirect(3),
mirror(4),
rate(5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The action of this rule."
::= { h3cAcfpRuleEntry 3 }
h3cAcfpRuleAll OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The rule match all packet or does not.
true : all
false : not all
"
DEFVAL { false }
::= { h3cAcfpRuleEntry 4 }
h3cAcfpRuleSrcMAC OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Source MAC of this rule."
::= { h3cAcfpRuleEntry 5 }
h3cAcfpRuleDstMAC OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Destination MAC of this rule."
::= { h3cAcfpRuleEntry 6 }
h3cAcfpRuleVlanStart OBJECT-TYPE
SYNTAX Integer32(0..4094)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Starting VLAN id of this rule.
0 : Invalid value"
DEFVAL { 0 }
::= { h3cAcfpRuleEntry 7 }
h3cAcfpRuleVlanEnd OBJECT-TYPE
SYNTAX Integer32(0..4094)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Ending VLAN id of this rule.
0 : Invalid value"
DEFVAL { 0 }
::= { h3cAcfpRuleEntry 8 }
h3cAcfpRuleProtocol OBJECT-TYPE
SYNTAX Integer32(0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The protocol-type of this rule.
<0-255> Protocol number
gre GRE tunneling(47)
icmp Internet Control Message Protocol(1)
igmp Internet Management Protocol(2)
ip Any IP protocol(0)
ipinip IP in IP tunneling(4)
ospf OSPF routing protocol(89)
tcp Transmission Control Protocol (6)
udp User Datagram Protocol (17)
"
DEFVAL { 0 }
::= { h3cAcfpRuleEntry 9 }
h3cAcfpRuleSrcIP OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Source IP address of this rule."
::= { h3cAcfpRuleEntry 10 }
h3cAcfpRuleSrcIPMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Source IP-address wild of this rule. Eg. 0.0.0.255."
::= { h3cAcfpRuleEntry 11 }
h3cAcfpRuleSrcOp OBJECT-TYPE
SYNTAX INTEGER
{
equal(1),
notEqual(2),
lessThan(3),
greaterThan(4),
range(5),
invalid(6)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Source Port operation for this rule"
DEFVAL { invalid }
::= { h3cAcfpRuleEntry 12 }
h3cAcfpRuleSrcStartPort OBJECT-TYPE
SYNTAX Integer32(0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Starting UDP/TCP Source Port number of this rule."
::= { h3cAcfpRuleEntry 13 }
h3cAcfpRuleSrcEndPort OBJECT-TYPE
SYNTAX Integer32(0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Ending UDP/TCP Source Port of this rule."
::= { h3cAcfpRuleEntry 14 }
h3cAcfpRuleDstIP OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Destination IP address of this rule."
::= { h3cAcfpRuleEntry 15 }
h3cAcfpRuleDstIPMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Destination IP-address wild of this rule. Eg. 0.0.0.255"
::= { h3cAcfpRuleEntry 16 }
h3cAcfpRuleDstOp OBJECT-TYPE
SYNTAX INTEGER
{
equal(1),
nonEqual(2),
lessThan(3),
greaterThan(4),
range(5),
invalid(6)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Destination Port operation for this rule"
DEFVAL { invalid }
::= { h3cAcfpRuleEntry 17 }
h3cAcfpRuleDstStartPort OBJECT-TYPE
SYNTAX Integer32(0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Starting UDP/TCP Destination Port number of this rule."
::= { h3cAcfpRuleEntry 18 }
h3cAcfpRuleDstEndPort OBJECT-TYPE
SYNTAX Integer32(0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Ending UDP/TCP Destination Port of this rule."
::= { h3cAcfpRuleEntry 19 }
h3cAcfpRulePrecedence OBJECT-TYPE
SYNTAX Integer32(0..7|255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of precedence field in IP header.
<255> Invalid value
<0-7> value of precedence
routine(0) Routine precedence
priority(1) Priority precedence
immediate(2) Immediate precedence
flash(3) Flash precedence
flash-override(4) Flash Override precedence
critical(5) Critical precedence
internet(6) Network Control precedence
network(7) Internetwork Control precedence
"
DEFVAL { 255 }
::= { h3cAcfpRuleEntry 20 }
h3cAcfpRuleTos OBJECT-TYPE
SYNTAX Integer32(0..15|255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of TOS field in IP header.
<255> Invalid value
<0-15> value of ToS (Type of Service)
Normal(0) normal service
min-monetary-cost(1) minimum monetary cost
max-reliability(2) maximum reliability
max-throughput(4) maximum throughput
min-delay(8) minimum delay
"
DEFVAL { 255 }
::= { h3cAcfpRuleEntry 21 }
h3cAcfpRuleDscp OBJECT-TYPE
SYNTAX Integer32(0..63|255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of DSCP.
<255> Invalid value
<0-63> value of DSCP
Be(0) best effort
af11(10) assured forwarding 11 service
af12(12) assured forwarding 12 service
af13(14) assured forwarding 13 service
af21(18) assured forwarding 18 service
af22(20) assured forwarding 20 service
af23(22) assured forwarding 22 service
af31(26) assured forwarding 31 service
af32(28) assured forwarding 32 service
af33(30) assured forwarding 33 service
af41(34) assured forwarding 41 service
af42(36) assured forwarding 42 service
af43(38) assured forwarding 43 service
cs1(8) class selector 1 service
cs2(16) class selector 2 service
cs3(24) class selector 3 service
cs4(32) class selector 4 service
cs5(40) class selector 5 service
cs6(48) class selector 6 service
cs7(56) class selector 7 service
ef(46) expedited forwarding service
"
DEFVAL { 255 }
::= { h3cAcfpRuleEntry 22 }
h3cAcfpRuleEstablish OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"Establish Flag. Matches the TCP packets with the ACK
and/or RST flag, including the TCP packets of these
types: SYN+ACK, ACK, FIN+ACK, RST, RST+ACK."
DEFVAL { false }
::= { h3cAcfpRuleEntry 23 }
h3cAcfpRuleFragment OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The flag of matching fragmented packet."
DEFVAL { false }
::= { h3cAcfpRuleEntry 24 }
h3cAcfpRulePacketRate OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Packet rate (Kbps) of this rule."
::= { h3cAcfpRuleEntry 25 }
h3cAcfpRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"RowStatus, supports three states: createAndGo, active, destroy.
Creation Operation Restriction:
Node h3cAcfpRuleAction must be bound while creating a line.
Nodes h3cAcfpRuleAll and h3cAcfpRuleProtocol, h3cAcfpRuleSrcIP,
h3cAcfpRuleSrcIPMask, h3cAcfpRuleDstIP, h3cAcfpRuleSrcOp,
h3cAcfpRuleSrcStartPort, h3cAcfpRuleSrcEndPort, h3cAcfpRuleDstIP,
h3cAcfpRuleDstIPMask, h3cAcfpRuleDstOp, h3cAcfpRuleDstStartPort,
h3cAcfpRuleDstEndPort, h3cAcfpRulePrecedence, h3cAcfpRuleTos,
h3cAcfpRuleDscp, h3cAcfpRuleTCPFlag, h3cAcfpRuleFragment are
mutually exclusive.
Nodes h3cAcfpRuleSrcIP and h3cAcfpRuleSrcIPMask are bound together,
otherwise, the source IP address is neglected.
The restriction over h3cAcfpRuleDstIP and h3cAcfpRuleDstIPMask is the
same as h3cAcfpRuleSrcIP and h3cAcfpRuleSrcIPMask.
Nodes h3cAcfpRuleDscp and h3cAcfpRulePrecedence, h3cAcfpRuleTos are
mutually exclusive.
If the node h3cAcfpRuleSrcOp is bound to range(5),
h3cAcfpRuleSrcStartPort and h3cAcfpRuleSrcEndPort must be bound together,
and h3cAcfpRuleSrcEndPort must be greater than h3cAcfpRuleSrcStartPort.
If the node h3cAcfpRuleSrcOp is bound to equal(1), notEqual(2),
lessThan(3) or greaterThan(4), h3cAcfpRuleSrcStartPort must be bound
together, and h3cAcfpRuleSrcEndPort is neglected.
The restriction over h3cAcfpRuleDstOp, h3cAcfpRuleDstStartPort and
h3cAcfpRuleDstEndPort is the same as h3cAcfpRuleSrcOp,
h3cAcfpRuleSrcStartPort and h3cAcfpRuleSrcEndPort.
If the node h3cAcfpRuleAction is bound to redirect(3) or mirror(4),
the destination interfaces of the policy the rule belonging to must exist;
The number of rows created cannot exceed the upper limit for each policy,
each inbound interface and each outbound interface.
Modification Operation Restriction:
The row does not support modification.
Deletion Operation Restriction
If the row to be deleted does not exist, success returns directly.
"
::= { h3cAcfpRuleEntry 26 }
h3cAcfpRuleTCPFlag OBJECT-TYPE
SYNTAX Integer32(0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"TCP Flag.
<0> don't care for TCP flag to match packets
<1-65535> care for TCP flag to match packets,
the value is combination of next list.
URG_VALID (1 << 13)
URG_SET (1 << 5)
ACK_VALID (1 << 12)
ACK_SET (1 << 4)
PSH_VALID (1 << 11)
PSH_SET (1 << 3)
RST_VALID (1 << 10)
RST_SET (1 << 2)
SYN_VALID (1 << 9)
SYN_SET (1 << 1)
FIN_VALID (1 << 8)
FIN_SET 1
Matches the TCP packets with the URG and/or
ACK and/or PSH and/or RST and/or SYN and/or FIN flag,
including the TCP packets of these
types: SYN+ACK, ACK, FIN+ACK, RST, RST+ACK."
DEFVAL { 0 }
::= { h3cAcfpRuleEntry 27 }
h3cAcfpRuleSrcIPV6Address OBJECT-TYPE
SYNTAX Ipv6Address
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Source IPv6 address of this rule."
::= { h3cAcfpRuleEntry 28 }
h3cAcfpRuleSrcPrefixLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Source IPv6 address prefix length of this rule. Eg. 64."
::= { h3cAcfpRuleEntry 29 }
h3cAcfpRuleDstIPV6Address OBJECT-TYPE
SYNTAX Ipv6Address
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Destination IPv6 address of this rule."
::= { h3cAcfpRuleEntry 30 }
h3cAcfpRuleDstPrefixLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Destination IPv6 address prefix length of this rule. Eg. 64."
::= { h3cAcfpRuleEntry 31 }
h3cAcfpRuleTrafficType OBJECT-TYPE
SYNTAX BITS
{
unicast(0),
multicast(1),
broadcast(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Traffic type of this rule. When retrieved, this object
returns a set of bits indicating the traffic type."
::= { h3cAcfpRuleEntry 32 }
h3cAcfpRuleTypeOrLen OBJECT-TYPE
SYNTAX Integer32(0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type or length of ethernet packet.
For Ethernet II encapsulation, it stands for packet type.
For 802.3 encapsulation, it stands for packet length."
::= { h3cAcfpRuleEntry 33 }
-- Notifications. The definition of h3cAcfpNotifications makes notification
-- registrations reversible (see STD 58, RFC 2578, section 8.5).
h3cAcfpNotifications OBJECT IDENTIFIER ::= { h3cAcfpOAP 5 }
h3cAcfpCurContextChanged NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpServerCurContextType
}
STATUS current
DESCRIPTION
"This notification is sent when router or switch changed
h3cAcfpServerCurContextType."
::= { h3cAcfpNotifications 1 }
h3cAcfpClientRegister NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpClientID
}
STATUS current
DESCRIPTION
"This notification is sent when the ACFP client is registered."
::= { h3cAcfpNotifications 2 }
h3cAcfpClientUnRegister NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpClientID
}
STATUS current
DESCRIPTION
"This notification is sent when the ACFP client is unregistered."
::= { h3cAcfpNotifications 3 }
h3cAcfpClientDead NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpClientID
}
STATUS current
DESCRIPTION
"This notification is sent when the ACFP client is not responding."
::= { h3cAcfpNotifications 4 }
h3cAcfpNotSupportedOAPMode NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpClientID,
h3cAcfpClientMode,
h3cAcfpServerInfo
}
STATUS current
DESCRIPTION
"This notification is sent when router or switch cannot support OAP
mode that ACFP client wants to operate on."
::= { h3cAcfpNotifications 5 }
h3cAcfpLifetimeChangeEvent NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpPolicyLifetime
}
STATUS current
DESCRIPTION
"This notification can be generated for indicating that
The lifetime of all member rules of the was
changed by successfully writing to object
h3cAcfpPolicyLifetime. Note that this notification
is only sent if the lifetime of a policy was changed by
successfully writing to object h3cAcfpPolicyLifetime."
::= { h3cAcfpNotifications 6 }
h3cAcfpRuleCreatedEvent NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpRuleIndex
}
STATUS current
DESCRIPTION
"This notification is sent when a new rule is created."
::= { h3cAcfpNotifications 7 }
h3cAcfpRuleDeletedEvent NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpRuleIndex
}
STATUS current
DESCRIPTION
"This notification is sent when a rule is deleted."
::= { h3cAcfpNotifications 8 }
h3cAcfpRuleErrorEvent NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpRuleIndex
}
STATUS current
DESCRIPTION
"This notification is sent when rule cannot be applied."
::= { h3cAcfpNotifications 9 }
h3cAcfpLifetimeExpireEvent NOTIFICATION-TYPE
OBJECTS
{
h3cAcfpPolicyLifetime
}
STATUS current
DESCRIPTION
"This notification is sent
when the time of the policy existed exceeds its lifetime."
::= { h3cAcfpNotifications 10 }
END
View Git Blame Copy Permalink