1142 lines
38 KiB
Plaintext
1142 lines
38 KiB
Plaintext
ARISTA-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE,
|
|
Counter64, Unsigned32, IpAddress FROM SNMPv2-SMI
|
|
TimeStamp, MacAddress, TruthValue,
|
|
TEXTUAL-CONVENTION, DisplayString FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
|
|
TimeFilter FROM RMON2-MIB
|
|
InetAddressIPv6 FROM INET-ADDRESS-MIB
|
|
aristaMibs FROM ARISTA-SMI-MIB;
|
|
|
|
aristaAclMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201408150000Z"
|
|
ORGANIZATION "Arista Networks, Inc."
|
|
CONTACT-INFO
|
|
"Arista Networks, Inc.
|
|
|
|
Postal: 5453 Great America Parkway
|
|
Santa Clara, CA 95054
|
|
|
|
Tel: +1 408 547-5500
|
|
|
|
E-mail: snmp@arista.com"
|
|
DESCRIPTION
|
|
"The MIB module for managing Access Control Lists (ACLs) on
|
|
Arista devices."
|
|
|
|
REVISION "201408150000Z"
|
|
DESCRIPTION "Updated postal and e-mail addresses."
|
|
|
|
REVISION "201302081100Z"
|
|
DESCRIPTION "Revised to correct a syntax error,
|
|
limit the size of ACL names in INDEXes to match
|
|
the maximum OID length, and make columns used in
|
|
INDEXes not-accessible. This last change is not
|
|
backwards-compatible."
|
|
|
|
REVISION "201206201300Z"
|
|
DESCRIPTION "Initial version of this MIB."
|
|
|
|
::= { aristaMibs 5 }
|
|
|
|
-- Textual Conventions --
|
|
|
|
AristaAclRuleAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action associated with an ACL rule. If the action has value
|
|
'remark(2)', then only the remark field of the ACL rule is
|
|
meaningful; all other fields are don't-cares."
|
|
SYNTAX INTEGER {
|
|
permit(0),
|
|
deny(1),
|
|
remark(2)
|
|
}
|
|
|
|
AristaAclRangeOperator ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Range operator used by an ACL rule."
|
|
SYNTAX INTEGER {
|
|
any(0),
|
|
eq(1),
|
|
gt(2),
|
|
lt(3),
|
|
neq(4),
|
|
range(5)
|
|
}
|
|
|
|
aristaAcl OBJECT IDENTIFIER ::= { aristaAclMIB 1 }
|
|
|
|
aristaAclConformance OBJECT IDENTIFIER ::= { aristaAclMIB 2 }
|
|
|
|
|
|
-- Sub-tree for IPv4 ACL objects
|
|
aristaIpAcl OBJECT IDENTIFIER ::= { aristaAcl 1 }
|
|
|
|
-- Sub-tree for MAC ACL objects
|
|
aristaMacAcl OBJECT IDENTIFIER ::= { aristaAcl 2 }
|
|
|
|
-- Sub-tree for IPv6 ACL objects
|
|
aristaIpv6Acl OBJECT IDENTIFIER ::= { aristaAcl 3 }
|
|
|
|
-- Dp ACL Support flags --
|
|
aristaAclDpSupportFlags OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
acl(0),
|
|
logging(1),
|
|
counter(2),
|
|
routerAcl(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute describes the data-plane ACL support matrix. If
|
|
data-plane ACLs are supported, the acl bit is 1; otherwise, other
|
|
bits are 0. If data-plane ACLs are supported, the logging, counter
|
|
and routerAcl bits indicate whether the data plane supports those
|
|
features for ACLs."
|
|
::= { aristaAcl 4 }
|
|
|
|
-- IP ACL objects --
|
|
aristaIpAclTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AristaIpAclEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains IP ACLs that are configured on the switch."
|
|
::= { aristaIpAcl 1 }
|
|
|
|
aristaIpAclEntry OBJECT-TYPE
|
|
SYNTAX AristaIpAclEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Information about a specific IP ACL that is configured on the
|
|
switch."
|
|
INDEX { aristaIpAclName }
|
|
::= { aristaIpAclTable 1 }
|
|
|
|
AristaIpAclEntry ::=
|
|
SEQUENCE {
|
|
aristaIpAclName DisplayString,
|
|
aristaIpAclReadOnly TruthValue,
|
|
aristaIpAclStatsEnabled TruthValue,
|
|
aristaIpAclCountersIncomplete TruthValue
|
|
}
|
|
|
|
aristaIpAclName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..100))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the IP ACL."
|
|
::= { aristaIpAclEntry 1 }
|
|
|
|
aristaIpAclReadOnly OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if the IP ACL is
|
|
configured as read-only; otherwise, the value is
|
|
'false(2)'."
|
|
::= { aristaIpAclEntry 2 }
|
|
|
|
aristaIpAclStatsEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if the IP ACL is
|
|
configured to have per-rule statistics enabled; otherwise,
|
|
the value is 'false(2)'."
|
|
::= { aristaIpAclEntry 3 }
|
|
|
|
aristaIpAclCountersIncomplete OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if the IP ACL has
|
|
incomplete counter; otherwise, the value is 'false(2)'."
|
|
::= { aristaIpAclEntry 4 }
|
|
|
|
aristaIpAclRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AristaIpAclRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains IP ACL rules that are configured on the
|
|
switch."
|
|
::= { aristaIpAcl 2 }
|
|
|
|
aristaIpAclRuleEntry OBJECT-TYPE
|
|
SYNTAX AristaIpAclRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configuration information about a specific IP ACL rule."
|
|
INDEX { aristaIpAclName, aristaIpAclRuleSeqId }
|
|
::= { aristaIpAclRuleTable 1 }
|
|
|
|
AristaIpAclRuleEntry ::=
|
|
SEQUENCE {
|
|
-- Rule Filter --
|
|
aristaIpAclRuleSeqId Unsigned32,
|
|
aristaIpAclRuleProto Unsigned32,
|
|
aristaIpAclRuleSrc IpAddress,
|
|
aristaIpAclRuleSrcMask IpAddress,
|
|
aristaIpAclRuleDest IpAddress,
|
|
aristaIpAclRuleDestMask IpAddress,
|
|
aristaIpAclRuleL4PortSrcOper AristaAclRangeOperator,
|
|
aristaIpAclRuleL4PortsSrc OCTET STRING,
|
|
aristaIpAclRuleL4PortDestOper AristaAclRangeOperator,
|
|
aristaIpAclRuleL4PortsDest OCTET STRING,
|
|
aristaIpAclRuleTtlOper AristaAclRangeOperator,
|
|
aristaIpAclRuleTtl Unsigned32,
|
|
aristaIpAclRuleTracked TruthValue,
|
|
aristaIpAclRuleFragments TruthValue,
|
|
aristaIpAclRuleTcpFlags BITS,
|
|
aristaIpAclRuleEstablished TruthValue,
|
|
aristaIpAclRuleIcmpType Unsigned32,
|
|
aristaIpAclRuleIcmpCode Unsigned32,
|
|
|
|
-- Rule Actions --
|
|
aristaIpAclRuleAction AristaAclRuleAction,
|
|
aristaIpAclRuleLog TruthValue,
|
|
aristaIpAclRuleRemark DisplayString
|
|
}
|
|
|
|
aristaIpAclRuleSeqId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the sequence ID for this ACL rule."
|
|
::= { aristaIpAclRuleEntry 1 }
|
|
|
|
aristaIpAclRuleProto OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IP protocol to be matched by this ACL
|
|
rule. The value 0 indicates the rule matches any IP
|
|
protocol."
|
|
::= { aristaIpAclRuleEntry 2 }
|
|
|
|
aristaIpAclRuleSrc OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IP source address to be matched by this
|
|
ACL rule, subject to the aristaIpAclRuleSrcMask value."
|
|
::= { aristaIpAclRuleEntry 3 }
|
|
|
|
aristaIpAclRuleSrcMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IP source-address mask in this ACL
|
|
rule. For the source address of the packet to match the rule,
|
|
the bitwise logical-AND of the address and this mask must be
|
|
equal to the value of aristaIpAclRuleSrc."
|
|
::= { aristaIpAclRuleEntry 4 }
|
|
|
|
aristaIpAclRuleDest OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IP destination address to be matched by
|
|
this ACL rule, subject to the aristaIpAclRuleDestMask value."
|
|
::= { aristaIpAclRuleEntry 5 }
|
|
|
|
aristaIpAclRuleDestMask OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IP destination-address mask in this ACL
|
|
rule. For the destination address of the packet to match the rule,
|
|
the bitwise logical-AND of the address and this mask must be
|
|
equal to the value of aristaIpAclRuleDest."
|
|
::= { aristaIpAclRuleEntry 6 }
|
|
|
|
aristaIpAclRuleL4PortSrcOper OBJECT-TYPE
|
|
SYNTAX AristaAclRangeOperator
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute determines TCP/UDP source-port matching
|
|
behavior in this ACL rule. If this attribute has value
|
|
'any(0)', then attribute aristaIpAclRuleL4PortsSrc is
|
|
ignored."
|
|
::= { aristaIpAclRuleEntry 7 }
|
|
|
|
aristaIpAclRuleL4PortsSrc OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is a list of TCP/UDP source ports to be
|
|
matched in this ACL rule. They are represented as decimal
|
|
strings, separated by spaces. A maximum of 10 ports is
|
|
allowed. Attribute aristaIpAclRuleL4PortSrcOper determines
|
|
how the source ports are matched in this ACL rule."
|
|
::= { aristaIpAclRuleEntry 8 }
|
|
|
|
aristaIpAclRuleL4PortDestOper OBJECT-TYPE
|
|
SYNTAX AristaAclRangeOperator
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute determines TCP/UDP destination-port matching
|
|
behavior in this ACL rule. If this attribute has value
|
|
'any(0)', then attribute aristaIpAclRuleL4PortsDest is
|
|
ignored."
|
|
::= { aristaIpAclRuleEntry 9 }
|
|
|
|
aristaIpAclRuleL4PortsDest OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is a list of TCP/UDP destination ports to be
|
|
matched in this ACL rule. They are represented as decimal
|
|
strings, separated by spaces. A maximum of 10 ports is
|
|
allowed. Attribute aristaIpAclRuleL4PortDestOper determines
|
|
how the destination ports are matched in this ACL rule."
|
|
::= { aristaIpAclRuleEntry 10 }
|
|
|
|
aristaIpAclRuleTtlOper OBJECT-TYPE
|
|
SYNTAX AristaAclRangeOperator
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IP TTL (Time To Live) operation code
|
|
used in this ACL rule. Combined with attribute aristaIpAclRuleTtl,
|
|
it specifies the IP TTL matching behavior in this ACL rule."
|
|
::= { aristaIpAclRuleEntry 11 }
|
|
|
|
aristaIpAclRuleTtl OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IP TTL value in this ACL rule.
|
|
Attribute aristaIpAclRuleTtlOper determines how the TTL
|
|
values is matched in this ACL rule."
|
|
::= { aristaIpAclRuleEntry 12 }
|
|
|
|
aristaIpAclRuleTracked OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has the value 'true(1)' if this ACL rule is
|
|
tracked; otherwise, the value is 'false(2)'. A tracked rule
|
|
matches packets in existing ICMP/UDP/TCP connections."
|
|
::= { aristaIpAclRuleEntry 13 }
|
|
|
|
aristaIpAclRuleFragments OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if this ACL rule is
|
|
configured to match IP fragments; otherwise, the value is
|
|
'false(2)'."
|
|
::= { aristaIpAclRuleEntry 14 }
|
|
|
|
aristaIpAclRuleTcpFlags OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
fin(0),
|
|
syn(1),
|
|
rst(2),
|
|
psh(3),
|
|
ack(4),
|
|
urg(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute describes TCP flags that are matched by this
|
|
ACL rule."
|
|
::= { aristaIpAclRuleEntry 15 }
|
|
|
|
aristaIpAclRuleEstablished OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if this ACL rule matches
|
|
existing TCP connections; otherwise, the value is 'false(2)'."
|
|
::= { aristaIpAclRuleEntry 16 }
|
|
|
|
aristaIpAclRuleIcmpType OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the ICMP type that is matched by this ACL
|
|
rule. The attribute is ignored in the ACL rule if the value is
|
|
65535."
|
|
::= { aristaIpAclRuleEntry 17 }
|
|
|
|
aristaIpAclRuleIcmpCode OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the ICMP code that is matched by this ACL
|
|
rule. The attribute is ignored in the ACL rule if the value is
|
|
65535."
|
|
::= { aristaIpAclRuleEntry 18 }
|
|
|
|
aristaIpAclRuleAction OBJECT-TYPE
|
|
SYNTAX AristaAclRuleAction
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the action applied to this ACL rule."
|
|
::= { aristaIpAclRuleEntry 19 }
|
|
|
|
aristaIpAclRuleLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if logging is required in
|
|
this ACL rule; otherwise, the value is 'false(2)'."
|
|
::= { aristaIpAclRuleEntry 20 }
|
|
|
|
aristaIpAclRuleRemark OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..127))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the remark string applied to this ACL rule."
|
|
::= { aristaIpAclRuleEntry 21 }
|
|
|
|
aristaIpAclRuleStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AristaIpAclRuleStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains statistics for IP ACL rules."
|
|
::= { aristaIpAcl 3 }
|
|
|
|
aristaIpAclRuleStatsEntry OBJECT-TYPE
|
|
SYNTAX AristaIpAclRuleStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics for a specific IP ACL rules."
|
|
INDEX { aristaIpAclRuleTimeMark,
|
|
aristaIpAclName,
|
|
aristaIpAclRuleSeqId }
|
|
::= { aristaIpAclRuleStatsTable 1 }
|
|
|
|
AristaIpAclRuleStatsEntry ::=
|
|
SEQUENCE {
|
|
aristaIpAclRuleTimeMark TimeFilter,
|
|
aristaIpAclRuleStatsPktCount Counter64,
|
|
aristaIpAclRuleStatsLastUpdateTime TimeStamp
|
|
}
|
|
|
|
aristaIpAclRuleTimeMark OBJECT-TYPE
|
|
SYNTAX TimeFilter
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A TimeFilter for this entry. See the TimeFilter textual
|
|
convention to see how this works."
|
|
::= { aristaIpAclRuleStatsEntry 1 }
|
|
|
|
aristaIpAclRuleStatsPktCount OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the number of packets that this ACL rule
|
|
matched."
|
|
::= { aristaIpAclRuleStatsEntry 2 }
|
|
|
|
aristaIpAclRuleStatsLastUpdateTime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of sysUpTime at the time the
|
|
aristaIpAclRuleStatsPktCount was last updated for this ACL rule."
|
|
::= { aristaIpAclRuleStatsEntry 3 }
|
|
|
|
-- Arista MAC ACL objects --
|
|
aristaMacAclTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AristaMacAclEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains MAC ACLs that are configured on the switch."
|
|
::= { aristaMacAcl 1 }
|
|
|
|
aristaMacAclEntry OBJECT-TYPE
|
|
SYNTAX AristaMacAclEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Information about a specific MAC ACL that is configured on
|
|
the switch."
|
|
INDEX { aristaMacAclName }
|
|
::= { aristaMacAclTable 1 }
|
|
|
|
AristaMacAclEntry ::=
|
|
SEQUENCE {
|
|
aristaMacAclName DisplayString,
|
|
aristaMacAclReadOnly TruthValue,
|
|
aristaMacAclStatsEnabled TruthValue,
|
|
aristaMacAclCountersIncomplete TruthValue
|
|
}
|
|
|
|
aristaMacAclName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..100))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the MAC ACL."
|
|
::= { aristaMacAclEntry 1 }
|
|
|
|
aristaMacAclReadOnly OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if the MAC ACL is
|
|
configured as read-only; otherwise, the value is
|
|
'false(2)'."
|
|
::= { aristaMacAclEntry 2 }
|
|
|
|
aristaMacAclStatsEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if the MAC ACL is
|
|
configured to have per-entry statistics enabled; otherwise,
|
|
the value is 'false(2)'."
|
|
::= { aristaMacAclEntry 3 }
|
|
|
|
aristaMacAclCountersIncomplete OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if the MAC ACL has
|
|
incomplete counter statistics; otherwise, the value is
|
|
'false(2)'."
|
|
::= { aristaMacAclEntry 4 }
|
|
|
|
aristaMacAclRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AristaMacAclRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains MAC ACL rules that are configured on
|
|
the switch."
|
|
::= { aristaMacAcl 2 }
|
|
|
|
aristaMacAclRuleEntry OBJECT-TYPE
|
|
SYNTAX AristaMacAclRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configuration information about a specific MAC ACL rule."
|
|
INDEX { aristaMacAclName, aristaMacAclRuleSeqId }
|
|
::= { aristaMacAclRuleTable 1 }
|
|
|
|
AristaMacAclRuleEntry ::=
|
|
SEQUENCE {
|
|
-- Rule Filter --
|
|
aristaMacAclRuleSeqId Unsigned32,
|
|
aristaMacAclRuleSrc MacAddress,
|
|
aristaMacAclRuleSrcMask MacAddress,
|
|
aristaMacAclRuleDest MacAddress,
|
|
aristaMacAclRuleDestMask MacAddress,
|
|
aristaMacAclRuleProto Unsigned32,
|
|
|
|
-- Rule Actions --
|
|
aristaMacAclRuleAction AristaAclRuleAction,
|
|
aristaMacAclRuleLog TruthValue,
|
|
aristaMacAclRuleRemark DisplayString
|
|
}
|
|
|
|
aristaMacAclRuleSeqId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the sequence ID for this ACL rule."
|
|
::= { aristaMacAclRuleEntry 1 }
|
|
|
|
aristaMacAclRuleSrc OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the MAC source address to be matched by
|
|
this ACL rule, subject to the aristaMacAclRuleSrcMask value."
|
|
::= { aristaMacAclRuleEntry 2 }
|
|
|
|
aristaMacAclRuleSrcMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the MAC source-address mask in this ACL
|
|
rule. For the source address of the packet to match the rule,
|
|
the bitwise logical-AND of the address and this mask must be
|
|
equal to the value of aristaMacAclRuleSrc."
|
|
::= { aristaMacAclRuleEntry 3 }
|
|
|
|
aristaMacAclRuleDest OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the MAC destination address to be matched
|
|
by this ACL rule, subject to the aristaMacAclRuleSrcMask value."
|
|
::= { aristaMacAclRuleEntry 4 }
|
|
|
|
aristaMacAclRuleDestMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the MAC destination-address mask in this ACL
|
|
rule. For the destination address of the packet to match the rule,
|
|
the bitwise logical-AND of the address and this mask must be
|
|
equal to the value of aristaMacAclRuleDest."
|
|
::= { aristaMacAclRuleEntry 5 }
|
|
|
|
aristaMacAclRuleProto OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the MAC protocol number to be matched by
|
|
this ACL rule. The protocol value 4294967295 (0xFFFFFFFF) is
|
|
a value that indicates the rule matches any
|
|
protocol."
|
|
::= { aristaMacAclRuleEntry 6 }
|
|
|
|
aristaMacAclRuleAction OBJECT-TYPE
|
|
SYNTAX AristaAclRuleAction
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the action applied to this ACL rule."
|
|
::= { aristaMacAclRuleEntry 7 }
|
|
|
|
aristaMacAclRuleLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if logging is required in
|
|
this ACL rule; otherwise, the value is 'false(2)'."
|
|
::= { aristaMacAclRuleEntry 8 }
|
|
|
|
aristaMacAclRuleRemark OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..127))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the remark string applied to this ACL rule."
|
|
::= { aristaMacAclRuleEntry 9 }
|
|
|
|
aristaMacAclRuleStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AristaMacAclRuleStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains statistics information for MAC ACL rules."
|
|
::= { aristaMacAcl 3 }
|
|
|
|
aristaMacAclRuleStatsEntry OBJECT-TYPE
|
|
SYNTAX AristaMacAclRuleStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics for MAC ACL rules."
|
|
INDEX { aristaMacAclRuleTimeMark,
|
|
aristaMacAclName,
|
|
aristaMacAclRuleSeqId }
|
|
::= { aristaMacAclRuleStatsTable 1 }
|
|
|
|
AristaMacAclRuleStatsEntry ::=
|
|
SEQUENCE {
|
|
aristaMacAclRuleTimeMark TimeFilter,
|
|
aristaMacAclRuleStatsPktCount Counter64,
|
|
aristaMacAclRuleStatsLastUpdateTime TimeStamp
|
|
}
|
|
|
|
aristaMacAclRuleTimeMark OBJECT-TYPE
|
|
SYNTAX TimeFilter
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A TimeFilter for this entry. See the TimeFilter textual
|
|
convention to see how this works."
|
|
::= { aristaMacAclRuleStatsEntry 1 }
|
|
|
|
aristaMacAclRuleStatsPktCount OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the number of packets that this ACL rule
|
|
matched."
|
|
::= { aristaMacAclRuleStatsEntry 2 }
|
|
|
|
aristaMacAclRuleStatsLastUpdateTime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of sysUpTime at the time the
|
|
aristaMacAclRuleStatsPktCount was last updated for this ACL rule."
|
|
::= { aristaMacAclRuleStatsEntry 3 }
|
|
|
|
-- IPv6 ACL objects --
|
|
aristaIpv6AclTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AristaIpv6AclEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains IPv6 ACLs that are configured on the
|
|
switch."
|
|
::= { aristaIpv6Acl 1 }
|
|
|
|
aristaIpv6AclEntry OBJECT-TYPE
|
|
SYNTAX AristaIpv6AclEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Information about a specific IPv6 ACL that is configured on
|
|
the switch."
|
|
INDEX { aristaIpv6AclName }
|
|
::= { aristaIpv6AclTable 1 }
|
|
|
|
AristaIpv6AclEntry ::=
|
|
SEQUENCE {
|
|
aristaIpv6AclName DisplayString,
|
|
aristaIpv6AclReadOnly TruthValue,
|
|
aristaIpv6AclStatsEnabled TruthValue,
|
|
aristaIpv6AclCountersIncomplete TruthValue
|
|
}
|
|
|
|
aristaIpv6AclName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..100))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the IPv6 ACL."
|
|
::= { aristaIpv6AclEntry 1 }
|
|
|
|
aristaIpv6AclReadOnly OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if the IPv6 ACL is
|
|
configured as read-only; otherwise, the value is
|
|
'false(2)'."
|
|
::= { aristaIpv6AclEntry 2 }
|
|
|
|
aristaIpv6AclStatsEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if the IPv6 ACL is
|
|
configured to have per-entry statistics enabled; otherwise,
|
|
the value is 'false(2)'."
|
|
::= { aristaIpv6AclEntry 3 }
|
|
|
|
aristaIpv6AclCountersIncomplete OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if the IPv6 ACL has
|
|
incomplete counter statistics; otherwise, the value is
|
|
'false(2)'."
|
|
::= { aristaIpv6AclEntry 4 }
|
|
|
|
aristaIpv6AclRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AristaIpv6AclRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains IPv6 ACL rules that are configured on
|
|
the switch."
|
|
::= { aristaIpv6Acl 2 }
|
|
|
|
aristaIpv6AclRuleEntry OBJECT-TYPE
|
|
SYNTAX AristaIpv6AclRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configuration information about a specific IPv6 ACL rule."
|
|
INDEX { aristaIpv6AclName, aristaIpv6AclRuleSeqId }
|
|
::= { aristaIpv6AclRuleTable 1 }
|
|
|
|
AristaIpv6AclRuleEntry ::=
|
|
SEQUENCE {
|
|
-- Rule Filter --
|
|
aristaIpv6AclRuleSeqId Unsigned32,
|
|
aristaIpv6AclRuleProto Unsigned32,
|
|
aristaIpv6AclRuleSrc InetAddressIPv6,
|
|
aristaIpv6AclRuleSrcMask InetAddressIPv6,
|
|
aristaIpv6AclRuleDest InetAddressIPv6,
|
|
aristaIpv6AclRuleDestMask InetAddressIPv6,
|
|
aristaIpv6AclRuleL4PortSrcOper AristaAclRangeOperator,
|
|
aristaIpv6AclRuleL4PortsSrc OCTET STRING,
|
|
aristaIpv6AclRuleL4PortDestOper AristaAclRangeOperator,
|
|
aristaIpv6AclRuleL4PortsDest OCTET STRING,
|
|
aristaIpv6AclRuleHopLimitOper AristaAclRangeOperator,
|
|
aristaIpv6AclRuleHopLimit Unsigned32,
|
|
aristaIpv6AclRuleTcpFlags BITS,
|
|
aristaIpv6AclRuleEstablished TruthValue,
|
|
aristaIpv6AclRuleIcmpType Unsigned32,
|
|
aristaIpv6AclRuleIcmpCode Unsigned32,
|
|
|
|
-- Rule Actions --
|
|
aristaIpv6AclRuleAction AristaAclRuleAction,
|
|
aristaIpv6AclRuleLog TruthValue,
|
|
aristaIpv6AclRuleRemark DisplayString
|
|
}
|
|
|
|
aristaIpv6AclRuleSeqId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the sequence ID for this ACL rule."
|
|
::= { aristaIpv6AclRuleEntry 1 }
|
|
|
|
aristaIpv6AclRuleProto OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IPv6 upper layer protocol to be matched
|
|
by this ACL rule. The value 0 indicates the rule matches any
|
|
IPv6 protocol."
|
|
::= { aristaIpv6AclRuleEntry 2 }
|
|
|
|
aristaIpv6AclRuleSrc OBJECT-TYPE
|
|
SYNTAX InetAddressIPv6
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IPv6 source address to be matched by this
|
|
ACL rule, subject to the aristaIpv6AclRuleSrcMask value."
|
|
::= { aristaIpv6AclRuleEntry 3 }
|
|
|
|
aristaIpv6AclRuleSrcMask OBJECT-TYPE
|
|
SYNTAX InetAddressIPv6
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IPv6 source-address mask in this ACL
|
|
rule. For the source address of the packet to match the rule,
|
|
the bitwise logical-AND of the address and this mask must be
|
|
equal to the value of aristaIpv6AclRuleSrc."
|
|
::= { aristaIpv6AclRuleEntry 4 }
|
|
|
|
aristaIpv6AclRuleDest OBJECT-TYPE
|
|
SYNTAX InetAddressIPv6
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IPv6 destination address to be matched by
|
|
this ACL rule, subject to the aristaIpv6AclRuleDestMask value."
|
|
::= { aristaIpv6AclRuleEntry 5 }
|
|
|
|
aristaIpv6AclRuleDestMask OBJECT-TYPE
|
|
SYNTAX InetAddressIPv6
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IPv6 destination-address mask in this ACL
|
|
rule. For the destination address of the packet to match the rule,
|
|
the bitwise logical-AND of the address and this mask must be
|
|
equal to the value of aristaIpv6AclRuleDest."
|
|
::= { aristaIpv6AclRuleEntry 6 }
|
|
|
|
aristaIpv6AclRuleL4PortSrcOper OBJECT-TYPE
|
|
SYNTAX AristaAclRangeOperator
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute determines TCP/UDP source-port matching
|
|
behavior in this ACL rule. If this attribute has value
|
|
'any(0)', then attribute aristaIpv6AclRuleL4PortsSrc is
|
|
ignored."
|
|
::= { aristaIpv6AclRuleEntry 7 }
|
|
|
|
aristaIpv6AclRuleL4PortsSrc OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is a list of TCP/UDP source ports to be
|
|
matched in this ACL rule. They are represented as decimal
|
|
strings, separated by spaces. A maximum of 10 ports is
|
|
allowed. Attribute aristaIpv6AclRuleL4PortSrcOper determines
|
|
how the source ports are matched in this ACL rule."
|
|
::= { aristaIpv6AclRuleEntry 8 }
|
|
|
|
aristaIpv6AclRuleL4PortDestOper OBJECT-TYPE
|
|
SYNTAX AristaAclRangeOperator
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute determines TCP/UDP destination-port matching
|
|
behavior in this ACL rule. If this attribute has value
|
|
'any(0)', then attribute aristaIpv6AclRuleL4PortsDest is
|
|
ignored."
|
|
::= { aristaIpv6AclRuleEntry 9 }
|
|
|
|
aristaIpv6AclRuleL4PortsDest OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..60))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is a list of TCP/UDP destination ports to be
|
|
matched in this ACL rule. They are represented as decimal
|
|
strings, separated by spaces. A maximum of 10 ports is
|
|
allowed. Attribute aristaIpv6AclRuleL4PortDestOper determines
|
|
how the destination ports are matched in this ACL rule."
|
|
::= { aristaIpv6AclRuleEntry 10 }
|
|
|
|
aristaIpv6AclRuleHopLimitOper OBJECT-TYPE
|
|
SYNTAX AristaAclRangeOperator
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IPv6 Hop Limit operation code used in
|
|
this ACL rule. Combined with attribute
|
|
aristaIpv6AclRuleHopLimit, it specifies the IPv6 Hop Limit
|
|
matching behavior in this ACL rule."
|
|
::= { aristaIpv6AclRuleEntry 11 }
|
|
|
|
aristaIpv6AclRuleHopLimit OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..255)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the IPv6 Hop Limit value in this ACL
|
|
rule. Attribute aristaIpv6AclRuleHopLimitOper determines how
|
|
the Hop Limit values is matched in this ACL rule."
|
|
::= { aristaIpv6AclRuleEntry 12 }
|
|
|
|
aristaIpv6AclRuleTcpFlags OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
fin(0),
|
|
syn(1),
|
|
rst(2),
|
|
psh(3),
|
|
ack(4),
|
|
urg(5)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute describes TCP flags that are matched by this
|
|
ACL rule."
|
|
::= { aristaIpv6AclRuleEntry 13 }
|
|
|
|
aristaIpv6AclRuleEstablished OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if this ACL rule matches
|
|
existing TCP connections; otherwise, the value is 'false(2)'."
|
|
::= { aristaIpv6AclRuleEntry 14 }
|
|
|
|
aristaIpv6AclRuleIcmpType OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the ICMP type that is matched by this ACL
|
|
rule. The attribute is ignored in the ACL rule if the value is
|
|
65535."
|
|
::= { aristaIpv6AclRuleEntry 15 }
|
|
|
|
aristaIpv6AclRuleIcmpCode OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..65535)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the ICMP code that is matched by this ACL
|
|
rule. The attribute is ignored in the ACL rule if the value is
|
|
65535."
|
|
::= { aristaIpv6AclRuleEntry 16 }
|
|
|
|
aristaIpv6AclRuleAction OBJECT-TYPE
|
|
SYNTAX AristaAclRuleAction
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the action applied to this ACL rule."
|
|
::= { aristaIpv6AclRuleEntry 17 }
|
|
|
|
aristaIpv6AclRuleLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute has value 'true(1)' if logging is required in
|
|
this ACL rule; otherwise, the value is 'false(2)'."
|
|
::= { aristaIpv6AclRuleEntry 18 }
|
|
|
|
aristaIpv6AclRuleRemark OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..127))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the remark string applied to this ACL rule."
|
|
::= { aristaIpv6AclRuleEntry 19 }
|
|
|
|
aristaIpv6AclRuleStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AristaIpv6AclRuleStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table that contains statistics information for IPv6 ACL rules."
|
|
::= { aristaIpv6Acl 3 }
|
|
|
|
aristaIpv6AclRuleStatsEntry OBJECT-TYPE
|
|
SYNTAX AristaIpv6AclRuleStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics for IPv6 ACL rules."
|
|
INDEX { aristaIpv6AclRuleTimeMark,
|
|
aristaIpv6AclName,
|
|
aristaIpv6AclRuleSeqId }
|
|
::= { aristaIpv6AclRuleStatsTable 1 }
|
|
|
|
AristaIpv6AclRuleStatsEntry ::=
|
|
SEQUENCE {
|
|
aristaIpv6AclRuleTimeMark TimeFilter,
|
|
aristaIpv6AclRuleStatsPktCount Counter64,
|
|
aristaIpv6AclRuleStatsLastUpdateTime TimeStamp
|
|
}
|
|
|
|
aristaIpv6AclRuleTimeMark OBJECT-TYPE
|
|
SYNTAX TimeFilter
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A TimeFilter for this entry. See the TimeFilter textual
|
|
convention to see how this works."
|
|
::= { aristaIpv6AclRuleStatsEntry 1 }
|
|
|
|
aristaIpv6AclRuleStatsPktCount OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This attribute is the number of packets that this ACL rule
|
|
matched."
|
|
::= { aristaIpv6AclRuleStatsEntry 2 }
|
|
|
|
aristaIpv6AclRuleStatsLastUpdateTime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of sysUpTime at the time the
|
|
aristaIpv6AclRuleStatsPktCount was last updated for this ACL
|
|
rule."
|
|
::= { aristaIpv6AclRuleStatsEntry 3 }
|
|
|
|
--
|
|
-- conformance information
|
|
--
|
|
|
|
aristaAclCompliances OBJECT IDENTIFIER ::= { aristaAclConformance 1 }
|
|
aristaAclGroups OBJECT IDENTIFIER ::= { aristaAclConformance 2 }
|
|
|
|
-- Compliance statements
|
|
aristaAclCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for Arista switches that support
|
|
Access Control Lists (ACLs)."
|
|
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { aristaAclGroup }
|
|
|
|
::= { aristaAclCompliances 1 }
|
|
|
|
-- Units of conformance
|
|
aristaAclGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
aristaAclDpSupportFlags,
|
|
aristaIpAclReadOnly, aristaIpAclStatsEnabled,
|
|
aristaIpAclCountersIncomplete,
|
|
aristaIpAclRuleProto, aristaIpAclRuleSrc,
|
|
aristaIpAclRuleSrcMask, aristaIpAclRuleDest,
|
|
aristaIpAclRuleDestMask, aristaIpAclRuleL4PortSrcOper,
|
|
aristaIpAclRuleL4PortsSrc, aristaIpAclRuleL4PortDestOper,
|
|
aristaIpAclRuleL4PortsDest, aristaIpAclRuleTtlOper,
|
|
aristaIpAclRuleTtl, aristaIpAclRuleTracked,
|
|
aristaIpAclRuleFragments, aristaIpAclRuleTcpFlags,
|
|
aristaIpAclRuleEstablished, aristaIpAclRuleIcmpType,
|
|
aristaIpAclRuleIcmpCode, aristaIpAclRuleAction,
|
|
aristaIpAclRuleLog, aristaIpAclRuleRemark,
|
|
aristaIpAclRuleStatsPktCount,
|
|
aristaIpAclRuleStatsLastUpdateTime,
|
|
aristaMacAclReadOnly,
|
|
aristaMacAclStatsEnabled, aristaMacAclCountersIncomplete,
|
|
aristaMacAclRuleSrc,
|
|
aristaMacAclRuleSrcMask, aristaMacAclRuleDest,
|
|
aristaMacAclRuleDestMask, aristaMacAclRuleProto,
|
|
aristaMacAclRuleAction, aristaMacAclRuleLog,
|
|
aristaMacAclRuleRemark, aristaMacAclRuleStatsPktCount,
|
|
aristaMacAclRuleStatsLastUpdateTime,
|
|
aristaIpv6AclReadOnly,
|
|
aristaIpv6AclStatsEnabled,aristaIpv6AclCountersIncomplete,
|
|
aristaIpv6AclRuleProto,
|
|
aristaIpv6AclRuleSrc, aristaIpv6AclRuleSrcMask,
|
|
aristaIpv6AclRuleDest, aristaIpv6AclRuleDestMask,
|
|
aristaIpv6AclRuleL4PortSrcOper,
|
|
aristaIpv6AclRuleL4PortsSrc,
|
|
aristaIpv6AclRuleL4PortDestOper,
|
|
aristaIpv6AclRuleL4PortsDest,
|
|
aristaIpv6AclRuleHopLimitOper, aristaIpv6AclRuleHopLimit,
|
|
aristaIpv6AclRuleTcpFlags, aristaIpv6AclRuleEstablished,
|
|
aristaIpv6AclRuleIcmpType, aristaIpv6AclRuleIcmpCode,
|
|
aristaIpv6AclRuleAction, aristaIpv6AclRuleLog,
|
|
aristaIpv6AclRuleRemark, aristaIpv6AclRuleStatsPktCount,
|
|
aristaIpv6AclRuleStatsLastUpdateTime
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group of required ACL objects."
|
|
::= { aristaAclGroups 1 }
|
|
|
|
END
|