WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/huawei/HUAWEI-DSLAM-ACL-MIB

2488 lines
119 KiB
Plaintext
Raw Blame History

-- ============================================================================
-- Copyright (C) 2015 by HUAWEI TECHNOLOGIES. All rights reserved.
-- Description: The MIB is used for configuring ACL rules.An access control list (ACL)
-- is used to filter the specified data packets according to a series of
-- matching rules configured in the ACL packets so that undesired data
-- packets can be identified. By using the matching rules, network devices
-- can permit or deny the matching data packets to pass.
-- Reference:
-- Version: V3.32
-- ============================================================================
HUAWEI-DSLAM-ACL-MIB DEFINITIONS ::= BEGIN
IMPORTS
huaweiMgmt
FROM HUAWEI-MIB
IpAddress, Integer32, Unsigned32, Counter32, OBJECT-TYPE, MODULE-IDENTITY,NOTIFICATION-TYPE
FROM SNMPv2-SMI
RowStatus, TruthValue, MacAddress
FROM SNMPv2-TC;
hwAcl MODULE-IDENTITY
LAST-UPDATED "201508290000Z"
ORGANIZATION
"Huawei Technologies Co.,Ltd."
CONTACT-INFO
"Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
"
DESCRIPTION
"The MIB is used for configuring ACL rules. An access control list (ACL)
is used to filter the specified data packets according to a series of
matching rules configured in the ACL packets so that undesired data
packets can be identified. By using the matching rules, network devices
can permit or deny the matching data packets to pass."
-- Revision history
REVISION "201509140000Z"
DESCRIPTION "V3.32, modified the description of hwAclActiveDirection."
REVISION "201508290000Z"
DESCRIPTION "V3.31, modified the value range of hwAclActiveDirection."
REVISION "201507030000Z"
DESCRIPTION "V3.30, deleted hwAclActiveToCPU in hwAclActiveTable."
REVISION "201506270000Z"
DESCRIPTION "V3.29, added hwAclActiveToCPU in hwAclActiveTable."
REVISION "201407080000Z"
DESCRIPTION "V3.28, modified the description and value range of hwAclActiveAclIndex."
REVISION "201406100000Z"
DESCRIPTION "V3.27, modified the mib file name and the max-access of some leaves"
REVISION "201312310000Z"
DESCRIPTION "V3.26, modified the description of V3.25"
REVISION "201202100000Z"
DESCRIPTION "V3.25, modified the description of some leaves of hwAclNumGroupTable, hwAclAdvancedRuleTable,
hwAclLinkTable, hwAclUserTable, hwAclActiveTable."
REVISION "201109301200Z"
DESCRIPTION "V3.24, modified the description of hwAclActiveAclIndex."
REVISION "201109101200Z"
DESCRIPTION "V3.23, modified the description of hwAclActiveTable."
REVISION "201107211200Z"
DESCRIPTION "V3.22, added hwAclNumGroupAclType and hwAclNumGroupAclNumAllocMethod in hwAclNumGroupTable
to allocate the ACL group index automatically."
REVISION "201101170000Z"
DESCRIPTION "V3.21, added hwAclActiveIpv6AclNum and hwAclActiveIpv6AclSubitem in hwAclActiveTable,
modified data type definition and description of hwAclUserFrameType in hwAclUserEntry."
REVISION "201011200000Z"
DESCRIPTION "V3.20, modified the description of hwAclLinkVlanPri and hwAclLinkInnerVlanPri."
REVISION "201011090000Z"
DESCRIPTION "V3.19, modified the description of some leaves of hwAclNumGroupTable, hwAclBasicRuleTable
hwAclAdvancedRuleTable, hwAclLinkTable, hwAclUserTable, hwAclActiveTable."
REVISION "201007130000Z"
DESCRIPTION "V3.18, modified description."
REVISION "201004250000Z"
DESCRIPTION "V3.17, modified the description of all leaves."
REVISION "201003250000Z"
DESCRIPTION "V3.16, modified the description of all leaves."
REVISION "201002101100Z"
DESCRIPTION "V3.15, modified format of enumerations."
REVISION "201001181100Z"
DESCRIPTION "V3.14, added hwAclLinkInnerVlanPri and hwAclLinkSrcInnerVlanId in hwAclLinkTable.
Modified the description of hwAclUserFrameType's value."
REVISION "201001211500Z"
DESCRIPTION "V3.13, cleared compiling warning."
REVISION "200912241100Z"
DESCRIPTION "V3.12, modified datatype definition and description of objects."
REVISION "200912020000Z"
DESCRIPTION "V3.11, added hwAclUserPriority in hwAclUserTable, add hwAclLinkPriority in hwAclLinkTable,
added hwAclAdvancedPriority in hwAclAdvancedRuleTable, and added hwAclBasicPriority in hwAclBasicRuleTable."
REVISION "200810230000Z"
DESCRIPTION "V3.04, added hwAclUserFrameType in hwAclUserEntry."
REVISION "200803290000Z"
DESCRIPTION "V2.03, modified description of hwAclActiveIfIndex."
REVISION "200512130000Z"
DESCRIPTION "V2.00, initial revision."
::= { huaweiMgmt 1 }
-- 1.3.6.1.4.1.2011.5.1.1
hwAclMibObjects OBJECT IDENTIFIER ::= { hwAcl 1 }
-- 1.3.6.1.4.1.2011.5.1.1.2
hwAclNumGroupTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwAclNumGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the configured ACL rule groups in the system and basic information about each group,
such as the number of rules, steps, and ACL rule descriptions.
The index of this table is hwAclNumGroupAclNum.
"
::= { hwAclMibObjects 2 }
-- 1.3.6.1.4.1.2011.5.1.1.2.1
hwAclNumGroupEntry OBJECT-TYPE
SYNTAX HwAclNumGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the configured ACL rule groups in the system and basic information about each group,
such as the number of rules, steps, and ACL rule descriptions.
The index of this entry is hwAclNumGroupAclNum.
"
INDEX { hwAclNumGroupAclNum }
::= { hwAclNumGroupTable 1 }
HwAclNumGroupEntry ::=
SEQUENCE {
hwAclNumGroupAclNum
Integer32,
hwAclNumGroupMatchOrder
INTEGER,
hwAclNumGroupSubitemNum
Counter32,
hwAclNumGroupStep
Integer32,
hwAclNumGroupDescription
OCTET STRING,
hwAclNumGroupCountClear
INTEGER,
hwAclNumGroupRowStatus
RowStatus,
hwAclNumGroupAclType
INTEGER,
hwAclNumGroupAclNumAllocMethod
INTEGER
}
-- 1.3.6.1.4.1.2011.5.1.1.2.1.1
hwAclNumGroupAclNum OBJECT-TYPE
SYNTAX Integer32 (-1|2000..5999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Uniquely identifies an ACL rule group.
Range: 2000-5999, -1
The ACL rule groups with indexes ranging from 2000 to 2999 are basic ACL rule groups.
When hwAclBasicRuleTable is used to create basic ACL rules,
a basic ACL rule group with an index of the specified hwAclBasicAclNum value must be created through hwAclNumGroupTable.
The ACL rule groups with indexes ranging from 3000 to 3999 are advanced ACL rule groups.
When hwAclAdvancedRuleTable is used to create advanced ACL rule,
an advanced ACL rule group with an index of the specified hwAclAdvancedAclNum value must be created through hwAclNumGroupTable.
The ACL rule groups with indexes ranging from 4000 to 4999 are L2 ACL rule groups.
When hwAclLinkTable is used to create layer 2 ACL rules,
layer 2 ACL rule group with an index of the specified hwAclLinkAclNum value must be created through hwAclNumGroupTable.
The ACL rule groups with indexes ranging from 5000 to 5999 are user-defined ACL rule groups.
When hwAclUserTable is used to create user-defined ACL rules,
a user-defined ACL rule group with an index of the specified hwAclUserAclNum value must be created through hwAclNumGroupTable.
The value -1 means to allocate the group index automatically, which is only valid in the set operation.
"
::= { hwAclNumGroupEntry 1 }
-- 1.3.6.1.4.1.2011.5.1.1.2.1.2
hwAclNumGroupMatchOrder OBJECT-TYPE
SYNTAX INTEGER
{
config(1),
auto(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the priority order of an ACL rule group.
Options:
1. config(1) -the priority order of an ACL rule group is configuration order
2. auto(2) -the priority order of an ACL rule group is auto
Currently, this leaf is read-only. The value is fixed to config(1), that is, the configuration order.
"
::= { hwAclNumGroupEntry 2 }
-- 1.3.6.1.4.1.2011.5.1.1.2.1.3
hwAclNumGroupSubitemNum OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of ACL rules in an ACL rule group. This leaf is read-only.
The value increases by one when an ACL rule is added to the ACL rule group.
"
::= { hwAclNumGroupEntry 3 }
-- 1.3.6.1.4.1.2011.5.1.1.2.1.4
hwAclNumGroupStep OBJECT-TYPE
SYNTAX Integer32 (1..20)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the step of adding ACL rules to an ACL rule group.
Range: 1-20
When an ACL rule is added and its ID is not specified, the ID of the ACL rule is: step+last ACL rule ID.
If a user does not enter a value for hwAclNumGroupStep, the system uses the value 5 by default.
"
DEFVAL { 5 }
::= { hwAclNumGroupEntry 4 }
-- 1.3.6.1.4.1.2011.5.1.1.2.1.5
hwAclNumGroupDescription OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..127))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the description of an ACL rule group. It is used for users to identify different ACL rule groups.
Up to 127 characters are supported. If hwAclNumGroupDescription is not set, the description is null by default.
"
::= { hwAclNumGroupEntry 5 }
-- 1.3.6.1.4.1.2011.5.1.1.2.1.6
hwAclNumGroupCountClear OBJECT-TYPE
SYNTAX INTEGER
{
cleared(1),
nouse(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Used for clearing the software statistics of an ACL rule group.
Options:
1. cleared(1) -clear the software statistics of an ACL rule group
2. nouse(2) -indicates no operation
To clear the software statistics of an ACL rule group,
set hwAclNumGroupCountClear to cleared(1) and hwAclNumGroupRowStatus to createAndGo(4).
When this leaf is queried, the value is fixed to cleared(1).
"
::= { hwAclNumGroupEntry 6 }
-- 1.3.6.1.4.1.2011.5.1.1.2.1.7
hwAclNumGroupRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status.
Options:
1. active(1) -when this leaf is queried, the value is fixed to active(1).
2. createAndGo(4) -create an ACL rule group
3. destroy(6) -delete an ACL rule group
It is used for creating or deleting an ACL rule group, and clearing the software statistics of an ACL rule group.
To create an ACL rule group, set hwAclNumGroupRowStatus to createAndGo(4).
The hwAclNumGroupStep and hwAclNumGroupDescription parameters are optional.
To delete an ACL rule group, set hwAclNumGroupRowStatus to destroy(6).
To clear the software statistics of an ACL rule group,
set hwAclNumGroupCountClear to cleared(1) and hwAclNumGroupRowStatus to createAndGo(4).
When this leaf is queried, the value is fixed to active(1).
"
::= { hwAclNumGroupEntry 7 }
-- 1.3.6.1.4.1.2011.5.1.1.2.1.8
hwAclNumGroupAclType OBJECT-TYPE
SYNTAX INTEGER
{
basicAcl(2),
advAcl(3),
linkAcl(4),
userAcl(5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"indicates the type of the ACL group.
Options:
1. basicAcl(2) -Indicates that the type of the ACL group is basic.
2. advAcl(3) -Indicates that the type of the ACL group is advanced.
3. linkAcl(4) -Indicates that the type of the ACL group is link.
4. userAcl(5) -Indicates that the type of the ACL group is user-defined.
"
::= { hwAclNumGroupEntry 8 }
-- 1.3.6.1.4.1.2011.5.1.1.2.1.9
hwAclNumGroupAclNumAllocMethod OBJECT-TYPE
SYNTAX INTEGER
{
minFreeId(1),
maxFreeId(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"indicates the method of allocating the ACL group index automatically.
When this leaf is queried, the value is fixed to minFreeId(1).
Options:
1. minFreeId(1) -means to allocate the ACL group index from the minimal free index.
2. maxFreeId(2) -means to allocate the ACL group index from the maximal free index.
Default: minFreeId(1)
"
::= { hwAclNumGroupEntry 9 }
-- 1.3.6.1.4.1.2011.5.1.1.4
hwAclBasicRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwAclBasicRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about a basic ACL rule in a basic ACL rule group,
including the source IP address, mask, and other attributes of the rule.
The indexes of this table are hwAclBasicAclNum and hwAclBasicSubitem.
hwAclBasicAclNum is the ID of a basic ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable.
hwAclBasicSubitem is the ID of a basic ACL rule in the basic ACL rule group.
"
::= { hwAclMibObjects 4 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1
hwAclBasicRuleEntry OBJECT-TYPE
SYNTAX HwAclBasicRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about a basic ACL rule in a basic ACL rule group,
including the source IP address, mask, and other attributes of the rule.
The indexes of this entry are hwAclBasicAclNum and hwAclBasicSubitem.
hwAclBasicAclNum is the ID of a basic ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable.
hwAclBasicSubitem is the ID of a basic ACL rule in the basic ACL rule group.
"
INDEX { hwAclBasicAclNum, hwAclBasicSubitem }
::= { hwAclBasicRuleTable 1 }
HwAclBasicRuleEntry ::=
SEQUENCE {
hwAclBasicAclNum
Integer32,
hwAclBasicSubitem
Unsigned32,
hwAclBasicAct
INTEGER,
hwAclBasicSrcIp
IpAddress,
hwAclBasicSrcWild
IpAddress,
hwAclBasicTimeRangeIndex
Integer32,
hwAclBasicFragments
TruthValue,
hwAclBasicLog
TruthValue,
hwAclBasicEnable
TruthValue,
hwAclBasicCount
Counter32,
hwAclBasicCountClear
INTEGER,
hwAclBasicRowStatus
RowStatus,
hwAclBasicPriority
Integer32
}
-- 1.3.6.1.4.1.2011.5.1.1.4.1.1
hwAclBasicAclNum OBJECT-TYPE
SYNTAX Integer32 (2000..2999)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Uniquely identifies a basic ACL rule group.
Range: 2000-2999
Make sure that the ID of the ACL rule group is already created in hwAclNumGroupTable.
"
::= { hwAclBasicRuleEntry 1 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.2
hwAclBasicSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Describes the ID of a basic ACL rule in the basic ACL rule group, uniquely identifying a basic ACL rule.
Range: 0-4294967295
In the create operation, if the value is 4294967295, the ID of a basic ACL rule is generated automatically.
Otherwise, the ID of a basic ACL rule is already created according to the specified value.
The automatically generated ID of an ACL rule depends on the value of hwAclNumGroupStep,
which corresponds to a basic ACL rule group in hwAclNumGroupTable.
The generated ID of an ACL rule equals the last basic ACL rule ID plus the value of hwAclNumGroupStep.
"
::= { hwAclBasicRuleEntry 2 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.3
hwAclBasicAct OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the action of an ACL rule.
Options:
1. permit(1) -indicates that the data packets that meet the conditions can pass
2. deny(2) -indicates that the data packets that meet the conditions are discarded
"
::= { hwAclBasicRuleEntry 3 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.4
hwAclBasicSrcIp OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the source IP address or network segment of data frames that needs to match a basic ACL rule.
You can set or not set it. If you do not set it, any source IP address matches the basic ACL rule.
"
::= { hwAclBasicRuleEntry 4 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.5
hwAclBasicSrcWild OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the mask of the source IP address or network segment of data frames that needs to match a basic ACL rule.
To match the basic ACL rule with a subnet, use this parameter.
The value of this parameter is the inverse mask of the source IP address.
For example, 0.0.0.255 indicates that the first three bytes of the source IP address are the same as the value of hwAclBasicSrcIp.
This leaf can be specified or not specified together with hwAclBasicSrcIp.
If hwAclBasicSrcIp is configured, hwAclBasicSrcWild must be configured.
This leaf, in the inverse mask mode, together with hwAclBasicSrcIp determines the source IP address segment to be matched.
"
::= { hwAclBasicRuleEntry 5 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.6
hwAclBasicTimeRangeIndex OBJECT-TYPE
SYNTAX Integer32 (0..256)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the time range index of a basic ACL rule.
It is used when the effective time of a basic ACL rule needs to be configured.
By default, the value is 0, which indicates invalid time.
The index depends on hwTrngIndex in hwTrngCreateTimerangeTable.
The value of hwAclBasicTimeRangeIndex must be created in hwTrngCreateTimerangeTable.
"
DEFVAL { 0 }
::= { hwAclBasicRuleEntry 6 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.7
hwAclBasicFragments OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes whether a basic ACL rule is effective on only non-tail fragment packets.
Options:
1. true(1) -indicates that a basic ACL rule is effective on only non-tail fragment packets
2. false(2) -indicates that a basic ACL rule is effective on only non-fragment packets or tail packets of fragment packets
Default: false(2)
"
::= { hwAclBasicRuleEntry 7 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.8
hwAclBasicLog OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes whether to record the log of a basic ACL rule.
Options:
1. true(1) -records the log of a basic ACL rule
2. false(2) -does not record the log of a basic ACL rule
Currently, the log record function is not supported, and thus the value of this leaf does not take effect.
"
::= { hwAclBasicRuleEntry 8 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.9
hwAclBasicEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes whether a basic ACL rule is valid.
Options:
1. true(1) -a basic ACL rule is valid
2. false(2) -a basic ACL rule is invalid
If the basic ACL rule is associated with a time range parameter through hwAclBasicTimeRangeIndex
and the current time is within the defined time range, the value is true(1), which indicates that the basic ACL rule is valid.
If the current time is not within the defined time range, the value is false(2), which indicates that the basic ACL rule is invalid.
If the basic ACL rule is not associated with a time range parameter, the basic ACL rule is valid all the time.
"
::= { hwAclBasicRuleEntry 9 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.10
hwAclBasicCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes the statistics of packets that match the basic ACL rule.
"
::= { hwAclBasicRuleEntry 10 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.11
hwAclBasicCountClear OBJECT-TYPE
SYNTAX INTEGER
{
cleared(1),
nouse(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Clears the statistics of packets that match the basic ACL rule.
Options:
1. cleared(1) -clear the statistics of packets that match the basic ACL rules
2. nouse(2) -indicates no operation
To clear the statistics of packets that match the basic ACL rules,
set hwAclBasicCountClear to cleared(1) and hwAclBasicRowStatus to createAndGo(4).
When this leaf is queried, the value is fixed to cleared(1).
"
::= { hwAclBasicRuleEntry 11 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.12
hwAclBasicRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status.
Options:
1. active(1) -when this leaf is queried, the value is fixed to active(1).
2. createAndGo(4) -create a basic ACL rule
3. destroy(6) -delete a basic ACL rule and clear the packet statistics of a basic ACL rule
It is used for creating or deleting a basic ACL rule and clearing the packet statistics of a basic ACL rule.
To create a basic ACL rule, enter hwAclBasicAct and set hwAclBasicRowStatus to createAndGo(4).
hwAclBasicSrcIp, hwAclBasicSrcWild, hwAclBasicTimeRangeIndex and hwAclBasicFragments are optional.
To delete a basic ACL rule, set hwAclBasicRowStatus to destroy(6).
To clear the packet statistics of a basic ACL rule, you must set hwAclBasicCountClear to cleared(1)
and hwAclBasicRowStatus to createAndGo(4).
When this leaf is queried, the value is fixed to active(1).
"
::= { hwAclBasicRuleEntry 12 }
-- 1.3.6.1.4.1.2011.5.1.1.4.1.13
hwAclBasicPriority OBJECT-TYPE
SYNTAX Integer32 (0..9)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the priority of a basic ACL rule.
Range: 0-9
Default: 0
The priority ascends with the value.
When multiple rules are matched at the same time, the rule with the highest priority prevails.
If multiple rules are matched and the priorities are the same,
software does not manage the rules and the hardware logic determines which priority prevails.
To prevent such a case, you can set different priorities for the rules.
"
::= { hwAclBasicRuleEntry 13 }
-- 1.3.6.1.4.1.2011.5.1.1.5
hwAclAdvancedRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwAclAdvancedRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about an advanced ACL rule in an advanced ACL rule group.
The indexes of this table are hwAclAdvancedAclNum and hwAclAdvancedSubitem.
hwAclAdvancedAclNum is the ID of an advanced ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable.
hwAclAdvancedSubitem is the ID of an advanced ACL rule in the advance ACL rule group.
"
::= { hwAclMibObjects 5 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1
hwAclAdvancedRuleEntry OBJECT-TYPE
SYNTAX HwAclAdvancedRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about an advanced ACL rule in an advanced ACL rule group.
The indexes of this entry are hwAclAdvancedAclNum and hwAclAdvancedSubitem.
hwAclAdvancedAclNum is the ID of an advanced ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable.
hwAclAdvancedSubitem is the ID of an advanced ACL rule in the advance ACL rule group.
"
INDEX { hwAclAdvancedAclNum, hwAclAdvancedSubitem }
::= { hwAclAdvancedRuleTable 1 }
HwAclAdvancedRuleEntry ::=
SEQUENCE {
hwAclAdvancedAclNum
Integer32,
hwAclAdvancedSubitem
Unsigned32,
hwAclAdvancedAct
INTEGER,
hwAclAdvancedProtocol
Integer32,
hwAclAdvancedSrcIp
IpAddress,
hwAclAdvancedSrcWild
IpAddress,
hwAclAdvancedSrcOp
INTEGER,
hwAclAdvancedSrcPort1
Integer32,
hwAclAdvancedSrcPort2
Integer32,
hwAclAdvancedDestIp
IpAddress,
hwAclAdvancedDestWild
IpAddress,
hwAclAdvancedDestOp
INTEGER,
hwAclAdvancedDestPort1
Integer32,
hwAclAdvancedDestPort2
Integer32,
hwAclAdvancedPrecedence
INTEGER,
hwAclAdvancedTos
Integer32,
hwAclAdvancedDscp
Integer32,
hwAclAdvancedEstablish
TruthValue,
hwAclAdvancedTimeRangeIndex
Integer32,
hwAclAdvancedIcmpType
Integer32,
hwAclAdvancedIcmpCode
Integer32,
hwAclAdvancedFragments
TruthValue,
hwAclAdvancedLog
TruthValue,
hwAclAdvancedEnable
TruthValue,
hwAclAdvancedCount
Counter32,
hwAclAdvancedCountClear
INTEGER,
hwAclAdvancedRowStatus
RowStatus,
hwAclAdvancedPriority
Integer32
}
-- 1.3.6.1.4.1.2011.5.1.1.5.1.1
hwAclAdvancedAclNum OBJECT-TYPE
SYNTAX Integer32 (3000..3999)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Uniquely identifies an advanced ACL rule group.
Range: 3000-3999
Make sure that the ID of the ACL rule group is already created in hwAclNumGroupTable.
"
::= { hwAclAdvancedRuleEntry 1 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.2
hwAclAdvancedSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Describes the ID of an advanced ACL rule in an advanced ACL rule group, uniquely identifying an advanced ACL rule.
Range: 0-4294967295
In the create operation, if the value is 4294967295, the ID of an advanced ACL rule is generated automatically.
Otherwise, the ID of an advanced ACL rule is already created according to the specified value.
The automatically generated ID of an advanced ACL rule depends on the value of hwAclNumGroupStep,
which corresponds to an advanced ACL rule group in hwAclNumGroupTable.
The generated ID of an ACL rule last basic ACL rule ID plus the value of hwAclNumGroupStep.
"
::= { hwAclAdvancedRuleEntry 2 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.3
hwAclAdvancedAct OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the action of an advanced ACL rule.
Options:
1. permit(1) -indicates that the data packets that meet the conditions can pass
2. deny(2) -indicates that the data packets that meet the conditions are discarded
"
::= { hwAclAdvancedRuleEntry 3 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.4
hwAclAdvancedProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the protocol of IP packets that matches an advanced ACL rule.
Range: 0-255
Default: 0
If the value is not specified for an advanced ACL rule, the invalid value 0 is obtained in the query operation.
The common types include:
TCP: indicates the Transmission Control Protocol with protocol ID 6
UDP: indicates the User Datagram Protocol with protocol ID 17
ICMP: indicates the Internet Control Message Protocol with protocol ID 1
GRE: indicates the Generic Routing Encapsulation with protocol ID 47
IPinIP: indicates the IP in IP Encapsulation with protocol ID 4
"
DEFVAL { 0 }
::= { hwAclAdvancedRuleEntry 4 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.5
hwAclAdvancedSrcIp OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the source IP address or network segment of data frames that needs to match an advanced ACL rule.
You can set or not set it. If you do not set it, any source IP address matches the basic ACL rule.
"
::= { hwAclAdvancedRuleEntry 5 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.6
hwAclAdvancedSrcWild OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the mask of the source IP address or network segment of data frames that needs to match an advanced ACL rule.
To match an advanced ACL rule with a subnet, use this parameter.
The value of this parameter is the inverse mask of the source IP address.
For example, 0.0.0.255 indicates that the first three bytes of the source IP address are the same as the value of hwAclAdvancedSrcIp.
This leaf can be specified or not specified together with hwAclAdvancedSrcIp.
If hwAclAdvancedSrcIp is configured, hwAclAdvancedSrcWild must be configured.
This leaf, in the inverse mask mode, together with hwAclAdvancedSrcIp determines the source IP address segment to be matched.
"
::= { hwAclAdvancedRuleEntry 6 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.7
hwAclAdvancedSrcOp OBJECT-TYPE
SYNTAX INTEGER
{
invalid(0),
lt(1),
eq(2),
gt(3),
neq(4),
range(5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation types of comparing packet source ports when the type of hwAclAdvancedProtocol is set to TCP or UDP.
Range: 0-5
Options:
1. invalid(0) -indicates an invalid field.
2. lt(1) -indicates '<'
3. eq(2) -indicates '='
4. gt(3) -indicates '>'
5. neq(4) -indicates '!='
6. range(5) -indicates within the range
Enter hwAclAdvancedSrcPort1 and hwAclAdvancedSrcPort2 for the comparison operation only when range(5) is entered.
For other values, enter only hwAclAdvancedSrcPort1.
"
::= { hwAclAdvancedRuleEntry 7 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.8
hwAclAdvancedSrcPort1 OBJECT-TYPE
SYNTAX Integer32 (0..65535|65536)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation value of port 1 in the comparison operation types of the source port in hwAclAdvancedSrcOp
when hwAclAdvancedProtocol is set to TCP or UDP.
Range: 0-65535, 65536
For example, when hwAclAdvancedSrcOp is set to eq(2) (=),
it indicates that the source port ID of matched packets equals to the value of hwAclAdvancedSrcPort1.
If the value is not specified for an advanced ACL rule, the invalid value 65536 is obtained in the query operation.
The number in the brackets is the port IDs that are commonly used.
The port names and meanings of different port names are as follows:
bgp: Border Gateway Protocol(179)
chargen: Character generator (19)
cmd: Remote commands (514)
daytime: Daytime (13)
discard: Discard (9)
domain: Domain Name Service (53)
echo: Echo (7)
exec: Exec (512)
finger: Finger (79)
ftp: File Transfer Protocol (21)
ftp-data: FTP data connections (20)
gopher: Gopher (70)
hostname: NIC hostname server (101)
irc: Internet Relay Chat (194)
klogin: Kerberos login (543)
kshell: Kerberos shell (544)
login: Login (rlogin, 513)
lpd: Printer service (515)
nntp: Network News Transport Protocol (119)
pop2: Post Office Protocol v2 (109)
pop3: Post Office Protocol v3 (110)
smtp: Simple Mail Transport Protocol (25)
sunrpc: SUN Remote Procedure Call (111)
tacacs: TAC Access Control System (49)
talk: Talk (517)
telnet: Telnet (23)
time: Time (37)
uucp: Unix-to-Unix Copy Program (540)
whois: Nicname (43)
www: World Wide Web (HTTP, 80)
"
::= { hwAclAdvancedRuleEntry 8 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.9
hwAclAdvancedSrcPort2 OBJECT-TYPE
SYNTAX Integer32 (0..65535|65536)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation value of port 2 in the comparison operation types of the source port in hwAclAdvancedSrcOp
when hwAclAdvancedProtocol is set to TCP or UDP.
Range: 0-65535, 65536
The operation value of port 2 is needed only when hwAclAdvancedSrcOp is set to range(5).
It is dedicated to describe the upper threshold of ports.
If the value is not specified for an advanced ACL rule , the invalid value 65536 is obtained in the query operation.
For the port IDs that are commonly used, port names and meanings of different port names, see the descriptions in hwAclAdvancedSrcPort1.
"
::= { hwAclAdvancedRuleEntry 9 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.10
hwAclAdvancedDestIp OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the destination IP address or network segment of data frames that an advanced ACL rule needs to match.
You can set or not set it. If you do not set it, any destination IP address matches the advanced ACL rule.
"
::= { hwAclAdvancedRuleEntry 10 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.11
hwAclAdvancedDestWild OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the mask of the destination IP address or network segment of data frames that an advanced ACL rule needs to match.
To match an advanced ACL rule with a subnet, use this parameter.
The value of this parameter is the inverse mask of the destination IP address.
For example, 0.0.0.255 indicates that the first three bytes of the source IP address are the same as the value of hwAclAdvancedDestIp.
This leaf can be specified or not specified together with hwAclAdvancedDestIp.
If hwAclAdvancedDestIp is configured, hwAclAdvancedDestWild must be configured.
This leaf, in the inverse mask mode, together with hwAclAdvancedDestIp, determines the destination IP address segment to be matched.
"
::= { hwAclAdvancedRuleEntry 11 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.12
hwAclAdvancedDestOp OBJECT-TYPE
SYNTAX INTEGER
{
invalid(0),
lt(1),
eq(2),
gt(3),
neq(4),
range(5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation type of comparing protocol destination ports when hwAclAdvancedProtocol is set to TCP or UDP.
Ranges: 0-5
Options:
1. invalid(0) -indicates an invalid field
2. lt(1) -indicates '<'
3. eq(2) -indicates '='
4. gt(3) -indicates '>'
5. neq(4) -indicates '!='
6. range(5) -indicates within the range
Enter hwAclAdvancedDestPort1 and hwAclAdvancedDestPort2 for the comparison operation only when range(5) is entered.
For other values, enter only hwAclAdvancedDestPort1.
"
::= { hwAclAdvancedRuleEntry 12 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.13
hwAclAdvancedDestPort1 OBJECT-TYPE
SYNTAX Integer32 (0..65535|65536)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation value of port 1 in the comparison operation types of the destination port in hwAclAdvancedDestOp
when hwAclAdvancedProtocol is set to TCP or UDP.
Range: 0-65535, 65536
For example, when hwAclAdvancedDestOp is set to eq(2) (=),
it indicates that the ID of the destination port that match packets equals to the value of hwAclAdvancedSrcPort1.
If the value is not specified for an advanced ACL rule, the invalid value 65536 is obtained in the query operation.
For the port IDs that are commonly used, port names and meanings of different port names, see the descriptions in hwAclAdvancedSrcPort1.
"
::= { hwAclAdvancedRuleEntry 13 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.14
hwAclAdvancedDestPort2 OBJECT-TYPE
SYNTAX Integer32 (0..65535|65536)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation value of port 2 in the comparison operation types of the destination port in hwAclAdvancedDestOp
when hwAclAdvancedProtocol is set to TCP or UDP.
Range: 0-65535, 65536
The operation value of port 2 is needed only when hwAclAdvancedDestOp is set to range(5).
It is dedicated to describe the upper threshold of ports.
If the value is not specified for an advanced ACL rule, the invalid value 65536 is obtained in the query operation.
For the port IDs that are commonly used, port names and meanings of different port names, see the descriptions in hwAclAdvancedSrcPort1.
"
::= { hwAclAdvancedRuleEntry 14 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.15
hwAclAdvancedPrecedence OBJECT-TYPE
SYNTAX INTEGER
{
routine(0),
priority(1),
immediate(2),
flash(3),
flashOverride(4),
critical(5),
internet(6),
network(7),
invalid(255)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the priority field of data frames that an advanced ACL rule needs to match.
If the value is not specified for an advanced ACL rule, the invalid value 255 is obtained in the query operation.
The meanings of the values are as follows:
Options:
1. routine(0) -routine priority
2. priority(1) -priority
3. immediate(2) -immediate priority
4. flash(3) -flash priority
5. flashOverride(4) -flash-override priority
6. critical(5) -critical priority
7. internet(6) -internetwork control priority
8. network(7) -network control priority
9. invalid(255) -invalid field
"
::= { hwAclAdvancedRuleEntry 15 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.16
hwAclAdvancedTos OBJECT-TYPE
SYNTAX Integer32 (0..15|255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the type of service (ToS) field of data frames that an advanced ACL rule needs to match.
Range: 0-15, 255
If the value is not specified for an advanced ACL rule, the invalid value 255 is obtained in the query operation.
The number in the brackets is the ToS value. The meanings of ToS names are as follows:
normal Normal service (0)
min-monetary-cost: the service with minimum monetary cost (1)
max-reliability: the service with maximum reliability (2)
max-throughput: the service with maximum throughput (4)
min-delay: the service with minimum delay (8)
"
::= { hwAclAdvancedRuleEntry 16 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.17
hwAclAdvancedDscp OBJECT-TYPE
SYNTAX Integer32 (0..63|255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the differentiated services code point (DSCP) value of data frames that an advanced ACL rule needs to match.
Range: 0-63, 255
If the value is not specified for an advanced ACL rule, the invalid value 255 is obtained in the query operation.
The number in the brackets is the DSCP value. The names and meanings of the DSCP names are as follows:
af1: service of Assured Forwarding 1 (10)
af2: service of Assured Forwarding 2 (18)
af3: service of Assured Forwarding 3 (26)
af4: service of Assured Forwarding 4 (34)
be: Best Effort service (0)
cs1: service of Class Seletor 1 (8)
cs2: service of Class Seletor 2 (16)
cs3: service of Class Seletor 3 (24)
cs4: service of Class Seletor 4 (32)
cs5: service of Class Seletor 5 (40)
cs6: service of Class Seletor 6 (48)
cs7: service of Class Seletor 7 (56)
ef: Expedited Forwarding service (46)
"
::= { hwAclAdvancedRuleEntry 17 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.18
hwAclAdvancedEstablish OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes whether to match the first SYN packet for TCP connection establishment when hwAclAdvancedProtocol is set to TCP.
When filter the packets for TCP connection establishment, use this parameter.
Options:
1. true(1) -indicates matching the first SYN packet for TCP connection establishment
2. false(2) -indicates not matching the first SYN packet for TCP connection establishment
Default: false(2)
"
::= { hwAclAdvancedRuleEntry 18 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.19
hwAclAdvancedTimeRangeIndex OBJECT-TYPE
SYNTAX Integer32 (0..256)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the time range index of an advanced ACL rule.
It is used when the effective time of an advanced ACL rule needs to be configured.
By default, the value is 0, which indicates invalid time. The index depends on hwTrngIndex in hwTrngCreateTimerangeTable.
The value of hwAclAdvancedTimeRangeIndex must be created in hwTrngCreateTimerangeTable.
"
::= { hwAclAdvancedRuleEntry 19 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.20
hwAclAdvancedIcmpType OBJECT-TYPE
SYNTAX Integer32 (0..255|256)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the ICMP type when packets are filtered by ICMP type and when hwAclAdvancedProtocol is set to ICMP.
Range: 0-255, 256
If the value is not specified for an advanced ACL rule, the invalid value 256 is obtained in the query operation.
Type: Indicates the ICMP packet type
Code: Indicates the ICMP code.
The meanings are as follows:
echo: Type=8, Code=0
echo-reply: Type=0, Code=0
fragmentneed-DFset: Type=3, Code=4
host-redirect: Type=5, Code=1
host-tos-redirect: Type=5, Code=3
host-unreachable: Type=3, Code=1
information-reply: Type=16, Code=0
information-request: Type=15, Code=0
net-redirect: Type=5, Code=0
net-tos-redirect: Type=5, Code=2
net-unreachable: Type=3, Code=0
parameter-problem: Type=12, Code=0
port-unreachable: Type=3, Code=3
protocol-unreachable: Type=3, Code=2
reassembly-timeout: Type=11, Code=1
source-quench: Type=4, Code=0
source-route-failed: Type=3, Code=5
timestamp-reply: Type=14, Code=0
timestamp-request: Type=13, Code=0
ttl-exceeded: Type=11, Code=0
"
::= { hwAclAdvancedRuleEntry 20 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.21
hwAclAdvancedIcmpCode OBJECT-TYPE
SYNTAX Integer32 (0..255|256)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes ICMP codes that the ICMP packets are filtered both by ICMP type and ICMP code when hwAclAdvancedProtocol is set to ICMP.
Range: 0-255, 256
If the value is not specified for an advanced ACL rule, the invalid value 256 is obtained in the query operation.
For the definition and meanings of ICMP codes, see the description in hwAclAdvancedIcmpType.
"
::= { hwAclAdvancedRuleEntry 21 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.22
hwAclAdvancedFragments OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes whether an advanced ACL rule is effective on only non-tail fragment packets.
Options:
1. true(1) -indicates that an advanced ACL rule is effective on only non-tail fragment packets
2. false(2) -indicates that an advanced ACL rule is effective on only non-fragment packets or tail packets of fragment packets
Default: false(2)
"
::= { hwAclAdvancedRuleEntry 22 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.23
hwAclAdvancedLog OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes whether to record the log flag byte of an advanced ACL rule.
Options:
1. true(1) -records the log flag byte of an advanced ACL rule
2. false(2) -does not recording the log flag byte of an advanced ACL rule
Currently, the log record function is not supported, and thus the values of this leaf is meaningless.
"
::= { hwAclAdvancedRuleEntry 23 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.24
hwAclAdvancedEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes whether an advanced ACL rule is valid.
Options:
1. true(1) -indicates that an advanced ACL rule is valid
2. false(2) -indicates that an advanced ACL rule is invalid
If the advanced ACL rule is associated with a time range parameter through hwAclBasicTimeRangeIndex
and the current time is within the defined time range, the value is true(1), which indicates validity.
If the current time is not within the defined time range, the value is false(2), which indicates invalidity.
If the advanced ACL rule is not associated with a time range parameter, the advanced ACL rule is valid all the time.
"
::= { hwAclAdvancedRuleEntry 24 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.25
hwAclAdvancedCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes the statistics of packets that match the advanced ACL rule.
"
::= { hwAclAdvancedRuleEntry 25 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.26
hwAclAdvancedCountClear OBJECT-TYPE
SYNTAX INTEGER
{
cleared(1),
nouse(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Clears the statistics of packets that match the advanced ACL rule.
Options:
1. cleared(1) -clear the statistics of packets that match the advanced ACL rule
2. nouse(2) -indicates no operation
To clear the statistics of packets that match the advanced ACL rules,
hwAclAdvancedCountClear must be set to cleared(1) and hwAclAdvancedRowStatus must be set to createAndGo(4).
When this leaf is queried, the value is fixed to cleared(1).
"
::= { hwAclAdvancedRuleEntry 26 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.27
hwAclAdvancedRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status.
Options:
1. active(1) -when this leaf is queried, the value is fixed to active(1).
2. createAndGo(4) -create an advanced ACL rule
3. destroy(6) -delete an advanced ACL rule and clear the packet statistics of an advanced ACL rule
It is used for creating or deleting an advanced ACL rule and clearing the packet statistics of an advanced ACL rule.
To create an advanced ACL rule, enter hwAclAdvancedAct and set hwAclAdvancedRowStatus to createAndGo(4).
Other parameters are optional. The operator of the source port and destination port and port 1 and port 2 take effect only
when the protocol type is specified as TCP or UDP.
Port 2 needs to be specified only when the port operator character is specified as a value range.
The IDs of the two ports are not differentiated, which are automatically adjusted after delivery.
hwAclAdvancedIcmpType and hwAclAdvancedIcmpCode are specified only when the protocol type is ICMP.
To delete an advanced ACL rule, set hwAclAdvancedRowStatus to destroy(6).
To clear the statistics of packets that match the advanced ACL rules,
set hwAclAdvancedCountClear to cleared(1) and hwAclAdvancedRowStatus to createAndGo(4).
When this leaf is queried, the value is fixed to active(1).
"
::= { hwAclAdvancedRuleEntry 27 }
-- 1.3.6.1.4.1.2011.5.1.1.5.1.28
hwAclAdvancedPriority OBJECT-TYPE
SYNTAX Integer32 (0..9)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the priority of advanced ACL rules.
Range: 0-9
Default: 0
The priority ascends with the value.
When multiple rules are matched at the same time, the rule with the highest priority prevails.
If multiple rules are matched and their priorities are the same,
software does not manage the rules and the hardware logic determines which priority prevails.
To prevent such a case, you can set different priorities for the rules.
"
::= { hwAclAdvancedRuleEntry 28 }
-- 1.3.6.1.4.1.2011.5.1.1.7
hwAclLinkTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwAclLinkEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about an L2 ACL rule in an L2 ACL rule group, including the MAC address and VLAN.
The indexes of this table are hwAclLinkAclNum and hwAclLinkSubitem.
hwAclLinkAclNum is the ID of an L2 ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable.
hwAclLinkSubitem is the ID of an L2 ACL rule in an L2 ACL rule group.
"
::= { hwAclMibObjects 7 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1
hwAclLinkEntry OBJECT-TYPE
SYNTAX HwAclLinkEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about an L2 ACL rule in an L2 ACL rule group, including the MAC address and VLAN.
The indexes of this entry are hwAclLinkAclNum and hwAclLinkSubitem.
hwAclLinkAclNum is the ID of an L2 ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable.
hwAclLinkSubitem is the ID of an L2 ACL rule in an L2 ACL rule group.
"
INDEX { hwAclLinkAclNum, hwAclLinkSubitem }
::= { hwAclLinkTable 1 }
HwAclLinkEntry ::=
SEQUENCE {
hwAclLinkAclNum
Integer32,
hwAclLinkSubitem
Unsigned32,
hwAclLinkAct
INTEGER,
hwAclLinkProtocol
Integer32,
hwAclLinkFormatType
INTEGER,
hwAclLinkVlanTag
INTEGER,
hwAclLinkVlanPri
INTEGER,
hwAclLinkSrcVlanId
Integer32,
hwAclLinkSrcMac
MacAddress,
hwAclLinkSrcMacWild
MacAddress,
hwAclLinkSrcIfIndex
Unsigned32,
hwAclLinkSrcAny
TruthValue,
hwAclLinkDestVlanId
Integer32,
hwAclLinkDestMac
MacAddress,
hwAclLinkDestMacWild
MacAddress,
hwAclLinkDestIfIndex
Unsigned32,
hwAclLinkDestAny
TruthValue,
hwAclLinkTimeRangeIndex
Integer32,
hwAclLinkEnable
TruthValue,
hwAclLinkRowStatus
RowStatus,
hwAclLinkPriority
Integer32,
hwAclLinkInnerVlanPri
INTEGER,
hwAclLinkSrcInnerVlanId
Integer32
}
-- 1.3.6.1.4.1.2011.5.1.1.7.1.1
hwAclLinkAclNum OBJECT-TYPE
SYNTAX Integer32 (4000..4999)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Uniquely identifies an L2 ACL rule group.
Range: 4000-4999
Make sure that the ID of the L2 ACL rule group is already created in hwAclNumGroupTable.
"
::= { hwAclLinkEntry 1 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.2
hwAclLinkSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Describes the ID of an L2 ACL rule, uniquely identifying an L2 ACL rule in an L2 ACL rule group.
Range: 0-4294967295
In the create operation, if the value is 4294967295, the ID of an L2 ACL rule is generated automatically.
Otherwise, the ID of an L2 ACL rule is already created according to the specified value.
The automatically generated ID of an L2 ACL rule depends on the value of hwAclNumGroupStep,
which corresponds to L2 ACL rule groups in hwAclNumGroupTable.
The generated ID of an L2 ACL rule last basic ACL rule ID plus the value of hwAclNumGroupStep.
"
::= { hwAclLinkEntry 2 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.3
hwAclLinkAct OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the value of an L2 ACL rule.
Options:
1. permit(1) -indicates that the data packets that meet the conditions can pass.
When you need to configure an L2 ACL rule for data packets that meet
the conditions to pass, user this value.
2. deny(2) -indicates that the data packets that meet the conditions are discarded.
When you need to configure an L2 ACL rule to discard data packets that meet the conditions
to pass, user this value.
"
::= { hwAclLinkEntry 3 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.4
hwAclLinkProtocol OBJECT-TYPE
SYNTAX Integer32 (1..65535|65536)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the protocol types of Ethernet packets that the L2 ACL rules need to match.
Range:1-65536
If the value of an L2 ACL rule is not specified, the invalid value 65536 is obtained in the query operation.
Common protocol types are as follows:
ip: 0x0800
arp: 0x0806
rarp: 0x8035
pppoe-control: 0x8863
pppoe-data: 0x8864
"
DEFVAL { 65536 }
::= { hwAclLinkEntry 4 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.5
hwAclLinkFormatType OBJECT-TYPE
SYNTAX INTEGER
{
invalid(0),
ethernetII(1),
snap(2),
ieee802Dot3And2(3),
ieee802Dot4(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes the types of packets that the L2 ACL rules need to match.
Options:
1. invalid(0) -in the query operation, invalid(0) is always returned.
2. ethernetII(1) -indicates the type of packets that the L2 ACL rules need to match is ethernetII
3. snap(2) -indicates the type of packets that the L2 ACL rules need to match is snap
4. ieee802Dot3And2(3) -indicates the type of packets that the L2 ACL rules need to match is ieee802Dot3And2
5. ieee802Dot4(4) -indicates the type of packets that the L2 ACL rules need to match is ieee802Dot4
Currently, only ethernetII(1) is supported. Therefore, this leaf cannot be modified.
In the query operation, invalid(0) is always returned.
"
::= { hwAclLinkEntry 5 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.6
hwAclLinkVlanTag OBJECT-TYPE
SYNTAX INTEGER
{
invalid(0),
tagged(1),
untagged(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes whether a VLAN tag is carried in the packets that the L2 ACL rules need to match.
Options:
1. invalid(0) -in the query operation, invalid(0) is always returned.
2. tagged(1) -indicates the VLAN tag is carried in the packets that
the L2 ACL rules need to match
3. untagged(2) -indicates no VLAN tag is carried in the packets that
the L2 ACL rules need to match
Currently, packets always carry VLAN tags. Therefore, this leaf cannot be modified.
In the query operation, invalid(0) is always returned.
"
::= { hwAclLinkEntry 6 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.7
hwAclLinkVlanPri OBJECT-TYPE
SYNTAX INTEGER
{
bestEffort(0),
background(1),
spare(2),
excellentEffort(3),
controlledLoad(4),
video(5),
voice(6),
networkManagement(7),
invalid(255)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the 802.1p priority of data frames that an L2 ACL rule needs to match.
Options:
1. bestEffort(0) -indicates best-effort priority
2. background(1) -indicates background priority
3. spare(2) -indicates spare priority
4. excellentEffort(3) -indicates excellent-effort priority
5. controlledLoad(4) -indicates controlled-load priority
6. video(5) -indicates video priority
7. voice(6) -indicates voice priority
8. networkManagement(7) -indicates network-management priority
9. invalid(255) -indicates invalid priority
If the value of an L2 ACL rule is not specified, the invalid value 255 is obtained in the query operation.
"
::= { hwAclLinkEntry 7 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.8
hwAclLinkSrcVlanId OBJECT-TYPE
SYNTAX Integer32 (0..4093)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the VLAN ID of data frames that an L2 ACL rule needs to match.
Range: 0-4093
If the value of an L2 ACL rule is not specified, the invalid value 0 is obtained in the query operation.
"
::= { hwAclLinkEntry 8 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.9
hwAclLinkSrcMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the source MAC address of data frames that an L2 ACL rule needs to match.
Default: 0x00 0x00 0x00 0x00 0x00 0x00
It is a 6-byte hexadecimal string, for example, 0x00 0xe0 0xfc 0x11 0x00 0x00.
"
::= { hwAclLinkEntry 9 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.10
hwAclLinkSrcMacWild OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the source MAC address wildcard of data frames that an L2 ACL rule needs to match. It is the inverse mask of the source MAC address.
Default: 0xff 0xff 0xff 0xff 0xff 0xff
It together with hwAclLinkSrcMac sets the range of a source MAC address.
If the corresponding bytes of hwAclLinkSrcMacWild are 0, it indicates that hwAclLinkSrcMacWild determines
whether the corresponding bytes of source MAC address of packets are the same as those in hwAclLinkSrcMac.
For example, the value of hwAclLinkSrcMacWild is 0x00 0x00 0x00 0x00 0xff 0xff,
which indicates that packets are filtered by the first 32 bytes of the source MAC address.
It is a 6-byte hexadecimal string, for example, 0x00 0x00 0x00 0x00 0xff 0xff.
"
::= { hwAclLinkEntry 10 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.11
hwAclLinkSrcIfIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity.
"
::= { hwAclLinkEntry 11 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.12
hwAclLinkSrcAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes whether an L2 ACL rule matches a source MAC address.
Options:
1. true(1) -indicates that the source MAC address of data frames can be any address
2. false(2) -indicates that the source MAC address of data frames should be the value of hwAclLinkSrcMac
Default: true(1)
In the set operation, this leaf and hwAclLinkSrcMac cannot be delivered at the same time.
When this leaf and hwAclLinkSrcMac are delivered at the same time, the value of hwAclLinkSrcMac prevails.
"
::= { hwAclLinkEntry 12 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.13
hwAclLinkDestVlanId OBJECT-TYPE
SYNTAX Integer32 (0..4093)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity.
"
::= { hwAclLinkEntry 13 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.14
hwAclLinkDestMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the inner VLAN ID of the packets that an L2 ACL rule needs to match.
Default: 0x00 0x00 0x00 0x00 0x00 0x00
It is a 6-byte hexadecimal string, for example, 0x00 0xe0 0xfc 0x11 0x00 0x00.
"
::= { hwAclLinkEntry 14 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.15
hwAclLinkDestMacWild OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the destination MAC address wildcard of data frames that an L2 ACL rule needs to match.
It is the inverse mask of the destination MAC address.
Default: 0xff 0xff 0xff 0xff 0xff 0xff
It together with hwAclLinkDestMac sets the range of a destination MAC address.
If the corresponding bytes of hwAclLinkDestMacWild are 0, it indicates that it determines
whether the corresponding bytes of destination MAC address of packets are the same as those in hwAclLinkSrcMac.
For example: The value of wAclLinkDestMacWild is 0000-0000-ffff,
which indicates that packets are filtered by the first 32 bytes of the destination MAC address.
It is a 6-byte hexadecimal string, for example, 0x00 0x00 0x00 0x00 0xff 0xff.
"
::= { hwAclLinkEntry 15 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.16
hwAclLinkDestIfIndex OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity.
"
::= { hwAclLinkEntry 16 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.17
hwAclLinkDestAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes whether an L2 ACL rule matches a destination MAC address.
Options:
1. true(1) -indicates that the destination MAC address of data frames can be any address
2. false(2) -indicates that the destination MAC address of data frames should be the value of hwAclLinkDestMac
Default: true(1)
In the set operation, this leaf and hwAclLinkDestMac cannot be delivered at the same time.
When this leaf and hwAclLinkDestMac are delivered at the same time, the value of hwAclLinkDestMac prevails.
"
::= { hwAclLinkEntry 17 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.18
hwAclLinkTimeRangeIndex OBJECT-TYPE
SYNTAX Integer32 (0..256)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the time range index of an L2 ACL rule. It is used when the effective time of an L2 ACL rule needs to be configured.
By default, the value is 0, which indicates an invalid index. The index depends on hwTrngIndex in hwTrngCreateTimerangeTable.
The value of hwAclLinkTimeRangeIndex must be created in hwTrngCreateTimerangeTable.
"
::= { hwAclLinkEntry 18 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.19
hwAclLinkEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes whether an L2 ACL rule is valid.
Options:
1. true(1) -indicates validity
2. false(2) -indicates invalidity
If the L2 ACL rule is associated with a time range parameter through hwAclLinkTimeRangeIndex
and the current time is within the defined time range, the value is true(1), which indicates validity.
If the current time is not within the defined time range, the value is false(2), which indicates invalidity.
If the L2 ACL rule is not associated with a time range parameter, the L2 ACL rule is valid all the time.
"
::= { hwAclLinkEntry 19 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.20
hwAclLinkRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status.
Options:
1. active(1) -when this leaf is queried, the value is fixed to active(1).
2. createAndGo(4) -create an L2 ACL rule
3. destroy(6) -delete an L2 ACL rule
It is used for creating or deleting an L2 ACL rule.
To create an L2 ACL rule, enter hwAcLinkAct and set hwAclLinkRowStatus to createAndGo(4). Other parameters are optional.
To delete an L2 ACL rule, set hwAclLinkRowStatus to destroy(6).
When this leaf is queried, the value is fixed to active(1).
"
::= { hwAclLinkEntry 20 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.21
hwAclLinkPriority OBJECT-TYPE
SYNTAX Integer32 (0..9)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the priority of L2 ACL rules.
Range: 0-9
Default: 0
The priority ascends with the value.
When multiple rules are matched at the same time, the rule with the highest priority prevails.
If multiple rules are matched and their priorities are the same,
software does not manage the rules and the hardware logic determines which priority prevails.
To prevent such a case, you can set different priorities for the rules.
"
::= { hwAclLinkEntry 21 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.22
hwAclLinkInnerVlanPri OBJECT-TYPE
SYNTAX INTEGER
{
bestEffort(0),
background(1),
spare(2),
excellentEffort(3),
controlledLoad(4),
video(5),
voice(6),
networkManagement(7),
invalid(255)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the 802.1p priority in the inner VLAN of the packet that an L2 ACL rules needs to match.
Range: 0-7, 255
The priority ascends with the value.
Options:
1. bestEffort(0) -indicates best-effort priority
2. background(1) -indicates background priority
3. spare(2) -indicates spare priority
4. excellentEffort(3) -indicates excellent-effort priority
5. controlledLoad(4) -indicates controlled-load priority
6. video(5) -indicates video priority
7. voice(6) -indicates voice priority
8. networkManagement(7) -indicates network-management priority
9. invalid(255) -indicates invalid priority
If the value of an L2 ACL rule is not specified, the invalid value 255 is obtained in the query operation.
"
::= { hwAclLinkEntry 22 }
-- 1.3.6.1.4.1.2011.5.1.1.7.1.23
hwAclLinkSrcInnerVlanId OBJECT-TYPE
SYNTAX Integer32 (0..4093)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source inner VLAN ID of the packet.
Value range: 0-4093
0 indicates the hwAclLinkSrcVlanId is invalid.
"
::= { hwAclLinkEntry 23 }
-- 1.3.6.1.4.1.2011.5.1.1.8
hwAclUserTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwAclUserEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about a user-defined ACL rule in a user-defined ACL rule group,
including the matched character string and mask. The two fields are a binary character string of 80 bytes each.
The index of this table is a combination of hwAclUserAclNum and hwAclUserSubitem.
hwAclUserAclNum is the ID of a user-defined ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable.
hwAclUserSubitem is the ID of a user-defined ACL rule.
"
::= { hwAclMibObjects 8 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1
hwAclUserEntry OBJECT-TYPE
SYNTAX HwAclUserEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about a user-defined ACL rule in a user-defined ACL rule group,
including the matched character string and mask. The two fields are a binary character string of 80 bytes each.
The index of this entry is a combination of hwAclUserAclNum and hwAclUserSubitem.
hwAclUserAclNum is the ID of a user-defined ACL rule group. Make sure that the ID is already created in hwAclNumGroupTable.
hwAclUserSubitem is the ID of a user-defined ACL rule.
"
INDEX { hwAclUserAclNum, hwAclUserSubitem }
::= { hwAclUserTable 1 }
HwAclUserEntry ::=
SEQUENCE {
hwAclUserAclNum
Integer32,
hwAclUserSubitem
Unsigned32,
hwAclUserAct
INTEGER,
hwAclUserFormatType
INTEGER,
hwAclUserVlanTag
INTEGER,
hwAclUserRuleStr
OCTET STRING,
hwAclUserRuleMask
OCTET STRING,
hwAclUserRowOffset
Integer32,
hwAclUserTimeRangeIndex
Integer32,
hwAclUserEnable
TruthValue,
hwAclUserRowStatus
RowStatus,
hwAclUserFrameType
INTEGER,
hwAclUserPriority
Integer32
}
-- 1.3.6.1.4.1.2011.5.1.1.8.1.1
hwAclUserAclNum OBJECT-TYPE
SYNTAX Integer32 (5000..5999)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Uniquely identifies a user-defined ACL rule group.
Range: 5000-5999
Make sure that the ID of a user-defined ACL rule group is already created in hwAclNumGroupTable.
"
::= { hwAclUserEntry 1 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.2
hwAclUserSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Describes the ID of a user-defined ACL rule, uniquely identifying a user-defined ACL rule in a user-defined ACL rule group.
Range: 0-4294967295
In the create operation, if the value is 4294967295, the ID of a user-defined ACL rule is generated automatically.
Otherwise, it indicates that the ID of an ACL rule is already created according to the specified value.
The automatically generated ID of a user-defined ACL rule depends on the value of hwAclNumGroupStep,
which corresponds to a user-defined ACL rule group in hwAclNumGroupTable.
The generated ID of a user-defined ACL rule last basic ACL rule ID plus the value of hwAclNumGroupStep.
"
::= { hwAclUserEntry 2 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.3
hwAclUserAct OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the value of a user-defined ACL rule.
Options:
1. permit(1) -indicates that the data packets that meet the conditions can pass.
When you need to configure a user-defined ACL rule for data packets
that meet the conditions to pass, use this value.
2. deny(2) -indicates that the data packets that meet the conditions are discarded.
When you need to configure a user-defined ACL rule to discard data packets
that meet the conditions to pass, use this value.
"
::= { hwAclUserEntry 3 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.4
hwAclUserFormatType OBJECT-TYPE
SYNTAX INTEGER
{
invalid(0),
ethernetII(1),
snap(2),
ieee802Dot2And3(3),
ieee802Dot4(4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity.
Options:
1. invalid(0) -invalid value
2. ethernetII(1) -ethernetII
3. snap(2) -smart notification and alarm protocol
4. ieee802Dot2And3(3) -IEEE 802.2 and 802.3
5. ieee802Dot4(4) -IEEE 802.4
"
::= { hwAclUserEntry 4 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.5
hwAclUserVlanTag OBJECT-TYPE
SYNTAX INTEGER
{
invalid(0),
tagged(1),
untagged(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity.
Options:
1. invalid(0) -invalid value
2. tagged(1) -tagged packet
3. untagged(2) -untagged packet
"
::= { hwAclUserEntry 5 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.6
hwAclUserRuleStr OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..80))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the character string of a user-defined ACL rule. It is used to match the first bytes of packets.
The character string must be hexadecimal and bytes.
For example:
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xAA
"
::= { hwAclUserEntry 6 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.7
hwAclUserRuleMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..80))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the mask of the user-defined ACL rule. It is a positive mask.
When it is 1, it indicates that matching is required.
The device determines the field value of a packet that needs to match based on the mask,
and then matches the corresponding field in hwAclUserRuleStr.
If they are consistent, it indicates that matching is successful.
The character string must be hexadecimal and bytes.
The valid length, that is, the length of corresponding bytes whose value are 1, cannot exceed 32 bytes.
Whether this leaf is delivered successfully also depends on the hardware chip.
"
::= { hwAclUserEntry 7 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.8
hwAclUserRowOffset OBJECT-TYPE
SYNTAX Integer32 (0..79)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This leaf is not used. The value 0 is always returned in the query operation, which indicates invalidity.
"
::= { hwAclUserEntry 8 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.9
hwAclUserTimeRangeIndex OBJECT-TYPE
SYNTAX Integer32 (0..256)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the time range index of a user-defined ACL rule.
It is used when the effective time of a user-defined ACL rule needs to be configured.
By default, the value is 0, which indicates invalid time. The index depends on hwTrngIndex in hwTrngCreateTimerangeTable.
The time range that corresponds to the value of this leaf must be created in hwTrngCreateTimerangeTable.
"
::= { hwAclUserEntry 9 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.10
hwAclUserEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes whether a user-defined ACL rule is valid.
Options:
1. true(1) -indicates the user-defined ACL rule is valid
2. false(2) -indicates the user-defined ACL rule is invalid
If the user-defined ACL rule is associated with a time range parameter through hwAclLinkTimeRangeIndex
and the current time is within the defined time range, the value is true(1), which indicates validity.
If the current time is not within the defined time range, the value is false(2), which indicates invalidity.
If the user-defined ACL rule is not associated with a time range parameter, the user-defined ACL rule is valid
all the time.
"
::= { hwAclUserEntry 10 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.11
hwAclUserRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status.
Options:
1. active(1) -when this leaf is queried, the value is fixed to active(1).
2. createAndGo(4) -create a user-defined ACL rule
3. destroy(6) -delete a user-defined ACL rule
It is used for creating or deleting a user-defined ACL rule.
To create a user-defined ACL rule, enter hwAclUserAct, hwAclUserRuleStr,
and hwAclUserRuleMask and set hwAclUserRowStatus to createAndGo(4).
Other parameters are optional.
To delete a user-defined ACL rule, set hwAclUserRowStatus to destroy(6).
When this leaf is queried, the value is fixed to active(1).
"
::= { hwAclUserEntry 11 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.12
hwAclUserFrameType OBJECT-TYPE
SYNTAX INTEGER
{
ipoe(0),
nonIpoe(1),
ipv6oe(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Describes the type of a VLAN tag in the packet that matches the user-defined ACL rule.
Options:
1. ipoe(0) -indicates that IP packets carrying no VLAN tags and
IP packets that carrying one VLAN tag are matched
2. nonIpoe(1) -indicates that other packets, including non-IP packets
carrying one VLAN tag are matched
3. ipv6oe(2) -indicates that IPv6 packets carrying no VLAN tags and
IPv6 packets that carrying one VLAN tag are matched
Currently, two types are supported.
If this leaf is not specified, the default value is ipoe(0).
"
::= { hwAclUserEntry 12 }
-- 1.3.6.1.4.1.2011.5.1.1.8.1.13
hwAclUserPriority OBJECT-TYPE
SYNTAX Integer32 (0..9)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the priority of user-defined ACL rules.
Range: 0-9
Default: 0
The priority ascends with the value.
When multiple rules are matched at the same time, the rule with the highest priority prevails.
If multiple rules are matched and their priorities are the same,
software does not manage the rules and the hardware logic determines which priory prevails.
To prevent such a case, you can set different priorities for the rules.
"
::= { hwAclUserEntry 13 }
-- 1.3.6.1.4.1.2011.5.1.1.9
hwAclActiveTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwAclActiveEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the relationships between an ACL rule and a port or a slot.
You can deliver an ACL rule to a port or a slot and make it take effect on the port or a slot through hwAclActiveTable.
In addition, You can query the relationships between an ACL rule and a port or a slot.
The indexes of this table are hwAclActiveAclIndex, hwAclActiveIfIndex, and hwAclActiveDirection,
indicating the ACL index, the port index or the slot index, and direction respectively.
Make sure that an ACL rule to be delivered through hwAclActiveTable is already created in hwAclBasicRuleTable,
hwAclAdvancedRuleTable, hwAclLinkTable or hwAclUserTable.
"
::= { hwAclMibObjects 9 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1
hwAclActiveEntry OBJECT-TYPE
SYNTAX HwAclActiveEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the relationships between an ACL rule and a port or a slot.
You can deliver an ACL rule to a port or a slot and make it take effect on the port or a slot through hwAclActiveTable.
In addition, You can query the relationships between an ACL rule and a port or a slot.
The indexes of this entry are hwAclActiveAclIndex, hwAclActiveIfIndex, and hwAclActiveDirection,
indicating the ACL index, the port index or the slot index, and direction respectively.
Make sure that an ACL rule to be delivered through hwAclActiveTable is already created in hwAclBasicRuleTable,
hwAclAdvancedRuleTable, hwAclLinkTable or hwAclUserTable.
"
INDEX { hwAclActiveAclIndex, hwAclActiveIfIndex, hwAclActiveDirection }
::= { hwAclActiveTable 1 }
HwAclActiveEntry ::=
SEQUENCE {
hwAclActiveAclIndex
Integer32,
hwAclActiveIfIndex
Integer32,
hwAclActiveDirection
INTEGER,
hwAclActiveUserAclNum
Integer32,
hwAclActiveUserAclSubitem
Unsigned32,
hwAclActiveIpAclNum
Integer32,
hwAclActiveIpAclSubitem
Unsigned32,
hwAclActiveLinkAclNum
Integer32,
hwAclActiveLinkAclSubitem
Unsigned32,
hwAclActiveRuntime
TruthValue,
hwAclActiveRowStatus
RowStatus,
hwAclActiveIpv6AclNum
Integer32,
hwAclActiveIpv6AclSubitem
Unsigned32
}
-- 1.3.6.1.4.1.2011.5.1.1.9.1.1
hwAclActiveAclIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The delivery entry index of an ACL rule is a delivery record entry index used by software, which is meaningless to users.
The index of is used in hwAclActiveTable to search the delivery entries fast.
In the create operation, the device automatically allocates a delivery entry index. There is a suggestion that users can always input 0.
In the destroy operation, this index must be input with the value that the device automatically allocates.
"
::= { hwAclActiveEntry 1 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.2
hwAclActiveIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates the port index or the slot index when the device delivers an ACL rule to a specified port or a specified slot.
The index uniquely identifies a port or a slot. The value and algorithm are the same as those of ifIndex.
If the configuration based on a slot, the bits map is shown as follows:
---------------------------------------------------------------------------------------------------------------
| 31-25 bits | 24-19 bits | 18-13 bits | 12-6 bits | 5-0 bits is reserved |
| indicate iftype | indicate frame ID | indicate slot ID | indicate port ID | |
---------------------------------------------------------------------------------------------------------------
| the value of iftype | frame ID | slot ID | the value of port ID | the reserved value |
| is always 0x68 | | | is always 0 | is always 0 |
---------------------------------------------------------------------------------------------------------------
"
::= { hwAclActiveEntry 2 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.3
hwAclActiveDirection OBJECT-TYPE
SYNTAX INTEGER
{
invalid(0),
inbound(1),
outbound(2),
tocpu-inbound(3)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates the direction where an ACL rule takes effect when the device delivers an ACL rule to a specified port or a specified slot.
Options:
1. invalid(0) -indicates an invalid parameter
2. inbound(1) -indicates the inbound direction of a port or a slot. It is used
when inbound packets are filtered based on the ACL rule.
3. outbound(2) -indicates the outbound direction of a port or a slot. It is used when outbound
packets are filtered based on the ACL rule.
4. tocpu-inbound(3) -indicates the inbound direction of a port. It is used when inbound
packets to cpu are filtered based on the ACL rule.
"
::= { hwAclActiveEntry 3 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.4
hwAclActiveUserAclNum OBJECT-TYPE
SYNTAX Integer32 (0|5000..5999)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the user-defined ACL rule group that are used when a user-defined ACL rule is delivered to a specified port or a specified slot
and the inbound or outbound packets are filtered based on the user-defined ACL rule.
Range: 0, 5000-5999
Make sure that the user-defined ACL rule group is already created.
In the query operation, if the user-defined ACL rule group is not used, the value obtained is 0.
"
::= { hwAclActiveEntry 4 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.5
hwAclActiveUserAclSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the user-defined ACL rule that is used when a user-defined ACL rule is delivered to a specified port or a specified slot
and the inbound or outbound packets are filtered based on the user-defined ACL rule.
This leaf must be used together with hwAclActiveUserAclNum, uniquely identifying an ACL rule.
Range: 0-4294967295
Make sure that the user-defined ACL rule is already created.
In the query operation, if the user-defined ACL rule is not used, the value obtained is 4294967295.
"
::= { hwAclActiveEntry 5 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.6
hwAclActiveIpAclNum OBJECT-TYPE
SYNTAX Integer32 (0|2000..3999)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the basic or advanced ACL rule group that are used when an ACL rule is delivered to a specified port or a specified slot
and the inbound or outbound packets are filtered based on the ACL rule.
Range: 0, 2000-3999
Make sure that the basic or advanced ACL rule group is already created.
In the query operation, if the basic or advanced ACL rule group is not used, the value obtained is 0.
"
::= { hwAclActiveEntry 6 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.7
hwAclActiveIpAclSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the basic or advanced ACL rule that is used when an ACL rule is delivered to a specified port or a specified slot
and the inbound or outbound packets are filtered based on the ACL rule. This leaf must be used
together with hwAclActiveIpAclNum, uniquely identifying an ACL rule.
Range: 0-4294967295
Make sure that the basic or advanced ACL rule is already created.
In the query operation, if the basic or advanced ACL rule is not used, the value obtained is 4294967295.
"
::= { hwAclActiveEntry 7 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.8
hwAclActiveLinkAclNum OBJECT-TYPE
SYNTAX Integer32 (0|4000..4999)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the L2 ACL rule group that are used when an L2 ACL rule is delivered to a specified port or a specified slot
and the inbound or outbound packets are filtered based on the L2 ACL rule.
Range: 0, 4000-4999
Make sure that the L2 ACL rule group is already created.
In the query operation, if the L2 ACL rule group is not used, the value obtained is 0.
"
::= { hwAclActiveEntry 8 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.9
hwAclActiveLinkAclSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the L2 ACL rule that is used when an L2 ACL rule is delivered to a specified port or a specified slot
and the inbound or outbound packets are filtered based on the L2 ACL rule.
This leaf must be used together with hwAclActiveLinkAclNum, uniquely identifying an ACL rule.
Range: 0-4294967295
Make sure that the L2 ACL rule is already created.
In the query operation, if the L2 ACL rule is not used, the value obtained is 4294967295.
"
::= { hwAclActiveEntry 9 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.10
hwAclActiveRuntime OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes whether the ACL rule delivered to a specified port or a specified slot takes effect.
Options:
1. true(1) -indicates that the ACL rule delivered to a specified port or a specified slot is effective
2. false(2) -indicates that the ACL rule delivered to a specified port or a specified slot is invalid
If the ACL rule is associated with a time range parameter through and the current time is within the defined time range,
the value is true(1), which indicates validity.
If the current time is not within the defined time range, the value is false(2), which indicates invalidity.
If the ACL rule is not associated with a time range parameter, the value is always true(1).
"
::= { hwAclActiveEntry 10 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.11
hwAclActiveRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status. It is used for delivering an ACL rule to a specified port or a specified slot and deleting the delivered ACL rule in a port or a slot.
Options:
1. active(1) -when this leaf is queried, the value is fixed to active(1)
2. createAndGo(4) -deliver an ACL rule to a specified port or a specified slot
3. destroy(6) -delete a delivered ACL rule in a port or a specified slot
When an ACL rule is delivered to a specified port or a specified slot, make sure that at least one of the following group is configured.
(1)hwAclActiveUserAclNum and hwAclActiveUserAclSubitem
(2)hwAclActiveIpAclNum and hwAclActiveIpAclSubitem
(3)hwAclActiveLinkAclNum and hwAclActiveLinkAclSubitem
In addition to independent configuration of each group, the combined configuration of group (2) and (3) is permitted.
The combined configuration of group (1) and (2) or combining group (1) and (3) is prohibited.
In addition, hwAclActiveRowStatus must be set to createAndGo(4).
To delete the ACL rule delivered to a port or a slot, set hwAclActiveRowStatus to destroy(6).
When this leaf is queried, the value is fixed to active(1).
"
::= { hwAclActiveEntry 11 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.12
hwAclActiveIpv6AclNum OBJECT-TYPE
SYNTAX Integer32 (0 | 2000..3999)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the basic or advanced ACLv6 rule group that are used when an ACLv6 rule is delivered to a specified port or a specified slot
and the inbound or outbound packets are filtered based on the ACLv6 rule.
Range: 0, 2000-3999
Make sure that the basic or advanced ACLv6 rule group is already created.
In the query operation, if the basic or advanced ACLv6 rule group is not used, the value obtained is 0.
"
::= { hwAclActiveEntry 12 }
-- 1.3.6.1.4.1.2011.5.1.1.9.1.13
hwAclActiveIpv6AclSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the basic or advanced ACLv6 rule that is used when an ACLv6 rule is delivered to a specified port or a specified slot
and the inbound or outbound packets are filtered based on the ACLv6 rule. This leaf must be used
together with hwAclActiveIpAclNum, uniquely identifying an ACLv6 rule.
Range: 0-4294967295
Make sure that the basic or advanced ACLv6 rule is already created.
In the query operation, if the basic or advanced ACLv6 rule is not used, the value obtained is 4294967295.
"
::= { hwAclActiveEntry 13 }
-- add trap
hwAclTraps OBJECT IDENTIFIER ::= { hwAcl 2}
hwAclCommonTraps OBJECT IDENTIFIER ::= { hwAclTraps 1 }
hwAclCommonTrapsPrefix OBJECT IDENTIFIER ::= { hwAclCommonTraps 0 }
hwAclAlarmTraps OBJECT IDENTIFIER ::= { hwAclTraps 2 }
-- add basic acl
hwAclAddBasicAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclBasicAclNum ,
hwAclBasicSubitem
}
STATUS current
DESCRIPTION
"The hwAclAddBasicAclTrap will be sent when the basic acl is added."
::= { hwAclCommonTraps 0 1 }
-- delete basic acl
hwAclDeleteBasicAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclBasicAclNum ,
hwAclBasicSubitem
}
STATUS current
DESCRIPTION
"The hwAclDeleteBasicAclTrap will be sent when the basic acl is deleted."
::= { hwAclCommonTraps 0 2 }
-- add adv acl
hwAclAddAdvancedAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclAdvancedAclNum ,
hwAclAdvancedSubitem
}
STATUS current
DESCRIPTION
"The hwAclAddAdvancedAclTrap will be sent when the advanced acl is added."
::= { hwAclCommonTraps 0 3 }
-- delete adv acl
hwAclDeleteAdvancedAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclAdvancedAclNum ,
hwAclAdvancedSubitem
}
STATUS current
DESCRIPTION
"The hwAclDeleteAdvancedAclTrap will be sent when the advanced acl is deleted."
::= { hwAclCommonTraps 0 4 }
-- add link acl
hwAclAddLinkAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclLinkAclNum ,
hwAclLinkSubitem
}
STATUS current
DESCRIPTION
"The hwAclAddLinkAclTrap will be sent when the link acl is added."
::= { hwAclCommonTraps 0 5 }
-- delete link acl
hwAclDeleteLinkAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclLinkAclNum ,
hwAclLinkSubitem
}
STATUS current
DESCRIPTION
"The hwAclDeleteLinkAclTrap will be sent when the link acl is deleted."
::= { hwAclCommonTraps 0 6 }
-- add user acl
hwAclAddUserAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclUserAclNum ,
hwAclUserSubitem
}
STATUS current
DESCRIPTION
"The hwAclAddUserAclTrap will be sent when the user acl is added."
::= { hwAclCommonTraps 0 7 }
-- delete user acl
hwAclDeleteUserAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclUserAclNum ,
hwAclUserSubitem
}
STATUS current
DESCRIPTION
"The hwAclDeleteUserAclTrap will be sent when the user acl is deleted."
::= { hwAclCommonTraps 0 8 }
-- active acl
hwAclActiveAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclActiveAclIndex ,
hwAclActiveIfIndex ,
hwAclActiveDirection
}
STATUS current
DESCRIPTION
"The hwAclActiveAclTrap will be sent when the acl is activated."
::= { hwAclCommonTraps 0 9 }
-- deactivate acl
hwAclDeactiveAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclActiveAclIndex ,
hwAclActiveIfIndex ,
hwAclActiveDirection
}
STATUS current
DESCRIPTION
"The hwAclDeactiveAclTrap will be sent when the user acl is deactivated."
::= { hwAclCommonTraps 0 10 }
END
--
-- HUAWEI-DSLAM-ACL-MIB.my
--
View Git Blame Copy Permalink