WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/huawei/HUAWEI-IPDSLAM-SECURITY-MIB

4338 lines
171 KiB
Plaintext
Raw Blame History

-- ============================================================================
-- Copyright (C) 2019 by HUAWEI TECHNOLOGIES. All rights reserved.
-- Description: The mib is used for configuring the security for the DSLAM.
-- Reference:
-- Version: V1.82
--
-- ============================================================================
HUAWEI-IPDSLAM-SECURITY-MIB DEFINITIONS ::= BEGIN
IMPORTS
hwFrameIndex, hwSlotIndex, hwPortIndex, hwPortDesc
FROM HUAWEI-DEVICE-MIB
hwGponDevicePortidObjectIndex
FROM HUAWEI-GPON-MIB
hwEponDeviceOntIndex, hwGponDeviceOntIndex, hwGponDeviceLineProfGemCfgGemIndex
FROM HUAWEI-XPON-MIB
hwExtSrvFlowIndex, hwFlowID
FROM HUAWEI-ETHERLIKE-EXT-MIB
ifIndex
FROM IF-MIB
hwVlanIndex
FROM HUAWEI-VLAN-MIB
huaweiUtility
FROM HUAWEI-MIB
IpAddress, OBJECT-TYPE, Unsigned32, Counter32, Counter64, Integer32,MODULE-IDENTITY,NOTIFICATION-TYPE
FROM SNMPv2-SMI
RowStatus, MacAddress, TruthValue, TEXTUAL-CONVENTION, DateAndTime
FROM SNMPv2-TC
InetAddress, InetAddressType
FROM INET-ADDRESS-MIB;
hwIpDslamSecurity MODULE-IDENTITY
LAST-UPDATED "201907260000Z"
ORGANIZATION
"Huawei Technologies Co.,Ltd."
CONTACT-INFO
"Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
"
DESCRIPTION
"The mib is used for configuring the security for the DSLAM."
-- Revision history
REVISION "201907260000Z"
DESCRIPTION "V1.82, modified the description of hwIpDslamDosBlackListOntID."
REVISION "201905060000Z"
DESCRIPTION "V1.81, modified the description of hwIpDslamAntiDosPacketLimitValue, hwIpDslamAntiDosIgmpPacketLimitValue,
hwIpDslamAntiDosDhcpPacketLimitValue, hwIpDslamAntiDosArpPacketLimitValue, and hwIpDslamAntiDosPppoePacketLimitValue."
REVISION "201902270000Z"
DESCRIPTION "V1.80, added hwIpDslamSecurityFlowBundleOutboundPolicy."
REVISION "201809210000Z"
DESCRIPTION "V1.79, modified the description of hwIpDslamArpUnicastTable."
REVISION "201803170000Z"
DESCRIPTION "V1.78, added hwIpDslamSecurityUserInfoSwitch."
REVISION "201711070000Z"
DESCRIPTION "V1.77, added hwIpDslamArpDetectMaxUserCountSwitch."
REVISION "201709280000Z"
DESCRIPTION "V1.76, added hwIpDslamAntiDosDhcpPacketLimitPeriod."
REVISION "201708140000Z"
DESCRIPTION "V1.75, added hwIpDslamSecurityUserDynamicIpv6."
REVISION "201708070000Z"
DESCRIPTION "V1.74, modified the max-access value of hwIpDslamSrcMacFilteringIndex and hwIpDslamDesMacFilteringIndex."
REVISION "201707180000Z"
DESCRIPTION "V1.73, modified the value range of hwIpDslamAntiMacExcludeSwitch
added hwIpDslamAntiIpv6ExcludeSwitch and hwIpDslamSecurityUserAutoBackupFileName."
REVISION "201706240000Z"
DESCRIPTION "V1.72, modified the max-access value of hwIpDslamAntiIpServicePortIndex."
REVISION "201703240000Z"
DESCRIPTION "V1.71, added hwIpDslamAntiDosTtlExceedPacketRate and hwIpDslamAntiDosOversizePacketRate."
REVISION "201702080000Z"
DESCRIPTION "V1.70, added hwIpDslamIpOptionPacketPolicy."
REVISION "201610200000Z"
DESCRIPTION "V1.69, added hwIpDslamArpUnicastTable."
REVISION "201609180000Z"
DESCRIPTION "V1.68, added hwIpDslamAntiIllegalHopLimitNDStatus"
REVISION "201605210000Z"
DESCRIPTION "V1.67, added hwCableSystemIPv4SourceVerify"
REVISION "201601130000Z"
DESCRIPTION "V1.66, modified the value range of hwIpDslamIpAddrDynamicBindingIpIndex and hwIpDslamMacAddrDynamicBindingMacIndex"
REVISION "201509280000Z"
DESCRIPTION "V1.65, added hwIpDslamAntiIpv6Status and hwIpDslamAntiIcmpv6Status"
REVISION "201508280000Z"
DESCRIPTION "V1.64, added hwIpDslamAntiMacDuplicateAlarmStatus"
REVISION "201506100000Z"
DESCRIPTION "V1.63, added hwIpDslamUserDeleteDelay"
REVISION "201504140000Z"
DESCRIPTION "V1.62, modified the hwIpDslamIpAddrDynamicBindingIpAddr of hwIpDslamCMTSIpDifferFromBindIpTrap to hwIpAddressCarriedInPackets"
REVISION "201503280000Z"
DESCRIPTION "V1.61, modified the description of hwIpDslamSecurityExIpv6ConflictCount, hwIpDslamSecurityExMacConflictCount,
hwIpDslamSecurityExIllegalARPCount.
"
REVISION "201501120000Z"
DESCRIPTION "V1.60, added hwCableSystemIPv6SourceVerify and hwIpDslamCMTSIpv6DifferFromBindIpv6Trap"
REVISION "201501080000Z"
DESCRIPTION "V1.59, modified the value of hwIpDslamIpv6DynamicBindingItemIndex from [0..7] to [0..2047]."
REVISION "201409120000Z"
DESCRIPTION "V1.58, added hwIpDslamAntiMacServicePortTable."
REVISION "201407290000Z"
DESCRIPTION "V1.57, added hwIpDslamSecurityUserAutoBackupSwitch ,hwIpDslamSecurityUserAutoBackupPeriod, hwIpDslamSecurityUserAutoLoadAttemptTimeout,
and hwIpDslamSecurityUserAutoLoadAttemptPeriod.
"
REVISION "201406190000Z"
DESCRIPTION "V1.56, modified the name of hwIpDslamP2pPortDataPackageIpDifferFromBindIpTrap to hwIpDslamP2pPortDataPackageIpSpoofingTrap, and modified the
name of hwIpDslamDistributingModeGponPortDataPackageIpDifferFromBindIpTrap to hwIpDslamDistributingModeGponPortDataPackageIpSpoofingTrap,
and modified the name of hwIpDslamProfileModeGponPortDataPackageIpDifferFromBindIpTrap to hwIpDslamProfileModeGponPortDataPackageIpSpoofingTrap,
and modified the name of hwIpDslamP2pPortDataPackageIpv6DifferFromBindIpv6Trap to hwIpDslamP2pPortDataPackageIpv6SpoofingTrap, and modified
the name of hwIpDslamDistributingModeGponPortDataPackageIpv6DifferFromBindIpv6Trap to hwIpDslamDistributingModeGponPortDataPackageIpv6SpoofingTrap,
and modified the name of hwIpDslamProfileModeGponPortDataPackageIpv6DifferFromBindIpv6Trap to hwIpDslamProfileModeGponPortDataPackageIpv6SpoofingTrap,
and modified the name of hwIpDslamP2pPortDataPackageMacDifferFromBindMacTrap to hwIpDslamP2pPortDataPackageMacSpoofingTrap, and modified
the name of hwIpDslamDistributingModeGponPortDataPackageMacDifferFromBindMacTrap to hwIpDslamDistributingModeGponPortDataPackageMacSpoofingTTrap,
and modified the name of hwIpDslamProfileModeGponPortDataPackageMacDifferFromBindMacTrap to hwIpDslamProfileModeGponPortDataPackageMacSpoofingTrap.
"
REVISION "201401200000Z"
DESCRIPTION "V1.55, added hwIpDslamAntiBcAttackTrafficLimitSwitch, hwIpDslamAntiBcAttackPortRateTable and hwIpDslamAntiBcAttackOntRateTable.
modified the name of hwIpDslamAntiBcAttackOntTable to hwIpDslamAntiBcAttackOntQueryTable.
modified the value range of hwIpDslamAntiBcAttackOntQueryRemainTime.
"
REVISION "201312160000Z"
DESCRIPTION "V1.54, added hwIpDslamAntiIllegalArpStatus, hwIpDslamAntiIllegalNdStatus, hwIpDslamAntiBcAttackXponPortDefaultRate,
hwIpDslamAntiBcAttackXponOntDefaultRate, hwIpDslamAntiBcAttackOntResumeInterval, hwIpDslamAntiBcAttackOntTable and
hwIpDslamOntBcAttackOccurTrap.
"
REVISION "201311180000Z"
DESCRIPTION "V1.53, added hwIpDslamSecurityConflictLogCmIndex, hwIpDslamCmtsMacAddrDynamicBindingTable,
hwIpDslamNotifyCMIndex, hwIpDslamNotifyCMMacAddress, hwIpDslamCMTSMacAddressBoundToAnotherPortTrap, and hwIpDslamCMTSIpDifferFromBindIpTrap.
"
REVISION "201308060000Z"
DESCRIPTION "V1.52, added hwIpDslamAntiMacIgnoreSwitch.
"
REVISION "201306210000Z"
DESCRIPTION "V1.51, modified the description of hwIpDslamAntiDosPacketLimitTable, hwIpDslamAntiDosPacketLimitIfIndex,
hwIpDslamAntiDosPacketLimitSecondIndex, hwIpDslamAntiDosPacketLimitThirdIndex.
"
REVISION "201305280000Z"
DESCRIPTION "V1.50, added hwIpDslamIpAddrDynamicBindingUserMacAddr, hwIpDslamIpAddrDynamicBindingSubnetMask,
hwIpDslamIpAddrDynamicBindingGatewayIpAddr, hwIpDslamIpAddrDynamicBindingAllocatedLeaseTime and hwIpDslamIpAddrDynamicBindingDhcpServerIpAddr.
"
REVISION "201304280000Z"
DESCRIPTION "V1.49, add hwIpDslamDoSAttackOccurCMMacAddress in hwIpDslamCMPortDoSAttackOccurTrap and hwIpDslamCMPortDoSAttackDisappearTrap.
"
REVISION "201303260000Z"
DESCRIPTION "V1.48, added hwIpDslamSourceRouteStatus.
"
REVISION "201303130000Z"
DESCRIPTION "V1.47, modified the status of hwIpDslamDosBlackListCid from current to deprecated,
modifyied the description of hwIpDslamDosBlackListCid, pDslamDosBlackListOntID, hwIpDslamDosBlackListLLIndex,
hwIpDslamSecurityConflictStatIfindex, and hwIpDslamSecurityConflictStatClear.
"
REVISION "201302040000Z"
DESCRIPTION "V1.46, modified the value range of hwIpDslamDosBlackListMatchpara.
modified the max-access of hwIpDslamDosBlackListIfIndex,hwIpDslamDosBlackListType,hwIpDslamDosBlackListMode,
hwIpDslamDosBlackListTime,hwIpDslamDosBlackListMatchpara,hwIpDslamDosBlackListCid and hwIpDslamDosBlackListLLIndex.
"
REVISION "201301100000Z"
DESCRIPTION "V1.45, modified the type of hwFirewallStatus and hwFirewallDefault from Integer32 to INTEGER.
"
REVISION "201210170000Z"
DESCRIPTION "V1.44, modified the value range of hwIpDslamSecurityConflictLogIndex.
"
REVISION "201205170000Z"
DESCRIPTION "V1.43, added hwIpDslamCMPortDoSAttackOccurTrap, hwIpDslamCMPortDoSAttackDisappearTrap and hwIpDslamDoSAttackOccurCMIndex.
"
REVISION "201203140000Z"
DESCRIPTION "V1.42, modified the value range of hwIpDslamMacAddrDynamicBindingFlowId, hwIpDslamIpAddrDynamicBindingFlowId,
hwIpDslamAntiIpServicePortIndex, hwIpDslamIpv6AddrDynamicBindingFlowId, and hwIpDslamDynamicBindingFlowId.
"
REVISION "201203070000Z"
DESCRIPTION "V1.41, added hwIpv6IfAccessTable.
"
REVISION "201201070000Z"
DESCRIPTION "V1.40, modified the value range of hwIpDslamDynSrcMacFilteringIndex, added hwIpDslamDynSrcMacFilteringVlan.
modified the value range of hwIpDslamAntiDosPacketLimitValue.
"
REVISION "201111170000Z"
DESCRIPTION "V1.39, added hwFirewallDefendTracert.
modified the value range of hwIpDslamAntiIpExcludeSwitch.
"
REVISION "201109190000Z"
DESCRIPTION "V1.38, modified the value range of hwIpDslamAntiDosIgmpPacketLimitValue, hwIpDslamAntiDosDhcpPacketLimitValue,
hwIpDslamAntiDosArpPacketLimitValue, hwIpDslamAntiDosPppoePacketLimitValue.
"
REVISION "201108180000Z"
DESCRIPTION "V1.37, modified the value range of hwIpDslamAntiDosIgmpPacketLimitValue, hwIpDslamAntiDosDhcpPacketLimitValue,
hwIpDslamAntiDosArpPacketLimitValue, hwIpDslamAntiDosPppoePacketLimitValue.
"
REVISION "201108050000Z"
DESCRIPTION "V1.36, modified the default value of hwIpDslamAntiMacExcludeSwitch, modified the syntax of hwIpDslamServerIpAddress.
"
REVISION "201107130000Z"
DESCRIPTION "V1.35, modified the value range of hwIpDslamAntiDosIgmpPacketLimitValue, hwIpDslamAntiDosDhcpPacketLimitValue,
hwIpDslamAntiDosArpPacketLimitValue, hwIpDslamAntiDosPppoePacketLimitValue, added hwIpDslamServerIpAddress, hwIpDslamServerIpv6Address.
modified the leaf of hwIpDslamAllocatedIpConflictTrap, hwIpDslamAllocatedIpv6ConflictTrap.
added hwFirewallStatus, hwFirewallDefault,hwFirewallPacketFilterTable, hwFirewallPacketFilterStatisticsTable,
hwFirewallPacketFilterDefaultStatisticsTable, hwIpDslamSecurityExConflictStatisticTable.
"
REVISION "201105260000Z"
DESCRIPTION "V1.34, added hwIpDslamAllocatedIpConflictTrap, hwIpDslamAllocatedIpv6ConflictTrap, hwIpDslamAddressAllocationMode,
hwIpDslamSecurityConflictLogType, hwIpDslamAntiDosIgmpPacketLimitValue, hwIpDslamAntiDosDhcpPacketLimitValue,
hwIpDslamAntiDosArpPacketLimitValue, hwIpDslamAntiDosPppoePacketLimitValue, hwIpDslamSecurityDhcpClientIdentifier,
hwIpDslamP2pPortDataPackageIpDifferFromBindIpTrap, hwIpDslamDistributingModeGponPortDataPackageIpDifferFromBindIpTrap,
hwIpDslamProfileModeGponPortDataPackageIpDifferFromBindIpTrap, hwIpDslamP2pPortDataPackageIpv6DifferFromBindIpv6Trap,
hwIpDslamDistributingModeGponPortDataPackageIpv6DifferFromBindIpv6Trap, hwIpDslamProfileModeGponPortDataPackageIpv6DifferFromBindIpv6Trap,
hwIpDslamP2pPortDataPackageMacDifferFromBindMacTrap, hwIpDslamDistributingModeGponPortDataPackageMacDifferFromBindMacTrap,
hwIpDslamProfileModeGponPortDataPackageMacDifferFromBindMacTrap, hwIpDslamP2pPortIllegleArpTrap,hwIpDslamDistributingModeGponPortIllegleArpTrap,
hwIpDslamProfileModeGponPortIllegleArpTrap, hwIpDslamAntiMacSpoofingControlprotocolIpv6oeStatus, and modified the description of hwIpDslamAntiDosPacketLimitTable.
"
REVISION "201105120000Z"
DESCRIPTION "V1.33, added hwIpDslamDynamicBindingTable and hwIpDslamAntiMacExcludeSwitch, modifyied the description of
hwIpDslamAntiIpExcludeSwitch.
"
REVISION "201104200000Z"
DESCRIPTION "V1.32, added hwIpDslamIpv6AddressPrefixlengthCarriedInPackets, modifyied the definition of hwIpDslamIpv6DifferFromBindIpv6Trap.
modifyied the description of hwIpDslamAntiIpExcludeSwitch.
"
REVISION "201101240000Z"
DESCRIPTION "V1.31, added hwIpDslamIpv6NsReplySwitch, hwIpDslamIpv6NsReplyUnknownPolicy, hwIpDslamAntiIpv6SpoofingStatus,
hwIpDslamAntiIpv6ServicePortStatus, hwIpDslamIpv6BindRouteAndNdSwitch, hwIpDslamSecurityIPv6ConflictLogIpv6Prefix and
hwIpDslamAntiIpExcludeSwitch.
"
REVISION "201011220000Z"
DESCRIPTION "V1.30, added hwIpDslamDoSAttackOccurEocCnuID, hwIpDslamEocPortDoSAttackOccurTrap and hwIpDslamEocPortDoSAttackDisappearTrap.
Modifyied the description of hwIpDslamSecurityConflictStatisticTable, hwIpDslamDosBlackListMode and hwIpDslamDosBlackListOntID.
"
REVISION "201011120000Z"
DESCRIPTION "V1.29, modifyied the format of the MIB file."
REVISION "201011090000Z"
DESCRIPTION "V1.28, changed the value range of hwIpDslamAntiDosPacketLimitValue."
REVISION "201008130900Z"
DESCRIPTION "V1.27, added hwIpDslamSecurityIllegalARPCount in hwIpDslamSecurityConflictStatisticTable."
REVISION "201007231500Z"
DESCRIPTION "V1.26, added hwIpDslamSecurityConflictStatClear and hwIpDslamSecurityConflictLogClear.
Modified the copyright&contact-info of this file.
Modified the description of hwIpDslamAntiIcmpStatus, hwIpDslamAntiIpStatus, hwIpDslamIpAddrDynamicBindingStatus,
hwIpDslamAntiMacSpoofingStatus, hwIpDslamAntiDosStatus, hwIpDslamSrcMacFilteringRowStatus, hwIpDslamDosBlackListRowStatus,
hwIpDslamDesMacFilteringRowStatus, hwIpDslamAntiDosPacketLimitRowStatus.
"
REVISION "201005291600Z"
DESCRIPTION "V1.25, modifyied the OID of parameter of hwIpDslamMacAddressBoundToAnotherXponPortTrap.
Modify the value rangge of hwIpDslamDosBlackListLLIndex from (0..127|255) to (0..1023|65535)."
REVISION "201005050900Z"
DESCRIPTION "V1.24, modifyied the errors of the MIB file."
REVISION "201004251600Z"
DESCRIPTION "V1.23, modifyied description of all leaves."
REVISION "201004151600Z"
DESCRIPTION "V1.22, added hwIpDslamAntiMacDuplicateStatus and modify description of leaves."
REVISION "201001251600Z"
DESCRIPTION "V1.21, added hwIpDslamSecurityConflictStatisticTable and hwIpDslamSecurityConflictStatisticTable."
REVISION "201001121600Z"
DESCRIPTION "V1.20, added traps,Add hwIpDslamBindIpFailedIpAddr,hwIpDslamBindMacFailedMacAddr to hwIpDslamTrapsVbOids."
REVISION "200912250000Z"
DESCRIPTION "V1.19, modifyied the datatype definition."
REVISION "200905120000Z"
DESCRIPTION "V1.16, modifyied the value range of hwIpDslamAntiMacSpoofingPppoeOverallAgingTime,
hwIpDslamAntiMacSpoofingPppoeAgingPeriod and hwIpDslamAntiMacSpoofingDhcpOverallAgingTime."
REVISION "200809090000Z"
DESCRIPTION "V1.15, modifyied the value range of hwIpDslamSecurityVlanCtrlIndex: 1-4095"
REVISION "200804140000Z"
DESCRIPTION "V1.12, added leasetime in hwIpDslamIpAddrDynamicBindingTable."
REVISION "200511080000Z"
DESCRIPTION "V1.00, first draft."
::= { huaweiUtility 47 }
EnabledStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A simple status value for the object."
SYNTAX INTEGER
{
enabled(1),
disabled(2)
}
hwIpDslamAntiIcmpStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-ICMP-attack status.
Options:
1. enabled(1) -indicates the anti-ICMP-attack status is enabled
2. disabled(2) -indicates the anti-ICMP-attack status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 1 }
hwIpDslamAntiIpStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-IP-attack status.
Options:
1. enabled(1) -indicates the anti-IP-attack status is enabled
2. disabled(2) -indicates the anti-IP-attack status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 2 }
hwIpDslamIpAddrDynamicBindingStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the global status of IP address dynamic binding.
Options:
1. enabled(1) -indicates the global status of IP address dynamic binding is enabled
2. disabled(2) -indicates the global status of IP address dynamic binding is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 3 }
hwIpDslamAntiMacSpoofingStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the global anti-MAC-spoofing status.
Options:
1. enabled(1) -indicates the global anti-MAC-spoofing status is enabled
2. disabled(2) -indicates the global anti-MAC-spoofing status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 4 }
hwIpDslamAntiDosStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the global anti-DoS-attack status.
Options:
1. enabled(1) -indicates the global anti-DoS-attack status is enabled
2. disabled(2) -indicates the global anti-DoS-attack status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 5 }
hwIpDslamSrcMacAddrFilteringTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamSrcMacAddrFilteringEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the MAC address filtering function. With this function, the system checks the source
MAC address of the user packet based on the configured MAC address entry.
If the source MAC address of the user packet is the same as the MAC address configured in this
table, the packet is discarded.
The index of this table is hwIpDslamSrcMacFilteringIndex, which uniquely identifies the MAC address
entry to be filtered by the system.
"
::= { hwIpDslamSecurity 6 }
hwIpDslamSrcMacAddrFilteringEntry OBJECT-TYPE
SYNTAX HwIpDslamSrcMacAddrFilteringEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the MAC address filtering function. With this function, the system checks the source
MAC address of the user packet based on the configured MAC address entry.
If the source MAC address of the user packet is the same as the MAC address configured in this
table, the packet is discarded.
The index of this entry is hwIpDslamSrcMacFilteringIndex, which uniquely identifies the MAC address
entry to be filtered by the system.
"
INDEX { hwIpDslamSrcMacFilteringIndex }
::= { hwIpDslamSrcMacAddrFilteringTable 1 }
HwIpDslamSrcMacAddrFilteringEntry ::=
SEQUENCE {
hwIpDslamSrcMacFilteringIndex
Integer32,
hwIpDslamSrcMacFilteringSrcMac
MacAddress,
hwIpDslamSrcMacFilteringRowStatus
RowStatus
}
hwIpDslamSrcMacFilteringIndex OBJECT-TYPE
SYNTAX Integer32(1..4)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index, which uniquely identifies the
MAC address entry to be filtered by the system.
"
::= { hwIpDslamSrcMacAddrFilteringEntry 1 }
hwIpDslamSrcMacFilteringSrcMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the MAC address to be filtered.
"
::= { hwIpDslamSrcMacAddrFilteringEntry 2 }
hwIpDslamSrcMacFilteringRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status. Creating, deleting, and querying MAC address filtering are supported.
In the creation, reserve hwIpDslamSrcMacFilteringIndex, hwIpDslamSrcMacFilteringSrcMac,
and hwIpDslamSrcMacFilteringRowStatus; set hwIpDslamSrcMacFilteringRowStatus to createAndGo(4).
The range of hwIpDslamSrcMacFilteringIndex is [1, 4] and the index must be specified.
In the deletion, reserve hwIpDslamSrcMacFilteringSrcMac and hwIpDslamSrcMacFilteringRowStatus;
set hwIpDslamSrcMacFilteringSrcMac to the MAC address to be deleted, set hwIpDslamSrcMacFilteringRowStatus
to destroy(6), and then click set to delete the MAC address.
hwIpDslamSrcMacFilteringIndex must be specified and issued in the query.
Options:
1. active(1) -indicates query operation
2. createAndGo(4) -create MAC address filtering
3. destroy(6) -delete MAC address filtering
"
::= { hwIpDslamSrcMacAddrFilteringEntry 3 }
hwIpDslamMacAddrDynamicBindingTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamMacAddrDynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is the table for the dynamic binding between the MAC address and the service port and is used
for querying the entry of the dynamic binding between the MAC address and the service port.
After anti-MAC-spoofing is enabled, the MAC address of the user is bound to the corresponding
service port. If the MAC address of the user packet is not the MAC address bound to the service port,
the packet is discarded.
The indexes of this table are hwIpDslamMacAddrDynamicBindingFlowId and hwIpDslamMacAddrDynamicBindingMacIndex.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
hwIpDslamMacAddrDynamicBindingMacIndex is the index of the MAC address bound to the service port.
"
::= { hwIpDslamSecurity 7 }
hwIpDslamMacAddrDynamicBindingEntry OBJECT-TYPE
SYNTAX HwIpDslamMacAddrDynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is the table for the dynamic binding between the MAC address and the service port and is used
for querying the entry of the dynamic binding between the MAC address and the service port.
After anti-MAC-spoofing is enabled, the MAC address of the user is bound to the corresponding
service port. If the MAC address of the user packet is not the MAC address bound to the service port,
the packet is discarded.
The indexes of this entry are hwIpDslamMacAddrDynamicBindingFlowId and hwIpDslamMacAddrDynamicBindingMacIndex.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
hwIpDslamMacAddrDynamicBindingMacIndex is the index of the MAC address bound to the service port.
"
INDEX { hwIpDslamMacAddrDynamicBindingFlowId, hwIpDslamMacAddrDynamicBindingMacIndex }
::= { hwIpDslamMacAddrDynamicBindingTable 1 }
HwIpDslamMacAddrDynamicBindingEntry ::=
SEQUENCE {
hwIpDslamMacAddrDynamicBindingFlowId
Integer32,
hwIpDslamMacAddrDynamicBindingMacIndex
Integer32,
hwIpDslamMacAddrDynamicBindingMacAddr
MacAddress
}
hwIpDslamMacAddrDynamicBindingFlowId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the index of the service port bound to a specified MAC address.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
Range: Begin with 1
"
::= { hwIpDslamMacAddrDynamicBindingEntry 1 }
hwIpDslamMacAddrDynamicBindingMacIndex OBJECT-TYPE
SYNTAX Integer32(0..31)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the index of the MAC address bound to the service port.
Range: 0-31
"
::= { hwIpDslamMacAddrDynamicBindingEntry 2 }
hwIpDslamMacAddrDynamicBindingMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the MAC address bound to a specified service port.
"
::= { hwIpDslamMacAddrDynamicBindingEntry 3 }
hwIpDslamIpAddrDynamicBindingTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamIpAddrDynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is the table for the dynamic binding between the IP address and the service port
and is used for querying the entry of the dynamic binding between the IP address and
the service port.
After anti-IP-spoofing is enabled and the user goes online, the IP address obtained
by the user is bound to the corresponding service port. The packet can be transmitted
upstream through the device only when the source IP address of the packet is the same
as the bound IP address. Otherwise, the packet is discarded.
The indexes of this table are hwIpDslamIpAddrDynamicBindingFlowId and
hwIpDslamIpAddrDynamicBindingIpIndex.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
hwIpDslamIpAddrDynamicBindingIpIndex is the index of the IP address bound to the service
port.
"
::= { hwIpDslamSecurity 8 }
hwIpDslamIpAddrDynamicBindingEntry OBJECT-TYPE
SYNTAX HwIpDslamIpAddrDynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is the table for the dynamic binding between the IP address and the service port
and is used for querying the entry of the dynamic binding between the IP address and
the service port.
After anti-IP-spoofing is enabled and the user goes online, the IP address obtained
by the user is bound to the corresponding service port. The packet can be transmitted
upstream through the device only when the source IP address of the packet is the same
as the bound IP address. Otherwise, the packet is discarded.
The indexes of this entry are hwIpDslamIpAddrDynamicBindingFlowId and
hwIpDslamIpAddrDynamicBindingIpIndex.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
hwIpDslamIpAddrDynamicBindingIpIndex is the index of the IP address bound to the service
port.
"
INDEX { hwIpDslamIpAddrDynamicBindingFlowId, hwIpDslamIpAddrDynamicBindingIpIndex }
::= { hwIpDslamIpAddrDynamicBindingTable 1 }
HwIpDslamIpAddrDynamicBindingEntry ::=
SEQUENCE {
hwIpDslamIpAddrDynamicBindingFlowId
Integer32,
hwIpDslamIpAddrDynamicBindingIpIndex
Integer32,
hwIpDslamIpAddrDynamicBindingIpAddr
IpAddress,
hwIpDslamIpAddrDynamicBindingLeaseTime
Integer32,
hwIpDslamIpAddrDynamicBindingUserMacAddr
MacAddress,
hwIpDslamIpAddrDynamicBindingSubnetMask
IpAddress,
hwIpDslamIpAddrDynamicBindingGatewayIpAddr
IpAddress,
hwIpDslamIpAddrDynamicBindingAllocatedLeaseTime
Integer32,
hwIpDslamIpAddrDynamicBindingDhcpServerIpAddr
IpAddress
}
hwIpDslamIpAddrDynamicBindingFlowId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the index of the service port bound to a specified IP address.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
Range: Begin with 1
"
::= { hwIpDslamIpAddrDynamicBindingEntry 1 }
hwIpDslamIpAddrDynamicBindingIpIndex OBJECT-TYPE
SYNTAX Integer32(0..31)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the index of the IP address bound to the service port.
Range: 0-31
"
::= { hwIpDslamIpAddrDynamicBindingEntry 2 }
hwIpDslamIpAddrDynamicBindingIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the IP address bound to a specified service port.
"
::= { hwIpDslamIpAddrDynamicBindingEntry 3 }
hwIpDslamIpAddrDynamicBindingLeaseTime OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the remaining lease time of the
DHCP user bound to a specified service port.
Unit: second
"
::= { hwIpDslamIpAddrDynamicBindingEntry 4 }
hwIpDslamIpAddrDynamicBindingUserMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the Mac address of the
DHCP user bound to a specified service port.
"
::= { hwIpDslamIpAddrDynamicBindingEntry 5 }
hwIpDslamIpAddrDynamicBindingSubnetMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the Subnet Mask of the
DHCP user bound to a specified service port.
"
::= { hwIpDslamIpAddrDynamicBindingEntry 6 }
hwIpDslamIpAddrDynamicBindingGatewayIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the Gateway IP Address of the
DHCP user bound to a specified service port.
"
::= { hwIpDslamIpAddrDynamicBindingEntry 7 }
hwIpDslamIpAddrDynamicBindingAllocatedLeaseTime OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the initialized lease time of the
DHCP user bound to a specified service port.
Unit: second
"
::= { hwIpDslamIpAddrDynamicBindingEntry 8 }
hwIpDslamIpAddrDynamicBindingDhcpServerIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the IP address of the DHCP Server allocated
the IP address to the DHCP user bound to a specified service port.
"
::= { hwIpDslamIpAddrDynamicBindingEntry 9 }
hwIpDslamDosBlackListTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamDosBlackListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying or deleting the entry of the current blacklist in the system.
The index of this table is hwIpDslamDosBlackListIndex, which uniquely identifies
an entry of the blacklist.
"
::= { hwIpDslamSecurity 9 }
hwIpDslamDosBlackListEntry OBJECT-TYPE
SYNTAX HwIpDslamDosBlackListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying or deleting the entry of the current blacklist in the system.
The index of this entry is hwIpDslamDosBlackListIndex, which uniquely identifies
an entry of the blacklist.
"
INDEX { hwIpDslamDosBlackListIndex }
::= { hwIpDslamDosBlackListTable 1 }
HwIpDslamDosBlackListEntry ::= SEQUENCE {
hwIpDslamDosBlackListIndex Integer32,
hwIpDslamDosBlackListIfIndex Integer32,
hwIpDslamDosBlackListType INTEGER,
hwIpDslamDosBlackListMode INTEGER,
hwIpDslamDosBlackListTime DateAndTime,
hwIpDslamDosBlackListRowStatus RowStatus,
hwIpDslamDosBlackListMatchpara Integer32,
hwIpDslamDosBlackListCid Integer32,
hwIpDslamDosBlackListOntID Integer32,
hwIpDslamDosBlackListLLIndex Integer32
}
hwIpDslamDosBlackListIndex OBJECT-TYPE
SYNTAX Integer32 (1..4096)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index, which uniquely identifies an entry of the blacklist.
Range: 1-4096
"
::= { hwIpDslamDosBlackListEntry 1 }
hwIpDslamDosBlackListIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the Ifindex of the port that generates the DoS attack blacklist.
You can query IfTable by Ifindex to obtain the port type, shelf ID, slot ID,
and port ID.
"
::= { hwIpDslamDosBlackListEntry 2 }
hwIpDslamDosBlackListType OBJECT-TYPE
SYNTAX INTEGER {
unknown(1),
pppoe(2),
dhcp(3),
icmp(4),
arp(5),
pppoa(6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the type of the packet used for the DoS attack.
Currently, judging the packet type is not supported and the
value is fixed to unknown(1).
Options:
1. unknown(1) -indicates the type of the packet used for the DoS attack is unknown
2. pppoe(2) -indicates the type of the packet used for the DoS attack is pppoe
3. dhcp(3) -indicates the type of the packet used for the DoS attack is dhcp
4. icmp(4) -indicates the type of the packet used for the DoS attack is icmp
5. arp(5) -indicates the type of the packet used for the DoS attack is arp
6. pppoa(6) -indicates the type of the packet used for the DoS attack is pppoa
"
::= { hwIpDslamDosBlackListEntry 3 }
hwIpDslamDosBlackListMode OBJECT-TYPE
SYNTAX INTEGER{
dynamic(1),
static(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether the blacklist is dynamically generated based
on the DoS attack or manually and statically configured by the
user.
Options:
1. dynamic(1) -The blacklist is dynamically generated based
on the DoS attack or manually and statically
configured by the user.
2. static(2) -The blacklist is not dynamically generated based
on the DoS attack or manually and statically
configured by the user.
Currently, the value is fixed to dynamic(1).
"
::= { hwIpDslamDosBlackListEntry 4 }
hwIpDslamDosBlackListTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the DoS attack time.
"
::= { hwIpDslamDosBlackListEntry 5 }
hwIpDslamDosBlackListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status. Currently, only the get operation is supported.
In the query operation, the value of this leaf is always active(1).
Options:
1. active(1) -indicates query operation
"
::= { hwIpDslamDosBlackListEntry 6 }
hwIpDslamDosBlackListMatchpara OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the ID of the PON port that generates the DoS attack blacklist.
You can query IfTable by ifIndex to obtain the port type, shelf ID, slot ID, and port ID.
The returned value 65535 indicates an invalid value.
"
::= { hwIpDslamDosBlackListEntry 7 }
hwIpDslamDosBlackListCid OBJECT-TYPE
SYNTAX Integer32 (1..8092)
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"Indicates the CID value of the PVC to which the DoS attack user belongs,
that is, the connection ID of the PVC.The returned value 32 indicates an invalid value.
Range: 1-8092
"
::= { hwIpDslamDosBlackListEntry 8 }
hwIpDslamDosBlackListOntID OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the ID of the ONT that generates the DoS attack blacklist in the case of xPON port.
Or indicates the ID of the CNU that generates the DoS attack blacklist in the case of EoC port.
The returned value 65535 indicates an invalid value.
"
::= { hwIpDslamDosBlackListEntry 9 }
hwIpDslamDosBlackListLLIndex OBJECT-TYPE
SYNTAX Integer32 (0..1023|65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the LLIndex for generating the DoS attack blacklist
in the case of xPON port, indicates gemindex in the case of GPON,
and indicates LLIndex in the case EPON. Currently, the value
is fixed to 0 to facilitate future extension.The returned value 65535 indicates an invalid value.
"
::= { hwIpDslamDosBlackListEntry 10 }
hwIpDslamAntiMacSpoofingPppoeOverallAgingTime OBJECT-TYPE
SYNTAX Integer32 (0|30..3600)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the aging time of the PPPoE user when anti-MAC-spoofing is enabled.
The aging time must be larger than the aging period (the value of hwIpDslamAntiMacSpoofingPppoeAgingPeriod).
The system checks whether the PPPoE user is online in every aging period. If no response is received in the
entire aging time, the system considers that the PPPoE user is offline abnormally.
Range: 0, 30-3600
The value 0 is invalid in current version.
Unit: second
Default: 360
"
::= { hwIpDslamSecurity 10 }
hwIpDslamAntiMacSpoofingPppoeAgingPeriod OBJECT-TYPE
SYNTAX Integer32 (0|30..120)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the aging period of the PPPoE user when anti-MAC spoofing is enabled.
The system checks whether the PPPoE user is online after every aging period. If no response is received
in the entire aging time, the system considers that the PPPoE user is offline abnormally.
Range: 0, 30-120
The value 0 is invalid in current version.
Unit: second
Default: 90
"
::= { hwIpDslamSecurity 11 }
hwIpDslamAntiMacSpoofingDhcpOverallAgingTime OBJECT-TYPE
SYNTAX Integer32(0|360..3600 )
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of DHCP Overall Aging Time when enable the Mac spoofing.
The value 0 is invalid in current version.
Unit: second
Default: 1560
"
::= { hwIpDslamSecurity 12 }
hwIpDslamDesMacAddrFilteringTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamDesMacAddrFilteringEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the destination MAC address filtering function. With this function, the system checks
the destination MAC address of the user packet based on the configured MAC address entry.
If the destination MAC address of the user packet is the same as the MAC address configured in
this table, the packet is discarded.
The index of this table is hwIpDslamDesMacFilteringIndex, which uniquely identifies the MAC address
entry to be filtered by the system.
"
::= { hwIpDslamSecurity 13 }
hwIpDslamDesMacAddrFilteringEntry OBJECT-TYPE
SYNTAX HwIpDslamDesMacAddrFilteringEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the destination MAC address filtering function. With this function, the system checks
the destination MAC address of the user packet based on the configured MAC address entry.
If the destination MAC address of the user packet is the same as the MAC address configured in
this table, the packet is discarded.
The index of this entry is hwIpDslamDesMacFilteringIndex, which uniquely identifies the MAC address
entry to be filtered by the system.
"
INDEX { hwIpDslamDesMacFilteringIndex }
::= { hwIpDslamDesMacAddrFilteringTable 1 }
HwIpDslamDesMacAddrFilteringEntry ::=
SEQUENCE {
hwIpDslamDesMacFilteringIndex
Integer32,
hwIpDslamDesMacFilteringDesMac
MacAddress,
hwIpDslamDesMacFilteringRowStatus
RowStatus
}
hwIpDslamDesMacFilteringIndex OBJECT-TYPE
SYNTAX Integer32(1..4)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index, which uniquely identifies the MAC address entry to be filtered by the system.
"
::= { hwIpDslamDesMacAddrFilteringEntry 1 }
hwIpDslamDesMacFilteringDesMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the MAC address to be filtered.
"
::= { hwIpDslamDesMacAddrFilteringEntry 2 }
hwIpDslamDesMacFilteringRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status. Creating, deleting, and querying MAC address filtering are supported.
In the creation, reserve hwIpDslamDesMacFilteringIndex, hwIpDslamDesMacFilteringDesMac,
and hwIpDslamDesMacFilteringRowStatus; set hwIpDslamDesMacFilteringRowStatus to createAndGo(4).
The range of hwIpDslamDesMacFilteringIndex is [1, 4] and the index must be specified.
In the deletion, you only need to reserve hwIpDslamDesMacFilteringDesMac and hwIpDslamDesMacFilteringRowStatus;
set hwIpDslamDesMacFilteringDesMac to the MAC address to be deleted, set hwIpDslamDesMacFilteringRowStatus
to destroy(6), and then click set to delete the MAC address.
hwIpDslamDesMacFilteringIndex must be specified and issued in the query.
Options:
1. active(1) -indicates query operation
2. createAndGo(4) -create MAC address filtering
3. destroy(6) -delete MAC address filtering
"
::= { hwIpDslamDesMacAddrFilteringEntry 3 }
hwIpDslamDynSrcMacAddrFilteringTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamDynSrcMacAddrFilteringEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying the dynamically learned MAC address on the network side. The system checks the source
MAC address of the user packet based on this MAC address entry.
If the source MAC address of the user packet is the same as the MAC address in this table, the packet is
discarded.
The index of this table is hwIpDslamDynSrcMacFilteringIndex, which uniquely identifies the MAC address
entry to be filtered by the system.
"
::= { hwIpDslamSecurity 14 }
hwIpDslamDynSrcMacAddrFilteringEntry OBJECT-TYPE
SYNTAX HwIpDslamDynSrcMacAddrFilteringEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying the dynamically learned MAC address on the network side. The system checks the source
MAC address of the user packet based on this MAC address entry.
If the source MAC address of the user packet is the same as the MAC address in this table, the packet is
discarded.
The index of this entry is hwIpDslamDynSrcMacFilteringIndex, which uniquely identifies the MAC address
entry to be filtered by the system.
"
INDEX { hwIpDslamDynSrcMacFilteringIndex }
::= { hwIpDslamDynSrcMacAddrFilteringTable 1 }
HwIpDslamDynSrcMacAddrFilteringEntry ::=
SEQUENCE {
hwIpDslamDynSrcMacFilteringIndex
Integer32,
hwIpDslamDynSrcMacFilteringSrcMac
MacAddress,
hwIpDslamDynSrcMacFilteringVlan
Unsigned32
}
hwIpDslamDynSrcMacFilteringIndex OBJECT-TYPE
SYNTAX Integer32(1..1040)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the index, which uniquely identifies
the MAC address entry to be filtered by the system.
Range: 1-1040
"
::= { hwIpDslamDynSrcMacAddrFilteringEntry 1 }
hwIpDslamDynSrcMacFilteringSrcMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the MAC address to be filtered.
"
::= { hwIpDslamDynSrcMacAddrFilteringEntry 2 }
hwIpDslamDynSrcMacFilteringVlan OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates VLAN ID of the MAC address to be filtered.
"
::= { hwIpDslamDynSrcMacAddrFilteringEntry 3 }
hwIpDslamMacAbnormalDetectStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The switch of the Mac-Abnormal-Detect function.
Options:
1. enabled(1) -indicates the Mac-Abnormal-Detect function is enabled
2. disabled(2) -indicates the Mac-Abnormal-Detect function is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 15 }
hwIpDslamMacAbnormalDetectIntervalTime OBJECT-TYPE
SYNTAX Integer32 ( 30..3600 )
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The interval of the Mac-Abnormal-Detect.
Range: 30-3600
Unit: second
Default: 60
"
::= { hwIpDslamSecurity 16 }
hwIpDslamAntiIpServicePortTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamAntiIpServicePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for enabling or disabling anti-IP-spoofing of the service port. Anti-IP-spoofing
on a service port takes effect only when it is enabled globally and is enabled on this
service port.
The index of this table is hwIpDslamAntiIpServicePortIndex, indicating the index of the
service port. The service port corresponding to this index must already be created in
hwExtSrvFlowEntry.
"
::= { hwIpDslamSecurity 17 }
hwIpDslamAntiIpServicePortEntry OBJECT-TYPE
SYNTAX HwIpDslamAntiIpServicePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for enabling or disabling anti-IP-spoofing of the service port. Anti-IP-spoofing
on a service port takes effect only when it is enabled globally and is enabled on this
service port.
The index of this entry is hwIpDslamAntiIpServicePortIndex, indicating the index of the
service port. The service port corresponding to this index must already be created in
hwExtSrvFlowEntry.
"
INDEX { hwIpDslamAntiIpServicePortIndex }
::= { hwIpDslamAntiIpServicePortTable 1 }
HwIpDslamAntiIpServicePortEntry ::=
SEQUENCE {
hwIpDslamAntiIpServicePortIndex
Integer32,
hwIpDslamAntiIpServicePortStatus
EnabledStatus,
hwIpDslamAntiIpv6ServicePortStatus
EnabledStatus
}
hwIpDslamAntiIpServicePortIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the service port bound to a specified IP address.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
Range: Begin with 1
"
::= { hwIpDslamAntiIpServicePortEntry 1 }
hwIpDslamAntiIpServicePortStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the anti-IP-spoofing status of the service port.
Options:
1. enabled(1) -indicates the anti-IP-spoofing status is enabled
2. disabled(2) -indicates the anti-IP-spoofing status is disabled
Default: enabled(1)
"
::= { hwIpDslamAntiIpServicePortEntry 2 }
hwIpDslamAntiIpv6ServicePortStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the anti-IPv6-spoofing status of the service port.
Options:
1. enabled(1) -indicates the anti-IPv6-spoofing status is enabled
2. disabled(2) -indicates the anti-IPv6-spoofing status is disabled
Default: enabled(1)
"
::= { hwIpDslamAntiIpServicePortEntry 3 }
hwIpDslamAntiDosAlarmThreshold OBJECT-TYPE
SYNTAX Integer32 ( 10..200 )
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The alarm threshold of ANTI-DOS. if a PVC send the packets to CPU more than the threshold in one second, the DoS generated.
Range: 10-200
Default: 20
"
::= { hwIpDslamSecurity 18 }
hwIpDslamAntiDosPortAction OBJECT-TYPE
SYNTAX INTEGER{
deactive(1),
none(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The port action of DoS occurs.
Options:
1. deactive(1) -disactive the user.
2. none(2) -do nothing.
Default: deactive(1)
"
::= { hwIpDslamSecurity 19 }
hwIpDslamAntiDosResumeTime OBJECT-TYPE
SYNTAX Integer32 ( 10..2880 )
UNITS "minute"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The port resume time of ANTI-DOS, it must be a multiple of 10.
Range: 10-2880
Unit: minute
Default: 60
"
::= { hwIpDslamSecurity 20 }
hwIpDslamArpDetectMode OBJECT-TYPE
SYNTAX INTEGER{
gateway(1),
dummy(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the arp detection mode.
when dhcp spoofing send the arp detecting packet,use the gateway mode,
the source mac will be the gateway mac,or if use the dummy mode, the
source mac will be the mac of the bridge and the ip address should set to 0.
Options:
1. gateway(1) -the source mac will be the gateway mac
2. dummy(2) -the source mac will be the bridge mac
Default: dummy(2)
"
::= { hwIpDslamSecurity 21 }
hwIpDslamSecurityVlanCtrlTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamSecurityVlanCtrlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table used to configure the IP-spoofing based on VLAN.
The index of this table is hwIpDslamSecurityVlanCtrlIndex.
"
::= { hwIpDslamSecurity 22 }
hwIpDslamSecurityVlanCtrlEntry OBJECT-TYPE
SYNTAX HwIpDslamSecurityVlanCtrlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table used to configure the IP-spoofing based on VLAN.
The index of this entry is hwIpDslamSecurityVlanCtrlIndex.
"
INDEX { hwIpDslamSecurityVlanCtrlIndex }
::= { hwIpDslamSecurityVlanCtrlTable 1 }
HwIpDslamSecurityVlanCtrlEntry ::=
SEQUENCE {
hwIpDslamSecurityVlanCtrlIndex
Integer32,
hwIpDslamSecurityVlanCtrlIpSpoofing
INTEGER
}
hwIpDslamSecurityVlanCtrlIndex OBJECT-TYPE
SYNTAX Integer32 (1..4093)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of the table, identifier a VLAN ID.
"
::= { hwIpDslamSecurityVlanCtrlEntry 1 }
hwIpDslamSecurityVlanCtrlIpSpoofing OBJECT-TYPE
SYNTAX INTEGER
{
disable(1),
enable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The status of anti-ipspoofing switch.
Options:
1. disable(1) -disable the switch
2. enable(2) -enable the switch
"
::= { hwIpDslamSecurityVlanCtrlEntry 2 }
-- ANTI-DoS attack policy
hwIpDslamAntiDosPolicy OBJECT-TYPE
SYNTAX INTEGER
{
default(1),
deactivePorts(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The Policy of ANTI-DOS.
Options:
1. default(1) -default process
2. deactivePorts(2) -deactive the xdsl port which detects dos attack happened based on default process
Default: default(1)
"
::= { hwIpDslamSecurity 23 }
-- anti-dos attack packet process policy
hwIpDslamAntiDosPacketProcPolicy OBJECT-TYPE
SYNTAX INTEGER {deny(1),permit(2)}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the policy for processing packets in anti-DoS-attack.
Options:
1. deny(1) -denies processing packets in anti-DoS-attack
2. permit(2) -permits processing packets in anti-DoS-attack
Default: deny(1)
"
::= { hwIpDslamSecurity 24 }
-- anti-dos attack packet limit table
hwIpDslamAntiDosPacketLimitTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamAntiDosPacketLimitEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for setting or querying the threshold for the port-based packet rate in anti-DoS-attack.
The traffic exceeding this threshold is discarded.
The indexes of this table are hwIpDslamAntiDosPacketLimitIfIndex, hwIpDslamAntiDosPacketLimitSecondIndex,
and hwIpDslamAntiDosPacketLimitThirdIndex.
hwIpDslamAntiDosPacketLimitIfIndex is the port index and its meaning is the same as that of
ifIndex in ifTable of rfc1213 IF_MIB.
hwIpDslamAntiDosPacketLimitSecondIndex is the second index of the table. The meaning varies with
the port type. It must be 0xFFFFFFFF for the DSL or ETH port, and is the ONT ID or 0xFFFFFFFF for the xPON port.
hwIpDslamAntiDosPacketLimitThirdIndex is the third index of the table. The meaning varies with
the port type. It must be 0xFFFFFFFF for the DSL, ETH, or EPON port, and its value is gemindex
or gemport ID for the GPON port.
When hwIpDslamAntiDosPacketLimitIfIndex is 0xFFFFFFFD, hwIpDslamAntiDosPacketLimitSecondIndex indicates
the GPON end to end service flow index and hwIpDslamAntiDosPacketLimitThirdIndex is invalid value 0xFFFFFFFF.
"
::= { hwIpDslamSecurity 25 }
hwIpDslamAntiDosPacketLimitEntry OBJECT-TYPE
SYNTAX HwIpDslamAntiDosPacketLimitEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for setting or querying the threshold for the port-based packet rate in anti-DoS-attack.
The traffic exceeding this threshold is discarded.
The indexes of this entry are hwIpDslamAntiDosPacketLimitIfIndex, hwIpDslamAntiDosPacketLimitSecondIndex,
and hwIpDslamAntiDosPacketLimitThirdIndex.
hwIpDslamAntiDosPacketLimitIfIndex is the port index and its meaning is the same as that of
ifIndex in ifTable of rfc1213 IF_MIB.
hwIpDslamAntiDosPacketLimitSecondIndex is the second index of the table. The meaning varies with
the port type. It must be 0xFFFFFFFF for the DSL or ETH port, and is the ONT ID or 0xFFFFFFFF for the xPON port.
hwIpDslamAntiDosPacketLimitThirdIndex is the third index of the table. The meaning varies with
the port type. It must be 0xFFFFFFFF for the DSL, ETH, or EPON port, and its value is gemindex
or gemport ID for the GPON port.
When hwIpDslamAntiDosPacketLimitIfIndex is 0xFFFFFFFD, hwIpDslamAntiDosPacketLimitSecondIndex indicates
the GPON end to end service flow index and hwIpDslamAntiDosPacketLimitThirdIndex is invalid value 0xFFFFFFFF.
"
INDEX {
hwIpDslamAntiDosPacketLimitIfIndex,
hwIpDslamAntiDosPacketLimitSecondIndex,
hwIpDslamAntiDosPacketLimitThirdIndex
}
::= { hwIpDslamAntiDosPacketLimitTable 1 }
HwIpDslamAntiDosPacketLimitEntry ::=
SEQUENCE {
hwIpDslamAntiDosPacketLimitIfIndex
Integer32,
hwIpDslamAntiDosPacketLimitSecondIndex
Integer32,
hwIpDslamAntiDosPacketLimitThirdIndex
Integer32,
hwIpDslamAntiDosPacketLimitValue
Integer32,
hwIpDslamAntiDosPacketLimitRowStatus
RowStatus,
hwIpDslamAntiDosIgmpPacketLimitValue
Integer32,
hwIpDslamAntiDosDhcpPacketLimitValue
Integer32,
hwIpDslamAntiDosArpPacketLimitValue
Integer32,
hwIpDslamAntiDosPppoePacketLimitValue
Integer32
}
hwIpDslamAntiDosPacketLimitIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Its meaning is the same as that of ifIndex in ifTable of rfc1213 IF_MIB.
"
::= { hwIpDslamAntiDosPacketLimitEntry 1 }
hwIpDslamAntiDosPacketLimitSecondIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the second index. The meaning varies with the port type.
It must be 0xFFFFFFFF for the DSL or ETH port, and is the ONT ID or 0xFFFFFFFF for the xPON port.
When hwIpDslamAntiDosPacketLimitIfIndex is 0xFFFFFFFD, hwIpDslamAntiDosPacketLimitSecondIndex indicates
the GPON end to end service flow index.
"
::= { hwIpDslamAntiDosPacketLimitEntry 2 }
hwIpDslamAntiDosPacketLimitThirdIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the third index. The meaning varies with the port type.
It must be 0xFFFFFFFF for the DSL, ETH, or EPON port and its value is gemindex or gemport ID for the GPON port.
It must be 0xFFFFFFFF When hwIpDslamAntiDosPacketLimitIfIndex is 0xFFFFFFFD.
"
::= { hwIpDslamAntiDosPacketLimitEntry 3 }
hwIpDslamAntiDosPacketLimitValue OBJECT-TYPE
SYNTAX Integer32 (-1|0..254)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the threshold for the packet rate of the port.
The value -1 is returned if the port does not support this operation.
The unit is pps.
"
DEFVAL { 63 }
::= { hwIpDslamAntiDosPacketLimitEntry 4 }
hwIpDslamAntiDosPacketLimitRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status and is used for setting or querying the threshold for
the packet rate in anti-DoS-attack. The option createAndGo(4) or destroy(6)
is not supported during setting or query. During query,
active(1) is fixedly returned for this leaf.
Options:
1. active(1) -indicates query operation
"
DEFVAL { active }
::= { hwIpDslamAntiDosPacketLimitEntry 5 }
hwIpDslamAntiDosIgmpPacketLimitValue OBJECT-TYPE
SYNTAX Integer32 (-1|0..63|65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the threshold for the IGMP packet rate of the port.
The value -1 is returned if the port does not support this operation.
The value 65535 means that the port does not limit the IGMP packet rate.
The unit is pps.
"
DEFVAL { 65535 }
::= { hwIpDslamAntiDosPacketLimitEntry 6 }
hwIpDslamAntiDosDhcpPacketLimitValue OBJECT-TYPE
SYNTAX Integer32 (-1|0..63|65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the threshold for the DHCP packet rate of the port.
The value -1 is returned if the port does not support this operation.
The value 65535 means that the port does not limit the DHCP packet rate.
The unit is the number of packets per period. The period is defined in hwIpDslamAntiDosDhcpPacketLimitPeriod.
"
DEFVAL { 65535 }
::= { hwIpDslamAntiDosPacketLimitEntry 7 }
hwIpDslamAntiDosArpPacketLimitValue OBJECT-TYPE
SYNTAX Integer32 (-1|0..63|65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the threshold for the ARP packet rate of the port.
The value -1 is returned if the port does not support this operation.
The value 65535 means that the port does not limit the ARP packet rate.
The unit is pps.
"
DEFVAL { 65535 }
::= { hwIpDslamAntiDosPacketLimitEntry 8 }
hwIpDslamAntiDosPppoePacketLimitValue OBJECT-TYPE
SYNTAX Integer32 (-1|0..63|65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the threshold for the PPPoE packet rate of the port.
The value -1 is returned if the port does not support this operation.
The value 65535 means that the port does not limit the PPPoE packet rate.
The unit is pps.
"
DEFVAL { 65535 }
::= { hwIpDslamAntiDosPacketLimitEntry 9 }
-- the traps VbOids
hwIpDslamTrapsVbOids OBJECT IDENTIFIER ::= { hwIpDslamSecurity 26 }
hwMacAddressBoundToAnotherPort OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Mac address bound to another port.
"
::= { hwIpDslamTrapsVbOids 1 }
hwIpAddressCarriedInPackets OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IP Address carried in the packets.
"
::= { hwIpDslamTrapsVbOids 2 }
hwIpDslamBindIpFailedIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IP Address."
::= { hwIpDslamTrapsVbOids 3 }
hwIpDslamBindMacFailedMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"MAC Address."
::= { hwIpDslamTrapsVbOids 4 }
hwIpDslamSecurityXponOntIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"xPON ONT ID."
::= { hwIpDslamTrapsVbOids 5 }
hwIpDslamDoSAttackOccurEocCnuID OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"EoC CNU ID."
::= { hwIpDslamTrapsVbOids 6 }
hwIpDslamBindIpFailedIpv6Addr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IPv6 Address."
::= { hwIpDslamTrapsVbOids 7 }
hwIpDslamBindIpFailedIpv6PrefixLength OBJECT-TYPE
SYNTAX Integer32(1..128)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IPv6 Address Prefix Length."
::= { hwIpDslamTrapsVbOids 8 }
hwIpDslamIpv6AddressCarriedInPackets OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IPv6 Address carried in the packets."
::= { hwIpDslamTrapsVbOids 9 }
hwIpDslamIpv6AddressPrefixlengthCarriedInPackets OBJECT-TYPE
SYNTAX Integer32(1..128)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"IPv6 Address Prefix length carried in the packets."
::= { hwIpDslamTrapsVbOids 10 }
hwIpDslamAddressAllocationMode OBJECT-TYPE
SYNTAX INTEGER
{
dhcp(1),
dhcpv6(2),
slaac(3)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The allocation mode of IP Address or IPv6 Address.
Options:
1. dhcp(1) -indicates IP Address is allocated by DHCP
2. dhcpv6(2) -indicates IPv6 Address is allocated by DHCPv6
3. slaac(3) -indicates IPv6 Address is allocated by SLAAC
"
::= { hwIpDslamTrapsVbOids 11 }
hwIpDslamServerIpAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The IP address of DHCP Server.
"
::= { hwIpDslamTrapsVbOids 12 }
hwIpDslamServerIpv6Address OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The IPv6 address of Server.
"
::= { hwIpDslamTrapsVbOids 13 }
hwIpDslamDoSAttackOccurCMIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"CM Index."
::= { hwIpDslamTrapsVbOids 14 }
hwIpDslamDoSAttackOccurCMMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"CM MAC address, is same with docsIfCmtsCmMac from DOCS-IF-MIB."
::= { hwIpDslamTrapsVbOids 15 }
hwIpDslamNotifyCMIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"CM Index."
::= { hwIpDslamTrapsVbOids 16 }
hwIpDslamNotifyCMMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"CM MAC address, same as docsIfCmtsCmMac from DOCS-IF-MIB."
::= { hwIpDslamTrapsVbOids 17 }
hwIpDslamTraps OBJECT IDENTIFIER ::= { hwIpDslamSecurity 27 }
hwIpDslamCommonTraps OBJECT IDENTIFIER ::= { hwIpDslamTraps 1 }
hwIpDslamCommonTrapsPrefix OBJECT IDENTIFIER ::= { hwIpDslamCommonTraps 0 }
hwIpDslamAlarmTraps OBJECT IDENTIFIER ::= { hwIpDslamTraps 2 }
hwIpDslamAlarmTrapsPrefix OBJECT IDENTIFIER ::= { hwIpDslamAlarmTraps 0 }
-- common traps
hwIpDslamBindMacFailedTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwIpDslamBindIpFailedIpAddr,
hwIpDslamBindMacFailedMacAddr
}
STATUS current
DESCRIPTION
"The hwIpDslamBindMacFailedTrap will be sent when bind mac failed.
The hwIpDslamBindIpFailedIpAddr is the user ip address, the hwIpDslamBindMacFailedMacAddr is the user mac address,
they are defined in hwIpDslamTrapsVbOids.
"
::= { hwIpDslamCommonTraps 0 1 }
hwIpDslamBindIpFailedTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwIpDslamBindIpFailedIpAddr,
hwIpDslamBindMacFailedMacAddr
}
STATUS current
DESCRIPTION
"The hwIpDslamBindIpFailedTrap will be sent when bind ip failed.
The hwIpDslamBindIpFailedIpAddr is the user ip address, the hwIpDslamBindMacFailedMacAddr is the user mac address,
they are defined in hwIpDslamTrapsVbOids.
"
::= { hwIpDslamCommonTraps 0 2 }
hwIpDslamBindIpv6FailedTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwIpDslamBindMacFailedMacAddr,
hwIpDslamBindIpFailedIpv6Addr,
hwIpDslamBindIpFailedIpv6PrefixLength
}
STATUS current
DESCRIPTION
"The hwIpDslamBindIpv6FailedTrap will be sent when bind ipv6 failed.
The hwIpDslamBindIpFailedIpv6Addr is the user ipv6 address, the hwIpDslamBindMacFailedMacAddr is the user mac address,
hwIpDslamBindIpFailedIpv6PrefixLength is prefix length of ipv6
address. they are defined in hwIpDslamTrapsVbOids.
"
::= { hwIpDslamCommonTraps 0 3 }
-- alarm traps
hwIpDslamP2pPortDoSAttackOccurTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamP2pPortDoSAttackOccurTrap will be sent
when a DoS attack occurred in the P2P port.
"
::= { hwIpDslamAlarmTraps 0 1 }
hwIpDslamP2pPortDoSAttackDisappearTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamP2pPortDoSAttackDisappearTrap will be sent
when a DoS attack disappearss from the P2P port.
"
::= { hwIpDslamAlarmTraps 0 2 }
hwIpDslamDistributingModeGponPortDoSAttackOccurTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDevicePortidObjectIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamDistributingModeGponPortDoSAttackOccurtTrap will be sent
when a DoS attack occurred on the GPON port.
"
::= { hwIpDslamAlarmTraps 0 3 }
hwIpDslamDistributingModeGponPortDoSAttackDisappearTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDevicePortidObjectIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamDistributingModeGponPortDoSAttackDisappearTrap will be sent
when a DoS attack disappears from the GPON port.
"
::= { hwIpDslamAlarmTraps 0 4 }
hwIpDslamEponPortDoSAttackOccurTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwEponDeviceOntIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamEponPortDoSAttackOccurTrap will be sent
when a DoS attack occurred on the EPON port.
"
::= { hwIpDslamAlarmTraps 0 5 }
hwIpDslamEponPortDoSAttackDisappearTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwEponDeviceOntIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamEponPortDoSAttackDisappearTrap will be sent
when a DoS attack disappears from the EPON port.
"
::= { hwIpDslamAlarmTraps 0 6 }
hwIpDslamProfileModeGponPortDoSAttackOccurTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDeviceOntIndex,
hwGponDeviceLineProfGemCfgGemIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamProfileModeGponPortDoSAttackOccurTrap will be sent
when a DoS attack occurred on the GPON port.
"
::= { hwIpDslamAlarmTraps 0 7 }
hwIpDslamProfileModeGponPortDoSAttackDisappearTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDeviceOntIndex,
hwGponDeviceLineProfGemCfgGemIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamProfileModeGponPortDoSAttackDisappearTrap will be sent
when a DoS attack disappears from the GPON port.
"
::= { hwIpDslamAlarmTraps 0 8 }
hwIpDslamMacAddressBoundToAnotherPortTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwVlanIndex,
hwExtSrvFlowIndex,
hwMacAddressBoundToAnotherPort
}
STATUS current
DESCRIPTION
"The hwIpDslamMacAddressBoundToAnotherPortTrap will be sent
when a MAC address that is bound to another port occurred on the port.
The hwMacAddressBoundToAnotherPort is the mac address bound to another port, defined in hwIpDslamTrapsVbOids.
"
::= { hwIpDslamAlarmTraps 0 9 }
hwIpDslamIpDifferFromBindIpTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwVlanIndex,
hwIpDslamIpAddrDynamicBindingFlowId,
hwIpDslamIpAddrDynamicBindingIpAddr,
hwIpAddressCarriedInPackets
}
STATUS current
DESCRIPTION
"The hwIpDslamIpDifferFromBindIpTrap will be sent
when the IP address which is different from the binding IP address.
The hwIpAddressCarriedInPackets is ip address carried in packets, defined in hwIpDslamTrapsVbOids.
"
::= { hwIpDslamAlarmTraps 0 10 }
hwIpDslamMacAddressBoundToAnotherXponPortTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwVlanIndex,
hwExtSrvFlowIndex,
hwIpDslamSecurityXponOntIndex,
hwMacAddressBoundToAnotherPort
}
STATUS current
DESCRIPTION
"The hwIpDslamMacAddressBoundToAnotherXponPortTrap will be sent
when a MAC address that is bound to another port occurred on the port.
The hwMacAddressBoundToAnotherPort is the mac address bound to another port, defined in hwIpDslamTrapsVbOids.
"
::= { hwIpDslamAlarmTraps 0 11 }
hwIpDslamEocPortDoSAttackOccurTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwIpDslamDoSAttackOccurEocCnuID
}
STATUS current
DESCRIPTION
"The hwIpDslamEocPortDoSAttackOccurTrap will be sent
when a DoS attack occurred on the EoC port.
"
::= { hwIpDslamAlarmTraps 0 12 }
hwIpDslamEocPortDoSAttackDisappearTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwIpDslamDoSAttackOccurEocCnuID
}
STATUS current
DESCRIPTION
"The hwIpDslamEocPortDoSAttackDisappearTrap will be sent
when a DoS attack disappears from the EoC port.
"
::= { hwIpDslamAlarmTraps 0 13 }
hwIpDslamIpv6DifferFromBindIpv6Trap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwVlanIndex,
hwFlowID,
hwIpDslamIpv6AddressCarriedInPackets,
hwIpDslamIpv6AddressPrefixlengthCarriedInPackets
}
STATUS current
DESCRIPTION
"The hwIpDslamIpv6DifferFromBindIpv6Trap will be sent
when the IPv6 address which is different from the binding IPv6 address.
The hwIpDslamIpv6AddressCarriedInPackets is IPv6 address carried in packets,
the hwIpDslamIpv6AddressPrefixlengthCarriedInPackets is prefix length of IPv6 address carried in packets,
they are defined in hwIpDslamTrapsVbOids.
"
::= { hwIpDslamAlarmTraps 0 14 }
hwIpDslamAllocatedIpConflictTrap NOTIFICATION-TYPE
OBJECTS {
hwVlanIndex,
hwIpDslamServerIpAddress,
hwIpDslamAddressAllocationMode,
hwIpAddressCarriedInPackets
}
STATUS current
DESCRIPTION
"The hwIpDslamAllocatedIpConflictTrap will be sent
when the IP address allocated by the server is the same as the IP address bound to an existing user,
hwIpDslamServerIpAddress is the IP address of DHCP server, defined in hwIpDslamTrapsVbOids,
hwIpDslamAddressAllocationMode is the allocation mode of IP Address or IPv6 Address,
defined in hwIpDslamTrapsVbOids.
"
::= { hwIpDslamAlarmTraps 0 15 }
hwIpDslamAllocatedIpv6ConflictTrap NOTIFICATION-TYPE
OBJECTS {
hwVlanIndex,
hwIpDslamServerIpv6Address,
hwIpDslamAddressAllocationMode,
hwIpDslamIpv6AddressCarriedInPackets,
hwIpDslamIpv6AddressPrefixlengthCarriedInPackets
}
STATUS current
DESCRIPTION
"The hwIpDslamAllocatedIpv6ConflictTrap will be sent
when the IPv6 address allocated by the server is the same as the IPv6 address bound to an existing user,
hwIpDslamServerIpv6Address is the IPv6 address of server, defined in hwIpDslamTrapsVbOids.
"
::= { hwIpDslamAlarmTraps 0 16 }
hwIpDslamP2pPortDataPackageIpSpoofingTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamP2pPortDataPackageIpSpoofingTrap will be sent
when the port receives the forwarding plane IPv4 spoofing packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 17 }
hwIpDslamDistributingModeGponPortDataPackageIpSpoofingTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDevicePortidObjectIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamDistributingModeGponPortDataPackageIpSpoofingTrap will be sent
when the GEM port receives the forwarding plane IPv4 spoofing packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 18 }
hwIpDslamProfileModeGponPortDataPackageIpSpoofingTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDeviceOntIndex,
hwGponDeviceLineProfGemCfgGemIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamProfileModeGponPortDataPackageIpSpoofingTrap will be sent
when the GEM port receives the forwarding plane IPv4 spoofing packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 19 }
hwIpDslamP2pPortDataPackageIpv6SpoofingTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamP2pPortDataPackageIpv6SpoofingTrap will be sent
when the port receives the forwarding plane IPv6 spoofing packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 20 }
hwIpDslamDistributingModeGponPortDataPackageIpv6SpoofingTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDevicePortidObjectIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamDistributingModeGponPortDataPackageIpv6SpoofingTrap will be sent
when the GEM port receives the forwarding plane IPv6 spoofing packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 21 }
hwIpDslamProfileModeGponPortDataPackageIpv6SpoofingTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDeviceOntIndex,
hwGponDeviceLineProfGemCfgGemIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamProfileModeGponPortDataPackageIpv6SpoofingTrap will be sent
when the GEM port receives the forwarding plane IPv6 spoofing packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 22 }
hwIpDslamP2pPortDataPackageMacSpoofingTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamP2pPortDataPackageMacSpoofingTrap will be sent
when the port receives the forwarding plane MAC spoofing packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 23 }
hwIpDslamDistributingModeGponPortDataPackageMacSpoofingTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDevicePortidObjectIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamDistributingModeGponPortDataPackageMacSpoofingTrap will be sent
when the GEM port receives the forwarding plane MAC spoofing packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 24 }
hwIpDslamProfileModeGponPortDataPackageMacSpoofingTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDeviceOntIndex,
hwGponDeviceLineProfGemCfgGemIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamProfileModeGponPortDataPackageMacSpoofingTrap will be sent
when the GEM port receives the forwarding plane MAC spoofing packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 25 }
hwIpDslamP2pPortIllegleArpTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamP2pPortIllegleArpTrap will be sent
when the port receives the forwarding plane invalid ARP packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 26 }
hwIpDslamDistributingModeGponPortIllegleArpTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDevicePortidObjectIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamDistributingModeGponPortIllegleArpTrap will be sent
when the GEM port receives the forwarding plane invalid ARP packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 27 }
hwIpDslamProfileModeGponPortIllegleArpTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwGponDeviceOntIndex,
hwGponDeviceLineProfGemCfgGemIndex
}
STATUS current
DESCRIPTION
"The hwIpDslamProfileModeGponPortIllegleArpTrap will be sent
when the GEM port receives the forwarding plane invalid ARP packet sent by the user.
"
::= { hwIpDslamAlarmTraps 0 28 }
hwIpDslamCMPortDoSAttackOccurTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwIpDslamDoSAttackOccurCMIndex,
hwIpDslamDoSAttackOccurCMMacAddress
}
STATUS current
DESCRIPTION
"The hwIpDslamCMPortDoSAttackOccurTrap will be sent
when a DoS attack occurred on the CMC.
"
::= { hwIpDslamAlarmTraps 0 29 }
hwIpDslamCMPortDoSAttackDisappearTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwIpDslamDoSAttackOccurCMIndex,
hwIpDslamDoSAttackOccurCMMacAddress
}
STATUS current
DESCRIPTION
"The hwIpDslamCMPortDoSAttackDisappearTrap will be sent
when a DoS attack disappears from the CMC.
"
::= { hwIpDslamAlarmTraps 0 30 }
hwIpDslamOntBcAttackOccurTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwIpDslamAntiBcAttackOntQueryOntId
}
STATUS current
DESCRIPTION
"The hwIpDslamOntBcAttackOccurTrap will be sent when the ONT occurred the broadcast-attack.
"
::= { hwIpDslamAlarmTraps 0 31 }
hwIpDslamCMTSMacAddressBoundToAnotherPortTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwVlanIndex,
hwIpDslamNotifyCMIndex,
hwIpDslamNotifyCMMacAddress,
hwMacAddressBoundToAnotherPort
}
STATUS current
DESCRIPTION
"The hwIpDslamCMTSMacAddressBoundToAnotherPortTrap will be sent
when the user of this CM uses a MAC address bound to another user or not bound to this user.
"
::= { hwIpDslamAlarmTraps 0 32 }
hwIpDslamCMTSIpDifferFromBindIpTrap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwVlanIndex,
hwIpDslamNotifyCMIndex,
hwIpDslamNotifyCMMacAddress,
hwIpAddressCarriedInPackets
}
STATUS current
DESCRIPTION
"The hwIpDslamCMTSIpDifferFromBindIpTrap will be sent
when the user of this CM uses an IP address not bound to this user.
"
::= { hwIpDslamAlarmTraps 0 33 }
hwIpDslamCMTSIpv6DifferFromBindIpv6Trap NOTIFICATION-TYPE
OBJECTS {
hwFrameIndex,
hwSlotIndex,
hwPortIndex,
hwVlanIndex,
hwIpDslamNotifyCMIndex,
hwIpDslamNotifyCMMacAddress,
hwIpDslamIpv6AddressCarriedInPackets,
hwIpDslamIpv6AddressPrefixlengthCarriedInPackets
}
STATUS current
DESCRIPTION
"The hwIpDslamCMTSIpv6DifferFromBindIpv6Trap will be sent
when the user of this CM uses an IPv6 address not bound to this user.
"
::= { hwIpDslamAlarmTraps 0 34 }
-- Security conflict log table
hwIpDslamSecurityConflictLogTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamSecurityConflictLogEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying the IP/MAC conflict logs of the DHCP, PPPOE, SLAAC and DHCPv6 packets when the
anti-IP-spoofing or anti-MAC-spoofing is enabled.
The index of this table is hwIpDslamSecurityConflictLogIndex, which is the index of the control
module of the system conflict logs.
"
::= { hwIpDslamSecurity 28 }
hwIpDslamSecurityConflictLogEntry OBJECT-TYPE
SYNTAX HwIpDslamSecurityConflictLogEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying the IP/MAC conflict logs of the DHCP, PPPOE, SLAAC and DHCPv6 packets when the
anti-IP-spoofing or anti-MAC-spoofing is enabled.
The index of this entry is hwIpDslamSecurityConflictLogIndex, which is the index of the control
module of the system conflict logs.
"
INDEX { hwIpDslamSecurityConflictLogIndex }
::= { hwIpDslamSecurityConflictLogTable 1 }
HwIpDslamSecurityConflictLogEntry ::=
SEQUENCE {
hwIpDslamSecurityConflictLogIndex
Unsigned32,
hwIpDslamSecurityConflictLogVLAN
Unsigned32,
hwIpDslamSecurityConflictLogMAC
MacAddress,
hwIpDslamSecurityConflictLogIP
IpAddress,
hwIpDslamSecurityConflictLogFlowid
Unsigned32,
hwIpDslamSecurityConflictLogTime
DateAndTime,
hwIpDslamSecurityConflictLogClear
INTEGER,
hwIpDslamSecurityIPv6ConflictLogIpv6Prefix
InetAddress,
hwIpDslamSecurityConflictLogType
INTEGER,
hwIpDslamSecurityConflictLogCmIndex
Unsigned32
}
hwIpDslamSecurityConflictLogIndex OBJECT-TYPE
SYNTAX Unsigned32(0..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the log.
The range of index is 1 to 256 when get the system conflict logs.
The range of index is 0 to 4294967295 when clear the system conflict logs. The device will ignore the index and clear all the system conflict logs.
"
::= { hwIpDslamSecurityConflictLogEntry 1 }
hwIpDslamSecurityConflictLogVLAN OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"VLAN ID of the log, recorded when IP/MAC conflict occurred.
"
::= { hwIpDslamSecurityConflictLogEntry 2 }
hwIpDslamSecurityConflictLogMAC OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"MAC address of the log, recorded when IP/MAC conflict occurred.
"
::= { hwIpDslamSecurityConflictLogEntry 3 }
hwIpDslamSecurityConflictLogIP OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"IP address of the log, recorded when IP/MAC conflict occurred.
"
::= { hwIpDslamSecurityConflictLogEntry 4 }
hwIpDslamSecurityConflictLogFlowid OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Service port index of the log, recorded when IP/MAC conflict occurred.
"
::= { hwIpDslamSecurityConflictLogEntry 5 }
hwIpDslamSecurityConflictLogTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The date and time of the log generated.
For example, Tuesday May 26, 1992 at 1:30:15 PM EDT would be displayed as:
1992-5-26,13:30:15.0,-4:0
"
::= { hwIpDslamSecurityConflictLogEntry 6 }
hwIpDslamSecurityConflictLogClear OBJECT-TYPE
SYNTAX INTEGER
{
invalid(1),
clearLog(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Clear the conflict log.
Options:
1. invalid(1) -indicates query operation
2. clearLog(2) -clear the conflict log
"
::= { hwIpDslamSecurityConflictLogEntry 7 }
hwIpDslamSecurityIPv6ConflictLogIpv6Prefix OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates IPv6 prefix in the log. It is recorded when IPv6 conflict occurred.
For example, 1111:1111::2232/128.
It is a null string when IPv4 conflict occurred.
"
::= { hwIpDslamSecurityConflictLogEntry 8 }
hwIpDslamSecurityConflictLogType OBJECT-TYPE
SYNTAX INTEGER
{
macconflict(1),
ipconflict(2),
ipv6conflict(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"the type of conflict log.
Options:
1. macconflict(1) -indicates the Mac conflict log
2. ipconflict(2) -indicates the IPv4 conflict log
3. ipv6conflict(3) -indicates the IPv6 conflict log
"
::= { hwIpDslamSecurityConflictLogEntry 9 }
hwIpDslamSecurityConflictLogCmIndex OBJECT-TYPE
SYNTAX Unsigned32(1..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"CM index of the log, which is recorded when IP/MAC conflict occurrs.
When the conflict user does not belong to any CM, the value of hwIpDslamSecurityConflictLogCmIndex is 0xFFFFFFFF(an invalid value).
"
::= { hwIpDslamSecurityConflictLogEntry 10 }
-- display IP/MAC conflict statistics table
hwIpDslamSecurityConflictStatisticTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamSecurityConflictStatisticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying the statistics of the packets with IP/MAC conflict and illegal arp packets.
The index of this table is hwIpDslamSecurityConflictStatIfindex, which is the
index of the port. The meaning of hwIpDslamSecurityConflictStatIfindex is the
same as that of ifIndex in ifTable of rfc1213 IF_MIB.
"
::= { hwIpDslamSecurity 29 }
hwIpDslamSecurityConflictStatisticEntry OBJECT-TYPE
SYNTAX HwIpDslamSecurityConflictStatisticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying the statistics of the packets with IP/MAC conflict and illegal arp packets.
The index of this entry is hwIpDslamSecurityConflictStatIfindex, which is the
index of the port. The meaning of hwIpDslamSecurityConflictStatIfindex is the
same as that of ifIndex in ifTable of rfc1213 IF_MIB.
"
INDEX { hwIpDslamSecurityConflictStatIfindex }
::= { hwIpDslamSecurityConflictStatisticTable 1 }
HwIpDslamSecurityConflictStatisticEntry ::=
SEQUENCE {
hwIpDslamSecurityConflictStatIfindex
Integer32,
hwIpDslamSecurityConflictStatCount
Counter32,
hwIpDslamSecurityConflictStatClear
INTEGER,
hwIpDslamSecurityIllegalARPCount
Counter32
}
hwIpDslamSecurityConflictStatIfindex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The meaning of hwIpDslamSecurityConflictStatIfindex is the same as that of ifindex in standard IF MIB,
which contains frame ID,slot ID and port ID.
"
::= { hwIpDslamSecurityConflictStatisticEntry 1 }
hwIpDslamSecurityConflictStatCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets which IP or MAC conflicted,
this number is less than 65535.
When the number is 0xffffffff(4294967295),
it means the board is not supported.
"
::= { hwIpDslamSecurityConflictStatisticEntry 2 }
hwIpDslamSecurityConflictStatClear OBJECT-TYPE
SYNTAX INTEGER
{
invalid(1),
clearStatistic(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Clear the conflict statistic.
If the value of hwIpDslamSecurityConflictStatIfindex is 4294967295, it means clearing all conflict statistics.
Options:
1. invalid(1) -indicates query operation
2. clearStatistic(2) -clear the conflict statistic
"
::= { hwIpDslamSecurityConflictStatisticEntry 3 }
hwIpDslamSecurityIllegalARPCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of illegal arp packet.
When the number is 0xffffffff(4294967295),
it means the board is not supported.
"
::= { hwIpDslamSecurityConflictStatisticEntry 4 }
hwIpDslamAntiMacDuplicateStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-MAC-duplicate status.
Options:
1. enabled(1) -indicates the anti-MAC-duplicate status is enabled
2. disabled(2) -indicates the anti-MAC-duplicate status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 30 }
hwIpDslamIpv6NsReplySwitch OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The switch of the Ns-Reply function.
Options:
1. enabled(1) -indicates the Ns-Reply function is enabled
2. disabled(2) -indicates the Ns-Reply function is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 31 }
hwIpDslamIpv6NsReplyUnknownPolicy OBJECT-TYPE
SYNTAX INTEGER {forward(1),discard(2)}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting how to transmit the NS packets received from the network side.
It takes effect only when the Ns-Reply function is enabled.
It indicates whether the packet forwarded to users or not when the user is not on-line.
If the Ns-Reply function is disabled, the node's setting is invalid.
Options:
1. forward(1) -indicates the packet is forward.
2. discard(2) -indicates the packet is discarded.
Default: forward(1)
"
::= { hwIpDslamSecurity 32 }
hwIpDslamAntiIpv6SpoofingStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-IPv6-spoofing status.
Options:
1. enabled(1) -indicates the anti-IPv6-spoofing status is enabled
2. disabled(2) -indicates the anti-IPv6-spoofing status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 33 }
hwIpv6NdDetectMode OBJECT-TYPE
SYNTAX INTEGER{
gateway(1),
dummy(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the ND detection mode. It takes effect to detect the user on-line or not.
If using the dummy mode, the source IP/MAC in the ND detecting packet is the IP/MAC of the gateway.
Otherwise, the source MAC is the MAC of the bridge and the source IP is the unspecified address.
Options:
1. gateway(1) -the source MAC will be the gateway MAC
2. dummy(2) -the source MAC will be the bridge MAC
Default: gateway(1)
"
::= { hwIpDslamSecurity 34 }
hwIpDslamIpv6DynamicBindingTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamIpv6DynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is the table for querying the dynamic binding item between the IPv6 address and the service port.
If anti-IPv6-spoofing is enabled, the IPv6 address obtained by the user is bound to the corresponding
service port when a user goes online.
The packet can be transmitted upstream through the device only when the source IPv6 address of the
packet is the same as the bound IPv6 address. Otherwise, the packet is discarded.
At most two IPv6 addresses are supported for one user. If only one IPv6 address is allocated, the results
of nodes hwIpDslamIpv6DynamicBindingIpv6Address2, hwIpDslamIpv6DynamicBindingPrefixLength2 and
hwIpDslamIpv6DynamicBindingLeaseTime2 are invalid.
The indexes of this table are hwIpDslamIpAddrDynamicBindingFlowId and hwIpDslamIpv6DynamicBindingItemIndex.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
The node hwIpDslamIpv6DynamicBindingItemIndex is the index of the IPv6 address bound to the service port.
"
::= { hwIpDslamSecurity 35 }
hwIpDslamIpv6DynamicBindingEntry OBJECT-TYPE
SYNTAX HwIpDslamIpv6DynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is the table for querying the dynamic binding item between the IPv6 address and the service port.
If anti-IPv6-spoofing is enabled, the IPv6 address obtained by the user is bound to the corresponding
service port when a user goes online.
The packet can be transmitted upstream through the device only when the source IPv6 address of the
packet is the same as the bound IPv6 address. Otherwise, the packet is discarded.
At most two IPv6 addresses are supported for one user. If only one IPv6 address is allocated, the results
of nodes hwIpDslamIpv6DynamicBindingIpv6Address2, hwIpDslamIpv6DynamicBindingPrefixLength2 and
hwIpDslamIpv6DynamicBindingLeaseTime2 are invalid.
The indexes of this entry are hwIpDslamIpAddrDynamicBindingFlowId and hwIpDslamIpv6DynamicBindingItemIndex.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
The node hwIpDslamIpv6DynamicBindingItemIndex is the index of the IPv6 address bound to the service port.
"
INDEX { hwIpDslamIpv6AddrDynamicBindingFlowId, hwIpDslamIpv6DynamicBindingItemIndex }
::= { hwIpDslamIpv6DynamicBindingTable 1 }
HwIpDslamIpv6DynamicBindingEntry ::=
SEQUENCE {
hwIpDslamIpv6AddrDynamicBindingFlowId
Integer32,
hwIpDslamIpv6DynamicBindingItemIndex
Integer32,
hwIpDslamIpv6DynamicBindingIpv6Address
InetAddress,
hwIpDslamIpv6DynamicBindingPrefixLength
Integer32,
hwIpDslamIpv6DynamicBindingLeaseTime
Integer32,
hwIpDslamIpv6DynamicBindingIpv6Address2
InetAddress,
hwIpDslamIpv6DynamicBindingPrefixLength2
Integer32,
hwIpDslamIpv6DynamicBindingLeaseTime2
Integer32
}
hwIpDslamIpv6AddrDynamicBindingFlowId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the service port which a specified IPv6 address bound to.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
Range: Begin with 1
"
::= { hwIpDslamIpv6DynamicBindingEntry 1 }
hwIpDslamIpv6DynamicBindingItemIndex OBJECT-TYPE
SYNTAX Integer32(0..2047)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the IPv6 address bound to the service port.
Range: 0-2047
"
::= { hwIpDslamIpv6DynamicBindingEntry 2 }
hwIpDslamIpv6DynamicBindingIpv6Address OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the IPv6 address or prefix bound to a specified service port.
The returned value :: indicates an invalid value.
"
::= { hwIpDslamIpv6DynamicBindingEntry 3 }
hwIpDslamIpv6DynamicBindingPrefixLength OBJECT-TYPE
SYNTAX Integer32(0..128)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the IPv6 prefix length bound to a specified service port.
Range: 0-128
The returned value 0 indicates an invalid value.
"
::= { hwIpDslamIpv6DynamicBindingEntry 4 }
hwIpDslamIpv6DynamicBindingLeaseTime OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the remaining lease time of the IPv6 address bound to a specified service port.
Unit: second
The returned value 0 indicates an invalid value.
"
::= { hwIpDslamIpv6DynamicBindingEntry 5 }
hwIpDslamIpv6DynamicBindingIpv6Address2 OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the IPv6 address or prefix bound to a specified service port.
The returned value :: indicates an invalid value.
"
::= { hwIpDslamIpv6DynamicBindingEntry 6 }
hwIpDslamIpv6DynamicBindingPrefixLength2 OBJECT-TYPE
SYNTAX Integer32(0..128)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the IPv6 prefix length bound to a specified service port.
Range: 0-128
The returned value 0 indicates an invalid value.
"
::= { hwIpDslamIpv6DynamicBindingEntry 7 }
hwIpDslamIpv6DynamicBindingLeaseTime2 OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the remaining lease time of the IPv6 address bound to a specified service port.
Unit: second
The returned value 0 indicates an invalid value.
"
::= { hwIpDslamIpv6DynamicBindingEntry 8 }
hwIpDslamIpv4ArpReplySwitch OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The switch of the Arp-Reply function.
Options:
1. enable(1) -indicates that the arp reply function is enabled
2. disable(2) -indicates that the arp reply function is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 36 }
hwIpDslamIpv4ArpReplyUnknownPolicy OBJECT-TYPE
SYNTAX INTEGER
{
forward(1),
discard(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting how to transmit the ARP packets received from the network side.
It takes effect only when the Arp-Reply function is enabled.
It indicates whether the packet forwarded to users or not when the user is not on-line.
If the Arp-Reply function is disabled, the node's setting is invalid.
Options:
1. forward(1) -indicates the packet is forward.
2. discard(2) -indicates the packet is discarded.
Default: forward(1)
"
::= { hwIpDslamSecurity 37 }
hwIpDslamIpv6BindRouteAndNdSwitch OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The status of the Bind-Route-ND function.
Options:
1. enabled(1) -indicates the Bind-Route-ND function is enabled
2. disabled(2) -indicates the Bind-Route-ND function is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 38 }
hwIpDslamIpv6DadProxySwitch OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The status of the DAD Proxy.
Options:
1. enabled(1) -indicates the Dad Proxy function is enabled
2. disabled(2) -indicates the Dad Proxy function is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 39 }
hwIpDslamAntiIpExcludeSwitch OBJECT-TYPE
SYNTAX BITS
{ igmp(0),
dhcp(1)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used to specify the type of the packet that is not affected by anti-IP-spoofing.
Options:
1. igmp(0) -indicates that anti-IP-spoofing is invalid for IGMP packets
2. dhcp(1) -indicates that anti-IP-spoofing is invalid for DHCP packets
Default: 0x00
"
::= { hwIpDslamSecurity 40 }
hwIpDslamAntiMacExcludeSwitch OBJECT-TYPE
SYNTAX BITS
{ igmp(0),
mld(1)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used to specify the type of the packet that is not affected by anti-MAC-spoofing.
Options:
1. igmp(0) -indicates that anti-MAC-spoofing is invalid for IGMP packets
2. mld(1) -indicates that anti-MAC-spoofing is invalid for MLD packets
Default: 0x80
"
::= { hwIpDslamSecurity 41 }
--Dynamic Binding Table
hwIpDslamDynamicBindingTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamDynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is the table for deleting the dynamic binding table.
If anti-IP-spoofing function is enabled, the dynamic binding table can be deleted by the service port
and IP address. If anti-IPv6-spoofing function is enabled, the dynamic binding table can be deleted by
the service port and IPv6 address. If anti-MAC-spoofing function is enabled, the dynamic binding table
can be deleted by the service port and MAC address.
The index of this table is hwIpDslamDynamicBindingFlowId.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
"
::= { hwIpDslamSecurity 42 }
hwIpDslamDynamicBindingEntry OBJECT-TYPE
SYNTAX HwIpDslamDynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is the table for deleting the dynamic binding table.
If anti-IP-spoofing function is enabled, the dynamic binding table can be deleted by the service port
and IP address. If anti-IPv6-spoofing function is enabled, the dynamic binding table can be deleted by
the service port and IPv6 address. If anti-MAC-spoofing function is enabled, the dynamic binding table
can be deleted by the service port and MAC address.
The index of this entry is hwIpDslamDynamicBindingFlowId.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
"
INDEX { hwIpDslamDynamicBindingFlowId }
::= { hwIpDslamDynamicBindingTable 1 }
HwIpDslamDynamicBindingEntry ::=
SEQUENCE {
hwIpDslamDynamicBindingFlowId
Integer32,
hwIpDslamDynamicBindingAddrType
InetAddressType,
hwIpDslamDynamicBindingAddr
InetAddress,
hwIpDslamDynamicBindingMacAddr
MacAddress,
hwIpDslamDynamicBindingRowStatus
RowStatus
}
hwIpDslamDynamicBindingFlowId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the service port which a specified dynamic binding table is bound to.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
Range: Begin with 1
"
::= { hwIpDslamDynamicBindingEntry 1 }
hwIpDslamDynamicBindingAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the type of the IP address bound to a specified service port.
Options:
1. ipv4(1) -indicates that the IP address type is ipv4
2. ipv6(2) -indicates that the IP address type is ipv6
"
::= { hwIpDslamDynamicBindingEntry 2 }
hwIpDslamDynamicBindingAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the IP address bound to a specified service port.
"
::= { hwIpDslamDynamicBindingEntry 3 }
hwIpDslamDynamicBindingMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the MAC address bound to a specified service port.
"
::= { hwIpDslamDynamicBindingEntry 4 }
hwIpDslamDynamicBindingRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status and is used for unbinding the specified dynamic
binding table. The option destroy(6) is only supported.
"
::= { hwIpDslamDynamicBindingEntry 5 }
hwIpDslamSecurityDhcpClientIdentifier OBJECT-TYPE
SYNTAX INTEGER
{
chaddr(1),
option61(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used to specify the dhcp client identifier.
Options:
1. chaddr(1) -indicates that DHCP user is always identified based on chaddr in the packet.
2. option61(2) -indicates that if the packet sent by the DHCP user carries option 61,
and option 61 contains the user MAC address,
this user is identified based on option 61 in the packet.
Otherwise, this user is still identified based on chaddr in the packet.
Default: chaddr(1)
"
::= { hwIpDslamSecurity 43 }
hwIpDslamAntiMacSpoofingControlprotocolIpv6oeStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-MAC-spoofing control protocol IPv6oE status.
Options:
1. enabled(1) -indicates the anti-MAC-spoofing control protocol IPv6oE status is enabled
2. disabled(2) -indicates the anti-MAC-spoofing control protocol IPv6oE status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 44 }
-- display IP/IPv6/MAC conflict statistics and illegal arp table
hwIpDslamSecurityExConflictStatisticTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamSecurityExConflictStatisticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying the statistics of the packets with IP,IPv6,MAC conflict and illegal arp packets.
The indexes of this table are hwIpDslamSecurityExConflictStatIfindex, hwIpDslamSecurityExConflictStatSecondIndex
and hwIpDslamSecurityExConflictStatThirdIndex. hwIpDslamSecurityExConflictStatIfindex is the
index of the port and its meaning is the same as that of ifIndex in ifTable of rfc1213 IF_MIB.
hwIpDslamSecurityExConflictStatSecondIndex is the second index of the table, the meaning varies with the port type.
It must be 0x7FFFFFFF for the DSL or P2P port and the value is ONT ID for the GPON port.
hwIpDslamAntiDosPacketLimitThirdIndex is the third index of the table, the meaning varies with
the port type. It must be 0x7FFFFFFF for the DSL or P2P port, its value is gemindex for
the GPON port.
"
::= { hwIpDslamSecurity 45 }
hwIpDslamSecurityExConflictStatisticEntry OBJECT-TYPE
SYNTAX HwIpDslamSecurityExConflictStatisticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for querying the statistics of the packets with IP,IPv6,MAC conflict and illegal arp packets.
The indexes of this entry are hwIpDslamSecurityExConflictStatIfindex, hwIpDslamSecurityExConflictStatSecondIndex
and hwIpDslamSecurityExConflictStatThirdIndex. hwIpDslamSecurityExConflictStatIfindex is the
index of the port and its meaning is the same as that of ifIndex in ifTable of rfc1213 IF_MIB.
hwIpDslamSecurityExConflictStatSecondIndex is the second index of the table, the meaning varies with the port type.
It must be 0x7FFFFFFF for the DSL or P2P port and the value is ONT ID for the GPON port.
hwIpDslamAntiDosPacketLimitThirdIndex is the third index of the table, the meaning varies with
the port type. It must be 0x7FFFFFFF for the DSL or P2P port, its value is gemindex for
the GPON port .
"
INDEX { hwIpDslamSecurityExConflictStatIfindex,
hwIpDslamSecurityExConflictStatSecondIndex,
hwIpDslamSecurityExConflictStatThirdIndex
}
::= { hwIpDslamSecurityExConflictStatisticTable 1 }
HwIpDslamSecurityExConflictStatisticEntry ::=
SEQUENCE {
hwIpDslamSecurityExConflictStatIfindex
Integer32,
hwIpDslamSecurityExConflictStatSecondIndex
Integer32,
hwIpDslamSecurityExConflictStatThirdIndex
Integer32,
hwIpDslamSecurityExIpConflictCount
Counter32,
hwIpDslamSecurityExIpv6ConflictCount
Counter32,
hwIpDslamSecurityExMacConflictCount
Counter32,
hwIpDslamSecurityExIllegalARPCount
Counter32,
hwIpDslamSecurityExConflictStatClear
INTEGER
}
hwIpDslamSecurityExConflictStatIfindex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"statistic index same as ifindex in standard IF MIB,
which contains frame ID,slot ID and port ID.
"
::= { hwIpDslamSecurityExConflictStatisticEntry 1 }
hwIpDslamSecurityExConflictStatSecondIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the second index. The meaning varies with the port type.
It must be 0x7FFFFFFF for the DSL or ETH port and is the ONT ID for the xPON port.
"
::= { hwIpDslamSecurityExConflictStatisticEntry 2 }
hwIpDslamSecurityExConflictStatThirdIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the third index. The meaning varies with the port type.
It must be 0x7FFFFFFF for the DSL, ETH, or EPON port and its value is gemindex for the GPON port.
"
::= { hwIpDslamSecurityExConflictStatisticEntry 3 }
hwIpDslamSecurityExIpConflictCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets which IP conflicted,
this number is less than 65535.
When the number is 0xffffffff(4294967295),
it means the board is not supported.
"
::= { hwIpDslamSecurityExConflictStatisticEntry 4 }
hwIpDslamSecurityExIpv6ConflictCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets which IPv6 conflicted,
this number is less than 65535.
When the number is 0xffffffff(4294967295),
it means the board is not supported.
"
::= { hwIpDslamSecurityExConflictStatisticEntry 5 }
hwIpDslamSecurityExMacConflictCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets which MAC conflicted,
this number is less than 65535.
When the number is 0xffffffff(4294967295),
it means the board is not supported.
"
::= { hwIpDslamSecurityExConflictStatisticEntry 6 }
hwIpDslamSecurityExIllegalARPCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of illegal arp packets, this number is
less than 65535.
When the number is 0xffffffff(4294967295),
it means the board is not supported.
"
::= { hwIpDslamSecurityExConflictStatisticEntry 7 }
hwIpDslamSecurityExConflictStatClear OBJECT-TYPE
SYNTAX INTEGER
{
invalid(1),
clearStatistic(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Clear the conflict Statistic.
Options:
1. invalid(1) -indicates query operation
2. clearStatistic(2) -clear the conflict Statistic
"
::= { hwIpDslamSecurityExConflictStatisticEntry 8 }
hwFirewallStatus OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"indicate the firewall switch status.
Options:
1. enable(1) -indicates the firewall status is enable.
2. disable(2) -indicates the firewall status is disable.
default:disable(2)
"
::= { hwIpDslamSecurity 46 }
hwFirewallDefault OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"indicate the firewall default operation to the packet which does not match the acl rules existed in the interface.
Options:
1. permit(1) -indicates the firewall permit the packet defaultly.
2. deny(2) -indicates the firewall deny the packet defaultly.
default:permit(1)
"
::= { hwIpDslamSecurity 47 }
hwFirewallPacketFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwFirewallPacketFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is used to config the ACL rules of appointed interface. The number of ACL rule added or deleted is hwFirewallPacketFilterAclNumber.
There are two directions in one interface, and at most eight ACL rules in every direction. The number of a ACL rule must be different from the others.
The indexes of this table are hwFirewallPacketFilterIfIndex,hwFirewallPacketFilterDirection,hwFirewallPacketFilterAclNumber.
"
::= { hwIpDslamSecurity 48 }
hwFirewallPacketFilterEntry OBJECT-TYPE
SYNTAX HwFirewallPacketFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is used to config the ACL rules of appointed interface. The number of ACL rule added or deleted is hwFirewallPacketFilterAclNumber.
There are two directions in one interface, and at most eight ACL rules in every direction. The number of a ACL rule must be different from the others.
The indexes of this entry are hwFirewallPacketFilterIfIndex,hwFirewallPacketFilterDirection,hwFirewallPacketFilterAclNumber.
"
INDEX { hwFirewallPacketFilterIfIndex,hwFirewallPacketFilterDirection,hwFirewallPacketFilterAclNumber }
::= { hwFirewallPacketFilterTable 1 }
HwFirewallPacketFilterEntry ::=
SEQUENCE {
hwFirewallPacketFilterIfIndex Unsigned32,
hwFirewallPacketFilterDirection INTEGER,
hwFirewallPacketFilterAclNumber Integer32,
hwFirewallPacketFilterAclSequenceID Unsigned32,
hwFirewallPacketFilterRowStatus RowStatus
}
hwFirewallPacketFilterIfIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"indicates the index of interface,
the type of the interface must be vlanif or meth.
"
::= { hwFirewallPacketFilterEntry 1 }
hwFirewallPacketFilterDirection OBJECT-TYPE
SYNTAX INTEGER
{
inbound(1),
outbound(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"indicates the direction ,it must be inbound or outbound.
Options:
1. inbound(1) -indicates that the packet is entering the firewall.
2. outbound(2) -indicates that the packet is leaving the firewall.
"
::= { hwFirewallPacketFilterEntry 2 }
hwFirewallPacketFilterAclNumber OBJECT-TYPE
SYNTAX Integer32(2000..3999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"the number of ACL,the range is 2000-3999,there are two types of the ACL can be used:
basic ACL:the number range is 2000-2999,
advance ACL:the number range is 3000-3999.
"
::= { hwFirewallPacketFilterEntry 3 }
hwFirewallPacketFilterAclSequenceID OBJECT-TYPE
SYNTAX Unsigned32(0..7)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"indicates the priority of the ACL rules,
this value is smaller,the priority is higher.
"
::= { hwFirewallPacketFilterEntry 4 }
hwFirewallPacketFilterRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status. Creating, deleting, and querying ACL number are supported.
Options:
1. active(1) -indicates query operation
2. createAndGo(4) -add ACL number to interface
3. destroy(6) -delete ACL number from interface
"
::= { hwFirewallPacketFilterEntry 5 }
hwFirewallPacketFilterStatisticsTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwFirewallPacketFilterStatisticsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is used to count the number of the packet which is permitted or denied by the ACL rules,
if there are not ACL rules in the interface,it will not be counted and displayed.
The indexes of this table are hwFirewallPacketFilterStatisticsIfIndex,hwFirewallPacketFilterStatisticsDirection,hwFirewallPacketFilterStatisticsAclIndex.
"
::= { hwIpDslamSecurity 49 }
hwFirewallPacketFilterStatisticsEntry OBJECT-TYPE
SYNTAX HwFirewallPacketFilterStatisticsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is used to count the number of the packet which is permitted or denied by the ACL rules,
if there are not ACL rules in the interface,it will not be counted and displayed.
The indexes of this entry are hwFirewallPacketFilterStatisticsIfIndex,hwFirewallPacketFilterStatisticsDirection,hwFirewallPacketFilterStatisticsAclIndex.
"
INDEX { hwFirewallPacketFilterStatisticsIfIndex,hwFirewallPacketFilterStatisticsDirection,hwFirewallPacketFilterStatisticsAclIndex }
::= { hwFirewallPacketFilterStatisticsTable 1 }
HwFirewallPacketFilterStatisticsEntry ::=
SEQUENCE {
hwFirewallPacketFilterStatisticsIfIndex Unsigned32,
hwFirewallPacketFilterStatisticsDirection INTEGER,
hwFirewallPacketFilterStatisticsAclIndex Integer32,
hwFirewallPacketFilterPermitted Counter64,
hwFirewallPacketFilterDenied Counter64,
hwFirewallPacketFilterStatisticsClear INTEGER
}
hwFirewallPacketFilterStatisticsIfIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"indicates the index of interface,
the type of the interface must be vlanif or meth.
"
::= { hwFirewallPacketFilterStatisticsEntry 1 }
hwFirewallPacketFilterStatisticsDirection OBJECT-TYPE
SYNTAX INTEGER
{
inbound(1),
outbound(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"indicates the direction ,it must be inbound or outbound
Options:
1. inbound(1) -indicates that the packet is entering the firewall.
2. outbound(2) -indicates that the packet is leaving the firewall.
"
::= { hwFirewallPacketFilterStatisticsEntry 2 }
hwFirewallPacketFilterStatisticsAclIndex OBJECT-TYPE
SYNTAX Integer32(2000..3999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"the number of ACL,the range is 2000-3999,there are two types of the ACL can be used:
basic ACL:the number range is 2000-2999,
advance ACL:the number range is 3000-3999.
"
::= { hwFirewallPacketFilterStatisticsEntry 3 }
hwFirewallPacketFilterPermitted OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"indicates the statistics of packet which is permitted by
one ACL rule.
"
::= { hwFirewallPacketFilterStatisticsEntry 4 }
hwFirewallPacketFilterDenied OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"indicates the statistics of packet which is denied by
one ACL rule.
"
::= { hwFirewallPacketFilterStatisticsEntry 5 }
hwFirewallPacketFilterStatisticsClear OBJECT-TYPE
SYNTAX INTEGER
{
clear(1)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"it is used to reset the statistics of the packet that is permitted and denied by ACL rule.
Options:
1. clear(1) -reset the statistics of the packet that is permitted and denied by ACL rule.
"
::= { hwFirewallPacketFilterStatisticsEntry 6 }
hwFirewallPacketFilterDefaultStatisticsTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwFirewallPacketFilterDefaultStatisticsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is used to count the number of the packet which is permitted or denied by default operation,
if there are not ACL rules in the interface,it will not be counted and displayed.
The indexes of this table are hwFirewallPacketFilterDefaultStatisticsIfIndex,hwFirewallPacketFilterDefaultStatisticsDirection.
"
::= { hwIpDslamSecurity 50 }
hwFirewallPacketFilterDefaultStatisticsEntry OBJECT-TYPE
SYNTAX HwFirewallPacketFilterDefaultStatisticsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is used to count the number of the packet which is permitted or denied by default operation,
if there are not ACL rules in the interface,it will not be counted and displayed.
The indexes of this entry are hwFirewallPacketFilterDefaultStatisticsIfIndex,hwFirewallPacketFilterDefaultStatisticsDirection.
"
INDEX { hwFirewallPacketFilterDefaultStatisticsIfIndex,hwFirewallPacketFilterDefaultStatisticsDirection }
::= { hwFirewallPacketFilterDefaultStatisticsTable 1 }
HwFirewallPacketFilterDefaultStatisticsEntry ::=
SEQUENCE {
hwFirewallPacketFilterDefaultStatisticsIfIndex Unsigned32,
hwFirewallPacketFilterDefaultStatisticsDirection INTEGER,
hwFirewallPacketFilterPermittedDefault Counter64,
hwFirewallPacketFilterDeniedDefault Counter64,
hwFirewallPacketFilterDefaultStatisticsClear INTEGER
}
hwFirewallPacketFilterDefaultStatisticsIfIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"indicates the index of interface,
the type of the interface must be vlanif or meth.
"
::= { hwFirewallPacketFilterDefaultStatisticsEntry 1 }
hwFirewallPacketFilterDefaultStatisticsDirection OBJECT-TYPE
SYNTAX INTEGER
{
inbound(1),
outbound(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"indicates the direction ,it must be inbound or outbound.
Options:
1. inbound(1) -indicates that the packet is entering the firewall.
2. outbound(2) -indicates that the packet is leaving the firewall.
"
::= { hwFirewallPacketFilterDefaultStatisticsEntry 2 }
hwFirewallPacketFilterPermittedDefault OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"indicates the statistics of packet which is permitted by
default operation of the firewall.
"
::= { hwFirewallPacketFilterDefaultStatisticsEntry 3 }
hwFirewallPacketFilterDeniedDefault OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"indicates the statistics of packet which is permitted by
default operation of the firewall.
"
::= { hwFirewallPacketFilterDefaultStatisticsEntry 4 }
hwFirewallPacketFilterDefaultStatisticsClear OBJECT-TYPE
SYNTAX INTEGER
{
clear(1)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"it is used to reset the statistics of the packet that is
permitted and denied by default operation of the firewall in appointed interface.
Options:
1. clear(1) -reset the statistics of the packet that is permitted and denied by default operation of the firewall in appointed interface.
"
::= { hwFirewallPacketFilterDefaultStatisticsEntry 5 }
hwFirewallDefendTracert OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"indicate the firewall tracert defense status.
Options:
1. enable(1) -indicates the firewall tracert defense is enable.
2. disable(2) -indicates the firewall tracert defense is disable.
default:disable(2)
"
::= { hwIpDslamSecurity 51 }
--IPV6 IFACCESS Table
hwIpv6IfAccessTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpv6IfAccessEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is used to set two access features about Ipv6 on vlanif interface.
The features are denying the packet which target ip is link local address
and limiting the nerghbor entry number that our equipment can learn.
The index of this table is hwIpv6IfAccessIfIndex.
"
::= { hwIpDslamSecurity 52 }
hwIpv6IfAccessEntry OBJECT-TYPE
SYNTAX HwIpv6IfAccessEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"It is used to set two access features about Ipv6 on vlanif interface.
The features are denying the packet which target ip is link local address
and limiting the nerghbor entry number that our equipment can learn.
The index of this entry is hwIpv6IfAccessIfIndex.
"
INDEX { hwIpv6IfAccessIfIndex }
::= { hwIpv6IfAccessTable 1 }
HwIpv6IfAccessEntry ::=
SEQUENCE {
hwIpv6IfAccessIfIndex Unsigned32,
hwIpv6LlaDeny INTEGER,
hwIPv6NeighborNumber Integer32
}
hwIpv6IfAccessIfIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"indicates the index of interface,
the type of the interface must be vlanif,otherwise you can't set the instance of the index.
"
::= { hwIpv6IfAccessEntry 1 }
hwIpv6LlaDeny OBJECT-TYPE
SYNTAX INTEGER
{
deny(1),
permit(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The object is used to set the feature that deny the packet which target ip
is link local address of equipment's interface.
Options:
1.deny(1) -deny the packet which target ip is link local address.
2.permit(2) -permit the packet which target ip is link local address.
"
::= { hwIpv6IfAccessEntry 2 }
hwIPv6NeighborNumber OBJECT-TYPE
SYNTAX Integer32 (-1|1..4)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The object is used to set the max neighbor entry number that our equipment can learn per MAC.
If we want to enable the feature,we can set the value as 1 to 4,otherwise it is set as
the default value -1.
"
::= { hwIpv6IfAccessEntry 3 }
hwIpDslamSourceRouteStatus OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the source route filtering status.
Options:
1. enable(1) -indicates the source route filtering status is enable.
2. disable(2) -indicates the source route filtering status is disable.
default:disable(2)
"
::= { hwIpDslamSecurity 53 }
hwIpDslamAntiMacIgnoreSwitch OBJECT-TYPE
SYNTAX BITS
{downstramPadt(0)}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used to specify the type of the packet that is ignored by anti-MAC-spoofing.
Options:
1. downstramPadt(0) -indicates that anti-MAC-spoofing is invalid for downstream PADT packets
Default: 0x00
"
::= { hwIpDslamSecurity 54 }
hwIpDslamAntiBcAttackXponPortDefaultRate OBJECT-TYPE
SYNTAX Integer32 (0 | 2..25000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the default threshold of the xPon port anti-broadcast-attack rate.
0: The broadcast packet rate is not limited.
Range: 0, 2-25000
Default: 0
Unit: pps
"
::= { hwIpDslamSecurity 55 }
hwIpDslamAntiBcAttackXponOntDefaultRate OBJECT-TYPE
SYNTAX Integer32 (0 | 2..25000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the default threshold of the ONT anti-broadcast-attack rate.
0: The broadcast packet rate is not limited.
Range: 0, 2-25000
Default: 0
Unit: pps
"
::= { hwIpDslamSecurity 56 }
hwIpDslamAntiBcAttackOntResumeInterval OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..1440)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the resume interval when the ONT was deactive because of anti-broadcast-attack.
In the set operation, if it is set to -1, it indicates an undo operation.
In the query operation, if it is not set, the value obtained is -1.
Range: -1, 0-1440
Default: -1
Unit: minute
"
::= { hwIpDslamSecurity 57 }
hwIpDslamAntiBcAttackOntQueryTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamAntiBcAttackOntQueryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the information of the ONT, which occurred the broadcast-attack.
The indexes of this table are hwIpDslamAntiBcAttackOntQueryIfIndex and hwIpDslamAntiBcAttackOntQueryOntId.
"
::= { hwIpDslamSecurity 58 }
hwIpDslamAntiBcAttackOntQueryEntry OBJECT-TYPE
SYNTAX HwIpDslamAntiBcAttackOntQueryEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the information of the ONT, which occurred the broadcast-attack.
The indexes of this entry are hwIpDslamAntiBcAttackOntQueryIfIndex and hwIpDslamAntiBcAttackOntQueryOntId.
"
INDEX { hwIpDslamAntiBcAttackOntQueryIfIndex, hwIpDslamAntiBcAttackOntQueryOntId }
::= { hwIpDslamAntiBcAttackOntQueryTable 1 }
HwIpDslamAntiBcAttackOntQueryEntry ::=
SEQUENCE {
hwIpDslamAntiBcAttackOntQueryIfIndex
Integer32,
hwIpDslamAntiBcAttackOntQueryOntId
Integer32,
hwIpDslamAntiBcAttackOntQueryRemainTime
Integer32
}
hwIpDslamAntiBcAttackOntQueryIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the port on which the anti-broadcast-attack is configured.
The value and algorithm are the same as those of ifIndex.
"
::= { hwIpDslamAntiBcAttackOntQueryEntry 1 }
hwIpDslamAntiBcAttackOntQueryOntId OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates the ID of the ONT on which the anti-broadcast-attack is configured.
Range: -1, 0-255
when the value is -1 indicates that the anti-broadcast-attack occurred on port.
"
::= { hwIpDslamAntiBcAttackOntQueryEntry 2 }
hwIpDslamAntiBcAttackOntQueryRemainTime OBJECT-TYPE
SYNTAX Integer32 (1..1440)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the resume interval when the ONT was deactive because of anti-broadcast-attack.
Range: 1-1440
Unit: minute
"
::= { hwIpDslamAntiBcAttackOntQueryEntry 3 }
-- Dynamic MAC Binding for CMTS(Cable Modem Termination System)
hwIpDslamCmtsMacAddrDynamicBindingTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamCmtsMacAddrDynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used for querying dynamic bound MAC address entries of all service ports on a CM.
After MAC anti-spoofing is enabled, the user's MAC address is bound to a corresponding
service port. Up to eight MAC addresses can be bound to a service port. The table lists all MAC address bound to all service ports
on a CM.
The indexes of this table are hwIpDslamCmtsMacAddrDynamicBindingCmIndex and hwIpDslamCmtsMacAddrDynamicBindingMacIndex.
hwIpDslamCmtsMacAddrDynamicBindingCmIndex is the index of the CM, defined in docsIf3CmtsCmRegStatusId.
hwIpDslamMacAddrDynamicBindingMacIndex is the index of the MAC address bound to all service ports on a CM.
"
::= { hwIpDslamSecurity 59 }
hwIpDslamCmtsMacAddrDynamicBindingEntry OBJECT-TYPE
SYNTAX HwIpDslamCmtsMacAddrDynamicBindingEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used for querying dynamic bound MAC address entries of all service ports on a CM.
After MAC anti-spoofing is enabled, the user's MAC address is bound to a corresponding
service port. Up to eight MAC addresses can be bound to a service port. The table lists all MAC address bound to all service ports
on a CM.
The indexes of this entry are hwIpDslamCmtsMacAddrDynamicBindingCmIndex and hwIpDslamCmtsMacAddrDynamicBindingMacIndex.
hwIpDslamCmtsMacAddrDynamicBindingCmIndex is the index of the CM, defined in docsIf3CmtsCmRegStatusId.
hwIpDslamMacAddrDynamicBindingMacIndex is the index of the MAC address bound to all service ports on a CM.
"
INDEX { hwIpDslamCmtsMacAddrDynamicBindingCmIndex, hwIpDslamCmtsMacAddrDynamicBindingMacIndex }
::= { hwIpDslamCmtsMacAddrDynamicBindingTable 1 }
HwIpDslamCmtsMacAddrDynamicBindingEntry ::=
SEQUENCE {
hwIpDslamCmtsMacAddrDynamicBindingCmIndex
Unsigned32,
hwIpDslamCmtsMacAddrDynamicBindingMacIndex
Integer32,
hwIpDslamCmtsMacAddrDynamicBindingVLAN
Unsigned32,
hwIpDslamCmtsMacAddrDynamicBindingMacAddr
MacAddress
}
hwIpDslamCmtsMacAddrDynamicBindingCmIndex OBJECT-TYPE
SYNTAX Unsigned32(1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the CM.
"
::= { hwIpDslamCmtsMacAddrDynamicBindingEntry 1 }
hwIpDslamCmtsMacAddrDynamicBindingMacIndex OBJECT-TYPE
SYNTAX Integer32(0..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the MAC address bound to all service ports on the CM.
"
::= { hwIpDslamCmtsMacAddrDynamicBindingEntry 2 }
hwIpDslamCmtsMacAddrDynamicBindingVLAN OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the VLAN ID of the MAC address bound to all service ports on the CM.
"
::= { hwIpDslamCmtsMacAddrDynamicBindingEntry 3 }
hwIpDslamCmtsMacAddrDynamicBindingMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the MAC address bound to a specified service port on the CM.
"
::= { hwIpDslamCmtsMacAddrDynamicBindingEntry 4 }
hwIpDslamAntiIllegalArpStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-illegal-arp status.
Options:
1. enabled(1) -indicates the anti-illegal-arp status is enabled
2. disabled(2) -indicates the anti-illegal-arp status is disabled
Default: enabled(1)
"
::= { hwIpDslamSecurity 60 }
hwIpDslamAntiIllegalNdStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-illegal-nd status.
Options:
1. enabled(1) -indicates the anti-illegal-nd status is enabled
2. disabled(2) -indicates the anti-illegal-nd status is disabled
Default: enabled(1)
"
::= { hwIpDslamSecurity 61 }
hwIpDslamAntiBcAttackTrafficLimitSwitch OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether the broadcast packet rate limitation function is enabled for the ONT.
Options:
1. enable(1) -indicates that the broadcast packet rate limitation function is enabled.
2. disable(2) -indicates that the broadcast packet rate limitation function is disabled.
Default: disable(2)
"
::= { hwIpDslamSecurity 62 }
hwIpDslamAntiBcAttackPortRateTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamAntiBcAttackPortRateEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the broadcast packet rate threshold of the port.
The index of this table is hwIpDslamAntiBcAttackPortRateIfIndex.
"
::= { hwIpDslamSecurity 63 }
hwIpDslamAntiBcAttackPortRateEntry OBJECT-TYPE
SYNTAX HwIpDslamAntiBcAttackPortRateEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the broadcast packet rate threshold of the port.
The index of this entry is hwIpDslamAntiBcAttackPortRateIfIndex.
"
INDEX { hwIpDslamAntiBcAttackPortRateIfIndex }
::= { hwIpDslamAntiBcAttackPortRateTable 1 }
HwIpDslamAntiBcAttackPortRateEntry ::=
SEQUENCE {
hwIpDslamAntiBcAttackPortRateIfIndex
Integer32,
hwIpDslamAntiBcAttackPortRate
Integer32
}
hwIpDslamAntiBcAttackPortRateIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the port.
The value and algorithm are the same as those of ifIndex.
"
::= { hwIpDslamAntiBcAttackPortRateEntry 1 }
hwIpDslamAntiBcAttackPortRate OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 2..25000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the broadcast packet rate threshold of the port.
0: The broadcast packet rate is not limited.
-1: The broadcast packet rate is not configured. The globally default rate threshold is used.
2..25000: Valid values of the rate threshold.
Range: -1, 0, 2-25000
Default: -1
Unit: pps
"
::= { hwIpDslamAntiBcAttackPortRateEntry 2 }
hwIpDslamAntiBcAttackOntRateTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamAntiBcAttackOntRateEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the broadcast packet rate threshold of the ONT.
The indexes of this table are hwIpDslamAntiBcAttackOntRateIfIndex and hwIpDslamAntiBcAttackOntRateOntId.
"
::= { hwIpDslamSecurity 64 }
hwIpDslamAntiBcAttackOntRateEntry OBJECT-TYPE
SYNTAX HwIpDslamAntiBcAttackOntRateEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the broadcast packet rate threshold of the ONT.
The indexes of this entry are hwIpDslamAntiBcAttackOntRateIfIndex and hwIpDslamAntiBcAttackOntRateOntId.
"
INDEX { hwIpDslamAntiBcAttackOntRateIfIndex, hwIpDslamAntiBcAttackOntRateOntId }
::= { hwIpDslamAntiBcAttackOntRateTable 1 }
HwIpDslamAntiBcAttackOntRateEntry ::=
SEQUENCE {
hwIpDslamAntiBcAttackOntRateIfIndex
Integer32,
hwIpDslamAntiBcAttackOntRateOntId
Integer32,
hwIpDslamAntiBcAttackOntRate
Integer32
}
hwIpDslamAntiBcAttackOntRateIfIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the port.
The value and algorithm are the same as those of ifIndex.
"
::= { hwIpDslamAntiBcAttackOntRateEntry 1 }
hwIpDslamAntiBcAttackOntRateOntId OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the ID of the ONT.
Range: 0-255
"
::= { hwIpDslamAntiBcAttackOntRateEntry 2 }
hwIpDslamAntiBcAttackOntRate OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 | 2..25000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the broadcast packet rate threshold of the ONT.
0: The broadcast packet rate is not limited.
-1: The broadcast packet rate is not configured. The globally default rate threshold is used.
2..25000: Valid values of the rate threshold.
Range: -1, 0, 2-25000
Default: -1
Unit: pps
"
::= { hwIpDslamAntiBcAttackOntRateEntry 3 }
hwIpDslamSecurityUserAutoBackupSwitch OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether the security user auto-backup function is enabled.
Options:
1. enable(1) -indicates that the security user auto-backup function is enabled.
2. disable(2) -indicates that the security user auto-backup function is disabled.
Default: disable(2)
"
::= { hwIpDslamSecurity 65 }
hwIpDslamSecurityUserAutoBackupPeriod OBJECT-TYPE
SYNTAX Integer32 ( 5..60 )
UNITS "minute"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the security user auto-backup period.
Range: 5-60
Unit: minute
Default: 30
"
::= { hwIpDslamSecurity 66 }
hwIpDslamSecurityUserAutoLoadAttemptTimeout OBJECT-TYPE
SYNTAX Integer32 ( 1..60 )
UNITS "minute"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the security user auto-load attempt overall time.
Range: 1-60
Unit: minute
Default: 15
"
::= { hwIpDslamSecurity 67 }
hwIpDslamSecurityUserAutoLoadAttemptPeriod OBJECT-TYPE
SYNTAX Integer32 ( 1..30 )
UNITS "minute"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the security user auto-load attempt interval time.
Range: 1-30
Unit: minute
Default: 5
"
::= { hwIpDslamSecurity 68 }
hwIpDslamAntiMacServicePortTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamAntiMacServicePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for enabling or disabling anti-MAC-spoofing of the service port. Anti-MAC-spoofing
on a service port takes effect only when it is enabled globally and is enabled on the
VLAN corresponding to this service port and is enabled on this service port.
The index of this table is hwIpDslamAntiMacServicePortIndex, indicating the index of the
service port. The service port corresponding to this index must already be created in
hwExtSrvFlowEntry.
"
::= { hwIpDslamSecurity 69 }
hwIpDslamAntiMacServicePortEntry OBJECT-TYPE
SYNTAX HwIpDslamAntiMacServicePortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Used for enabling or disabling anti-MAC-spoofing of the service port. Anti-MAC-spoofing
on a service port takes effect only when it is enabled globally and is enabled on the
VLAN corresponding to this service port and is enabled on this service port.
The index of this entry is hwIpDslamAntiMacServicePortIndex, indicating the index of the
service port. The service port corresponding to this index must already be created in
hwExtSrvFlowEntry.
"
INDEX { hwIpDslamAntiMacServicePortIndex }
::= { hwIpDslamAntiMacServicePortTable 1 }
HwIpDslamAntiMacServicePortEntry ::=
SEQUENCE {
hwIpDslamAntiMacServicePortIndex
Integer32,
hwIpDslamAntiMacServicePortStatus
EnabledStatus
}
hwIpDslamAntiMacServicePortIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of the service port bound to a specified MAC address.
The service port corresponding to this index must already be created in hwExtSrvFlowEntry.
Range: Begin with 1
"
::= { hwIpDslamAntiMacServicePortEntry 1 }
hwIpDslamAntiMacServicePortStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the anti-MAC-spoofing status of the service port.
Options:
1. enabled(1) -indicates the anti-MAC-spoofing status is enabled
2. disabled(2) -indicates the anti-MAC-spoofing status is disabled
Default: enabled(1)
"
::= { hwIpDslamAntiMacServicePortEntry 2 }
hwCableSystemIPv6SourceVerify OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates IPv6 Source Address Verification (SAV) function for CM configured policies.
Options:
1. enable(1) -indicates that the IPv6 Source Address Verification for CM configured
policies are enabled.
2. disable(2) -indicates that the IPv6 Source Address Verification for CM configured
policies are disabled.
Default: disable(2)
"
::= { hwIpDslamSecurity 70 }
hwIpDslamUserDeleteDelay OBJECT-TYPE
SYNTAX Integer32 ( 0..120 )
UNITS "second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the security user delete delay time.
Range: 0-120
Unit: second
Default: 0
"
::= { hwIpDslamSecurity 71 }
hwIpDslamAntiMacDuplicateAlarmStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-MAC-duplicate alarm status.
Options:
1. enabled(1) -indicates the anti-MAC-duplicate alarm status is enabled
2. disabled(2) -indicates the anti-MAC-duplicate alarm status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 72 }
hwIpDslamAntiIpv6Status OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-IPv6-attack status.
Options:
1. enabled(1) -indicates the anti-IPv6-attack status is enabled
2. disabled(2) -indicates the anti-IPv6-attack status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 73 }
hwIpDslamAntiIcmpv6Status OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-ICMPv6-attack status.
Options:
1. enabled(1) -indicates the anti-ICMPv6-attack status is enabled
2. disabled(2) -indicates the anti-ICMPv6-attack status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 74 }
hwCableSystemIPv4SourceVerify OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates IPv4 Source Address Verification (SAV) function for CM configured policies.
Options:
1. enable(1) -indicates that the IPv4 Source Address Verification for CM configured
policies are enabled.
2. disable(2) -indicates that the IPv4 Source Address Verification for CM configured
policies are disabled.
Default: disable(2)
"
::= { hwIpDslamSecurity 75 }
hwIpDslamAntiIllegalHopLimitNDStatus OBJECT-TYPE
SYNTAX EnabledStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the anti-illegal-hoplimit-nd status.
Options:
1. enabled(1) -indicates the anti-illegal-hoplimit-nd status is enabled
2. disabled(2) -indicates the anti-illegal-hoplimit-nd status is disabled
Default: disabled(2)
"
::= { hwIpDslamSecurity 76 }
hwIpDslamArpUnicastTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwIpDslamArpUnicastEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to create static entries for network-side ARP broadcast-to-unicast conversion.
To transmit an ARP request packet with a specified target IP address received on the network side to the user on a specified service port, use this table.
With ARP broadcast-to-unicast conversion enabled on the network side, when static IP address binding entries are created successfully for ARP broadcast-to-unicast conversion,
the device transmits the ARP request packet with a specified target IP address received on the network side to the user on a specified service port.
The indexes of this table are hwIpDslamArpUnicastIndex and hwIpDslamArpUnicastSubIndex.
"
::= { hwIpDslamSecurity 77 }
hwIpDslamArpUnicastEntry OBJECT-TYPE
SYNTAX HwIpDslamArpUnicastEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is used to create static entries for network-side ARP broadcast-to-unicast conversion.
To transmit an ARP request packet with a specified target IP address received on the network side to the user on a specified service port, use this table.
With ARP broadcast-to-unicast conversion enabled on the network side, when static IP address binding entries are created successfully for ARP broadcast-to-unicast conversion,
the device transmits the ARP request packet with a specified target IP address received on the network side to the user on a specified service port.
The indexes of this entry are hwIpDslamArpUnicastIndex and hwIpDslamArpUnicastSubIndex.
"
INDEX { hwIpDslamArpUnicastIndex, hwIpDslamArpUnicastSubIndex }
::= { hwIpDslamArpUnicastTable 1 }
HwIpDslamArpUnicastEntry ::=
SEQUENCE {
hwIpDslamArpUnicastIndex
Integer32,
hwIpDslamArpUnicastSubIndex
Integer32,
hwIpDslamArpUnicastIpAddressType
InetAddressType,
hwIpDslamArpUnicastIpAddress
InetAddress,
hwIpDslamArpUnicastRowStatus
RowStatus
}
hwIpDslamArpUnicastIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the index of a static entry for network-side ARP broadcast-to-unicast conversion, that is, the service port ID corresponding to entries.
"
::= { hwIpDslamArpUnicastEntry 1 }
hwIpDslamArpUnicastSubIndex OBJECT-TYPE
SYNTAX Integer32(0..63)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the sub-index of a static entry for network-side ARP broadcast-to-unicast conversion, that is, the entry IDs corresponding to a service port.
"
::= { hwIpDslamArpUnicastEntry 2 }
hwIpDslamArpUnicastIpAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the user IP address type in a static entry for network-side ARP broadcast-to-unicast conversion.
"
::= { hwIpDslamArpUnicastEntry 3 }
hwIpDslamArpUnicastIpAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the user IP address in a static entry for network-side ARP broadcast-to-unicast conversion.
"
::= { hwIpDslamArpUnicastEntry 4 }
hwIpDslamArpUnicastRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status of a static entry for network-side ARP broadcast-to-unicast conversion.
Creating, deleting, and querying a static entry for network-side ARP broadcast-to-unicast conversion are supported.
Options:
1. active(1) -indicates query operation
2. createAndGo(4) -Creates a static entry for network-side ARP broadcast-to-unicast conversion
3. destroy(6) -Deletes a static entry for network-side ARP broadcast-to-unicast conversion
"
::= { hwIpDslamArpUnicastEntry 5 }
hwIpDslamIpOptionPacketPolicy OBJECT-TYPE
SYNTAX INTEGER
{
tocpu(1),
forward(2),
discard(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the ip option packet-policy.
Options:
1. tocpu(1) -indicates the ip option packet-policy is to cpu
2. forward(2) -indicates the ip option packet-policy is forward
3. discard(3) -indicates the ip option packet-policy is discard
Default: tocpu(1)
"
::= { hwIpDslamSecurity 78 }
hwIpDslamAntiDosTtlExceedPacketRate OBJECT-TYPE
SYNTAX Integer32 (-1|10..150)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the threshold for the rate of sending ttl-exceeded packets to the CPU.
The value -1 indicates that the threshold for the rate of sending ttl-exceeded packets to the CPU is default value, which depends on hardware specifications.
Range: -1, 10-150
Default: -1
Unit: pps
"
::= { hwIpDslamSecurity 79 }
hwIpDslamAntiDosOversizePacketRate OBJECT-TYPE
SYNTAX Integer32 (-1|10..150)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the threshold for the rate of sending oversize packets to the CPU.
The value -1 indicates that the threshold for the rate of sending oversize packets to the CPU is default value, which depends on hardware specifications.
Range: -1, 10-150
Default: -1
Unit: pps
"
::= { hwIpDslamSecurity 80 }
hwIpDslamAntiIpv6ExcludeSwitch OBJECT-TYPE
SYNTAX BITS
{ mld(0)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used to specify the type of the packet that is not affected by anti-IPv6-spoofing.
Options:
1. mld(0) -indicates that anti-IPv6-spoofing is invalid for MLD packets
Default: 0x00
"
::= { hwIpDslamSecurity 81 }
hwIpDslamSecurityUserAutoBackupFileName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Used for setting or querying the security user auto-backup filename.
The value STRING(0) indicates that the configured security user auto-backup filename is cleared.
Range: 1-64 characters
Default: STRING(0)
"
::= { hwIpDslamSecurity 82 }
hwIpDslamSecurityUserDynamicIpv6 OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether the security user dynamic-ipv6 function is enabled.
Options:
1. enable(1) -indicates that the security user dynamic-ipv6 function is enabled.
2. disable(2) -indicates that the security user dynamic-ipv6 function is disabled.
Default: disable(2)
"
::= { hwIpDslamSecurity 83 }
hwIpDslamAntiDosDhcpPacketLimitPeriod OBJECT-TYPE
SYNTAX Integer32 ( 1..1800 )
UNITS "second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the detection period of anti-DoS-attack for DHCP packet to cpu.
Range: 1-1800
Unit: second
Default: 1
"
::= { hwIpDslamSecurity 84 }
hwIpDslamArpDetectMaxUserCountSwitch OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether the arp-detect max-user-count function is enabled.
Options:
1. enable(1) -indicates that the arp-detect max-user-count function is enabled.
2. disable(2) -indicates that the arp-detect max-user-count function is disabled.
Default: enable(1)
"
::= { hwIpDslamSecurity 85 }
hwIpDslamSecurityUserInfoSwitch OBJECT-TYPE
SYNTAX INTEGER
{
enable(1),
disable(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates whether the security user info function is enabled.
Options:
1. enable(1) -indicates that the security user info function is enabled.
2. disable(2) -indicates that the security user info function is disabled.
Default: disable(2)
"
::= { hwIpDslamSecurity 86 }
hwIpDslamSecurityFlowBundleOutboundPolicy OBJECT-TYPE
SYNTAX INTEGER
{
record(1),
priority(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the outbound policy of service port bundle.
Options:
1. record(1) -indicates that the outbound policy is record.
2. priority(2) -indicates that the outbound policy is priority.
Default: record(1)
"
::= { hwIpDslamSecurity 87 }
END
View Git Blame Copy Permalink