1521 lines
47 KiB
Plaintext
1521 lines
47 KiB
Plaintext
RAD-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
|
|
-- It is RAD's intent to encourage the widespread use of
|
|
-- this Specification in connection with the management of
|
|
-- RAD products. RAD grants vendors, end-users,
|
|
-- and other interested parties a non-exclusive license to
|
|
-- use this Specification in connection with the management
|
|
-- of RAD products.
|
|
|
|
-- This Specification is supplied "as is," and RAD makes
|
|
-- no warranty, either express or implied, as to the use,
|
|
-- operation, condition, or performance of the Specification.
|
|
|
|
|
|
IMPORTS
|
|
|
|
Integer32, Gauge32, Unsigned32,
|
|
OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI
|
|
sysName FROM SNMPv2-MIB
|
|
TEXTUAL-CONVENTION, RowStatus, RowPointer FROM SNMPv2-TC
|
|
SnmpAdminString FROM SNMP-FRAMEWORK-MIB
|
|
InetAddressType, InetAddress, InetPortNumber,
|
|
InetAddressPrefixLength FROM INET-ADDRESS-MIB
|
|
radSecurity FROM RAD-SMI-MIB
|
|
systemsEvents, alarmEventLogSourceName, alarmEventLogAlarmOrEventId,
|
|
alarmEventLogDescription, alarmEventLogSeverity, alarmEventLogDateAndTime,
|
|
alarmEventReason FROM RAD-GEN-MIB;
|
|
|
|
radAclMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201605191805Z" -- May 19, 2016
|
|
ORGANIZATION "RAD Data Communications Ltd."
|
|
CONTACT-INFO
|
|
"System Department
|
|
|
|
Email: mibs@rad.com
|
|
Postal: RAD Data Communications Ltd.
|
|
24 Raoul Wallenberg St.
|
|
Tel-Aviv 6971920
|
|
Israel
|
|
|
|
Phone: +972-3-645-5421
|
|
Fax: +972-3-760-7844"
|
|
DESCRIPTION
|
|
"ACL MIB."
|
|
::= {radSecurity 2 }
|
|
|
|
|
|
--
|
|
-- TEXTUAL-CONVENTIONs
|
|
--
|
|
--
|
|
|
|
AceMarkingType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Marking Type: DSCP, IP Precedence, or Pbit."
|
|
SYNTAX BITS
|
|
{
|
|
dscp (0),
|
|
ipPrecedence (1),
|
|
pBit (2)
|
|
}
|
|
|
|
DscpMark ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the DSCP value."
|
|
SYNTAX Unsigned32 (0..63)
|
|
|
|
IpPrecedenceMark ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IP precedence value ."
|
|
SYNTAX Unsigned32 (0..7)
|
|
|
|
PbitMark ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the VLAN P-Bit value."
|
|
SYNTAX Unsigned32 (0..7)
|
|
|
|
UdpTcpPortOp ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates how a packet's destination TCP/UDP port number is
|
|
to be compared.
|
|
|
|
'noOperator(1)', which is the default value, means that no
|
|
comparison is to be made with the destination TCP/UDP port
|
|
number.
|
|
|
|
lt(2) means less than.
|
|
gt(3) means greater than.
|
|
eq(4) means equal.
|
|
neq(5) means not equal.
|
|
|
|
range(6) means that it compares the port value between two
|
|
numbers, so this operator needs 2 operands. One operand is the
|
|
starting port number of the range, and the other operand is the ending port number
|
|
of the range"
|
|
SYNTAX INTEGER {
|
|
noOperator (1),
|
|
lt (2),
|
|
gt (3),
|
|
eq (4),
|
|
neq (5),
|
|
range (6)
|
|
}
|
|
|
|
|
|
--Configuration Tables
|
|
|
|
aclConf OBJECT IDENTIFIER ::= { radAclMIB 1 }
|
|
|
|
aclMainTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclMainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Configuration Table."
|
|
::= { aclConf 1 }
|
|
|
|
aclMainEntry OBJECT-TYPE
|
|
SYNTAX AclMainEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the ACL main table"
|
|
INDEX { aclName }
|
|
::= { aclMainTable 1 }
|
|
|
|
AclMainEntry ::= SEQUENCE {
|
|
aclName SnmpAdminString (SIZE (1..252)),
|
|
aclNumberOfAce Unsigned32,
|
|
aclLastSeqeunceNumber Unsigned32,
|
|
aclResequenceCmd Unsigned32,
|
|
aclType INTEGER,
|
|
aclIllegalEntityTypes BITS,
|
|
aclRowStatus RowStatus
|
|
}
|
|
|
|
aclName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..252))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access Control List (ACL) name"
|
|
::= { aclMainEntry 1 }
|
|
|
|
aclNumberOfAce OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of Access Control Entries in this ACL"
|
|
::= { aclMainEntry 2 }
|
|
|
|
aclLastSeqeunceNumber OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Sequence Number of the last ACE in this ACL. "
|
|
::= { aclMainEntry 3 }
|
|
|
|
aclResequenceCmd OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Resequence Command, specifying step between ACE sequence numbers.
|
|
For example, when resequence command with value of 100 is given,
|
|
new sequence number will be 100 200 300 400 etc.
|
|
Default Value - 10. Possible Set values - 1....10000.
|
|
|
|
Upon resequence action completion, Agent will reset this object value
|
|
to '0'- to indicate the resequence action is finished,
|
|
and to allow the user to set the same (or other) value (e.g. 10) again.
|
|
The value 0 can only be set by agent."
|
|
::= { aclMainEntry 4 }
|
|
|
|
aclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4 (1),
|
|
ipv6 (2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL type. For IP ACLs, all ACEs of same ACL will have same InetAddressType value"
|
|
DEFVAL { ipv4}
|
|
::= { aclMainEntry 5 }
|
|
|
|
aclIllegalEntityTypes OBJECT-TYPE
|
|
SYNTAX BITS
|
|
{
|
|
management (0),
|
|
routerInterface (1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a bitmap of entity types.
|
|
If a bit representing certain entity type is '1',
|
|
ACL cannot be bound to that entity type.
|
|
e.g. if bit (0) is '1', ACL cannot be bound to management entity."
|
|
::= { aclMainEntry 6 }
|
|
|
|
aclRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Create/Destroy ACLs.
|
|
When removing ACL which has associated ACE entries,
|
|
all associated entries (in aclAceTable and in all auxiliary (per protocol) tables)
|
|
MUST be removed before destroying ACL entry"
|
|
::= { aclMainEntry 7}
|
|
|
|
|
|
aclAceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclAceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access Control Entry (ACE) Table "
|
|
::= { aclConf 2 }
|
|
|
|
aclAceEntry OBJECT-TYPE
|
|
SYNTAX AclAceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE entry - general ACE parameters , and pointer to Auxillary table."
|
|
INDEX {aclAceIdx }
|
|
::= { aclAceTable 1 }
|
|
|
|
AclAceEntry ::= SEQUENCE {
|
|
aclAceIdx Unsigned32,
|
|
aclAceSequenceNumber Unsigned32,
|
|
aclAceType INTEGER,
|
|
aclAcePointer RowPointer,
|
|
aclAcelog INTEGER,
|
|
aclAceIllegalEntityTypes BITS,
|
|
aclAceAclName SnmpAdminString (SIZE (1..252)),
|
|
aclAceRowStatus RowStatus
|
|
}
|
|
|
|
aclAceIdx OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE running Index . "
|
|
::= { aclAceEntry 1 }
|
|
|
|
aclAceSequenceNumber OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE Sequence Number "
|
|
::= { aclAceEntry 2 }
|
|
|
|
aclAceType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
remark (1),
|
|
deny (2),
|
|
permit (3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specify ACE type:
|
|
Remark, Deny or Permit.
|
|
Remark type ACE must include pointer (aclAcePointer) to aclAceRemarkTable
|
|
Permit or Deny type ACE must include pointer to one of the other
|
|
auxilliary tables (aclAceIP Table, aclAceICMPTable, aclAceTCPTable or aclAceUDPTable)."
|
|
::= { aclAceEntry 3 }
|
|
|
|
aclAcePointer OBJECT-TYPE
|
|
SYNTAX RowPointer
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Pointer to entry in one of the auxilary tables:
|
|
aclAceRemarkTable, aclAceIP Table, aclAceICMPTable ,
|
|
aclAceTCPTable, aclAceUDPTable.
|
|
When an entry is created in this table,
|
|
Agent must create associated entry in one of the auxilary accroding to this pointer "
|
|
::= { aclAceEntry 4 }
|
|
|
|
aclAcelog OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
notApplicable (1), --for ACE type = remark
|
|
disable (2),
|
|
enable (3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable or disable log of current ACE"
|
|
::= { aclAceEntry 5 }
|
|
|
|
|
|
aclAceIllegalEntityTypes OBJECT-TYPE
|
|
SYNTAX BITS
|
|
{
|
|
management (0),
|
|
routerInterface (1)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a bitmap of entity types.
|
|
If a bit representing certain entity type is '1', ACL containing
|
|
current ACE cannot be bound to that entity type.
|
|
e.g. if bit (0) is '1', ACL containing current ACE cannot be
|
|
bound to a management entity."
|
|
::= { aclAceEntry 6 }
|
|
|
|
aclAceAclName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..252))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the ACL to which this ACE belongs. ACL Name MUST exists
|
|
in aclMainTable.
|
|
Upon deletion of an ACL, all entries with deleted ACL Name
|
|
must be deleted."
|
|
::= { aclAceEntry 7 }
|
|
|
|
aclAceRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Create or Destroy ACE "
|
|
::= { aclAceEntry 8 }
|
|
|
|
|
|
aclAceRemarkTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclAceRemarkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE remark Table.
|
|
This table containing all remarks (free text which may describe ACEs) for all ACLs"
|
|
::= { aclConf 3 }
|
|
|
|
aclAceRemarkEntry OBJECT-TYPE
|
|
SYNTAX AclAceRemarkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE remarks "
|
|
INDEX { aclAceIdx }
|
|
::= { aclAceRemarkTable 1 }
|
|
|
|
AclAceRemarkEntry ::= SEQUENCE {
|
|
aclAceRemark SnmpAdminString (SIZE (1..252))
|
|
}
|
|
|
|
aclAceRemark OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..252))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Free text describing following ACEs"
|
|
::= { aclAceRemarkEntry 1 }
|
|
|
|
|
|
aclAceIPTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclAceIPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE IP Table."
|
|
::= { aclConf 4 }
|
|
|
|
aclAceIPEntry OBJECT-TYPE
|
|
SYNTAX AclAceIPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP match criteria"
|
|
INDEX { aclAceIdx }
|
|
::= { aclAceIPTable 1 }
|
|
|
|
AclAceIPEntry ::= SEQUENCE {
|
|
aclAceIPSrcAddressType InetAddressType,
|
|
aclAceIPSrcAddress InetAddress,
|
|
aclAceIPSrcAddressPrefixLength InetAddressPrefixLength,
|
|
aclAceIPDstAddressType InetAddressType,
|
|
aclAceIPDstAddress InetAddress,
|
|
aclAceIPDstAddressPrefixLength InetAddressPrefixLength,
|
|
aclAceIPMarkingType AceMarkingType,
|
|
aclAceIPDscp DscpMark,
|
|
aclAceIPIpPrecedence IpPrecedenceMark,
|
|
aclAceIPProtocolNumber Unsigned32,
|
|
aclAceIPSetMarkingType AceMarkingType,
|
|
aclAceIPSetDscp DscpMark,
|
|
aclAceIPSetIpPrecedence IpPrecedenceMark,
|
|
aclAceIPSetPbit PbitMark
|
|
}
|
|
|
|
aclAceIPSrcAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of Internet address of aclAceIPSrcAddress
|
|
Only ipV4 and ipv6 are supported."
|
|
::= { aclAceIPEntry 1 }
|
|
|
|
aclAceIPSrcAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to match against the packet's source IP address.
|
|
The type of this address is determined by the value of the
|
|
aclAceIPSrcAddressType object."
|
|
::= { aclAceIPEntry 2 }
|
|
|
|
aclAceIPSrcAddressPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the CIDR Prefix carried in aclAceIPSrcAddress"
|
|
::= { aclAceIPEntry 3 }
|
|
|
|
aclAceIPDstAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of Internet address of aclAceIPDstAddress .
|
|
Only ipV4 and ipv6 are supported."
|
|
::= { aclAceIPEntry 4 }
|
|
|
|
aclAceIPDstAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to match against the packet's destination IP address.
|
|
The type of this address is determined by the value of the
|
|
aclAceIPDstAddressType object."
|
|
::= { aclAceIPEntry 5 }
|
|
|
|
aclAceIPDstAddressPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the CIDR Prefix carried in aclAceIPDstAddress"
|
|
::= { aclAceIPEntry 6 }
|
|
|
|
aclAceIPMarkingType OBJECT-TYPE
|
|
SYNTAX AceMarkingType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the marking type to be matched."
|
|
::= { aclAceIPEntry 7 }
|
|
|
|
aclAceIPDscp OBJECT-TYPE
|
|
SYNTAX DscpMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DSCP value to match against the packet's DSCP field"
|
|
::= { aclAceIPEntry 8 }
|
|
|
|
aclAceIPIpPrecedence OBJECT-TYPE
|
|
SYNTAX IpPrecedenceMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP Precendece value to match against the packet's IP Precendece field"
|
|
::= { aclAceIPEntry 9 }
|
|
|
|
aclAceIPProtocolNumber OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP protocol numbers used in the Protocol field of the IPv4 header and the Next Header field of IPv6 header."
|
|
::= { aclAceIPEntry 10 }
|
|
|
|
aclAceIPSetMarkingType OBJECT-TYPE
|
|
SYNTAX AceMarkingType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used only for ACE type 'permit'.
|
|
It indicates which priority parameter should be set in matched packet. "
|
|
::= { aclAceIPEntry 11 }
|
|
|
|
aclAceIPSetDscp OBJECT-TYPE
|
|
SYNTAX DscpMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DSCP value to set in matched packet"
|
|
::= { aclAceIPEntry 12 }
|
|
|
|
aclAceIPSetIpPrecedence OBJECT-TYPE
|
|
SYNTAX IpPrecedenceMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Precedence value to set in matched packet"
|
|
::= { aclAceIPEntry 13}
|
|
|
|
aclAceIPSetPbit OBJECT-TYPE
|
|
SYNTAX PbitMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Pbit (layer two priority) to set in matched packet"
|
|
::= { aclAceIPEntry 14 }
|
|
|
|
aclAceICMPTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclAceICMPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE ICMP Table."
|
|
::= { aclConf 5 }
|
|
|
|
aclAceICMPEntry OBJECT-TYPE
|
|
SYNTAX AclAceICMPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ICMP entry"
|
|
INDEX { aclAceIdx }
|
|
::= { aclAceICMPTable 1 }
|
|
|
|
AclAceICMPEntry ::= SEQUENCE {
|
|
aclAceICMPSrcAddressType InetAddressType,
|
|
aclAceICMPSrcAddress InetAddress,
|
|
aclAceICMPSrcAddressPrefixLength InetAddressPrefixLength,
|
|
aclAceICMPDstAddressType InetAddressType,
|
|
aclAceICMPDstAddress InetAddress,
|
|
aclAceICMPDstAddressPrefixLength InetAddressPrefixLength,
|
|
aclAceICMPMarkingType AceMarkingType,
|
|
aclAceICMPDscp DscpMark,
|
|
aclAceICMPIpPrecedence IpPrecedenceMark,
|
|
aclAceICMPType Unsigned32,
|
|
aclAceICMPCode Unsigned32,
|
|
aclAceICMPSetMarkingType AceMarkingType,
|
|
aclAceICMPSetDscp DscpMark,
|
|
aclAceICMPSetIpPrecedence IpPrecedenceMark,
|
|
aclAceICMPSetPbit PbitMark
|
|
}
|
|
|
|
aclAceICMPSrcAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of Internet address of aclAceICMPSrcAddress
|
|
Only ipV4 and ipv6 are supported."
|
|
::= { aclAceICMPEntry 1 }
|
|
|
|
aclAceICMPSrcAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to match against the packet's source IP address.
|
|
The type of this address is determined by the value of the
|
|
aclAceICMPSrcAddressType object."
|
|
::= { aclAceICMPEntry 2 }
|
|
|
|
aclAceICMPSrcAddressPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the CIDR Prefix carried in aclAceICMPSrcAddress The length of the CIDR Prefix carried in SrcAddressPrefixLength"
|
|
::= { aclAceICMPEntry 3 }
|
|
|
|
aclAceICMPDstAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of Internet address of aclAceICMPDstAddressType .
|
|
Only ipV4 and ipv6 are supported."
|
|
::= { aclAceICMPEntry 4 }
|
|
|
|
aclAceICMPDstAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to match against the packet's destination IP address.
|
|
The type of this address is determined by the value of the
|
|
aclAceICMPDstAddress object."
|
|
::= { aclAceICMPEntry 5 }
|
|
|
|
aclAceICMPDstAddressPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the CIDR Prefix carried in DstAddressPrefixLength"
|
|
::= { aclAceICMPEntry 6 }
|
|
|
|
aclAceICMPMarkingType OBJECT-TYPE
|
|
SYNTAX AceMarkingType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the marking type to be matched"
|
|
::= { aclAceICMPEntry 7 }
|
|
|
|
aclAceICMPDscp OBJECT-TYPE
|
|
SYNTAX DscpMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DSCP value to match against the packet's DSCP field"
|
|
::= { aclAceICMPEntry 8 }
|
|
|
|
aclAceICMPIpPrecedence OBJECT-TYPE
|
|
SYNTAX IpPrecedenceMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP Precendece value to match against the packet's IP Precendece field"
|
|
::= { aclAceICMPEntry 9 }
|
|
|
|
aclAceICMPType OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ICMP message Type"
|
|
::= { aclAceICMPEntry 10 }
|
|
|
|
aclAceICMPCode OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ICMP message Code"
|
|
::= { aclAceICMPEntry 11 }
|
|
|
|
aclAceICMPSetMarkingType OBJECT-TYPE
|
|
SYNTAX AceMarkingType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used only for ACE type 'permit'.
|
|
It indicates which priority parameter should be set in matched packet. "
|
|
::= { aclAceICMPEntry 12}
|
|
|
|
aclAceICMPSetDscp OBJECT-TYPE
|
|
SYNTAX DscpMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DSCP value to set in matched packet"
|
|
::= { aclAceICMPEntry 13 }
|
|
|
|
aclAceICMPSetIpPrecedence OBJECT-TYPE
|
|
SYNTAX IpPrecedenceMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Precedence value to set in matched packet"
|
|
::= { aclAceICMPEntry 14 }
|
|
|
|
aclAceICMPSetPbit OBJECT-TYPE
|
|
SYNTAX PbitMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Pbit (layer two priority) to set in matched packet"
|
|
::= { aclAceICMPEntry 15 }
|
|
|
|
-- TCP Table
|
|
|
|
aclAceTCPTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclAceTCPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE TCP Table."
|
|
::= { aclConf 6 }
|
|
|
|
aclAceTCPEntry OBJECT-TYPE
|
|
SYNTAX AclAceTCPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE TCP entry"
|
|
INDEX { aclAceIdx }
|
|
::= { aclAceTCPTable 1 }
|
|
|
|
AclAceTCPEntry ::= SEQUENCE {
|
|
aclAceTCPSrcAddressType InetAddressType,
|
|
aclAceTCPSrcAddress InetAddress,
|
|
aclAceTCPSrcAddressPrefixLength InetAddressPrefixLength,
|
|
aclAceTCPDstAddressType InetAddressType,
|
|
aclAceTCPDstAddress InetAddress,
|
|
aclAceTCPDstAddressPrefixLength InetAddressPrefixLength,
|
|
aclAceTCPMarkingType AceMarkingType,
|
|
aclAceTCPDscp DscpMark,
|
|
aclAceTCPIpPrecedence IpPrecedenceMark,
|
|
aclAceTCPSrcPortOp UdpTcpPortOp,
|
|
aclAceTCPSrcPort InetPortNumber,
|
|
aclAceTCPSrcPortRange InetPortNumber,
|
|
aclAceTCPDstPortOp UdpTcpPortOp,
|
|
aclAceTCPDstPort InetPortNumber,
|
|
aclAceTCPDstPortRange InetPortNumber,
|
|
aclAceTCPSetMarkingType AceMarkingType,
|
|
aclAceTCPSetDscp DscpMark,
|
|
aclAceTCPSetIpPrecedence IpPrecedenceMark,
|
|
aclAceTCPSetPbit PbitMark
|
|
}
|
|
aclAceTCPSrcAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of Internet address of aclAceTCPSrcAddress
|
|
Only ipV4 and ipv6 are supported."
|
|
::= { aclAceTCPEntry 1}
|
|
|
|
aclAceTCPSrcAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to match against the packet's source IP address.
|
|
The type of this address is determined by the value of the
|
|
aclAceTCPSrcAddressType object."
|
|
::= { aclAceTCPEntry 2}
|
|
|
|
aclAceTCPSrcAddressPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the CIDR Prefix carried in aclAceTCPSrcAddress"
|
|
::= { aclAceTCPEntry 3}
|
|
|
|
aclAceTCPDstAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of Internet address of aclAceTCPDstAddress .
|
|
Only ipV4 and ipv6 are supported."
|
|
::= { aclAceTCPEntry 4 }
|
|
|
|
aclAceTCPDstAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to match against the packet's destination IP address.
|
|
The type of this address is determined by the value of the
|
|
aclAceTCPDstAddressType object."
|
|
::= { aclAceTCPEntry 5 }
|
|
|
|
aclAceTCPDstAddressPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the CIDR Prefix carried in aclAceTCPDstAddress"
|
|
::= { aclAceTCPEntry 6 }
|
|
|
|
aclAceTCPMarkingType OBJECT-TYPE
|
|
SYNTAX AceMarkingType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the marking type to be matched."
|
|
::= { aclAceTCPEntry 7 }
|
|
|
|
aclAceTCPDscp OBJECT-TYPE
|
|
SYNTAX DscpMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DSCP value to match against the packet's DSCP field"
|
|
::= { aclAceTCPEntry 8 }
|
|
|
|
aclAceTCPIpPrecedence OBJECT-TYPE
|
|
SYNTAX IpPrecedenceMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP Precendece value to match against the packet's IP Precendece field"
|
|
::= { aclAceTCPEntry 9 }
|
|
|
|
aclAceTCPSrcPortOp OBJECT-TYPE
|
|
SYNTAX UdpTcpPortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates how a packet's Source TCP port number is
|
|
to be compared with aclAceTCPSrcPort and aclAceTCPSrcPortRange"
|
|
::= { aclAceTCPEntry 10 }
|
|
|
|
aclAceTCPSrcPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP port number to be matched against the packets TCP source port."
|
|
::= { aclAceTCPEntry 11 }
|
|
|
|
aclAceTCPSrcPortRange OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port number of the TCP protocol.
|
|
If the aclAceTCPSrcPortOp object in the same row is range(6),
|
|
this object will be the ending port number of the port range.
|
|
This object cannot be configured if
|
|
aclAceTCPSrcPortOp in the same row is not range(6)"
|
|
::= { aclAceTCPEntry 12 }
|
|
|
|
aclAceTCPDstPortOp OBJECT-TYPE
|
|
SYNTAX UdpTcpPortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates how a packet's destination TCP port number is
|
|
to be compared with aclAceTCPDstPort and aclAceTCPDstPortRange"
|
|
::= { aclAceTCPEntry 13 }
|
|
|
|
aclAceTCPDstPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP port number to be matched against the packets TCP destination port"
|
|
::= { aclAceTCPEntry 14 }
|
|
|
|
aclAceTCPDstPortRange OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port number of the TCP protocol.
|
|
If the aclAceTCPDstPortOp object in the same row is range(6),
|
|
this object will be the ending port number of the port range.
|
|
This object cannot be configured if
|
|
aclAceTCPDstPortOp in the same row is not range(6)"
|
|
::= { aclAceTCPEntry 15 }
|
|
|
|
aclAceTCPSetMarkingType OBJECT-TYPE
|
|
SYNTAX AceMarkingType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used only for ACE type 'permit'.
|
|
It indicates which priority parameter should be set in matched packet. "
|
|
::= { aclAceTCPEntry 16 }
|
|
|
|
aclAceTCPSetDscp OBJECT-TYPE
|
|
SYNTAX DscpMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DSCP value to set in matched packet"
|
|
::= { aclAceTCPEntry 17 }
|
|
|
|
aclAceTCPSetIpPrecedence OBJECT-TYPE
|
|
SYNTAX IpPrecedenceMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Precedence value to set in matched packet"
|
|
::= { aclAceTCPEntry 18 }
|
|
|
|
aclAceTCPSetPbit OBJECT-TYPE
|
|
SYNTAX PbitMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Pbit (layer two priority) to set in matched packet"
|
|
::= { aclAceTCPEntry 19 }
|
|
|
|
-- UDP table
|
|
|
|
aclAceUDPTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclAceUDPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE UDP Table."
|
|
::= { aclConf 7 }
|
|
|
|
aclAceUDPEntry OBJECT-TYPE
|
|
SYNTAX AclAceUDPEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE UDP entry"
|
|
INDEX { aclAceIdx }
|
|
::= { aclAceUDPTable 1 }
|
|
|
|
AclAceUDPEntry ::= SEQUENCE {
|
|
aclAceUDPSrcAddressType InetAddressType,
|
|
aclAceUDPSrcAddress InetAddress,
|
|
aclAceUDPSrcAddressPrefixLength InetAddressPrefixLength,
|
|
aclAceUDPDstAddressType InetAddressType,
|
|
aclAceUDPDstAddress InetAddress,
|
|
aclAceUDPDstAddressPrefixLength InetAddressPrefixLength,
|
|
aclAceUDPMarkingType AceMarkingType,
|
|
aclAceUDPDscp DscpMark,
|
|
aclAceUDPIpPrecedence IpPrecedenceMark,
|
|
aclAceUDPSrcPortOp UdpTcpPortOp,
|
|
aclAceUDPSrcPort InetPortNumber,
|
|
aclAceUDPSrcPortRange InetPortNumber,
|
|
aclAceUDPDstPortOp UdpTcpPortOp,
|
|
aclAceUDPDstPort InetPortNumber,
|
|
aclAceUDPDstPortRange InetPortNumber,
|
|
aclAceUDPSetMarkingType AceMarkingType,
|
|
aclAceUDPSetDscp DscpMark,
|
|
aclAceUDPSetIpPrecedence IpPrecedenceMark,
|
|
aclAceUDPSetPbit PbitMark
|
|
}
|
|
|
|
aclAceUDPSrcAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Source Address"
|
|
::= { aclAceUDPEntry 1 }
|
|
|
|
aclAceUDPSrcAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Source Address"
|
|
::= { aclAceUDPEntry 2 }
|
|
|
|
aclAceUDPSrcAddressPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the CIDR Prefix carried in SrcAddressPrefixLength"
|
|
::= { aclAceUDPEntry 3 }
|
|
|
|
aclAceUDPDstAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"X3 Description for DstAddress"
|
|
::= { aclAceUDPEntry 4 }
|
|
|
|
aclAceUDPDstAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"X3 Description for DstAddress"
|
|
::= { aclAceUDPEntry 5 }
|
|
|
|
aclAceUDPDstAddressPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the CIDR Prefix carried in aclAceUDPDstAddress"
|
|
::= { aclAceUDPEntry 6 }
|
|
|
|
aclAceUDPMarkingType OBJECT-TYPE
|
|
SYNTAX AceMarkingType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the marking type to be matched"
|
|
::= { aclAceUDPEntry 7 }
|
|
|
|
aclAceUDPDscp OBJECT-TYPE
|
|
SYNTAX DscpMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The DSCP value to match against the packet's DSCP field"
|
|
::= { aclAceUDPEntry 8 }
|
|
|
|
aclAceUDPIpPrecedence OBJECT-TYPE
|
|
SYNTAX IpPrecedenceMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP Precendece value to match against the packet's IP Precendece field"
|
|
::= { aclAceUDPEntry 9 }
|
|
|
|
aclAceUDPSrcPortOp OBJECT-TYPE
|
|
SYNTAX UdpTcpPortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates how a packet's source UDP port number is
|
|
to be compared with aclAceUDPSrcPort and aclAceUDPSrcPortRange"
|
|
::= { aclAceUDPEntry 10 }
|
|
|
|
aclAceUDPSrcPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The UDP port number to be matched against the packets UDP source port."
|
|
::= { aclAceUDPEntry 11 }
|
|
|
|
aclAceUDPSrcPortRange OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port number of the UDP protocol.
|
|
If the aclAceUDPSrcPortOp object in the same row is range(6),
|
|
this object will be the ending port number of the port range.
|
|
This object cannot be configured if
|
|
aclAceUDPSrcPortOp in the same row is not range(6)"
|
|
::= { aclAceUDPEntry 12 }
|
|
|
|
aclAceUDPDstPortOp OBJECT-TYPE
|
|
SYNTAX UdpTcpPortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates how a packet's destination UDP port number is
|
|
to be compared with aclAceUDPDstPort and aclAceUDPDstPortRange"
|
|
::= { aclAceUDPEntry 13 }
|
|
|
|
aclAceUDPDstPort OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The UDP port number to be matched against the packets UDP destination port number"
|
|
::= { aclAceUDPEntry 14 }
|
|
|
|
aclAceUDPDstPortRange OBJECT-TYPE
|
|
SYNTAX InetPortNumber
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port number of the TCP protocol.
|
|
If the aclAceUDPDstPortOp object in the same row is range(6),
|
|
this object will be the ending port number of the port range.
|
|
This object cannot be configured if
|
|
aclAceUDPDstPortOp in the same row is not range(6)"
|
|
::= { aclAceUDPEntry 15 }
|
|
|
|
aclAceUDPSetMarkingType OBJECT-TYPE
|
|
SYNTAX AceMarkingType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used only for ACE type 'permit'.
|
|
It indicates which priority parameter should be set in matched packet. "
|
|
::= { aclAceUDPEntry 16 }
|
|
|
|
aclAceUDPSetDscp OBJECT-TYPE
|
|
SYNTAX DscpMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DSCP value to set in matched packet"
|
|
::= { aclAceUDPEntry 17 }
|
|
|
|
aclAceUDPSetIpPrecedence OBJECT-TYPE
|
|
SYNTAX IpPrecedenceMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP Precedence value to set in matched packet"
|
|
::= { aclAceUDPEntry 18 }
|
|
|
|
aclAceUDPSetPbit OBJECT-TYPE
|
|
SYNTAX PbitMark
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Pbit (layer two priority) to set in matched packet"
|
|
::= { aclAceUDPEntry 19 }
|
|
|
|
|
|
aclBindTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclBindEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Bind to Entitity Table."
|
|
::= { aclConf 8 }
|
|
|
|
aclBindEntry OBJECT-TYPE
|
|
SYNTAX AclBindEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry defines ACL bind to entity"
|
|
INDEX {aclBindEntityType, aclBindEntityIndex, aclBindDirection, aclBindAclType }
|
|
::= { aclBindTable 1 }
|
|
|
|
AclBindEntry ::= SEQUENCE {
|
|
aclBindEntityType INTEGER,
|
|
aclBindEntityIndex Integer32,
|
|
aclBindDirection INTEGER,
|
|
aclBindAclType INTEGER,
|
|
aclBindAclName SnmpAdminString (SIZE (1..252)),
|
|
aclBindTimeElapsed Gauge32,
|
|
aclBindClearStatisticsCmd INTEGER,
|
|
aclBindRowStatus RowStatus
|
|
}
|
|
|
|
aclBindEntityType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
routerInterface (1),
|
|
management (2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This ocject defines whether ACL is bound to Router Interface
|
|
or to Management entity."
|
|
::= { aclBindEntry 1 }
|
|
|
|
aclBindEntityIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entity Index"
|
|
::= { aclBindEntry 2 }
|
|
|
|
aclBindDirection OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
inbound (2),
|
|
outbound (3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the direction on which the access list works,
|
|
which may be either inbound (for traffic entering the entity)
|
|
or outbound (for traffic transmitted out of the entity)."
|
|
::= { aclBindEntry 3 }
|
|
|
|
aclBindAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4 (1),
|
|
ipv6 (2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL type. For IP ACLs, all ACEs of same ACL will have same InetAddressType value"
|
|
DEFVAL { ipv4}
|
|
::= { aclBindEntry 4 }
|
|
|
|
aclBindAclName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..252))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the name of ACL binded to this entity."
|
|
::= { aclBindEntry 5 }
|
|
|
|
aclBindTimeElapsed OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of seconds that have elapsed since
|
|
the beginning of the current measurement period."
|
|
::= { aclBindEntry 6 }
|
|
|
|
aclBindClearStatisticsCmd OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
off (1),
|
|
on (2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Clear statistics command. All Matches counters (of all ACEs)
|
|
of ACL bound to entity are cleared."
|
|
::= { aclBindEntry 7}
|
|
|
|
aclBindRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Create or delete ACL bind to entity"
|
|
::= { aclBindEntry 8}
|
|
|
|
-- Scalars collection
|
|
|
|
aclHandleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclHandleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Dummy table, includes single row of ACL handling parameters"
|
|
::= { aclConf 10 }
|
|
|
|
aclHandleEntry OBJECT-TYPE
|
|
SYNTAX AclHandleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL handling parameters"
|
|
INDEX { aclHandleIndex }
|
|
::= { aclHandleTable 1 }
|
|
|
|
AclHandleEntry ::= SEQUENCE {
|
|
aclHandleIndex Unsigned32,
|
|
aclLoggingIntervel Unsigned32
|
|
}
|
|
|
|
aclHandleIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Dummy index = 1"
|
|
::= { aclHandleEntry 1 }
|
|
|
|
aclLoggingIntervel OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Logging interval in seconds.
|
|
The default value is 300 seconds = 5 minutes"
|
|
::= { aclHandleEntry 2 }
|
|
|
|
aclInvAceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclInvAceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Inverse table for Access Control Entry (ACE) Table.
|
|
This table is used for displaying ACEs ordered according their sequence number. "
|
|
::= { aclConf 11 }
|
|
|
|
aclInvAceEntry OBJECT-TYPE
|
|
SYNTAX AclInvAceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE Table inverse entry - general ACE parameters , indexed by ACL Nam and Sequence Number,
|
|
used for display sorted according to sequence number purpose."
|
|
INDEX { aclName , aclAceSequenceNumber }
|
|
::= { aclInvAceTable 1 }
|
|
|
|
AclInvAceEntry ::= SEQUENCE {
|
|
aclInvAceIdx Unsigned32,
|
|
aclInvAceType INTEGER,
|
|
aclInvAcePointer RowPointer,
|
|
aclInvAcelog INTEGER
|
|
}
|
|
|
|
aclInvAceIdx OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACE running Index . "
|
|
::= { aclInvAceEntry 1 }
|
|
|
|
aclInvAceType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
remark (1),
|
|
deny (2),
|
|
permit (3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specify ACE type:
|
|
Remark, Deny or Permit.
|
|
Remark type ACE must include pointer (aclAcePointer) to aclAceRemarkTable
|
|
Permit or Deny type ACE must include pointer to one of the other
|
|
auxilliary tables (aclAceIP Table, aclAceICMPTable, aclAceTCPTable or aclAceUDPTable)."
|
|
::= { aclInvAceEntry 2 }
|
|
|
|
aclInvAcePointer OBJECT-TYPE
|
|
SYNTAX RowPointer
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Pointer to entry in one of the auxilary tables:
|
|
aclAceRemarkTable, aclAceIP Table, aclAceICMPTable ,
|
|
aclAceTCPTable, aclAceUDPTable. "
|
|
::= { aclInvAceEntry 3 }
|
|
|
|
aclInvAcelog OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
notApplicable (1), --for ACE type = remark
|
|
disable (2),
|
|
enable (3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enable or disable log of current ACE"
|
|
::= { aclInvAceEntry 4 }
|
|
|
|
|
|
--Statistics Tables
|
|
|
|
aclStats OBJECT IDENTIFIER ::= { radAclMIB 2 }
|
|
|
|
aclAceStatsTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclAceStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics table"
|
|
::= { aclStats 1 }
|
|
|
|
aclAceStatsEntry OBJECT-TYPE
|
|
SYNTAX AclAceStatsEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Statistics entry"
|
|
INDEX { aclBindEntityType, aclBindEntityIndex, aclBindDirection, aclType, aclAceIdx }
|
|
::= { aclAceStatsTable 1 }
|
|
|
|
AclAceStatsEntry ::= SEQUENCE {
|
|
aclAceStatsMatches Gauge32,
|
|
aclAceStatsClearCmd INTEGER
|
|
}
|
|
|
|
aclAceStatsMatches OBJECT-TYPE
|
|
SYNTAX Gauge32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Counts the number of packets that matched the
|
|
statement indicated by aclAceIdx,
|
|
of the ACL of type indicated by aclType,
|
|
which is bounded to the entity indicated by aclBindEntityType
|
|
& aclBindEntityIndex "
|
|
::= { aclAceStatsEntry 1 }
|
|
|
|
aclAceStatsClearCmd OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
off (1),
|
|
on (2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Clear statistics command. ACE Matches counter (aclAceStatsMatches)
|
|
is cleared."
|
|
::= { aclAceStatsEntry 2}
|
|
|
|
|
|
aclAceLogTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF AclAceLogEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL log table.
|
|
This table has limited number of rows, hence,
|
|
is implemented as a cyclic table."
|
|
::= { aclStats 2 }
|
|
|
|
aclAceLogEntry OBJECT-TYPE
|
|
SYNTAX AclAceLogEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry contains information on one ACE match."
|
|
INDEX { aclAceLogIndex }
|
|
::= { aclAceLogTable 1 }
|
|
|
|
AclAceLogEntry ::= SEQUENCE {
|
|
aclAceLogIndex Unsigned32,
|
|
aclAceLogIPAddressType InetAddressType,
|
|
aclAceLogIPSrcAddress InetAddress,
|
|
aclAceLogIPDstAddress InetAddress,
|
|
aclAceLogProtocol INTEGER,
|
|
aclAceLogSrcPort Unsigned32,
|
|
aclAceLogDstPort Unsigned32,
|
|
aclAceLogIpProtocol Unsigned32
|
|
}
|
|
|
|
aclAceLogIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Running index "
|
|
::= { aclAceLogEntry 1 }
|
|
|
|
aclAceLogIPAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of Internet address of source and destination fields
|
|
of the matched packet. (aclAceLogIPSrcAddress and aclAceLogIPDstAddress).
|
|
Only ipV4 and ipv6 are supported"
|
|
::= { aclAceLogEntry 2 }
|
|
|
|
|
|
aclAceLogIPSrcAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address of the matched packet.
|
|
If the IP address is unknown then the value of this object
|
|
will be empty"
|
|
::= { aclAceLogEntry 3 }
|
|
|
|
|
|
aclAceLogIPDstAddress OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Dest IP address of the the matched packet.
|
|
If the IP address is unknown then the value of this object
|
|
will be empty"
|
|
::= { aclAceLogEntry 4 }
|
|
|
|
aclAceLogProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ip (1),
|
|
icmp (2),
|
|
udp (3),
|
|
tcp (4),
|
|
unknown (255)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Matched packet protocol - IP, ICMP, UDP or TCP.
|
|
If the protocol is unknown then the value of this object
|
|
will be unknown(255)."
|
|
::= { aclAceLogEntry 5 }
|
|
|
|
aclAceLogSrcPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Matched packet source TCP/UDP port number.
|
|
If the port is unknown or aclAceLogProtocol <> (tcp or udp) then
|
|
the value of this object will be 0xFFFFFFFF"
|
|
::= { aclAceLogEntry 6}
|
|
|
|
aclAceLogDstPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Matched packet destination TCP/UDP port number.
|
|
If the port is unknown or aclAceLogProtocol <> (tcp or udp) then
|
|
the value of this object will be 0xFFFFFFFF"
|
|
::= { aclAceLogEntry 7}
|
|
|
|
aclAceLogIpProtocol OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP protocol number.
|
|
If the protocol is unknown or aclAceLogProtocol <> ip
|
|
then the value of this object will be 0xFFFFFFFF"
|
|
::= { aclAceLogEntry 8 }
|
|
|
|
|
|
|
|
systemAclLogging NOTIFICATION-TYPE
|
|
OBJECTS { alarmEventLogSourceName, alarmEventLogAlarmOrEventId, alarmEventLogDescription,
|
|
alarmEventLogSeverity, alarmEventLogDateAndTime, alarmEventReason,
|
|
sysName, aclBindAclName, aclAceSequenceNumber,
|
|
aclAceType, aclAceStatsMatches, aclAceLogIPSrcAddress,
|
|
aclAceLogIPDstAddress, aclAceLogProtocol, aclAceLogSrcPort,
|
|
aclAceLogDstPort, aclAceLogIpProtocol }
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This trap is sent whenever a packet matches ACL entry for which logging
|
|
is enabled. The ACL logging event is rate limited."
|
|
::= { systemsEvents 89 }
|
|
|
|
END
|