591 lines
19 KiB
Plaintext
591 lines
19 KiB
Plaintext
-- *****************************************************************
|
|
-- MY-ACL-MIB.mib: My Acl MIB file
|
|
--
|
|
-- $Copyright$
|
|
--
|
|
-- *****************************************************************
|
|
--
|
|
|
|
MY-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
NOTIFICATION-TYPE,
|
|
Integer32,
|
|
Counter32
|
|
FROM SNMPv2-SMI
|
|
TruthValue,
|
|
DisplayString,
|
|
RowStatus,
|
|
MacAddress
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
IfIndex,
|
|
ConfigStatus
|
|
FROM MY-TC
|
|
myMgmt
|
|
FROM MY-SMI;
|
|
|
|
myAclMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200203200000Z"
|
|
ORGANIZATION "$Company$"
|
|
CONTACT-INFO
|
|
"
|
|
Tel: $Telephone$
|
|
|
|
E-mail: $E-mail$"
|
|
DESCRIPTION
|
|
"This module defines my acl mibs."
|
|
REVISION "200203200000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { myMgmt 17}
|
|
|
|
--ACLNO ::= TEXTUAL-CONVENTION
|
|
-- STATUS current
|
|
-- DESCRIPTION
|
|
-- " Serial number of Access control list entry, Access control list entry of
|
|
-- bigger ACL number will have higher implement priority. One ACL number
|
|
-- corresponding to only one entry."
|
|
-- SYNTAX INTEGER
|
|
|
|
-- Access control list
|
|
myAclMIBObjects OBJECT IDENTIFIER ::= { myAclMIB 1 }
|
|
|
|
|
|
myAclTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyAclEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of acl request entries."
|
|
::= { myAclMIBObjects 1 }
|
|
|
|
myAclEntry OBJECT-TYPE
|
|
SYNTAX MyAclEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains acl name and mode."
|
|
INDEX { myAclName }
|
|
::= { myAclTable 1 }
|
|
|
|
MyAclEntry ::=
|
|
SEQUENCE {
|
|
myAclName DisplayString,
|
|
myAclMode INTEGER,
|
|
myAclEntryStatus ConfigStatus
|
|
}
|
|
|
|
myAclName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access list name of this entry.This value is unique for every entry
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { myAclEntry 1 }
|
|
|
|
myAclMode OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
acl-ip-standard(1),
|
|
acl-ip-extended(2),
|
|
acl-mac-extended(3),
|
|
acl-expert(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
" Config mode of this ACL"
|
|
::= { myAclEntry 2 }
|
|
|
|
myAclEntryStatus OBJECT-TYPE
|
|
SYNTAX ConfigStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this entry, set its value to invalid will delete this entry.
|
|
set its value to valid has no effect."
|
|
::= { myAclEntry 3 }
|
|
|
|
myAceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyAceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of ACE request entries."
|
|
::= { myAclMIBObjects 2 }
|
|
|
|
myAceEntry OBJECT-TYPE
|
|
SYNTAX MyAceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry contains ace parameters and results.
|
|
|
|
A management station wishing to create an entry should
|
|
first generate a pseudo-random serial number to be used
|
|
as the index to a ace entry of a acl. The station should
|
|
then create the associated entry.
|
|
|
|
We must set all specifies valid values for the
|
|
non-defaulted configuration objects, certainly, it should
|
|
also modify the default values for the other configuration
|
|
objects if the defaults are not appropriate.
|
|
|
|
Once the appropriate instance of all the configuration
|
|
objects have been created or set,the row status should be set
|
|
to active to initiate the request."
|
|
INDEX { myAceAclName,myAceIndex }
|
|
::= { myAceTable 1 }
|
|
|
|
MyAceEntry ::=
|
|
SEQUENCE {
|
|
myAceAclName DisplayString,
|
|
myAceIndex Integer32,
|
|
myAceIfAnyVID TruthValue,
|
|
myAceVID Unsigned32,
|
|
myAceIfAnySourceIp TruthValue,
|
|
myAceSourceIp IpAddress,
|
|
myAceIfAnySourceWildCard TruthValue,
|
|
myAceSourceWildCard IpAddress,
|
|
myAceIfAnySourceMacAddr TruthValue,
|
|
myAceSourceMacAddr MacAddress,
|
|
myAceIfAnyDestIp TruthValue,
|
|
myAceDestIp IpAddress,
|
|
myAceIfAnyDestWildCard TruthValue,
|
|
myAceDestIpWildCard IpAddress,
|
|
myAceIfAnyDestMacAddr TruthValue,
|
|
myAceDestMacAddr MacAddress,
|
|
myAceIfAnyEtherLikeType TruthValue,
|
|
myAceEtherLikeType Integer32,
|
|
myAceIfAnyIpProtocolField TruthValue,
|
|
myAceIpProtocolField Integer32,
|
|
myAceIfAnySourceProtocolPort TruthValue,
|
|
myAceSourceProtocolPort Integer32,
|
|
myAceIfAnyDestProtocolPort TruthValue,
|
|
myAceDestProtocolPort Integer32,
|
|
myAceIfAnyProtocolType TruthValue,
|
|
myAceProtocolType Integer32,
|
|
myAceFlowAction INTEGER,
|
|
myAceEntryStauts RowStatus,
|
|
myAceTimeRangeName DisplayString
|
|
}
|
|
|
|
myAceAclName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (1..32))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access list name of this ace belong to.
|
|
When this string be used as an index,Value of a sub-identifier equal
|
|
ASCII value of corresponding character(first sub-identifier corresponds
|
|
first character of string). The number of sub-identifiers of this string
|
|
must be 32,If length of string is less than 32 the sub-identifier(0x0)
|
|
will be filled in tail."
|
|
::= { myAceEntry 1 }
|
|
|
|
myAceIndex OBJECT-TYPE
|
|
SYNTAX Integer32(1..2147483647)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Object which specifies a unique entry in the
|
|
myAclTable. A management station wishing
|
|
to initiate a acl operation should use a
|
|
pseudo-random value for this object when creating
|
|
or modifying an instance of a myAclEntry.
|
|
The RowStatus semantics of the myAclEntryStatus
|
|
object will prevent access conflicts."
|
|
::= { myAceEntry 2 }
|
|
|
|
myAceIfAnyVID OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VID of class will not be checked if this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 3 }
|
|
|
|
myAceVID OBJECT-TYPE
|
|
SYNTAX Unsigned32(0..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VID of Ace flow definition."
|
|
::= { myAceEntry 4 }
|
|
|
|
myAceIfAnySourceIp OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source Ip of class will not be checked if this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 5 }
|
|
|
|
myAceSourceIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Sourece ip address of Ace flow definition."
|
|
::= { myAceEntry 6 }
|
|
|
|
myAceIfAnySourceWildCard OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source Ip wild card of class will not be checked if this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 7 }
|
|
|
|
myAceSourceWildCard OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Sourece ip wild card(in reverse ip address mask)of Ace flow definition."
|
|
::= { myAceEntry 8 }
|
|
|
|
myAceIfAnySourceMacAddr OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source mac address of class will not be checked if this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 9 }
|
|
|
|
myAceSourceMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Sourece Mac address of Ace flow definition."
|
|
::= { myAceEntry 10 }
|
|
|
|
myAceIfAnyDestIp OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination Ip wild card of class will not be checked if this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 11 }
|
|
|
|
myAceDestIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination ip address of Ace flow definition."
|
|
::= { myAceEntry 12 }
|
|
|
|
myAceIfAnyDestWildCard OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source Ip wild card of class will not be checked if this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 13 }
|
|
|
|
myAceDestIpWildCard OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination ip wild card(in reverse ip address mask) of Ace flow definition."
|
|
::= { myAceEntry 14 }
|
|
|
|
myAceIfAnyDestMacAddr OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source Ip wild card of class will not be checked if this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 15 }
|
|
|
|
myAceDestMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination Mac address of Ace flow definition."
|
|
::= { myAceEntry 16 }
|
|
|
|
myAceIfAnyEtherLikeType OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ether Like Type in MAC packet will not be checked if this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 17 }
|
|
|
|
myAceEtherLikeType OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ether Like Type in MAC packet of Ace flow definition. "
|
|
::= { myAceEntry 18 }
|
|
|
|
myAceIfAnyIpProtocolField OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source Ip wild card of class will not be checked if this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 19 }
|
|
|
|
myAceIpProtocolField OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of protocol field in IP packet of Ace flow definition."
|
|
::= { myAceEntry 20 }
|
|
|
|
myAceIfAnySourceProtocolPort OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of source protocol port in IP packet will not be checked if
|
|
this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 21 }
|
|
|
|
myAceSourceProtocolPort OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of source protocol port in IP packet of Ace flow definition. It is
|
|
significative only to those protocol which support this field."
|
|
::= { myAceEntry 22 }
|
|
|
|
myAceIfAnyDestProtocolPort OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"he value of destination protocol port in IP packet will not be checked if
|
|
this value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 23 }
|
|
|
|
myAceDestProtocolPort OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of destination protocol port in IP packet of Ace flow definition. It is
|
|
significative only to those protocol which support this field(tcp,udp)."
|
|
::= { myAceEntry 24 }
|
|
|
|
myAceIfAnyProtocolType OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of protocol type field in IP packet will not be checked if this
|
|
value is true."
|
|
DEFVAL{ true }
|
|
::= { myAceEntry 25 }
|
|
|
|
myAceProtocolType OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of protocol type field in IP packet of Ace flow definition. It is
|
|
significative only to those protocol which support this field(icmp,igmp)."
|
|
::= { myAceEntry 26 }
|
|
|
|
myAceFlowAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
permit(1),
|
|
delay(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Permit indicate that the kind of flow which entry define will be allow to access ,
|
|
delay indicate that the kind of flow which entry define will be refuse to access"
|
|
::= { myAceEntry 27 }
|
|
|
|
myAceEntryStauts OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"entry status for this list."
|
|
::= { myAceEntry 28 }
|
|
|
|
myAceTimeRangeName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (0..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of time-range of this ACE match. It indicate that
|
|
this ACE doesn't match any time-range if this string is null"
|
|
::= { myAceEntry 29 }
|
|
|
|
|
|
myAclIfTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF MyAclIfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"list of ACL interface objects."
|
|
::= { myAclMIBObjects 3 }
|
|
|
|
myAclIfEntry OBJECT-TYPE
|
|
SYNTAX MyAclIfEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry ACL interface information."
|
|
INDEX { myAclIfIndex }
|
|
::= { myAclIfTable 1 }
|
|
|
|
MyAclIfEntry ::=
|
|
SEQUENCE {
|
|
myAclIfIndex IfIndex,
|
|
myAclIfMaxEntryNum Integer32,
|
|
myAclIfCurruntEntryNum Integer32,
|
|
myIfInAclName DisplayString,
|
|
myIfOutAclName DisplayString
|
|
}
|
|
|
|
myAclIfIndex OBJECT-TYPE
|
|
SYNTAX IfIndex
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
" "
|
|
::= { myAclIfEntry 1 }
|
|
|
|
myAclIfMaxEntryNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Max num of ACL entry(ACE) in a interface."
|
|
::= { myAclIfEntry 2 }
|
|
|
|
myAclIfCurruntEntryNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Currunt valid num of ACL entry(ACE) in a interface."
|
|
::= { myAclIfEntry 3 }
|
|
|
|
myIfInAclName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (0..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access list name of ACL of this interface match for input.
|
|
It indicate that this interface doesn't match any ACL for input
|
|
if this string is null"
|
|
::= { myAclIfEntry 4 }
|
|
|
|
myIfOutAclName OBJECT-TYPE
|
|
SYNTAX DisplayString(SIZE (0..32))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access list name of ACL of this interface match for output.
|
|
It indicate that this interface doesn't match any ACL for output
|
|
if this string is null
|
|
|
|
This relation function apply only L3 interface."
|
|
::= { myAclIfEntry 5 }
|
|
|
|
-- conformance information
|
|
|
|
myAclMIBConformance OBJECT IDENTIFIER ::= { myAclMIB 2 }
|
|
myAclMIBCompliances OBJECT IDENTIFIER ::= { myAclMIBConformance 1 }
|
|
myAclMIBGroups OBJECT IDENTIFIER ::= { myAclMIBConformance 2 }
|
|
|
|
|
|
-- compliance statements
|
|
|
|
myAclMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement
|
|
the My Acl MIB"
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { myAclMIBGroup }
|
|
::= { myAclMIBCompliances 1 }
|
|
|
|
|
|
-- units of conformance
|
|
|
|
myAclMIBGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
myAclName,
|
|
myAclMode,
|
|
myAclEntryStatus,
|
|
|
|
myAceAclName,
|
|
myAceIndex,
|
|
myAceIfAnyVID,
|
|
myAceVID,
|
|
myAceIfAnySourceIp,
|
|
myAceSourceIp,
|
|
myAceIfAnySourceWildCard,
|
|
myAceSourceWildCard,
|
|
myAceIfAnySourceMacAddr,
|
|
myAceSourceMacAddr,
|
|
myAceIfAnyDestIp,
|
|
myAceDestIp,
|
|
myAceIfAnyDestWildCard,
|
|
myAceDestIpWildCard,
|
|
myAceIfAnyDestMacAddr,
|
|
myAceDestMacAddr,
|
|
myAceIfAnyEtherLikeType,
|
|
myAceEtherLikeType,
|
|
myAceIfAnyIpProtocolField,
|
|
myAceIpProtocolField,
|
|
myAceIfAnySourceProtocolPort,
|
|
myAceSourceProtocolPort,
|
|
myAceIfAnyDestProtocolPort,
|
|
myAceDestProtocolPort,
|
|
myAceProtocolType,
|
|
myAceProtocolType,
|
|
myAceFlowAction,
|
|
myAceEntryStauts,
|
|
myAceTimeRangeName,
|
|
|
|
myAclIfIndex,
|
|
myAclIfMaxEntryNum,
|
|
myAclIfCurruntEntryNum,
|
|
myIfInAclName,
|
|
myIfOutAclName
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing acl (echo) ability to a
|
|
My agent."
|
|
::= { myAclMIBGroups 1 }
|
|
|
|
END
|