2000 lines
71 KiB
Plaintext
2000 lines
71 KiB
Plaintext
|
|
-- Copyright (C) 2006-2012 Aricent Group . All Rights Reserved
|
|
|
|
-- $Id: fsissacl.mib,v 1.16 2016/02/11 06:40:34 siva Exp $
|
|
ARICENT-ISS-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE,
|
|
Counter32, enterprises, IpAddress, Integer32, Unsigned32
|
|
FROM SNMPv2-SMI
|
|
InetAddressType, InetAddress, InetAddressPrefixLength,
|
|
InetPortNumber
|
|
FROM INET-ADDRESS-MIB
|
|
IfIndexList
|
|
FROM FSDOT1AY
|
|
RowStatus,
|
|
TEXTUAL-CONVENTION, MacAddress, TruthValue
|
|
FROM SNMPv2-TC;
|
|
|
|
issAcl MODULE-IDENTITY
|
|
LAST-UPDATED "200702150000Z"
|
|
ORGANIZATION "ARICENT COMMUNICATIONS SOFTWARE"
|
|
CONTACT-INFO
|
|
|
|
"ARICENT COMMUNICATIONS SOFTWARE
|
|
3460 Hillview Avenue,
|
|
Palo Alto, CA 94304-1388, USA,
|
|
Phone : +1-650-391-1088
|
|
E-mail:support@aricent.com"
|
|
|
|
DESCRIPTION
|
|
"The enterprise ID 29601 is assigned to ARICENT COMMUNICATIONS SOFTWARE."
|
|
REVISION "200702150000Z"
|
|
|
|
DESCRIPTION
|
|
"The MIB for AricentISSAcessControl."
|
|
::= { enterprises aricent-communication-holding-ltd(29601) iss(2) 21 }
|
|
|
|
|
|
PortList ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each octet within this value specifies a set of eight
|
|
ports, with the first octet specifying ports 1 through
|
|
8, the second octet specifying ports 9 through 16, etc.
|
|
Within each octet, the most significant bit represents
|
|
the lowest numbered port, and the least significant bit
|
|
represents the highest numbered port. Thus, each port
|
|
of the bridge is represented by a single bit within the
|
|
value of this object. If that bit has a value of '1'
|
|
then that port is included in the set of ports; the port
|
|
is not included if its bit has a value of '0'."
|
|
SYNTAX OCTET STRING
|
|
|
|
|
|
IndexInteger ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "d"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An integer which may be used as a table index. If 0 then it is invalid"
|
|
SYNTAX Unsigned32 (1..65535)
|
|
|
|
IndexIntegerNextFree ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "d"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An integer which may be used as a new Index in a table.
|
|
|
|
The special value of 0 indicates that no more new entries can be
|
|
created in the relevant table.
|
|
|
|
When a MIB is used for configuration, an object with this SYNTAX
|
|
always contains a legal value (if non-zero) for an index that is
|
|
not currently used in the relevant table. The Command Generator
|
|
(Network Management Application) reads this variable and uses the
|
|
(non-zero) value read when creating a new row with an SNMP SET.
|
|
When the SET is performed, the Command Responder (agent) must
|
|
determine whether the value is indeed still unused; Two Network
|
|
Management Applications may attempt to create a row
|
|
(configuration entry) simultaneously and use the same value. If
|
|
it is currently unused, the SET succeeds and the Command
|
|
Responder (agent) changes the value of this object, according to
|
|
an implementation-specific algorithm. If the value is in use,
|
|
|
|
however, the SET fails. The Network Management Application must
|
|
then re-read this variable to obtain a new usable value.
|
|
|
|
An OBJECT-TYPE definition using this SYNTAX MUST specify the
|
|
relevant table for which the object is providing this
|
|
functionality."
|
|
SYNTAX Unsigned32 (0..4294967295)
|
|
|
|
EnabledStatus ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A simple status value for the object."
|
|
SYNTAX INTEGER { enabled(1), disabled(2) }
|
|
|
|
ReservedFrameType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IfDirection specifies a direction of data travel on an
|
|
transmission on the interface."
|
|
SYNTAX INTEGER {
|
|
bpdu (1),
|
|
lacpdu-udld (2),
|
|
eap (3),
|
|
lldpdu (4),
|
|
other (5),
|
|
all (6)
|
|
}
|
|
|
|
-- ----------------------------------------------------------------- --
|
|
-- groups in the MIB
|
|
-- ----------------------------------------------------------------- --
|
|
|
|
issAclRateControl OBJECT IDENTIFIER ::= { issAcl 1 }
|
|
issAclL2Filter OBJECT IDENTIFIER ::= { issAcl 2 }
|
|
issAclL3Filter OBJECT IDENTIFIER ::= { issAcl 3 }
|
|
issAclUserDefinedFilter OBJECT IDENTIFIER ::= { issAcl 4 }
|
|
issRedirectInterfaceGrp OBJECT IDENTIFIER ::= { issAcl 5 }
|
|
issRedirectIdNextFree OBJECT IDENTIFIER ::= { issAcl 6 }
|
|
issAclMgmtFilter OBJECT IDENTIFIER ::= { issAcl 7 }
|
|
issReservedFrameGrp OBJECT IDENTIFIER ::= { issAcl 8 }
|
|
|
|
|
|
|
|
-- Rate Control Group --------------------------------------------- --
|
|
|
|
issAclRateCtrlTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF IssAclRateCtrlEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table to control the rate limiting parameters
|
|
either for the entire switch or for each physical and port-channel
|
|
interface in the switch."
|
|
::= { issAclRateControl 1 }
|
|
|
|
issAclRateCtrlEntry OBJECT-TYPE
|
|
SYNTAX IssAclRateCtrlEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry appears in this table for each physical and port-channel
|
|
interface in the switch."
|
|
INDEX { issAclRateCtrlIndex }
|
|
::= { issAclRateCtrlTable 1 }
|
|
|
|
IssAclRateCtrlEntry ::=
|
|
SEQUENCE {
|
|
issAclRateCtrlIndex
|
|
Integer32,
|
|
issAclRateCtrlDLFLimitValue
|
|
Integer32,
|
|
issAclRateCtrlBCASTLimitValue
|
|
Integer32,
|
|
issAclRateCtrlMCASTLimitValue
|
|
Integer32,
|
|
issAclRateCtrlPortRateLimit
|
|
Integer32,
|
|
issAclRateCtrlPortBurstSize
|
|
Integer32
|
|
}
|
|
|
|
issAclRateCtrlIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface index for which the configuration in this
|
|
entry applies."
|
|
::= { issAclRateCtrlEntry 1 }
|
|
|
|
issAclRateCtrlDLFLimitValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Allows to configure the limiting value for the maximum number
|
|
of dlf packets that can be transmitted per second over this interface.
|
|
Setting this object to the value zero disables rate limiting for
|
|
Destination lookup failure packets on this interface. The value that
|
|
can be set for this object is limited by the underlying hardware"
|
|
|
|
DEFVAL {0}
|
|
::= { issAclRateCtrlEntry 2 }
|
|
|
|
issAclRateCtrlBCASTLimitValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Allows to configure the limiting value for the maximum number
|
|
of broadcast packets that can be transmitted per second over this
|
|
interface. Setting this object to the value zero disables rate
|
|
limiting for Broadcast packets on this interface. The value that
|
|
can be set for this object is limited by the underlying hardware"
|
|
|
|
DEFVAL {0}
|
|
::= { issAclRateCtrlEntry 3 }
|
|
|
|
|
|
issAclRateCtrlMCASTLimitValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Allows to configure the limiting value for the maximum number
|
|
of multicast packets that can be transmitted per second over this
|
|
interface. Setting this object to the value zero disables rate
|
|
limiting for Multicast packets on this interface. The value that
|
|
can be set for this object is limited by the underlying hardware"
|
|
|
|
DEFVAL {0}
|
|
::= { issAclRateCtrlEntry 4}
|
|
|
|
issAclRateCtrlPortRateLimit OBJECT-TYPE
|
|
SYNTAX Integer32 (0..80000000)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configures interface Rate Limit (Packet that can be transferred
|
|
on a port at a particular second).
|
|
|
|
This object's value will take effect on the interface speed. Based
|
|
on the operating speed of the port, the rate limit will be applied.
|
|
This value can also be affected by the metering. A value of zero(0)
|
|
disable rate limiting i.e. sets the port to full speed."
|
|
|
|
::= { issAclRateCtrlEntry 5 }
|
|
|
|
issAclRateCtrlPortBurstSize OBJECT-TYPE
|
|
SYNTAX Integer32 (0..80000000)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configures interface Burst Pkt Rate. (Packet Burst that can be
|
|
transferred on a port at a particular second)
|
|
|
|
This object's value will take effect on the interface speed. Based
|
|
on the operating speed of the port, the burst size of the port
|
|
will be applied. This value can also be affected by the metering. A
|
|
value of zero(0) disable burst rate limiting i.e. sets the port burst
|
|
rate limit to full speed."
|
|
|
|
::= { issAclRateCtrlEntry 6 }
|
|
|
|
|
|
|
|
|
|
-- ------------------------------------------------------------------
|
|
-- L2 Filter Group --------------------------------------------------
|
|
|
|
issAclL2FilterTable OBJECT-TYPE
|
|
|
|
SYNTAX SEQUENCE OF IssAclL2FilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table to configure L2 filter rules in the system."
|
|
::= { issAclL2Filter 1 }
|
|
|
|
issAclL2FilterEntry OBJECT-TYPE
|
|
SYNTAX IssAclL2FilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each entry in this table is a L2 filter rule.
|
|
|
|
Index to the table is the L2 filter number."
|
|
INDEX { issAclL2FilterNo}
|
|
::= { issAclL2FilterTable 1 }
|
|
|
|
IssAclL2FilterEntry ::=
|
|
SEQUENCE {
|
|
issAclL2FilterNo
|
|
Integer32,
|
|
issAclL2FilterPriority
|
|
Integer32,
|
|
issAclL2FilterEtherType
|
|
Integer32,
|
|
issAclL2FilterProtocolType
|
|
Unsigned32,
|
|
issAclL2FilterDstMacAddr
|
|
MacAddress,
|
|
issAclL2FilterSrcMacAddr
|
|
MacAddress,
|
|
issAclL2FilterVlanId
|
|
Integer32,
|
|
issAclL2FilterInPortList
|
|
PortList,
|
|
issAclL2FilterAction
|
|
INTEGER,
|
|
issAclL2FilterMatchCount
|
|
Counter32,
|
|
issAclL2FilterStatus
|
|
RowStatus,
|
|
issAclL2FilterOutPortList
|
|
PortList,
|
|
issAclL2FilterDirection
|
|
INTEGER,
|
|
issAclL2FilterCreationMode
|
|
INTEGER,
|
|
issAclL2FilterRedirectId
|
|
Integer32,
|
|
issAclL2FilterIpOverMplsIpType
|
|
INTEGER,
|
|
issAclL2FilterIpOverMplsDscp
|
|
INTEGER,
|
|
issAclL2FilterMplsExp
|
|
INTEGER,
|
|
issAclL2FilterInPortChannelList
|
|
PortList,
|
|
issAclL2FilterOutPortChannelList
|
|
PortList,
|
|
issAclL2FilterStatsEnabledStatus
|
|
EnabledStatus,
|
|
issAclClearL2FilterStats
|
|
TruthValue,
|
|
issAclL2FilterSChannelIfIndex
|
|
Integer32
|
|
}
|
|
|
|
issAclL2FilterNo OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"L2 Filter rule number."
|
|
::= { issAclL2FilterEntry 1 }
|
|
|
|
issAclL2FilterPriority OBJECT-TYPE
|
|
SYNTAX Integer32 (1..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority of the L2 filter can be used to decide which filter rule
|
|
is applicable when
|
|
--> the packet matches with more than one filter rules
|
|
--> All the filter rules result in 'allow'ing the packet
|
|
|
|
Higher value of 'filter priority' implies a higher priority.
|
|
|
|
Usage of 'L2FilterPriority' is implementation dependant."
|
|
|
|
DEFVAL { 1 }
|
|
::= { issAclL2FilterEntry 2 }
|
|
|
|
issAclL2FilterEtherType OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An arbitrary EtherType number of a packet with
|
|
Ethernet II or SNAP encapsulation in decimal.
|
|
Filter type can be changed only when the 'filter
|
|
status' is not active."
|
|
::= { issAclL2FilterEntry 3 }
|
|
|
|
issAclL2FilterProtocolType OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the non IP protocol type to be filtered.
|
|
aarp | amber | dec-spanning | decnet-iv |
|
|
diagnostic | dsm |etype-6000 | etype-8042 |
|
|
lat | lavc-sca | mop-console | mop-dump |
|
|
msdos | mumps | netbios | vines-echo |
|
|
vines-ip | xns-idp: A non-IP protocol.
|
|
|
|
A value of '0' means, the filter is applicable for all protocols."
|
|
DEFVAL { 0 }
|
|
::= { issAclL2FilterEntry 4 }
|
|
|
|
issAclL2FilterDstMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC address to be matched with the packet."
|
|
|
|
::= { issAclL2FilterEntry 5 }
|
|
|
|
issAclL2FilterSrcMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC address to be matched with the packet."
|
|
|
|
::= { issAclL2FilterEntry 6 }
|
|
|
|
issAclL2FilterVlanId OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan Id to be filtered.
|
|
A value of '0' means, this object is unused. Configuring this value is not
|
|
allowed."
|
|
DEFVAL { 0 }
|
|
::= { issAclL2FilterEntry 7 }
|
|
|
|
issAclL2FilterInPortList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the complete set of ports over which if the packet arrives
|
|
the filter rule will be applicable.
|
|
|
|
If the incoming port list is '0', the filter rule is applicable for all the
|
|
incoming ports.
|
|
|
|
By default inport list is maintained as '0'."
|
|
::= { issAclL2FilterEntry 8 }
|
|
|
|
issAclL2FilterAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allow (1),
|
|
drop (2),
|
|
redirect (3),
|
|
switchandcopytocpu (4),
|
|
dropandcopytocpu (5)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action to be taken on the packet if the filter
|
|
rule matches.
|
|
|
|
If the action is 'allow', the packet will be forwarded according
|
|
to the forwarding rules.
|
|
|
|
If the action is 'drop', the packet will be discarded.
|
|
|
|
If the action is 'redirect', the packet will be switched according
|
|
to the redirect rules.
|
|
|
|
If the action is 'switch-and-copy-to-cpu', packet is switched and a copy of the
|
|
packet is sent to the CPU.
|
|
|
|
If the action is 'drop-and-copy-to-cpu', packet is not switched but only
|
|
sent to the CPU."
|
|
|
|
DEFVAL { allow }
|
|
::= { issAclL2FilterEntry 9 }
|
|
|
|
issAclL2FilterMatchCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of times this filter is matched."
|
|
|
|
::= { issAclL2FilterEntry 10 }
|
|
|
|
issAclL2FilterStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry.
|
|
|
|
The entry status will be made 'active' only if
|
|
|
|
--> Either of In/Out PortList or In/Out PortChannelList are configured in case of l2Filter."
|
|
::= { issAclL2FilterEntry 11 }
|
|
|
|
issAclL2FilterOutPortList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the complete set of ports over which this filter is applied
|
|
for packets egress at Ports in this list.
|
|
If the Out port list is '0', the filter rule is applicable for the
|
|
outgoing packets on all ports.
|
|
Even though the issAclL2FilterOutPortList is configured, It is applicable only
|
|
if issAclL2FilterDirection is configured as 'out'.
|
|
By default outport list is maintained as '0'."
|
|
::= { issAclL2FilterEntry 12 }
|
|
|
|
issAclL2FilterDirection OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
in (1),
|
|
out (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the direction of this filter to be applied. By Default the
|
|
filter will be applied on ingress direction.
|
|
When the direction of this filter is 'in', It is applied on specified
|
|
ports of the issAclL2FilterInPortList.
|
|
When the direction of this filter is 'out', It is applied on specified
|
|
ports of the issAclL2FilterOutPortList."
|
|
DEFVAL { in }
|
|
::= { issAclL2FilterEntry 13 }
|
|
|
|
issAclL2FilterCreationMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
internal (1),
|
|
external (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the filter created mode.
|
|
internal: Indicates filter is created by the system internally.
|
|
external: Indicates filter is created externally by user configuration.
|
|
Filter table with the mode 'internal' is readonly, and cannot be deleted
|
|
by setting 'destroy' to table row status."
|
|
DEFVAL { external }
|
|
::= { issAclL2FilterEntry 14 }
|
|
|
|
issAclL2FilterRedirectId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the redirect index associated with L2Filter entry."
|
|
::= { issAclL2FilterEntry 15 }
|
|
|
|
issAclL2FilterIpOverMplsIpType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any (-1),
|
|
ipv4 (0),
|
|
ipv6 (1)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the type of IP packets encapsulated into MPLS frame for which packet-filter match needs to be applied on incoming traffic."
|
|
|
|
DEFVAL { any }
|
|
::= { issAclL2FilterEntry 16 }
|
|
|
|
issAclL2FilterIpOverMplsDscp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any (-1),
|
|
be (0),
|
|
dscp1 (1),
|
|
dscp2 (2),
|
|
dscp3 (3),
|
|
dscp4 (4),
|
|
dscp5 (5),
|
|
dscp6 (6),
|
|
dscp7 (7),
|
|
cs1 (8),
|
|
dscp9 (9),
|
|
af11 (10),
|
|
dscp11 (11),
|
|
af12 (12),
|
|
dscp13 (13),
|
|
af13 (14),
|
|
dscp15 (15),
|
|
cs2 (16),
|
|
dscp17 (17),
|
|
af21 (18),
|
|
dscp19 (19),
|
|
af22 (20),
|
|
dscp21 (21),
|
|
af23 (22),
|
|
dscp23 (23),
|
|
cs3 (24),
|
|
dscp25 (25),
|
|
af31 (26),
|
|
dscp27 (27),
|
|
af32 (28),
|
|
dscp29 (29),
|
|
af33 (30),
|
|
dscp31 (31),
|
|
cs4 (32),
|
|
dscp33 (33),
|
|
af41 (34),
|
|
dscp35 (35),
|
|
af42 (36),
|
|
dscp37 (37),
|
|
af43 (38),
|
|
dscp39 (39),
|
|
cs5 (40),
|
|
dscp41 (41),
|
|
dscp42 (42),
|
|
dscp43 (43),
|
|
dscp44 (44),
|
|
dscp45 (45),
|
|
ef (46),
|
|
dscp47 (47),
|
|
cs6 (48),
|
|
dscp49 (49),
|
|
dscp50 (50),
|
|
dscp51 (51),
|
|
dscp52 (52),
|
|
dscp53 (53),
|
|
dscp54 (54),
|
|
dscp55 (55),
|
|
cs7 (56),
|
|
dscp57 (57),
|
|
dscp59 (59),
|
|
dscp60 (60),
|
|
dscp61 (61),
|
|
dscp62 (62),
|
|
dscp63 (63)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The IP Dscp value to be checked against the packet."
|
|
|
|
DEFVAL { be }
|
|
::= { issAclL2FilterEntry 17 }
|
|
|
|
issAclL2FilterMplsExp OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
any (-1),
|
|
exp0 (0),
|
|
exp1 (1),
|
|
exp2 (2),
|
|
exp3 (3),
|
|
exp4 (4),
|
|
exp5 (5),
|
|
exp6 (6),
|
|
exp7 (7)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The MPLS experimental bits (EXP) value to be checked against the packet.
|
|
The MPLS experimental bits (EXP) field is a 3-bit field in the MPLS header
|
|
that can be use to define the QoS treatment (per-hop behavior) that a node
|
|
should give to a packet. In an IP network, the DiffServ Code Point (DSCP)
|
|
(a 6-bit field) defines a class and drop precedence. The EXP bits can be
|
|
used to carry some of the information encoded in the IP DSCP and can also
|
|
be used to encode the dropping precedence.
|
|
"
|
|
|
|
DEFVAL { any }
|
|
::= { issAclL2FilterEntry 18}
|
|
|
|
issAclL2FilterInPortChannelList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the complete set of port channel interfaces over which
|
|
the filter is applied for packets arriving at the ports in this list.
|
|
|
|
By default InPortChannel list is '0'."
|
|
::= { issAclL2FilterEntry 19 }
|
|
|
|
|
|
issAclL2FilterOutPortChannelList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the complete set of portchannel interfaces over which the filter is applied
|
|
for packets egress at ports in this list.
|
|
This configuration is applicable only if issAclL2FilterDirection is configured as 'out'.
|
|
By default the OutPortChannel list is '0'."
|
|
::= { issAclL2FilterEntry 20 }
|
|
|
|
issAclL2FilterStatsEnabledStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the status of L2 filter statistics collection.
|
|
When set as enabled, the number of hits for the specific
|
|
filter entry is collected and can be verified using the
|
|
issAclL2FilterMatchCount object.
|
|
|
|
When set as disabled, the number of hits for the filter entry is not
|
|
collected."
|
|
DEFVAL { disabled }
|
|
::= { issAclL2FilterEntry 21 }
|
|
|
|
issAclClearL2FilterStats OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object clears the hit count of the specific filter.
|
|
|
|
When this object is set as 'true'(1), the hit count for the filter is
|
|
cleared and the object value is reset to 'false'(2). The get routine for
|
|
this object always returns 'false'(2)."
|
|
DEFVAL { false }
|
|
::= { issAclL2FilterEntry 22 }
|
|
|
|
issAclL2FilterSChannelIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" An Integer which Indicates the IfIndex of S-Channel Interface.
|
|
The L2 Filter on the S-Channel interface can be configured using
|
|
this IfIndex."
|
|
::= { issAclL2FilterEntry 23 }
|
|
|
|
|
|
-- ------------------------------------------------------------------
|
|
-- L3 Filter Group --------------------------------------------------
|
|
|
|
issAclL3FilterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF IssAclL3FilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
" A table to configure L3 filter rules in the system.
|
|
"
|
|
::= { issAclL3Filter 1 }
|
|
|
|
issAclL3FilterEntry OBJECT-TYPE
|
|
SYNTAX IssAclL3FilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
" Each entry in this table is a L3 filter rule.
|
|
Index to the table is L3 filter number. "
|
|
INDEX { issAclL3FilterNo}
|
|
::= { issAclL3FilterTable 1 }
|
|
|
|
IssAclL3FilterEntry ::=
|
|
SEQUENCE {
|
|
issAclL3FilterNo
|
|
Integer32,
|
|
issAclL3FilterPriority
|
|
Integer32,
|
|
issAclL3FilterProtocol
|
|
Integer32,
|
|
issAclL3FilterMessageType
|
|
Integer32,
|
|
issAclL3FilterMessageCode
|
|
Integer32,
|
|
issAclL3FilteAddrType
|
|
InetAddressType,
|
|
issAclL3FilterDstIpAddr
|
|
InetAddress,
|
|
issAclL3FilterSrcIpAddr
|
|
InetAddress,
|
|
issAclL3FilterDstIpAddrPrefixLength
|
|
InetAddressPrefixLength,
|
|
issAclL3FilterSrcIpAddrPrefixLength
|
|
InetAddressPrefixLength,
|
|
issAclL3FilterMinDstProtPort
|
|
Unsigned32,
|
|
issAclL3FilterMaxDstProtPort
|
|
Unsigned32,
|
|
issAclL3FilterMinSrcProtPort
|
|
Unsigned32,
|
|
issAclL3FilterMaxSrcProtPort
|
|
Unsigned32,
|
|
issAclL3FilterInPortList
|
|
PortList,
|
|
issAclL3FilterOutPortList
|
|
PortList,
|
|
issAclL3FilterAckBit
|
|
INTEGER,
|
|
issAclL3FilterRstBit
|
|
INTEGER,
|
|
issAclL3FilterTos
|
|
Integer32,
|
|
issAclL3FilterDscp
|
|
Integer32,
|
|
issAclL3FilterDirection
|
|
INTEGER,
|
|
issAclL3FilterAction
|
|
INTEGER,
|
|
issAclL3FilterMatchCount
|
|
Counter32,
|
|
issAclL3FilterFlowId
|
|
Unsigned32,
|
|
issAclL3FilterStatus
|
|
RowStatus,
|
|
issAclL3FilterCreationMode
|
|
INTEGER,
|
|
issAclL3FilterRedirectId
|
|
Integer32,
|
|
issAclL3FilterInPortChannelList
|
|
PortList,
|
|
issAclL3FilterOutPortChannelList
|
|
PortList,
|
|
issAclL3FilterStatsEnabledStatus
|
|
EnabledStatus,
|
|
issAclClearL3FilterStats
|
|
TruthValue,
|
|
issAclL3FilterSChannelIfIndex
|
|
Integer32
|
|
|
|
}
|
|
|
|
issAclL3FilterNo OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"L3 Filter rule number."
|
|
::= { issAclL3FilterEntry 1 }
|
|
|
|
issAclL3FilterPriority OBJECT-TYPE
|
|
SYNTAX Integer32 (1..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority of the filter can be used to decide which filter rule
|
|
is applicable when
|
|
--> the packet matches with more than one filter rules
|
|
--> All the filter rules result in 'allow'ing the packet
|
|
|
|
Higher value of 'L3 filter priority' implies a higher priority.
|
|
|
|
Usage of 'L3FilterPriority' is implementation dependant."
|
|
|
|
DEFVAL { 1 }
|
|
::= { issAclL3FilterEntry 2 }
|
|
|
|
issAclL3FilterProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The type of protocol to be checked against the packet. The
|
|
default value is 255. If the value is 255, it means that the
|
|
protocol type can be anything and it will not be checked to
|
|
decide the action. "
|
|
DEFVAL { 255 }
|
|
::= { issAclL3FilterEntry 3 }
|
|
|
|
issAclL3FilterMessageType OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The message type to be checked against the packet. If the
|
|
message type matches with the packet, then the packet will be
|
|
dropped / allowed based on the action set in issAclL3FilterAction.
|
|
The default value is 255. It means that message type is not
|
|
configured and need not be checked.
|
|
Generally the value zero is given as default. But here
|
|
zero can be an ICMP Type value. Hence 255 is given as the
|
|
default value.
|
|
Some ICMP message types are:
|
|
echoReply(0),
|
|
destinationUnreachable(3),
|
|
sourceQuench(4),
|
|
redirect(5),
|
|
echoRequest(8),
|
|
timeExceeded(11),
|
|
parameterProblem(12),
|
|
timestampRequest(13),
|
|
timestampReply(14),
|
|
informationRequest(15),
|
|
informationReply(16),
|
|
addressMaskRequest(17),
|
|
addressMaskReply (18),
|
|
noICMPType(255)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { issAclL3FilterEntry 4 }
|
|
|
|
issAclL3FilterMessageCode OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The message code to be checked against the packet. If the
|
|
packet matches with the message code, then the packet will
|
|
be dropped / allowed based on the action set in issAclL3FilterAction.
|
|
The default value is 255. It means that message code is not
|
|
configured and need not be checked. Generally the value zero
|
|
will be given as default. But here, zero can be an ICMP Code
|
|
value. Hence 255 is given as the default value.
|
|
Some ICMP message codes are :
|
|
networkUnreachable(0),
|
|
hostUnreachable(1),
|
|
protocolUnreachable(2),
|
|
portUnreachable(3),
|
|
fragmentNeed(4),
|
|
sourceRouteFail(5),
|
|
destNetworkUnknown(6),
|
|
destHostUnknown(7),
|
|
srcHostIsolated(8),
|
|
destNetworkAdminProhibited(9),
|
|
destHostAdminProhibited(10),
|
|
networkUnreachableTOS(11),
|
|
hostUnreachableTOS(12),
|
|
noICMPCode(255)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { issAclL3FilterEntry 5 }
|
|
|
|
issAclL3FilteAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of IP address used by this classifier entry. While
|
|
other types of addresses are defined in the InetAddressType
|
|
|
|
textual convention, and DNS names, a classifier can only look at
|
|
packets on the wire. Therefore, this object is limited to IPv4
|
|
and IPv6 addresses."
|
|
::= { issAclL3FilterEntry 6 }
|
|
|
|
|
|
issAclL3FilterDstIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to match against the packet's destination IP
|
|
address. This may not be a DNS name, but may be an IPv4 or IPv6
|
|
prefix. issAclL3FilterDstIpAddrPrefixLength indicates the
|
|
number of bits that are relevant."
|
|
::= { issAclL3FilterEntry 7 }
|
|
|
|
issAclL3FilterSrcIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to match against the packet's source IP address.
|
|
This may not be a DNS name, but may be an IPv4 or IPv6 prefix.
|
|
issAclL3FilterSrcIpAddrPrefixLength indicates the number of
|
|
bits that are relevant."
|
|
::= { issAclL3FilterEntry 8 }
|
|
|
|
|
|
issAclL3FilterDstIpAddrPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
UNITS "bits"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The length of the CIDR Prefix carried in
|
|
issAclL3FilterDstIpAddr. In IPv4 addresses, a length of 0
|
|
indicates a match of any address; a length of 32 indicates a
|
|
match of a single host address, and a length between 0 and 32
|
|
indicates the use of a CIDR Prefix. IPv6 is similar, except that
|
|
prefix lengths range from 0..128."
|
|
DEFVAL { 0 }
|
|
::= { issAclL3FilterEntry 9 }
|
|
|
|
|
|
issAclL3FilterSrcIpAddrPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
UNITS "bits"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
|
|
"The length of the CIDR Prefix carried in
|
|
issAclL3FilterSrcIpAddr. In IPv4 addresses, a length of 0
|
|
indicates a match of any address; a length of 32 indicates a
|
|
match of a single host address, and a length between 0 and 32
|
|
indicates the use of a CIDR Prefix. IPv6 is similar, except that
|
|
prefix lengths range from 0..128."
|
|
DEFVAL { 0 }
|
|
::= { issAclL3FilterEntry 10 }
|
|
|
|
issAclL3FilterMinDstProtPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The minimum port in the destination port range. Please note
|
|
these ports are the TCP / UDP ports.
|
|
Port 0 is officially a reserved port in TCP/IP networking,
|
|
meaning that it should not be used for any TCP or UDP network communications."
|
|
DEFVAL { 0 }
|
|
::= { issAclL3FilterEntry 11 }
|
|
|
|
issAclL3FilterMaxDstProtPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum port in the destination port range. Please note
|
|
these ports are the TCP / UDP ports."
|
|
DEFVAL { 65535 }
|
|
::= { issAclL3FilterEntry 12 }
|
|
|
|
issAclL3FilterMinSrcProtPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The minimum port in the source port range. Please note
|
|
these ports are the TCP / UDP ports.
|
|
Port 0 is officially a reserved port in TCP/IP networking,
|
|
meaning that it should not be used for any TCP or UDP network communications"
|
|
DEFVAL { 0 }
|
|
::= { issAclL3FilterEntry 13 }
|
|
|
|
issAclL3FilterMaxSrcProtPort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum port in the source port range. Please note
|
|
these ports are the TCP / UDP ports."
|
|
DEFVAL { 65535 }
|
|
::= { issAclL3FilterEntry 14 }
|
|
|
|
issAclL3FilterInPortList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the complete set of ports over which if the packet arrives
|
|
the filter rule will be applicable.
|
|
|
|
If the incoming port list is '0', the filter rule is applicable for all the
|
|
incoming ports.
|
|
|
|
By default inport list is maintained as '0'."
|
|
::= { issAclL3FilterEntry 15 }
|
|
|
|
issAclL3FilterOutPortList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is applicable only if the 'FilterAction' is 'allow'.
|
|
|
|
If the out going port list is non-zero, the packet will be sent over
|
|
the specifed ports only.
|
|
|
|
If the out going port list is '0', the port over which the packet is
|
|
to be switched will be based on further processing on the packet.
|
|
By default inport list is maintained as '0'."
|
|
|
|
::= { issAclL3FilterEntry 16 }
|
|
|
|
issAclL3FilterAckBit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
establish(1),
|
|
notEstablish(2),
|
|
any(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The TCP ACK bit to be checked against the packet. The default
|
|
value is 'any'(3). It means that ACK bit will not be checked
|
|
to decide the action. "
|
|
DEFVAL { any }
|
|
::= { issAclL3FilterEntry 17 }
|
|
|
|
issAclL3FilterRstBit OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
set(1),
|
|
notSet(2),
|
|
any(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The TCP RST bit to be checked against the packet. The default
|
|
value is 'any'(3). It means that RST bit will not be checked to
|
|
decide the action. "
|
|
DEFVAL { any }
|
|
::= { issAclL3FilterEntry 18 }
|
|
|
|
issAclL3FilterTos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The IP TOS bit to be checked against the packet. This is a
|
|
single byte integer of which the first three bits (least
|
|
significant bits) indicate Precedence.All other bits are
|
|
unused. i.e 'uuuuuppp', u-unused, p - Precedence.
|
|
By Default the Tos value will be 8,which is an invalid value."
|
|
::= { issAclL3FilterEntry 19 }
|
|
|
|
issAclL3FilterDscp OBJECT-TYPE
|
|
SYNTAX Integer32 (0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The IP Dscp value to be checked against the packet."
|
|
DEFVAL { 0 }
|
|
::= { issAclL3FilterEntry 20 }
|
|
|
|
issAclL3FilterDirection OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
in (1),
|
|
out (2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
" This specifies in which direction the Filters are to be
|
|
applied on the packets, either to incoming or outgoing
|
|
packets. "
|
|
DEFVAL { in }
|
|
::= { issAclL3FilterEntry 21 }
|
|
|
|
issAclL3FilterAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allow (1),
|
|
drop (2),
|
|
redirect (3),
|
|
switchandcopytocpu (4),
|
|
dropandcopytocpu (5)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action to be taken on the packet if the filter
|
|
rule matches.
|
|
|
|
If the action is 'allow', the packet will be sent to the
|
|
ports in 'out port list'. If the out port list is '0',
|
|
the port over which the packet is to be switched will be decided
|
|
based on further processing on the packet.
|
|
|
|
If the action is 'drop', the packet will be discarded.
|
|
|
|
If the action is 'redirect', the packet will be switched according
|
|
to the redirect rules.
|
|
|
|
If the action is 'switch-and-copy-to-cpu', packet is switched and a copy of
|
|
the packet is sent to the CPU.
|
|
If the action is 'drop-and-copy-to-cpu', packet is not switched but only
|
|
sent to the CPU."
|
|
|
|
DEFVAL { allow }
|
|
::= { issAclL3FilterEntry 22 }
|
|
|
|
issAclL3FilterMatchCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of times this filter is matched."
|
|
|
|
::= { issAclL3FilterEntry 23 }
|
|
|
|
issAclL3FilterFlowId OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..1048575)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flow identifier in an IPv6 header."
|
|
::= { issAclL3FilterEntry 24 }
|
|
|
|
issAclL3FilterStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry.
|
|
|
|
The entry status will be made 'active' only if
|
|
|
|
--> Either of In/Out PortList or In/Out PortChannelList are configured in case of l3Filter."
|
|
::= { issAclL3FilterEntry 25 }
|
|
|
|
issAclL3FilterCreationMode OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
internal (1),
|
|
external (2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the filter created mode.
|
|
internal: Indicates filter is created by the system internally.
|
|
external: Indicates filter is created externally by user configuration.
|
|
Filter table with the mode 'internal' is readonly, and cannot be deleted
|
|
by setting 'destroy' to table row status."
|
|
DEFVAL { external }
|
|
::= { issAclL3FilterEntry 26 }
|
|
|
|
issAclL3FilterRedirectId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the redirect index associated with L3Filter entry."
|
|
::= { issAclL3FilterEntry 27 }
|
|
|
|
issAclL3FilterInPortChannelList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the complete set of port channel interfaces over which
|
|
the filter is applied for packets arriving at the ports in this list.
|
|
By default InPortChannel list is '0'."
|
|
::= { issAclL3FilterEntry 28 }
|
|
|
|
issAclL3FilterOutPortChannelList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the complete set of portchannel interfaces over which the filter is applied
|
|
for packets egress at ports in this list.
|
|
This configuration is applicable only if issAclL3FilterDirection is configured as 'out'.
|
|
By default the OutPortChannel list is '0'."
|
|
::= { issAclL3FilterEntry 29 }
|
|
|
|
issAclL3FilterStatsEnabledStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the status of L3 filter statistics collection.
|
|
When set as enabled, the number of hits for the specific
|
|
filter entry is collected and can be verified using the
|
|
issAclL3FilterMatchCount object.
|
|
|
|
When set as disabled, the number of hits for the filter entry is not
|
|
collected."
|
|
DEFVAL { disabled }
|
|
::= { issAclL3FilterEntry 30 }
|
|
|
|
issAclClearL3FilterStats OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object clears the hit count of the specific filter.
|
|
|
|
When this object is set as 'true'(1), the hit count for the filter is
|
|
cleared and the object value is reset to 'false'(2). The get routine for
|
|
this object always returns 'false'(2)."
|
|
DEFVAL { false }
|
|
::= { issAclL3FilterEntry 31 }
|
|
|
|
issAclL3FilterSChannelIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" An Integer which Indicates the IfIndex of S-Channel Interface.
|
|
The L3 Filter on the S-Channel interface can be configured using
|
|
this IfIndex."
|
|
::= { issAclL3FilterEntry 32 }
|
|
|
|
|
|
|
|
------------------------------------------------------------------------------------------
|
|
-- User Defined Filter Table for specifying user defined packet header elements
|
|
-- Also used for supporting AND/OR/NOT operations on existing ACL rules
|
|
-- and deriving new user defined ACL rules
|
|
------------------------------------------------------------------------------------------
|
|
|
|
issAclUserDefinedFilterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsIssAclUserDefinedFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table to configure user defined filter rules in the system. This table is used for
|
|
specifying the user defined packet header elements for application of filter rules.
|
|
This table could also be used for supporting AND, OR,NOT operations on existing filter
|
|
rules and deriving new user defined ACL rules."
|
|
::= { issAclUserDefinedFilter 1 }
|
|
|
|
issAclUserDefinedFilterEntry OBJECT-TYPE
|
|
SYNTAX FsIssAclUserDefinedFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies user defined filter entry indexed uniquely by issAclUserDefinedFilterId"
|
|
INDEX { issAclUserDefinedFilterId }
|
|
::= { issAclUserDefinedFilterTable 1 }
|
|
|
|
FsIssAclUserDefinedFilterEntry ::=
|
|
SEQUENCE {
|
|
issAclUserDefinedFilterId IndexInteger,
|
|
issAclUserDefinedFilterPktType INTEGER,
|
|
issAclUserDefinedFilterOffSetBase Integer32,
|
|
issAclUserDefinedFilterOffSetValue OCTET STRING,
|
|
issAclUserDefinedFilterOffSetMask OCTET STRING,
|
|
issAclUserDefinedFilterPriority Integer32,
|
|
issAclUserDefinedFilterAction INTEGER,
|
|
issAclUserDefinedFilterInPortList PortList,
|
|
issAclUserDefinedFilterIdOneType INTEGER,
|
|
issAclUserDefinedFilterIdOne Unsigned32,
|
|
issAclUserDefinedFilterIdTwoType INTEGER,
|
|
issAclUserDefinedFilterIdTwo Unsigned32,
|
|
issAclUserDefinedFilterSubAction INTEGER,
|
|
issAclUserDefinedFilterSubActionId Integer32,
|
|
issAclUserDefinedFilterRedirectId Integer32,
|
|
issAclUserDefinedFilterStatus RowStatus,
|
|
issAclUserDefinedFilterMatchCount Counter32,
|
|
issAclUserDefinedFilterStatsEnabledStatus EnabledStatus,
|
|
issAclClearUserDefinedFilterStats TruthValue
|
|
|
|
}
|
|
issAclUserDefinedFilterId OBJECT-TYPE
|
|
SYNTAX IndexInteger
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index to uniquely identify the User defined filter table entry."
|
|
::= { issAclUserDefinedFilterEntry 1 }
|
|
|
|
|
|
issAclUserDefinedFilterPktType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
userDef(0), -- user defined packet type
|
|
ethernet(1), -- ethernet packet
|
|
ipv4(2), -- packet type is IPv4
|
|
ipv6(3), -- packet type is IPv6
|
|
ipv4tcp(4), -- packet type is IPv4 TCP
|
|
ipv6tcp(5), -- packet type is IPv6 TCP
|
|
ipv4udp(6), -- packet type is IPv4 UDP
|
|
ipv6udp(7), -- packet type is IPv6 UDP
|
|
mpls(8), -- packet type is MPLS
|
|
fragip(9) -- fragmented IPv4/v6 packet
|
|
}
|
|
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the type of packet for which packet-filter match needs to be applied on incoming traffic.This object is not ported for BCM ."
|
|
DEFVAL {0}
|
|
::= { issAclUserDefinedFilterEntry 2 }
|
|
|
|
issAclUserDefinedFilterOffSetBase OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the offset base from the start of packet header ( beginning of full packet) for which the match needs to be applied on incoming traffic. A value of 0 indicates Start of L2 Header, value 1 indicates start of L3 Header, value 2 start of L4 Header, value 3 start of IPv6 start header, value 4 start from Ethertype and value 5 indicated start from MPLS Header(minus2). Other value are correctly invlaid and reserved for future use.This object is not ported for BCM ."
|
|
DEFVAL { 0 }
|
|
::= { issAclUserDefinedFilterEntry 3 }
|
|
|
|
issAclUserDefinedFilterOffSetValue OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the offset value for which packet-filter match needs to be applied on incoming traffic. A value
|
|
of zero indicates that this field is dont-care. The offset value is a contiguous set of 128 bytes from the OffSetBase.
|
|
For specifying non-contiguous elements in the packet header, the OffSetValue is ANDed with the OffsetMask to result in
|
|
the appropriate match on non-contiguous elements of the packet header.This object is not ported for BCM ."
|
|
::= { issAclUserDefinedFilterEntry 4 }
|
|
|
|
issAclUserDefinedFilterOffSetMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..128))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the mask for the offset value. The actual user defined value to be used for matching incoming
|
|
traffic is obtained after ANDing the OffsetValue and OffsetMask. A value of 0 indicates that this field is dont-care.This object is not ported for BCM ."
|
|
|
|
::= { issAclUserDefinedFilterEntry 5 }
|
|
|
|
issAclUserDefinedFilterPriority OBJECT-TYPE
|
|
SYNTAX Integer32 (1..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority of the filter can be used to decide which filter rule
|
|
is applicable when
|
|
--> the packet matches with more than one filter rules
|
|
--> All the filter rules result in 'allow'ing the packet
|
|
|
|
Higher value of 'UserDefined filter priority' implies a higher priority.
|
|
Usage of 'UserDefinedFilterPriority' is implementation dependant."
|
|
DEFVAL { 1 }
|
|
::= { issAclUserDefinedFilterEntry 6 }
|
|
|
|
issAclUserDefinedFilterAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allow (1),
|
|
drop (2),
|
|
redirect (3),
|
|
and (4),
|
|
or (5),
|
|
not (6)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action value allow/drop/redirect specify the action to be taken on the packet if the filter rule matches.
|
|
--> If the action is 'allow', the packet will be sent to the
|
|
ports as specified by issRedirectInterfaceGrpPortList.
|
|
|
|
--> If the action is 'drop', the packet will be discarded.
|
|
|
|
--> If the action is 'redirect', the packet will be switched based on the redirect rule.
|
|
This FilterAction is not ported for BCM.
|
|
|
|
Action value and/or/not specify the operation that is applied on base
|
|
access filter rules to derive a new user defined ACL rule.
|
|
For the below actions, the user defined offset values are not used for packet
|
|
match.
|
|
--> and : Apply AND operation on base filter rules identified uniquely by <issAclUserDefinedFilterIdOneType, issAclUserDefinedFilterIdOne> AND <issAclUserDefinedFilterIdTwoType, issAclUserDefinedFilterIdTwo > to derive new user defined filter rule.
|
|
--> or : Apply OR operation on base filter rules identified uniquely by <issAclUserDefinedFilterIdOneType, issAclUserDefinedFilterIdOne> AND <issAclUserDefinedFilterIdTwoType, issAclUserDefinedFilterIdTwo > The FilterAction corresponding to issAclUserDefinedFilterIdOne will be applied on issAclUserDefinedFilterIdTwo.This object is not ported for BCM .
|
|
--> not : Apply NOT operation on base filter rule identified uniquely by <issAclUserDefinedFilterIdOneType, issAclUserDefinedFilterIdOne> to derive new user defined filter rule.This object is not ported for BCM ."
|
|
|
|
DEFVAL { allow }
|
|
::= { issAclUserDefinedFilterEntry 7 }
|
|
|
|
issAclUserDefinedFilterInPortList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the complete set of ports over which this filter is applied
|
|
for packets ingress at ports in this list. Filter will be applied in
|
|
chip when port list is not null.
|
|
If the In port list is '0', the filter rule will not be installed in hardware.
|
|
By default inport list is maintained as '0'."
|
|
::= { issAclUserDefinedFilterEntry 8 }
|
|
|
|
issAclUserDefinedFilterIdOneType OBJECT-TYPE
|
|
SYNTAX INTEGER { macbased (1), ipbased (2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Object specifies the type of the Base ACL rule 1 that is used for
|
|
deriving new ACL rule."
|
|
::= { issAclUserDefinedFilterEntry 9 }
|
|
|
|
issAclUserDefinedFilterIdOne OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Object specifies the ID of the Base ACL rule 1 (MAC-based or IP-based) that is used for
|
|
deriving new ACL rule."
|
|
::= { issAclUserDefinedFilterEntry 10 }
|
|
|
|
issAclUserDefinedFilterIdTwoType OBJECT-TYPE
|
|
SYNTAX INTEGER { macbased (1) , ipbased (2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Object specifies the type of the Base ACL rule 2 that is used for
|
|
deriving new ACL rule."
|
|
::= { issAclUserDefinedFilterEntry 11 }
|
|
|
|
issAclUserDefinedFilterIdTwo OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Object specifies the ID of the Base ACL rule 2 (MAC-based or IP-based) that is used for
|
|
deriving new ACL rule."
|
|
::= { issAclUserDefinedFilterEntry 12 }
|
|
|
|
issAclUserDefinedFilterSubAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none (0),
|
|
modifyVlan (1),
|
|
nestedVlan (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action to be taken on the incoming packet is detailed below -
|
|
none - no action
|
|
modifyVlan - Traffic matching ACL rule will have VLAN ID classified/modified
|
|
to value specified by this object.
|
|
The direction of VLAN ID modification is determined as follows -
|
|
nestedVlan - Traffic matching ACL rule will have one additional VLAN Tag
|
|
added to the packet ( on top of existing VLAN tags, if any).
|
|
|
|
NOte - VLANID added is specified by issAclUserDefinedFilterSubActionId.
|
|
|
|
This object is not ported for BCM."
|
|
DEFVAL { none }
|
|
::= { issAclUserDefinedFilterEntry 13 }
|
|
|
|
issAclUserDefinedFilterSubActionId OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Id to be used if the object as specified by issAclUserDefinedFilterSubAction is either modifyvlan or nestedvlan only.
|
|
Non-Zero value need to be specify when issAclUserDefinedFilterSubAction is modify
|
|
or Nested Vlan. Value of Zero need to be specify
|
|
when issAclUserDefinedFilterSubAction is none.
|
|
|
|
This object is not ported for BCM."
|
|
|
|
DEFVAL { 0 }
|
|
::= { issAclUserDefinedFilterEntry 14 }
|
|
|
|
issAclUserDefinedFilterRedirectId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the redirect index associated with UserDefinedFilter entry.
|
|
This object is not ported for BCM."
|
|
::= { issAclUserDefinedFilterEntry 15 }
|
|
|
|
issAclUserDefinedFilterStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry. An entry is
|
|
created in this table when this object is SET to 'createAndWait'.
|
|
The entry in this table is used when the status of this object
|
|
is SET 'active'. The entry in this table is not used when this
|
|
object is SET 'notInService'. An entry created in this table is
|
|
be deleted when this object is SET 'destroy'."
|
|
::= { issAclUserDefinedFilterEntry 16 }
|
|
|
|
issAclUserDefinedFilterMatchCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the number of times the filter is matched."
|
|
|
|
::= { issAclUserDefinedFilterEntry 17 }
|
|
|
|
issAclUserDefinedFilterStatsEnabledStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the status of User Defined filter statistics collection.
|
|
When set as enabled, the number of hits for the specific
|
|
filter entry is collected and can be verified using the
|
|
issAclUserDefinedFilterMatchCount object.
|
|
|
|
When set as disabled, the number of hits for the filter entry is not
|
|
collected."
|
|
DEFVAL { disabled }
|
|
::= { issAclUserDefinedFilterEntry 18 }
|
|
|
|
issAclClearUserDefinedFilterStats OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object clears the hit count of the specific filter.
|
|
|
|
When this object is set as 'true'(1), the hit count for the filter is
|
|
cleared and the object value is reset to 'false'(2). The get routine for
|
|
this object always returns 'false'(2)."
|
|
DEFVAL { false }
|
|
::= { issAclUserDefinedFilterEntry 19 }
|
|
|
|
|
|
----------------------------------------
|
|
-- Redirect Interface Group Table
|
|
----------------------------------------
|
|
|
|
issRedirectInterfaceGrpTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsRedirectInterfaceGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An interface group is a collection of physical ports ( or ) trunks that
|
|
are grouped together for distributing traffic received on an ingress interface.
|
|
Based on the access-list match on an incoming interface, traffic is distributed
|
|
among the member ports of an interface-group/virtual trunk.
|
|
|
|
This Table is not ported for BCM."
|
|
::= { issRedirectInterfaceGrp 1 }
|
|
|
|
issRedirectInterfaceGrpEntry OBJECT-TYPE
|
|
SYNTAX FsRedirectInterfaceGrpEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"There is one entry in this table for each created Interface-Group. An interface-group/virtual trunk is
|
|
uniquely identified by the object 'issRedirectInterfaceGrpId'."
|
|
INDEX { issRedirectInterfaceGrpId }
|
|
::= { issRedirectInterfaceGrpTable 1 }
|
|
|
|
FsRedirectInterfaceGrpEntry ::=
|
|
SEQUENCE {
|
|
issRedirectInterfaceGrpId IndexInteger,
|
|
issRedirectInterfaceGrpFilterType INTEGER,
|
|
issRedirectInterfaceGrpFilterId Unsigned32,
|
|
issRedirectInterfaceGrpDistByte Integer32,
|
|
issRedirectInterfaceGrpPortList PortList,
|
|
issRedirectInterfaceGrpType INTEGER,
|
|
issRedirectInterfaceGrpUdbPosition Integer32,
|
|
issRedirectInterfaceGrpStatus RowStatus
|
|
}
|
|
issRedirectInterfaceGrpId OBJECT-TYPE
|
|
SYNTAX IndexInteger
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index to the Redirect Interface Group table entry. Uniquely identifies the interface-group."
|
|
::= { issRedirectInterfaceGrpEntry 1 }
|
|
|
|
|
|
issRedirectInterfaceGrpFilterType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
l2filter (0),
|
|
l3filter (1),
|
|
userdefined (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" This object specifies the type of the access-control list. The type could take the value 'l2filter' for MAC-based
|
|
ACLs and 'l3filter' for IP-based ACLs. It takes the value 'userdefined' for filtering based on user-defined
|
|
filters."
|
|
::= { issRedirectInterfaceGrpEntry 2 }
|
|
|
|
|
|
issRedirectInterfaceGrpFilterId OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This Object specifies the ID of the MAC-based, IP-based or UserDefined access control list/filter-rule, the details of
|
|
which should be matched against the incoming packet. The corresponding ACL/filter-rule can be applied to
|
|
this Interface Redirect Group only if the following objects are set with values mentioned below -
|
|
a. 'issAclL2FilterAction'/'issAclL3FilterAction' - redirect."
|
|
::= { issRedirectInterfaceGrpEntry 3 }
|
|
|
|
issRedirectInterfaceGrpDistByte OBJECT-TYPE
|
|
SYNTAX Integer32 (0..140)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Distribution Byte that needs to be used for deriving the traffic distribution hash-logic for the
|
|
set of interfaces in the interface-group/virtual-trunk. The output of the hash-logic is an egress
|
|
interface from amongst the member ports of a virtual trunk. Traffic would get redirected to this egress interface.
|
|
'udb' can take any value between (0..128). If srcip is selected, then Source IP in the packet header would be
|
|
used for distributing traffic. For encapsulated IP packets, inner IP can be used for traffic distribution."
|
|
::= { issRedirectInterfaceGrpEntry 4 }
|
|
|
|
issRedirectInterfaceGrpPortList OBJECT-TYPE
|
|
SYNTAX PortList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each octet in this object specifies the IfIndex of a physical interface or manually aggregated trunk.Based on the value specified by issRedirectInterfaceGrpType This PortList specifies either of the below.
|
|
-> if issRedirectInterfaceGrpType is portList it specifies
|
|
List of interfaces that comprise the redirect interface-group with Most Significant Bit Represents
|
|
Lowest Port.
|
|
-> if issRedirectInterfaceGrpType is port then it specifies Single interface with Least Significant Octets
|
|
taking up the interface Value ."
|
|
::= { issRedirectInterfaceGrpEntry 5 }
|
|
|
|
|
|
issRedirectInterfaceGrpType OBJECT-TYPE
|
|
SYNTAX INTEGER { port (1) , portList (2) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether the redirected interface is a single port
|
|
or portlist.If the value of this object is port(1) then the redirected
|
|
interface is a single interface .If the value of this object is
|
|
portlist(2) then the redirected interface consists of a group of ports."
|
|
::= { issRedirectInterfaceGrpEntry 6 }
|
|
|
|
issRedirectInterfaceGrpUdbPosition OBJECT-TYPE
|
|
SYNTAX Integer32 (0..128)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the User defined postion of a byte in
|
|
the packet when the value of the object as specified by
|
|
issRedirectInterfaceGrpDistByte is udb."
|
|
DEFVAL { 0 }
|
|
::= { issRedirectInterfaceGrpEntry 7 }
|
|
issRedirectInterfaceGrpStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry. An entry is
|
|
created in this table when this object is SET to 'createAndWait'.
|
|
The entry is 'not-ready' when the mandatory parameters are not specified.
|
|
Following objects are mandatory parameters that need to be set before this object
|
|
can be SET to 'active' -
|
|
a. issRedirectInterfaceGrpFilterId
|
|
b. issRedirectInterfaceGrpPortList
|
|
The entry in this table is used when the status of this object is
|
|
SET to 'active'. The entry in this table is not used when this object is SET to 'notInService'.
|
|
An entry created in this table is deleted when this object is SET to 'destroy'."
|
|
::= { issRedirectInterfaceGrpEntry 8 }
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
--SCALAR OBJECT
|
|
-------------------------------------------------------------------
|
|
|
|
issRedirectInterfaceGrpIdNextFree OBJECT-TYPE
|
|
SYNTAX IndexIntegerNextFree
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object value the next free index (issRedirectInterfaceGrpId)
|
|
to be used for creation of redirect interface entry, or a
|
|
zero to indicate that none exist"
|
|
::= { issRedirectIdNextFree 1 }
|
|
|
|
-- ------------------------------------------------------------------
|
|
-- Management Filter Group ------------------------------------------
|
|
|
|
issAclMgmtFilterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF IssAclMgmtFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
" A table to configure Management filter rules in the system.
|
|
"
|
|
::= { issAclMgmtFilter 1 }
|
|
|
|
issAclMgmtFilterEntry OBJECT-TYPE
|
|
SYNTAX IssAclMgmtFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
" Each entry in this table is a Management filter rule.
|
|
Index to the table is Management filter number. "
|
|
INDEX { issAclMgmtFilterNo}
|
|
::= { issAclMgmtFilterTable 1 }
|
|
|
|
IssAclMgmtFilterEntry ::=
|
|
SEQUENCE {
|
|
issAclMgmtFilterNo
|
|
Integer32,
|
|
issAclMgmtFilterL3IfIndexList
|
|
IfIndexList,
|
|
issAclMgmtFilterPriority
|
|
Integer32,
|
|
issAclMgmtFilterSrcIpAddr
|
|
InetAddress,
|
|
issAclMgmtFilterSrcIpAddrPrefixLength
|
|
InetAddressPrefixLength,
|
|
issAclMgmtFilterAction
|
|
INTEGER,
|
|
issAclMgmtFilterStatus
|
|
RowStatus
|
|
}
|
|
|
|
issAclMgmtFilterNo OBJECT-TYPE
|
|
SYNTAX Integer32 (1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Management Filter rule number."
|
|
::= { issAclMgmtFilterEntry 1 }
|
|
|
|
issAclMgmtFilterL3IfIndexList OBJECT-TYPE
|
|
SYNTAX IfIndexList
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the list of all L3 interfaces which are attached to any management filter.
|
|
The IP address and Mask configured in L3 interfaces will be matched with
|
|
Dest IP Address and Mask of any incoming packet.
|
|
|
|
By default list will be maintained as '0'."
|
|
::= { issAclMgmtFilterEntry 2 }
|
|
|
|
issAclMgmtFilterPriority OBJECT-TYPE
|
|
SYNTAX Integer32 (1..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority of the filter can be used to decide which management filter
|
|
is applicable when the packet matches with more than one filter rules.
|
|
|
|
The management filter with higher priority value will have more priority
|
|
and also it will be applicable.
|
|
In case of same priority, the management filter with higher issAclMgmtFilterNo
|
|
will be applicable.
|
|
|
|
Higher value of 'Management filter priority' implies a higher priority.
|
|
|
|
Usage of 'MgmtFilterPriority' is implementation dependant."
|
|
DEFVAL { 1 }
|
|
::= { issAclMgmtFilterEntry 3 }
|
|
|
|
issAclMgmtFilterSrcIpAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP address to match against the packet's source IP address.
|
|
This cannot be a DNS name, but can be an IPv4 or IPv6 prefix.
|
|
issAclMgmtFilterSrcIpAddrPrefixLength indicates the number of
|
|
bits that are relevant."
|
|
::= { issAclMgmtFilterEntry 4 }
|
|
|
|
issAclMgmtFilterSrcIpAddrPrefixLength OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
UNITS "bits"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
|
|
"The length of the CIDR Prefix carried in
|
|
issAclMgmtFilterSrcIpAddr. In IPv4 addresses, a length of 0
|
|
indicates a match of any address; a length of 32 indicates a
|
|
match of a single host address, and a length between 0 and 32
|
|
indicates the use of a CIDR Prefix. IPv6 is similar, except that
|
|
prefix lengths range from 0..128."
|
|
DEFVAL { 32 }
|
|
::= { issAclMgmtFilterEntry 5 }
|
|
|
|
issAclMgmtFilterAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allow (1),
|
|
drop (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the action to be taken on the packet if the management
|
|
filter matches.
|
|
Also these filter actions will be applicable to new connection requests
|
|
and will not disturb the existing connections.
|
|
|
|
If the action is 'allow', the packet will be allowed for the
|
|
L3 interface on which management filter is applied.
|
|
|
|
If the action is 'drop', the packet will be discarded.
|
|
The drop action will be applicable for the TCP packet when
|
|
SYN bit is set in the TCP header.
|
|
The TCP packet will not be discarded if request is being initiated
|
|
or ACK bit is set in TCP header.
|
|
UDP and other IP packets will be discared for 'drop' action."
|
|
|
|
DEFVAL { allow }
|
|
::= { issAclMgmtFilterEntry 6 }
|
|
|
|
issAclMgmtFilterStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry.
|
|
The entry status will be made 'active' when Management
|
|
Filter will be bind to L3 interface having valid IP Address.
|
|
|
|
Management filter or entry will be 'Inactive' if it is not binded
|
|
to any L3 interface. Management filter or entry will also be 'Inactive',
|
|
if Management fileter or entry is binded to any L3 interface without any IP
|
|
address configured on it."
|
|
|
|
::= { issAclMgmtFilterEntry 7 }
|
|
|
|
----------------------------------------
|
|
-- Reserved Frame Transmission Control
|
|
----------------------------------------
|
|
|
|
issReservedFrameCtrlTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF FsReservedFrameCtrlEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table to configure IEEE802 Reserved Multicast-MAC Address filter rules in the system.
|
|
The reserved transmission control function is a function that takes frames that normally are
|
|
sent to the CPU and then it decides to either permit them or to stop forwarding them to the CPU."
|
|
::= { issReservedFrameGrp 1 }
|
|
|
|
issReservedFrameCtrlEntry OBJECT-TYPE
|
|
SYNTAX FsReservedFrameCtrlEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An Reserved-Frame-Tranmission-Entry is uniquely identified by the object 'issReservedFrameTxnCtrlId'."
|
|
INDEX { issReservedFrameCtrlId }
|
|
::= { issReservedFrameCtrlTable 1 }
|
|
|
|
FsReservedFrameCtrlEntry ::=
|
|
SEQUENCE {
|
|
issReservedFrameCtrlId IndexInteger,
|
|
issReservedFrameCtrlPktType ReservedFrameType,
|
|
issReservedFrameCtrlAction INTEGER,
|
|
issReservedFrameCtrlOtherMacAddr MacAddress,
|
|
issReservedFrameCtrlOtherMacMask INTEGER,
|
|
issReservedFrameCtrlMatchCount Counter32,
|
|
issReservedFrameCtrlStatsEnabledStatus EnabledStatus,
|
|
issClearReservedFrameCtrlStats TruthValue,
|
|
issReservedFrameCtrlStatus RowStatus
|
|
}
|
|
issReservedFrameCtrlId OBJECT-TYPE
|
|
SYNTAX IndexInteger
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Index to the ReservedFrameTxnCtrl entry. Uniquely identifies the issReservedFrameTxnCtrl entry."
|
|
::= { issReservedFrameCtrlEntry 1 }
|
|
|
|
issReservedFrameCtrlPktType OBJECT-TYPE
|
|
SYNTAX ReservedFrameType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
" This object specifies the type of the PDUs. The type could take the following values
|
|
bpdu - (MAC:01:80:C2:00:00:00) for Suppressing BPDU CPU transfer (Cannot be combined with Spanning Tree Protocol).
|
|
lacpdu-udld - (MAC:01:80:C2:00:00:02) Suppressing Slow protocol frame CPU transfer (Cannot be combined with lacp and mlag lacp)
|
|
eap - (MAC:01:80:C2:00:00:03) Suppressing IEEE802.1X EAP frame CPU transfer(Cannot be combined with IEEE802.1X.)
|
|
lldpdu - Suppressing LLDPDU CPU transfer (Can not be combined with LLDP)
|
|
all - MAC Range : 01:80:C2:00:00:00 to 01:80:C2:00:00:0F and 01:80:C2:00:00:20 to 01:80:C2:00:00:2F"
|
|
::= { issReservedFrameCtrlEntry 2 }
|
|
|
|
issReservedFrameCtrlAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
allow (1),
|
|
drop (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action value allow/drop specify the action to be taken on the packet if the ReservedFrameCtrl-entry matches.
|
|
--> If the action is 'allow', the packet will be forwarded.
|
|
--> If the action is 'drop', the packet will be discarded."
|
|
::= { issReservedFrameCtrlEntry 3 }
|
|
|
|
issReservedFrameCtrlOtherMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reserved Destination Multicast MAC address to be matched with the packet"
|
|
|
|
::= { issReservedFrameCtrlEntry 4 }
|
|
|
|
issReservedFrameCtrlOtherMacMask OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The range of Mac addresses will be decided based on the Mask Specified.
|
|
The possible masks are :
|
|
Mask Value MAC addresses
|
|
0xff 1
|
|
0xfe 2
|
|
0xfc 4
|
|
0xf8 8
|
|
0xf0 16
|
|
0xe0 32."
|
|
|
|
::= { issReservedFrameCtrlEntry 5 }
|
|
|
|
issReservedFrameCtrlMatchCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number of times this ReservedFrameCtrl-entry is matched."
|
|
|
|
::= { issReservedFrameCtrlEntry 6 }
|
|
|
|
issReservedFrameCtrlStatsEnabledStatus OBJECT-TYPE
|
|
SYNTAX EnabledStatus
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the status of ReservedFrameCtrl-entry statistics collection.
|
|
When set as enabled, the number of hits for the specific entry is collected and can
|
|
be verified using the issReservedFrameCtrlMatchCount object.
|
|
When set as disabled, the number of hits for the entry is not collected."
|
|
DEFVAL { disabled }
|
|
::= { issReservedFrameCtrlEntry 7 }
|
|
|
|
issClearReservedFrameCtrlStats OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object clears the hit count of the specific ReservedFrameCtrl-entry.
|
|
|
|
When this object is set as 'true'(1), the hit count for the filter is
|
|
cleared and the object value is reset to 'false'(2). The get routine for
|
|
this object always returns 'false'(2)."
|
|
DEFVAL { false }
|
|
::= { issReservedFrameCtrlEntry 8 }
|
|
|
|
issReservedFrameCtrlStatus OBJECT-TYPE
|
|
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of this entry. An entry is
|
|
created in this table when this object is SET to 'createAndWait'.
|
|
The entry is 'not-ready' when the mandatory parameters are not specified.
|
|
Following objects are mandatory parameters that need to be set before this object
|
|
can be SET to 'active' -
|
|
a. issReservedFrameCtrlId
|
|
b. issReservedFrameCtrlPktType
|
|
c. issReservedFrameCtrlAction
|
|
The entry in this table is used when the status of this object is
|
|
SET to 'active'. The entry in this table is not used when this object is SET to 'notInService'.
|
|
An entry created in this table is deleted when this object is SET to 'destroy'."
|
|
::= { issReservedFrameCtrlEntry 9 }
|
|
END
|