WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/huawei/HUAWEI-IPDSLAM-ACLV6-MIB

1420 lines
68 KiB
Plaintext
Raw Blame History

-- ============================================================================
-- Copyright (C) 2012 by HUAWEI TECHNOLOGIES. All rights reserved.
-- Description: The MIB is used for configuring IPv6 ACL rules. An access control list (ACL)
-- is used to filter the specified data packets according to a series of
-- matching rules configured in the ACL packets so that undesired data
-- packets can be identified. By using the matching rules, network devices
-- can permit or deny the matching data packets to pass.
-- Reference:
-- Version: V1.03
--
-- ============================================================================
HUAWEI-IPDSLAM-ACLV6-MIB DEFINITIONS ::= BEGIN
IMPORTS
huaweiMgmt
FROM HUAWEI-MIB
IpAddress, Integer32, Counter32,Unsigned32, OBJECT-TYPE, MODULE-IDENTITY,NOTIFICATION-TYPE
FROM SNMPv2-SMI
InetAddressType,InetAddress,InetAddressPrefixLength,InetPortNumber
FROM INET-ADDRESS-MIB
RowStatus, TruthValue, MacAddress
FROM SNMPv2-TC;
hwAclv6 MODULE-IDENTITY
LAST-UPDATED "201202101200Z"
ORGANIZATION
"Huawei Technologies Co., Ltd."
CONTACT-INFO
"Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
"
DESCRIPTION
"The MIB is used for configuring IPv6 ACL rules.An access control list (ACL)
is used to filter the specified data packets according to a series of
matching rules configured in the ACL packets so that undesired data
packets can be identified. By using the matching rules, network devices
can permit or deny the matching data packets to pass."
-- Revision history
REVISION "201202101200Z"
DESCRIPTION "V1.03, modified the description of some leaves of hwAclv6NumGroupTable, hwAclv6BasicRuleTable, hwAclv6AdvancedRuleTable."
-- Revision history
REVISION "201107211200Z"
DESCRIPTION "V1.02, added hwAclv6NumGroupAclType and hwAclv6NumGroupAclNumAllocMethod in hwAclv6NumGroupTable
to allocate the ACLv6 group index automatically."
-- Revision history
REVISION "201101200000Z"
DESCRIPTION "V1.01, initial revision."
::= { huaweiMgmt 112 }
-- 1.3.6.1.4.1.2011.5.112.1
hwAclv6MibObject OBJECT IDENTIFIER ::= { hwAclv6 1 }
-- 1.3.6.1.4.1.2011.5.112.1.1
hwAclv6NumGroupTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwAclv6NumGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the configured ACLv6 groups in the system and basic information about each group,
such as the number of rules, steps, and descriptions.
The index of this table is hwAclv6NumGroupAclNum.
The hwAclv6NumGroupAclNum identifies an ACLv6 group."
::= { hwAclv6MibObject 1 }
-- 1.3.6.1.4.1.2011.5.112.1.1.1
hwAclv6NumGroupEntry OBJECT-TYPE
SYNTAX HwAclv6NumGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the configured ACLv6 groups in the system and basic information about each group,
such as the number of rules, steps, and descriptions.
The index of this entry is hwAclv6NumGroupAclNum.
The hwAclv6NumGroupAclNum identifies an ACLv6 group.
"
INDEX { hwAclv6NumGroupAclNum }
::= { hwAclv6NumGroupTable 1 }
HwAclv6NumGroupEntry ::=
SEQUENCE {
hwAclv6NumGroupAclNum
Unsigned32,
hwAclv6NumGroupMatchOrder
INTEGER,
hwAclv6NumGroupSubitemNum
Counter32,
hwAclv6NumGroupStep
Integer32,
hwAclv6NumGroupDescription
OCTET STRING,
hwAclv6NumGroupCountClear
INTEGER,
hwAclv6NumGroupRowStatus
RowStatus,
hwAclv6NumGroupAclType
INTEGER,
hwAclv6NumGroupAclNumAllocMethod
INTEGER
}
-- 1.3.6.1.4.1.2011.5.112.1.1.1.1
hwAclv6NumGroupAclNum OBJECT-TYPE
SYNTAX Unsigned32 (2000..3999|4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index of this hwAclv6NumGroupTable.
Uniquely identifies an ACLv6 group.
Value range: 2000-3999,4294967295
The groups with indexes ranging from 2000 to 2999 are basic ACLv6 groups.
When hwAclv6NumGroupTable is used to create basic ACLv6 rules,
a basic ACLv6 rule group with an index of the specified hwAclv6NumGroupAclNum value must be created through hwAclv6NumGroupTable.
The groups with indexes ranging from 3000 to 3999 are advanced ACLv6 groups.
When hwAclv6AdvancedTable is used to create advanced ACLv6 rule,
an advanced ACLv6 rule group with an index of the specified hwAclv6AdvancedAclNum value must be created through hwAclv6NumGroupAclNum.
The value 4294967295 means to allocate the group index automatically, which is only valid in the set operation.
"
::= { hwAclv6NumGroupEntry 1 }
-- 1.3.6.1.4.1.2011.5.112.1.1.1.2
hwAclv6NumGroupMatchOrder OBJECT-TYPE
SYNTAX INTEGER
{
config(1),
auto(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the priority order of an ACLv6 group.
Options:
1. config(1) -the priority order of an ACLv6 group is configuration order
2. auto(2) -the priority order of an ACLv6 group is auto
Currently, this leaf is read-only. The value is fixed to config(1), that is, the configuration order.
"
::= { hwAclv6NumGroupEntry 2 }
-- 1.3.6.1.4.1.2011.5.112.1.1.1.3
hwAclv6NumGroupSubitemNum OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of rules in an ACLv6 group. This leaf is read-only.
The value increases by one when a rule is added to the ACLv6 group.
"
::= { hwAclv6NumGroupEntry 3 }
-- 1.3.6.1.4.1.2011.5.112.1.1.1.4
hwAclv6NumGroupStep OBJECT-TYPE
SYNTAX Integer32 (1..20)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the step of adding rules to an ACLv6 group.
Range: 1-20
When a rule is added and its ID is not specified, the ID of the rule is: step+last rule ID/step*step.
If a user does not enter a value for hwAclv6NumGroupStep, the system uses the value 5 by default.
"
DEFVAL { 5 }
::= { hwAclv6NumGroupEntry 4 }
-- 1.3.6.1.4.1.2011.5.112.1.1.1.5
hwAclv6NumGroupDescription OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..127))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the description of an ACLv6 group. It is used for users to identify different ACLv6 groups.
Up to 127 characters are supported. If hwAclv6NumGroupDescription is not set, the description is null by default.
"
::= { hwAclv6NumGroupEntry 5 }
-- 1.3.6.1.4.1.2011.5.112.1.1.1.6
hwAclv6NumGroupCountClear OBJECT-TYPE
SYNTAX INTEGER
{
cleared(1),
nouse(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Used for clearing the software statistics of an ACLv6 group.
Options:
1. cleared(1) -clear the software statistics of an ACLv6 group
2. nouse(2) -indicates no operation
When this leaf is queried, the value is fixed to cleared(1).
"
::= { hwAclv6NumGroupEntry 6 }
-- 1.3.6.1.4.1.2011.5.112.1.1.1.7
hwAclv6NumGroupRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status.
Options:
1. active(1) -when this leaf is queried, the value is fixed to active(1).
2. createAndGo(4) -create an ACLv6 group
3. destroy(6) -delete an ACLv6 group
It is used for creating or deleting an ACLv6 group, and clearing the software statistics of an ACLv6 group.
To create an ACLv6 group, set hwAclv6NumGroupRowStatus to createAndGo(4).
The hwAclv6NumGroupStep and hwAclv6NumGroupDescription parameters are optional.
To delete an ACLv6 rule group, set hwAclv6NumGroupRowStatus to destroy(6).
To clear the software statistics of a ACLv6 group,
set hwAclv6NumGroupCountClear to cleared(1) and hwAclv6NumGroupRowStatus to createAndGo(4).
When this leaf is queried, the value is fixed to active(1).
"
::= { hwAclv6NumGroupEntry 7 }
-- 1.3.6.1.4.1.2011.5.112.1.1.1.8
hwAclv6NumGroupAclType OBJECT-TYPE
SYNTAX INTEGER
{
basicAclv6(2),
advAclv6(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"indicates the type of the ACLv6 group.
Options:
1. basicAclv6(2) -Indicates that the type of the ACLv6 group is basic.
2. advAclv6(3) -Indicates that the type of the ACLv6 group is advanced.
"
::= { hwAclv6NumGroupEntry 8 }
-- 1.3.6.1.4.1.2011.5.112.1.1.1.9
hwAclv6NumGroupAclNumAllocMethod OBJECT-TYPE
SYNTAX INTEGER
{
minFreeId(1),
maxFreeId(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"indicates the method of allocating the ACLv6 group index automatically.
Options:
1. minFreeId(1) -means to allocate the ACLv6 group index from the minimal free index.
2. maxFreeId(2) -means to allocate the ACLv6 group index from the maximal free index.
"
DEFVAL { 1 }
::= { hwAclv6NumGroupEntry 9 }
-- 1.3.6.1.4.1.2011.5.112.1.2
hwAclv6BasicRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwAclv6BasicRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about a basic ACLv6 rule in a basic ACLv6 group,
including the source IP address, prefix length, and other attributes of the rule.
The indexes of this table are hwAclv6BasicAclNum and hwAclv6BasicSubitem.
hwAclv6BasicAclNum is the ID of a basic ACLv6 group. Make sure that the ID is already created in hwAclv6NumGroupTable.
hwAclv6BasicSubitem is the ID of a basic ACLv6 rule in the basic ACLv6 group.
"
::= { hwAclv6MibObject 2 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1
hwAclv6BasicRuleEntry OBJECT-TYPE
SYNTAX HwAclv6BasicRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about a basic ACLv6 rule in a basic ACLv6 group,
including the source IP address, prefix length, and other attributes of the rule.
The indexes of this entry are hwAclv6BasicAclNum and hwAclv6BasicSubitem.
hwAclv6BasicAclNum is the ID of a basic ACLv6 group. Make sure that the ID is already created in hwAclv6NumGroupTable.
hwAclv6BasicSubitem is the ID of a basic ACLv6 rule in the basic ACLv6 group.
"
INDEX { hwAclv6BasicAclNum, hwAclv6BasicSubitem }
::= { hwAclv6BasicRuleTable 1 }
HwAclv6BasicRuleEntry ::=
SEQUENCE {
hwAclv6BasicAclNum
Unsigned32,
hwAclv6BasicSubitem
Unsigned32,
hwAclv6BasicAct
INTEGER,
hwAclv6BasicSrcIpAddressType
InetAddressType,
hwAclv6BasicSrcIpAddress
InetAddress,
hwAclv6BasicSrcIpAddressPrefixLength
InetAddressPrefixLength,
hwAclv6BasicTimeRangeName
OCTET STRING,
hwAclv6BasicEnable
TruthValue,
hwAclv6BasicCount
Counter32,
hwAclv6BasicCountClear
INTEGER,
hwAclv6BasicPriority
Integer32,
hwAclv6BasicRowStatus
RowStatus
}
-- 1.3.6.1.4.1.2011.5.112.1.2.1.1
hwAclv6BasicAclNum OBJECT-TYPE
SYNTAX Unsigned32 (2000..2999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Uniquely identifies a basic ACLv6 group.
Range: 2000-2999
Make sure that the ID of the ACLv6 group is already created in hwAclv6NumGroupTable.
"
::= { hwAclv6BasicRuleEntry 1 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.2
hwAclv6BasicSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the ID of a basic ACLv6 rule in the basic ACLv6 group, uniquely identifying a basic ACLv6 rule.
Range: 0-4294967295
In the create operation, if the value is 4294967295, the ID of a rule is generated automatically.
Otherwise, the ID of a rule is already created according to the specified value.
The automatically generated ID of an ACLv6 rule depends on the value of hwAclv6NumGroupStep,
which corresponds to a basic ACLv6 group in hwAclv6NumGroupTable.
The generated ID of the rule is: step+last rule ID/step*step .
"
::= { hwAclv6BasicRuleEntry 2 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.3
hwAclv6BasicAct OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the action of a rule.
Options:
1. permit(1) -indicates that the data packets that meet the conditions can pass
2. deny(2) -indicates that the data packets that meet the conditions are discarded
"
::= { hwAclv6BasicRuleEntry 3 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.4
hwAclv6BasicSrcIpAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the ip-address type of the rule.
The value represents a type of Internet address.
Options:
1. unknown(0) -An unknown address type. This value must be used if the value of the corresponding
InetAddress object is a zero-length string. It may also be used to indicate an IP address
that is not in one of the formats defined below.
2. ipv4(1) -An IPv4 address as defined by the InetAddressIPv4 textual convention.
3. ipv6(2) -An IPv6 address as defined by the InetAddressIPv6 textual convention.
4. ipv4z(3) -A non-global IPv4 address including a zone index as defined by the InetAddressIPv4z textual convention.
5. ipv6z(4) -A non-global IPv6 address including a zone index as defined by the InetAddressIPv6z textual convention.
6. dns(16) -A DNS domain name as defined by the InetAddressDNS textual convention.
Each definition of a concrete InetAddressType value must be
accompanied by a definition of a textual convention for use
with that InetAddressType.
To support future extensions, the InetAddressType textual
convention SHOULD NOT be sub-typed in object type definitions.
It MAY be sub-typed in compliance statements in order to
require only a subset of these address types for a compliant
implementation.
Implementations must ensure that InetAddressType objects
and any dependent objects (e.g., InetAddress objects) are
consistent. An inconsistentValue error must be generated
if an attempt to change an InetAddressType object would,
for example, lead to an undefined InetAddress value. In
particular, InetAddressType/InetAddress pairs must be
changed together if the address type changes (e.g., from
ipv6(2) to ipv4(1)).
"
::= { hwAclv6BasicRuleEntry 4 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.5
hwAclv6BasicSrcIpAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes source IP address of the rule.
Denotes a generic Internet address.
An InetAddress value is always interpreted within the context
of an InetAddressType value. Every usage of the InetAddress
textual convention is required to specify the InetAddressType
object that provides the context. It is suggested that the
InetAddressType object be logically registered before the
object(s) that use the InetAddress textual convention, if
they appear in the same logical row.
The value of an InetAddress object must always be
consistent with the value of the associated InetAddressType
object. Attempts to set an InetAddress object to a value
inconsistent with the associated InetAddressType
must fail with an inconsistentValue error.
When this textual convention is used as the syntax of an
index object, there may be issues with the limit of 128
sub-identifiers specified in SMIv2, STD 58. In this case,
the object definition MUST include a 'SIZE' clause to
limit the number of potential instance sub-identifiers;
otherwise the applicable constraints MUST be stated in
the appropriate conceptual row DESCRIPTION clauses, or
in the surrounding documentation if there is no single
DESCRIPTION clause that is appropriate.
"
::= { hwAclv6BasicRuleEntry 5 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.6
hwAclv6BasicSrcIpAddressPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes source IP address prefix length of the rule.
Denotes the length of a generic Internet network address prefix.
A value of n corresponds to an IP address mask
that has n contiguous 1-bits from the most significant
bit (MSB), with all other bits set to 0.
An InetAddressPrefixLength value is always interpreted within
the context of an InetAddressType value. Every usage of the
InetAddressPrefixLength textual convention is required to
specify the InetAddressType object that provides the
context. It is suggested that the InetAddressType object be
logically registered before the object(s) that use the
InetAddressPrefixLength textual convention, if they appear
in the same logical row.
InetAddressPrefixLength values larger than
the maximum length of an IP address for a specific
InetAddressType are treated as the maximum significant
value applicable for the InetAddressType. The maximum
significant value is 32 for the InetAddressType
'ipv4(1)' and 'ipv4z(3)' and 128 for the InetAddressType
'ipv6(2)' and 'ipv6z(4)'. The maximum significant value
for the InetAddressType 'dns(16)' is 0.
The value zero is object-specific and must be defined as
part of the description of any object that uses this
syntax. Examples of the usage of zero might include
situations where the Internet network address prefix
is unknown or does not apply.
The upper bound of the prefix length has been chosen to
be consistent with the maximum size of an InetAddress."
::= { hwAclv6BasicRuleEntry 6 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.7
hwAclv6BasicTimeRangeName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the time range name of a rule.
It is used when the effective time of a rule needs to be configured.
If hwAclv6BasicTimeRangeName is not set, the rule is valid all the time by default.
"
::= { hwAclv6BasicRuleEntry 7 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.8
hwAclv6BasicEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes whether the rule is valid.
Options:
1. true(1) -the rule is valid
2. false(2) -the rule is invalid
If the rule is associated with a time range parameter through hwAclv6BasicTimeRangeName
and the current time is within the defined time range, the value is true(1), which indicates that the rule is valid.
If the current time is not within the defined time range, the value is false(2), which indicates that the rule is invalid.
If the basic ACL rule is not associated with a time range parameter, the rule is valid all the time.
"
::= { hwAclv6BasicRuleEntry 8 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.9
hwAclv6BasicCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes the statistics of packets that match the rule.
"
::= { hwAclv6BasicRuleEntry 9 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.10
hwAclv6BasicCountClear OBJECT-TYPE
SYNTAX INTEGER
{
cleared(1),
nouse(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Clears the statistics of packets that match the rule.
Options:
1. cleared(1) -clear the statistics of packets that match the basic ACL rules
2. nouse(2) -indicates no operation
When this leaf is queried, the value is fixed to cleared(1).
"
::= { hwAclv6BasicRuleEntry 10 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.11
hwAclv6BasicPriority OBJECT-TYPE
SYNTAX Integer32 (0..9)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the priority of a rule.
Range: 0-9
Default: 0
The priority ascends with the value.
When multiple rules are matched at the same time, the rule with the highest priority prevails.
If multiple rules are matched and the priorities are the same,
software does not manage the rules and the hardware logic determines which priority prevails.
To prevent such a case, you can set different priorities for the rules.
"
::= { hwAclv6BasicRuleEntry 11 }
-- 1.3.6.1.4.1.2011.5.112.1.2.1.12
hwAclv6BasicRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status.
Options:
1. active(1) -when this leaf is queried, the value is fixed to active(1).
2. createAndGo(4) -create a basic ACLv6 rule
3. destroy(6) -delete a basic ACLv6 rule and clear the packet statistics of a basic ACLv6 rule
It is used for creating or deleting a basic ACLv6 rule and clearing the packet statistics of a basic ACLv6 rule.
To create a rule, enter hwAclv6BasicAct and set hwAclv6BasicRowStatus to createAndGo(4).
hwAclv6BasicSrcIpAddress, hwAclv6BasicSrcIpAddressPrefixLength, hwAclv6BasicTimeRangeName are optional.
To delete a basic ACLv6 rule, set hwAclv6BasicRowStatus to destroy(6).
To clear the packet statistics of a basic ACLv6 rule, you must set hwAclv6BasicCountClear to cleared(1)
and hwAclv6BasicRowStatus to createAndGo(4).
When this leaf is queried, the value is fixed to active(1).
"
::= { hwAclv6BasicRuleEntry 12 }
-- 1.3.6.1.4.1.2011.5.112.1.2
hwAclv6AdvancedRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF HwAclv6AdvancedRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about an advanced ACLv6 rule in an advanced ACLv6 group.
The indexes of this table are hwAclv6AdvancedAclNum and hwAclv6AdvancedSubitem.
hwAclv6AdvancedAclNum is the ID of an advanced ACLv6 group. Make sure that the ID is already created in hwAclv6NumGroupTable.
hwAclv6AdvancedSubitem is the ID of an advanced ACLv6 rule in the advance ACLv6 group.
"
::= { hwAclv6MibObject 3 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1
hwAclv6AdvancedRuleEntry OBJECT-TYPE
SYNTAX HwAclv6AdvancedRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the details about an advanced ACLv6 rule in an advanced ACLv6 group.
The indexes of this entry are hwAclv6AdvancedAclNum and hwAclv6AdvancedSubitem.
hwAclv6AdvancedAclNum is the ID of an advanced ACLv6 group. Make sure that the ID is already created in hwAclv6NumGroupTable.
hwAclv6AdvancedSubitem is the ID of an advanced ACLv6 rule in the advance ACLv6 group.
"
INDEX { hwAclv6AdvancedAclNum, hwAclv6AdvancedSubitem }
::= { hwAclv6AdvancedRuleTable 1 }
HwAclv6AdvancedRuleEntry ::=
SEQUENCE {
hwAclv6AdvancedAclNum
Unsigned32,
hwAclv6AdvancedSubitem
Unsigned32,
hwAclv6AdvancedAct
INTEGER,
hwAclv6AdvancedProtocol
Integer32,
hwAclv6AdvancedSrcIpAddressType
InetAddressType,
hwAclv6AdvancedSrcIpAddress
InetAddress,
hwAclv6AdvancedSrcIpAddressPrefixLength
InetAddressPrefixLength,
hwAclv6AdvancedSrcOp
INTEGER,
hwAclv6AdvancedSrcPort1
InetPortNumber,
hwAclv6AdvancedSrcPort2
InetPortNumber,
hwAclv6AdvancedDestIpAddressType
InetAddressType,
hwAclv6AdvancedDestIpAddress
InetAddress,
hwAclv6AdvancedDestIpAddressPrefixLength
InetAddressPrefixLength,
hwAclv6AdvancedDestOp
INTEGER,
hwAclv6AdvancedDestPort1
InetPortNumber,
hwAclv6AdvancedDestPort2
InetPortNumber,
hwAclv6AdvancedPrecedence
Integer32,
hwAclv6AdvancedTos
Integer32,
hwAclv6AdvancedDscp
Integer32,
hwAclv6AdvancedTimeRangeName
OCTET STRING,
hwAclv6AdvancedIcmpv6Type
Integer32,
hwAclv6AdvancedIcmpv6Code
Integer32,
hwAclv6AdvancedEnable
TruthValue,
hwAclv6AdvancedCount
Counter32,
hwAclv6AdvancedCountClear
INTEGER,
hwAclv6AdvancedPriority
Integer32,
hwAclv6AdvancedRowStatus
RowStatus
}
-- 1.3.6.1.4.1.2011.5.112.1.3.1.1
hwAclv6AdvancedAclNum OBJECT-TYPE
SYNTAX Unsigned32 (3000..3999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Uniquely identifies an advanced ACLv6 group.
Range: 3000-3999
Make sure that the ID of the ACLv6 group is already created in hwAclv6NumGroupTable.
"
::= { hwAclv6AdvancedRuleEntry 1 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.2
hwAclv6AdvancedSubitem OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Describes the ID of an advanced ACLv6 rule in an advanced ACLv6 group, uniquely identifying an advanced ACLv6 rule.
Range: 0-4294967295
In the create operation, if the value is 4294967295, the ID of an advanced ACLv6 rule is generated automatically.
Otherwise, the ID of an advanced ACLv6 rule is already created according to the specified value.
The automatically generated ID of an advanced ACLv6 rule depends on the value of hwAclv6NumGroupStep,
which corresponds to an advanced ACLv6 group in hwAclv6NumGroupTable.
The generated ID of the rule is step+last rule ID/step*step.
"
::= { hwAclv6AdvancedRuleEntry 2 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.3
hwAclv6AdvancedAct OBJECT-TYPE
SYNTAX INTEGER
{
permit(1),
deny(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the action of a rule.
Options:
1. permit(1) -indicates that the data packets that meet the conditions can pass
2. deny(2) -indicates that the data packets that meet the conditions are discarded
"
::= { hwAclv6AdvancedRuleEntry 3 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.4
hwAclv6AdvancedProtocol OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the protocol of IP packets that matches an advanced ACLv6 rule.
Range: 0-255
Default: 0
Common protocols:
GRE tunneling(47)
Internet Control Message Protocol6(58)
Any IP protocol(0)
IPv6-Authentication header(51)
IPv6 Encapsulating Security Payload(50)
OSPF routing protocol(89)
Transmission control protocol(6)
User Datagram protocol(17)
"
DEFVAL { 0 }
::= { hwAclv6AdvancedRuleEntry 4 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.5
hwAclv6AdvancedSrcIpAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the ip-address type of the rule.
The value represents a type of Internet address.
Options:
1. unknown(0) -An unknown address type. This value must be used if the value of the corresponding
InetAddress object is a zero-length string. It may also be used to indicate an IP address
that is not in one of the formats defined below.
2. ipv4(1) -An IPv4 address as defined by the InetAddressIPv4 textual convention.
3. ipv6(2) -An IPv6 address as defined by the InetAddressIPv6 textual convention.
4. ipv4z(3) -A non-global IPv4 address including a zone index as defined by the InetAddressIPv4z textual convention.
5. ipv6z(4) -A non-global IPv6 address including a zone index as defined by the InetAddressIPv6z textual convention.
6. dns(16) -A DNS domain name as defined by the InetAddressDNS textual convention.
Each definition of a concrete InetAddressType value must be
accompanied by a definition of a textual convention for use
with that InetAddressType.
To support future extensions, the InetAddressType textual
convention SHOULD NOT be sub-typed in object type definitions.
It MAY be sub-typed in compliance statements in order to
require only a subset of these address types for a compliant
implementation.
Implementations must ensure that InetAddressType objects
and any dependent objects (e.g., InetAddress objects) are
consistent. An inconsistentValue error must be generated
if an attempt to change an InetAddressType object would,
for example, lead to an undefined InetAddress value. In
particular, InetAddressType/InetAddress pairs must be
changed together if the address type changes (e.g., from
ipv6(2) to ipv4(1)).
"
::= { hwAclv6AdvancedRuleEntry 5 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.6
hwAclv6AdvancedSrcIpAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes source IP address of the rule.
Denotes a generic Internet address.
An InetAddress value is always interpreted within the context
of an InetAddressType value. Every usage of the InetAddress
textual convention is required to specify the InetAddressType
object that provides the context. It is suggested that the
InetAddressType object be logically registered before the
object(s) that use the InetAddress textual convention, if
they appear in the same logical row.
The value of an InetAddress object must always be
consistent with the value of the associated InetAddressType
object. Attempts to set an InetAddress object to a value
inconsistent with the associated InetAddressType
must fail with an inconsistentValue error.
When this textual convention is used as the syntax of an
index object, there may be issues with the limit of 128
sub-identifiers specified in SMIv2, STD 58. In this case,
the object definition MUST include a 'SIZE' clause to
limit the number of potential instance sub-identifiers;
otherwise the applicable constraints MUST be stated in
the appropriate conceptual row DESCRIPTION clauses, or
in the surrounding documentation if there is no single
DESCRIPTION clause that is appropriate.
"
::= { hwAclv6AdvancedRuleEntry 6 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.7
hwAclv6AdvancedSrcIpAddressPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes source IP address prefix length of the rule.
Denotes the length of a generic Internet network address
prefix. A value of n corresponds to an IP address mask
that has n contiguous 1-bits from the most significant
bit (MSB), with all other bits set to 0.
An InetAddressPrefixLength value is always interpreted within
the context of an InetAddressType value. Every usage of the
InetAddressPrefixLength textual convention is required to
specify the InetAddressType object that provides the
context. It is suggested that the InetAddressType object be
logically registered before the object(s) that use the
InetAddressPrefixLength textual convention, if they appear
in the same logical row.
InetAddressPrefixLength values larger than
the maximum length of an IP address for a specific
InetAddressType are treated as the maximum significant
value applicable for the InetAddressType. The maximum
significant value is 32 for the InetAddressType
'ipv4(1)' and 'ipv4z(3)' and 128 for the InetAddressType
'ipv6(2)' and 'ipv6z(4)'. The maximum significant value
for the InetAddressType 'dns(16)' is 0.
The value zero is object-specific and must be defined as
part of the description of any object that uses this
syntax. Examples of the usage of zero might include
situations where the Internet network address prefix
is unknown or does not apply.
The upper bound of the prefix length has been chosen to
be consistent with the maximum size of an InetAddress.
"
::= { hwAclv6AdvancedRuleEntry 7 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.8
hwAclv6AdvancedSrcOp OBJECT-TYPE
SYNTAX INTEGER
{
lt(1),
eq(2),
gt(3),
neq(4),
range(5),
invalid(255)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation types of comparing packet source ports when the type of hwAclv6AdvancedProtocol is set to TCP or UDP.
Range: 0-5
Options:
1. lt(1) -indicates '<'
2. eq(2) -indicates '='
3. gt(3) -indicates '>'
4. neq(4) -indicates '!='
5. range(5) -indicates within the range
6. invalid(255) -indicates an invalid field.
Enter hwAclv6AdvancedSrcPort1 and hwAclv6AdvancedSrcPort2 for the comparison operation only when range(5) is entered.
For other values, enter only hwAclv6AdvancedSrcPort1.
"
::= { hwAclv6AdvancedRuleEntry 8 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.9
hwAclv6AdvancedSrcPort1 OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation value of port 1 in the comparison operation types of the source port in hwAclv6AdvancedSrcOp
when hwAclv6AdvancedProtocol is set to TCP or UDP.
Range: 0-65535
For example, when hwAclv6AdvancedSrcOp is set to eq(2) (=),
it indicates that the source port ID of matched packets equals to the value of hwAclv6AdvancedSrcPort1.
If the value is not specified for an advanced ACLv6 rule, the invalid value 0 is obtained in the query operation.
The number in the brackets is the port IDs that are commonly used.
The port names and meanings of different port names are as follows:
bgp: Border Gateway Protocol(179)
chargen: Character generator (19)
cmd: Remote commands (514)
daytime: Daytime (13)
discard: Discard (9)
domain: Domain Name Service (53)
echo: Echo (7)
exec: Exec (512)
finger: Finger (79)
ftp: File Transfer Protocol (21)
ftp-data: FTP data connections (20)
gopher: Gopher (70)
hostname: NIC hostname server (101)
irc: Internet Relay Chat (194)
klogin: Kerberos login (543)
kshell: Kerberos shell (544)
login: Login (rlogin, 513)
lpd: Printer service (515)
nntp: Network News Transport Protocol (119)
pop2: Post Office Protocol v2 (109)
pop3: Post Office Protocol v3 (110)
smtp: Simple Mail Transport Protocol (25)
sunrpc: SUN Remote Procedure Call (111)
tacacs: TAC Access Control System (49)
talk: Talk (517)
telnet: Telnet (23)
time: Time (37)
uucp: Unix-to-Unix Copy Program (540)
whois: Nicname (43)
www: World Wide Web (HTTP, 80)
"
::= { hwAclv6AdvancedRuleEntry 9 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.10
hwAclv6AdvancedSrcPort2 OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation value of port 2 in the comparison operation types of the source port in hwAclv6AdvancedSrcOp
when hwAclv6AdvancedProtocol is set to TCP or UDP.
Range: 0-65535
The operation value of port 2 is needed only when hwAclv6AdvancedSrcOp is set to range(5).
It is dedicated to describe the upper threshold of ports.
If the value is not specified for an advanced ACL rule , the invalid value 0 is obtained in the query operation.
For the port IDs that are commonly used, port names and meanings of different port names, see the descriptions in hwAclv6AdvancedSrcPort1.
"
::= { hwAclv6AdvancedRuleEntry 10 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.11
hwAclv6AdvancedDestIpAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Destination IP address type of the advanced ACLv6 rule.
A value that represents a type of Internet address.
Options:
1. unknown(0) -An unknown address type. This value must be used if the value of the corresponding
InetAddress object is a zero-length string. It may also be used to indicate an IP address
that is not in one of the formats defined below.
2. ipv4(1) -An IPv4 address as defined by the InetAddressIPv4 textual convention.
3. ipv6(2) -An IPv6 address as defined by the InetAddressIPv6 textual convention.
4. ipv4z(3) -A non-global IPv4 address including a zone index as defined by the InetAddressIPv4z textual convention.
5. ipv6z(4) -A non-global IPv6 address including a zone index as defined by the InetAddressIPv6z textual convention.
6. dns(16) -A DNS domain name as defined by the InetAddressDNS textual convention.
Each definition of a concrete InetAddressType value must be
accompanied by a definition of a textual convention for use
with that InetAddressType.
To support future extensions, the InetAddressType textual
convention SHOULD NOT be sub-typed in object type definitions.
It MAY be sub-typed in compliance statements in order to
require only a subset of these address types for a compliant
implementation.
Implementations must ensure that InetAddressType objects
and any dependent objects (e.g., InetAddress objects) are
consistent. An inconsistentValue error must be generated
if an attempt to change an InetAddressType object would,
for example, lead to an undefined InetAddress value. In
particular, InetAddressType/InetAddress pairs must be
changed together if the address type changes (e.g., from
ipv6(2) to ipv4(1))."
::= { hwAclv6AdvancedRuleEntry 11 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.12
hwAclv6AdvancedDestIpAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes destination IP address of the advanced ACLv6 rule.
Denotes a generic Internet address.
An InetAddress value is always interpreted within the context
of an InetAddressType value. Every usage of the InetAddress
textual convention is required to specify the InetAddressType
object that provides the context. It is suggested that the
InetAddressType object be logically registered before the
object(s) that use the InetAddress textual convention, if
they appear in the same logical row.
The value of an InetAddress object must always be
consistent with the value of the associated InetAddressType
object. Attempts to set an InetAddress object to a value
inconsistent with the associated InetAddressType
must fail with an inconsistentValue error.
When this textual convention is used as the syntax of an
index object, there may be issues with the limit of 128
sub-identifiers specified in SMIv2, STD 58. In this case,
the object definition MUST include a 'SIZE' clause to
limit the number of potential instance sub-identifiers;
otherwise the applicable constraints MUST be stated in
the appropriate conceptual row DESCRIPTION clauses, or
in the surrounding documentation if there is no single
DESCRIPTION clause that is appropriate.
"
::= { hwAclv6AdvancedRuleEntry 12 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.13
hwAclv6AdvancedDestIpAddressPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes destination IP address prefix length of the advanced ACLv6 rule.
Denotes the length of a generic Internet network address
prefix. A value of n corresponds to an IP address mask
that has n contiguous 1-bits from the most significant
bit (MSB), with all other bits set to 0.
An InetAddressPrefixLength value is always interpreted within
the context of an InetAddressType value. Every usage of the
InetAddressPrefixLength textual convention is required to
specify the InetAddressType object that provides the
context. It is suggested that the InetAddressType object be
logically registered before the object(s) that use the
InetAddressPrefixLength textual convention, if they appear
in the same logical row.
InetAddressPrefixLength values larger than
the maximum length of an IP address for a specific
InetAddressType are treated as the maximum significant
value applicable for the InetAddressType. The maximum
significant value is 32 for the InetAddressType
'ipv4(1)' and 'ipv4z(3)' and 128 for the InetAddressType
'ipv6(2)' and 'ipv6z(4)'. The maximum significant value
for the InetAddressType 'dns(16)' is 0.
The value zero is object-specific and must be defined as
part of the description of any object that uses this
syntax. Examples of the usage of zero might include
situations where the Internet network address prefix
is unknown or does not apply.
The upper bound of the prefix length has been chosen to
be consistent with the maximum size of an InetAddress.
"
::= { hwAclv6AdvancedRuleEntry 13 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.14
hwAclv6AdvancedDestOp OBJECT-TYPE
SYNTAX INTEGER
{
lt(1),
eq(2),
gt(3),
neq(4),
range(5),
invalid(255)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes destination port operation symbol of the advanced ACLv6 rule
when the hwAclv6AdvancedProtocol is TCP or UDP.
Options:
1. lt(1) -indicates '<'
2. eq(2) -indicates '='
3. gt(3) -indicates '>'
4. neq(4) -indicates '!='
5. range(5) -indicates within the range
6. invalid(255) -indicates an invalid field.
Enter hwAclv6AdvancedDestPort1 and hwAclv6AdvancedDestPort2 for the comparison operation only when range(5) is entered.
For other values, enter only hwAclv6AdvancedDestPort1.
"
::= { hwAclv6AdvancedRuleEntry 14 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.15
hwAclv6AdvancedDestPort1 OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation value of port 1 in the comparison operation types of the destination port in hwAclv6AdvancedDestOp
when hwAclv6AdvancedProtocol is set to TCP or UDP.
Range: 0-65535
For example, when hwAclv6AdvancedDestOp is set to eq(2) (=),
it indicates that the ID of the destination port that match packets equals to the value of hwAclv6AdvancedDestPort1.
If the value is not specified for an advanced ACLv6 rule, the invalid value 0 is obtained in the query operation.
For the port IDs that are commonly used, port names and meanings of different port names, see the descriptions in hwAclv6AdvancedSrcPort1.
"
::= { hwAclv6AdvancedRuleEntry 15 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.16
hwAclv6AdvancedDestPort2 OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the operation value of port 2 in the comparison operation types of the destination port in hwAclv6AdvancedDestOp
when hwAclv6AdvancedProtocol is set to TCP or UDP.
Range: 0-65535
The operation value of port 2 is needed only when hwAclv6AdvancedDestOp is set to range(5).
It is dedicated to describe the upper threshold of ports.
If the value is not specified for an advanced ACLv6 rule, the invalid value 0 is obtained in the query operation.
For the port IDs that are commonly used, port names and meanings of different port names, see the descriptions in hwAclv6AdvancedSrcPort1.
"
::= { hwAclv6AdvancedRuleEntry 16 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.17
hwAclv6AdvancedPrecedence OBJECT-TYPE
SYNTAX Integer32 (-1|0..7)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the priority field of data frames that an advanced ACLv6 rule needs to match.
If the value is not specified for an advanced ACLv6 rule, the invalid value -1 is obtained in the query operation.
The name and meanings of the precedence values are as follows:
routine: routine priority(0)
priority: priority(1)
immediate: immediate priority(2)
flash: flash priority(3)
flashOverride: flash-override priority(4)
critical: critical priority(5)
internet: internetwork control priority(6)
network: network control priority(7)
invalid: invalid field(-1)
"
::= { hwAclv6AdvancedRuleEntry 17 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.18
hwAclv6AdvancedTos OBJECT-TYPE
SYNTAX Integer32 (-1|0..15)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the type of service (ToS) field of data frames that an advanced ACLv6 rule needs to match.
Range: 0-15, -1
If the value is not specified for an advanced ACLv6 rule, the invalid value -1 is obtained in the query operation.
The number in the brackets is the ToS value. The meanings of ToS names are as follows:
normal Normal service (0)
min-monetary-cost: the service with minimum monetary cost (1)
max-reliability: the service with maximum reliability (2)
max-throughput: the service with maximum throughput (4)
min-delay: the service with minimum delay (8)
"
::= { hwAclv6AdvancedRuleEntry 18 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.19
hwAclv6AdvancedDscp OBJECT-TYPE
SYNTAX Integer32 (-1|0..63)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the differentiated services code point (DSCP) value of data frames that an advanced ACLv6 rule needs to match.
Range: 0-63, -1
If the value is not specified for an advanced ACLv6 rule, the invalid value -1 is obtained in the query operation.
The number in the brackets is the DSCP value. The names and meanings of the DSCP names are as follows:
af1: service of Assured Forwarding 1 (10)
af2: service of Assured Forwarding 2 (18)
af3: service of Assured Forwarding 3 (26)
af4: service of Assured Forwarding 4 (34)
be: Best Effort service (0)
cs1: service of Class Seletor 1 (8)
cs2: service of Class Seletor 2 (16)
cs3: service of Class Seletor 3 (24)
cs4: service of Class Seletor 4 (32)
cs5: service of Class Seletor 5 (40)
cs6: service of Class Seletor 6 (48)
cs7: service of Class Seletor 7 (56)
ef: Expedited Forwarding service (46)
"
::= { hwAclv6AdvancedRuleEntry 19 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.20
hwAclv6AdvancedTimeRangeName OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the time range name of a rule.
It is used when the effective time of a rule needs to be configured.
If hwAclv6AdvancedTimeRangeName is not set, the rule is valid all the time by default.
"
::= { hwAclv6AdvancedRuleEntry 20 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.21
hwAclv6AdvancedIcmpv6Type OBJECT-TYPE
SYNTAX Integer32 (-1|0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the ICMPv6 type when packets are filtered by ICMPv6 type and when hwAclv6AdvancedProtocol is set to ICMPv6.
Range: 0-255, -1
If the value is not specified for an advanced ACLv6 rule, the invalid value -1 is obtained in the query operation.
Type: Indicates the ICMPv6 packet type
Code: Indicates the ICMPv6 code.
The meanings are as follows:
echo Type=128, Code=0
echo-reply Type=129, Code=0
err-Header-field Type=4, Code=0
frag-time-exceeded Type=3, Code=1
hop-limit-exceeded Type=3, Code=0
host-admin-prohib Type=1, Code=1
host-unreachable Type=1, Code=3
neighbor-advertisement Type=136, Code=0
neighbor-solicitation Type=135, Code=0
network-unreachable Type=1, Code=0
packet-too-big Type=2, Code=0
port-unreachable Type=1, Code=4
redirect Type=137, Code=0
router-advertisement Type=134, Code=0
router-solicitation Type=133, Code=0
unknown-ipv6-opt Type=4, Code=2
unknown-next-hdr Type=4, Code=1
"
::= { hwAclv6AdvancedRuleEntry 21 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.22
hwAclv6AdvancedIcmpv6Code OBJECT-TYPE
SYNTAX Integer32 (-1|0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes ICMPv6 codes that the ICMPv6 packets are filtered both by ICMPv6 type and ICMP code when hwAclv6AdvancedProtocol is set to ICMPv6.
Range: 0-255, -1
If the value is not specified for an advanced ACLv6 rule, the invalid value -1 is obtained in the query operation.
For the definition and meanings of ICMPv6 codes, see the description in hwAclv6AdvancedIcmpv6Type.
"
::= { hwAclv6AdvancedRuleEntry 22 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.23
hwAclv6AdvancedEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes whether an advanced ACLv6 rule is valid.
Options:
1. true(1) -indicates that an advanced ACLv6 rule is valid
2. false(2) -indicates that an advanced ACLv6 rule is invalid
If the advanced ACLv6 rule is associated with a time range parameter through hwAclv6AdvancedTimeRangeName
and the current time is within the defined time range, the value is true(1), which indicates validity.
If the current time is not within the defined time range, the value is false(2), which indicates invalidity.
If the advanced ACLv6 rule is not associated with a time range parameter, the advanced ACLv6 rule is valid all the time.
"
::= { hwAclv6AdvancedRuleEntry 23 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.24
hwAclv6AdvancedCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes the statistics of packets that match the rule.
"
::= { hwAclv6AdvancedRuleEntry 24 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.25
hwAclv6AdvancedCountClear OBJECT-TYPE
SYNTAX INTEGER
{
cleared(1),
nouse(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Clears the statistics of packets that match the rule.
Options:
1. cleared(1) -clear the statistics of packets that match the advanced ACLv6 rules
2. nouse(2) -indicates no operation
When this leaf is queried, the value is fixed to cleared(1).
"
::= { hwAclv6AdvancedRuleEntry 25 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.26
hwAclv6AdvancedPriority OBJECT-TYPE
SYNTAX Integer32 (0..9)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Describes the priority of a rule.
Range: 0-9
Default: 0
The priority ascends with the value.
When multiple rules are matched at the same time, the rule with the highest priority prevails.
If multiple rules are matched and the priorities are the same,
software does not manage the rules and the hardware logic determines which priority prevails.
To prevent such a case, you can set different priorities for the rules.
"
::= { hwAclv6AdvancedRuleEntry 26 }
-- 1.3.6.1.4.1.2011.5.112.1.3.1.27
hwAclv6AdvancedRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Indicates the row status.
Options:
1. active(1) -when this leaf is queried, the value is fixed to active(1).
2. createAndGo(4) -create an advanced ACLv6 rule
3. destroy(6) -delete an advanced ACLv6 rule and clear the packet statistics of an advanced ACLv6 rule
It is used for creating or deleting an advanced ACLv6 rule and clearing the packet statistics of an advanced ACLv6 rule.
To create an advanced ACLv6 rule, enter hwAclv6AdvancedAct and set hwAclv6AdvancedRowStatus to createAndGo(4).
Other parameters are optional. The operator of the source port and destination port and port 1 and port 2 take effect only
when the protocol type is specified as TCP or UDP.
Port 2 needs to be specified only when the port operator character is specified as a value range.
The IDs of the two ports are not differentiated, which are automatically adjusted after delivery.
hwAclv6AdvancedIcmpv6Type and hwAclv6AdvancedIcmpv6Code are specified only when the protocol type is ICMP.
To delete an advanced ACLv6 rule, set hwAclv6AdvancedRowStatus to destroy(6).
To clear the statistics of packets that match the advanced ACLv6 rules,
set hwAclv6AdvancedCountClear to cleared(1) and hwAclv6AdvancedRowStatus to createAndGo(4).
When this leaf is queried, the value is fixed to active(1).
"
::= { hwAclv6AdvancedRuleEntry 27 }
-- add trap
hwAclv6Traps OBJECT IDENTIFIER ::= { hwAclv6 2}
hwAclv6CommonTraps OBJECT IDENTIFIER ::= { hwAclv6Traps 1 }
hwAclv6CommonTrapsPrefix OBJECT IDENTIFIER ::= { hwAclv6CommonTraps 0 }
-- add basic aclv6 rule
hwAclv6AddBasicAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclv6BasicAclNum,
hwAclv6BasicSubitem
}
STATUS current
DESCRIPTION
"The hwAclv6AddBasicAclTrap will be sent when the basic aclv6 rule is added."
::= { hwAclv6CommonTraps 0 1 }
-- delete basic aclv6 rule
hwAclv6DeleteBasicAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclv6BasicAclNum,
hwAclv6BasicSubitem
}
STATUS current
DESCRIPTION
"The hwAclv6DeleteBasicAclTrap will be sent when the basic aclv6 rule is deleted."
::= { hwAclv6CommonTraps 0 2}
-- add advanced aclv6 rule
hwAclv6AddAdvancedAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclv6AdvancedAclNum,
hwAclv6AdvancedSubitem
}
STATUS current
DESCRIPTION
"The hwAclv6AddAdvancedAclTrap will be sent when the advanced aclv6 rule is added."
::= { hwAclv6CommonTraps 0 3 }
-- delete advanced aclv6 rule
hwAclv6DeleteAdvancedAclTrap NOTIFICATION-TYPE
OBJECTS {
hwAclv6AdvancedAclNum,
hwAclv6AdvancedSubitem
}
STATUS current
DESCRIPTION
"The hwAclv6DeleteAdvancedAclTrap will be sent when the advanced aclv6 rule is deleted."
::= { hwAclv6CommonTraps 0 4}
hwAclv6AlarmTraps OBJECT IDENTIFIER ::= { hwAclv6Traps 2 }
END
View Git Blame Copy Permalink