335 lines
8.9 KiB
Plaintext
335 lines
8.9 KiB
Plaintext
G6-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Counter32, enterprises,NOTIFICATION-TYPE
|
|
FROM SNMPv2-SMI
|
|
DisplayString, MacAddress
|
|
FROM SNMPv2-TC
|
|
g6 FROM MICROSENS-G6-MIB
|
|
;
|
|
|
|
management MODULE-IDENTITY --Category
|
|
LAST-UPDATED "201802121619Z"
|
|
ORGANIZATION "MICROSENS GmbH & Co. KG"
|
|
CONTACT-INFO
|
|
"Kueferstrasse 16
|
|
D-59067 Hamm
|
|
Germany
|
|
support@microsens.de
|
|
http://www.microsens.de"
|
|
DESCRIPTION
|
|
"Microsens private MIB for Generation 6 Ethernet Switches"
|
|
|
|
REVISION "201802121619Z"
|
|
DESCRIPTION
|
|
"File creation"
|
|
::= { g6 3 }
|
|
|
|
acl OBJECT IDENTIFIER ::= { management 51 }
|
|
|
|
|
|
|
|
-- *************************** CONFIGURATION SECTION ********************************
|
|
|
|
|
|
aclEnableAclFiltering OBJECT-TYPE -- enable_acl_filtering
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"General enable of access control list operation. Note that this function need only be enabled when port filtering is used. For wifi, dhcp or arp inspection function this enable parameter is meaningless.."
|
|
::= { acl 1 }
|
|
|
|
|
|
-- ******************* Begin of activeFilterPortConfigTable *************************
|
|
|
|
activeFilterPortConfigTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ActiveFilterPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table defines the parameter for access control of incoming data."
|
|
::= { acl 2 }
|
|
|
|
activeFilterPortConfigEntry OBJECT-TYPE
|
|
SYNTAX ActiveFilterPortConfigEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { activeFilterPortConfigPortIndex }
|
|
::= { activeFilterPortConfigTable 1 }
|
|
|
|
|
|
ActiveFilterPortConfigEntry ::= SEQUENCE {
|
|
activeFilterPortConfigPortIndex INTEGER,
|
|
activeFilterPortConfigEnableAclFiltering INTEGER ,
|
|
activeFilterPortConfigAclListName DisplayString
|
|
}
|
|
|
|
activeFilterPortConfigPortIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..31)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { activeFilterPortConfigEntry 1 }
|
|
|
|
activeFilterPortConfigEnableAclFiltering OBJECT-TYPE -- enable_acl_filtering
|
|
SYNTAX INTEGER { disabled(0), enabled(1) }
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Generally enables access control checking for this particular port. The details need to be configured in the list and rules tables."
|
|
::= { activeFilterPortConfigEntry 2 }
|
|
|
|
activeFilterPortConfigAclListName OBJECT-TYPE -- acl_list_name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the ACL (access control list) which apply to this port. Several ACL lists may be specified with a comma separated list. Example acl1, otherlist"
|
|
::= { activeFilterPortConfigEntry 3 }
|
|
|
|
|
|
-- ********************* End of activeFilterPortConfigTable ***********************
|
|
|
|
|
|
-- ******************* Begin of listTable *************************
|
|
|
|
listTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF ListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table is used to combine and group individual rules for easier reference."
|
|
::= { acl 3 }
|
|
|
|
listEntry OBJECT-TYPE
|
|
SYNTAX ListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { listIndex }
|
|
::= { listTable 1 }
|
|
|
|
|
|
ListEntry ::= SEQUENCE {
|
|
listIndex INTEGER,
|
|
listName DisplayString,
|
|
listDescription DisplayString,
|
|
listRules DisplayString
|
|
}
|
|
|
|
listIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..63)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { listEntry 1 }
|
|
|
|
listName OBJECT-TYPE -- name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique name to reference this entry and to remember whose MAC address is entered."
|
|
::= { listEntry 2 }
|
|
|
|
listDescription OBJECT-TYPE -- description
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enter any information required to remember what this rule is intended to do."
|
|
::= { listEntry 3 }
|
|
|
|
listRules OBJECT-TYPE -- rules
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Contains the names of rules that apply to this list separated by commas. Please beware of typing errors. Example: rule1,rule2,other_rule"
|
|
::= { listEntry 4 }
|
|
|
|
|
|
-- ********************* End of listTable ***********************
|
|
|
|
|
|
-- ******************* Begin of rulesTable *************************
|
|
|
|
rulesTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF RulesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"For filtering of incoming data this table defines the filter rules. The same table also applies to arp inspection. In this use this table statically defines valid MAC/IP/VLAN relationships."
|
|
::= { acl 4 }
|
|
|
|
rulesEntry OBJECT-TYPE
|
|
SYNTAX RulesEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
""
|
|
INDEX { rulesIndex }
|
|
::= { rulesTable 1 }
|
|
|
|
|
|
RulesEntry ::= SEQUENCE {
|
|
rulesIndex INTEGER,
|
|
rulesName DisplayString,
|
|
rulesDescription DisplayString,
|
|
rulesMode INTEGER ,
|
|
rulesEtherType Integer32 ,
|
|
rulesProtocol Integer32 ,
|
|
rulesVlanId Integer32 ,
|
|
rulesSourceMac MacAddress,
|
|
rulesSourceIp OCTET STRING ,
|
|
rulesSourceMask OCTET STRING ,
|
|
rulesSourcePort Integer32 ,
|
|
rulesDestinationMac MacAddress,
|
|
rulesDestinationIp OCTET STRING ,
|
|
rulesDestinationMask OCTET STRING ,
|
|
rulesDestinationPort Integer32
|
|
}
|
|
|
|
rulesIndex OBJECT-TYPE
|
|
SYNTAX INTEGER (0..127)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Automatically generated"
|
|
::= { rulesEntry 1 }
|
|
|
|
rulesName OBJECT-TYPE -- name
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique name to reference this entry and to remember whose MAC address is entered."
|
|
::= { rulesEntry 2 }
|
|
|
|
rulesDescription OBJECT-TYPE -- description
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Enter any information required to remember what this rule is intended to do."
|
|
::= { rulesEntry 3 }
|
|
|
|
rulesMode OBJECT-TYPE -- mode
|
|
SYNTAX INTEGER
|
|
{
|
|
unused (0),
|
|
permit (1),
|
|
deny (2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Use UNUSED to temporarily suspend an entry. Use ACCEPT when the matched entry should be treated as valid. Use DENY when a matched entry should be treated as invalid match."
|
|
::= { rulesEntry 4 }
|
|
|
|
rulesEtherType OBJECT-TYPE -- ether_type
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Use 2048 to match IPv4 (0x800), 34525 to match IPv6 (0x86DD). A value of 0 ignores this field. The field is also ignored for ARP inspection rules."
|
|
::= { rulesEntry 5 }
|
|
|
|
rulesProtocol OBJECT-TYPE -- protocol
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Use 6 to specifiy tcp, 17 for udp, etc. Use to ignore the protocol field. This field is also ignored for arp inspection rules."
|
|
::= { rulesEntry 6 }
|
|
|
|
rulesVlanId OBJECT-TYPE -- vlan_id
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"VLAN ID for which this entry is valid. A value of 0 ignores this field."
|
|
::= { rulesEntry 7 }
|
|
|
|
rulesSourceMac OBJECT-TYPE -- source_mac
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC address entry."
|
|
::= { rulesEntry 8 }
|
|
|
|
rulesSourceIp OBJECT-TYPE -- source_ip
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address associated with the given MAC."
|
|
::= { rulesEntry 9 }
|
|
|
|
rulesSourceMask OBJECT-TYPE -- source_mask
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask my be used to create a valid address range."
|
|
::= { rulesEntry 10 }
|
|
|
|
rulesSourcePort OBJECT-TYPE -- source_port
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"May be used to specify a specific udp/tcp port. A value of 0 ignores this field. The field is also ignored for ARP inspection rules."
|
|
::= { rulesEntry 11 }
|
|
|
|
rulesDestinationMac OBJECT-TYPE -- destination_mac
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC address entry. This field is ignored for ARP inspection rules."
|
|
::= { rulesEntry 12 }
|
|
|
|
rulesDestinationIp OBJECT-TYPE -- destination_ip
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IP address associated with the given MAC. This field is ignored for ARP inspection rules."
|
|
::= { rulesEntry 13 }
|
|
|
|
rulesDestinationMask OBJECT-TYPE -- destination_mask
|
|
SYNTAX OCTET STRING (SIZE (0..20))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask my be used to create a valid address range. This field is ignored for ARP inspection rules."
|
|
::= { rulesEntry 14 }
|
|
|
|
rulesDestinationPort OBJECT-TYPE -- destination_port
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"May be used to specify a specific udp/tcp port. A value of 0 ignores this field. The field is also ignored for ARP inspection rules."
|
|
::= { rulesEntry 15 }
|
|
|
|
|
|
-- ********************* End of rulesTable ***********************
|
|
|
|
|
|
|
|
-- ****************************** STATUS SECTION ********************************
|
|
|
|
|
|
|
|
END
|
|
|