mibs/MIBS/dlink/DLINKSW-ACL-MIB

3231 lines
134 KiB
Plaintext
Raw Permalink Normal View History

2023-12-05 12:25:34 +01:00
-- *****************************************************************
-- DLINKSW-ACL-MIB.mib : ACL MIB
--
-- Copyright (c) 2013 D-Link Corporation, all rights reserved.
--
-- *****************************************************************
DLINKSW-ACL-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Integer32,
Unsigned32,
IpAddress,
Counter64
FROM SNMPv2-SMI
MacAddress,
DisplayString,
TruthValue,
RowStatus,
TEXTUAL-CONVENTION
FROM SNMPv2-TC
MODULE-COMPLIANCE,
OBJECT-GROUP
FROM SNMPv2-CONF
InterfaceIndex,
InterfaceIndexOrZero
FROM IF-MIB
VlanId,VlanIdOrNone
FROM Q-BRIDGE-MIB
InetAddressIPv6,
InetAddressPrefixLength
FROM INET-ADDRESS-MIB
dlinkIndustrialCommon
FROM DLINK-ID-REC-MIB;
dlinkSwAclMIB MODULE-IDENTITY
LAST-UPDATED "201511260000Z"
ORGANIZATION "D-Link Corp."
CONTACT-INFO
" D-Link Corporation
Postal: No. 289, Sinhu 3rd Rd., Neihu District,
Taipei City 114, Taiwan, R.O.C
Tel: +886-2-66000123
E-mail: tsd@dlink.com.tw
"
DESCRIPTION
"The Structure of Access Control List Information for the
proprietary enterprise."
REVISION "201511260000Z"
DESCRIPTION
"Add DEFVAL for nodes dAclIpAccessRuleSrcPort,dAclIpAccessRuleQosPrecedence etc.
And correct description of node dAclReSeqIncrement."
REVISION "201507100000Z"
DESCRIPTION
"Add nodes to support vlan range, traffic class, l4 port mask operator, and mask for some nodes."
REVISION "201401210000Z"
DESCRIPTION
"Obsolete nodes dAclMacAccessRuleLlcDSAP, dAclMacAccessRuleLlcSSAP and dAclMacAccessRuleLlcCntl."
REVISION "201311130000Z"
DESCRIPTION
"Add 'deny-cpu'option for DlinkAclRuleType."
REVISION "201308200000Z"
DESCRIPTION
"Add nodes for counter function, access list remark, access list id, and some rule items."
REVISION "201302080000Z"
DESCRIPTION
"This is the first version of the MIB file for 'ACL' functionality."
::= { dlinkIndustrialCommon 28}
DlinkAclRuleType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The action type when the packets match the access profile.
permit(1)- Specifies that packets that match the access rule are
permitted to be forwarded by the switch.
deny(2) - Specifies that packets that match the access rule
are not permitted to be forwarded by the switch and will be filtered.
deny-cpu(3)- Specifies that packet that match the access rule are prevented to be
copied to CPU and redirected to CPU. And the hardware forwarding behavior
should not be affected.
"
SYNTAX INTEGER {
permit(1),
deny(2),
deny-cpu(3)
}
DlinkAclPortOperatorType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
" The type of UDP/TCP port operator indicates how a packet's
TCP/UDP source or destination port number is compared.
none(1) - No comparison.
eq (2)- equal
gt (3)- greater than.
lt (4)- less than.
neq(5)- not equal
range(6)- compares the port value between two numbers.
mask(7)- check the bit corresponding to bit value 1, ignore the bit corresponding to bit value 0.
"
SYNTAX INTEGER {
none(1),
eq(2),
gt(3),
lt(4),
neq(5),
range(6),
mask(7)
}
TcpFlag ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TCP flag fields. Each bit defined as follow:
urgent(0) - urgent.
acknowledge(1) - acknowledge.
push(2) - push,
reset(3) - reset.
synchronize(4) - synchronize.
finish (5) - finish.
"
SYNTAX BITS {
urgent(0),
acknowledge(1),
push(2),
reset(3),
synchronize(4),
finish (5)
}
-- -----------------------------------------------------------------------------
dAclMIBNotifications OBJECT IDENTIFIER ::= { dlinkSwAclMIB 0 }
dAclMIBObjects OBJECT IDENTIFIER ::= { dlinkSwAclMIB 1 }
dAclMIBConformance OBJECT IDENTIFIER ::= { dlinkSwAclMIB 2 }
-- -----------------------------------------------------------------------------
dAclGeneral OBJECT IDENTIFIER ::= { dAclMIBObjects 1 }
dAclReSeqTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclReSeqEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table consists of a list of information about how re-sequencing
the rules in access lists.
"
::= { dAclGeneral 1 }
dAclReSeqEntry OBJECT-TYPE
SYNTAX DAclReSeqEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry appears in this table for controlling the re-sequence of
an access-list."
INDEX { dAclReSeqAccessListName }
::= { dAclReSeqTable 1 }
DAclReSeqEntry ::= SEQUENCE {
dAclReSeqAccessListName DisplayString,
dAclReSeqStartingNumber Integer32,
dAclReSeqIncrement Integer32
}
dAclReSeqAccessListName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the name of an access list."
::= { dAclReSeqEntry 1 }
dAclReSeqStartingNumber OBJECT-TYPE
SYNTAX Integer32 ( 1..65535 )
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the initial value of sequence number of the corresponding
access list."
DEFVAL { 10 }
::= { dAclReSeqEntry 2 }
dAclReSeqIncrement OBJECT-TYPE
SYNTAX Integer32 ( 1..32 )
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Indicates the number that the sequence numbers step.
If the increment value is 5 and the beginning sequence number is 20,
the subsequent sequence numbers are 25, 30, 35, 40, and so on."
DEFVAL { 10 }
::= { dAclReSeqEntry 3 }
-- -----------------------------------------------------------------------------
dAclMac OBJECT IDENTIFIER ::= { dAclMIBObjects 2 }
dAclMacAccessListNumber OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of entries present in the MAC access list
table."
::= { dAclMac 1 }
dAclMacAccessListTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclMacAccessListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains information about MAC access list."
::= { dAclMac 2 }
dAclMacAccessListEntry OBJECT-TYPE
SYNTAX DAclMacAccessListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry defined in dAclMacAccessListTable. An entry is
created/removed when an MAC access list is created/deleted."
INDEX { dAclMacAccessListName }
::= { dAclMacAccessListTable 1 }
DAclMacAccessListEntry ::= SEQUENCE {
dAclMacAccessListName DisplayString,
dAclMacAccessListRowStatus RowStatus,
dAclMacAccessListId Integer32,
dAclMacAccessListCounterEnabled TruthValue,
dAclMacAccessListClearStatAction INTEGER,
dAclMacAccessListRemark DisplayString
}
dAclMacAccessListName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of the MAC access list."
::= { dAclMacAccessListEntry 1 }
dAclMacAccessListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object allows the dynamic creation and deletion of a MAC
access list."
::= { dAclMacAccessListEntry 2 }
dAclMacAccessListId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The number of the MAC access list.
If user specify value zero(0) for this node, agent will assign a number
for it. After the table created, this node should not be changed."
::= { dAclMacAccessListEntry 3 }
dAclMacAccessListCounterEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the counter state of the access list is
enabled('true') or disabled('false'). And the counter state just
for the all interface that applied the access list in
dAclMacAccessGroupTable.
"
::= { dAclMacAccessListEntry 4 }
dAclMacAccessListClearStatAction OBJECT-TYPE
SYNTAX INTEGER{
clear(1),
noOp(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to clear statistics of the access list when set
to 'clear'. No action is taken if this object is set to 'noOp'.
The 'clear' action just for the all interface that applied the access
list in dAclMacAccessGroupTable.
When read, the value 'noOp' is returned."
::= { dAclMacAccessListEntry 5 }
dAclMacAccessListRemark OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The description of the MAC access list."
::= { dAclMacAccessListEntry 6 }
-- -----------------------------------------------------------------------------
dAclMacAccessRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclMacAccessRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table consists of a list of rules for the MAC access list."
::= { dAclMac 3 }
dAclMacAccessRuleEntry OBJECT-TYPE
SYNTAX DAclMacAccessRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is defined dAclMacAccessRuleTable.
The first instance identifier index value identifies the
dAclMacAccessListEntry that a MAC access rule (dAclMacAccessRuleEntry)
belongs to. An entry is removed from this table when its
corresponding dAclMacAccessListEntry is deleted."
INDEX {
dAclMacAccessListName,
dAclMacAccessRuleSn
}
::= { dAclMacAccessRuleTable 1 }
DAclMacAccessRuleEntry ::= SEQUENCE {
dAclMacAccessRuleSn Integer32,
dAclMacAccessRuleRowStatus RowStatus,
dAclMacAccessRuleAction DlinkAclRuleType,
dAclMacAccessRuleSrcMacAddr MacAddress,
dAclMacAccessRuleSrcMacWildcard MacAddress,
dAclMacAccessRuleDstMacAddr MacAddress,
dAclMacAccessRuleDstMacWildcard MacAddress,
dAclMacAccessRulePacketType INTEGER,
dAclMacAccessRuleEthernetType Integer32,
dAclMacAccessRuleLlcDSAP Integer32,
dAclMacAccessRuleLlcSSAP Integer32,
dAclMacAccessRuleLlcCntl Integer32,
dAclMacAccessRuleDot1p Integer32,
dAclMacAccessRuleInnerDot1p Integer32,
dAclMacAccessRuleVlanID VlanIdOrNone,
dAclMacAccessRuleInnerVlanID VlanIdOrNone,
dAclMacAccessRuleTimeName DisplayString,
dAclMacAccessRuleEthernetTypeMask OCTET STRING,
dAclMacAccessRuleDot1pMask OCTET STRING,
dAclMacAccessRuleInnerDot1pMask OCTET STRING,
dAclMacAccessRuleVlanIDMask OCTET STRING,
dAclMacAccessRuleInnerVlanIDMask OCTET STRING,
dAclMacAccessRuleVlanRangeMin VlanIdOrNone,
dAclMacAccessRuleVlanRangeMax VlanIdOrNone
}
dAclMacAccessRuleSn OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies the sequence number of this rule.
The lower the number is, the higher the priority of the rule.
The special value of 0 means the sequence number will be automatically
determined by the agent."
::= { dAclMacAccessRuleEntry 1 }
dAclMacAccessRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclMacAccessRuleEntry 2 }
dAclMacAccessRuleAction OBJECT-TYPE
SYNTAX DlinkAclRuleType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the result of the packet examination is to
permit or deny or prevent to CPU.
"
::= { dAclMacAccessRuleEntry 3 }
dAclMacAccessRuleSrcMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a source MAC address."
::= { dAclMacAccessRuleEntry 4 }
dAclMacAccessRuleSrcMacWildcard OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is a wildcard bitmap to specify a group of source
MAC addresses. The bit value 1 indicates the corresponding bit will
be ignored. The bit value 0 indicates the corresponding bit will be
checked. In other words, when the value of all 'ff'Hs indicates any
source MAC address is specified. When the value of all '00'Hs indicates
host source MAC address is specified."
::= { dAclMacAccessRuleEntry 5 }
dAclMacAccessRuleDstMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a destination MAC address."
::= { dAclMacAccessRuleEntry 6 }
dAclMacAccessRuleDstMacWildcard OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is a wildcard bitmap to specify a group of destination
MAC addresses. The bit value 1 indicates the corresponding bit will
be ignored. The bit value 0 indicates the corresponding bit will be
checked. In other words, when the value of all 'ff'Hs indicates any
destination MAC address is specified. When the value of all '00'Hs
indicates host destination MAC address is specified."
::= { dAclMacAccessRuleEntry 7 }
dAclMacAccessRulePacketType OBJECT-TYPE
SYNTAX INTEGER {
none(1),
ethernet(2),
llc(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the Ethernet frame type. The value of none (1) means the
frame type is not specified."
DEFVAL { none }
::= { dAclMacAccessRuleEntry 8 }
dAclMacAccessRuleEthernetType OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the Ethernet type for an Ethernet II or SNAP packet.
The special value of -1 means the Ethernet type value is not specified.
It is only meaningful when the dAclMacAccessRulePacketType is
'ethernet'."
DEFVAL { -1 }
::= { dAclMacAccessRuleEntry 9}
dAclMacAccessRuleLlcDSAP OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"Specifies the DSAP value for the LLC packet. If the value is -1, it
means the DSAP number is not specified.
It is only meaningful when the dAclMacAccessRulePacketType is 'llc'."
DEFVAL { -1 }
::= { dAclMacAccessRuleEntry 10 }
dAclMacAccessRuleLlcSSAP OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"Specifies the SSAP value for the LLC packet. If the value is -1, it
means the SSAP number is not specified.
It is only meaningful when the dAclMacAccessRulePacketType is 'llc'."
DEFVAL { -1 }
::= { dAclMacAccessRuleEntry 11 }
dAclMacAccessRuleLlcCntl OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"Specifies the control field for the LLC packet. If the value is -1, it
means the SSAP number is not specified.
It is only meaningful when the dAclMacAccessRulePacketType is 'llc'."
DEFVAL { -1 }
::= { dAclMacAccessRuleEntry 12 }
dAclMacAccessRuleDot1p OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..7)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the priority value. The value of -1 means the priority
is not specified."
DEFVAL { -1 }
::= { dAclMacAccessRuleEntry 13 }
dAclMacAccessRuleInnerDot1p OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..7)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the inner priority value. The value of -1 means the
inner priority is not specified."
DEFVAL { -1 }
::= { dAclMacAccessRuleEntry 14 }
dAclMacAccessRuleVlanID OBJECT-TYPE
SYNTAX VlanIdOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the VLAN ID.
A value of zero indicates the VLAN ID is not specified.
This node and dAclMacAccessRuleVlanRangeMin/dAclMacAccessRuleVlanRangeMax
cannot be specified at same time in a row."
DEFVAL { 0 }
::= { dAclMacAccessRuleEntry 15 }
dAclMacAccessRuleInnerVlanID OBJECT-TYPE
SYNTAX VlanIdOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the inner VLAN ID. A value of zero indicates
the inner VLAN ID is not specified."
DEFVAL { 0 }
::= { dAclMacAccessRuleEntry 16 }
dAclMacAccessRuleTimeName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the name of time-period profile associated with
the access-list delineating its activation period.
The value 'NULL' means that this rule is not bound with any Time
mechanism."
::= { dAclMacAccessRuleEntry 17 }
dAclMacAccessRuleEthernetTypeMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for ethernet type defined by dAclMacAccessRuleEthernetType.
Valid values are from 0x0000 to 0xFFFF.
Default value is 0xFFFF.
This node is valid only for the dAclMacAccessRuleEthernetType specified."
::= { dAclMacAccessRuleEntry 18}
dAclMacAccessRuleDot1pMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for priority defined by dAclMacAccessRuleDot1p.
Valid values are from 0x00 to 0x07.
Default value is 0x07.
This node is valid only for the dAclMacAccessRuleDot1p specified."
::= { dAclMacAccessRuleEntry 19 }
dAclMacAccessRuleInnerDot1pMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for inner priority defined by dAclMacAccessRuleInnerDot1p.
Valid values are from 0x00 to 0x07.
Default value is 0x07.
This node is valid only for the dAclMacAccessRuleInnerDot1p specified."
::= { dAclMacAccessRuleEntry 20 }
dAclMacAccessRuleVlanIDMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for VLAN ID defined by dAclMacAccessRuleVlanID.
Valid values are from 0x0000 to 0x0FFF.
This node and dAclMacAccessRuleVlanRangeMin/dAclMacAccessRuleVlanRangeMax
cannot be specified at same time in a row.
Default value is 0x0FFF.
This node is valid only for the dAclMacAccessRuleVlanID specified."
::= { dAclMacAccessRuleEntry 21 }
dAclMacAccessRuleInnerVlanIDMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for inner VLAN ID defined by dAclMacAccessRuleInnerVlanID.
Valid values are from 0x0000 to 0x0FFF.
Default value is 0x0FFF.
This node is valid only for the dAclMacAccessRuleInnerVlanID specified."
::= { dAclMacAccessRuleEntry 22 }
dAclMacAccessRuleVlanRangeMin OBJECT-TYPE
SYNTAX VlanIdOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the minimum outer VLAN ID of a VLAN range. A value of zero
indicates the VLAN range is not specified.
This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
be specified at same time in a row.
This node is valid only for the dAclMacAccessRuleVlanRangeMax specified."
DEFVAL { 0 }
::= { dAclMacAccessRuleEntry 23 }
dAclMacAccessRuleVlanRangeMax OBJECT-TYPE
SYNTAX VlanIdOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the maximum outer VLAN ID of a VLAN range. A value of zero
indicates the VLAN range is not specified.
This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
be specified at same time in a row.
This node is valid only for the dAclMacAccessRuleVlanRangeMin specified."
DEFVAL { 0 }
::= { dAclMacAccessRuleEntry 24 }
-- -----------------------------------------------------------------------------
dAclMacAccessGroupTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclMacAccessGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table represents a list of MAC access group configuration."
::= { dAclMac 4 }
dAclMacAccessGroupEntry OBJECT-TYPE
SYNTAX DAclMacAccessGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in dAclMacAccessGroupTable contains interface specific
MAC access list association."
INDEX { dAclMacAccessGroupIfIndex, dAclMacAccessGroupApplyDirection }
::= { dAclMacAccessGroupTable 1 }
DAclMacAccessGroupEntry ::= SEQUENCE {
dAclMacAccessGroupIfIndex InterfaceIndex,
dAclMacAccessGroupApplyDirection INTEGER,
dAclMacAccessGroupRowStatus RowStatus,
dAclMacAccessGroupAclName DisplayString,
dAclMacAccessGroupAclId Integer32
}
dAclMacAccessGroupIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the ifIndex of the interface.
Only physical port is valid interface."
::= { dAclMacAccessGroupEntry 1 }
dAclMacAccessGroupApplyDirection OBJECT-TYPE
SYNTAX INTEGER{
inbound(1),
outbound(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this access list is to be attached to ingress
or egress direction."
::= { dAclMacAccessGroupEntry 2 }
dAclMacAccessGroupRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclMacAccessGroupEntry 3 }
dAclMacAccessGroupAclName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The name of the MAC access list to be applied.
"
::= { dAclMacAccessGroupEntry 4 }
dAclMacAccessGroupAclId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The ID of the MAC access list to be applied.
User maybe specify access list ID(by this object) or name (by
dAclMacAccessGroupAclName) to be applied. If both access list
ID and name are specified, the access list name specified by
dAclMacAccessGroupAclName will be take.
"
::= { dAclMacAccessGroupEntry 5 }
-- -----------------------------------------------------------------------------
dAclIp OBJECT IDENTIFIER ::= { dAclMIBObjects 3 }
dAclIpAccessListNumber OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of entries present in the IP access list
table."
::= { dAclIp 1 }
dAclIpAccessListTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclIpAccessListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains IP access list configuration."
::= { dAclIp 2 }
dAclIpAccessListEntry OBJECT-TYPE
SYNTAX DAclIpAccessListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry defined in dAclIpAccessListTable. An entry is
created/removed when an IP access list is created/deleted."
INDEX { dAclIpAccessListName }
::= { dAclIpAccessListTable 1 }
DAclIpAccessListEntry ::= SEQUENCE {
dAclIpAccessListName DisplayString,
dAclIpAccessListRowStatus RowStatus,
dAclIpAccessExtended TruthValue,
dAclIpAccessListId Integer32,
dAclIpAccessListCounterEnabled TruthValue,
dAclIpAccessListClearStatAction INTEGER,
dAclIpAccessListRemark DisplayString
}
dAclIpAccessListName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of the IP access list."
::= { dAclIpAccessListEntry 1 }
dAclIpAccessListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object allows the dynamic creation and
deletion of an IP access list."
::= { dAclIpAccessListEntry 2 }
dAclIpAccessExtended OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the IP access list is extended ('true') or
standard ('false').
A standard ip access list means only IP address related i.e.
source or destination IP address is specified for the filter.
For an extended IP access list, more fields can be chosen for the
filter."
::= { dAclIpAccessListEntry 3 }
dAclIpAccessListId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The number of the IP access list.
If user specify value zero(0) for this node, agent will assign a number
for it. After the table created, this node should not be changed."
::= { dAclIpAccessListEntry 4 }
dAclIpAccessListCounterEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the counter state of the access list is
enabled('true') or disabled('false'). And the counter just for
the all interface that applied the access list in
dAclIpAccessGroupTable."
::= { dAclIpAccessListEntry 5 }
dAclIpAccessListClearStatAction OBJECT-TYPE
SYNTAX INTEGER{
clear(1),
noOp(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to clear statistics of the access list when set
to 'clear'. No action is taken if this object is set to 'noOp'.
The 'clear' action just for the all interface that applied the access
list in dAclIpAccessGroupTable.
When read, the value 'noOp' is returned."
::= { dAclIpAccessListEntry 6 }
dAclIpAccessListRemark OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The description of the IP access list."
::= { dAclIpAccessListEntry 7 }
-- -----------------------------------------------------------------------------
dAclIpAccessRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclIpAccessRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of IP access rules for IP access lists."
::= { dAclIp 3}
dAclIpAccessRuleEntry OBJECT-TYPE
SYNTAX DAclIpAccessRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is defined dAclIpAccessRuleTable.
The first instance identifier index value identifies the
dAclIpAccessListEntry that an IP access rule (dAclIpAccessRuleEntry)
belongs to. An entry is removed from this table when its
corresponding dAclIpAccessRuleEntry is deleted."
INDEX {
dAclIpAccessListName,
dAclIpAccessRuleSn
}
::= { dAclIpAccessRuleTable 1 }
DAclIpAccessRuleEntry ::= SEQUENCE {
dAclIpAccessRuleSn Integer32,
dAclIpAccessRuleRowStatus RowStatus,
dAclIpAccessRuleAction DlinkAclRuleType,
dAclIpAccessRuleProtocol INTEGER,
dAclIpAccessRuleUserDefProtocol Integer32,
dAclIpAccessRuleSrcAddr IpAddress,
dAclIpAccessRuleSrcWildcard IpAddress,
dAclIpAccessRuleDstAddr IpAddress,
dAclIpAccessRuleDstWildcard IpAddress,
dAclIpAccessRuleSrcOperator DlinkAclPortOperatorType,
dAclIpAccessRuleSrcPort Integer32,
dAclIpAccessRuleSrcPortRange Integer32,
dAclIpAccessRuleDstOperator DlinkAclPortOperatorType,
dAclIpAccessRuleDstPort Integer32,
dAclIpAccessRuleDstPortRange Integer32,
dAclIpAccessRuleQosPrecedence Integer32,
dAclIpAccessRuleQosTos Integer32,
dAclIpAccessRuleQosDscp Integer32,
dAclIpAccessRuleIcmpType Integer32,
dAclIpAccessRuleIcmpCode Integer32,
dAclIpAccessRuleTimeName DisplayString,
dAclIpAccRuleTcpFlag TcpFlag,
dAclIpAccRuleFragments TruthValue,
dAclIpAccRuleUserDefProtocolMask OCTET STRING,
dAclIpAccRuleSrcPortMask OCTET STRING,
dAclIpAccRuleDstPortMask OCTET STRING,
dAclIpAccRuleQosPrecedenceMask OCTET STRING,
dAclIpAccRuleQosTosMask OCTET STRING,
dAclIpAccRuleQosDscpMask OCTET STRING
}
dAclIpAccessRuleSn OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies the sequence number of this rule.
The lower the number is, the higher the priority of the rule.
The special value of 0 means the sequence number will be automatically
determined by the agent."
::= { dAclIpAccessRuleEntry 1 }
dAclIpAccessRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclIpAccessRuleEntry 2 }
dAclIpAccessRuleAction OBJECT-TYPE
SYNTAX DlinkAclRuleType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the result of the packet examination is to
permit or deny or prevent to CPU."
::= { dAclIpAccessRuleEntry 3 }
dAclIpAccessRuleProtocol OBJECT-TYPE
SYNTAX INTEGER {
none(0),
userDefine(1),
tcp(2),
udp(3),
icmp(4),
gre(5),
esp(6),
eigrp(7),
igmp(8),
ospf(9),
pim(10),
vrrp(11),
ipinip(12),
pcp(13)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the IP protocol."
::= { dAclIpAccessRuleEntry 4 }
dAclIpAccessRuleUserDefProtocol OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the user defined protocol ID when the dAclIpAccessRuleProtocol
is 'userDefine (1)'. The value of -1 means the user defined protocol ID
is not specified."
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 5 }
dAclIpAccessRuleSrcAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a source IP address."
::= { dAclIpAccessRuleEntry 6 }
dAclIpAccessRuleSrcWildcard OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is a wildcard bitmap to specify a group of source IP
addresses. The bit value 1 indicates the corresponding bit will
be ignored. The bit value 0 indicates the corresponding bit will be
checked. In other words, when the value of all 'ff'Hs indicates any
IP source address is specified. When the value of all '00'Hs indicates
host IP source address is specified."
::= { dAclIpAccessRuleEntry 7 }
dAclIpAccessRuleDstAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a destination IP address."
::= { dAclIpAccessRuleEntry 8 }
dAclIpAccessRuleDstWildcard OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is a wildcard bitmap to specify a group of destination IP
addresses. The bit value 1 indicates the corresponding bit will
be ignored. The bit value 0 indicates the corresponding bit will be
checked. In other words, when the value of all 'ff'Hs indicates any
IP destination address is specified. When the value of all '00'Hs indicates
host IP destination address is specified."
::= { dAclIpAccessRuleEntry 9 }
dAclIpAccessRuleSrcOperator OBJECT-TYPE
SYNTAX DlinkAclPortOperatorType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates how a packet's source TCP/UDP port number is
compared.
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
the dAclIpAccessRuleSrcPort as an operand which is the only one needed.
When the value of this object is range(6) needs 2 operands. One is
dAclIpAccessRuleSrcPort, which is the starting port number of the
range, and the other operand is dAclIpAccessRuleSrcPortRange,
which is the ending port number of the range.
When the value of this object is mask(7) needs 2 operands. One is
dAclIpAccessRuleSrcPort, the other operand is dAclIpAccRuleSrcPortMask.
This object is used for TCP/UDP protocol only, hence when the object
'dAclIpAccessRuleProtocol' is set to other than TCP/UDP, the object has
to be 'none(1)'."
::= { dAclIpAccessRuleEntry 10 }
dAclIpAccessRuleSrcPort OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the source port number of TCP/UDP protocol.
If the value is -1, it means the value is not specified.
If the dAclIpAccessRuleSrcOperator object in the same row is
range(6), this object will be the starting port number of the port
range.
This object only can be configured dAclIpAccessRuleSrcOperator in
the same row is not 'none(1)'."
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 11 }
dAclIpAccessRuleSrcPortRange OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source port number of the TCP/UDP protocol. If the
dAclIpAccessRuleSrcOperator object in the same row is range(6), this
object will be the ending port number of the port range.
The value of -1 means the ending port number is not specified."
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 12 }
dAclIpAccessRuleDstOperator OBJECT-TYPE
SYNTAX DlinkAclPortOperatorType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates how a packet's TCP/UDP destination port number is
compared.
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
the dAclIpAccessRuleSrcPort as an operand which is the only one needed.
When the value of this object is range(6) needs 2 operands. One is
dAclIpAccessRuleSrcPort, which is the starting port number of the
range, and the other operand is dAclIpAccessRuleDstPortRange,
which is the ending port number of the range.
When the value of this object is mask(7) needs 2 operands. One is
dAclIpAccessRuleDstPort, the other operand is dAclIpAccRuleDstPortMask.
This object is used for TCP/UDP protocol only, hence when the object
'dAclIpAccessRuleProtocol' is set to other than TCP/UDP, the object has
to be 'none(1)'."
::= { dAclIpAccessRuleEntry 13 }
dAclIpAccessRuleDstPort OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the destination port number of TCP/UDP protocol.
If the value is -1, it means the value is not specified.
If the dAclIpAccessRuleDstOperator object in the same row is
range(6), this object will be the starting port number of the port
range.
This object only can be configured dAclIpAccessRuleDstOperator in
the same row is not 'none(1)'."
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 14 }
dAclIpAccessRuleDstPortRange OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination port number of the TCP/UDP protocol. If the
dAclIpAccessRuleDstOperator object in the same row is range(6), this
object will be the ending port number of the port range.
The value of -1 means the ending port number is not specified."
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 15 }
dAclIpAccessRuleQosPrecedence OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..7)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the value of precedence.
The value of -1 means the value is not specified or not applicable.
dAclIpAccessRuleQosPrecedence and dAclIpAccessRuleQosDscp cannot
be specified at same time in a row."
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 16 }
dAclIpAccessRuleQosTos OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..15)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the value of type of service.
The value of -1 means the value is not specified or not applicable.
dAclIpAccessRuleQosTos and dAclIpAccessRuleQosDscp cannot
be specified at same time in a row."
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 17 }
dAclIpAccessRuleQosDscp OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..63)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the value of DSCP code.
The value of -1 means the value is not specified or not applicable.
Neither dAclIpAccessRuleQosPrecedence nor dAclIpAccessRuleQosTos
cannot be specified with dAclIpAccessRuleQosDscp at same time
in a row.
"
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 18 }
dAclIpAccessRuleIcmpType OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the type of ICMP protocol.
If the value is -1, it means the value is not specified.
This object is used for ICMP protocol only, hence when the object
'dAclIpAccessRuleProtocol' is set to other than ICMP, the object has
to be -1."
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 19 }
dAclIpAccessRuleIcmpCode OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the code of ICMP protocol.
If the value is -1, it means the value is not specified.
This object is used for ICMP protocol only, hence when the object
'dAclIpAccessRuleProtocol' is set to other than ICMP, the object has
to be -1."
DEFVAL { -1 }
::= { dAclIpAccessRuleEntry 20 }
dAclIpAccessRuleTimeName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the name of time-period profile associated with the
access-list delineating its activation period.
The value 'NULL' means that this rule is not bound with any Time
mechanism."
::= { dAclIpAccessRuleEntry 21 }
dAclIpAccRuleTcpFlag OBJECT-TYPE
SYNTAX TcpFlag
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the TCP flag fields.
This node is available only for TCP protocol.
The default value for this node is empty set, which means no TCP flag
values are set.
"
::= { dAclIpAccessRuleEntry 22 }
dAclIpAccRuleFragments OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the Packet fragment filtering status
is enabled('true') or disabled('false').
"
::= { dAclIpAccessRuleEntry 23 }
dAclIpAccRuleUserDefProtocolMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for protocol ID defined by dAclIpAccessRuleUserDefProtocol.
Valid values are from 0x00 to 0xFF.
Default value is 0xFF.
This node is valid only for the dAclIpAccessRuleUserDefProtocol specified."
::= { dAclIpAccessRuleEntry 24 }
dAclIpAccRuleSrcPortMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for L4 source port defined by dAclIpAccessRuleSrcPort.
Valid values are from 0x0 to 0xFFFF.
Default value is 0xFFFF.
This object only can be configured dAclIpAccessRuleSrcOperator in the
same row is 'mask(7)'.
This node is valid only for the dAclIpAccessRuleSrcPort specified."
::= { dAclIpAccessRuleEntry 25 }
dAclIpAccRuleDstPortMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for L4 destination port defined by dAclIpAccessRuleDstPort.
Valid values are from 0x0 to 0xFFFF.
Default value is 0xFFFF.
This object only can be configured dAclIpAccessRuleDstOperator in the
same row is 'mask(7)'.
This node is valid only for the dAclIpAccessRuleDstPort specified."
::= { dAclIpAccessRuleEntry 26 }
dAclIpAccRuleQosPrecedenceMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for ip precedence defined by dAclIpAccessRuleQosPrecedence.
Valid values are from 0x0 to 0x7.
Default value is 0x7.
This node is valid only for the dAclIpAccessRuleQosPrecedence specified."
::= { dAclIpAccessRuleEntry 27 }
dAclIpAccRuleQosTosMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for type of service defined by dAclIpAccessRuleQosTos.
Valid values are from 0x0 to 0xF.
Default value is 0xF.
This node is valid only for the dAclIpAccessRuleQosTos specified."
::= { dAclIpAccessRuleEntry 28 }
dAclIpAccRuleQosDscpMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for DSCP code defined by dAclIpAccessRuleQosDscp.
Valid values are from 0x0 to 0x3F.
Default value is 0x3F.
This node is valid only for the dAclIpAccessRuleQosDscp specified."
::= { dAclIpAccessRuleEntry 29 }
-- -----------------------------------------------------------------------------
dAclIpAccessGroupTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclIpAccessGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table represents a list of IP access group configuration."
::= { dAclIp 4 }
dAclIpAccessGroupEntry OBJECT-TYPE
SYNTAX DAclIpAccessGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in dAclIpAccessGroupTable contains interface specific
IP access list association."
INDEX { dAclIpAccessGroupIfIndex,dAclIpAccessGroupApplyDirection}
::= { dAclIpAccessGroupTable 1 }
DAclIpAccessGroupEntry ::= SEQUENCE {
dAclIpAccessGroupIfIndex InterfaceIndex,
dAclIpAccessGroupApplyDirection INTEGER,
dAclIpAccessGroupStatus RowStatus,
dAclIpAccessGroupAclName DisplayString,
dAclIpAccessGroupAclId Integer32
}
dAclIpAccessGroupIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the ifIndex of the interface.
Only physical port is valid interface."
::= { dAclIpAccessGroupEntry 1 }
dAclIpAccessGroupApplyDirection OBJECT-TYPE
SYNTAX INTEGER{
inbound(1),
outbound(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this access list is to be attached to ingress or egress direction."
::= { dAclIpAccessGroupEntry 2 }
dAclIpAccessGroupStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclIpAccessGroupEntry 3 }
dAclIpAccessGroupAclName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The name of the IP access list to be applied."
::= { dAclIpAccessGroupEntry 4 }
dAclIpAccessGroupAclId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The ID of the IP access list to be applied.
User maybe specify access list ID(by this object) or name (by
dAclIpAccessGroupAclName) to be applied. If both access list
ID and name are specified, the access list name specified by
dAclIpAccessGroupAclName will be take.
"
::= { dAclIpAccessGroupEntry 5 }
-- -----------------------------------------------------------------------------
dAclIPv6 OBJECT IDENTIFIER ::= { dAclMIBObjects 4 }
dAclIPv6AccessListNumber OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of entries present in the IPv6 access list
table."
::= { dAclIPv6 1 }
dAclIPv6AccessListTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclIPv6AccessListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains IPv6 access list configuration."
::= { dAclIPv6 2 }
dAclIPv6AccessListEntry OBJECT-TYPE
SYNTAX DAclIPv6AccessListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry defined in dAclIPv6AccessListTable. An entry is
created/removed when an IPv6 access list is created/deleted."
INDEX { dAclIPv6AccessListName }
::= { dAclIPv6AccessListTable 1 }
DAclIPv6AccessListEntry ::= SEQUENCE {
dAclIPv6AccessListName DisplayString,
dAclIPv6AccessListRowStatus RowStatus,
dAclIPv6AccessExtended TruthValue,
dAclIPv6AccessListId Integer32,
dAclIPv6AccessListCounterEnabled TruthValue,
dAclIPv6AccessListClearStatAction INTEGER,
dAclIPv6AccessListRemark DisplayString
}
dAclIPv6AccessListName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of the IPv6 access list."
::= { dAclIPv6AccessListEntry 1 }
dAclIPv6AccessListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object allows the dynamic creation and
deletion of an IPv6 access list."
::= { dAclIPv6AccessListEntry 2 }
dAclIPv6AccessExtended OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the IPv6 access list is extended ('true') or
standard ('false').
A standard ip access list means only IPv6 address related i.e.
source or destination IPv6 address is specified for the filter.
For an extended IPv6 access list, more fields can be chosen for the
filter."
::= { dAclIPv6AccessListEntry 3 }
dAclIPv6AccessListId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The number of the IPv6 access list."
::= { dAclIPv6AccessListEntry 4 }
dAclIPv6AccessListCounterEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the counter state of the access list is
enabled('true') or disabled('false'). And the counter just for
the all interface that applied the access list in
dAclIPv6AccessGroupTable."
::= { dAclIPv6AccessListEntry 5 }
dAclIPv6AccessListClearStatAction OBJECT-TYPE
SYNTAX INTEGER{
clear(1),
noOp(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to clear statistics of the access list when set
to 'clear'. No action is taken if this object is set to 'noOp'.
The 'clear' action just for the all interface that applied the access
list in dAclIPv6AccessGroupTable.
When read, the value 'noOp' is returned."
::= { dAclIPv6AccessListEntry 6 }
dAclIPv6AccessListRemark OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The description of the IPv6 access list."
::= { dAclIPv6AccessListEntry 7 }
-- -----------------------------------------------------------------------------
dAclIPv6AccessRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclIPv6AccessRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of IPv6 access rules for IPv6 access lists."
::= { dAclIPv6 3}
dAclIPv6AccessRuleEntry OBJECT-TYPE
SYNTAX DAclIPv6AccessRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is defined dAclIPv6AccessRuleTable.
The first instance identifier index value identifies the
dAclIPv6AccessListEntry that an IPv6 access rule (dAclIPv6AccessRuleEntry)
belongs to. An entry is removed from this table when its
corresponding dAclIPv6AccessRuleEntry is deleted."
INDEX {
dAclIPv6AccessListName,
dAclIPv6AccessRuleSn
}
::= { dAclIPv6AccessRuleTable 1 }
DAclIPv6AccessRuleEntry ::= SEQUENCE {
dAclIPv6AccessRuleSn Integer32,
dAclIPv6AccessRuleRowStatus RowStatus,
dAclIPv6AccessRuleAction DlinkAclRuleType,
dAclIPv6AccessRuleProtocol INTEGER,
dAclIPv6AccessRuleUserDefProtocol Integer32,
dAclIPv6AccessRuleSrcAddr InetAddressIPv6,
dAclIPv6AccessRuleSrcPrefixLen InetAddressPrefixLength,
dAclIPv6AccessRuleDstAddr InetAddressIPv6,
dAclIPv6AccessRuleDstPrefixLen InetAddressPrefixLength,
dAclIPv6AccessRuleDstOperator DlinkAclPortOperatorType,
dAclIPv6AccessRuleSrcOperator DlinkAclPortOperatorType,
dAclIPv6AccessRuleSrcPort Integer32,
dAclIPv6AccessRuleSrcPortRange Integer32,
dAclIPv6AccessRuleDstPort Integer32,
dAclIPv6AccessRuleDstPortRange Integer32,
dAclIPv6AccessRuleDscp Integer32,
dAclIPv6AccessRuleIcmpType Integer32,
dAclIPv6AccessRuleIcmpCode Integer32,
dAclIPv6AccessRuleTimeName DisplayString,
dAclIPv6AccRuleTcpFlag TcpFlag,
dAclIPv6AccRuleFragments TruthValue,
dAclIPv6AccRuleFlowLabel Integer32,
dAclIPv6AccRuleTrafficClass Integer32,
dAclIPv6AccRuleUserDefProtocolMask OCTET STRING,
dAclIPv6AccRuleSrcPortMask OCTET STRING,
dAclIPv6AccRuleDstPortMask OCTET STRING,
dAclIPv6AccRuleDscpMask OCTET STRING,
dAclIPv6AccRuleFlowLabelMask OCTET STRING,
dAclIPv6AccRuleTrafficClassMask OCTET STRING
}
dAclIPv6AccessRuleSn OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies the sequence number of this rule.
The lower the number is, the higher the priority of the rule.
The special value of 0 means the sequence number will be automatically
determined by the agent."
::= { dAclIPv6AccessRuleEntry 1 }
dAclIPv6AccessRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclIPv6AccessRuleEntry 2 }
dAclIPv6AccessRuleAction OBJECT-TYPE
SYNTAX DlinkAclRuleType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the result of the packet examination is to
permit or deny or prevent to CPU."
::= { dAclIPv6AccessRuleEntry 3 }
dAclIPv6AccessRuleProtocol OBJECT-TYPE
SYNTAX INTEGER {
none(0),
userDefine(1),
tcp(2),
udp(3),
icmp(4),
esp(5),
pcp(6),
sctp(7)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the IP protocol."
::= { dAclIPv6AccessRuleEntry 4 }
dAclIPv6AccessRuleUserDefProtocol OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the user defined protocol ID when the
dAclIPv6AccessRuleProtocol is 'userDefine (1)'.
The value of -1 means the user defined protocol ID is not
specified."
DEFVAL { -1 }
::= { dAclIPv6AccessRuleEntry 5 }
dAclIPv6AccessRuleSrcAddr OBJECT-TYPE
SYNTAX InetAddressIPv6
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a source IPv6 address."
::= { dAclIPv6AccessRuleEntry 6 }
dAclIPv6AccessRuleSrcPrefixLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the length in bits of source IPv6 address will be
matched. In other words, the value of 0 indicates any source
IPv6 address is specified. When the value of 128 indicates
host IPv6 source address is specified."
::= { dAclIPv6AccessRuleEntry 7 }
dAclIPv6AccessRuleDstAddr OBJECT-TYPE
SYNTAX InetAddressIPv6
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a destination IPv6 address."
::= { dAclIPv6AccessRuleEntry 8 }
dAclIPv6AccessRuleDstPrefixLen OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the length in bits of destination IPv6 address will be
matched. In other words, the value of 0 indicates any destination
IPv6 address is specified. When the value of 128 indicates
host IPv6 destination address is specified."
::= { dAclIPv6AccessRuleEntry 9 }
dAclIPv6AccessRuleSrcOperator OBJECT-TYPE
SYNTAX DlinkAclPortOperatorType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates how a packet's TCP/UDP source port number is
compared.
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
the dAclIPv6AccessRuleSrcPort as an operand which is the only one needed.
When the value of this object is range(6) needs 2 operands. One is
dAclIPv6AccessRuleSrcPort, which is the starting port number of the
range, and the other operand is dAclIPv6AccessRuleSrcPortRange,
which is the ending port number of the range.
When the value of this object is mask(7) needs 2 operands. One is
dAclIPv6AccessRuleSrcPort, the other operand is dAclIPv6AccessRuleSrcPortMask.
This object is used for TCP/UDP protocol only, hence when the object
'dAclIPv6AccessRuleProtocol' is set to other than TCP/UDP, the object has
to be 'none(1)'."
::= { dAclIPv6AccessRuleEntry 10 }
dAclIPv6AccessRuleSrcPort OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the source port number of TCP/UDP protocol.
If the value is -1, it means the value is not specified.
If the dAclIPv6AccessRuleSrcOperator object in the same row is
range(6), this object will be the starting port number of the port
range.
This object only can be configured dAclIPv6AccessRuleSrcOperator in
the same row is not 'none(1)'."
DEFVAL { -1 }
::= { dAclIPv6AccessRuleEntry 11 }
dAclIPv6AccessRuleSrcPortRange OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source port number of the TCP/UDP protocol. If the
dAclIPv6AccessRuleSrcOperator object in the same row is range(6), this
object will be the ending port number of the port range.
The value of -1 means the ending port number is not specified."
DEFVAL { -1 }
::= { dAclIPv6AccessRuleEntry 12 }
dAclIPv6AccessRuleDstOperator OBJECT-TYPE
SYNTAX DlinkAclPortOperatorType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates how a packet's TCP/UDP destination port number is
compared.
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
the dAclIPv6AccessRuleDstPort as an operand which is the only one needed.
When the value of this object is range(6) needs 2 operands. One is
dAclIPv6AccessRuleDstPort, which is the starting port number of the
range, and the other operand is dAclIPv6AccessRuleDstPortRange,
which is the ending port number of the range.
When the value of this object is mask(7) needs 2 operands. One is
dAclIPv6AccessRuleDstPort, the other operand is dAclIPv6AccessRuleDstPortMask.
This object is used for TCP/UDP protocol only, hence when the object
'dAclIPv6AccessRuleProtocol' is set to other than TCP/UDP, the object has
to be 'none(1)'."
::= { dAclIPv6AccessRuleEntry 13 }
dAclIPv6AccessRuleDstPort OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the destination port number of TCP/UDP protocol.
If the value is -1, it means the value is not specified.
If the dAclIPv6AccessRuleDstOperator object in the same row is
range(6), this object will be the starting port number of the port
range.
This object only can be configured dAclIPv6AccessRuleDstOperator in
the same row is not 'none(1)'."
DEFVAL { -1 }
::= { dAclIPv6AccessRuleEntry 14 }
dAclIPv6AccessRuleDstPortRange OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination port number of the TCP/UDP protocol. If the
dAclIPv6AccessRuleDstOperator object in the same row is range(6), this
object will be the ending port number of the port range.
The value of -1 means the ending port number is not specified."
::= { dAclIPv6AccessRuleEntry 15 }
dAclIPv6AccessRuleDscp OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 .. 63)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the matching DSCP code value in IPv6 header.
The value of -1 means the DSCP value is not specified."
DEFVAL { -1 }
::= { dAclIPv6AccessRuleEntry 16 }
dAclIPv6AccessRuleIcmpType OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the type of ICMP protocol.
The value of -1 means the ICMP type is not specified.
This object is used for ICMP protocol only, hence when the object
'dAclIPv6AccessRuleProtocol' is set to other than ICMP, the object has
to be -1."
DEFVAL { -1 }
::= { dAclIPv6AccessRuleEntry 17 }
dAclIPv6AccessRuleIcmpCode OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the code of ICMP protocol.
If the value is -1, it means the value is not specified.
This object is used for ICMP protocol only, hence when the object
'dAclIPv6AccessRuleProtocol' is set to other than ICMP, the object has
to be -1."
DEFVAL { -1 }
::= { dAclIPv6AccessRuleEntry 18 }
dAclIPv6AccessRuleTimeName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the name of time-period profile associated with the
access-list delineating its activation period.
The value 'NULL' means that this rule is not bound with any Time
mechanism."
::= { dAclIPv6AccessRuleEntry 19 }
dAclIPv6AccRuleTcpFlag OBJECT-TYPE
SYNTAX TcpFlag
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the TCP flag fields. And this node is available only for TCP protocol.
The default value for this node is empty set, which means no TCP flag values are set.
"
::= { dAclIPv6AccessRuleEntry 20 }
dAclIPv6AccRuleFragments OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the Packet fragment filtering status
is enabled('true') or disabled('false')."
::= { dAclIPv6AccessRuleEntry 21 }
dAclIPv6AccRuleFlowLabel OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..1048575)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the Flow label value.
The value of -1 means the flow-label value is not specified.
"
DEFVAL { -1 }
::= { dAclIPv6AccessRuleEntry 22 }
dAclIPv6AccRuleTrafficClass OBJECT-TYPE
SYNTAX Integer32 (-1 | 0 .. 255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the matching traffic class value in IPv6 header.
The value of -1 means the traffic class value is not specified.
This node and dAclIPv6AccessRuleDscp cannot be specified at same time in a row.
"
DEFVAL { -1 }
::= { dAclIPv6AccessRuleEntry 23 }
dAclIPv6AccRuleUserDefProtocolMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for protocol ID defined by dAclIPv6AccessRuleUserDefProtocol.
Valid values are from 0x00 to 0xFF.
Default value is 0xFF.
This node is valid only for the dAclIPv6AccessRuleUserDefProtocol specified."
::= { dAclIPv6AccessRuleEntry 24 }
dAclIPv6AccRuleSrcPortMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for L4 source port defined by dAclIPv6AccessRuleSrcPort.
Valid values are from 0x0 to 0xFFFF.
Default value is 0xFFFF.
This object only can be configured dAclIPv6AccessRuleSrcOperator in the
same row is 'mask(7)'.
This node is valid only for the dAclIPv6AccessRuleSrcPort specified."
::= { dAclIPv6AccessRuleEntry 25 }
dAclIPv6AccRuleDstPortMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for L4 destination port defined by dAclIPv6AccessRuleDstPort.
Valid values are from 0x0 to 0xFFFF.
Default value is 0xFFFF.
This object only can be configured dAclIPv6AccessRuleDstOperator in the
same row is 'mask(7)'.
This node is valid only for the dAclIPv6AccessRuleDstPort specified."
::= { dAclIPv6AccessRuleEntry 26 }
dAclIPv6AccRuleDscpMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for DSCP code defined by dAclIPv6AccessRuleDscp.
Valid values are from 0x0 to 0x3F.
Default value is 0x3F.
This node is valid only for the dAclIPv6AccessRuleDscp specified."
::= { dAclIPv6AccessRuleEntry 27 }
dAclIPv6AccRuleFlowLabelMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(3))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for Flow label value defined by dAclIPv6AccRuleFlowLabel.
Valid values are from 0x0 to 0xFFFFF.
Default value is 0xFFFFF.
This node is valid only for the dAclIPv6AccRuleFlowLabel specified."
::= { dAclIPv6AccessRuleEntry 28 }
dAclIPv6AccRuleTrafficClassMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for traffic class defined by dAclIPv6AccRuleTrafficClass.
Valid values are from 0x0 to 0xFF.
Default value is 0xFF.
This node is valid only for the dAclIPv6AccRuleTrafficClass specified."
::= { dAclIPv6AccessRuleEntry 29 }
-- -----------------------------------------------------------------------------
dAclIPv6AccessGroupTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclIPv6AccessGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table represents a list of IPv6 access group configuration."
::= { dAclIPv6 4 }
dAclIPv6AccessGroupEntry OBJECT-TYPE
SYNTAX DAclIPv6AccessGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in dAclIPv6AccessGroupTable contains interface specific
IPv6 access list association."
INDEX { dAclIPv6AccessGroupIfIndex, dAclIpv6AccessGroupApplyDirection }
::= { dAclIPv6AccessGroupTable 1 }
DAclIPv6AccessGroupEntry ::= SEQUENCE {
dAclIPv6AccessGroupIfIndex InterfaceIndex,
dAclIpv6AccessGroupApplyDirection INTEGER,
dAclIPv6AccessGroupStatus RowStatus,
dAclIPv6AccessGroupAclName DisplayString,
dAclIPv6AccessGroupAclId Integer32
}
dAclIPv6AccessGroupIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the ifIndex of the interface.
Only physical port is valid interface."
::= { dAclIPv6AccessGroupEntry 1 }
dAclIpv6AccessGroupApplyDirection OBJECT-TYPE
SYNTAX INTEGER{
inbound(1),
outbound(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this ACL access list is to be attached to ingress or egress direction."
::= { dAclIPv6AccessGroupEntry 2 }
dAclIPv6AccessGroupStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclIPv6AccessGroupEntry 3 }
dAclIPv6AccessGroupAclName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The name of the IPv6 access list to be applied."
::= { dAclIPv6AccessGroupEntry 4 }
dAclIPv6AccessGroupAclId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The ID of the IPv6 access list to be applied.
User maybe specify access list ID(by this object) or name (by
dAclIPv6AccessGroupAclName) to be applied. If both access list
ID and name are specified, the access list name specified by
dAclIPv6AccessGroupAclName will be take.
"
::= { dAclIPv6AccessGroupEntry 5 }
-- -----------------------------------------------------------------------------
dAclExpert OBJECT IDENTIFIER ::= { dAclMIBObjects 5 }
dAclExpertAccessListNumber OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of entries present in the extended expert
access list table."
::= { dAclExpert 1 }
dAclExpertAccessListTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclExpertAccessListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains information about extended expert access list."
::= { dAclExpert 2 }
dAclExpertAccessListEntry OBJECT-TYPE
SYNTAX DAclExpertAccessListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry defined in dAclExpertAccessListTable. An entry is
created/removed when an extended expert access list is
created/deleted."
INDEX { dAclExpertAccessListName }
::= { dAclExpertAccessListTable 1 }
DAclExpertAccessListEntry ::= SEQUENCE {
dAclExpertAccessListName DisplayString,
dAclExpertAccessListRowStatus RowStatus,
dAclExpertAccessListId Integer32,
dAclExpertAccessListCounterEnabled TruthValue,
dAclExpertAccessListClearStatAction INTEGER,
dAclExpertAccessListRemark DisplayString
}
dAclExpertAccessListName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of the extended expert access list."
::= { dAclExpertAccessListEntry 1 }
dAclExpertAccessListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object allows the dynamic creation and
deletion of an extended expert access list."
::= { dAclExpertAccessListEntry 2 }
dAclExpertAccessListId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The number of the extended expert access list."
::= { dAclExpertAccessListEntry 3 }
dAclExpertAccessListCounterEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the counter state of the access list is
enabled('true') or disabled('false'). And the counter just for
the all interface that applied the access list in
dAclExpertAccessGroupTable."
::= { dAclExpertAccessListEntry 4 }
dAclExpertAccessListClearStatAction OBJECT-TYPE
SYNTAX INTEGER{
clear(1),
noOp(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to clear statistics of the access list when set
to 'clear'. No action is taken if this object is set to 'noOp'.
The 'clear' action just for the all interface that applied the access
list in dAclExpertAccessGroupTable.
When read, the value 'noOp' is returned."
::= { dAclExpertAccessListEntry 5 }
dAclExpertAccessListRemark OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The description of the Expert access list."
::= { dAclExpertAccessListEntry 6 }
-- -----------------------------------------------------------------------------
dAclExpertAccessRuleTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclExpertAccessRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table consists of a list of rules for the extended expert access list."
::= { dAclExpert 3 }
dAclExpertAccessRuleEntry OBJECT-TYPE
SYNTAX DAclExpertAccessRuleEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is defined ddAclExpertAccessRuleTable.
The first instance identifier index value identifies the
dAclExpertAccessListEntry that a extended expert access rule
(dAclExpertAccessRuleEntry) belongs to.
An entry is removed from this table when its
corresponding dAclExpertAccessListEntry is deleted."
INDEX {
dAclExpertAccessListName,
dAclExpertAccRuleSn
}
::= { dAclExpertAccessRuleTable 1 }
DAclExpertAccessRuleEntry ::= SEQUENCE {
dAclExpertAccRuleSn Integer32,
dAclExpertAccRuleRowStatus RowStatus,
dAclExpertAccRuleAction DlinkAclRuleType,
dAclExpertAccRuleProtocol INTEGER,
dAclExpertAccRuleUserDefProtocol Integer32,
dAclExpertAccRuleSrcIpAddr IpAddress,
dAclExpertAccRuleSrcIpWildcard IpAddress,
dAclExpertAccRuleSrcMacAddr MacAddress,
dAclExpertAccRuleSrcMacWildcard MacAddress,
dAclExpertAccRuleSrcOperator DlinkAclPortOperatorType,
dAclExpertAccRuleSrcPort Integer32,
dAclExpertAccRuleSrcPortRange Integer32,
dAclExpertAccRuleDstIpAddr IpAddress,
dAclExpertAccRuleDstIpWildcard IpAddress,
dAclExpertAccRuleDstMacAddr MacAddress,
dAclExpertAccRuleDstMacWildcard MacAddress,
dAclExpertAccRuleDstOperator DlinkAclPortOperatorType,
dAclExpertAccRuleDstPort Integer32,
dAclExpertAccRuleDstPortRange Integer32,
dAclExpertAccRuleVlanID VlanIdOrNone,
dAclExpertAccRuleInnerVlanID VlanIdOrNone,
dAclExpertAccRuleQosPrecedence Integer32,
dAclExpertAccRuleQosTos Integer32,
dAclExpertAccRuleQosDscp Integer32,
dAclExpertAccRuleIcmpType Integer32,
dAclExpertAccRuleIcmpCode Integer32,
dAclExpertAccRuleTimeName DisplayString,
dAclExpertAccRuleTcpFlag TcpFlag,
dAclExpertAccRuleFragments TruthValue,
dAclExpertAccRuleOuterCos Integer32,
dAclExpertAccRuleInnerCos Integer32,
dAclExpertAccRuleUserDefProtocolMask OCTET STRING,
dAclExpertAccRuleSrcPortMask OCTET STRING,
dAclExpertAccRuleDstPortMask OCTET STRING,
dAclExpertAccRuleVlanIDMask OCTET STRING,
dAclExpertAccRuleInnerVlanIDMask OCTET STRING,
dAclExpertAccRuleQosPrecedenceMask OCTET STRING,
dAclExpertAccRuleQosTosMask OCTET STRING,
dAclExpertAccRuleQosDscpMask OCTET STRING,
dAclExpertAccRuleOuterCosMask OCTET STRING,
dAclExpertAccRuleInnerCosMask OCTET STRING,
dAclExpertAccRuleVlanRangeMin VlanIdOrNone,
dAclExpertAccRuleVlanRangeMax VlanIdOrNone
}
dAclExpertAccRuleSn OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies the sequence number of this rule.
The lower the number is, the higher the priority of the rule.
The special value of 0 means the sequence number will be automatically
determined by the agent."
::= { dAclExpertAccessRuleEntry 1 }
dAclExpertAccRuleRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclExpertAccessRuleEntry 2 }
dAclExpertAccRuleAction OBJECT-TYPE
SYNTAX DlinkAclRuleType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the result of the packet examination is to
permit or deny or prevent to CPU."
::= { dAclExpertAccessRuleEntry 3 }
dAclExpertAccRuleProtocol OBJECT-TYPE
SYNTAX INTEGER {
none(0),
userDefine(1),
tcp(2),
udp(3),
icmp(4),
gre(5),
esp(6),
eigrp(7),
igmp(8),
ospf(9),
pim(10),
vrrp(11),
ipinip(12),
pcp(13)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the IP protocol."
::= { dAclExpertAccessRuleEntry 4 }
dAclExpertAccRuleUserDefProtocol OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the user defined protocol ID when the
dAclExpertAccRuleProtocol is 'userDefine (1)'.
The value of -1 means the user defined protocol ID is not
specified."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 5 }
dAclExpertAccRuleSrcIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a source IP address."
::= { dAclExpertAccessRuleEntry 6 }
dAclExpertAccRuleSrcIpWildcard OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is a wildcard bitmap to specify a group of source IP
addresses. The bit value 1 indicates the corresponding bit will
be ignored. The bit value 0 indicates the corresponding bit will be
checked. In other words, when the value of all 'ff'Hs indicates any
IP source address is specified. When the value of all '00'Hs indicates
host IP source address is specified."
::= { dAclExpertAccessRuleEntry 7 }
dAclExpertAccRuleSrcMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a source MAC address."
::= { dAclExpertAccessRuleEntry 8 }
dAclExpertAccRuleSrcMacWildcard OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is a wildcard bitmap to specify a group of source
MAC addresses. The bit value 1 indicates the corresponding bit will
be ignored. The bit value 0 indicates the corresponding bit will be
checked. In other words, when the value of all 'ff'Hs indicates any
source MAC address is specified. When the value of all '00'Hs indicates
host source MAC address is specified."
::= { dAclExpertAccessRuleEntry 9 }
dAclExpertAccRuleSrcOperator OBJECT-TYPE
SYNTAX DlinkAclPortOperatorType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates how a packet's source TCP/UDP port number is
compared.
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
the dAclExpertAccsRuleSrcPort as an operand which is the only one needed.
When the value of this object is range(6) needs 2 operands. One is
dAclExpertAccsRuleSrcPort, which is the starting port number of the
range, and the other operand is dAclExpertAccsRuleSrcPortRange,
which is the ending port number of the range.
When the value of this object is mask(7) needs 2 operands. One is
dAclExpertAccsRuleSrcPort, the other operand is dAclExpertAccsRuleSrcPortMask.
This object is used for TCP/UDP protocol only, hence when the object
'dAclExpertAccRuleProtocol' is set to other than TCP/UDP, the object has
to be 'none(1)'."
::= { dAclExpertAccessRuleEntry 10 }
dAclExpertAccRuleSrcPort OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the source port number of TCP/UDP protocol.
If the value is -1, it means the value is not specified.
If the dAclExpertAccsRuleSrcOperator object in the same row is
range(6), this object will be the starting port number of the port
range.
This object only can be configured dAclExpertAccsRuleSrcOperator in
the same row is not 'none(1)'."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 11 }
dAclExpertAccRuleSrcPortRange OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The source port number of the TCP/UDP protocol. If the
dAclExpertAccsRuleSrcOperator object in the same row is range(6), this
object will be the ending port number of the port range.
The value of -1 means the ending port number is not specified."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 12 }
dAclExpertAccRuleDstIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a destination IP address."
::= { dAclExpertAccessRuleEntry 13 }
dAclExpertAccRuleDstIpWildcard OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is a wildcard bitmap to specify a group of destination IP
addresses. The bit value 1 indicates the corresponding bit will
be ignored. The bit value 0 indicates the corresponding bit will be
checked. In other words, when the value of all 'ff'Hs indicates any
IP destination address is specified. When the value of all '00'Hs indicates
host IP destination address is specified."
::= { dAclExpertAccessRuleEntry 14 }
dAclExpertAccRuleDstMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies a destination MAC address."
::= { dAclExpertAccessRuleEntry 15 }
dAclExpertAccRuleDstMacWildcard OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is a wildcard bitmap to specify a group of destination
MAC addresses. The bit value 1 indicates the corresponding bit will
be ignored. The bit value 0 indicates the corresponding bit will be
checked. In other words, when the value of all 'ff'Hs indicates any
destination MAC address is specified. When the value of all '00'Hs
indicates host destination MAC address is specified."
::= { dAclExpertAccessRuleEntry 16 }
dAclExpertAccRuleDstOperator OBJECT-TYPE
SYNTAX DlinkAclPortOperatorType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates how a packet's TCP/UDP destination port number is
compared.
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
the dAclExpertAccsRuleDstPort as an operand which is the only one needed.
When the value of this object is range(6) needs 2 operands. One is
dAclExpertAccsRuleDstPort, which is the starting port number of the
range, and the other operand is dAclExpertAccsRuleDstPortRange,
which is the ending port number of the range.
When the value of this object is mask(7) needs 2 operands. One is
dAclExpertAccsRuleDstPort, the other operand is dAclExpertAccsRuleDstPortMask.
This object is used for TCP/UDP protocol only, hence when the object
'dAclExpertAccRuleProtocol' is set to other than TCP/UDP, the object has
to be 'none(1)'."
::= { dAclExpertAccessRuleEntry 17 }
dAclExpertAccRuleDstPort OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the destination port number of TCP/UDP protocol.
If the value is -1, it means the value is not specified.
If the dAclExpertAccsRuleDstOperator object in the same row is
range(6), this object will be the starting port number of the port
range.
This object only can be configured dAclExpertAccsRuleDstOperator in
the same row is not 'none(1)'."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 18 }
dAclExpertAccRuleDstPortRange OBJECT-TYPE
SYNTAX Integer32 (-1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The destination port number of the TCP/UDP protocol. If the
dAclExpertAccsRuleDstOperator object in the same row is range(6), this
object will be the ending port number of the port range.
The value of -1 means the ending port number is not specified."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 19 }
dAclExpertAccRuleVlanID OBJECT-TYPE
SYNTAX VlanIdOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the VLAN ID.
A value of zero indicates the VLAN ID is not specified."
DEFVAL { 0 }
::= { dAclExpertAccessRuleEntry 20 }
dAclExpertAccRuleInnerVlanID OBJECT-TYPE
SYNTAX VlanIdOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the inner VLAN ID. A value of zero indicates
the inner VLAN ID is not specified."
DEFVAL { 0 }
::= { dAclExpertAccessRuleEntry 21 }
dAclExpertAccRuleQosPrecedence OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..7)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the value of precedence.
The value of -1 means the value is not specified or not applicable.
dAclExpertAccRuleQosPrecedence and dAclExpertAccRuleQosDscp cannot
be specified at same time in a row."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 22 }
dAclExpertAccRuleQosTos OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..15)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the value of type of service.
The value of -1 means the value is not specified or not applicable.
dAclExpertAccRuleQosTos and dAclExpertAccRuleQosDscp cannot
be specified at same time in a row."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 23 }
dAclExpertAccRuleQosDscp OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..63)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the value of DSCP code.
The value of -1 means the value is not specified or not applicable.
Neither dAclExpertAccRuleQosPrecedence nor dAclExpertAccRuleQosTos
can be specified with dAclExpertAccRuleQosDscp at same time in a
row."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 24 }
dAclExpertAccRuleIcmpType OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the type of ICMP protocol.
If the value is -1, it means the value is not specified.
This object is used for ICMP protocol only, hence when the object
'dAclExpertAccRuleProtocol' is set to other than ICMP, the object has
to be -1."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 25 }
dAclExpertAccRuleIcmpCode OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the code of ICMP protocol.
If the value is -1, it means the value is not specified.
This object is used for ICMP protocol only, hence when the object
'dAclExpertAccRuleProtocol' is set to other than ICMP, the object has
to be -1."
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 26 }
dAclExpertAccRuleTimeName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the name of time-period profile associated with the
access-list delineating its activation period.
The value 'NULL' means that this rule is not bound with any Time
mechanism."
::= { dAclExpertAccessRuleEntry 27 }
dAclExpertAccRuleTcpFlag OBJECT-TYPE
SYNTAX TcpFlag
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the TCP flag fields.
This node is available only for TCP protocol.
The default value for this node is empty set, which means no TCP flag
values are set.
"
::= { dAclExpertAccessRuleEntry 28 }
dAclExpertAccRuleFragments OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the Packet fragment filtering status
is enabled('true') or disabled('false')."
::= { dAclExpertAccessRuleEntry 29 }
dAclExpertAccRuleOuterCos OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..7)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the value of inner priority.
The value of -1 means the value is not specified or not applicable.
"
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 30 }
dAclExpertAccRuleInnerCos OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..7)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the value of inner priority, the node is availabe just for the
node dAclExpertAccRuleOuterCos be specified.
The value of -1 means the value is not specified or not applicable.
"
DEFVAL { -1 }
::= { dAclExpertAccessRuleEntry 31 }
dAclExpertAccRuleUserDefProtocolMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for protocol ID defined by dAclExpertAccRuleUserDefProtocol.
Valid values are from 0x00 to 0xFF.
Default value is 0xFF.
This node is valid only for the dAclExpertAccRuleUserDefProtocol specified."
::= { dAclExpertAccessRuleEntry 32 }
dAclExpertAccRuleSrcPortMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for L4 source port defined by dAclExpertAccRuleSrcPort.
Valid values are from 0x0 to 0xFFFF.
Default value is 0xFFFF.
This object only can be configured dAclExpertAccRuleSrcOperator in the
same row is 'mask(7)'.
"
::= { dAclExpertAccessRuleEntry 33 }
dAclExpertAccRuleDstPortMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for L4 destination port defined by dAclExpertAccRuleDstPort.
Valid values are from 0x0 to 0xFFFF.
Default value is 0xFFFF.
This object only can be configured dAclExpertAccRuleDstOperator in the
same row is 'mask(7)'."
::= { dAclExpertAccessRuleEntry 34 }
dAclExpertAccRuleVlanIDMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for VLAN ID defined by dAclExpertAccRuleVlanID.
Valid values are from 0x0000 to 0x0FFF.
This node and dAclExpertAccRuleVlanRangeMin/dAclExpertAccRuleVlanRangeMax
cannot be specified at same time in a row.
Default value is 0x0FFF.
This node is valid only for the dAclExpertAccRuleVlanID specified."
::= { dAclExpertAccessRuleEntry 35 }
dAclExpertAccRuleInnerVlanIDMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(2))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for inner VLAN ID defined by dAclExpertAccRuleInnerVlanID.
Valid values are from 0x0000 to 0x0FFF.
Default value is 0x0FFF.
This node is valid only for the dAclExpertAccRuleInnerVlanID specified."
::= { dAclExpertAccessRuleEntry 36 }
dAclExpertAccRuleQosPrecedenceMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for ip precedence defined by dAclExpertAccRuleQosPrecedence.
Valid values are from 0x0 to 0x7.
Default value is 0x7.
This node is valid only for the dAclExpertAccRuleQosPrecedence specified."
::= { dAclExpertAccessRuleEntry 37 }
dAclExpertAccRuleQosTosMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for type of service defined by dAclExpertAccRuleQosTos.
Valid values are from 0x0 to 0xF.
Default value is 0xF.
This node is valid only for the dAclExpertAccRuleQosTos specified."
::= { dAclExpertAccessRuleEntry 38 }
dAclExpertAccRuleQosDscpMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for DSCP code defined by dAclExpertAccRuleQosDscp.
Valid values are from 0x0 to 0x3F.
Default value is 0x3F.
This node is valid only for the dAclExpertAccRuleQosDscp specified."
::= { dAclExpertAccessRuleEntry 39 }
dAclExpertAccRuleOuterCosMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for priority defined by dAclExpertAccRuleOuterCos.
Valid values are from 0x00 to 0x07.
Default value is 0x07.
This node is valid only for the dAclExpertAccRuleOuterCos specified."
::= { dAclExpertAccessRuleEntry 40 }
dAclExpertAccRuleInnerCosMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(1))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the mask for inner priority defined by dAclExpertAccRuleInnerCos.
Valid values are from 0x00 to 0x07.
Default value is 0x07.
This node is valid only for the dAclExpertAccRuleInnerCos specified."
::= { dAclExpertAccessRuleEntry 41 }
dAclExpertAccRuleVlanRangeMin OBJECT-TYPE
SYNTAX VlanIdOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the minimum outer VLAN ID of a VLAN range. A value of zero
indicates the VLAN range is not specified.
This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
be specified at same time in a row.
This node is valid only for the dAclExpertAccRuleVlanRangeMax specified."
DEFVAL { 0 }
::= { dAclExpertAccessRuleEntry 42 }
dAclExpertAccRuleVlanRangeMax OBJECT-TYPE
SYNTAX VlanIdOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Specifies the maximum outer VLAN ID of a VLAN range. A value of zero
indicates the VLAN range is not specified.
This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
be specified at same time in a row.
This node is valid only for the dAclExpertAccRuleVlanRangeMin specified."
DEFVAL { 0 }
::= { dAclExpertAccessRuleEntry 43 }
-- -----------------------------------------------------------------------------
dAclExpertAccessGroupTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclExpertAccessGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table represents a list of extended expert access group
configuration."
::= { dAclExpert 4 }
dAclExpertAccessGroupEntry OBJECT-TYPE
SYNTAX DAclExpertAccessGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in dAclExpertAccessGroupTable contains interface specific
extended expert access list association."
INDEX { dAclExpertAccessGroupIfIndex , dAclExpertAccessGroupApplyDirection }
::= { dAclExpertAccessGroupTable 1 }
DAclExpertAccessGroupEntry ::= SEQUENCE {
dAclExpertAccessGroupIfIndex InterfaceIndex,
dAclExpertAccessGroupApplyDirection INTEGER,
dAclExpertAccessGroupRowStatus RowStatus,
dAclExpertAccessGroupAclName DisplayString,
dAclExpertAccessGroupAclId Integer32
}
dAclExpertAccessGroupIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the ifIndex of the interface.
Only physical port is valid interface."
::= { dAclExpertAccessGroupEntry 1 }
dAclExpertAccessGroupApplyDirection OBJECT-TYPE
SYNTAX INTEGER{
inbound(1),
outbound(2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates whether this ACL access list is to be attached to ingress or egress direction."
::= { dAclExpertAccessGroupEntry 2 }
dAclExpertAccessGroupRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclExpertAccessGroupEntry 3 }
dAclExpertAccessGroupAclName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The name of the Expert access list to be applied."
::= { dAclExpertAccessGroupEntry 4 }
dAclExpertAccessGroupAclId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The ID of the Expert access list to be applied.
User maybe specify access list ID(by this object) or name (by
dAclExpertAccessGroupAclName) to be applied. If both access list
ID and name are specified, the access list name specified by
dAclExpertAccessGroupAclName will be take.
"
::= { dAclExpertAccessGroupEntry 5 }
-- -----------------------------------------------------------------------------
dAclVlan OBJECT IDENTIFIER ::= { dAclMIBObjects 6 }
dAclVlanSubMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclVlanSubMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of sub-map configuration. The first
instance identifier index value (dAclVlanAccMapName) identifies the
entry(dAclVlanSubMapEntry) belongs to.
A VLAN access map can contain multiple sub-maps, the packet that
matches a sub-map (that is packet permitted by the associated
access-list) will take the action specified for the same entry.
No further check against the next sub-maps is done.
If the packet does not match a sub-map, then the next sub-map will
be checked. The checking sequence is determined by the value of
dAclVlanAccSubMapSeq for a same VLAN acess map."
::= { dAclVlan 1}
dAclVlanSubMapEntry OBJECT-TYPE
SYNTAX DAclVlanSubMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is defined dAclVlanSubMapTable.
"
INDEX {
dAclVlanAccMapName,
dAclVlanAccSubMapSeq
}
::= { dAclVlanSubMapTable 1 }
DAclVlanSubMapEntry ::= SEQUENCE {
dAclVlanAccMapName DisplayString,
dAclVlanAccSubMapSeq Integer32,
dAclVlanAccSubMapRowStatus RowStatus,
dAclVlanAccSubMapMatchAclName DisplayString,
dAclVlanAccessSubMapAction INTEGER,
dAclVlanAccSubMapRedirectIfIndex InterfaceIndexOrZero,
dAclVlanAccSubMapMatchAclId Integer32
}
dAclVlanAccMapName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object is used to specify the name of an VLAN
acess map."
::= { dAclVlanSubMapEntry 1 }
dAclVlanAccSubMapSeq OBJECT-TYPE
SYNTAX Integer32 ( 0 | 1..65535 )
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the sequence number of a VLAN access rule.
The value range is 1 to 65535.
The value of 0 indicates the number is not specified and
sequence number will be automatically assigned.
"
::= { dAclVlanSubMapEntry 2 }
dAclVlanAccSubMapRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclVlanSubMapEntry 3 }
dAclVlanAccSubMapMatchAclName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the name of MAC/IP/IPv6 ACL
which will be associated."
::= { dAclVlanSubMapEntry 4 }
dAclVlanAccessSubMapAction OBJECT-TYPE
SYNTAX INTEGER {
none(1),
forward(2),
drop(3),
redirect(4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the action when the packet that matches
a sub-map (that is packet permitted by the associated access-list). "
::= { dAclVlanSubMapEntry 5 }
dAclVlanAccSubMapRedirectIfIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates ifIndex of the interface the packet will be
redirected.
When the dAclVlanAccessAction in the same row
is set to other than 'redirect', the object has to be zero,
which indicates the redirected interface is not specified or not
applicable."
::= { dAclVlanSubMapEntry 6 }
dAclVlanAccSubMapMatchAclId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the ID of MAC/IP/IPv6 ACL access list
which will be associated.
User may specify access list ID(by this object) or name (by
dAclVlanAccSubMapMatchAclName) to be applied. If both access list
ID and name are specified, the access list name specified by
dAclVlanAccSubMapMatchAclName will be take.
"
::= { dAclVlanSubMapEntry 7 }
-- -----------------------------------------------------------------------------
dAclVlanFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclVlanFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table represents a list of VLAN access map configuration."
::= { dAclVlan 2 }
dAclVlanFilterEntry OBJECT-TYPE
SYNTAX DAclVlanFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry in dAclVlanFilterTable contains vlan-specific
VLAN access map association."
INDEX { dAclVlanFilterVlanId }
::= { dAclVlanFilterTable 1 }
DAclVlanFilterEntry ::= SEQUENCE {
dAclVlanFilterVlanId VlanId,
dAclVlanFilterRowStatus RowStatus,
dAclVlanFilterVlanAccMapName DisplayString
}
dAclVlanFilterVlanId OBJECT-TYPE
SYNTAX VlanId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the VLAN ID of the entry. "
::= { dAclVlanFilterEntry 1 }
dAclVlanFilterRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used according to installation
and removal conventions for conceptual rows."
::= { dAclVlanFilterEntry 2 }
dAclVlanFilterVlanAccMapName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The name of the access list to be applied for the VLAN.
NULL value indicates the access list is not specified."
::= { dAclVlanFilterEntry 3 }
-- -----------------------------------------------------------------------------
dAclVlanAccessMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclVlanAccessMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table contains a list of VLAN access map configuration. "
::= { dAclVlan 3}
dAclVlanAccessMapEntry OBJECT-TYPE
SYNTAX DAclVlanAccessMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is defined dAclVlanAccessMapTable.
"
INDEX {
dAclVlanAccMapName
}
::= { dAclVlanAccessMapTable 1 }
DAclVlanAccessMapEntry ::= SEQUENCE {
dAclVlanAccessMapCounterEnabled TruthValue,
dAclVlanAccessMapClearStatAction INTEGER
}
dAclVlanAccessMapCounterEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the counter state of the VLAN access map
is enabled('true') or disabled('false').
The counter state setting just for the all VLAN interface that applied
the access map in dAclVlanFilterTable."
::= { dAclVlanAccessMapEntry 1 }
dAclVlanAccessMapClearStatAction OBJECT-TYPE
SYNTAX INTEGER{
clear(1),
noOp(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object is used to clear statistics of the VLAN access map
when set to 'clear'. No action is taken if this object is set to 'noOp'.
The 'clear' action just for the all entry that applied the VLAN
access map in dAclVlanFilterTable.
When read, the value 'noOp' is returned."
::= { dAclVlanAccessMapEntry 2 }
-- -----------------------------------------------------------------------------
dAclCounter OBJECT IDENTIFIER ::= { dAclMIBObjects 7 }
dAclAccessGroupCounterTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclAccessGroupCounterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table maintains counter information associated with
a specific access list rule in the access rule table.
Please refer to the dAclMacAccessRuleTable, dAclIpAccessRuleTable,
dAclIPv6AccessRuleTable and dAclExpertAccessRuleTable for
detailed ACL rule information.
"
::= { dAclCounter 1}
dAclAccessGroupCounterEntry OBJECT-TYPE
SYNTAX DAclAccessGroupCounterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is defined dAclAccessGroupCounterTable.
"
INDEX {
dAclAccessGroupCounterAccListId,
dAclAccessGroupCounterAccRuleSn
}
::= { dAclAccessGroupCounterTable 1 }
DAclAccessGroupCounterEntry ::= SEQUENCE {
dAclAccessGroupCounterAccListId Integer32,
dAclAccessGroupCounterAccRuleSn Integer32,
dAclAccessGroupCounterIngressStat Counter64,
dAclAccessGroupCounterEgressStat Counter64
}
dAclAccessGroupCounterAccListId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ID of an access list which access group counter enabled.
the access list was defined by the tables:
dAclMacAccessListTable, dAclIpAccessListTable,
dAclIPv6AccessListTable, dAclExpertAccessListTable."
::= { dAclAccessGroupCounterEntry 1 }
dAclAccessGroupCounterAccRuleSn OBJECT-TYPE
SYNTAX Integer32(1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Specifies the sequence number of this rule entry as related to the
dAclAccessGroupCounterAccListId."
::= { dAclAccessGroupCounterEntry 2 }
dAclAccessGroupCounterIngressStat OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the total number of matched packets for the access rule
applied on inbound of all interface in dAclMacAccessGroupTable,
dAclIpAccessGroupTable, dAclIPv6AccessGroupTable, or
dAclExpertAccessGroupTable.
"
::= { dAclAccessGroupCounterEntry 3 }
dAclAccessGroupCounterEgressStat OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the total number of matched packets for the access rule
applied on outbound of all interface in dAclMacAccessGroupTable,
dAclIpAccessGroupTable, dAclIPv6AccessGroupTable, or
dAclExpertAccessGroupTable.
"
::= { dAclAccessGroupCounterEntry 4 }
-- -----------------------------------------------------------------------------
dAclVlanFilterCounterTable OBJECT-TYPE
SYNTAX SEQUENCE OF DAclVlanFilterCounterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table maintains counter information associated with
a specific access sub map in the dAclVlanSubMapTable.
"
::= { dAclCounter 2}
dAclVlanFilterCounterEntry OBJECT-TYPE
SYNTAX DAclVlanFilterCounterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry is defined dAclVlanFilterCounterTable.
"
INDEX {
dAclVlanFilterCounterAccMapName,
dAclVlanFilterCounterSubMapSeq
}
::= { dAclVlanFilterCounterTable 1 }
DAclVlanFilterCounterEntry ::= SEQUENCE {
dAclVlanFilterCounterAccMapName DisplayString,
dAclVlanFilterCounterSubMapSeq Integer32,
dAclVlanFilterCounterStatistics Counter64
}
dAclVlanFilterCounterAccMapName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of a VLAN access map which counter enabled. the VLAN
access map was defined by the dAclVlanSubMapTable.
"
::= { dAclVlanFilterCounterEntry 1 }
dAclVlanFilterCounterSubMapSeq OBJECT-TYPE
SYNTAX Integer32(1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Indicates the sequence number of a VLAN access sub map. the vlan
sub map sequence number was defined by the dAclVlanSubMapTable."
::= { dAclVlanFilterCounterEntry 2 }
dAclVlanFilterCounterStatistics OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the total number of matched packets for the
sub map that applied on all VLAN interface in dAclVlanFilterTable."
::= { dAclVlanFilterCounterEntry 3 }
-- ***************************************************************************
-- Conformance
-- ***************************************************************************
dAclCompliances OBJECT IDENTIFIER ::= { dAclMIBConformance 1 }
dAclCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for entities which implement the
DLINKSW-ACL-MIB."
MODULE -- this module
MANDATORY-GROUPS {
dAclGenGroup,
dAclMacGroup,
dAclIpGroup
}
GROUP dAclIPv6Group
DESCRIPTION
"This group is required only if the IPv6 access list feature
is implemented by the agent."
GROUP dAclExpertGroup
DESCRIPTION
"This group is required only if the extended expert access list
feature is implemented by the agent."
GROUP dAclVlanFilterGroup
DESCRIPTION
"This group is required only if vlan filter feature is implemented
by the agent."
::= { dAclCompliances 1 }
dAclGroups OBJECT IDENTIFIER ::= { dAclMIBConformance 2 }
dAclGenGroup OBJECT-GROUP
OBJECTS {
dAclReSeqStartingNumber, dAclReSeqIncrement
}
STATUS current
DESCRIPTION
"A collection of objects providing general access list configuration."
::= { dAclGroups 1 }
dAclMacGroup OBJECT-GROUP
OBJECTS {
dAclMacAccessListNumber, dAclMacAccessListRowStatus,
dAclMacAccessListId, dAclMacAccessListCounterEnabled,
dAclMacAccessListClearStatAction,dAclMacAccessListRemark,
dAclMacAccessRuleRowStatus, dAclMacAccessRuleAction,
dAclMacAccessRuleSrcMacAddr, dAclMacAccessRuleSrcMacWildcard,
dAclMacAccessRuleDstMacAddr, dAclMacAccessRuleDstMacWildcard,
dAclMacAccessRulePacketType, dAclMacAccessRuleEthernetType,
dAclMacAccessRuleLlcDSAP, dAclMacAccessRuleLlcSSAP,
dAclMacAccessRuleLlcCntl,
dAclMacAccessRuleDot1p, dAclMacAccessRuleInnerDot1p,
dAclMacAccessRuleVlanID, dAclMacAccessRuleInnerVlanID,
dAclMacAccessRuleTimeName,
dAclMacAccessGroupRowStatus,
dAclMacAccessGroupAclName,dAclMacAccessGroupAclId
}
STATUS current
DESCRIPTION
"A collection of objects providing MAC access list configuration."
::= { dAclGroups 2 }
dAclIpGroup OBJECT-GROUP
OBJECTS {
dAclIpAccessListNumber, dAclIpAccessListRowStatus,
dAclIpAccessExtended, dAclIpAccessListId,
dAclIpAccessListCounterEnabled, dAclIpAccessListClearStatAction,
dAclIpAccessListRemark,
dAclIpAccessRuleRowStatus, dAclIpAccessRuleAction,
dAclIpAccessRuleProtocol, dAclIpAccessRuleUserDefProtocol,
dAclIpAccessRuleSrcAddr, dAclIpAccessRuleSrcWildcard,
dAclIpAccessRuleDstAddr, dAclIpAccessRuleDstWildcard,
dAclIpAccessRuleSrcOperator, dAclIpAccessRuleSrcPort,
dAclIpAccessRuleSrcPortRange,
dAclIpAccessRuleDstOperator, dAclIpAccessRuleDstPort,
dAclIpAccessRuleDstPortRange,
dAclIpAccessRuleQosPrecedence, dAclIpAccessRuleQosTos,
dAclIpAccessRuleQosDscp,
dAclIpAccessRuleIcmpType, dAclIpAccessRuleIcmpCode,
dAclIpAccessRuleTimeName, dAclIpAccRuleTcpFlag,
dAclIpAccRuleFragments,
dAclIpAccessGroupStatus,
dAclIpAccessGroupAclName, dAclIpAccessGroupAclId
}
STATUS current
DESCRIPTION
"A collection of objects providing IP access list configuration."
::= { dAclGroups 3 }
dAclIPv6Group OBJECT-GROUP
OBJECTS {
dAclIPv6AccessListNumber, dAclIPv6AccessListRowStatus,
dAclIPv6AccessExtended, dAclIPv6AccessListId,
dAclIPv6AccessListCounterEnabled,
dAclIPv6AccessListClearStatAction,
dAclIPv6AccessListRemark,
dAclIPv6AccessRuleRowStatus, dAclIPv6AccessRuleAction,
dAclIPv6AccessRuleProtocol, dAclIPv6AccessRuleUserDefProtocol,
dAclIPv6AccessRuleSrcAddr, dAclIPv6AccessRuleSrcPrefixLen,
dAclIPv6AccessRuleDstAddr, dAclIPv6AccessRuleDstPrefixLen,
dAclIPv6AccessRuleSrcOperator, dAclIPv6AccessRuleSrcPort,
dAclIPv6AccessRuleSrcPortRange,
dAclIPv6AccessRuleDstOperator, dAclIPv6AccessRuleDstPort,
dAclIPv6AccessRuleDstPortRange,
dAclIPv6AccessRuleDscp,
dAclIPv6AccessRuleIcmpType, dAclIPv6AccessRuleIcmpCode,
dAclIPv6AccessRuleTimeName,
dAclIPv6AccessGroupStatus,
dAclIPv6AccessGroupAclName,dAclIPv6AccessGroupAclId,
dAclIPv6AccRuleTcpFlag,
dAclIPv6AccRuleFragments,
dAclIPv6AccRuleFlowLabel
}
STATUS current
DESCRIPTION
"A collection of objects providing IPv6 access list configuration."
::= { dAclGroups 4 }
dAclExpertGroup OBJECT-GROUP
OBJECTS {
dAclExpertAccessListNumber, dAclExpertAccessListRowStatus,
dAclExpertAccessListId, dAclExpertAccessListCounterEnabled,
dAclExpertAccessListClearStatAction, dAclExpertAccessListRemark,
dAclExpertAccRuleRowStatus, dAclExpertAccRuleAction,
dAclExpertAccRuleProtocol, dAclExpertAccRuleUserDefProtocol,
dAclExpertAccRuleSrcIpAddr, dAclExpertAccRuleSrcIpWildcard,
dAclExpertAccRuleSrcMacAddr, dAclExpertAccRuleSrcMacWildcard,
dAclExpertAccRuleSrcOperator, dAclExpertAccRuleSrcPort,
dAclExpertAccRuleSrcPortRange,
dAclExpertAccRuleDstIpAddr, dAclExpertAccRuleDstIpWildcard,
dAclExpertAccRuleDstMacAddr, dAclExpertAccRuleDstMacWildcard,
dAclExpertAccRuleDstOperator, dAclExpertAccRuleDstPort,
dAclExpertAccRuleDstPortRange,
dAclExpertAccRuleVlanID, dAclExpertAccRuleInnerVlanID,
dAclExpertAccRuleQosPrecedence, dAclExpertAccRuleQosTos,
dAclExpertAccRuleQosDscp,
dAclExpertAccRuleIcmpType, dAclExpertAccRuleIcmpCode,
dAclExpertAccRuleTimeName,
dAclExpertAccessGroupRowStatus,
dAclExpertAccessGroupAclName,dAclExpertAccessGroupAclId,
dAclExpertAccRuleTcpFlag,
dAclExpertAccRuleFragments,
dAclExpertAccRuleOuterCos,
dAclExpertAccRuleInnerCos
}
STATUS current
DESCRIPTION
"A collection of objects providing extended expert access list configuration."
::= { dAclGroups 5 }
dAclVlanFilterGroup OBJECT-GROUP
OBJECTS {
dAclVlanAccSubMapRowStatus, dAclVlanAccSubMapMatchAclName,
dAclVlanAccessSubMapAction, dAclVlanAccSubMapRedirectIfIndex,
dAclVlanFilterRowStatus, dAclVlanFilterVlanAccMapName,
dAclVlanAccSubMapMatchAclId, dAclVlanAccessMapCounterEnabled,
dAclVlanAccessMapClearStatAction
}
STATUS current
DESCRIPTION
"A collection of objects providing VLAN access map configuration."
::= { dAclGroups 6 }
dAclCounterGroup OBJECT-GROUP
OBJECTS {
dAclAccessGroupCounterIngressStat,
dAclAccessGroupCounterEgressStat,
dAclVlanFilterCounterStatistics
}
STATUS current
DESCRIPTION
"A collection of objects providing ACL counter information."
::= { dAclGroups 7 }
END