-- This file was included in WWP MIB release 04-16-00-0047 -- -- CIENA-CES-ACCESS-LIST-MIB -- CIENA-CES-ACCESS-LIST-MIB DEFINITIONS ::= BEGIN IMPORTS Integer32, Unsigned32, Counter64, OBJECT-TYPE, MODULE-IDENTITY FROM SNMPv2-SMI DisplayString, MacAddress, TruthValue, TEXTUAL-CONVENTION FROM SNMPv2-TC cienaCesConfig FROM CIENA-SMI CienaGlobalState FROM CIENA-TC InetAddressType, InetAddress, InetAddressPrefixLength, InetPortNumber FROM INET-ADDRESS-MIB; cienaCesAccessListMIB MODULE-IDENTITY LAST-UPDATED "201504020000Z" ORGANIZATION "Ciena, Inc" CONTACT-INFO "Mib Meister 115 North Sullivan Road Spokane Valley, WA 99037 USA Phone: +1 509 242 9000 Email: support@ciena.com" DESCRIPTION "This MIB module defines objects that describe Hardware ACLs (Access Control Lists). The MIB describes different objects that enable the network administrator to remotely view ACL profile/rule, configuration in addition to monitoring ACL rule statistics." REVISION "201504020000Z" DESCRIPTION "The initial version of this MIB module." ::= { cienaCesConfig 35 } -- -- Node definitions -- cienaCesAccessListMIBObjects OBJECT IDENTIFIER ::= { cienaCesAccessListMIB 1 } cienaCesAclConfiguration OBJECT IDENTIFIER ::= { cienaCesAccessListMIBObjects 1 } cienaCesAclStatistics OBJECT IDENTIFIER ::= { cienaCesAccessListMIBObjects 2 } cienaCesAccessListMIBConformance OBJECT IDENTIFIER ::= { cienaCesAccessListMIB 2 } cienaCesAccessListMIBCompliances OBJECT IDENTIFIER ::= { cienaCesAccessListMIBConformance 1 } cienaCesAccessListMIBGroups OBJECT IDENTIFIER ::= { cienaCesAccessListMIBConformance 2 } -- -- Textual Conventions -- AclFilterAction ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An enumeration value to indicate the filter action applied by an ACL rule." SYNTAX INTEGER { allow(1), deny(2) } AclTrafficDirection ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An enumeration value to indicate the traffic direction to which an ACL profile is applied." SYNTAX INTEGER { ingress(1), egress(2) } AclIpFragmentMatchType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An enumeration value to indicate the type of IP fragment filtering to be done as part of an ACL rule." SYNTAX INTEGER { any(1), isfragment(2), notfragment(3) } AclL4PortMatchType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An enumeration value to indicate the type of match to perform on an L4 src/dst port filter term." SYNTAX INTEGER { any(1), single(2), range(3) } AclInterfaceType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An enumeration value to indicate the type of interface to which an ACL profile is attached." SYNTAX INTEGER { port(1), vlan(2), virtualswitch(3), ipinterface(4), remoteinterface(5), localinterface(6) } AclL4DstProtocol ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An enumeration value to indicate the L4 destination protocol specified as part of an ACL rule filter term." SYNTAX INTEGER { any(1), bgp(2), bootpclient(3), bootpserver(4), dhcpclient(5), dhcpserver(6), dhcpv6client(7), dhcpv6server(8), dns(9), ftp(10), http(11), ldp(12), ntp(13), olsr(14), rip(15), rpc(16), snmp(17), snmptrap(18), ssh(19), syslog(20), tacacs(21), telnet(22), tftp(23), twampctrl(24) } -- -- ACL Global Config Objects -- cienaCesAclGlobalConfig OBJECT IDENTIFIER ::= { cienaCesAclConfiguration 1 } cienaCesAclAdminStatus OBJECT-TYPE SYNTAX CienaGlobalState MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether the ACL feature is globally enabled or disabled." ::= { cienaCesAclGlobalConfig 1 } cienaCesAclFilterMode OBJECT-TYPE SYNTAX INTEGER { l2l3combo(1), l3only(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates which global ACL device mode is currently in use." ::= { cienaCesAclGlobalConfig 2 } cienaCesAclNumAclProfileDefs OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the total number of configured ACL profile definitions on the device." ::= { cienaCesAclGlobalConfig 3 } cienaCesAclRemainingAclProfileDefs OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the number of remaining ACL profile definitions that can be configured on the device." ::= { cienaCesAclGlobalConfig 4 } cienaCesAclNumAclRuleDefs OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the total number of configured ACL rule definitions on the device." ::= { cienaCesAclGlobalConfig 5 } cienaCesAclRemainingAclRuleDefs OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the number of remaining ACL rule definitions that can be configured on the device." ::= { cienaCesAclGlobalConfig 6 } -- -- ACL Profile Config Table -- cienaCesAclProfileConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CienaCesAclProfileConfigTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of ACL profiles configured on the device. Each entry contains the ACL profile configuration data." ::= { cienaCesAclConfiguration 2 } cienaCesAclProfileConfigTableEntry OBJECT-TYPE SYNTAX CienaCesAclProfileConfigTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the ACL profile configuration data." INDEX { cienaCesAclProfileId } ::= { cienaCesAclProfileConfigTable 1 } CienaCesAclProfileConfigTableEntry ::= SEQUENCE { cienaCesAclProfileId Integer32, cienaCesAclProfileName DisplayString, cienaCesAclProfileAdminState CienaGlobalState, cienaCesAclProfileOperState CienaGlobalState, cienaCesAclProfileDefaultFilterAction AclFilterAction, cienaCesAclProfileNumRules Integer32, cienaCesAclProfileAttachedInterfaces Unsigned32 } cienaCesAclProfileId OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique identifier of this ACL profile." ::= { cienaCesAclProfileConfigTableEntry 1 } cienaCesAclProfileName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..31)) MAX-ACCESS read-only STATUS current DESCRIPTION "The unique name of this ACL profile." ::= { cienaCesAclProfileConfigTableEntry 2 } cienaCesAclProfileAdminState OBJECT-TYPE SYNTAX CienaGlobalState MAX-ACCESS read-only STATUS current DESCRIPTION "The configured administrative State of the ACL profile." ::= { cienaCesAclProfileConfigTableEntry 3 } cienaCesAclProfileOperState OBJECT-TYPE SYNTAX CienaGlobalState MAX-ACCESS read-only STATUS current DESCRIPTION "The Operational State of the ACL profile. A profile is operationally enabled if it is administratively enabled and attached to at least one interface. It is otherwise disabled. Note that the ACL feature must also be globally enabled for any profile to be operationally enabled." ::= { cienaCesAclProfileConfigTableEntry 4 } cienaCesAclProfileDefaultFilterAction OBJECT-TYPE SYNTAX AclFilterAction MAX-ACCESS read-only STATUS current DESCRIPTION "The configured default filter action for this ACL profile." ::= { cienaCesAclProfileConfigTableEntry 5 } cienaCesAclProfileNumRules OBJECT-TYPE SYNTAX Integer32 (1..256) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of ACL rules configured in this profile. There will always be at least one rule defined in each profile - the default rule." ::= { cienaCesAclProfileConfigTableEntry 6 } cienaCesAclProfileAttachedInterfaces OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of interfaces to which this profile is attached." ::= { cienaCesAclProfileConfigTableEntry 7 } -- -- ACL Rule Config Table -- cienaCesAclRuleConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF CienaCesAclRuleConfigTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of ACL rules configured on the device. Each entry contains the ACL rule configuration data." ::= { cienaCesAclConfiguration 3 } cienaCesAclRuleConfigTableEntry OBJECT-TYPE SYNTAX CienaCesAclRuleConfigTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the ACL rule configuration data." INDEX { cienaCesAclProfileId, cienaCesAclRulePrecedence } ::= { cienaCesAclRuleConfigTable 1 } CienaCesAclRuleConfigTableEntry ::= SEQUENCE { cienaCesAclRulePrecedence Unsigned32, cienaCesAclRuleName DisplayString, cienaCesAclRuleFilterAction AclFilterAction, cienaCesAclRuleMatchAny TruthValue, cienaCesAclRuleMatchSrcMacAddr TruthValue, cienaCesAclRuleSrcMacAddr MacAddress, cienaCesAclRuleSrcMacAddrMask MacAddress, cienaCesAclRuleMatchDstMacAddr TruthValue, cienaCesAclRuleDstMacAddr MacAddress, cienaCesAclRuleDstMacAddrMask MacAddress, cienaCesAclRuleMatchOuterVid TruthValue, cienaCesAclRuleOuterVid Unsigned32, cienaCesAclRuleOuterVidMask Unsigned32, cienaCesAclRuleMatchOuterPcp TruthValue, cienaCesAclRuleOuterPcp Unsigned32, cienaCesAclRuleOuterPcpMask Unsigned32, cienaCesAclRuleMatchOuterDei TruthValue, cienaCesAclRuleOuterDei Unsigned32, cienaCesAclRuleMatchBaseEtype TruthValue, cienaCesAclRuleBaseEtype Unsigned32, cienaCesAclRuleMatchSrcIpAddr TruthValue, cienaCesAclRuleSrcIpAddrType InetAddressType, cienaCesAclRuleSrcIpAddr InetAddress, cienaCesAclRuleSrcIpAddrPrefixLength InetAddressPrefixLength, cienaCesAclRuleMatchDstIpAddr TruthValue, cienaCesAclRuleDstIpAddrType InetAddressType, cienaCesAclRuleDstIpAddr InetAddress, cienaCesAclRuleDstIpAddrPrefixLength InetAddressPrefixLength, cienaCesAclRuleMatchIpProtocol TruthValue, cienaCesAclRuleIpProtocol Unsigned32, cienaCesAclRuleMatchDscp TruthValue, cienaCesAclRuleDscp Unsigned32, cienaCesAclRuleDscpMask Unsigned32, cienaCesAclRuleMatchL4SrcPort AclL4PortMatchType, cienaCesAclRuleL4SrcPort InetPortNumber, cienaCesAclRuleL4SrcPortUpper InetPortNumber, cienaCesAclRuleMatchL4DstPort AclL4PortMatchType, cienaCesAclRuleL4DstPort InetPortNumber, cienaCesAclRuleL4DstPortUpper InetPortNumber, cienaCesAclRuleMatchL4DstProtocol AclL4DstProtocol, cienaCesAclRuleMatchIpFragment AclIpFragmentMatchType, cienaCesAclRuleMatchTcpFlags TruthValue, cienaCesAclRuleTcpFlags DisplayString } cienaCesAclRulePrecedence OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique precedence value (within the profile) of this ACL rule." ::= { cienaCesAclRuleConfigTableEntry 1 } cienaCesAclRuleName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..31)) MAX-ACCESS read-only STATUS current DESCRIPTION "The unique name (within the profile) of this ACL rule." ::= { cienaCesAclRuleConfigTableEntry 2 } cienaCesAclRuleFilterAction OBJECT-TYPE SYNTAX AclFilterAction MAX-ACCESS read-only STATUS current DESCRIPTION "The configured filter action for this ACL rule." ::= { cienaCesAclRuleConfigTableEntry 3 } cienaCesAclRuleMatchAny OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches any traffic, False otherwise. Matching on any traffic automatically disregards all the remaining fields." ::= { cienaCesAclRuleConfigTableEntry 4 } cienaCesAclRuleMatchSrcMacAddr OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the source MAC address, False otherwise. When True, the cienaCesAclRuleSrcMacAddr and cienaCesAclRuleSrcMacAddrMask fields will contain the source MAC address and mask that are to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 5 } cienaCesAclRuleSrcMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the source MAC address that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchSrcMacAddr field is set to False." ::= { cienaCesAclRuleConfigTableEntry 6 } cienaCesAclRuleSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the source MAC address mask that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchSrcMacAddr field is set to False." ::= { cienaCesAclRuleConfigTableEntry 7 } cienaCesAclRuleMatchDstMacAddr OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the destination MAC address, False otherwise. When True, the cienaCesAclRuleDstMacAddr and cienaCesAclRuleDstMacAddrMask fields will contain the destination MAC address and mask that are to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 8 } cienaCesAclRuleDstMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the destination MAC address that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchDstMacAddr field is set to False." ::= { cienaCesAclRuleConfigTableEntry 9 } cienaCesAclRuleDstMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the destination MAC address mask that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchDstMacAddr field is set to False." ::= { cienaCesAclRuleConfigTableEntry 10 } cienaCesAclRuleMatchOuterVid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the outer VID, False otherwise. When True, the cienaCesAclRuleOuterVid and cienaCesAclRuleOuterVidMask fields will contain the outer VID value and mask that are to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 11 } cienaCesAclRuleOuterVid OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the outer VID that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchOuterVid field is set to False." ::= { cienaCesAclRuleConfigTableEntry 12 } cienaCesAclRuleOuterVidMask OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the outer VID mask that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchOuterVid field is set to False." ::= { cienaCesAclRuleConfigTableEntry 13 } cienaCesAclRuleMatchOuterPcp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the outer PCP, False otherwise. When True, the cienaCesAclRuleOuterPcp and cienaCesAclRuleOuterPcpMask fields will contain the outer PCP value and mask that are to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 14 } cienaCesAclRuleOuterPcp OBJECT-TYPE SYNTAX Unsigned32 (0..7) MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the outer PCP that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchOuterPcp field is set to False." ::= { cienaCesAclRuleConfigTableEntry 15 } cienaCesAclRuleOuterPcpMask OBJECT-TYPE SYNTAX Unsigned32 (0..7) MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the outer PCP mask that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchOuterPcp field is set to False." ::= { cienaCesAclRuleConfigTableEntry 16 } cienaCesAclRuleMatchOuterDei OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the outer DEI bit, False otherwise. When True, the cienaCesAclRuleOuterDei field will contain the outer DEI value that is to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 17 } cienaCesAclRuleOuterDei OBJECT-TYPE SYNTAX Unsigned32 (0..1) MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the outer DEI bit that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchOuterDei field is set to False." ::= { cienaCesAclRuleConfigTableEntry 18 } cienaCesAclRuleMatchBaseEtype OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the base ethertype, False otherwise. When True, the cienaCesAclRuleBaseEtype field will contain the base ethertype value that is to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 19 } cienaCesAclRuleBaseEtype OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the base ethertype that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchBaseEtype field is set to False." ::= { cienaCesAclRuleConfigTableEntry 20 } cienaCesAclRuleMatchSrcIpAddr OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the source IP address, False otherwise. When True, the cienaCesAclRuleSrcIpAddrType field will contain the IP address type (IPv4 or IPv6) and the cienaCesAclRuleSrcIpAddr and cienaCesAclRuleSrcIpAddrPrefixLength fields will contain the IP address value and mask that are to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 21 } cienaCesAclRuleSrcIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the address family of the source IP address (IPv4/IPv6). This field is not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False" ::= { cienaCesAclRuleConfigTableEntry 22 } cienaCesAclRuleSrcIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the source IP address that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False." ::= { cienaCesAclRuleConfigTableEntry 23 } cienaCesAclRuleSrcIpAddrPrefixLength OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the prefix length of the source IP address that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False." ::= { cienaCesAclRuleConfigTableEntry 24 } cienaCesAclRuleMatchDstIpAddr OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the destination IP address, False otherwise. When True, the cienaCesAclRuleDstIpAddrType field will contain the IP address type (IPv4 or IPv6) and the cienaCesAclRuleDstIpAddr and cienaCesAclRuleDstIpAddrPrefixLength fields will contain the IP address value and mask that are to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 25 } cienaCesAclRuleDstIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the address family of the destination IP address (IPv4/IPv6). This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False" ::= { cienaCesAclRuleConfigTableEntry 26 } cienaCesAclRuleDstIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the destination IP address that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False." ::= { cienaCesAclRuleConfigTableEntry 27 } cienaCesAclRuleDstIpAddrPrefixLength OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the prefix length of the destination IP address that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False." ::= { cienaCesAclRuleConfigTableEntry 28 } cienaCesAclRuleMatchIpProtocol OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the IP protocol, False otherwise. When True, the cienaCesAclRuleIpProtocol field will contain the IP protocol value that is to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 29 } cienaCesAclRuleIpProtocol OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the IP protocol value that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchIpProtocol field is set to False." ::= { cienaCesAclRuleConfigTableEntry 30 } cienaCesAclRuleMatchDscp OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on the DSCP value, False otherwise. When True, the cienaCesAclRuleDscp and cienaCesAclRuleDscpMask fields will contain the DSCP value and mask that are to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 31 } cienaCesAclRuleDscp OBJECT-TYPE SYNTAX Unsigned32 (0..63) MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the DSCP value that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchDscp field is set to False." ::= { cienaCesAclRuleConfigTableEntry 32 } cienaCesAclRuleDscpMask OBJECT-TYPE SYNTAX Unsigned32 (0..63) MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the outer DSCP mask that is to be matched by this rule. This field is not applicable when the cienaCesAclRuleMatchDscp field is set to False." ::= { cienaCesAclRuleConfigTableEntry 33 } cienaCesAclRuleMatchL4SrcPort OBJECT-TYPE SYNTAX AclL4PortMatchType MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the type of L4 source port matching that the ACL rule is performing. A value of 'any' indicates that the rule matches any L4 source port. A value of 'single' indicates that the rules matches on a single L4 source port specified in the cienaCesAclRuleL4SrcPort field. A value of 'range' indicates that the rule matches on a range of ports, with the cienaCesAclRuleL4SrcPort field specifiying the lower bound and the cienaCesAclRuleL4SrcPortUpper specifying the upper bound of the range." ::= { cienaCesAclRuleConfigTableEntry 34 } cienaCesAclRuleL4SrcPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the lower bound or single L4 source port value that is to be matched by this rule depending on the value of cienaCesAclRuleMatchL4SrcPort. This field is not applicable when the cienaCesAclRuleMatchL4SrcPort field is set to 'any'." ::= { cienaCesAclRuleConfigTableEntry 35 } cienaCesAclRuleL4SrcPortUpper OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the upper bound of the L4 source port range that is to be matched by this rule depending on the value of cienaCesAclRuleMatchL4SrcPort. This field is not applicable when the cienaCesAclRuleMatchL4SrcPort field is set to 'any' or 'single'." ::= { cienaCesAclRuleConfigTableEntry 36 } cienaCesAclRuleMatchL4DstPort OBJECT-TYPE SYNTAX AclL4PortMatchType MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the type of L4 destination port matching that the ACL rule is performing. A value of 'any' indicates that the rule matches any L4 destination port. A value of 'single' indicates that the rules matches on a single L4 destination port specified in the cienaCesAclRuleL4SrcPort field. A value of 'range' indicates that the rule matches on a range of ports, with the cienaCesAclRuleL4DstPort field specifiying the lower bound and the cienaCesAclRuleL4DstPortUpper specifying the upper bound of the range." ::= { cienaCesAclRuleConfigTableEntry 37 } cienaCesAclRuleL4DstPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the lower bound or single L4 destination port value that is to be matched by this rule depending on the value of cienaCesAclRuleMatchL4DstPort. This field is not applicable when the cienaCesAclRuleMatchL4DstPort field is set to 'any'." ::= { cienaCesAclRuleConfigTableEntry 38 } cienaCesAclRuleL4DstPortUpper OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-only STATUS current DESCRIPTION "Contains the upper bound of the L4 destination port range that is to be matched by this rule depending on the value of cienaCesAclRuleMatchL4DstPort. This field is not applicable when the cienaCesAclRuleMatchL4DstPort field is set to 'any' or 'single'." ::= { cienaCesAclRuleConfigTableEntry 39 } cienaCesAclRuleMatchL4DstProtocol OBJECT-TYPE SYNTAX AclL4DstProtocol MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the L4 destination protocol name that is to be matched by this rule. A value of 'any' indicates that the rule will match any protocol. Note that this field is mutually exclusive with cienaCesAclRuleMatchL4DstPort - i.e. only one of these fields can have a value different from 'any' at a given time." ::= { cienaCesAclRuleConfigTableEntry 40 } cienaCesAclRuleMatchIpFragment OBJECT-TYPE SYNTAX AclIpFragmentMatchType MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the type of IP fragment matching that is to be matched by this rule. A value of 'any' indicates that the rule will match both fragmented and non-fragmented packets. A value of 'fragment' indicates that the rule will match only fragmented packets. A value of 'nonfragment' indicates that the rule will match only non-fragmented (head) packets." ::= { cienaCesAclRuleConfigTableEntry 41 } cienaCesAclRuleMatchTcpFlags OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "True if the ACL rule matches on specific TCP Flags, False otherwise. When True, the cienaCesAclRuleTcpFlags field will contain the TCP Flags that are to be matched by this rule." ::= { cienaCesAclRuleConfigTableEntry 42 } cienaCesAclRuleTcpFlags OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Contains a comma-separated uppercase string list of TCP Flags that are to be matched by this rule, i.e. 'SYN,ACK,RST,...'. This field is not applicable when the cienaCesAclRuleMatchTcpFlags field is set to False." ::= { cienaCesAclRuleConfigTableEntry 43 } -- -- ACL Profile Attachment Table -- cienaCesAclProfileAttachmentTable OBJECT-TYPE SYNTAX SEQUENCE OF CienaCesAclProfileAttachmentTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table showing the interface attachments for each profile on the device. Each entry contains the name of the interface and the traffic direction on which the profile is applied." ::= { cienaCesAclConfiguration 4 } cienaCesAclProfileAttachmentTableEntry OBJECT-TYPE SYNTAX CienaCesAclProfileAttachmentTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the ACL profile attachment data." INDEX { cienaCesAclProfileId, cienaCesAclInterfaceType, cienaCesAclInterfaceId } ::= { cienaCesAclProfileAttachmentTable 1 } CienaCesAclProfileAttachmentTableEntry ::= SEQUENCE { cienaCesAclInterfaceType AclInterfaceType, cienaCesAclInterfaceId Integer32, cienaCesAclInterfaceName DisplayString, cienaCesAclDirection AclTrafficDirection } cienaCesAclInterfaceType OBJECT-TYPE SYNTAX AclInterfaceType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The type of the interface to which this ACL profile is attached." ::= { cienaCesAclProfileAttachmentTableEntry 1 } cienaCesAclInterfaceId OBJECT-TYPE SYNTAX Integer32 (1..1048576) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ID of the interface to which this ACL profile is attached." ::= { cienaCesAclProfileAttachmentTableEntry 2 } cienaCesAclInterfaceName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..31)) MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the interface to which this ACL profile is attached." ::= { cienaCesAclProfileAttachmentTableEntry 3 } cienaCesAclDirection OBJECT-TYPE SYNTAX AclTrafficDirection MAX-ACCESS read-only STATUS current DESCRIPTION "The interface's traffic direction (ingress/egress) on which the ACL profile is applied." ::= { cienaCesAclProfileAttachmentTableEntry 4 } -- -- ACL Profile Global Rule Stats Table -- cienaCesAclProfileGlobalRuleStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF CienaCesAclProfileGlobalRuleStatsTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of global ACL profile rule statistics. Global ACL profile rule statistics are the aggregate counts of the hit statistics for all instances of the ACL profile's rules." ::= { cienaCesAclStatistics 1 } cienaCesAclProfileGlobalRuleStatsTableEntry OBJECT-TYPE SYNTAX CienaCesAclProfileGlobalRuleStatsTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the ACL profile global rule hit statistics." INDEX { cienaCesAclProfileId, cienaCesAclRulePrecedence } ::= { cienaCesAclProfileGlobalRuleStatsTable 1 } CienaCesAclProfileGlobalRuleStatsTableEntry ::= SEQUENCE { cienaCesAclGlobalRuleStatsPacketCount Counter64, cienaCesAclGlobalRuleStatsByteCount Counter64 } cienaCesAclGlobalRuleStatsPacketCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets that matched this ACL rule." ::= { cienaCesAclProfileGlobalRuleStatsTableEntry 1 } cienaCesAclGlobalRuleStatsByteCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of bytes that matched this ACL rule." ::= { cienaCesAclProfileGlobalRuleStatsTableEntry 2 } -- -- ACL Profile Rule Instance Stats Table -- cienaCesAclProfileRuleInstanceStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF CienaCesAclProfileRuleInstanceStatsTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of ACL profile rule instance statistics. These ACL rule hit statistics are specific to the rules applied on the particular interface." ::= { cienaCesAclStatistics 2 } cienaCesAclProfileRuleInstanceStatsTableEntry OBJECT-TYPE SYNTAX CienaCesAclProfileRuleInstanceStatsTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing the ACL profile rule instance hit statistics." INDEX { cienaCesAclProfileId, cienaCesAclInterfaceType, cienaCesAclInterfaceId, cienaCesAclRulePrecedence } ::= { cienaCesAclProfileRuleInstanceStatsTable 1 } CienaCesAclProfileRuleInstanceStatsTableEntry ::= SEQUENCE { cienaCesAclRuleInstanceStatsPacketCount Counter64, cienaCesAclRuleInstanceStatsByteCount Counter64 } cienaCesAclRuleInstanceStatsPacketCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets that matched this ACL rule instance." ::= { cienaCesAclProfileRuleInstanceStatsTableEntry 1 } cienaCesAclRuleInstanceStatsByteCount OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of bytes that matched this ACL rule instance." ::= { cienaCesAclProfileRuleInstanceStatsTableEntry 2 } END