7341 lines
252 KiB
Plaintext
7341 lines
252 KiB
Plaintext
-- ============================================================================
|
|
-- Copyright (c) 2004-2015 New H3C Tech. Co., Ltd. All rights reserved.
|
|
--
|
|
-- Description:
|
|
-- Reference:
|
|
-- Version: V3.4
|
|
-- History:
|
|
-- V1.0 created by yuhui.
|
|
-- V2.0 2004-10-12 updated by gaolong
|
|
-- Define MODULE-IDENTITY for hh3cAcl
|
|
-- Remove chinese characters
|
|
-- Add limitation(0..65535) for some table index
|
|
-- Fix a default value error of hh3cAclAdvancedEstablish
|
|
-- V2.1 2004-11-18 updated by yubo
|
|
-- Add 'hh3cAclIDSTable' for IDS
|
|
-- V2.2 2004-12-13
|
|
-- Fix syntax bugs and adjust format of the whole file by jinyi
|
|
-- Modify description of hh3cAclAdvancedDscp by zhuangyu
|
|
-- V2.3 2005-1-26 updated by WuZhao02557
|
|
-- Change MAX-ACCESS from read-create to not-accessible for the
|
|
-- following MIB nodes:
|
|
-- hh3cAclNumGroupAclNum, hh3cAclNameGroupIndex, hh3cAclBasicAclNum,
|
|
-- hh3cAclBasicSubitem, hh3cAclAdvancedAclNum, hh3cAclAdvancedSubitem
|
|
-- hh3cAclIfAclNum, hh3cAclIfSubitem, hh3cAclLinkAclNum, hh3cAclLinkSubitem
|
|
-- hh3cAclUserAclNum, hh3cAclUserSubitem, hh3cAclActiveAclIndex,
|
|
-- hh3cAclActiveIfIndex, hh3cAclActiveVlanID, hh3cAclActiveDirection
|
|
-- Adjust format of whole file.
|
|
-- 2005-01-27 updated by zhangyinxi
|
|
-- 1. Add objects hh3cAclLinkL2LabelRangeOp, hh3cAclLinkL2LabelRangeBegin
|
|
-- hh3cAclLinkL2LabelRangeEnd and hh3cAclLinkMplsExp in hh3cAclLinkTable
|
|
-- 2. Add an enumeration mpls(34887) to object hh3cAclLinkProtocol
|
|
-- 3. Expand the range of object hh3cAclActiveVlanID to Integer32
|
|
-- V2.4 2005-2-24
|
|
-- Make the index of hh3cAclIDSTable IMPLIED by fuzhenyu because IDS devices
|
|
-- require fixed length index to be used. IDS devices only provide index
|
|
-- with no sub-identifier indicating the length of the string.
|
|
-- Modify enum name(value is 4) of hh3cAclLinkFormatType to ieee802Dot3 by daishijun
|
|
-- V2.5 2005-7-25
|
|
-- Add objects hh3cAclMib2Mode, hh3cAclVersion, hh3cAclMib2ObjectsCapabilities,
|
|
-- hh3cAclIPAclNumGroupTable, hh3cAclIPAclBasicTable, hh3cAclIPAclAdvancedTable,
|
|
-- hh3cAclMACTable, hh3cAclEnUserTable by tangshun.
|
|
-- V2.6 2006-01-03
|
|
-- Add objects hh3cAclIPAclBasicComment, hh3cAclIPAclAdvancedComment,
|
|
-- hh3cAclMACComment, hh3cAclEnUserComment by tangshun.
|
|
-- V2.7 2006-03-09 updated by changhuifeng
|
|
-- Add object hh3cAclIPAclAdvancedReflective in hh3cAclIPAclAdvancedTable.
|
|
-- Modify the description of object hh3cAclIPAclAdvancedFragmentFlag.
|
|
-- Modify the description of object hh3cAclMib2Version.
|
|
-- Modify the description of object hh3cAclLinkDestAny for text error.
|
|
-- Modify the description of object hh3cAclMib2CharacteristicsValue.
|
|
-- V2.8 2006-07-06 updated by xialei
|
|
-- Modify the description of hh3cAclIPAclAdvancedIcmpType
|
|
-- and hh3cAclIPAclAdvancedIcmpCode.
|
|
-- Change value range of hh3cAclIPAclAdvancedIcmpCode.
|
|
-- V2.9 2006-08-08 updated by chenzhaojie
|
|
-- Add enumeration value to hh3cAclActiveDirection.
|
|
-- V3.0 2010-09-01 updated by zhaixiaoxiang
|
|
-- Add hh3cAclResourceUsageTable.
|
|
-- V3.1 2012-02-06 updated by wangchenxiao
|
|
-- Add hh3cPacketfilterTrapObjects
|
|
-- Add hh3cPacketfilterTrap
|
|
-- 2012-02-14 updated by mouxuanli
|
|
-- Add hh3cAclMib2ProcessingStatus of object hh3cAclMib2NodesGroup
|
|
-- Add hh3cAclNumberGroupName of object hh3cAclNumberGroupTable
|
|
-- Add hh3cAclIPAclBasicCounting of object hh3cAclIPAclBasicTable
|
|
-- Add hh3cAclIPAclBasicRouteTypeAny of object hh3cAclIPAclBasicTable
|
|
-- Add hh3cAclIPAclBasicRouteTypeValue of object hh3cAclIPAclBasicTable
|
|
-- Add hh3cAclIPAclAdvancedCounting of object hh3cAclIPAclAdvancedTable
|
|
-- Add hh3cAclIPAclAdvancedTCPFlagMask of object hh3cAclIPAclAdvancedTable
|
|
-- Add hh3cAclIPAclAdvancedTCPFlagValue of object hh3cAclIPAclAdvancedTable
|
|
-- Add hh3cAclIPAclAdvancedRouteTypeAny of object hh3cAclIPAclAdvancedTable
|
|
-- Add hh3cAclIPAclAdvancedRouteTypeValue of object hh3cAclIPAclAdvancedTable
|
|
-- Add hh3cAclIPAclAdvancedFlowLabel of object hh3cAclIPAclAdvancedTable
|
|
-- Add hh3cAclMACLog of object hh3cAclMACTable
|
|
-- Add hh3cAclMACCounting of object hh3cAclMACTable
|
|
-- Add hh3cAclEnUserLog of object hh3cAclEnUserTable
|
|
-- Add hh3cAclEnUserCounting of object hh3cAclEnUserTable
|
|
-- Modify the description of hh3cAclResourceType
|
|
-- Add hh3cAclResourceTypeDescription of object hh3cAclResourceUsageTable
|
|
-- Add hh3cAclPacketFilterObjects
|
|
-- V3.2 2012-11-30 updated by gaoyu
|
|
-- Add hh3cPfilterRunApplyObjType of object hh3cPfilterAclGroupRunInfoTable
|
|
-- Add hh3cPfilterRunApplyObjIndex of object hh3cPfilterAclGroupRunInfoTable
|
|
-- Add hh3cPfilterRunApplyDirection of object hh3cPfilterAclGroupRunInfoTable
|
|
-- Add hh3cPfilterRunApplyAclType of object hh3cPfilterAclGroupRunInfoTable
|
|
-- Add hh3cPfilterRunApplyAclIndex of object hh3cPfilterAclGroupRunInfoTable
|
|
-- modify the hh3cPfilterRunApplyObjType of object hh3cPfilterAclRuleRunInfoTable
|
|
-- modify the hh3cPfilterRunApplyObjIndex of object hh3cPfilterAclRuleRunInfoTable
|
|
-- modify the hh3cPfilterRunApplyDirection of object hh3cPfilterAclRuleRunInfoTable
|
|
-- modify the hh3cPfilterRunApplyAclType of object hh3cPfilterAclRuleRunInfoTable
|
|
-- modify the hh3cPfilterRunApplyAclIndex of object hh3cPfilterAclRuleRunInfoTable
|
|
-- V3.3 2013-11-30 updated by gaoyu
|
|
-- Add hh3cAclNamedGroupTable to object hh3cAclMib2GlobalGroup
|
|
-- Add hh3cAclIPAclNamedBscTable to object hh3cAclIPAclGroup
|
|
-- Add hh3cAclIPAclNamedAdvTable to object hh3cAclIPAclGroup
|
|
-- Add hh3cAclNamedMACTable to object hh3cAclMACAclGroup
|
|
-- Add hh3cAclIntervalGroup to object hh3cAclMib2Objects
|
|
-- Modify hh3cPfilterApplyAclType of object hh3cPfilterApplyTable
|
|
-- Modify hh3cPfilterRunApplyAclType of object hh3cPfilterAclGroupRunInfoTable
|
|
-- Modify hh3cPfilterSumAclType of object hh3cPfilterStatisticSumTable
|
|
-- Add hh3cPfilter2ApplyTable to object hh3cAclPacketFilterObjects
|
|
-- Add hh3cPfilter2AclGroupRunInfoTable to object hh3cAclPacketFilterObjects
|
|
-- Add hh3cPfilter2AclRuleRunInfoTable to object hh3cAclPacketFilterObjects
|
|
-- Add hh3cPfilter2StatisticSumTable to object hh3cAclPacketFilterObjects
|
|
-- Add hh3cAclPacketIfName to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketDirection to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketBAGG to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketVlanID to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketSrcIP to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketDstIP to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketProtocol to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketDscp to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketFlowLabel to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketIcmpIgmpType to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketIcmpIgmpCode to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketTcpFlags to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketSrcPort to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketDstPort to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketSrcMacAddr to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketDstMacAddr to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketMacTypeLen to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclPacketVlanPCP to object hh3cAclPacketfilterTrapObjects
|
|
-- Add hh3cAclRuleMatchCount to object hh3cPfilterTrapPrefix
|
|
-- Add hh3cAclFirstIPv4PktCaptured to object hh3cPfilterTrapPrefix
|
|
-- Add hh3cAclFirstIPv6PktCaptured to object hh3cPfilterTrapPrefix
|
|
-- Add hh3cAclFirstEthernetPktCaptured to object hh3cPfilterTrapPrefix
|
|
-- 2014-2-20 updated by gaoyu
|
|
-- Add hh3cAclNamedUserTable to object hh3cAclEnUserAclGroup
|
|
-- 2014-07-08 updated by gaoyu
|
|
-- Add hh3cAclIPAclAdvancedSrcSuffix to object hh3cAclIPAclAdvancedTable
|
|
-- Add hh3cAclIPAclAdvancedDestSuffix to object hh3cAclIPAclAdvancedTable
|
|
-- Add hh3cAclIPAclNamedAdvSrcSuffix to object hh3cAclIPAclNamedAdvTable
|
|
-- Add hh3cAclIPAclNamedAdvDstSuffix to object hh3cAclIPAclNamedAdvTable
|
|
-- V3.4 2014-10-20 updated by gaoyu
|
|
-- Add hh3cAclMib2ResourceThreshold to object hh3cAclMib2NodesGroup
|
|
-- Add hh3cAclMib2ResourceLogInterval to object hh3cAclMib2NodesGroup
|
|
-- Add hh3cAclResourceTypeName to object hh3cAclTrapObjects
|
|
-- Add hh3cAclResourceUsage to object hh3cAclTrapObjects
|
|
-- Add hh3cAclResourceUsedEntries to object hh3cAclTrapObjects
|
|
-- Add hh3cAclResourceTotalEntries to object hh3cAclTrapObjects
|
|
-- Add hh3cAclResourceChassisID to object hh3cAclTrapObjects
|
|
-- Add hh3cAclResourceSlotID to object hh3cAclTrapObjects
|
|
-- Add hh3cAclResourceTrap to object hh3cAclTrapPrefix
|
|
-- ============================================================================
|
|
HH3C-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
hh3cCommon
|
|
FROM HH3C-OID-MIB
|
|
IpAddress, Integer32, Counter32, OBJECT-TYPE, MODULE-IDENTITY,
|
|
NOTIFICATION-TYPE, Unsigned32, Counter64
|
|
FROM SNMPv2-SMI
|
|
InetAddressType, InetAddress, InetAddressPrefixLength
|
|
FROM INET-ADDRESS-MIB
|
|
RowStatus, TruthValue, MacAddress, TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC;
|
|
|
|
--
|
|
-- Node definitions
|
|
--
|
|
|
|
hh3cAcl MODULE-IDENTITY
|
|
LAST-UPDATED "201410201000Z" -- Oct 20, 2014 at 10:00 GMT
|
|
ORGANIZATION
|
|
"New H3C Technologies Co., Ltd."
|
|
CONTACT-INFO
|
|
"Platform Team New H3C Technologies Co., Ltd.
|
|
Hai-Dian District Beijing P.R. China
|
|
http://www.h3c.com
|
|
Zip:100085
|
|
"
|
|
DESCRIPTION
|
|
"ACL management information base for managing devices
|
|
that support access control list and packet filtering.
|
|
"
|
|
REVISION "201410201000Z" -- Oct 22, 2014 at 10:00 GMT
|
|
DESCRIPTION
|
|
"Added 2 ndoes to configure TCAM function and 6 nodes to show trap info."
|
|
::= { hh3cCommon 8 }
|
|
|
|
-- Rule action value
|
|
RuleAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of rule's action.
|
|
permit: The packet matching the rule will be permitted to forward.
|
|
deny: The packet matching the rule will be denied.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(1),
|
|
permit(2),
|
|
deny(3)
|
|
}
|
|
|
|
-- CounterClear value
|
|
CounterClear ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"cleared: Reset the value of the rule's counter.
|
|
nouse: 'nouse' will be returned when getting.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
|
|
-- PortOp value
|
|
PortOp ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The operation type of TCP and UDP.
|
|
lt : Less than given port number.
|
|
eq : Equal to given port number.
|
|
gt : Greater than given port number.
|
|
neq : Not equal to given port number.
|
|
range : Between two port numbers.
|
|
Default value is 'invalid'.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
lt(1),
|
|
eq(2),
|
|
gt(3),
|
|
neq(4),
|
|
range(5)
|
|
}
|
|
|
|
-- DSCP value
|
|
DSCPValue ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "d"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of DSCP.
|
|
<0-63> Value of DSCP
|
|
af11 Specify Assured Forwarding 11 service(10)
|
|
af12 Specify Assured Forwarding 12 service(12)
|
|
af13 Specify Assured Forwarding 13 service(14)
|
|
af21 Specify Assured Forwarding 21 service(18)
|
|
af22 Specify Assured Forwarding 22 service(20)
|
|
af23 Specify Assured Forwarding 23 service(22)
|
|
af31 Specify Assured Forwarding 31 service(26)
|
|
af32 Specify Assured Forwarding 32 service(28)
|
|
af33 Specify Assured Forwarding 33 service(30)
|
|
af41 Specify Assured Forwarding 41 service(34)
|
|
af42 Specify Assured Forwarding 42 service(36)
|
|
af43 Specify Assured Forwarding 43 service(38)
|
|
be Specify Best Effort service(0)
|
|
cs1 Specify Class Selector 1 service(8)
|
|
cs2 Specify Class Selector 2 service(16)
|
|
cs3 Specify Class Selector 3 service(24)
|
|
cs4 Specify Class Selector 4 service(32)
|
|
cs5 Specify Class Selector 5 service(40)
|
|
cs6 Specify Class Selector 6 service(48)
|
|
cs7 Specify Class Selector 7 service(56)
|
|
ef Specify Expedited Forwarding service(46)
|
|
"
|
|
SYNTAX Integer32 (0..63|255)
|
|
|
|
-- TCP Flags
|
|
TCPFlag ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of TCP.
|
|
invalid(0)
|
|
tcpack(1) TCP protocol ACK Packet
|
|
tcpfin(2) TCP protocol PIN Packet
|
|
tcppsh(3) TCP protocol PUSH Packet
|
|
tcprst(4) TCP protocol RST Packet
|
|
tcpsyn(5) TCP protocol SYN Packet
|
|
tcpurg(6) TCP protocol URG Packet
|
|
Default value is 'invalid'.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
tcpack(1),
|
|
tcpfin(2),
|
|
tcppsh(3),
|
|
tcprst(4),
|
|
tcpsyn(5),
|
|
tcpurg(6)
|
|
}
|
|
|
|
-- Fragment Flags
|
|
FragmentFlag ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of fragment.
|
|
invalid(0)
|
|
fragment(1) Frag-Type Fragment
|
|
fragmentSubseq(2) Frag-Type Fragment-subsequent
|
|
nonFragment(3) Frag-Type non-Fragment
|
|
nonSubseq(4) Frag-Type non-subsequent
|
|
Default value is 'invalid'.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
fragment(1),
|
|
fragmentSubseq(2),
|
|
nonFragment(3),
|
|
nonSubseq(4)
|
|
}
|
|
|
|
-- Address Flags
|
|
AddressFlag ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Address flag to select IPv6 Address.
|
|
Default value is 'invalid'.
|
|
|
|
t64SrcAddrPre64DestAddrPre(1):
|
|
The mean of the enumeration 't64SrcAddrPre64DestAddrPre' is
|
|
that system gets the 64 bits prefix of source address and
|
|
the 64 bits prefix of destination address.
|
|
|
|
t64SrcAddrPre64DestAddrSuf(2):
|
|
The mean of the enumeration 't64SrcAddrPre64DestAddrSuf' is
|
|
that system gets the 64 bits prefix of source address and
|
|
the 64 bits suffix of destination address.
|
|
|
|
t64SrcAddrSuf64DestAddrPre(3):
|
|
The mean of the enumeration 't64SrcAddrSuf64DestAddrPre' is
|
|
that system gets the 64 bits suffix of source address and
|
|
the 64 bits prefix of destination address.
|
|
|
|
t64SrcAddrSuf64DestAddrSuf(4):
|
|
The mean of the enumeration 't64SrcAddrSuf64DestAddrSuf' is
|
|
that system gets the 64 bits suffix of source address and
|
|
the 64 bits suffix of destination address.
|
|
|
|
t128SourceAddress(5):
|
|
The mean of the enumeration 't128SourceAddress' is that
|
|
system gets the 128 bits of source address.
|
|
|
|
t128DestinationAddress(6):
|
|
The mean of the enumeration 't128SourceAddress' is that
|
|
system gets the 128 bits of destination address.
|
|
"
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
t64SrcAddrPre64DestAddrPre(1),
|
|
t64SrcAddrPre64DestAddrSuf(2),
|
|
t64SrcAddrSuf64DestAddrPre(3),
|
|
t64SrcAddrSuf64DestAddrSuf(4),
|
|
t128SourceAddress(5),
|
|
t128DestinationAddress(6)
|
|
}
|
|
|
|
-- Direction type
|
|
DirectionType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction: inbound or outbound."
|
|
SYNTAX INTEGER
|
|
{
|
|
inbound(1),
|
|
outbound(2)
|
|
}
|
|
|
|
--
|
|
-- nodes defined
|
|
--
|
|
hh3cAclMibObjects OBJECT IDENTIFIER ::= { hh3cAcl 1 }
|
|
|
|
hh3cAclMode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
linkBased(1),
|
|
ipBased(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Access-list mode."
|
|
DEFVAL { ipBased }
|
|
::= { hh3cAclMibObjects 1 }
|
|
|
|
--
|
|
-- Node of hh3cAclNumGroupTable
|
|
--
|
|
hh3cAclNumGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclNumGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the match-order of number-acl group."
|
|
::= { hh3cAclMibObjects 2 }
|
|
|
|
hh3cAclNumGroupEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclNumGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of hh3cAclNumGroupTable."
|
|
INDEX { hh3cAclNumGroupAclNum }
|
|
::= { hh3cAclNumGroupTable 1 }
|
|
|
|
Hh3cAclNumGroupEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclNumGroupAclNum
|
|
Integer32,
|
|
hh3cAclNumGroupMatchOrder
|
|
INTEGER,
|
|
hh3cAclNumGroupSubitemNum
|
|
Integer32,
|
|
hh3cAclNumGroupDescription
|
|
OCTET STRING,
|
|
hh3cAclNumGroupCountClear
|
|
INTEGER,
|
|
hh3cAclNumGroupRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cAclNumGroupAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (1000..5999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of number-acl group
|
|
Interface type:1000..1999
|
|
Basic type:2000..2999
|
|
Advance type:3000..3999
|
|
Link type:4000..4999
|
|
User type:5000..5999"
|
|
::= { hh3cAclNumGroupEntry 1 }
|
|
|
|
hh3cAclNumGroupMatchOrder OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
config(1),
|
|
auto(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The match-order of number-acl group."
|
|
DEFVAL { config }
|
|
::= { hh3cAclNumGroupEntry 2 }
|
|
|
|
hh3cAclNumGroupSubitemNum OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of number-acl group's node."
|
|
::= { hh3cAclNumGroupEntry 3 }
|
|
|
|
hh3cAclNumGroupDescription OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of this acl group."
|
|
::= { hh3cAclNumGroupEntry 4 }
|
|
|
|
hh3cAclNumGroupCountClear OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of rules' counter, which belong to this group."
|
|
::= { hh3cAclNumGroupEntry 5 }
|
|
|
|
hh3cAclNumGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { hh3cAclNumGroupEntry 6 }
|
|
|
|
--
|
|
-- Node of hh3cAclNameGroupTable
|
|
--
|
|
hh3cAclNameGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclNameGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Create acl-group that identified by name."
|
|
::= { hh3cAclMibObjects 3 }
|
|
|
|
hh3cAclNameGroupEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclNameGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of hh3cAclNameGroupTable."
|
|
INDEX { hh3cAclNameGroupIndex }
|
|
::= { hh3cAclNameGroupTable 1 }
|
|
|
|
Hh3cAclNameGroupEntry ::=
|
|
SEQUENCE {
|
|
hh3cAclNameGroupIndex
|
|
Integer32,
|
|
hh3cAclNameGroupCreateName
|
|
OCTET STRING,
|
|
hh3cAclNameGroupTypes
|
|
INTEGER,
|
|
hh3cAclNameGroupMatchOrder
|
|
INTEGER,
|
|
hh3cAclNameGroupSubitemNum
|
|
Integer32,
|
|
hh3cAclNameGroupRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cAclNameGroupIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of name-acl group."
|
|
::= { hh3cAclNameGroupEntry 1 }
|
|
|
|
hh3cAclNameGroupCreateName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of name-acl group."
|
|
::= { hh3cAclNameGroupEntry 2 }
|
|
|
|
hh3cAclNameGroupTypes OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
basic(1),
|
|
advanced(2),
|
|
ifBased(3),
|
|
link(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of name-acl group."
|
|
::= { hh3cAclNameGroupEntry 3 }
|
|
|
|
hh3cAclNameGroupMatchOrder OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
config(1),
|
|
auto(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The match-order of name-acl group."
|
|
DEFVAL { config }
|
|
::= { hh3cAclNameGroupEntry 4 }
|
|
|
|
hh3cAclNameGroupSubitemNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0..128)
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of name-acl group's node."
|
|
::= { hh3cAclNameGroupEntry 5 }
|
|
|
|
hh3cAclNameGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { hh3cAclNameGroupEntry 6 }
|
|
|
|
--
|
|
-- hh3cAclBasicRuleTable
|
|
--
|
|
hh3cAclBasicRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclBasicRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the rule for basic acl group."
|
|
::= { hh3cAclMibObjects 4 }
|
|
|
|
hh3cAclBasicRuleEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclBasicRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of hh3cAclBasicRuleTable."
|
|
INDEX { hh3cAclBasicAclNum, hh3cAclBasicSubitem }
|
|
::= { hh3cAclBasicRuleTable 1 }
|
|
|
|
Hh3cAclBasicRuleEntry ::=
|
|
SEQUENCE {
|
|
hh3cAclBasicAclNum
|
|
Integer32,
|
|
hh3cAclBasicSubitem
|
|
Integer32,
|
|
hh3cAclBasicAct
|
|
INTEGER,
|
|
hh3cAclBasicSrcIp
|
|
IpAddress,
|
|
hh3cAclBasicSrcWild
|
|
IpAddress,
|
|
hh3cAclBasicTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclBasicFragments
|
|
TruthValue,
|
|
hh3cAclBasicLog
|
|
TruthValue,
|
|
hh3cAclBasicEnable
|
|
TruthValue,
|
|
hh3cAclBasicCount
|
|
Counter32,
|
|
hh3cAclBasicCountClear
|
|
INTEGER,
|
|
hh3cAclBasicRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cAclBasicAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|2000..2999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of basic acl group."
|
|
::= { hh3cAclBasicRuleEntry 1 }
|
|
|
|
hh3cAclBasicSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subindex of basic acl group."
|
|
::= { hh3cAclBasicRuleEntry 2 }
|
|
|
|
hh3cAclBasicAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of basic acl rule."
|
|
::= { hh3cAclBasicRuleEntry 3 }
|
|
|
|
hh3cAclBasicSrcIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address of basic acl rule."
|
|
::= { hh3cAclBasicRuleEntry 4 }
|
|
|
|
hh3cAclBasicSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address wild of basic acl rule."
|
|
::= { hh3cAclBasicRuleEntry 5 }
|
|
|
|
hh3cAclBasicTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of basic acl rule."
|
|
::= { hh3cAclBasicRuleEntry 6 }
|
|
|
|
hh3cAclBasicFragments OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packet."
|
|
::= { hh3cAclBasicRuleEntry 7 }
|
|
|
|
hh3cAclBasicLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of log."
|
|
::= { hh3cAclBasicRuleEntry 8 }
|
|
|
|
hh3cAclBasicEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { hh3cAclBasicRuleEntry 9 }
|
|
|
|
hh3cAclBasicCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by basic rule."
|
|
::= { hh3cAclBasicRuleEntry 10 }
|
|
|
|
hh3cAclBasicCountClear OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
::= { hh3cAclBasicRuleEntry 11 }
|
|
|
|
hh3cAclBasicRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { hh3cAclBasicRuleEntry 12 }
|
|
|
|
--
|
|
-- hh3cAclAdvancedRuleTable
|
|
--
|
|
hh3cAclAdvancedRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclAdvancedRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the rule for advanced acl group."
|
|
::= { hh3cAclMibObjects 5 }
|
|
|
|
hh3cAclAdvancedRuleEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclAdvancedRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of hh3cAclAdvancedRuleTable."
|
|
INDEX { hh3cAclAdvancedAclNum, hh3cAclAdvancedSubitem }
|
|
::= { hh3cAclAdvancedRuleTable 1 }
|
|
|
|
Hh3cAclAdvancedRuleEntry ::=
|
|
SEQUENCE {
|
|
hh3cAclAdvancedAclNum
|
|
Integer32,
|
|
hh3cAclAdvancedSubitem
|
|
Integer32,
|
|
hh3cAclAdvancedAct
|
|
INTEGER,
|
|
hh3cAclAdvancedProtocol
|
|
Integer32,
|
|
hh3cAclAdvancedSrcIp
|
|
IpAddress,
|
|
hh3cAclAdvancedSrcWild
|
|
IpAddress,
|
|
hh3cAclAdvancedSrcOp
|
|
INTEGER,
|
|
hh3cAclAdvancedSrcPort1
|
|
Integer32,
|
|
hh3cAclAdvancedSrcPort2
|
|
Integer32,
|
|
hh3cAclAdvancedDestIp
|
|
IpAddress,
|
|
hh3cAclAdvancedDestWild
|
|
IpAddress,
|
|
hh3cAclAdvancedDestOp
|
|
INTEGER,
|
|
hh3cAclAdvancedDestPort1
|
|
Integer32,
|
|
hh3cAclAdvancedDestPort2
|
|
Integer32,
|
|
hh3cAclAdvancedPrecedence
|
|
Integer32,
|
|
hh3cAclAdvancedTos
|
|
Integer32,
|
|
hh3cAclAdvancedDscp
|
|
Integer32,
|
|
hh3cAclAdvancedEstablish
|
|
TruthValue,
|
|
hh3cAclAdvancedTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclAdvancedIcmpType
|
|
Integer32,
|
|
hh3cAclAdvancedIcmpCode
|
|
Integer32,
|
|
hh3cAclAdvancedFragments
|
|
TruthValue,
|
|
hh3cAclAdvancedLog
|
|
TruthValue,
|
|
hh3cAclAdvancedEnable
|
|
TruthValue,
|
|
hh3cAclAdvancedCount
|
|
Counter32,
|
|
hh3cAclAdvancedCountClear
|
|
INTEGER,
|
|
hh3cAclAdvancedRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cAclAdvancedAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|3000..3999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of advanced acl group."
|
|
::= { hh3cAclAdvancedRuleEntry 1 }
|
|
|
|
hh3cAclAdvancedSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subindex of advanced acl group."
|
|
::= { hh3cAclAdvancedRuleEntry 2 }
|
|
|
|
hh3cAclAdvancedAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of Advance acl rule."
|
|
|
|
::= { hh3cAclAdvancedRuleEntry 3 }
|
|
|
|
hh3cAclAdvancedProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-type of advanced acl group.
|
|
<1-255> Protocol number
|
|
gre GRE tunneling(47)
|
|
icmp Internet Control Message Protocol(1)
|
|
igmp Internet Group Management Protocol(2)
|
|
ip Any IP protocol
|
|
ipinip IP in IP tunneling(4)
|
|
ospf OSPF routing protocol(89)
|
|
tcp Transmission Control Protocol (6)
|
|
udp User Datagram Protocol (17)"
|
|
::= { hh3cAclAdvancedRuleEntry 4 }
|
|
|
|
hh3cAclAdvancedSrcIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address of advanced acl group."
|
|
::= { hh3cAclAdvancedRuleEntry 5 }
|
|
|
|
hh3cAclAdvancedSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address wild of advanced acl group."
|
|
::= { hh3cAclAdvancedRuleEntry 6 }
|
|
|
|
hh3cAclAdvancedSrcOp OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
lt(1),
|
|
eq(2),
|
|
gt(3),
|
|
neq(4),
|
|
range(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source IP-address's operator of advanced acl group."
|
|
::= { hh3cAclAdvancedRuleEntry 7 }
|
|
|
|
hh3cAclAdvancedSrcPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port1."
|
|
::= { hh3cAclAdvancedRuleEntry 8 }
|
|
|
|
hh3cAclAdvancedSrcPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port2."
|
|
::= { hh3cAclAdvancedRuleEntry 9 }
|
|
|
|
hh3cAclAdvancedDestIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP-address of advanced acl group."
|
|
::= { hh3cAclAdvancedRuleEntry 10 }
|
|
|
|
hh3cAclAdvancedDestWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP-address wild of advanced acl group."
|
|
::= { hh3cAclAdvancedRuleEntry 11 }
|
|
|
|
hh3cAclAdvancedDestOp OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
lt(1),
|
|
eq(2),
|
|
gt(3),
|
|
neq(4),
|
|
range(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination IP-address's operator of advanced acl group."
|
|
::= { hh3cAclAdvancedRuleEntry 12 }
|
|
|
|
hh3cAclAdvancedDestPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port1."
|
|
::= { hh3cAclAdvancedRuleEntry 13 }
|
|
|
|
hh3cAclAdvancedDestPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port2."
|
|
::= { hh3cAclAdvancedRuleEntry 14 }
|
|
|
|
hh3cAclAdvancedPrecedence OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's precedence.
|
|
<0-7> Value of precedence
|
|
routine Specify routine precedence(0)
|
|
priority Specify priority precedence(1)
|
|
immediate Specify immediate precedence(2)
|
|
flash Specify flash precedence(3)
|
|
flash-override Specify flash-override precedence(4)
|
|
critical Specify critical precedence(5)
|
|
internet Specify internetwork control precedence(6)
|
|
network Specify network control precedence(7) "
|
|
::= { hh3cAclAdvancedRuleEntry 15 }
|
|
|
|
hh3cAclAdvancedTos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..15|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's TOS.
|
|
<0-15> Value of TOS(type of service)
|
|
max-reliability Match packets with max reliable TOS(2)
|
|
max-throughput Match packets with max throughput TOS(4)
|
|
min-delay Match packets with min delay TOS(8)
|
|
min-monetary-cost Match packets with min monetary cost TOS(1)
|
|
normal Match packets with normal TOS(0) "
|
|
::= { hh3cAclAdvancedRuleEntry 16 }
|
|
|
|
hh3cAclAdvancedDscp OBJECT-TYPE
|
|
SYNTAX Integer32 (0..63|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of DSCP.
|
|
<0-63> Value of DSCP
|
|
af11 Specify Assured Forwarding 11 service(10)
|
|
af12 Specify Assured Forwarding 12 service(12)
|
|
af13 Specify Assured Forwarding 13 service(14)
|
|
af21 Specify Assured Forwarding 21 service(18)
|
|
af22 Specify Assured Forwarding 22 service(20)
|
|
af23 Specify Assured Forwarding 23 service(22)
|
|
af31 Specify Assured Forwarding 31 service(26)
|
|
af32 Specify Assured Forwarding 32 service(28)
|
|
af33 Specify Assured Forwarding 33 service(30)
|
|
af41 Specify Assured Forwarding 41 service(34)
|
|
af42 Specify Assured Forwarding 42 service(36)
|
|
af43 Specify Assured Forwarding 43 service(38)
|
|
be Specify Best Effort service(0)
|
|
cs1 Specify Class Selector 1 service(8)
|
|
cs2 Specify Class Selector 2 service(16)
|
|
cs3 Specify Class Selector 3 service(24)
|
|
cs4 Specify Class Selector 4 service(32)
|
|
cs5 Specify Class Selector 5 service(40)
|
|
cs6 Specify Class Selector 6 service(48)
|
|
cs7 Specify Class Selector 7 service(56)
|
|
ef Specify Expedited Forwarding service(46)"
|
|
::= { hh3cAclAdvancedRuleEntry 17 }
|
|
|
|
hh3cAclAdvancedEstablish OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Establish flag."
|
|
DEFVAL { false }
|
|
::= { hh3cAclAdvancedRuleEntry 18 }
|
|
|
|
hh3cAclAdvancedTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of advanced acl rule."
|
|
::= { hh3cAclAdvancedRuleEntry 19 }
|
|
|
|
hh3cAclAdvancedIcmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of ICMP packet.
|
|
Integer32 ICMP type
|
|
echo Type=8, Code=0
|
|
echo-reply Type=0, Code=0
|
|
fragmentneed-DFset Type=3, Code=4
|
|
host-redirect Type=5, Code=1
|
|
host-tos-redirect Type=5, Code=3
|
|
host-unreachable Type=3, Code=1
|
|
information-reply Type=16, Code=0
|
|
information-request Type=15, Code=0
|
|
net-redirect Type=5, Code=0
|
|
net-tos-redirect Type=5, Code=2
|
|
net-unreachable Type=3, Code=0
|
|
parameter-problem Type=12, Code=0
|
|
port-unreachable Type=3, Code=3
|
|
protocol-unreachable Type=3, Code=2
|
|
reassembly-timeout Type=11, Code=1
|
|
source-quench Type=4, Code=0
|
|
source-route-failed Type=3, Code=5
|
|
timestamp-reply Type=14, Code=0
|
|
timestamp-request Type=13, Code=0
|
|
ttl-exceeded Type=11, Code=0 "
|
|
::= { hh3cAclAdvancedRuleEntry 20 }
|
|
|
|
hh3cAclAdvancedIcmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The code of ICMP packet."
|
|
::= { hh3cAclAdvancedRuleEntry 21 }
|
|
|
|
hh3cAclAdvancedFragments OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packet."
|
|
::= { hh3cAclAdvancedRuleEntry 22 }
|
|
|
|
hh3cAclAdvancedLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of log."
|
|
::= { hh3cAclAdvancedRuleEntry 23 }
|
|
|
|
hh3cAclAdvancedEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { hh3cAclAdvancedRuleEntry 24 }
|
|
|
|
hh3cAclAdvancedCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by advanced rule."
|
|
::= { hh3cAclAdvancedRuleEntry 25 }
|
|
|
|
hh3cAclAdvancedCountClear OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
::= { hh3cAclAdvancedRuleEntry 26 }
|
|
|
|
hh3cAclAdvancedRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { hh3cAclAdvancedRuleEntry 27 }
|
|
--
|
|
-- hh3cAclIfRuleTable
|
|
--
|
|
hh3cAclIfRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclIfRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the rule for interface-based acl group."
|
|
::= { hh3cAclMibObjects 6 }
|
|
|
|
hh3cAclIfRuleEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclIfRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Define the index of hh3cAclIfRuleTable."
|
|
INDEX { hh3cAclIfAclNum, hh3cAclIfSubitem }
|
|
::= { hh3cAclIfRuleTable 1 }
|
|
|
|
Hh3cAclIfRuleEntry ::=
|
|
SEQUENCE {
|
|
hh3cAclIfAclNum
|
|
Integer32,
|
|
hh3cAclIfSubitem
|
|
Integer32,
|
|
hh3cAclIfAct
|
|
INTEGER,
|
|
hh3cAclIfIndex
|
|
Integer32,
|
|
hh3cAclIfAny
|
|
TruthValue,
|
|
hh3cAclIfTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclIfLog
|
|
TruthValue,
|
|
hh3cAclIfEnable
|
|
TruthValue,
|
|
hh3cAclIfCount
|
|
Counter32,
|
|
hh3cAclIfCountClear
|
|
INTEGER,
|
|
hh3cAclIfRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cAclIfAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|1000..1999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of interface-based acl group."
|
|
::= { hh3cAclIfRuleEntry 1 }
|
|
|
|
hh3cAclIfSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subindex of interface-based acl group."
|
|
::= { hh3cAclIfRuleEntry 2 }
|
|
|
|
hh3cAclIfAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of interface-based acl group."
|
|
::= { hh3cAclIfRuleEntry 3 }
|
|
|
|
hh3cAclIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of interface."
|
|
::= { hh3cAclIfRuleEntry 4 }
|
|
|
|
hh3cAclIfAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any interface."
|
|
::= { hh3cAclIfRuleEntry 5 }
|
|
|
|
hh3cAclIfTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of interface-based acl rule."
|
|
::= { hh3cAclIfRuleEntry 6 }
|
|
|
|
hh3cAclIfLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of log."
|
|
::= { hh3cAclIfRuleEntry 7 }
|
|
|
|
hh3cAclIfEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { hh3cAclIfRuleEntry 8 }
|
|
|
|
hh3cAclIfCount OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by basic rule."
|
|
::= { hh3cAclIfRuleEntry 9 }
|
|
|
|
hh3cAclIfCountClear OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
cleared(1),
|
|
nouse(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of the rule's counter."
|
|
::= { hh3cAclIfRuleEntry 10 }
|
|
|
|
hh3cAclIfRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { hh3cAclIfRuleEntry 11 }
|
|
|
|
--
|
|
-- hh3cAclLinkTable
|
|
--
|
|
hh3cAclLinkTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclLinkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Create link acl."
|
|
::= { hh3cAclMibObjects 7 }
|
|
|
|
hh3cAclLinkEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclLinkEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of the link acl table."
|
|
INDEX { hh3cAclLinkAclNum, hh3cAclLinkSubitem }
|
|
::= { hh3cAclLinkTable 1 }
|
|
|
|
Hh3cAclLinkEntry ::=
|
|
SEQUENCE {
|
|
hh3cAclLinkAclNum
|
|
Integer32,
|
|
hh3cAclLinkSubitem
|
|
Integer32,
|
|
hh3cAclLinkAct
|
|
INTEGER,
|
|
hh3cAclLinkProtocol
|
|
INTEGER,
|
|
hh3cAclLinkFormatType
|
|
INTEGER,
|
|
hh3cAclLinkVlanTag
|
|
INTEGER,
|
|
hh3cAclLinkVlanPri
|
|
Integer32,
|
|
hh3cAclLinkSrcVlanId
|
|
Integer32,
|
|
hh3cAclLinkSrcMac
|
|
MacAddress,
|
|
hh3cAclLinkSrcMacWild
|
|
MacAddress,
|
|
hh3cAclLinkSrcIfIndex
|
|
Integer32,
|
|
hh3cAclLinkSrcAny
|
|
TruthValue,
|
|
hh3cAclLinkDestVlanId
|
|
Integer32,
|
|
hh3cAclLinkDestMac
|
|
MacAddress,
|
|
hh3cAclLinkDestMacWild
|
|
MacAddress,
|
|
hh3cAclLinkDestIfIndex
|
|
Integer32,
|
|
hh3cAclLinkDestAny
|
|
TruthValue,
|
|
hh3cAclLinkTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclLinkEnable
|
|
TruthValue,
|
|
hh3cAclLinkRowStatus
|
|
RowStatus,
|
|
hh3cAclLinkTypeCode
|
|
OCTET STRING,
|
|
hh3cAclLinkTypeMask
|
|
OCTET STRING,
|
|
hh3cAclLinkLsapCode
|
|
OCTET STRING,
|
|
hh3cAclLinkLsapMask
|
|
OCTET STRING,
|
|
hh3cAclLinkL2LabelRangeOp
|
|
INTEGER,
|
|
hh3cAclLinkL2LabelRangeBegin
|
|
Integer32,
|
|
hh3cAclLinkL2LabelRangeEnd
|
|
Integer32,
|
|
hh3cAclLinkMplsExp
|
|
Integer32
|
|
}
|
|
|
|
hh3cAclLinkAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|4000..4999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of link-based acl group."
|
|
::= { hh3cAclLinkEntry 1 }
|
|
|
|
hh3cAclLinkSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subindex of link-based acl group."
|
|
::= { hh3cAclLinkEntry 2 }
|
|
|
|
hh3cAclLinkAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of link-based acl group."
|
|
::= { hh3cAclLinkEntry 3 }
|
|
|
|
hh3cAclLinkProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
ip(2048),
|
|
arp(2054),
|
|
rarp(32821),
|
|
mpls(34887),
|
|
pppoeControl(34915),
|
|
pppoeData(34916)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The layer 2 protocol-type of link acl rule."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclLinkEntry 4 }
|
|
|
|
hh3cAclLinkFormatType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
ethernetII(1),
|
|
snap(2),
|
|
ieee802Dot3And2(3),
|
|
ieee802Dot3(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Format type of link acl rule."
|
|
::= { hh3cAclLinkEntry 5 }
|
|
|
|
hh3cAclLinkVlanTag OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
tagged(1),
|
|
untagged(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of vlan tag of link acl rule."
|
|
::= { hh3cAclLinkEntry 6 }
|
|
|
|
hh3cAclLinkVlanPri OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7 | 255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan priority of link acl rule."
|
|
::= { hh3cAclLinkEntry 7 }
|
|
|
|
hh3cAclLinkSrcVlanId OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source vlan ID of link acl rule."
|
|
::= { hh3cAclLinkEntry 8 }
|
|
|
|
hh3cAclLinkSrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source mac of link acl rule."
|
|
::= { hh3cAclLinkEntry 9 }
|
|
|
|
hh3cAclLinkSrcMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source mac wildzard of link acl rule."
|
|
::= { hh3cAclLinkEntry 10 }
|
|
|
|
hh3cAclLinkSrcIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IfIndex of link acl rule."
|
|
::= { hh3cAclLinkEntry 11 }
|
|
|
|
hh3cAclLinkSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any source."
|
|
::= { hh3cAclLinkEntry 12 }
|
|
|
|
hh3cAclLinkDestVlanId OBJECT-TYPE
|
|
SYNTAX Integer32 (0..4094)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination vlan ID of link acl rule."
|
|
::= { hh3cAclLinkEntry 13 }
|
|
|
|
hh3cAclLinkDestMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination mac of link acl rule."
|
|
::= { hh3cAclLinkEntry 14 }
|
|
|
|
hh3cAclLinkDestMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination mac wildzard of link acl rule."
|
|
::= { hh3cAclLinkEntry 15 }
|
|
|
|
hh3cAclLinkDestIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IfIndex of link acl rule."
|
|
::= { hh3cAclLinkEntry 16 }
|
|
|
|
hh3cAclLinkDestAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any destination."
|
|
::= { hh3cAclLinkEntry 17 }
|
|
|
|
hh3cAclLinkTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of link-based acl rule."
|
|
::= { hh3cAclLinkEntry 18 }
|
|
|
|
hh3cAclLinkEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { hh3cAclLinkEntry 19 }
|
|
|
|
hh3cAclLinkRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { hh3cAclLinkEntry 20 }
|
|
|
|
hh3cAclLinkTypeCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..32) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of layer 2 protocol.0x0000...0xffff."
|
|
::= { hh3cAclLinkEntry 21 }
|
|
|
|
hh3cAclLinkTypeMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING ( SIZE(0..32) )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of layer 2 protocol.0x0000...0xffff."
|
|
::= { hh3cAclLinkEntry 22 }
|
|
|
|
hh3cAclLinkLsapCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of LSAP.0x0000...0xffff."
|
|
::= { hh3cAclLinkEntry 23 }
|
|
|
|
hh3cAclLinkLsapMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of LSAP.0x0000...0xffff."
|
|
::= { hh3cAclLinkEntry 24 }
|
|
|
|
hh3cAclLinkL2LabelRangeOp OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
lt(1),
|
|
eq(2),
|
|
gt(3),
|
|
neq(4),
|
|
range(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Operation symbol of the MPLS label.
|
|
If the symbol is range(5), the objects hh3cAclLinkL2LabelRangeBegin and
|
|
hh3cAclLinkL2LabelRangeEnd should have different values indicating a range.
|
|
Otherwise, only hh3cAclLinkL2LabelRangeBegin counts,
|
|
object hh3cAclLinkL2LabelRangeEnd is ignored.
|
|
|
|
invalid(0) -- unavailable
|
|
lt(1) -- less than
|
|
eq(2) -- equal
|
|
gt(3) -- great than
|
|
neq(4) -- not equal
|
|
range(5) -- a range with two ends included
|
|
"
|
|
::= { hh3cAclLinkEntry 25 }
|
|
|
|
hh3cAclLinkL2LabelRangeBegin OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The beginning of VPLS VC label."
|
|
::= { hh3cAclLinkEntry 26 }
|
|
|
|
hh3cAclLinkL2LabelRangeEnd OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The end of VPLS VC label."
|
|
::= { hh3cAclLinkEntry 27 }
|
|
|
|
hh3cAclLinkMplsExp OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of MPLS-packet's Exp."
|
|
::= { hh3cAclLinkEntry 28 }
|
|
--
|
|
-- hh3cAclUserTable
|
|
--
|
|
hh3cAclUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Create user acl."
|
|
::= { hh3cAclMibObjects 8 }
|
|
|
|
hh3cAclUserEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of user acl table."
|
|
INDEX { hh3cAclUserAclNum, hh3cAclUserSubitem }
|
|
::= { hh3cAclUserTable 1 }
|
|
|
|
Hh3cAclUserEntry ::=
|
|
SEQUENCE {
|
|
hh3cAclUserAclNum
|
|
Integer32,
|
|
hh3cAclUserSubitem
|
|
Integer32,
|
|
hh3cAclUserAct
|
|
INTEGER,
|
|
hh3cAclUserFormatType
|
|
INTEGER,
|
|
hh3cAclUserVlanTag
|
|
INTEGER,
|
|
hh3cAclUserRuleStr
|
|
OCTET STRING,
|
|
hh3cAclUserRuleMask
|
|
OCTET STRING,
|
|
hh3cAclUserTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclUserEnable
|
|
TruthValue,
|
|
hh3cAclUserRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cAclUserAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|5000..5999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the user acl."
|
|
::= { hh3cAclUserEntry 1 }
|
|
|
|
hh3cAclUserSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the user acl."
|
|
::= { hh3cAclUserEntry 2 }
|
|
|
|
hh3cAclUserAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of the user acl."
|
|
::= { hh3cAclUserEntry 3 }
|
|
|
|
hh3cAclUserFormatType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
ethernetII(1),
|
|
snap(2),
|
|
ieee802Dot2And3(3),
|
|
ieee802Dot4(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Format type."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclUserEntry 4 }
|
|
|
|
hh3cAclUserVlanTag OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
tagged(1),
|
|
untagged(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan tag exits or not."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclUserEntry 5 }
|
|
|
|
hh3cAclUserRuleStr OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..80))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rule string."
|
|
::= { hh3cAclUserEntry 6 }
|
|
|
|
hh3cAclUserRuleMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..80))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Rule mask."
|
|
::= { hh3cAclUserEntry 7 }
|
|
|
|
hh3cAclUserTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of the user defined acl."
|
|
::= { hh3cAclUserEntry 8 }
|
|
|
|
hh3cAclUserEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
::= { hh3cAclUserEntry 9 }
|
|
|
|
hh3cAclUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { hh3cAclUserEntry 10 }
|
|
--
|
|
-- hh3cAclActiveTable
|
|
--
|
|
hh3cAclActiveTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclActiveEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Active acl."
|
|
::= { hh3cAclMibObjects 9 }
|
|
|
|
hh3cAclActiveEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclActiveEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of active acl table."
|
|
INDEX { hh3cAclActiveAclIndex,
|
|
hh3cAclActiveIfIndex,
|
|
hh3cAclActiveVlanID,
|
|
hh3cAclActiveDirection
|
|
}
|
|
::= { hh3cAclActiveTable 1 }
|
|
|
|
Hh3cAclActiveEntry ::=
|
|
SEQUENCE {
|
|
hh3cAclActiveAclIndex
|
|
Integer32,
|
|
hh3cAclActiveIfIndex
|
|
Integer32,
|
|
hh3cAclActiveVlanID
|
|
Integer32,
|
|
hh3cAclActiveDirection
|
|
INTEGER,
|
|
hh3cAclActiveUserAclNum
|
|
Integer32,
|
|
hh3cAclActiveUserAclSubitem
|
|
Integer32,
|
|
hh3cAclActiveIpAclNum
|
|
Integer32,
|
|
hh3cAclActiveIpAclSubitem
|
|
Integer32,
|
|
hh3cAclActiveLinkAclNum
|
|
Integer32,
|
|
hh3cAclActiveLinkAclSubitem
|
|
Integer32,
|
|
hh3cAclActiveRuntime
|
|
TruthValue,
|
|
hh3cAclActiveRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cAclActiveAclIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0|1..5999|10000..12999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Acl index."
|
|
::= { hh3cAclActiveEntry 1 }
|
|
|
|
hh3cAclActiveIfIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"IfIndex."
|
|
::= { hh3cAclActiveEntry 2 }
|
|
|
|
hh3cAclActiveVlanID OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The lower 16 bits is Vlan ID, the higher 16 bits,
|
|
if not zero, it describes the slot ID of the L3plus board.
|
|
"
|
|
::= { hh3cAclActiveEntry 3 }
|
|
|
|
hh3cAclActiveDirection OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
input(1),
|
|
output(2),
|
|
both(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Direction."
|
|
::= { hh3cAclActiveEntry 4 }
|
|
|
|
hh3cAclActiveUserAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|5000..5999|10000..12999)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the user acl."
|
|
::= { hh3cAclActiveEntry 5 }
|
|
|
|
hh3cAclActiveUserAclSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the user acl."
|
|
::= { hh3cAclActiveEntry 6 }
|
|
|
|
hh3cAclActiveIpAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|2000..3999|10000..12999)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the IP acl."
|
|
::= { hh3cAclActiveEntry 7 }
|
|
|
|
hh3cAclActiveIpAclSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the IP acl."
|
|
::= { hh3cAclActiveEntry 8 }
|
|
|
|
hh3cAclActiveLinkAclNum OBJECT-TYPE
|
|
SYNTAX Integer32 (0|4000..4999|10000..12999)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The num of the link acl."
|
|
::= { hh3cAclActiveEntry 9 }
|
|
|
|
hh3cAclActiveLinkAclSubitem OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the link acl."
|
|
::= { hh3cAclActiveEntry 10 }
|
|
|
|
hh3cAclActiveRuntime OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Is run or not."
|
|
::= { hh3cAclActiveEntry 11 }
|
|
|
|
hh3cAclActiveRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now support three state: CreateAndGo, Active, Destroy."
|
|
::= { hh3cAclActiveEntry 12 }
|
|
|
|
--
|
|
-- hh3cAclIDSTable
|
|
--
|
|
hh3cAclIDSTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclIDSEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Configure the rule for IDS."
|
|
::= { hh3cAclMibObjects 10 }
|
|
|
|
hh3cAclIDSEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclIDSEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The entry of acl ids table."
|
|
INDEX { IMPLIED hh3cAclIDSName}
|
|
::= { hh3cAclIDSTable 1 }
|
|
|
|
Hh3cAclIDSEntry ::=
|
|
SEQUENCE {
|
|
hh3cAclIDSName
|
|
OCTET STRING,
|
|
hh3cAclIDSSrcMac
|
|
MacAddress,
|
|
hh3cAclIDSDestMac
|
|
MacAddress,
|
|
hh3cAclIDSSrcIp
|
|
IpAddress,
|
|
hh3cAclIDSSrcWild
|
|
IpAddress,
|
|
hh3cAclIDSDestIp
|
|
IpAddress,
|
|
hh3cAclIDSDestWild
|
|
IpAddress,
|
|
hh3cAclIDSSrcPort
|
|
Integer32,
|
|
hh3cAclIDSDestPort
|
|
Integer32,
|
|
hh3cAclIDSProtocol
|
|
Integer32,
|
|
hh3cAclIDSDenyTime
|
|
Unsigned32,
|
|
hh3cAclIDSAct
|
|
INTEGER,
|
|
hh3cAclIDSRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cAclIDSName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name index of the IDS table."
|
|
::= { hh3cAclIDSEntry 1 }
|
|
|
|
hh3cAclIDSSrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source mac of IDS acl rule."
|
|
::= { hh3cAclIDSEntry 2 }
|
|
|
|
|
|
hh3cAclIDSDestMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination mac of IDS acl rule."
|
|
::= { hh3cAclIDSEntry 3 }
|
|
|
|
hh3cAclIDSSrcIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address of IDS acl rule."
|
|
::= { hh3cAclIDSEntry 4 }
|
|
|
|
hh3cAclIDSSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP-address wild of IDS acl rule."
|
|
::= { hh3cAclIDSEntry 5 }
|
|
|
|
hh3cAclIDSDestIp OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP-address of IDS acl rule."
|
|
::= { hh3cAclIDSEntry 6 }
|
|
|
|
hh3cAclIDSDestWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP-address wild of IDS acl rule."
|
|
::= { hh3cAclIDSEntry 7 }
|
|
|
|
hh3cAclIDSSrcPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port."
|
|
::= { hh3cAclIDSEntry 8 }
|
|
|
|
hh3cAclIDSDestPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port."
|
|
::= { hh3cAclIDSEntry 9 }
|
|
|
|
hh3cAclIDSProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-type of advanced acl group.
|
|
<1-255> Protocol number
|
|
gre GRE tunneling(47)
|
|
icmp Internet Control Message Protocol(1)
|
|
igmp Internet Group Management Protocol(2)
|
|
ip Any IP protocol
|
|
ipinip IP in IP tunneling(4)
|
|
ospf OSPF routing protocol(89)
|
|
tcp Transmission Control Protocol (6)
|
|
udp User Datagram Protocol (17)
|
|
"
|
|
::= { hh3cAclIDSEntry 10 }
|
|
|
|
hh3cAclIDSDenyTime OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The maximum number of seconds which deny for this acl rule."
|
|
DEFVAL { 0 }
|
|
::= { hh3cAclIDSEntry 11 }
|
|
|
|
|
|
hh3cAclIDSAct OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of IDS acl rule."
|
|
::= { hh3cAclIDSEntry 12 }
|
|
|
|
hh3cAclIDSRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus, now supports three states: CreateAndGo, Active, and Destroy."
|
|
::= { hh3cAclIDSEntry 13 }
|
|
--
|
|
-- Nodes of hh3cAclMib2Objects
|
|
--
|
|
hh3cAclMib2Objects OBJECT IDENTIFIER ::= { hh3cAcl 2 }
|
|
--
|
|
-- Nodes of hh3cAclMib2GlobalGroup
|
|
--
|
|
hh3cAclMib2GlobalGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 1 }
|
|
|
|
hh3cAclMib2NodesGroup OBJECT IDENTIFIER ::= { hh3cAclMib2GlobalGroup 1 }
|
|
|
|
hh3cAclMib2Mode OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
linkBased(1),
|
|
ipBased(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The applying mode of ACL."
|
|
::= { hh3cAclMib2NodesGroup 1 }
|
|
|
|
hh3cAclMib2Version OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The version of this file.
|
|
The output value has the format of 'xx'or 'xxx'.
|
|
For example: 10 means 1.0; 125 means 12.5.
|
|
"
|
|
::= { hh3cAclMib2NodesGroup 2 }
|
|
|
|
hh3cAclMib2ObjectsCapabilities OBJECT-TYPE
|
|
SYNTAX BITS
|
|
{
|
|
hh3cAclMib2Mode(0),
|
|
hh3cAclVersion(1),
|
|
hh3cAclMib2ObjectsCapabilities(2),
|
|
hh3cAclMib2CapabilityTable(3),
|
|
hh3cAclNumberGroupTable(4),
|
|
hh3cAclIPAclBasicTable(5),
|
|
hh3cAclIPAclAdvancedTable(6),
|
|
hh3cAclMACTable(7),
|
|
hh3cAclEnUserTable(8),
|
|
hh3cAclMib2ProcessingStatus(9)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The objects of hh3cAclMib2Objects."
|
|
::= { hh3cAclMib2NodesGroup 3 }
|
|
|
|
hh3cAclMib2ProcessingStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
processing(1),
|
|
done(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The processing status of ACL operation."
|
|
::= { hh3cAclMib2NodesGroup 4 }
|
|
|
|
hh3cAclMib2ResourceThreshold OBJECT-TYPE
|
|
SYNTAX Integer32 (0..100)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The threshold of TCAM resources.
|
|
The value 0 indicates that cancelling the TCAM resource notification function."
|
|
::= { hh3cAclMib2NodesGroup 5 }
|
|
|
|
hh3cAclMib2ResourceLogInterval OBJECT-TYPE
|
|
SYNTAX Integer32 (1..60)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of interval. It must be in the range of 1 to 60.
|
|
Default value is 5."
|
|
::= { hh3cAclMib2NodesGroup 6 }
|
|
|
|
hh3cAclMib2CapabilityTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclMib2CapabilityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The capability of mib2."
|
|
::= { hh3cAclMib2GlobalGroup 2 }
|
|
|
|
hh3cAclMib2CapabilityEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclMib2CapabilityEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The information of Capability of mib2."
|
|
INDEX { hh3cAclMib2EntityType,
|
|
hh3cAclMib2EntityIndex,
|
|
hh3cAclMib2ModuleIndex,
|
|
hh3cAclMib2CharacteristicsIndex
|
|
}
|
|
::= { hh3cAclMib2CapabilityTable 1 }
|
|
|
|
Hh3cAclMib2CapabilityEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclMib2EntityType
|
|
INTEGER,
|
|
hh3cAclMib2EntityIndex
|
|
Integer32,
|
|
hh3cAclMib2ModuleIndex
|
|
INTEGER,
|
|
hh3cAclMib2CharacteristicsIndex
|
|
Integer32,
|
|
hh3cAclMib2CharacteristicsDesc
|
|
OCTET STRING,
|
|
hh3cAclMib2CharacteristicsValue
|
|
Unsigned32
|
|
}
|
|
|
|
hh3cAclMib2EntityType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
system(1),
|
|
interface(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of entity.
|
|
system: The entity is systemic level.
|
|
interface: The entity is interface level.
|
|
"
|
|
::= { hh3cAclMib2CapabilityEntry 1 }
|
|
|
|
hh3cAclMib2EntityIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of entity.
|
|
If hh3cAclMib2EntityType is system, the value of this object is 0.
|
|
|
|
If hh3cAclMib2EntityType is interface,
|
|
the value of this object is equal to 'ifIndex'.
|
|
"
|
|
::= { hh3cAclMib2CapabilityEntry 2 }
|
|
|
|
hh3cAclMib2ModuleIndex OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
layer3(1),
|
|
layer2(2),
|
|
userDefined(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The module index of ACL."
|
|
::= { hh3cAclMib2CapabilityEntry 3 }
|
|
|
|
hh3cAclMib2CharacteristicsIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The characteristics index of mib2.
|
|
See DESCRIPTION of hh3cAclMib2CharacteristicsValue
|
|
to get detail information about the value of this object.
|
|
"
|
|
::= { hh3cAclMib2CapabilityEntry 4 }
|
|
|
|
hh3cAclMib2CharacteristicsDesc OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of characteristics."
|
|
::= { hh3cAclMib2CapabilityEntry 5 }
|
|
|
|
hh3cAclMib2CharacteristicsValue OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of capability of this object.
|
|
TypeOfRuleStringValue : notSupport(0) and the length of
|
|
RuleString.
|
|
|
|
TypeOfCodeValue : OnlyOneNotSupport(0),
|
|
MoreThanOneNotSupport(1)
|
|
If hh3cAclMib2CharacteristicsValue is 'moreThanOneNotSupport',
|
|
hh3cAclMib2CharacteristicsDesc must be used to depict which
|
|
protocols are not supported. The output value of
|
|
hh3cAclMib2CharacteristicsDesc has the format of 'a,b'.
|
|
For example, 'ip,rarp'.
|
|
|
|
layer3 Module:
|
|
Index Characteristics value
|
|
1 SourceIPAddress notSupport(0)
|
|
2 DestinationIPAddress notSupport(0)
|
|
3 SourcePort notSupport(0)
|
|
4 DestinationPort notSupport(0)
|
|
5 IPPrecedence notSupport(0)
|
|
6 TOS notSupport(0)
|
|
7 DSCP notSupport(0)
|
|
8 TCPFlag notSupport(0)
|
|
9 FragmentFlag notSupport(0)
|
|
10 Log notSupport(0)
|
|
11 RuleMatchCounter notSupport(0)
|
|
12 ResetRuleMatchCounter notSupport(0)
|
|
13 VPN notSupport(0)
|
|
15 protocol notSupport(0)
|
|
16 AddressFlag notSupport(0)
|
|
|
|
layer2 Module:
|
|
Index Characteristics value
|
|
1 ProtocolType TypeOfCodeValue
|
|
2 SourceMAC notSupport(0)
|
|
3 DestinationMAC notSupport(0)
|
|
4 LSAPType TypeOfCodeValue
|
|
5 CoS notSupport(0)
|
|
|
|
UserDefined Module:
|
|
Index Characteristics value
|
|
1 UserDefaultOffset TypeOfRuleStringValue
|
|
2 UserL2RuleOffset TypeOfRuleStringValue
|
|
3 UserMplsOffset TypeOfRuleStringValue
|
|
4 UserIPv4Offset TypeOfRuleStringValue
|
|
5 UserIPv6Offset TypeOfRuleStringValue
|
|
6 UserL4Offset TypeOfRuleStringValue
|
|
7 UserL5Offset TypeOfRuleStringValue
|
|
"
|
|
::= { hh3cAclMib2CapabilityEntry 6 }
|
|
|
|
--
|
|
-- Nodes of number group
|
|
--
|
|
hh3cAclNumberGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclNumberGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of the number acl group information."
|
|
::= { hh3cAclMib2GlobalGroup 3 }
|
|
|
|
hh3cAclNumberGroupEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclNumberGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Number acl group information entry."
|
|
INDEX { hh3cAclNumberGroupType, hh3cAclNumberGroupIndex }
|
|
::= { hh3cAclNumberGroupTable 1 }
|
|
|
|
Hh3cAclNumberGroupEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclNumberGroupType
|
|
INTEGER,
|
|
hh3cAclNumberGroupIndex
|
|
Integer32,
|
|
hh3cAclNumberGroupRowStatus
|
|
RowStatus,
|
|
hh3cAclNumberGroupMatchOrder
|
|
INTEGER,
|
|
hh3cAclNumberGroupStep
|
|
Integer32,
|
|
hh3cAclNumberGroupDescription
|
|
OCTET STRING,
|
|
hh3cAclNumberGroupCountClear
|
|
CounterClear,
|
|
hh3cAclNumberGroupRuleCounter
|
|
Counter32,
|
|
hh3cAclNumberGroupName
|
|
OCTET STRING
|
|
}
|
|
hh3cAclNumberGroupType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
mac(3),
|
|
user(4)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of number group.
|
|
Basic ACL and Advanced ACL support ipv4 and ipv6.
|
|
The range of Basic ACL is from 2000 to 2999.
|
|
The range of Advanced ACL is from 3000 to 3999.
|
|
|
|
Simple ACL supports ipv6 only.
|
|
The range of Simple ACL is from 10000 to 42767.
|
|
|
|
MAC ACL support mac only.
|
|
The range of MAC ACL is from 4000 to 4999.
|
|
|
|
User-defined ACL support user only.
|
|
The range of user-defined ACL is from 5000 to 5999.
|
|
"
|
|
::= { hh3cAclNumberGroupEntry 1 }
|
|
|
|
hh3cAclNumberGroupIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (2000..5999|10000..42767)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group index of number acl.
|
|
Basic type:2000..2999
|
|
Advanced type:3000..3999
|
|
MAC type:4000..4999
|
|
User type:5000..5999
|
|
Simple type:10000..42767
|
|
"
|
|
::= { hh3cAclNumberGroupEntry 2 }
|
|
|
|
hh3cAclNumberGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclNumberGroupEntry 3 }
|
|
|
|
hh3cAclNumberGroupMatchOrder OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
config(1),
|
|
auto(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The match-order of number acl group."
|
|
DEFVAL { config }
|
|
::= { hh3cAclNumberGroupEntry 4 }
|
|
|
|
hh3cAclNumberGroupStep OBJECT-TYPE
|
|
SYNTAX Integer32 (1..20)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The step of rule index."
|
|
DEFVAL { 5 }
|
|
::= { hh3cAclNumberGroupEntry 5 }
|
|
|
|
hh3cAclNumberGroupDescription OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Description of this acl group."
|
|
::= { hh3cAclNumberGroupEntry 6 }
|
|
|
|
hh3cAclNumberGroupCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counters of this group."
|
|
DEFVAL { nouse }
|
|
::= { hh3cAclNumberGroupEntry 7 }
|
|
|
|
hh3cAclNumberGroupRuleCounter OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule count of number acl group."
|
|
::= { hh3cAclNumberGroupEntry 8 }
|
|
|
|
hh3cAclNumberGroupName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..63))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of this acl group."
|
|
::= { hh3cAclNumberGroupEntry 9 }
|
|
|
|
--
|
|
-- Nodes of named ACL group
|
|
--
|
|
hh3cAclNamedGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclNamedGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of the named ACL group."
|
|
::= { hh3cAclMib2GlobalGroup 4 }
|
|
|
|
hh3cAclNamedGroupEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclNamedGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Named ACL group entry."
|
|
INDEX
|
|
{
|
|
hh3cAclNumberGroupType,
|
|
hh3cAclNamedGroupCategory,
|
|
hh3cAclNamedGroupName
|
|
}
|
|
::= { hh3cAclNamedGroupTable 1 }
|
|
|
|
Hh3cAclNamedGroupEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclNamedGroupCategory
|
|
INTEGER,
|
|
hh3cAclNamedGroupName
|
|
OCTET STRING,
|
|
hh3cAclNamedGroupRowStatus
|
|
RowStatus,
|
|
hh3cAclNamedGroupMatchOrder
|
|
INTEGER,
|
|
hh3cAclNamedGroupStep
|
|
Integer32,
|
|
hh3cAclNamedGroupDescription
|
|
OCTET STRING,
|
|
hh3cAclNamedGroupCountClear
|
|
CounterClear,
|
|
hh3cAclNamedGroupRuleCounter
|
|
Counter32
|
|
}
|
|
|
|
hh3cAclNamedGroupCategory OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
invalid(0),
|
|
basic(1),
|
|
advanced(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The category of number group. 1 indicates basic ACL, 2 indicates
|
|
advanced ACL."
|
|
::= { hh3cAclNamedGroupEntry 1 }
|
|
|
|
hh3cAclNamedGroupName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..63))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of an ACL group, a case-insensitive string of 1 to 63
|
|
characters. It must start with an English letter.
|
|
"
|
|
::= { hh3cAclNamedGroupEntry 2 }
|
|
|
|
hh3cAclNamedGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclNamedGroupEntry 3 }
|
|
|
|
hh3cAclNamedGroupMatchOrder OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
config(1),
|
|
auto(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The match-order of name acl group."
|
|
DEFVAL { config }
|
|
::= { hh3cAclNamedGroupEntry 4 }
|
|
|
|
hh3cAclNamedGroupStep OBJECT-TYPE
|
|
SYNTAX Integer32 (1..20)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The numbering step of the increment of the rule index."
|
|
DEFVAL { 5 }
|
|
::= { hh3cAclNamedGroupEntry 5 }
|
|
|
|
hh3cAclNamedGroupDescription OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Description of this ACL group."
|
|
::= { hh3cAclNamedGroupEntry 6 }
|
|
|
|
hh3cAclNamedGroupCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the statistics counter of this group."
|
|
DEFVAL { nouse }
|
|
::= { hh3cAclNamedGroupEntry 7 }
|
|
|
|
hh3cAclNamedGroupRuleCounter OBJECT-TYPE
|
|
SYNTAX Counter32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The amount of rules of this group."
|
|
::= { hh3cAclNamedGroupEntry 8 }
|
|
|
|
--
|
|
-- Node of hh3cAclIPv6Group
|
|
--
|
|
hh3cAclIPAclGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 2 }
|
|
|
|
--
|
|
-- Nodes of hh3cAclIPAclBasicTable
|
|
--
|
|
|
|
hh3cAclIPAclBasicTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclIPAclBasicEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of basic rule group.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { hh3cAclIPAclGroup 2 }
|
|
|
|
hh3cAclIPAclBasicEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclIPAclBasicEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Basic rule group information."
|
|
INDEX { hh3cAclNumberGroupType,
|
|
hh3cAclNumberGroupIndex,
|
|
hh3cAclIPAclBasicRuleIndex
|
|
}
|
|
::= { hh3cAclIPAclBasicTable 1 }
|
|
|
|
Hh3cAclIPAclBasicEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclIPAclBasicRuleIndex
|
|
Integer32,
|
|
hh3cAclIPAclBasicRowStatus
|
|
RowStatus,
|
|
hh3cAclIPAclBasicAct
|
|
RuleAction,
|
|
hh3cAclIPAclBasicSrcAddrType
|
|
InetAddressType,
|
|
hh3cAclIPAclBasicSrcAddr
|
|
InetAddress,
|
|
hh3cAclIPAclBasicSrcPrefix
|
|
InetAddressPrefixLength,
|
|
hh3cAclIPAclBasicSrcAny
|
|
TruthValue,
|
|
hh3cAclIPAclBasicSrcWild
|
|
IpAddress,
|
|
hh3cAclIPAclBasicTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclIPAclBasicFragmentFlag
|
|
FragmentFlag,
|
|
hh3cAclIPAclBasicLog
|
|
TruthValue,
|
|
hh3cAclIPAclBasicCount
|
|
Unsigned32,
|
|
hh3cAclIPAclBasicCountClear
|
|
CounterClear,
|
|
hh3cAclIPAclBasicEnable
|
|
TruthValue,
|
|
hh3cAclIPAclBasicVpnInstanceName
|
|
OCTET STRING,
|
|
hh3cAclIPAclBasicComment
|
|
OCTET STRING,
|
|
hh3cAclIPAclBasicCounting
|
|
TruthValue,
|
|
hh3cAclIPAclBasicRouteTypeAny
|
|
TruthValue,
|
|
hh3cAclIPAclBasicRouteTypeValue
|
|
Integer32
|
|
}
|
|
|
|
hh3cAclIPAclBasicRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule index of basic acl group."
|
|
::= { hh3cAclIPAclBasicEntry 1 }
|
|
|
|
hh3cAclIPAclBasicRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclIPAclBasicEntry 2 }
|
|
|
|
hh3cAclIPAclBasicAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of basic acl rule."
|
|
::= { hh3cAclIPAclBasicEntry 3 }
|
|
|
|
hh3cAclIPAclBasicSrcAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP addresses type of IP pool."
|
|
::= { hh3cAclIPAclBasicEntry 4 }
|
|
|
|
hh3cAclIPAclBasicSrcAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of a local IP address is available for this association.
|
|
|
|
The type of this address is determined by the value of
|
|
hh3cAclIPAclBasicSrcAddrType.
|
|
"
|
|
::= { hh3cAclIPAclBasicEntry 5 }
|
|
|
|
hh3cAclIPAclBasicSrcPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address prefix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclBasicEntry 6 }
|
|
|
|
hh3cAclIPAclBasicSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { hh3cAclIPAclBasicEntry 7 }
|
|
|
|
hh3cAclIPAclBasicSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv4 address wildcard mask.
|
|
Only IPv4 Basic Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { hh3cAclIPAclBasicEntry 8 }
|
|
|
|
hh3cAclIPAclBasicTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of basic acl rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclIPAclBasicEntry 9 }
|
|
|
|
hh3cAclIPAclBasicFragmentFlag OBJECT-TYPE
|
|
SYNTAX FragmentFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packets."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclBasicEntry 10 }
|
|
|
|
hh3cAclIPAclBasicLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule."
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclBasicEntry 11 }
|
|
|
|
hh3cAclIPAclBasicCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matches by the rule."
|
|
::= { hh3cAclIPAclBasicEntry 12 }
|
|
|
|
hh3cAclIPAclBasicCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
DEFVAL { nouse }
|
|
::= { hh3cAclIPAclBasicEntry 13 }
|
|
|
|
hh3cAclIPAclBasicEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclBasicEntry 14 }
|
|
|
|
hh3cAclIPAclBasicVpnInstanceName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VPN name, to which the rule will be applied.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclIPAclBasicEntry 15 }
|
|
|
|
hh3cAclIPAclBasicComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { hh3cAclIPAclBasicEntry 16 }
|
|
|
|
hh3cAclIPAclBasicCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclBasicEntry 17 }
|
|
|
|
hh3cAclIPAclBasicRouteTypeAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any type of routing header of IPv6 packet.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclBasicEntry 18 }
|
|
|
|
hh3cAclIPAclBasicRouteTypeValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Match specific type of routing header of IPv6 packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclBasicEntry 19 }
|
|
|
|
--
|
|
-- Notes of hh3cAclIPAclAdvancedTable
|
|
--
|
|
hh3cAclIPAclAdvancedTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclIPAclAdvancedEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of advanced and simple acl group.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed and applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { hh3cAclIPAclGroup 3 }
|
|
|
|
hh3cAclIPAclAdvancedEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclIPAclAdvancedEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Advanced acl group information."
|
|
INDEX { hh3cAclNumberGroupType,
|
|
hh3cAclNumberGroupIndex,
|
|
hh3cAclIPAclAdvancedRuleIndex
|
|
}
|
|
::= { hh3cAclIPAclAdvancedTable 1 }
|
|
|
|
Hh3cAclIPAclAdvancedEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclIPAclAdvancedRuleIndex
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedRowStatus
|
|
RowStatus,
|
|
hh3cAclIPAclAdvancedAct
|
|
RuleAction,
|
|
hh3cAclIPAclAdvancedProtocol
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedAddrFlag
|
|
AddressFlag,
|
|
hh3cAclIPAclAdvancedSrcAddrType
|
|
InetAddressType,
|
|
hh3cAclIPAclAdvancedSrcAddr
|
|
InetAddress,
|
|
hh3cAclIPAclAdvancedSrcPrefix
|
|
InetAddressPrefixLength,
|
|
hh3cAclIPAclAdvancedSrcAny
|
|
TruthValue,
|
|
hh3cAclIPAclAdvancedSrcWild
|
|
IpAddress,
|
|
hh3cAclIPAclAdvancedSrcOp
|
|
PortOp,
|
|
hh3cAclIPAclAdvancedSrcPort1
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedSrcPort2
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedDestAddrType
|
|
InetAddressType,
|
|
hh3cAclIPAclAdvancedDestAddr
|
|
InetAddress,
|
|
hh3cAclIPAclAdvancedDestPrefix
|
|
InetAddressPrefixLength,
|
|
hh3cAclIPAclAdvancedDestAny
|
|
TruthValue,
|
|
hh3cAclIPAclAdvancedDestWild
|
|
IpAddress,
|
|
hh3cAclIPAclAdvancedDestOp
|
|
PortOp,
|
|
hh3cAclIPAclAdvancedDestPort1
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedDestPort2
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedIcmpType
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedIcmpCode
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedPrecedence
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedTos
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedDscp
|
|
DSCPValue,
|
|
hh3cAclIPAclAdvancedTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclIPAclAdvancedTCPFlag
|
|
TCPFlag,
|
|
hh3cAclIPAclAdvancedFragmentFlag
|
|
FragmentFlag,
|
|
hh3cAclIPAclAdvancedLog
|
|
TruthValue,
|
|
hh3cAclIPAclAdvancedCount
|
|
Unsigned32,
|
|
hh3cAclIPAclAdvancedCountClear
|
|
CounterClear,
|
|
hh3cAclIPAclAdvancedEnable
|
|
TruthValue,
|
|
hh3cAclIPAclAdvancedVpnInstanceName
|
|
OCTET STRING,
|
|
hh3cAclIPAclAdvancedComment
|
|
OCTET STRING,
|
|
hh3cAclIPAclAdvancedReflective
|
|
TruthValue,
|
|
hh3cAclIPAclAdvancedCounting
|
|
TruthValue,
|
|
hh3cAclIPAclAdvancedTCPFlagMask
|
|
BITS,
|
|
hh3cAclIPAclAdvancedTCPFlagValue
|
|
BITS,
|
|
hh3cAclIPAclAdvancedRouteTypeAny
|
|
TruthValue,
|
|
hh3cAclIPAclAdvancedRouteTypeValue
|
|
Integer32,
|
|
hh3cAclIPAclAdvancedFlowLabel
|
|
Unsigned32,
|
|
hh3cAclIPAclAdvancedSrcSuffix
|
|
Unsigned32,
|
|
hh3cAclIPAclAdvancedDestSuffix
|
|
Unsigned32
|
|
}
|
|
|
|
hh3cAclIPAclAdvancedRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule index of advanced acl group.
|
|
As a Simple ACL group, the value of this object must be 0.
|
|
As an Advanced ACL group, the value of this object is ranging
|
|
from 0 to 65534.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 1 }
|
|
|
|
hh3cAclIPAclAdvancedRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclIPAclAdvancedEntry 2 }
|
|
|
|
hh3cAclIPAclAdvancedAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of advanced acl rule."
|
|
::= { hh3cAclIPAclAdvancedEntry 3 }
|
|
|
|
hh3cAclIPAclAdvancedProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-type of advanced acl group. 0 indicates any IPv4 or
|
|
IPv6 protocol.
|
|
<1-255> Protocol number
|
|
gre GRE tunneling(47)
|
|
icmp Internet Control Message Protocol(1)
|
|
icmpv6 Internet Control Message Protocol6(58)
|
|
igmp Internet Group Management Protocol(2)
|
|
ipinip IP in IP tunneling(4)
|
|
ospf OSPF routing protocol(89)
|
|
tcp Transmission Control Protocol (6)
|
|
udp User Datagram Protocol (17)
|
|
ipv6-ah IPv6 Authentication Header(51)
|
|
ipv6-esp IPv6 Encapsulating Security Payload(50)
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 4 }
|
|
|
|
hh3cAclIPAclAdvancedAddrFlag OBJECT-TYPE
|
|
SYNTAX AddressFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Address flag to select address."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclAdvancedEntry 5 }
|
|
|
|
hh3cAclIPAclAdvancedSrcAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP addresses type of IP pool."
|
|
::= { hh3cAclIPAclAdvancedEntry 6 }
|
|
|
|
hh3cAclIPAclAdvancedSrcAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of a local IP address available for this association.
|
|
|
|
The type of this address is determined by the value of
|
|
hh3cAclIPAclAdvancedSrcAddrType.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 7 }
|
|
|
|
hh3cAclIPAclAdvancedSrcPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address prefix.
|
|
A value of n corresponds to an IP address mask
|
|
which has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 8 }
|
|
|
|
hh3cAclIPAclAdvancedSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { hh3cAclIPAclAdvancedEntry 9 }
|
|
|
|
hh3cAclIPAclAdvancedSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv4 address wildcard mask.
|
|
Only IPv4 Advanced Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 10 }
|
|
|
|
hh3cAclIPAclAdvancedSrcOp OBJECT-TYPE
|
|
SYNTAX PortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source port operation symbol of advanced acl group."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclAdvancedEntry 11 }
|
|
|
|
hh3cAclIPAclAdvancedSrcPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port1."
|
|
DEFVAL { 0 }
|
|
::= { hh3cAclIPAclAdvancedEntry 12 }
|
|
|
|
hh3cAclIPAclAdvancedSrcPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port2."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclAdvancedEntry 13 }
|
|
|
|
hh3cAclIPAclAdvancedDestAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP addresses type of IP pool."
|
|
::= { hh3cAclIPAclAdvancedEntry 14 }
|
|
|
|
hh3cAclIPAclAdvancedDestAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of a local IP address available for this association.
|
|
|
|
The type of this address is determined by the value of
|
|
hh3cAclIPAclAdvancedDestAddrType.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 15 }
|
|
|
|
hh3cAclIPAclAdvancedDestPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address prefix.
|
|
A value of n corresponds to an IP address mask
|
|
which has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 16 }
|
|
|
|
hh3cAclIPAclAdvancedDestAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { hh3cAclIPAclAdvancedEntry 17 }
|
|
|
|
hh3cAclIPAclAdvancedDestWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IPv4 address wildcard mask.
|
|
Only IPv4 Advanced Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 18 }
|
|
|
|
hh3cAclIPAclAdvancedDestOp OBJECT-TYPE
|
|
SYNTAX PortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination port operation symbol of advanced acl group."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclAdvancedEntry 19 }
|
|
|
|
hh3cAclIPAclAdvancedDestPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port1."
|
|
DEFVAL { 0 }
|
|
::= { hh3cAclIPAclAdvancedEntry 20 }
|
|
|
|
hh3cAclIPAclAdvancedDestPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port2."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclAdvancedEntry 21 }
|
|
|
|
hh3cAclIPAclAdvancedIcmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of ICMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclAdvancedEntry 22 }
|
|
|
|
hh3cAclIPAclAdvancedIcmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The code of ICMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclAdvancedEntry 23 }
|
|
|
|
hh3cAclIPAclAdvancedPrecedence OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's precedence.
|
|
<0-7> Value of precedence
|
|
routine Specify routine precedence(0)
|
|
priority Specify priority precedence(1)
|
|
immediate Specify immediate precedence(2)
|
|
flash Specify flash precedence(3)
|
|
flash-override Specify flash-override precedence(4)
|
|
critical Specify critical precedence(5)
|
|
internet Specify internetwork control precedence(6)
|
|
network Specify network control precedence(7)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclIPAclAdvancedEntry 24 }
|
|
|
|
hh3cAclIPAclAdvancedTos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..15|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's TOS.
|
|
<0-15> Value of TOS(type of service)
|
|
max-reliability Match packets with max reliable TOS(2)
|
|
max-throughput Match packets with max throughput TOS(4)
|
|
min-delay Match packets with min delay TOS(8)
|
|
min-monetary-cost Match packets with min monetary cost TOS(1)
|
|
normal Match packets with normal TOS(0)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclIPAclAdvancedEntry 25 }
|
|
|
|
hh3cAclIPAclAdvancedDscp OBJECT-TYPE
|
|
SYNTAX DSCPValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of DSCP of IP packet."
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclIPAclAdvancedEntry 26 }
|
|
|
|
hh3cAclIPAclAdvancedTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of advanced acl rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 27 }
|
|
|
|
hh3cAclIPAclAdvancedTCPFlag OBJECT-TYPE
|
|
SYNTAX TCPFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet type of TCP protocol."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclAdvancedEntry 28 }
|
|
|
|
hh3cAclIPAclAdvancedFragmentFlag OBJECT-TYPE
|
|
SYNTAX FragmentFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packet,
|
|
and now support two value: 0 or 2."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclAdvancedEntry 29 }
|
|
|
|
hh3cAclIPAclAdvancedLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log matched packets."
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclAdvancedEntry 30 }
|
|
|
|
hh3cAclIPAclAdvancedCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by the rule."
|
|
::= { hh3cAclIPAclAdvancedEntry 31 }
|
|
|
|
hh3cAclIPAclAdvancedCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
DEFVAL { nouse }
|
|
::= { hh3cAclIPAclAdvancedEntry 32 }
|
|
|
|
hh3cAclIPAclAdvancedEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclAdvancedEntry 33 }
|
|
|
|
hh3cAclIPAclAdvancedVpnInstanceName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VPN name that the rule will be applied.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 34 }
|
|
|
|
hh3cAclIPAclAdvancedComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 35 }
|
|
|
|
hh3cAclIPAclAdvancedReflective OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of reflective."
|
|
::= { hh3cAclIPAclAdvancedEntry 36 }
|
|
|
|
hh3cAclIPAclAdvancedCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclAdvancedEntry 37 }
|
|
|
|
hh3cAclIPAclAdvancedTCPFlagMask OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
tcpack(0),
|
|
tcpfin(1),
|
|
tcppsh(2),
|
|
tcprst(3),
|
|
tcpsyn(4),
|
|
tcpurg(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP Flag Mask. This is a bit-map of possible conditions.
|
|
The various bit positions are:
|
|
|0 |tcpack |
|
|
|1 |tcpfin |
|
|
|2 |tcppsh |
|
|
|3 |tcprst |
|
|
|4 |tcpsyn |
|
|
|5 |tcpurg |
|
|
"
|
|
DEFVAL { { } }
|
|
::= { hh3cAclIPAclAdvancedEntry 38 }
|
|
|
|
hh3cAclIPAclAdvancedTCPFlagValue OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
tcpack(0),
|
|
tcpfin(1),
|
|
tcppsh(2),
|
|
tcprst(3),
|
|
tcpsyn(4),
|
|
tcpurg(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP Flag Value. This is a bit-map of possible conditions.
|
|
The various bit positions are:
|
|
|0 |tcpack |
|
|
|1 |tcpfin |
|
|
|2 |tcppsh |
|
|
|3 |tcprst |
|
|
|4 |tcpsyn |
|
|
|5 |tcpurg |
|
|
"
|
|
DEFVAL { { } }
|
|
::= { hh3cAclIPAclAdvancedEntry 39 }
|
|
|
|
hh3cAclIPAclAdvancedRouteTypeAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any type of routing header of IPv6 packet.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclAdvancedEntry 40 }
|
|
|
|
hh3cAclIPAclAdvancedRouteTypeValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of routing header of IPv6 packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclAdvancedEntry 41 }
|
|
|
|
hh3cAclIPAclAdvancedFlowLabel OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..1048575|4294967295)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of flow label of IPv6 packet header."
|
|
DEFVAL { 4294967295 }
|
|
::= { hh3cAclIPAclAdvancedEntry 42 }
|
|
|
|
hh3cAclIPAclAdvancedSrcSuffix OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address suffix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the least significant bit
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 43 }
|
|
|
|
hh3cAclIPAclAdvancedDestSuffix OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address suffix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the least significant bit
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclAdvancedEntry 44 }
|
|
|
|
--
|
|
--Nodes of hh3cAclIPAclNamedBscTable
|
|
--
|
|
|
|
hh3cAclIPAclNamedBscTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclIPAclNamedBscEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of basic rule of named ACL.
|
|
The name of ACL group will be used as an index in this table,
|
|
which differs from the table hh3cAclIPAclBasicTable.
|
|
If some objects of this table are not supported by some
|
|
products, these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are
|
|
read.
|
|
"
|
|
::= { hh3cAclIPAclGroup 4 }
|
|
|
|
hh3cAclIPAclNamedBscEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclIPAclNamedBscEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Basic named ACL rule entry."
|
|
INDEX
|
|
{
|
|
hh3cAclNumberGroupType,
|
|
hh3cAclNamedGroupName,
|
|
hh3cAclIPAclBasicRuleIndex
|
|
}
|
|
::= { hh3cAclIPAclNamedBscTable 1 }
|
|
|
|
Hh3cAclIPAclNamedBscEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclIPAclNamedBscRowStatus
|
|
RowStatus,
|
|
hh3cAclIPAclNamedBscAct
|
|
RuleAction,
|
|
hh3cAclIPAclNamedBscSrcAddrType
|
|
InetAddressType,
|
|
hh3cAclIPAclNamedBscSrcAddr
|
|
InetAddress,
|
|
hh3cAclIPAclNamedBscSrcPrefix
|
|
InetAddressPrefixLength,
|
|
hh3cAclIPAclNamedBscSrcAny
|
|
TruthValue,
|
|
hh3cAclIPAclNamedBscSrcWild
|
|
IpAddress,
|
|
hh3cAclIPAclNamedBscTRangeName
|
|
OCTET STRING,
|
|
hh3cAclIPAclNamedBscFragmentFlag
|
|
FragmentFlag,
|
|
hh3cAclIPAclNamedBscLog
|
|
TruthValue,
|
|
hh3cAclIPAclNamedBscCount
|
|
Unsigned32,
|
|
hh3cAclIPAclNamedBscCountClear
|
|
CounterClear,
|
|
hh3cAclIPAclNamedBscEnable
|
|
TruthValue,
|
|
hh3cAclIPAclNamedBscVpnInstName
|
|
OCTET STRING,
|
|
hh3cAclIPAclNamedBscComment
|
|
OCTET STRING,
|
|
hh3cAclIPAclNamedBscCounting
|
|
TruthValue,
|
|
hh3cAclIPAclNamedBscRouteTypeAny
|
|
TruthValue,
|
|
hh3cAclIPAclNamedBscRouteTypeValue
|
|
Integer32
|
|
}
|
|
|
|
hh3cAclIPAclNamedBscRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclIPAclNamedBscEntry 1 }
|
|
|
|
hh3cAclIPAclNamedBscAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of basic ACL rule."
|
|
::= { hh3cAclIPAclNamedBscEntry 2 }
|
|
|
|
hh3cAclIPAclNamedBscSrcAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The IP addresses type of IP pool."
|
|
::= { hh3cAclIPAclNamedBscEntry 3 }
|
|
|
|
hh3cAclIPAclNamedBscSrcAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The specified source IP address.
|
|
The type of this address is determined by the value of
|
|
hh3cAclIPAclNamedBscSrcAddrType.
|
|
"
|
|
::= { hh3cAclIPAclNamedBscEntry 4 }
|
|
|
|
hh3cAclIPAclNamedBscSrcPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specify the length of a generic Internet network address
|
|
prefix. A value of n corresponds to an IP address mask that
|
|
has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclNamedBscEntry 5 }
|
|
|
|
hh3cAclIPAclNamedBscSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any source IP address."
|
|
DEFVAL { true }
|
|
::= { hh3cAclIPAclNamedBscEntry 6 }
|
|
|
|
hh3cAclIPAclNamedBscSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv4 address wildcard mask.
|
|
Only IPv4 Basic Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { hh3cAclIPAclNamedBscEntry 7 }
|
|
|
|
hh3cAclIPAclNamedBscTRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of basic acl rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclIPAclNamedBscEntry 8 }
|
|
|
|
hh3cAclIPAclNamedBscFragmentFlag OBJECT-TYPE
|
|
SYNTAX FragmentFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packets."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclNamedBscEntry 9 }
|
|
|
|
hh3cAclIPAclNamedBscLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule."
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclNamedBscEntry 10 }
|
|
|
|
hh3cAclIPAclNamedBscCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matches by the rule."
|
|
::= { hh3cAclIPAclNamedBscEntry 11 }
|
|
|
|
hh3cAclIPAclNamedBscCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the statistics counter of the rule."
|
|
DEFVAL { nouse }
|
|
::= { hh3cAclIPAclNamedBscEntry 12 }
|
|
|
|
hh3cAclIPAclNamedBscEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclNamedBscEntry 13 }
|
|
|
|
hh3cAclIPAclNamedBscVpnInstName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VPN name, to which the rule will be applied.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclIPAclNamedBscEntry 14 }
|
|
|
|
hh3cAclIPAclNamedBscComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { hh3cAclIPAclNamedBscEntry 15 }
|
|
|
|
hh3cAclIPAclNamedBscCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclNamedBscEntry 16 }
|
|
|
|
hh3cAclIPAclNamedBscRouteTypeAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any type of routing header of IPv6 packet.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclNamedBscEntry 17 }
|
|
|
|
hh3cAclIPAclNamedBscRouteTypeValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Value of the routing header type of IPv6 packet,
|
|
in the range of 0 to 255.
|
|
"
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclNamedBscEntry 18 }
|
|
|
|
--
|
|
-- Notes of hh3cAclIPAclNamedAdvTable
|
|
--
|
|
hh3cAclIPAclNamedAdvTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclIPAclNamedAdvEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of advanced rule of named ACL.
|
|
The name of ACL group will be used as an index in this table,
|
|
which differs from the table hh3cAclIPAclAdvancedTable.
|
|
If some objects of this table are not supported by some
|
|
products, these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are
|
|
read.
|
|
"
|
|
::= { hh3cAclIPAclGroup 5 }
|
|
|
|
hh3cAclIPAclNamedAdvEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclIPAclNamedAdvEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Advanced ACL rule information entry."
|
|
INDEX
|
|
{
|
|
hh3cAclNumberGroupType,
|
|
hh3cAclNamedGroupName,
|
|
hh3cAclIPAclAdvancedRuleIndex
|
|
}
|
|
::= { hh3cAclIPAclNamedAdvTable 1 }
|
|
|
|
Hh3cAclIPAclNamedAdvEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclIPAclNamedAdvRowStatus
|
|
RowStatus,
|
|
hh3cAclIPAclNamedAdvAct
|
|
RuleAction,
|
|
hh3cAclIPAclNamedAdvProtocol
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvAddrFlag
|
|
AddressFlag,
|
|
hh3cAclIPAclNamedAdvSrcAddrType
|
|
InetAddressType,
|
|
hh3cAclIPAclNamedAdvSrcAddr
|
|
InetAddress,
|
|
hh3cAclIPAclNamedAdvSrcPrefix
|
|
InetAddressPrefixLength,
|
|
hh3cAclIPAclNamedAdvSrcAny
|
|
TruthValue,
|
|
hh3cAclIPAclNamedAdvSrcWild
|
|
IpAddress,
|
|
hh3cAclIPAclNamedAdvSrcOp
|
|
PortOp,
|
|
hh3cAclIPAclNamedAdvSrcPort1
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvSrcPort2
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvDstAddrType
|
|
InetAddressType,
|
|
hh3cAclIPAclNamedAdvDstAddr
|
|
InetAddress,
|
|
hh3cAclIPAclNamedAdvDstPrefix
|
|
InetAddressPrefixLength,
|
|
hh3cAclIPAclNamedAdvDstAny
|
|
TruthValue,
|
|
hh3cAclIPAclNamedAdvDstWild
|
|
IpAddress,
|
|
hh3cAclIPAclNamedAdvDstOp
|
|
PortOp,
|
|
hh3cAclIPAclNamedAdvDstPort1
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvDstPort2
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvIcmpType
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvIcmpCode
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvPrecedence
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvTos
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvDscp
|
|
DSCPValue,
|
|
hh3cAclIPAclNamedAdvTRangeName
|
|
OCTET STRING,
|
|
hh3cAclIPAclNamedAdvTCPFlag
|
|
TCPFlag,
|
|
hh3cAclIPAclNamedAdvFragmentFlag
|
|
FragmentFlag,
|
|
hh3cAclIPAclNamedAdvLog
|
|
TruthValue,
|
|
hh3cAclIPAclNamedAdvCount
|
|
Unsigned32,
|
|
hh3cAclIPAclNamedAdvCountClear
|
|
CounterClear,
|
|
hh3cAclIPAclNamedAdvEnable
|
|
TruthValue,
|
|
hh3cAclIPAclNamedAdvVpnInstName
|
|
OCTET STRING,
|
|
hh3cAclIPAclNamedAdvComment
|
|
OCTET STRING,
|
|
hh3cAclIPAclNamedAdvReflective
|
|
TruthValue,
|
|
hh3cAclIPAclNamedAdvCounting
|
|
TruthValue,
|
|
hh3cAclIPAclNamedAdvTCPFlagMask
|
|
BITS,
|
|
hh3cAclIPAclNamedAdvTCPFlagValue
|
|
BITS,
|
|
hh3cAclIPAclNamedAdvRouteTypeAny
|
|
TruthValue,
|
|
hh3cAclIPAclNamedAdvRouteTypeValue
|
|
Integer32,
|
|
hh3cAclIPAclNamedAdvFlowLabel
|
|
Unsigned32,
|
|
hh3cAclIPAclNamedAdvSrcSuffix
|
|
Unsigned32,
|
|
hh3cAclIPAclNamedAdvDstSuffix
|
|
Unsigned32
|
|
}
|
|
|
|
hh3cAclIPAclNamedAdvRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclIPAclNamedAdvEntry 1 }
|
|
|
|
hh3cAclIPAclNamedAdvAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of advanced ACL rule."
|
|
::= { hh3cAclIPAclNamedAdvEntry 2 }
|
|
|
|
hh3cAclIPAclNamedAdvProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol-type of advanced ACL rule. 0 indicates any IPv4 or
|
|
IPv6 protocol.
|
|
<1-255> Protocol number
|
|
gre GRE tunneling(47)
|
|
icmp Internet Control Message Protocol(1)
|
|
icmpv6 Internet Control Message Protocol6(58)
|
|
igmp Internet Group Management Protocol(2)
|
|
ipinip IP in IP tunneling(4)
|
|
ospf OSPF routing protocol(89)
|
|
tcp Transmission Control Protocol (6)
|
|
udp User Datagram Protocol (17)
|
|
ipv6-ah IPv6 Authentication Header(51)
|
|
ipv6-esp IPv6 Encapsulating Security Payload(50)
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 3 }
|
|
|
|
hh3cAclIPAclNamedAdvAddrFlag OBJECT-TYPE
|
|
SYNTAX AddressFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Address flag to select address."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclNamedAdvEntry 4 }
|
|
|
|
hh3cAclIPAclNamedAdvSrcAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of source IP address.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 5 }
|
|
|
|
hh3cAclIPAclNamedAdvSrcAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The specified source IP address.
|
|
The type of this address is determined by the value of
|
|
hh3cAclIPAclNamedAdvSrcAddrType.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 6 }
|
|
|
|
hh3cAclIPAclNamedAdvSrcPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specify the length of a generic Internet network address
|
|
prefix. A value of n corresponds to an IP address mask that
|
|
has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 7 }
|
|
|
|
hh3cAclIPAclNamedAdvSrcAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { hh3cAclIPAclNamedAdvEntry 8 }
|
|
|
|
hh3cAclIPAclNamedAdvSrcWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IPv4 address wildcard mask.
|
|
Only IPv4 Advanced Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 9 }
|
|
|
|
hh3cAclIPAclNamedAdvSrcOp OBJECT-TYPE
|
|
SYNTAX PortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source port operation symbol of advanced acl group."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclNamedAdvEntry 10 }
|
|
|
|
hh3cAclIPAclNamedAdvSrcPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port1."
|
|
DEFVAL { 0 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 11 }
|
|
|
|
hh3cAclIPAclNamedAdvSrcPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer source port2."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 12 }
|
|
|
|
hh3cAclIPAclNamedAdvDstAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of destination IP address.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 13 }
|
|
|
|
hh3cAclIPAclNamedAdvDstAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The specified destination IP address.
|
|
The type of this address is determined by the value of
|
|
hh3cAclIPAclNamedAdvDstAddrType.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 14 }
|
|
|
|
hh3cAclIPAclNamedAdvDstPrefix OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specify the length of a generic Internet network address
|
|
prefix. A value of n corresponds to an IP address mask that
|
|
has n contiguous 1-bits from the most significant bit (MSB)
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 15 }
|
|
|
|
hh3cAclIPAclNamedAdvDstAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any IP address."
|
|
DEFVAL { true }
|
|
::= { hh3cAclIPAclNamedAdvEntry 16 }
|
|
|
|
hh3cAclIPAclNamedAdvDstWild OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IPv4 address wildcard mask.
|
|
Only IPv4 Advanced Rule supports this object.
|
|
Default value is '0.0.0.0'.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 17 }
|
|
|
|
hh3cAclIPAclNamedAdvDstOp OBJECT-TYPE
|
|
SYNTAX PortOp
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination port operation symbol of advanced acl group."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclNamedAdvEntry 18 }
|
|
|
|
hh3cAclIPAclNamedAdvDstPort1 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port1."
|
|
DEFVAL { 0 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 19 }
|
|
|
|
hh3cAclIPAclNamedAdvDstPort2 OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The fourth layer destination port2."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 20 }
|
|
|
|
hh3cAclIPAclNamedAdvIcmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of ICMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 21 }
|
|
|
|
hh3cAclIPAclNamedAdvIcmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The code of ICMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 22 }
|
|
|
|
hh3cAclIPAclNamedAdvPrecedence OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's precedence.
|
|
<0-7> Value of precedence
|
|
routine Specify routine precedence(0)
|
|
priority Specify priority precedence(1)
|
|
immediate Specify immediate precedence(2)
|
|
flash Specify flash precedence(3)
|
|
flash-override Specify flash-override precedence(4)
|
|
critical Specify critical precedence(5)
|
|
internet Specify internetwork control precedence(6)
|
|
network Specify network control precedence(7)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 23 }
|
|
|
|
hh3cAclIPAclNamedAdvTos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..15|255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of IP-packet's TOS.
|
|
<0-15> Value of TOS(type of service)
|
|
max-reliability Match packets with max reliable TOS(2)
|
|
max-throughput Match packets with max throughput TOS(4)
|
|
min-delay Match packets with min delay TOS(8)
|
|
min-monetary-cost Match packets with min monetary cost TOS(1)
|
|
normal Match packets with normal TOS(0)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 24 }
|
|
|
|
hh3cAclIPAclNamedAdvDscp OBJECT-TYPE
|
|
SYNTAX DSCPValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of DSCP of IP packet."
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 25 }
|
|
|
|
hh3cAclIPAclNamedAdvTRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of advanced ACL rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 26 }
|
|
|
|
hh3cAclIPAclNamedAdvTCPFlag OBJECT-TYPE
|
|
SYNTAX TCPFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet type of TCP protocol."
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclNamedAdvEntry 27 }
|
|
|
|
hh3cAclIPAclNamedAdvFragmentFlag OBJECT-TYPE
|
|
SYNTAX FragmentFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching fragmented packet,
|
|
and now support two value: 0 or 2.
|
|
"
|
|
DEFVAL { invalid }
|
|
::= { hh3cAclIPAclNamedAdvEntry 28 }
|
|
|
|
hh3cAclIPAclNamedAdvLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log matched packets."
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclNamedAdvEntry 29 }
|
|
|
|
hh3cAclIPAclNamedAdvCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matches by the rule."
|
|
::= { hh3cAclIPAclNamedAdvEntry 30 }
|
|
|
|
hh3cAclIPAclNamedAdvCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the statistics counter of this rule."
|
|
DEFVAL { nouse }
|
|
::= { hh3cAclIPAclNamedAdvEntry 31 }
|
|
|
|
hh3cAclIPAclNamedAdvEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclNamedAdvEntry 32 }
|
|
|
|
hh3cAclIPAclNamedAdvVpnInstName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VPN name to which the rule will be applied.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 33 }
|
|
|
|
hh3cAclIPAclNamedAdvComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is zero-length String.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 34 }
|
|
|
|
hh3cAclIPAclNamedAdvReflective OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of reflective."
|
|
::= { hh3cAclIPAclNamedAdvEntry 35 }
|
|
|
|
hh3cAclIPAclNamedAdvCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclNamedAdvEntry 36 }
|
|
|
|
hh3cAclIPAclNamedAdvTCPFlagMask OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
tcpack(0),
|
|
tcpfin(1),
|
|
tcppsh(2),
|
|
tcprst(3),
|
|
tcpsyn(4),
|
|
tcpurg(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP Flag Mask. This is a bit-map of possible conditions.
|
|
The various bit positions are:
|
|
|0 |tcpack |
|
|
|1 |tcpfin |
|
|
|2 |tcppsh |
|
|
|3 |tcprst |
|
|
|4 |tcpsyn |
|
|
|5 |tcpurg |
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 37 }
|
|
|
|
hh3cAclIPAclNamedAdvTCPFlagValue OBJECT-TYPE
|
|
SYNTAX BITS {
|
|
tcpack(0),
|
|
tcpfin(1),
|
|
tcppsh(2),
|
|
tcprst(3),
|
|
tcpsyn(4),
|
|
tcpurg(5)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP Flag Value. This is a bit-map of possible conditions.
|
|
The various bit positions are:
|
|
|0 |tcpack |
|
|
|1 |tcpfin |
|
|
|2 |tcppsh |
|
|
|3 |tcprst |
|
|
|4 |tcpsyn |
|
|
|5 |tcpurg |
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 38 }
|
|
|
|
hh3cAclIPAclNamedAdvRouteTypeAny OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flag of matching any type of routing header of IPv6 packet.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclIPAclNamedAdvEntry 39 }
|
|
|
|
hh3cAclIPAclNamedAdvRouteTypeValue OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of routing header of IPv6 packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 40 }
|
|
|
|
hh3cAclIPAclNamedAdvFlowLabel OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..1048575|4294967295)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of flow label of IPv6 packet header."
|
|
DEFVAL { 4294967295 }
|
|
::= { hh3cAclIPAclNamedAdvEntry 41 }
|
|
|
|
hh3cAclIPAclNamedAdvSrcSuffix OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address suffix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the least significant bit
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 42 }
|
|
|
|
hh3cAclIPAclNamedAdvDstSuffix OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Denotes the length of a generic Internet network address suffix.
|
|
A value of n corresponds to an IP address mask
|
|
that has n contiguous 1-bits from the least significant bit
|
|
and all other bits set to 0.
|
|
"
|
|
::= { hh3cAclIPAclNamedAdvEntry 43 }
|
|
|
|
--
|
|
-- Node of hh3cAclMACAclGroup
|
|
--
|
|
hh3cAclMACAclGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 3 }
|
|
--
|
|
-- Nodes of hh3cAclMACTable
|
|
--
|
|
hh3cAclMACTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclMACEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of MAC acl group.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { hh3cAclMACAclGroup 1 }
|
|
|
|
hh3cAclMACEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclMACEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC acl group information."
|
|
INDEX
|
|
{
|
|
hh3cAclNumberGroupType,
|
|
hh3cAclNumberGroupIndex,
|
|
hh3cAclMACRuleIndex
|
|
}
|
|
::= { hh3cAclMACTable 1 }
|
|
|
|
Hh3cAclMACEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclMACRuleIndex
|
|
Integer32,
|
|
hh3cAclMACRowStatus
|
|
RowStatus,
|
|
hh3cAclMACAct
|
|
RuleAction,
|
|
hh3cAclMACTypeCode
|
|
OCTET STRING,
|
|
hh3cAclMACTypeMask
|
|
OCTET STRING,
|
|
hh3cAclMACSrcMac
|
|
MacAddress,
|
|
hh3cAclMACSrcMacWild
|
|
MacAddress,
|
|
hh3cAclMACDestMac
|
|
MacAddress,
|
|
hh3cAclMACDestMacWild
|
|
MacAddress,
|
|
hh3cAclMACLsapCode
|
|
OCTET STRING,
|
|
hh3cAclMACLsapMask
|
|
OCTET STRING,
|
|
hh3cAclMACCos
|
|
Integer32,
|
|
hh3cAclMACTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclMACCount
|
|
Unsigned32,
|
|
hh3cAclMACCountClear
|
|
CounterClear,
|
|
hh3cAclMACEnable
|
|
TruthValue,
|
|
hh3cAclMACComment
|
|
OCTET STRING,
|
|
hh3cAclMACLog
|
|
TruthValue,
|
|
hh3cAclMACCounting
|
|
TruthValue
|
|
}
|
|
|
|
hh3cAclMACRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule index of MAC-based acl group."
|
|
::= { hh3cAclMACEntry 1 }
|
|
|
|
hh3cAclMACRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclMACEntry 2 }
|
|
|
|
hh3cAclMACAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of MAC acl rule."
|
|
::= { hh3cAclMACEntry 3 }
|
|
|
|
hh3cAclMACTypeCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of protocol."
|
|
REFERENCE
|
|
"rfc894, rfc1010."
|
|
::= { hh3cAclMACEntry 4 }
|
|
|
|
hh3cAclMACTypeMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of protocol."
|
|
::= { hh3cAclMACEntry 5 }
|
|
|
|
hh3cAclMACSrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC of MAC acl rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { hh3cAclMACEntry 6 }
|
|
|
|
hh3cAclMACSrcMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC wildzard of MAC acl rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { hh3cAclMACEntry 7 }
|
|
|
|
hh3cAclMACDestMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC of MAC acl rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { hh3cAclMACEntry 8 }
|
|
|
|
hh3cAclMACDestMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC wildzard of MAC acl rule.
|
|
Default value is '00:00:00:00:00:00'
|
|
"
|
|
::= { hh3cAclMACEntry 9 }
|
|
|
|
hh3cAclMACLsapCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of LSAP."
|
|
REFERENCE
|
|
"ANSI/IEEE Std 802.3"
|
|
::= { hh3cAclMACEntry 10 }
|
|
|
|
hh3cAclMACLsapMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of LSAP."
|
|
::= { hh3cAclMACEntry 11 }
|
|
|
|
hh3cAclMACCos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7 | 255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan priority of MAC acl rule."
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclMACEntry 12 }
|
|
|
|
hh3cAclMACTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of MAC acl rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclMACEntry 13 }
|
|
|
|
hh3cAclMACCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched frames by the rule."
|
|
::= { hh3cAclMACEntry 14 }
|
|
|
|
hh3cAclMACCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
DEFVAL { nouse }
|
|
::= { hh3cAclMACEntry 15 }
|
|
|
|
hh3cAclMACEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclMACEntry 16 }
|
|
|
|
hh3cAclMACComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { hh3cAclMACEntry 17 }
|
|
|
|
hh3cAclMACLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclMACEntry 18 }
|
|
|
|
hh3cAclMACCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclMACEntry 19 }
|
|
|
|
--
|
|
-- Nodes of named MAC ACL group
|
|
--
|
|
hh3cAclNamedMACTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclNamedMACEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of named MAC ACL rule.
|
|
The name of ACL group will be used as an index in this table,
|
|
which differs from the table hh3cAclMACTable.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed or applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { hh3cAclMACAclGroup 2 }
|
|
|
|
hh3cAclNamedMACEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclNamedMACEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"MAC acl group information."
|
|
INDEX
|
|
{
|
|
hh3cAclNumberGroupType,
|
|
hh3cAclNamedGroupName,
|
|
hh3cAclMACRuleIndex
|
|
}
|
|
::= { hh3cAclNamedMACTable 1 }
|
|
|
|
Hh3cAclNamedMACEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclNamedMACRowStatus
|
|
RowStatus,
|
|
hh3cAclNamedMACAct
|
|
RuleAction,
|
|
hh3cAclNamedMACTypeCode
|
|
OCTET STRING,
|
|
hh3cAclNamedMACTypeMask
|
|
OCTET STRING,
|
|
hh3cAclNamedMACSrcMac
|
|
MacAddress,
|
|
hh3cAclNamedMACSrcMacWild
|
|
MacAddress,
|
|
hh3cAclNamedMACDstMac
|
|
MacAddress,
|
|
hh3cAclNamedMACDstMacWild
|
|
MacAddress,
|
|
hh3cAclNamedMACLsapCode
|
|
OCTET STRING,
|
|
hh3cAclNamedMACLsapMask
|
|
OCTET STRING,
|
|
hh3cAclNamedMACCos
|
|
Integer32,
|
|
hh3cAclNamedMACTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclNamedMACCount
|
|
Unsigned32,
|
|
hh3cAclNamedMACCountClear
|
|
CounterClear,
|
|
hh3cAclNamedMACEnable
|
|
TruthValue,
|
|
hh3cAclNamedMACComment
|
|
OCTET STRING,
|
|
hh3cAclNamedMACLog
|
|
TruthValue,
|
|
hh3cAclNamedMACCounting
|
|
TruthValue
|
|
}
|
|
|
|
hh3cAclNamedMACRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclNamedMACEntry 1 }
|
|
|
|
hh3cAclNamedMACAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of MAC ACL rule."
|
|
::= { hh3cAclNamedMACEntry 2 }
|
|
|
|
hh3cAclNamedMACTypeCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of protocol."
|
|
REFERENCE
|
|
"rfc894, rfc1010."
|
|
::= { hh3cAclNamedMACEntry 3 }
|
|
|
|
hh3cAclNamedMACTypeMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of protocol."
|
|
::= { hh3cAclNamedMACEntry 4 }
|
|
|
|
hh3cAclNamedMACSrcMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC of MAC ACL rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { hh3cAclNamedMACEntry 5 }
|
|
|
|
hh3cAclNamedMACSrcMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC wildcard of MAC ACL rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { hh3cAclNamedMACEntry 6 }
|
|
|
|
hh3cAclNamedMACDstMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC of MAC ACL rule.
|
|
Default value is '00:00:00:00:00:00'.
|
|
"
|
|
::= { hh3cAclNamedMACEntry 7 }
|
|
|
|
hh3cAclNamedMACDstMacWild OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC wildcard of MAC ACL rule.
|
|
Default value is '00:00:00:00:00:00'
|
|
"
|
|
::= { hh3cAclNamedMACEntry 8 }
|
|
|
|
hh3cAclNamedMACLsapCode OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of LSAP."
|
|
REFERENCE
|
|
"ANSI/IEEE Std 802.3"
|
|
::= { hh3cAclNamedMACEntry 9 }
|
|
|
|
hh3cAclNamedMACLsapMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The mask of LSAP."
|
|
::= { hh3cAclNamedMACEntry 10 }
|
|
|
|
hh3cAclNamedMACCos OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7 | 255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan priority of MAC ACL rule."
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclNamedMACEntry 11 }
|
|
|
|
hh3cAclNamedMACTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time-range of MAC ACL rule.
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclNamedMACEntry 12 }
|
|
|
|
hh3cAclNamedMACCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched frames by the rule."
|
|
::= { hh3cAclNamedMACEntry 13 }
|
|
|
|
hh3cAclNamedMACCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
DEFVAL { nouse }
|
|
::= { hh3cAclNamedMACEntry 14 }
|
|
|
|
hh3cAclNamedMACEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclNamedMACEntry 15 }
|
|
|
|
hh3cAclNamedMACComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { hh3cAclNamedMACEntry 16 }
|
|
|
|
hh3cAclNamedMACLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclNamedMACEntry 17 }
|
|
|
|
hh3cAclNamedMACCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclNamedMACEntry 18 }
|
|
|
|
--
|
|
-- Node of hh3cAclEnUserGroup
|
|
--
|
|
hh3cAclEnUserAclGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 4 }
|
|
--
|
|
-- Nodes of hh3cAclEnUserTable
|
|
--
|
|
hh3cAclEnUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclEnUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of user acl group information.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed and applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { hh3cAclEnUserAclGroup 3 }
|
|
|
|
hh3cAclEnUserEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclEnUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined acl group entry."
|
|
INDEX { hh3cAclNumberGroupType,
|
|
hh3cAclNumberGroupIndex,
|
|
hh3cAclEnUserRuleIndex }
|
|
::= { hh3cAclEnUserTable 1 }
|
|
|
|
Hh3cAclEnUserEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclEnUserRuleIndex
|
|
Integer32,
|
|
hh3cAclEnUserRowStatus
|
|
RowStatus,
|
|
hh3cAclEnUserAct
|
|
RuleAction,
|
|
hh3cAclEnUserStartString
|
|
OCTET STRING,
|
|
hh3cAclEnUserL2String
|
|
OCTET STRING,
|
|
hh3cAclEnUserMplsString
|
|
OCTET STRING,
|
|
hh3cAclEnUserIPv4String
|
|
OCTET STRING,
|
|
hh3cAclEnUserIPv6String
|
|
OCTET STRING,
|
|
hh3cAclEnUserL4String
|
|
OCTET STRING,
|
|
hh3cAclEnUserL5String
|
|
OCTET STRING,
|
|
hh3cAclEnUserTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclEnUserCount
|
|
Unsigned32,
|
|
hh3cAclEnUserCountClear
|
|
CounterClear,
|
|
hh3cAclEnUserEnable
|
|
TruthValue,
|
|
hh3cAclEnUserComment
|
|
OCTET STRING,
|
|
hh3cAclEnUserLog
|
|
TruthValue,
|
|
hh3cAclEnUserCounting
|
|
TruthValue
|
|
}
|
|
|
|
hh3cAclEnUserRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The subitem of the user acl."
|
|
::= { hh3cAclEnUserEntry 1 }
|
|
|
|
hh3cAclEnUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclEnUserEntry 2 }
|
|
|
|
hh3cAclEnUserAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of user defined acl rule."
|
|
::= { hh3cAclEnUserEntry 3 }
|
|
|
|
hh3cAclEnUserStartString OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value of this object is defined by product and
|
|
it indicates the offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: 10,10af,ffff.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclEnUserEntry 4 }
|
|
|
|
hh3cAclEnUserL2String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 2 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclEnUserEntry 5 }
|
|
|
|
hh3cAclEnUserMplsString OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching mpls packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclEnUserEntry 6 }
|
|
|
|
hh3cAclEnUserIPv4String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching IPv4 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclEnUserEntry 7 }
|
|
|
|
hh3cAclEnUserIPv6String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching IPv6 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclEnUserEntry 8 }
|
|
|
|
hh3cAclEnUserL4String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 4 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclEnUserEntry 9 }
|
|
|
|
hh3cAclEnUserL5String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 5 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclEnUserEntry 10 }
|
|
|
|
hh3cAclEnUserTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of user acl rule.
|
|
Default value is zero-length."
|
|
::= { hh3cAclEnUserEntry 11 }
|
|
|
|
hh3cAclEnUserCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by the rule."
|
|
::= { hh3cAclEnUserEntry 12 }
|
|
|
|
hh3cAclEnUserCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
::= { hh3cAclEnUserEntry 13 }
|
|
|
|
hh3cAclEnUserEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclEnUserEntry 14 }
|
|
|
|
hh3cAclEnUserComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { hh3cAclEnUserEntry 15 }
|
|
|
|
hh3cAclEnUserLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclEnUserEntry 16 }
|
|
|
|
hh3cAclEnUserCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclEnUserEntry 17 }
|
|
|
|
--
|
|
-- Nodes of hh3cAclNamedUserTable
|
|
--
|
|
hh3cAclNamedUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclNamedUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of named user acl rule.
|
|
The name of ACL group will be used as an index in this table,
|
|
which differs from the table hh3cAclEnUserTable.
|
|
If some objects of this table are not supported by some products,
|
|
these objects can't be created, changed and applied.
|
|
Default value of these objects will be returned when they are read.
|
|
"
|
|
::= { hh3cAclEnUserAclGroup 4 }
|
|
|
|
hh3cAclNamedUserEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclNamedUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"User defined acl group entry."
|
|
INDEX
|
|
{
|
|
hh3cAclNumberGroupType,
|
|
hh3cAclNamedGroupName,
|
|
hh3cAclEnUserRuleIndex
|
|
}
|
|
::= { hh3cAclNamedUserTable 1 }
|
|
|
|
Hh3cAclNamedUserEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclNamedUserRowStatus
|
|
RowStatus,
|
|
hh3cAclNamedUserAct
|
|
RuleAction,
|
|
hh3cAclNamedUserStartString
|
|
OCTET STRING,
|
|
hh3cAclNamedUserL2String
|
|
OCTET STRING,
|
|
hh3cAclNamedUserMplsString
|
|
OCTET STRING,
|
|
hh3cAclNamedUserIPv4String
|
|
OCTET STRING,
|
|
hh3cAclNamedUserIPv6String
|
|
OCTET STRING,
|
|
hh3cAclNamedUserL4String
|
|
OCTET STRING,
|
|
hh3cAclNamedUserL5String
|
|
OCTET STRING,
|
|
hh3cAclNamedUserTimeRangeName
|
|
OCTET STRING,
|
|
hh3cAclNamedUserCount
|
|
Unsigned32,
|
|
hh3cAclNamedUserCountClear
|
|
CounterClear,
|
|
hh3cAclNamedUserEnable
|
|
TruthValue,
|
|
hh3cAclNamedUserComment
|
|
OCTET STRING,
|
|
hh3cAclNamedUserLog
|
|
TruthValue,
|
|
hh3cAclNamedUserCounting
|
|
TruthValue
|
|
}
|
|
|
|
hh3cAclNamedUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclNamedUserEntry 1 }
|
|
|
|
hh3cAclNamedUserAct OBJECT-TYPE
|
|
SYNTAX RuleAction
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action of user defined acl rule."
|
|
::= { hh3cAclNamedUserEntry 2 }
|
|
|
|
hh3cAclNamedUserStartString OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value of this object is defined by product and
|
|
it indicates the offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: 10,10af,ffff.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclNamedUserEntry 3 }
|
|
|
|
hh3cAclNamedUserL2String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 2 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclNamedUserEntry 4 }
|
|
|
|
hh3cAclNamedUserMplsString OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching mpls packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclNamedUserEntry 5 }
|
|
|
|
hh3cAclNamedUserIPv4String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching IPv4 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclNamedUserEntry 6 }
|
|
|
|
hh3cAclNamedUserIPv6String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching IPv6 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclNamedUserEntry 7 }
|
|
|
|
hh3cAclNamedUserL4String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 4 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclNamedUserEntry 8 }
|
|
|
|
hh3cAclNamedUserL5String OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule, matching layer 5 packets, input like this:
|
|
'RuleOffset','RuleString','RuleMask'.
|
|
|
|
RuleOffset: The value is defined by product and
|
|
it indicates offset of the rule mask in the packet(unit: byte).
|
|
|
|
RuleString: The length of RuleString is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
RuleMask: The length of RuleMask is defined by product.
|
|
The string must be hexadecimal.
|
|
The length of string must be multiple of 2.
|
|
|
|
For example: '10','10af','ffff'.
|
|
|
|
Default value is zero-length.
|
|
"
|
|
::= { hh3cAclNamedUserEntry 9 }
|
|
|
|
hh3cAclNamedUserTimeRangeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Time-range of user acl rule.
|
|
Default value is zero-length."
|
|
::= { hh3cAclNamedUserEntry 10 }
|
|
|
|
hh3cAclNamedUserCount OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The count of matched by the rule."
|
|
::= { hh3cAclNamedUserEntry 11 }
|
|
|
|
hh3cAclNamedUserCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Reset the value of counter."
|
|
::= { hh3cAclNamedUserEntry 12 }
|
|
|
|
hh3cAclNamedUserEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The rule is active or not.
|
|
true : active
|
|
false : inactive
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclNamedUserEntry 13 }
|
|
|
|
hh3cAclNamedUserComment OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..127))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of ACL rule.
|
|
Default value is Zero-length String.
|
|
"
|
|
::= { hh3cAclNamedUserEntry 14 }
|
|
|
|
hh3cAclNamedUserLog OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be logged when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclNamedUserEntry 15 }
|
|
|
|
hh3cAclNamedUserCounting OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet will be counted when it matches the rule.
|
|
It is disabled by default.
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cAclNamedUserEntry 16 }
|
|
|
|
--
|
|
-- Node of hh3cAclResourceGroup
|
|
--
|
|
hh3cAclResourceGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 5 }
|
|
--
|
|
-- Nodes of hh3cAclResourceUsageTable
|
|
--
|
|
hh3cAclResourceUsageTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclResourceUsageEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table shows ACL resource usage information. Support for
|
|
resource types that are denoted by hh3cAclResourceType object
|
|
varies with products. If a type is not supported, the
|
|
corresponding row for the type will not be instantiated
|
|
in this table.
|
|
"
|
|
::= { hh3cAclResourceGroup 1 }
|
|
|
|
hh3cAclResourceUsageEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclResourceUsageEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Each row contains a brief description of the resource type,
|
|
a port range associated with the chip, total, reserved, and
|
|
configured amount of resource of this type, the percent of
|
|
resource that has been allocated, and so on.
|
|
"
|
|
INDEX
|
|
{
|
|
hh3cAclResourceChassis,
|
|
hh3cAclResourceSlot,
|
|
hh3cAclResourceChip,
|
|
hh3cAclResourceType
|
|
}
|
|
::= { hh3cAclResourceUsageTable 1 }
|
|
|
|
Hh3cAclResourceUsageEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclResourceChassis
|
|
Unsigned32,
|
|
hh3cAclResourceSlot
|
|
Unsigned32,
|
|
hh3cAclResourceChip
|
|
Unsigned32,
|
|
hh3cAclResourceType
|
|
Integer32,
|
|
hh3cAclPortRange
|
|
OCTET STRING,
|
|
hh3cAclResourceTotal
|
|
Unsigned32,
|
|
hh3cAclResourceReserved
|
|
Unsigned32,
|
|
hh3cAclResourceConfigured
|
|
Unsigned32,
|
|
hh3cAclResourceUsagePercent
|
|
Unsigned32,
|
|
hh3cAclResourceTypeDescription
|
|
OCTET STRING
|
|
}
|
|
|
|
hh3cAclResourceChassis OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The chassis number. On a centralized or distributed device,
|
|
the value for this node is always zero.
|
|
"
|
|
::= { hh3cAclResourceUsageEntry 1 }
|
|
|
|
hh3cAclResourceSlot OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The slot number. On a centralized device, the value for
|
|
this node is always zero."
|
|
::= { hh3cAclResourceUsageEntry 2 }
|
|
|
|
hh3cAclResourceChip OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The chip number. On a single chip device, the value for
|
|
this node is always zero."
|
|
::= { hh3cAclResourceUsageEntry 3 }
|
|
|
|
hh3cAclResourceType OBJECT-TYPE
|
|
SYNTAX Integer32 (1..255)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The resource type."
|
|
::= { hh3cAclResourceUsageEntry 4 }
|
|
|
|
hh3cAclPortRange OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port range associated with the chip. Commas are used to
|
|
separate multiple port ranges, for example, Ethernet1/2 to
|
|
Ethernet1/12, Ethernet1/31 to Ethernet1/48.
|
|
"
|
|
::= { hh3cAclResourceUsageEntry 5 }
|
|
|
|
hh3cAclResourceTotal OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Total TCAM entries of the resource type."
|
|
::= { hh3cAclResourceUsageEntry 6 }
|
|
|
|
hh3cAclResourceReserved OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The amount of reserved TCAM entries of the resource type."
|
|
::= { hh3cAclResourceUsageEntry 7 }
|
|
|
|
hh3cAclResourceConfigured OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The amount of configured TCAM entries of the resource type."
|
|
::= { hh3cAclResourceUsageEntry 8 }
|
|
|
|
hh3cAclResourceUsagePercent OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The percent of TCAM entries that have been used for
|
|
this resource type.
|
|
"
|
|
::= { hh3cAclResourceUsageEntry 9 }
|
|
|
|
hh3cAclResourceTypeDescription OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..31))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of this resource type."
|
|
::= { hh3cAclResourceUsageEntry 10 }
|
|
|
|
--
|
|
-- Node of hh3cAclIntervalGroup
|
|
--
|
|
hh3cAclIntervalGroup OBJECT IDENTIFIER ::= { hh3cAclMib2Objects 6 }
|
|
--
|
|
-- Nodes of hh3cAclIntervalTable
|
|
--
|
|
hh3cAclIntervalTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cAclIntervalEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log interval table."
|
|
::= { hh3cAclIntervalGroup 1 }
|
|
|
|
hh3cAclIntervalEntry OBJECT-TYPE
|
|
SYNTAX Hh3cAclIntervalEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Log interval entry."
|
|
INDEX
|
|
{
|
|
hh3cAclIntervalType
|
|
}
|
|
::= { hh3cAclIntervalTable 1 }
|
|
|
|
Hh3cAclIntervalEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cAclIntervalType
|
|
INTEGER,
|
|
hh3cAclIntervalValue
|
|
Integer32,
|
|
hh3cAclIntervalRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cAclIntervalType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
logging(1),
|
|
trap(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The types of the interval specified for generating
|
|
packet filtering logs or traps.
|
|
"
|
|
::= { hh3cAclIntervalEntry 1 }
|
|
|
|
hh3cAclIntervalValue OBJECT-TYPE
|
|
SYNTAX Integer32 (5..1440)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of interval.
|
|
It must be a multiple of 5 and in the range of 5 to 1440.
|
|
"
|
|
::= { hh3cAclIntervalEntry 2 }
|
|
|
|
hh3cAclIntervalRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cAclIntervalEntry 3 }
|
|
|
|
--
|
|
-- Node of hh3cAclPacketFilterObjects
|
|
--
|
|
hh3cAclPacketFilterObjects OBJECT IDENTIFIER ::= { hh3cAcl 3 }
|
|
|
|
hh3cPfilterScalarGroup OBJECT IDENTIFIER ::= { hh3cAclPacketFilterObjects 1 }
|
|
|
|
hh3cPfilterDefaultAction OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
permit(1),
|
|
deny(2)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The default action of packet filter.
|
|
By default, the packet filter permits packets that do not match
|
|
any ACL rule to pass.
|
|
"
|
|
::= { hh3cPfilterScalarGroup 1 }
|
|
|
|
hh3cPfilterProcessingStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
processing(1),
|
|
done(2)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object shows the status of the system when applying packet
|
|
filter. It is forbidden to set or read in hh3cAclPacketFilterObjects
|
|
MIB module when the value is processing.
|
|
"
|
|
::= { hh3cPfilterScalarGroup 2 }
|
|
|
|
--
|
|
-- Nodes of hh3cPfilterApplyTable
|
|
--
|
|
hh3cPfilterApplyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cPfilterApplyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of packet filter application.
|
|
It's not supported to set default action on an entity,
|
|
but supported to enable hardware count of default action
|
|
on an entity.
|
|
"
|
|
::= { hh3cAclPacketFilterObjects 2 }
|
|
|
|
hh3cPfilterApplyEntry OBJECT-TYPE
|
|
SYNTAX Hh3cPfilterApplyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Packet filter application information entry."
|
|
INDEX
|
|
{
|
|
hh3cPfilterApplyObjType,
|
|
hh3cPfilterApplyObjIndex,
|
|
hh3cPfilterApplyDirection,
|
|
hh3cPfilterApplyAclType,
|
|
hh3cPfilterApplyAclIndex
|
|
}
|
|
::= { hh3cPfilterApplyTable 1 }
|
|
|
|
Hh3cPfilterApplyEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cPfilterApplyObjType
|
|
INTEGER,
|
|
hh3cPfilterApplyObjIndex
|
|
Integer32,
|
|
hh3cPfilterApplyDirection
|
|
DirectionType,
|
|
hh3cPfilterApplyAclType
|
|
INTEGER,
|
|
hh3cPfilterApplyAclIndex
|
|
Integer32,
|
|
hh3cPfilterApplyHardCount
|
|
TruthValue,
|
|
hh3cPfilterApplySequence
|
|
Unsigned32,
|
|
hh3cPfilterApplyCountClear
|
|
CounterClear,
|
|
hh3cPfilterApplyRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cPfilterApplyObjType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
interface(1),
|
|
vlan(2),
|
|
global(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object type of packet filter application.
|
|
interface: Apply an ACL to the interface to filter packets.
|
|
vlan: Apply an ACL to the VLAN to filter packets.
|
|
global: Apply an ACL globally to filter packets.
|
|
"
|
|
::= { hh3cPfilterApplyEntry 1 }
|
|
|
|
hh3cPfilterApplyObjIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object ID of packet filter application.
|
|
Interface: interface index, equal to ifIndex
|
|
VLAN: VLAN ID, 1..4094
|
|
Global: 0
|
|
"
|
|
::= { hh3cPfilterApplyEntry 2 }
|
|
|
|
hh3cPfilterApplyDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of packet filter application."
|
|
::= { hh3cPfilterApplyEntry 3 }
|
|
|
|
hh3cPfilterApplyAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
default(3),
|
|
mac(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Type: IPv4, IPv6, default action, MAC, and user.
|
|
Take default action as a special ACL group.
|
|
"
|
|
::= { hh3cPfilterApplyEntry 4 }
|
|
|
|
hh3cPfilterApplyAclIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0|2000..5999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL group index.
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
Default action type: 0
|
|
"
|
|
::= { hh3cPfilterApplyEntry 5 }
|
|
|
|
hh3cPfilterApplyHardCount OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Hardware count flag.
|
|
true: enable hardware count
|
|
false: disable hardware count
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cPfilterApplyEntry 6 }
|
|
|
|
hh3cPfilterApplySequence OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The configure sequence of packet filter application."
|
|
::= { hh3cPfilterApplyEntry 7 }
|
|
|
|
hh3cPfilterApplyCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Clear the value of counters."
|
|
::= { hh3cPfilterApplyEntry 8 }
|
|
|
|
hh3cPfilterApplyRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cPfilterApplyEntry 9 }
|
|
|
|
--
|
|
-- Nodes of hh3cPfilterAclGroupRunInfoTable
|
|
--
|
|
hh3cPfilterAclGroupRunInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cPfilterAclGroupRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of group running information of ACLs
|
|
for packet filtering. If hardware count function is not
|
|
supported or not enabled to the packet filter application, the
|
|
statistics entry will be zero.
|
|
"
|
|
::= { hh3cAclPacketFilterObjects 3 }
|
|
|
|
hh3cPfilterAclGroupRunInfoEntry OBJECT-TYPE
|
|
SYNTAX Hh3cPfilterAclGroupRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL group running information entry for packet filtering."
|
|
INDEX
|
|
{
|
|
hh3cPfilterRunApplyObjType,
|
|
hh3cPfilterRunApplyObjIndex,
|
|
hh3cPfilterRunApplyDirection,
|
|
hh3cPfilterRunApplyAclType,
|
|
hh3cPfilterRunApplyAclIndex
|
|
}
|
|
::= { hh3cPfilterAclGroupRunInfoTable 1 }
|
|
|
|
Hh3cPfilterAclGroupRunInfoEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cPfilterRunApplyObjType
|
|
INTEGER,
|
|
hh3cPfilterRunApplyObjIndex
|
|
Integer32,
|
|
hh3cPfilterRunApplyDirection
|
|
DirectionType,
|
|
hh3cPfilterRunApplyAclType
|
|
INTEGER,
|
|
hh3cPfilterRunApplyAclIndex
|
|
Integer32,
|
|
hh3cPfilterAclGroupStatus
|
|
INTEGER,
|
|
hh3cPfilterAclGroupCountStatus
|
|
INTEGER,
|
|
hh3cPfilterAclGroupPermitPkts
|
|
Counter64,
|
|
hh3cPfilterAclGroupPermitBytes
|
|
Counter64,
|
|
hh3cPfilterAclGroupDenyPkts
|
|
Counter64,
|
|
hh3cPfilterAclGroupDenyBytes
|
|
Counter64
|
|
}
|
|
|
|
hh3cPfilterRunApplyObjType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
interface(1),
|
|
vlan(2),
|
|
global(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object type of packet filter application.
|
|
interface: Apply an ACL to the interface to filter packets.
|
|
vlan: Apply an ACL to the VLAN to filter packets.
|
|
global: Apply an ACL globally to filter packets.
|
|
"
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 1 }
|
|
|
|
hh3cPfilterRunApplyObjIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object ID of packet filter application.
|
|
Interface: interface index, equal to ifIndex
|
|
VLAN: VLAN ID, 1..4094
|
|
Global: 0
|
|
"
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 2 }
|
|
|
|
hh3cPfilterRunApplyDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of packet filter application."
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 3 }
|
|
|
|
hh3cPfilterRunApplyAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
default(3),
|
|
mac(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Type: IPv4, IPv6, default action, MAC, and user.
|
|
Take default action as a special ACL group.
|
|
"
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 4 }
|
|
|
|
hh3cPfilterRunApplyAclIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (1..3|2000..5999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL group index.
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
MAC default action: 1
|
|
IPv4 default action: 2
|
|
IPv6 default action: 3
|
|
"
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 5 }
|
|
|
|
hh3cPfilterAclGroupStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of ACL group applied.
|
|
success: ACL applied successfully on all slots
|
|
failed: failed to apply ACL on all slots
|
|
partialSuccess: failed to apply ACL on some slots
|
|
"
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 6 }
|
|
|
|
hh3cPfilterAclGroupCountStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of enabling hardware count. If hardware count is
|
|
not enabled, it returns success.
|
|
success: enable hardware count successfully on all slots
|
|
failed: failed to enable hardware count on all slots
|
|
partialSuccess: failed to enable hardware count on some slots
|
|
"
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 7 }
|
|
|
|
hh3cPfilterAclGroupPermitPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets permitted."
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 8 }
|
|
|
|
hh3cPfilterAclGroupPermitBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes permitted."
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 9 }
|
|
|
|
hh3cPfilterAclGroupDenyPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets denied."
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 10 }
|
|
|
|
hh3cPfilterAclGroupDenyBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes denied."
|
|
::= { hh3cPfilterAclGroupRunInfoEntry 11 }
|
|
|
|
--
|
|
-- Nodes of hh3cPfilterAclRuleRunInfoTable
|
|
--
|
|
hh3cPfilterAclRuleRunInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cPfilterAclRuleRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of rule's running information of ACLs
|
|
for packet filtering. If hardware count function is not
|
|
supported or not enabled to the packet filter application, the
|
|
hh3cPfilterAclRuleMatchPackets and hh3cPfilterAclRuleMatchBytes
|
|
will be zero.
|
|
"
|
|
::= { hh3cAclPacketFilterObjects 4 }
|
|
|
|
hh3cPfilterAclRuleRunInfoEntry OBJECT-TYPE
|
|
SYNTAX Hh3cPfilterAclRuleRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL rule's running information entry."
|
|
INDEX
|
|
{
|
|
hh3cPfilterRunApplyObjType,
|
|
hh3cPfilterRunApplyObjIndex,
|
|
hh3cPfilterRunApplyDirection,
|
|
hh3cPfilterRunApplyAclType,
|
|
hh3cPfilterRunApplyAclIndex,
|
|
hh3cPfilterAclRuleIndex
|
|
}
|
|
::= { hh3cPfilterAclRuleRunInfoTable 1 }
|
|
|
|
Hh3cPfilterAclRuleRunInfoEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cPfilterAclRuleIndex
|
|
Integer32,
|
|
hh3cPfilterAclRuleStatus
|
|
INTEGER,
|
|
hh3cPfilterAclRuleCountStatus
|
|
INTEGER,
|
|
hh3cPfilterAclRuleMatchPackets
|
|
Counter64,
|
|
hh3cPfilterAclRuleMatchBytes
|
|
Counter64
|
|
}
|
|
|
|
hh3cPfilterAclRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL rule index."
|
|
::= { hh3cPfilterAclRuleRunInfoEntry 1 }
|
|
|
|
hh3cPfilterAclRuleStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of rule application.
|
|
success: rule applied successfully on all slots
|
|
failed: failed to apply rule on all slots
|
|
partialSuccess: failed to apply rule on some slots
|
|
"
|
|
::= { hh3cPfilterAclRuleRunInfoEntry 2 }
|
|
|
|
hh3cPfilterAclRuleCountStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of enabling rule's hardware count.
|
|
If hardware count is not enabled, it returns success.
|
|
success: enable hardware count successfully on all slots
|
|
failed: failed to enable hardware count on all slots
|
|
partialSuccess: failed to enable hardware count on some slots
|
|
"
|
|
::= { hh3cPfilterAclRuleRunInfoEntry 3 }
|
|
|
|
hh3cPfilterAclRuleMatchPackets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets matched."
|
|
::= { hh3cPfilterAclRuleRunInfoEntry 4 }
|
|
|
|
hh3cPfilterAclRuleMatchBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes matched."
|
|
::= { hh3cPfilterAclRuleRunInfoEntry 5 }
|
|
|
|
--
|
|
-- Nodes of hh3cPfilterStatisticSumTable
|
|
--
|
|
hh3cPfilterStatisticSumTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cPfilterStatisticSumEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of ACL rule's sum statistics information,
|
|
accumulated by all entity application on all slots.
|
|
"
|
|
::= { hh3cAclPacketFilterObjects 5 }
|
|
|
|
hh3cPfilterStatisticSumEntry OBJECT-TYPE
|
|
SYNTAX Hh3cPfilterStatisticSumEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL rule's sum statistics information entry."
|
|
INDEX
|
|
{
|
|
hh3cPfilterSumDirection,
|
|
hh3cPfilterSumAclType,
|
|
hh3cPfilterSumAclIndex,
|
|
hh3cPfilterSumRuleIndex
|
|
}
|
|
::= { hh3cPfilterStatisticSumTable 1 }
|
|
|
|
Hh3cPfilterStatisticSumEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cPfilterSumDirection
|
|
DirectionType,
|
|
hh3cPfilterSumAclType
|
|
INTEGER,
|
|
hh3cPfilterSumAclIndex
|
|
Integer32,
|
|
hh3cPfilterSumRuleIndex
|
|
Integer32,
|
|
hh3cPfilterSumRuleMatchPackets
|
|
Counter64,
|
|
hh3cPfilterSumRuleMatchBytes
|
|
Counter64
|
|
}
|
|
|
|
hh3cPfilterSumDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of application."
|
|
::= { hh3cPfilterStatisticSumEntry 1 }
|
|
|
|
hh3cPfilterSumAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
mac(3),
|
|
user(4)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL type: IPv4, IPv6, MAC, and user."
|
|
::= { hh3cPfilterStatisticSumEntry 2 }
|
|
|
|
hh3cPfilterSumAclIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (2000..5999)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL group index.
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
"
|
|
::= { hh3cPfilterStatisticSumEntry 3 }
|
|
|
|
hh3cPfilterSumRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL rule index."
|
|
::= { hh3cPfilterStatisticSumEntry 4 }
|
|
|
|
hh3cPfilterSumRuleMatchPackets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sum number of packets matched the ACL rule."
|
|
::= { hh3cPfilterStatisticSumEntry 5 }
|
|
|
|
hh3cPfilterSumRuleMatchBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sum number of bytes matched the ACL rule."
|
|
::= { hh3cPfilterStatisticSumEntry 6 }
|
|
|
|
--
|
|
-- Nodes of hh3cPfilter2ApplyTable
|
|
--
|
|
hh3cPfilter2ApplyTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cPfilter2ApplyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of packet filter application.
|
|
It's not supported to set default action on an entity,
|
|
but supported to enable hardware count of default action
|
|
on an entity.
|
|
"
|
|
::= { hh3cAclPacketFilterObjects 6 }
|
|
|
|
hh3cPfilter2ApplyEntry OBJECT-TYPE
|
|
SYNTAX Hh3cPfilter2ApplyEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Packet filter application information entry."
|
|
INDEX
|
|
{
|
|
hh3cPfilter2ApplyObjType,
|
|
hh3cPfilter2ApplyObjIndex,
|
|
hh3cPfilter2ApplyDirection,
|
|
hh3cPfilter2ApplyAclType,
|
|
hh3cPfilter2ApplyAclIndex
|
|
}
|
|
::= { hh3cPfilter2ApplyTable 1 }
|
|
|
|
Hh3cPfilter2ApplyEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cPfilter2ApplyObjType
|
|
INTEGER,
|
|
hh3cPfilter2ApplyObjIndex
|
|
Integer32,
|
|
hh3cPfilter2ApplyDirection
|
|
DirectionType,
|
|
hh3cPfilter2ApplyAclType
|
|
INTEGER,
|
|
hh3cPfilter2ApplyAclIndex
|
|
OCTET STRING,
|
|
hh3cPfilter2ApplyHardCount
|
|
TruthValue,
|
|
hh3cPfilter2ApplySequence
|
|
Unsigned32,
|
|
hh3cPfilter2ApplyCountClear
|
|
CounterClear,
|
|
hh3cPfilter2ApplyRowStatus
|
|
RowStatus
|
|
}
|
|
|
|
hh3cPfilter2ApplyObjType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
interface(1),
|
|
vlan(2),
|
|
global(3)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object type of packet filter application.
|
|
interface: Apply an ACL to the interface to filter packets.
|
|
vlan: Apply an ACL to the VLAN to filter packets.
|
|
global: Apply an ACL globally to filter packets.
|
|
"
|
|
::= { hh3cPfilter2ApplyEntry 1 }
|
|
|
|
hh3cPfilter2ApplyObjIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object ID of packet filter application.
|
|
Interface: interface index, equal to ifIndex
|
|
VLAN: VLAN ID, 1..4094
|
|
Global: 0
|
|
"
|
|
::= { hh3cPfilter2ApplyEntry 2 }
|
|
|
|
hh3cPfilter2ApplyDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of packet filter application."
|
|
::= { hh3cPfilter2ApplyEntry 3 }
|
|
|
|
hh3cPfilter2ApplyAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
default(3),
|
|
mac(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Type: IPv4, IPv6, default action, MAC, and user.
|
|
Take default action as a special ACL group.
|
|
"
|
|
::= { hh3cPfilter2ApplyEntry 4 }
|
|
|
|
hh3cPfilter2ApplyAclIndex OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..63))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of ACL group used by packet-filter.
|
|
If the specified string comprises only digits, it is converted
|
|
into a numerical sequence in decimal notation, and regarded as
|
|
an ACL group index or a default action. If the string is a
|
|
character string beginning with an English letter, it is
|
|
regarded as an ACL group name.
|
|
|
|
Group index range and default action:
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
Default action type: 0
|
|
"
|
|
::= { hh3cPfilter2ApplyEntry 5 }
|
|
|
|
hh3cPfilter2ApplyHardCount OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Hardware count flag.
|
|
true: enable hardware count
|
|
false: disable hardware count
|
|
"
|
|
DEFVAL { false }
|
|
::= { hh3cPfilter2ApplyEntry 6 }
|
|
|
|
hh3cPfilter2ApplySequence OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The configure sequence of packet filter application."
|
|
::= { hh3cPfilter2ApplyEntry 7 }
|
|
|
|
hh3cPfilter2ApplyCountClear OBJECT-TYPE
|
|
SYNTAX CounterClear
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Clear the value of counters."
|
|
DEFVAL { nouse }
|
|
::= { hh3cPfilter2ApplyEntry 8 }
|
|
|
|
hh3cPfilter2ApplyRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"RowStatus."
|
|
::= { hh3cPfilter2ApplyEntry 9 }
|
|
|
|
--
|
|
-- Nodes of hh3cPfilter2AclGroupRunInfoTable
|
|
--
|
|
hh3cPfilter2AclGroupRunInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cPfilter2AclGroupRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of group running information of ACLs
|
|
for packet filtering. If hardware count function is not
|
|
supported or not enabled to the packet filter application, the
|
|
statistics entry will be zero.
|
|
"
|
|
::= { hh3cAclPacketFilterObjects 7 }
|
|
|
|
hh3cPfilter2AclGroupRunInfoEntry OBJECT-TYPE
|
|
SYNTAX Hh3cPfilter2AclGroupRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL group running information entry for packet filtering."
|
|
INDEX
|
|
{
|
|
hh3cPfilter2RunApplyObjType,
|
|
hh3cPfilter2RunApplyObjIndex,
|
|
hh3cPfilter2RunApplyDirection,
|
|
hh3cPfilter2RunApplyAclType,
|
|
hh3cPfilter2RunApplyAclIndex
|
|
}
|
|
::= { hh3cPfilter2AclGroupRunInfoTable 1 }
|
|
|
|
Hh3cPfilter2AclGroupRunInfoEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cPfilter2RunApplyObjType
|
|
INTEGER,
|
|
hh3cPfilter2RunApplyObjIndex
|
|
Integer32,
|
|
hh3cPfilter2RunApplyDirection
|
|
DirectionType,
|
|
hh3cPfilter2RunApplyAclType
|
|
INTEGER,
|
|
hh3cPfilter2RunApplyAclIndex
|
|
OCTET STRING,
|
|
hh3cPfilter2AclGroupStatus
|
|
INTEGER,
|
|
hh3cPfilter2AclGroupCountStatus
|
|
INTEGER,
|
|
hh3cPfilter2AclGroupPermitPkts
|
|
Counter64,
|
|
hh3cPfilter2AclGroupPermitBytes
|
|
Counter64,
|
|
hh3cPfilter2AclGroupDenyPkts
|
|
Counter64,
|
|
hh3cPfilter2AclGroupDenyBytes
|
|
Counter64
|
|
}
|
|
|
|
hh3cPfilter2RunApplyObjType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
interface(1),
|
|
vlan(2),
|
|
global(3)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object type of packet filter application.
|
|
interface: Apply an ACL to the interface to filter packets.
|
|
vlan: Apply an ACL to the VLAN to filter packets.
|
|
global: Apply an ACL globally to filter packets.
|
|
"
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 1 }
|
|
|
|
hh3cPfilter2RunApplyObjIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2147483647)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The object ID of packet filter application.
|
|
Interface: interface index, equal to ifIndex
|
|
VLAN: VLAN ID, 1..4094
|
|
Global: 0
|
|
"
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 2 }
|
|
|
|
hh3cPfilter2RunApplyDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of packet filter application."
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 3 }
|
|
|
|
hh3cPfilter2RunApplyAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
default(3),
|
|
mac(4),
|
|
user(5)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL Type: IPv4, IPv6, default action, MAC, and user.
|
|
Take default action as a special ACL group.
|
|
"
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 4 }
|
|
|
|
hh3cPfilter2RunApplyAclIndex OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..63))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of ACL group used by packet-filter.
|
|
If the specified string comprises only digits, it is converted
|
|
into a numerical sequence in decimal notation, and regarded as
|
|
an ACL group index or a default action. If the string is a
|
|
character string beginning with an English letter, it is
|
|
regarded as an ACL group name.
|
|
|
|
Group index range and default action:
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
MAC default action: 1
|
|
IPv4 default action: 2
|
|
IPv6 default action: 3
|
|
"
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 5 }
|
|
|
|
hh3cPfilter2AclGroupStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of ACL group applied.
|
|
success: ACL applied successfully on all slots
|
|
failed: failed to apply ACL on all slots
|
|
partialSuccess: failed to apply ACL on some slots
|
|
"
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 6 }
|
|
|
|
hh3cPfilter2AclGroupCountStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of enabling hardware count. If hardware count is
|
|
not enabled, it returns success.
|
|
success: enable hardware count successfully on all slots
|
|
failed: failed to enable hardware count on all slots
|
|
partialSuccess: failed to enable hardware count on some slots
|
|
"
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 7 }
|
|
|
|
hh3cPfilter2AclGroupPermitPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets permitted."
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 8 }
|
|
|
|
hh3cPfilter2AclGroupPermitBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes permitted."
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 9 }
|
|
|
|
hh3cPfilter2AclGroupDenyPkts OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets denied."
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 10 }
|
|
|
|
hh3cPfilter2AclGroupDenyBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes denied."
|
|
::= { hh3cPfilter2AclGroupRunInfoEntry 11 }
|
|
|
|
--
|
|
-- Nodes of hh3cPfilter2AclRuleRunInfoTable
|
|
--
|
|
hh3cPfilter2AclRuleRunInfoTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cPfilter2AclRuleRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of rule's running information of ACLs
|
|
for packet filtering. If hardware count function is not
|
|
supported or not enabled to the packet filter application, the
|
|
hh3cPfilter2AclRuleMatchPackets and hh3cPfilter2AclRuleMatchBytes
|
|
will be zero.
|
|
"
|
|
::= { hh3cAclPacketFilterObjects 8 }
|
|
|
|
hh3cPfilter2AclRuleRunInfoEntry OBJECT-TYPE
|
|
SYNTAX Hh3cPfilter2AclRuleRunInfoEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL rule's running information entry."
|
|
INDEX
|
|
{
|
|
hh3cPfilter2RunApplyObjType,
|
|
hh3cPfilter2RunApplyObjIndex,
|
|
hh3cPfilter2RunApplyDirection,
|
|
hh3cPfilter2RunApplyAclType,
|
|
hh3cPfilter2RunApplyAclIndex,
|
|
hh3cPfilter2AclRuleIndex
|
|
}
|
|
::= { hh3cPfilter2AclRuleRunInfoTable 1 }
|
|
|
|
Hh3cPfilter2AclRuleRunInfoEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cPfilter2AclRuleIndex
|
|
Integer32,
|
|
hh3cPfilter2AclRuleStatus
|
|
INTEGER,
|
|
hh3cPfilter2AclRuleCountStatus
|
|
INTEGER,
|
|
hh3cPfilter2AclRuleMatchPackets
|
|
Counter64,
|
|
hh3cPfilter2AclRuleMatchBytes
|
|
Counter64
|
|
}
|
|
|
|
hh3cPfilter2AclRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL rule index."
|
|
::= { hh3cPfilter2AclRuleRunInfoEntry 1 }
|
|
|
|
hh3cPfilter2AclRuleStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of rule application.
|
|
success: rule applied successfully on all slots
|
|
failed: failed to apply rule on all slots
|
|
partialSuccess: failed to apply rule on some slots
|
|
"
|
|
::= { hh3cPfilter2AclRuleRunInfoEntry 2 }
|
|
|
|
hh3cPfilter2AclRuleCountStatus OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
success(1),
|
|
failed(2),
|
|
partialSuccess(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The status of enabling rule's hardware count.
|
|
If hardware count is not enabled, it returns success.
|
|
success: enable hardware count successfully on all slots
|
|
failed: failed to enable hardware count on all slots
|
|
partialSuccess: failed to enable hardware count on some slots
|
|
"
|
|
::= { hh3cPfilter2AclRuleRunInfoEntry 3 }
|
|
|
|
hh3cPfilter2AclRuleMatchPackets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets matched."
|
|
::= { hh3cPfilter2AclRuleRunInfoEntry 4 }
|
|
|
|
hh3cPfilter2AclRuleMatchBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of bytes matched."
|
|
::= { hh3cPfilter2AclRuleRunInfoEntry 5 }
|
|
|
|
--
|
|
-- Nodes of hh3cPfilter2StatisticSumTable
|
|
--
|
|
hh3cPfilter2StatisticSumTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF Hh3cPfilter2StatisticSumEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table of ACL rule's sum statistics information,
|
|
accumulated by all entity application on all slots.
|
|
"
|
|
::= { hh3cAclPacketFilterObjects 9 }
|
|
|
|
hh3cPfilter2StatisticSumEntry OBJECT-TYPE
|
|
SYNTAX Hh3cPfilter2StatisticSumEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL rule's sum statistics information entry."
|
|
INDEX
|
|
{
|
|
hh3cPfilter2SumDirection,
|
|
hh3cPfilter2SumAclType,
|
|
hh3cPfilter2SumAclIndex,
|
|
hh3cPfilter2SumRuleIndex
|
|
}
|
|
::= { hh3cPfilter2StatisticSumTable 1 }
|
|
|
|
Hh3cPfilter2StatisticSumEntry ::=
|
|
SEQUENCE
|
|
{
|
|
hh3cPfilter2SumDirection
|
|
DirectionType,
|
|
hh3cPfilter2SumAclType
|
|
INTEGER,
|
|
hh3cPfilter2SumAclIndex
|
|
OCTET STRING,
|
|
hh3cPfilter2SumRuleIndex
|
|
Integer32,
|
|
hh3cPfilter2SumRuleMatchPackets
|
|
Counter64,
|
|
hh3cPfilter2SumRuleMatchBytes
|
|
Counter64
|
|
}
|
|
|
|
hh3cPfilter2SumDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction of application."
|
|
::= { hh3cPfilter2StatisticSumEntry 1 }
|
|
|
|
hh3cPfilter2SumAclType OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
ipv4(1),
|
|
ipv6(2),
|
|
mac(3),
|
|
user(4)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL type: IPv4, IPv6, MAC, and user."
|
|
::= { hh3cPfilter2StatisticSumEntry 2 }
|
|
|
|
hh3cPfilter2SumAclIndex OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..63))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The index of ACL group used by packet-filter.
|
|
If the specified string comprises only digits, it is converted
|
|
into a numerical sequence in decimal notation, and regarded as
|
|
an ACL group index. If the string is a character string
|
|
beginning with an English letter, it is regarded as an ACL
|
|
group name.
|
|
|
|
Group index range and default action:
|
|
Basic type: 2000..2999
|
|
Advanced type: 3000..3999
|
|
MAC type: 4000..4999
|
|
User type: 5000..5999
|
|
"
|
|
::= { hh3cPfilter2StatisticSumEntry 3 }
|
|
|
|
hh3cPfilter2SumRuleIndex OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65534)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ACL rule index."
|
|
::= { hh3cPfilter2StatisticSumEntry 4 }
|
|
|
|
hh3cPfilter2SumRuleMatchPackets OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sum number of packets matched the ACL rule."
|
|
::= { hh3cPfilter2StatisticSumEntry 5 }
|
|
|
|
hh3cPfilter2SumRuleMatchBytes OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The sum number of bytes matched the ACL rule."
|
|
::= { hh3cPfilter2StatisticSumEntry 6 }
|
|
|
|
--
|
|
-- Nodes of hh3cPacketfilterTrapObjects
|
|
--
|
|
|
|
hh3cAclPacketfilterTrapObjects OBJECT IDENTIFIER ::= { hh3cAcl 4 }
|
|
|
|
hh3cPfilterInterface OBJECT-TYPE
|
|
SYNTAX OCTET STRING
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface which policy apply."
|
|
::= { hh3cAclPacketfilterTrapObjects 1 }
|
|
|
|
hh3cPfilterDirection OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Inbound or outbound."
|
|
::= { hh3cAclPacketfilterTrapObjects 2 }
|
|
|
|
hh3cPfilterACLNumber OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL number."
|
|
::= { hh3cAclPacketfilterTrapObjects 3 }
|
|
|
|
hh3cPfilterAction OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Permit or deny."
|
|
::= { hh3cAclPacketfilterTrapObjects 4 }
|
|
|
|
hh3cMACfilterSourceMac OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC address."
|
|
::= { hh3cAclPacketfilterTrapObjects 5 }
|
|
|
|
hh3cMACfilterDestinationMac OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC address."
|
|
::= { hh3cAclPacketfilterTrapObjects 6 }
|
|
|
|
hh3cPfilterPacketNumber OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of packets permitted or denied by ACL."
|
|
::= { hh3cAclPacketfilterTrapObjects 7 }
|
|
|
|
hh3cPfilterReceiveInterface OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The interface where packet come from."
|
|
::= { hh3cAclPacketfilterTrapObjects 8 }
|
|
|
|
hh3cAclPacketIfName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the interface on which the packet is matched."
|
|
::= { hh3cAclPacketfilterTrapObjects 9 }
|
|
|
|
hh3cAclPacketDirection OBJECT-TYPE
|
|
SYNTAX DirectionType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The direction the packet is going."
|
|
::= { hh3cAclPacketfilterTrapObjects 10 }
|
|
|
|
hh3cAclPacketBAGG OBJECT-TYPE
|
|
SYNTAX Integer32 (0..2048)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The bridge-aggregation-interface ID the interface belongs to.
|
|
"
|
|
DEFVAL { 0 }
|
|
::= { hh3cAclPacketfilterTrapObjects 11 }
|
|
|
|
hh3cAclPacketVlanID OBJECT-TYPE
|
|
SYNTAX Integer32 (1..4094)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The vlan the interface belongs to."
|
|
::= { hh3cAclPacketfilterTrapObjects 12 }
|
|
|
|
hh3cAclPacketSrcIP OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source IP address of IPv4/IPv6 packet."
|
|
::= { hh3cAclPacketfilterTrapObjects 13 }
|
|
|
|
hh3cAclPacketDstIP OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(0..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination IP address of IPv4/IPv6 packet."
|
|
::= { hh3cAclPacketfilterTrapObjects 14 }
|
|
|
|
hh3cAclPacketProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol of IPv4/IPv6 packet.
|
|
icmp(1),
|
|
tcp(6),
|
|
udp(17),
|
|
igmp(2),
|
|
gre(47),
|
|
ospf(89),
|
|
ipinip(4),
|
|
icmp6(58),
|
|
ipv6_ah(51),
|
|
ipv6_esp(50)
|
|
"
|
|
::= { hh3cAclPacketfilterTrapObjects 15 }
|
|
|
|
hh3cAclPacketDscp OBJECT-TYPE
|
|
SYNTAX DSCPValue
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"DSCP of IPv4/IPv6 packet."
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclPacketfilterTrapObjects 16 }
|
|
|
|
hh3cAclPacketFlowLabel OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..1048575|4294967295)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Flow label value of IPv6 packet."
|
|
DEFVAL { 4294967295 }
|
|
::= { hh3cAclPacketfilterTrapObjects 17 }
|
|
|
|
hh3cAclPacketIcmpIgmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of ICMP or IGMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclPacketfilterTrapObjects 18 }
|
|
|
|
hh3cAclPacketIcmpIgmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (0..255|65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The code of ICMP or IGMP packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclPacketfilterTrapObjects 19 }
|
|
|
|
hh3cAclPacketTcpFlags OBJECT-TYPE
|
|
SYNTAX INTEGER
|
|
{
|
|
tcpack(1),
|
|
tcpfin(2),
|
|
tcppsh(3),
|
|
tcprst(4),
|
|
tcpsyn(5),
|
|
tcpurg(6),
|
|
invalid(255)
|
|
}
|
|
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The flags of TCP packet.
|
|
tcpack(1),
|
|
tcpfin(2),
|
|
tcppsh(3),
|
|
tcprst(4),
|
|
tcpsyn(5),
|
|
tcpurg(6),
|
|
invalid(255)
|
|
"
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclPacketfilterTrapObjects 20 }
|
|
|
|
hh3cAclPacketSrcPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source port of TCP or UDP packet."
|
|
DEFVAL { 0 }
|
|
::= { hh3cAclPacketfilterTrapObjects 21 }
|
|
|
|
hh3cAclPacketDstPort OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination port of TCP or UDP packet."
|
|
DEFVAL { 65535 }
|
|
::= { hh3cAclPacketfilterTrapObjects 22 }
|
|
|
|
hh3cAclPacketSrcMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source MAC address of Ethernet packet."
|
|
::= { hh3cAclPacketfilterTrapObjects 23 }
|
|
|
|
hh3cAclPacketDstMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination MAC address of Ethernet packet."
|
|
::= { hh3cAclPacketfilterTrapObjects 24 }
|
|
|
|
hh3cAclPacketMacTypeLen OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Ethertype or 802.3 length of Ethernet packet."
|
|
DEFVAL { 0 }
|
|
::= { hh3cAclPacketfilterTrapObjects 25 }
|
|
|
|
hh3cAclPacketVlanPCP OBJECT-TYPE
|
|
SYNTAX Integer32 (0..7|255)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"802.1p priority code point of Ethernet packet."
|
|
DEFVAL { 255 }
|
|
::= { hh3cAclPacketfilterTrapObjects 26 }
|
|
|
|
--
|
|
-- Nodes of hh3cPacketfilterTrap
|
|
--
|
|
|
|
hh3cAclPacketfilterTrap OBJECT IDENTIFIER ::= { hh3cAcl 5 }
|
|
|
|
hh3cPfilterTrapPrefix OBJECT IDENTIFIER ::= { hh3cAclPacketfilterTrap 0 }
|
|
|
|
hh3cMACfilterTrap NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hh3cPfilterInterface,
|
|
hh3cPfilterDirection,
|
|
hh3cPfilterACLNumber,
|
|
hh3cPfilterAction,
|
|
hh3cMACfilterSourceMac,
|
|
hh3cMACfilterDestinationMac,
|
|
hh3cPfilterPacketNumber,
|
|
hh3cPfilterReceiveInterface
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated when a packet was processed
|
|
by MAC address filter, but not every packet will generate one
|
|
notification, the same notification only generate once in 30
|
|
seconds.
|
|
"
|
|
::= { hh3cPfilterTrapPrefix 1 }
|
|
|
|
hh3cAclRuleMatchCount NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hh3cPfilter2ApplyObjType,
|
|
hh3cPfilter2ApplyObjIndex,
|
|
hh3cPfilter2ApplyDirection,
|
|
hh3cPfilter2ApplyAclType,
|
|
hh3cPfilter2ApplyAclIndex,
|
|
hh3cPfilter2AclRuleIndex,
|
|
hh3cPfilter2AclRuleMatchPackets
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated periodically due to a timer.
|
|
The interval of the timer is configured in hh3cAclIntervalTable.
|
|
The notification details the entries about the packet-filter
|
|
object, the matched ACL rule and the number of matching packets.
|
|
"
|
|
::= { hh3cPfilterTrapPrefix 2 }
|
|
|
|
hh3cAclFirstIPv4PktCaptured NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hh3cPfilter2ApplyAclIndex,
|
|
hh3cPfilter2AclRuleIndex,
|
|
hh3cAclPacketIfName,
|
|
hh3cAclPacketDirection,
|
|
hh3cAclPacketBAGG,
|
|
hh3cAclPacketVlanID,
|
|
hh3cAclPacketSrcIP,
|
|
hh3cAclPacketDstIP,
|
|
hh3cAclPacketProtocol,
|
|
hh3cAclPacketDscp,
|
|
hh3cAclPacketIcmpIgmpType,
|
|
hh3cAclPacketIcmpIgmpCode,
|
|
hh3cAclPacketTcpFlags,
|
|
hh3cAclPacketSrcPort,
|
|
hh3cAclPacketDstPort
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated immediately when the first
|
|
packet of the matched IPv4 flow is captured. Other packets
|
|
of the matched flow won't be captured.
|
|
"
|
|
::= { hh3cPfilterTrapPrefix 3 }
|
|
|
|
hh3cAclFirstIPv6PktCaptured NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hh3cPfilter2ApplyAclIndex,
|
|
hh3cPfilter2AclRuleIndex,
|
|
hh3cAclPacketIfName,
|
|
hh3cAclPacketDirection,
|
|
hh3cAclPacketBAGG,
|
|
hh3cAclPacketVlanID,
|
|
hh3cAclPacketSrcIP,
|
|
hh3cAclPacketDstIP,
|
|
hh3cAclPacketProtocol,
|
|
hh3cAclPacketDscp,
|
|
hh3cAclPacketFlowLabel,
|
|
hh3cAclPacketIcmpIgmpType,
|
|
hh3cAclPacketIcmpIgmpCode,
|
|
hh3cAclPacketTcpFlags,
|
|
hh3cAclPacketSrcPort,
|
|
hh3cAclPacketDstPort
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated immediately when the first
|
|
packet of the matched IPv6 flow is captured. Other packets
|
|
of the matched flow won't be captured.
|
|
"
|
|
::= { hh3cPfilterTrapPrefix 4 }
|
|
|
|
hh3cAclFirstEthernetPktCaptured NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hh3cPfilter2ApplyAclIndex,
|
|
hh3cPfilter2AclRuleIndex,
|
|
hh3cAclPacketIfName,
|
|
hh3cAclPacketDirection,
|
|
hh3cAclPacketBAGG,
|
|
hh3cAclPacketVlanID,
|
|
hh3cAclPacketSrcMacAddr,
|
|
hh3cAclPacketDstMacAddr,
|
|
hh3cAclPacketMacTypeLen,
|
|
hh3cAclPacketVlanPCP
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated immediately when the first
|
|
packet of the matched Ethernet flow is captured. Other packets
|
|
of the matched flow won't be captured.
|
|
"
|
|
::= { hh3cPfilterTrapPrefix 5 }
|
|
|
|
--
|
|
-- Nodes of hh3cAclTrapObjects
|
|
--
|
|
|
|
hh3cAclTrapObjects OBJECT IDENTIFIER ::= { hh3cAcl 6 }
|
|
|
|
hh3cAclResourceTypeName OBJECT-TYPE
|
|
SYNTAX OCTET STRING (SIZE(1..255))
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of TCAM resources."
|
|
::= { hh3cAclTrapObjects 1 }
|
|
|
|
hh3cAclResourceUsage OBJECT-TYPE
|
|
SYNTAX Integer32 (1..100)
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The current usage of TCAM resources."
|
|
::= { hh3cAclTrapObjects 2 }
|
|
|
|
hh3cAclResourceUsedEntries OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The used number of entries on TCAM."
|
|
::= { hh3cAclTrapObjects 3 }
|
|
|
|
hh3cAclResourceTotalEntries OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The total number of entries on TCAM."
|
|
::= { hh3cAclTrapObjects 4 }
|
|
|
|
hh3cAclResourceChassisID OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The chassis number. On a centralized or distributed device,
|
|
the value for this node is always zero."
|
|
::= { hh3cAclTrapObjects 5 }
|
|
|
|
hh3cAclResourceSlotID OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The slot number. On a centralized device, the value for
|
|
this node is always zero."
|
|
::= { hh3cAclTrapObjects 6 }
|
|
|
|
--
|
|
-- Nodes of hh3cAclResourceTrap
|
|
--
|
|
|
|
hh3cAclTrap OBJECT IDENTIFIER ::= { hh3cAcl 7 }
|
|
|
|
hh3cAclTrapPrefix OBJECT IDENTIFIER ::= { hh3cAclTrap 0 }
|
|
|
|
hh3cAclResourceTrap NOTIFICATION-TYPE
|
|
OBJECTS
|
|
{
|
|
hh3cAclResourceTypeName,
|
|
hh3cAclResourceUsage,
|
|
hh3cAclResourceUsedEntries,
|
|
hh3cAclResourceTotalEntries,
|
|
hh3cAclMib2ResourceThreshold,
|
|
hh3cAclResourceChassisID,
|
|
hh3cAclResourceSlotID
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This notification is generated when the number of entries on TCAM
|
|
becomes equal to or greater than a preset threshold level"
|
|
::= { hh3cAclTrapPrefix 1 }
|
|
|
|
END
|