3231 lines
134 KiB
Plaintext
3231 lines
134 KiB
Plaintext
-- *****************************************************************
|
|
-- DLINKSW-ACL-MIB.mib : ACL MIB
|
|
--
|
|
-- Copyright (c) 2013 D-Link Corporation, all rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
DLINKSW-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Integer32,
|
|
Unsigned32,
|
|
IpAddress,
|
|
Counter64
|
|
FROM SNMPv2-SMI
|
|
MacAddress,
|
|
DisplayString,
|
|
TruthValue,
|
|
RowStatus,
|
|
TEXTUAL-CONVENTION
|
|
FROM SNMPv2-TC
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
InterfaceIndex,
|
|
InterfaceIndexOrZero
|
|
FROM IF-MIB
|
|
VlanId,VlanIdOrNone
|
|
FROM Q-BRIDGE-MIB
|
|
InetAddressIPv6,
|
|
InetAddressPrefixLength
|
|
FROM INET-ADDRESS-MIB
|
|
dlinkIndustrialCommon
|
|
FROM DLINK-ID-REC-MIB;
|
|
|
|
|
|
dlinkSwAclMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201511260000Z"
|
|
ORGANIZATION "D-Link Corp."
|
|
CONTACT-INFO
|
|
" D-Link Corporation
|
|
Postal: No. 289, Sinhu 3rd Rd., Neihu District,
|
|
Taipei City 114, Taiwan, R.O.C
|
|
Tel: +886-2-66000123
|
|
E-mail: tsd@dlink.com.tw
|
|
"
|
|
DESCRIPTION
|
|
"The Structure of Access Control List Information for the
|
|
proprietary enterprise."
|
|
|
|
REVISION "201511260000Z"
|
|
DESCRIPTION
|
|
"Add DEFVAL for nodes dAclIpAccessRuleSrcPort,dAclIpAccessRuleQosPrecedence etc.
|
|
And correct description of node dAclReSeqIncrement."
|
|
|
|
REVISION "201507100000Z"
|
|
DESCRIPTION
|
|
"Add nodes to support vlan range, traffic class, l4 port mask operator, and mask for some nodes."
|
|
|
|
REVISION "201401210000Z"
|
|
DESCRIPTION
|
|
"Obsolete nodes dAclMacAccessRuleLlcDSAP, dAclMacAccessRuleLlcSSAP and dAclMacAccessRuleLlcCntl."
|
|
|
|
REVISION "201311130000Z"
|
|
DESCRIPTION
|
|
"Add 'deny-cpu'option for DlinkAclRuleType."
|
|
|
|
REVISION "201308200000Z"
|
|
DESCRIPTION
|
|
"Add nodes for counter function, access list remark, access list id, and some rule items."
|
|
|
|
REVISION "201302080000Z"
|
|
DESCRIPTION
|
|
"This is the first version of the MIB file for 'ACL' functionality."
|
|
::= { dlinkIndustrialCommon 28}
|
|
|
|
DlinkAclRuleType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action type when the packets match the access profile.
|
|
|
|
permit(1)- Specifies that packets that match the access rule are
|
|
permitted to be forwarded by the switch.
|
|
deny(2) - Specifies that packets that match the access rule
|
|
are not permitted to be forwarded by the switch and will be filtered.
|
|
deny-cpu(3)- Specifies that packet that match the access rule are prevented to be
|
|
copied to CPU and redirected to CPU. And the hardware forwarding behavior
|
|
should not be affected.
|
|
"
|
|
SYNTAX INTEGER {
|
|
permit(1),
|
|
deny(2),
|
|
deny-cpu(3)
|
|
}
|
|
|
|
DlinkAclPortOperatorType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
" The type of UDP/TCP port operator indicates how a packet's
|
|
TCP/UDP source or destination port number is compared.
|
|
none(1) - No comparison.
|
|
eq (2)- equal
|
|
gt (3)- greater than.
|
|
lt (4)- less than.
|
|
neq(5)- not equal
|
|
range(6)- compares the port value between two numbers.
|
|
mask(7)- check the bit corresponding to bit value 1, ignore the bit corresponding to bit value 0.
|
|
"
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
eq(2),
|
|
gt(3),
|
|
lt(4),
|
|
neq(5),
|
|
range(6),
|
|
mask(7)
|
|
}
|
|
|
|
TcpFlag ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The TCP flag fields. Each bit defined as follow:
|
|
urgent(0) - urgent.
|
|
acknowledge(1) - acknowledge.
|
|
push(2) - push,
|
|
reset(3) - reset.
|
|
synchronize(4) - synchronize.
|
|
finish (5) - finish.
|
|
"
|
|
SYNTAX BITS {
|
|
urgent(0),
|
|
acknowledge(1),
|
|
push(2),
|
|
reset(3),
|
|
synchronize(4),
|
|
finish (5)
|
|
}
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclMIBNotifications OBJECT IDENTIFIER ::= { dlinkSwAclMIB 0 }
|
|
dAclMIBObjects OBJECT IDENTIFIER ::= { dlinkSwAclMIB 1 }
|
|
dAclMIBConformance OBJECT IDENTIFIER ::= { dlinkSwAclMIB 2 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclGeneral OBJECT IDENTIFIER ::= { dAclMIBObjects 1 }
|
|
|
|
dAclReSeqTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclReSeqEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table consists of a list of information about how re-sequencing
|
|
the rules in access lists.
|
|
"
|
|
::= { dAclGeneral 1 }
|
|
|
|
dAclReSeqEntry OBJECT-TYPE
|
|
SYNTAX DAclReSeqEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry appears in this table for controlling the re-sequence of
|
|
an access-list."
|
|
INDEX { dAclReSeqAccessListName }
|
|
::= { dAclReSeqTable 1 }
|
|
|
|
DAclReSeqEntry ::= SEQUENCE {
|
|
dAclReSeqAccessListName DisplayString,
|
|
dAclReSeqStartingNumber Integer32,
|
|
dAclReSeqIncrement Integer32
|
|
}
|
|
dAclReSeqAccessListName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the name of an access list."
|
|
::= { dAclReSeqEntry 1 }
|
|
|
|
dAclReSeqStartingNumber OBJECT-TYPE
|
|
SYNTAX Integer32 ( 1..65535 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the initial value of sequence number of the corresponding
|
|
access list."
|
|
DEFVAL { 10 }
|
|
::= { dAclReSeqEntry 2 }
|
|
|
|
dAclReSeqIncrement OBJECT-TYPE
|
|
SYNTAX Integer32 ( 1..32 )
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the number that the sequence numbers step.
|
|
If the increment value is 5 and the beginning sequence number is 20,
|
|
the subsequent sequence numbers are 25, 30, 35, 40, and so on."
|
|
DEFVAL { 10 }
|
|
::= { dAclReSeqEntry 3 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclMac OBJECT IDENTIFIER ::= { dAclMIBObjects 2 }
|
|
dAclMacAccessListNumber OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the number of entries present in the MAC access list
|
|
table."
|
|
::= { dAclMac 1 }
|
|
|
|
dAclMacAccessListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclMacAccessListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains information about MAC access list."
|
|
::= { dAclMac 2 }
|
|
|
|
dAclMacAccessListEntry OBJECT-TYPE
|
|
SYNTAX DAclMacAccessListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry defined in dAclMacAccessListTable. An entry is
|
|
created/removed when an MAC access list is created/deleted."
|
|
INDEX { dAclMacAccessListName }
|
|
::= { dAclMacAccessListTable 1 }
|
|
|
|
DAclMacAccessListEntry ::= SEQUENCE {
|
|
dAclMacAccessListName DisplayString,
|
|
dAclMacAccessListRowStatus RowStatus,
|
|
dAclMacAccessListId Integer32,
|
|
dAclMacAccessListCounterEnabled TruthValue,
|
|
dAclMacAccessListClearStatAction INTEGER,
|
|
dAclMacAccessListRemark DisplayString
|
|
}
|
|
|
|
dAclMacAccessListName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the MAC access list."
|
|
::= { dAclMacAccessListEntry 1 }
|
|
|
|
dAclMacAccessListRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows the dynamic creation and deletion of a MAC
|
|
access list."
|
|
::= { dAclMacAccessListEntry 2 }
|
|
|
|
dAclMacAccessListId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the MAC access list.
|
|
If user specify value zero(0) for this node, agent will assign a number
|
|
for it. After the table created, this node should not be changed."
|
|
::= { dAclMacAccessListEntry 3 }
|
|
|
|
dAclMacAccessListCounterEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the counter state of the access list is
|
|
enabled('true') or disabled('false'). And the counter state just
|
|
for the all interface that applied the access list in
|
|
dAclMacAccessGroupTable.
|
|
"
|
|
::= { dAclMacAccessListEntry 4 }
|
|
|
|
dAclMacAccessListClearStatAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
clear(1),
|
|
noOp(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to clear statistics of the access list when set
|
|
to 'clear'. No action is taken if this object is set to 'noOp'.
|
|
The 'clear' action just for the all interface that applied the access
|
|
list in dAclMacAccessGroupTable.
|
|
When read, the value 'noOp' is returned."
|
|
::= { dAclMacAccessListEntry 5 }
|
|
|
|
dAclMacAccessListRemark OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of the MAC access list."
|
|
::= { dAclMacAccessListEntry 6 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclMacAccessRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclMacAccessRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table consists of a list of rules for the MAC access list."
|
|
::= { dAclMac 3 }
|
|
|
|
dAclMacAccessRuleEntry OBJECT-TYPE
|
|
SYNTAX DAclMacAccessRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is defined dAclMacAccessRuleTable.
|
|
The first instance identifier index value identifies the
|
|
dAclMacAccessListEntry that a MAC access rule (dAclMacAccessRuleEntry)
|
|
belongs to. An entry is removed from this table when its
|
|
corresponding dAclMacAccessListEntry is deleted."
|
|
INDEX {
|
|
dAclMacAccessListName,
|
|
dAclMacAccessRuleSn
|
|
}
|
|
::= { dAclMacAccessRuleTable 1 }
|
|
|
|
DAclMacAccessRuleEntry ::= SEQUENCE {
|
|
dAclMacAccessRuleSn Integer32,
|
|
dAclMacAccessRuleRowStatus RowStatus,
|
|
dAclMacAccessRuleAction DlinkAclRuleType,
|
|
dAclMacAccessRuleSrcMacAddr MacAddress,
|
|
dAclMacAccessRuleSrcMacWildcard MacAddress,
|
|
dAclMacAccessRuleDstMacAddr MacAddress,
|
|
dAclMacAccessRuleDstMacWildcard MacAddress,
|
|
dAclMacAccessRulePacketType INTEGER,
|
|
dAclMacAccessRuleEthernetType Integer32,
|
|
dAclMacAccessRuleLlcDSAP Integer32,
|
|
dAclMacAccessRuleLlcSSAP Integer32,
|
|
dAclMacAccessRuleLlcCntl Integer32,
|
|
dAclMacAccessRuleDot1p Integer32,
|
|
dAclMacAccessRuleInnerDot1p Integer32,
|
|
dAclMacAccessRuleVlanID VlanIdOrNone,
|
|
dAclMacAccessRuleInnerVlanID VlanIdOrNone,
|
|
dAclMacAccessRuleTimeName DisplayString,
|
|
dAclMacAccessRuleEthernetTypeMask OCTET STRING,
|
|
dAclMacAccessRuleDot1pMask OCTET STRING,
|
|
dAclMacAccessRuleInnerDot1pMask OCTET STRING,
|
|
dAclMacAccessRuleVlanIDMask OCTET STRING,
|
|
dAclMacAccessRuleInnerVlanIDMask OCTET STRING,
|
|
dAclMacAccessRuleVlanRangeMin VlanIdOrNone,
|
|
dAclMacAccessRuleVlanRangeMax VlanIdOrNone
|
|
}
|
|
|
|
dAclMacAccessRuleSn OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the sequence number of this rule.
|
|
The lower the number is, the higher the priority of the rule.
|
|
The special value of 0 means the sequence number will be automatically
|
|
determined by the agent."
|
|
::= { dAclMacAccessRuleEntry 1 }
|
|
|
|
dAclMacAccessRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclMacAccessRuleEntry 2 }
|
|
|
|
dAclMacAccessRuleAction OBJECT-TYPE
|
|
SYNTAX DlinkAclRuleType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the result of the packet examination is to
|
|
permit or deny or prevent to CPU.
|
|
"
|
|
::= { dAclMacAccessRuleEntry 3 }
|
|
|
|
dAclMacAccessRuleSrcMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a source MAC address."
|
|
::= { dAclMacAccessRuleEntry 4 }
|
|
|
|
dAclMacAccessRuleSrcMacWildcard OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a wildcard bitmap to specify a group of source
|
|
MAC addresses. The bit value 1 indicates the corresponding bit will
|
|
be ignored. The bit value 0 indicates the corresponding bit will be
|
|
checked. In other words, when the value of all 'ff'Hs indicates any
|
|
source MAC address is specified. When the value of all '00'Hs indicates
|
|
host source MAC address is specified."
|
|
::= { dAclMacAccessRuleEntry 5 }
|
|
|
|
dAclMacAccessRuleDstMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a destination MAC address."
|
|
::= { dAclMacAccessRuleEntry 6 }
|
|
|
|
dAclMacAccessRuleDstMacWildcard OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a wildcard bitmap to specify a group of destination
|
|
MAC addresses. The bit value 1 indicates the corresponding bit will
|
|
be ignored. The bit value 0 indicates the corresponding bit will be
|
|
checked. In other words, when the value of all 'ff'Hs indicates any
|
|
destination MAC address is specified. When the value of all '00'Hs
|
|
indicates host destination MAC address is specified."
|
|
::= { dAclMacAccessRuleEntry 7 }
|
|
|
|
dAclMacAccessRulePacketType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
ethernet(2),
|
|
llc(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Ethernet frame type. The value of none (1) means the
|
|
frame type is not specified."
|
|
DEFVAL { none }
|
|
::= { dAclMacAccessRuleEntry 8 }
|
|
|
|
dAclMacAccessRuleEthernetType OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the Ethernet type for an Ethernet II or SNAP packet.
|
|
The special value of -1 means the Ethernet type value is not specified.
|
|
It is only meaningful when the dAclMacAccessRulePacketType is
|
|
'ethernet'."
|
|
DEFVAL { -1 }
|
|
::= { dAclMacAccessRuleEntry 9}
|
|
|
|
dAclMacAccessRuleLlcDSAP OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Specifies the DSAP value for the LLC packet. If the value is -1, it
|
|
means the DSAP number is not specified.
|
|
It is only meaningful when the dAclMacAccessRulePacketType is 'llc'."
|
|
DEFVAL { -1 }
|
|
::= { dAclMacAccessRuleEntry 10 }
|
|
|
|
dAclMacAccessRuleLlcSSAP OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Specifies the SSAP value for the LLC packet. If the value is -1, it
|
|
means the SSAP number is not specified.
|
|
It is only meaningful when the dAclMacAccessRulePacketType is 'llc'."
|
|
DEFVAL { -1 }
|
|
::= { dAclMacAccessRuleEntry 11 }
|
|
|
|
dAclMacAccessRuleLlcCntl OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS obsolete
|
|
DESCRIPTION
|
|
"Specifies the control field for the LLC packet. If the value is -1, it
|
|
means the SSAP number is not specified.
|
|
It is only meaningful when the dAclMacAccessRulePacketType is 'llc'."
|
|
DEFVAL { -1 }
|
|
::= { dAclMacAccessRuleEntry 12 }
|
|
|
|
dAclMacAccessRuleDot1p OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the priority value. The value of -1 means the priority
|
|
is not specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclMacAccessRuleEntry 13 }
|
|
|
|
dAclMacAccessRuleInnerDot1p OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the inner priority value. The value of -1 means the
|
|
inner priority is not specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclMacAccessRuleEntry 14 }
|
|
|
|
dAclMacAccessRuleVlanID OBJECT-TYPE
|
|
SYNTAX VlanIdOrNone
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the VLAN ID.
|
|
A value of zero indicates the VLAN ID is not specified.
|
|
This node and dAclMacAccessRuleVlanRangeMin/dAclMacAccessRuleVlanRangeMax
|
|
cannot be specified at same time in a row."
|
|
DEFVAL { 0 }
|
|
::= { dAclMacAccessRuleEntry 15 }
|
|
|
|
dAclMacAccessRuleInnerVlanID OBJECT-TYPE
|
|
SYNTAX VlanIdOrNone
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the inner VLAN ID. A value of zero indicates
|
|
the inner VLAN ID is not specified."
|
|
DEFVAL { 0 }
|
|
::= { dAclMacAccessRuleEntry 16 }
|
|
|
|
dAclMacAccessRuleTimeName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the name of time-period profile associated with
|
|
the access-list delineating its activation period.
|
|
The value 'NULL' means that this rule is not bound with any Time
|
|
mechanism."
|
|
::= { dAclMacAccessRuleEntry 17 }
|
|
|
|
dAclMacAccessRuleEthernetTypeMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for ethernet type defined by dAclMacAccessRuleEthernetType.
|
|
Valid values are from 0x0000 to 0xFFFF.
|
|
Default value is 0xFFFF.
|
|
This node is valid only for the dAclMacAccessRuleEthernetType specified."
|
|
::= { dAclMacAccessRuleEntry 18}
|
|
|
|
dAclMacAccessRuleDot1pMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for priority defined by dAclMacAccessRuleDot1p.
|
|
Valid values are from 0x00 to 0x07.
|
|
Default value is 0x07.
|
|
This node is valid only for the dAclMacAccessRuleDot1p specified."
|
|
::= { dAclMacAccessRuleEntry 19 }
|
|
|
|
dAclMacAccessRuleInnerDot1pMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for inner priority defined by dAclMacAccessRuleInnerDot1p.
|
|
Valid values are from 0x00 to 0x07.
|
|
Default value is 0x07.
|
|
This node is valid only for the dAclMacAccessRuleInnerDot1p specified."
|
|
::= { dAclMacAccessRuleEntry 20 }
|
|
|
|
dAclMacAccessRuleVlanIDMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for VLAN ID defined by dAclMacAccessRuleVlanID.
|
|
Valid values are from 0x0000 to 0x0FFF.
|
|
This node and dAclMacAccessRuleVlanRangeMin/dAclMacAccessRuleVlanRangeMax
|
|
cannot be specified at same time in a row.
|
|
Default value is 0x0FFF.
|
|
This node is valid only for the dAclMacAccessRuleVlanID specified."
|
|
::= { dAclMacAccessRuleEntry 21 }
|
|
|
|
dAclMacAccessRuleInnerVlanIDMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for inner VLAN ID defined by dAclMacAccessRuleInnerVlanID.
|
|
Valid values are from 0x0000 to 0x0FFF.
|
|
Default value is 0x0FFF.
|
|
This node is valid only for the dAclMacAccessRuleInnerVlanID specified."
|
|
::= { dAclMacAccessRuleEntry 22 }
|
|
|
|
dAclMacAccessRuleVlanRangeMin OBJECT-TYPE
|
|
SYNTAX VlanIdOrNone
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the minimum outer VLAN ID of a VLAN range. A value of zero
|
|
indicates the VLAN range is not specified.
|
|
This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
|
|
be specified at same time in a row.
|
|
This node is valid only for the dAclMacAccessRuleVlanRangeMax specified."
|
|
DEFVAL { 0 }
|
|
::= { dAclMacAccessRuleEntry 23 }
|
|
|
|
dAclMacAccessRuleVlanRangeMax OBJECT-TYPE
|
|
SYNTAX VlanIdOrNone
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the maximum outer VLAN ID of a VLAN range. A value of zero
|
|
indicates the VLAN range is not specified.
|
|
This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
|
|
be specified at same time in a row.
|
|
This node is valid only for the dAclMacAccessRuleVlanRangeMin specified."
|
|
DEFVAL { 0 }
|
|
::= { dAclMacAccessRuleEntry 24 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclMacAccessGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclMacAccessGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table represents a list of MAC access group configuration."
|
|
::= { dAclMac 4 }
|
|
|
|
dAclMacAccessGroupEntry OBJECT-TYPE
|
|
SYNTAX DAclMacAccessGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in dAclMacAccessGroupTable contains interface specific
|
|
MAC access list association."
|
|
INDEX { dAclMacAccessGroupIfIndex, dAclMacAccessGroupApplyDirection }
|
|
::= { dAclMacAccessGroupTable 1 }
|
|
|
|
DAclMacAccessGroupEntry ::= SEQUENCE {
|
|
dAclMacAccessGroupIfIndex InterfaceIndex,
|
|
dAclMacAccessGroupApplyDirection INTEGER,
|
|
dAclMacAccessGroupRowStatus RowStatus,
|
|
dAclMacAccessGroupAclName DisplayString,
|
|
dAclMacAccessGroupAclId Integer32
|
|
}
|
|
|
|
dAclMacAccessGroupIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the ifIndex of the interface.
|
|
Only physical port is valid interface."
|
|
::= { dAclMacAccessGroupEntry 1 }
|
|
|
|
dAclMacAccessGroupApplyDirection OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
inbound(1),
|
|
outbound(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether this access list is to be attached to ingress
|
|
or egress direction."
|
|
::= { dAclMacAccessGroupEntry 2 }
|
|
|
|
dAclMacAccessGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclMacAccessGroupEntry 3 }
|
|
|
|
dAclMacAccessGroupAclName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the MAC access list to be applied.
|
|
"
|
|
::= { dAclMacAccessGroupEntry 4 }
|
|
|
|
dAclMacAccessGroupAclId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the MAC access list to be applied.
|
|
User maybe specify access list ID(by this object) or name (by
|
|
dAclMacAccessGroupAclName) to be applied. If both access list
|
|
ID and name are specified, the access list name specified by
|
|
dAclMacAccessGroupAclName will be take.
|
|
"
|
|
::= { dAclMacAccessGroupEntry 5 }
|
|
-- -----------------------------------------------------------------------------
|
|
dAclIp OBJECT IDENTIFIER ::= { dAclMIBObjects 3 }
|
|
dAclIpAccessListNumber OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the number of entries present in the IP access list
|
|
table."
|
|
::= { dAclIp 1 }
|
|
|
|
dAclIpAccessListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclIpAccessListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains IP access list configuration."
|
|
::= { dAclIp 2 }
|
|
|
|
dAclIpAccessListEntry OBJECT-TYPE
|
|
SYNTAX DAclIpAccessListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry defined in dAclIpAccessListTable. An entry is
|
|
created/removed when an IP access list is created/deleted."
|
|
INDEX { dAclIpAccessListName }
|
|
::= { dAclIpAccessListTable 1 }
|
|
|
|
DAclIpAccessListEntry ::= SEQUENCE {
|
|
dAclIpAccessListName DisplayString,
|
|
dAclIpAccessListRowStatus RowStatus,
|
|
dAclIpAccessExtended TruthValue,
|
|
dAclIpAccessListId Integer32,
|
|
dAclIpAccessListCounterEnabled TruthValue,
|
|
dAclIpAccessListClearStatAction INTEGER,
|
|
dAclIpAccessListRemark DisplayString
|
|
}
|
|
|
|
dAclIpAccessListName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the IP access list."
|
|
::= { dAclIpAccessListEntry 1 }
|
|
|
|
dAclIpAccessListRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows the dynamic creation and
|
|
deletion of an IP access list."
|
|
::= { dAclIpAccessListEntry 2 }
|
|
|
|
dAclIpAccessExtended OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the IP access list is extended ('true') or
|
|
standard ('false').
|
|
A standard ip access list means only IP address related i.e.
|
|
source or destination IP address is specified for the filter.
|
|
For an extended IP access list, more fields can be chosen for the
|
|
filter."
|
|
::= { dAclIpAccessListEntry 3 }
|
|
|
|
dAclIpAccessListId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the IP access list.
|
|
If user specify value zero(0) for this node, agent will assign a number
|
|
for it. After the table created, this node should not be changed."
|
|
::= { dAclIpAccessListEntry 4 }
|
|
|
|
dAclIpAccessListCounterEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the counter state of the access list is
|
|
enabled('true') or disabled('false'). And the counter just for
|
|
the all interface that applied the access list in
|
|
dAclIpAccessGroupTable."
|
|
::= { dAclIpAccessListEntry 5 }
|
|
|
|
dAclIpAccessListClearStatAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
clear(1),
|
|
noOp(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to clear statistics of the access list when set
|
|
to 'clear'. No action is taken if this object is set to 'noOp'.
|
|
The 'clear' action just for the all interface that applied the access
|
|
list in dAclIpAccessGroupTable.
|
|
When read, the value 'noOp' is returned."
|
|
::= { dAclIpAccessListEntry 6 }
|
|
|
|
dAclIpAccessListRemark OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of the IP access list."
|
|
::= { dAclIpAccessListEntry 7 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclIpAccessRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclIpAccessRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of IP access rules for IP access lists."
|
|
::= { dAclIp 3}
|
|
|
|
dAclIpAccessRuleEntry OBJECT-TYPE
|
|
SYNTAX DAclIpAccessRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is defined dAclIpAccessRuleTable.
|
|
The first instance identifier index value identifies the
|
|
dAclIpAccessListEntry that an IP access rule (dAclIpAccessRuleEntry)
|
|
belongs to. An entry is removed from this table when its
|
|
corresponding dAclIpAccessRuleEntry is deleted."
|
|
INDEX {
|
|
dAclIpAccessListName,
|
|
dAclIpAccessRuleSn
|
|
}
|
|
::= { dAclIpAccessRuleTable 1 }
|
|
|
|
DAclIpAccessRuleEntry ::= SEQUENCE {
|
|
dAclIpAccessRuleSn Integer32,
|
|
dAclIpAccessRuleRowStatus RowStatus,
|
|
dAclIpAccessRuleAction DlinkAclRuleType,
|
|
dAclIpAccessRuleProtocol INTEGER,
|
|
dAclIpAccessRuleUserDefProtocol Integer32,
|
|
dAclIpAccessRuleSrcAddr IpAddress,
|
|
dAclIpAccessRuleSrcWildcard IpAddress,
|
|
dAclIpAccessRuleDstAddr IpAddress,
|
|
dAclIpAccessRuleDstWildcard IpAddress,
|
|
dAclIpAccessRuleSrcOperator DlinkAclPortOperatorType,
|
|
dAclIpAccessRuleSrcPort Integer32,
|
|
dAclIpAccessRuleSrcPortRange Integer32,
|
|
dAclIpAccessRuleDstOperator DlinkAclPortOperatorType,
|
|
dAclIpAccessRuleDstPort Integer32,
|
|
dAclIpAccessRuleDstPortRange Integer32,
|
|
dAclIpAccessRuleQosPrecedence Integer32,
|
|
dAclIpAccessRuleQosTos Integer32,
|
|
dAclIpAccessRuleQosDscp Integer32,
|
|
dAclIpAccessRuleIcmpType Integer32,
|
|
dAclIpAccessRuleIcmpCode Integer32,
|
|
dAclIpAccessRuleTimeName DisplayString,
|
|
dAclIpAccRuleTcpFlag TcpFlag,
|
|
dAclIpAccRuleFragments TruthValue,
|
|
dAclIpAccRuleUserDefProtocolMask OCTET STRING,
|
|
dAclIpAccRuleSrcPortMask OCTET STRING,
|
|
dAclIpAccRuleDstPortMask OCTET STRING,
|
|
dAclIpAccRuleQosPrecedenceMask OCTET STRING,
|
|
dAclIpAccRuleQosTosMask OCTET STRING,
|
|
dAclIpAccRuleQosDscpMask OCTET STRING
|
|
}
|
|
|
|
dAclIpAccessRuleSn OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the sequence number of this rule.
|
|
The lower the number is, the higher the priority of the rule.
|
|
The special value of 0 means the sequence number will be automatically
|
|
determined by the agent."
|
|
::= { dAclIpAccessRuleEntry 1 }
|
|
|
|
dAclIpAccessRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclIpAccessRuleEntry 2 }
|
|
|
|
dAclIpAccessRuleAction OBJECT-TYPE
|
|
SYNTAX DlinkAclRuleType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the result of the packet examination is to
|
|
permit or deny or prevent to CPU."
|
|
::= { dAclIpAccessRuleEntry 3 }
|
|
|
|
dAclIpAccessRuleProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(0),
|
|
userDefine(1),
|
|
tcp(2),
|
|
udp(3),
|
|
icmp(4),
|
|
gre(5),
|
|
esp(6),
|
|
eigrp(7),
|
|
igmp(8),
|
|
ospf(9),
|
|
pim(10),
|
|
vrrp(11),
|
|
ipinip(12),
|
|
pcp(13)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IP protocol."
|
|
::= { dAclIpAccessRuleEntry 4 }
|
|
|
|
dAclIpAccessRuleUserDefProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the user defined protocol ID when the dAclIpAccessRuleProtocol
|
|
is 'userDefine (1)'. The value of -1 means the user defined protocol ID
|
|
is not specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 5 }
|
|
|
|
dAclIpAccessRuleSrcAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a source IP address."
|
|
::= { dAclIpAccessRuleEntry 6 }
|
|
|
|
dAclIpAccessRuleSrcWildcard OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a wildcard bitmap to specify a group of source IP
|
|
addresses. The bit value 1 indicates the corresponding bit will
|
|
be ignored. The bit value 0 indicates the corresponding bit will be
|
|
checked. In other words, when the value of all 'ff'Hs indicates any
|
|
IP source address is specified. When the value of all '00'Hs indicates
|
|
host IP source address is specified."
|
|
::= { dAclIpAccessRuleEntry 7 }
|
|
|
|
dAclIpAccessRuleDstAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a destination IP address."
|
|
::= { dAclIpAccessRuleEntry 8 }
|
|
|
|
dAclIpAccessRuleDstWildcard OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a wildcard bitmap to specify a group of destination IP
|
|
addresses. The bit value 1 indicates the corresponding bit will
|
|
be ignored. The bit value 0 indicates the corresponding bit will be
|
|
checked. In other words, when the value of all 'ff'Hs indicates any
|
|
IP destination address is specified. When the value of all '00'Hs indicates
|
|
host IP destination address is specified."
|
|
::= { dAclIpAccessRuleEntry 9 }
|
|
|
|
dAclIpAccessRuleSrcOperator OBJECT-TYPE
|
|
SYNTAX DlinkAclPortOperatorType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates how a packet's source TCP/UDP port number is
|
|
compared.
|
|
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
|
|
the dAclIpAccessRuleSrcPort as an operand which is the only one needed.
|
|
|
|
When the value of this object is range(6) needs 2 operands. One is
|
|
dAclIpAccessRuleSrcPort, which is the starting port number of the
|
|
range, and the other operand is dAclIpAccessRuleSrcPortRange,
|
|
which is the ending port number of the range.
|
|
|
|
When the value of this object is mask(7) needs 2 operands. One is
|
|
dAclIpAccessRuleSrcPort, the other operand is dAclIpAccRuleSrcPortMask.
|
|
|
|
This object is used for TCP/UDP protocol only, hence when the object
|
|
'dAclIpAccessRuleProtocol' is set to other than TCP/UDP, the object has
|
|
to be 'none(1)'."
|
|
::= { dAclIpAccessRuleEntry 10 }
|
|
|
|
dAclIpAccessRuleSrcPort OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the source port number of TCP/UDP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
If the dAclIpAccessRuleSrcOperator object in the same row is
|
|
range(6), this object will be the starting port number of the port
|
|
range.
|
|
This object only can be configured dAclIpAccessRuleSrcOperator in
|
|
the same row is not 'none(1)'."
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 11 }
|
|
|
|
dAclIpAccessRuleSrcPortRange OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port number of the TCP/UDP protocol. If the
|
|
dAclIpAccessRuleSrcOperator object in the same row is range(6), this
|
|
object will be the ending port number of the port range.
|
|
The value of -1 means the ending port number is not specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 12 }
|
|
|
|
dAclIpAccessRuleDstOperator OBJECT-TYPE
|
|
SYNTAX DlinkAclPortOperatorType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates how a packet's TCP/UDP destination port number is
|
|
compared.
|
|
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
|
|
the dAclIpAccessRuleSrcPort as an operand which is the only one needed.
|
|
|
|
When the value of this object is range(6) needs 2 operands. One is
|
|
dAclIpAccessRuleSrcPort, which is the starting port number of the
|
|
range, and the other operand is dAclIpAccessRuleDstPortRange,
|
|
which is the ending port number of the range.
|
|
|
|
When the value of this object is mask(7) needs 2 operands. One is
|
|
dAclIpAccessRuleDstPort, the other operand is dAclIpAccRuleDstPortMask.
|
|
|
|
This object is used for TCP/UDP protocol only, hence when the object
|
|
'dAclIpAccessRuleProtocol' is set to other than TCP/UDP, the object has
|
|
to be 'none(1)'."
|
|
::= { dAclIpAccessRuleEntry 13 }
|
|
|
|
dAclIpAccessRuleDstPort OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the destination port number of TCP/UDP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
If the dAclIpAccessRuleDstOperator object in the same row is
|
|
range(6), this object will be the starting port number of the port
|
|
range.
|
|
This object only can be configured dAclIpAccessRuleDstOperator in
|
|
the same row is not 'none(1)'."
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 14 }
|
|
|
|
dAclIpAccessRuleDstPortRange OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port number of the TCP/UDP protocol. If the
|
|
dAclIpAccessRuleDstOperator object in the same row is range(6), this
|
|
object will be the ending port number of the port range.
|
|
The value of -1 means the ending port number is not specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 15 }
|
|
|
|
dAclIpAccessRuleQosPrecedence OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of precedence.
|
|
The value of -1 means the value is not specified or not applicable.
|
|
dAclIpAccessRuleQosPrecedence and dAclIpAccessRuleQosDscp cannot
|
|
be specified at same time in a row."
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 16 }
|
|
|
|
dAclIpAccessRuleQosTos OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..15)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of type of service.
|
|
The value of -1 means the value is not specified or not applicable.
|
|
dAclIpAccessRuleQosTos and dAclIpAccessRuleQosDscp cannot
|
|
be specified at same time in a row."
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 17 }
|
|
|
|
dAclIpAccessRuleQosDscp OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of DSCP code.
|
|
The value of -1 means the value is not specified or not applicable.
|
|
Neither dAclIpAccessRuleQosPrecedence nor dAclIpAccessRuleQosTos
|
|
cannot be specified with dAclIpAccessRuleQosDscp at same time
|
|
in a row.
|
|
"
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 18 }
|
|
|
|
dAclIpAccessRuleIcmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of ICMP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
This object is used for ICMP protocol only, hence when the object
|
|
'dAclIpAccessRuleProtocol' is set to other than ICMP, the object has
|
|
to be -1."
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 19 }
|
|
|
|
dAclIpAccessRuleIcmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the code of ICMP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
This object is used for ICMP protocol only, hence when the object
|
|
'dAclIpAccessRuleProtocol' is set to other than ICMP, the object has
|
|
to be -1."
|
|
DEFVAL { -1 }
|
|
::= { dAclIpAccessRuleEntry 20 }
|
|
|
|
dAclIpAccessRuleTimeName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the name of time-period profile associated with the
|
|
access-list delineating its activation period.
|
|
The value 'NULL' means that this rule is not bound with any Time
|
|
mechanism."
|
|
::= { dAclIpAccessRuleEntry 21 }
|
|
|
|
dAclIpAccRuleTcpFlag OBJECT-TYPE
|
|
SYNTAX TcpFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the TCP flag fields.
|
|
This node is available only for TCP protocol.
|
|
The default value for this node is empty set, which means no TCP flag
|
|
values are set.
|
|
"
|
|
::= { dAclIpAccessRuleEntry 22 }
|
|
|
|
dAclIpAccRuleFragments OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Packet fragment filtering status
|
|
is enabled('true') or disabled('false').
|
|
"
|
|
::= { dAclIpAccessRuleEntry 23 }
|
|
|
|
dAclIpAccRuleUserDefProtocolMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for protocol ID defined by dAclIpAccessRuleUserDefProtocol.
|
|
Valid values are from 0x00 to 0xFF.
|
|
Default value is 0xFF.
|
|
This node is valid only for the dAclIpAccessRuleUserDefProtocol specified."
|
|
::= { dAclIpAccessRuleEntry 24 }
|
|
|
|
dAclIpAccRuleSrcPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for L4 source port defined by dAclIpAccessRuleSrcPort.
|
|
Valid values are from 0x0 to 0xFFFF.
|
|
Default value is 0xFFFF.
|
|
This object only can be configured dAclIpAccessRuleSrcOperator in the
|
|
same row is 'mask(7)'.
|
|
This node is valid only for the dAclIpAccessRuleSrcPort specified."
|
|
::= { dAclIpAccessRuleEntry 25 }
|
|
|
|
dAclIpAccRuleDstPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for L4 destination port defined by dAclIpAccessRuleDstPort.
|
|
Valid values are from 0x0 to 0xFFFF.
|
|
Default value is 0xFFFF.
|
|
This object only can be configured dAclIpAccessRuleDstOperator in the
|
|
same row is 'mask(7)'.
|
|
This node is valid only for the dAclIpAccessRuleDstPort specified."
|
|
::= { dAclIpAccessRuleEntry 26 }
|
|
|
|
dAclIpAccRuleQosPrecedenceMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for ip precedence defined by dAclIpAccessRuleQosPrecedence.
|
|
Valid values are from 0x0 to 0x7.
|
|
Default value is 0x7.
|
|
This node is valid only for the dAclIpAccessRuleQosPrecedence specified."
|
|
::= { dAclIpAccessRuleEntry 27 }
|
|
|
|
dAclIpAccRuleQosTosMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for type of service defined by dAclIpAccessRuleQosTos.
|
|
Valid values are from 0x0 to 0xF.
|
|
Default value is 0xF.
|
|
This node is valid only for the dAclIpAccessRuleQosTos specified."
|
|
::= { dAclIpAccessRuleEntry 28 }
|
|
|
|
dAclIpAccRuleQosDscpMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for DSCP code defined by dAclIpAccessRuleQosDscp.
|
|
Valid values are from 0x0 to 0x3F.
|
|
Default value is 0x3F.
|
|
This node is valid only for the dAclIpAccessRuleQosDscp specified."
|
|
::= { dAclIpAccessRuleEntry 29 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclIpAccessGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclIpAccessGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table represents a list of IP access group configuration."
|
|
::= { dAclIp 4 }
|
|
|
|
dAclIpAccessGroupEntry OBJECT-TYPE
|
|
SYNTAX DAclIpAccessGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in dAclIpAccessGroupTable contains interface specific
|
|
IP access list association."
|
|
INDEX { dAclIpAccessGroupIfIndex,dAclIpAccessGroupApplyDirection}
|
|
::= { dAclIpAccessGroupTable 1 }
|
|
|
|
DAclIpAccessGroupEntry ::= SEQUENCE {
|
|
dAclIpAccessGroupIfIndex InterfaceIndex,
|
|
dAclIpAccessGroupApplyDirection INTEGER,
|
|
dAclIpAccessGroupStatus RowStatus,
|
|
dAclIpAccessGroupAclName DisplayString,
|
|
dAclIpAccessGroupAclId Integer32
|
|
}
|
|
|
|
dAclIpAccessGroupIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the ifIndex of the interface.
|
|
Only physical port is valid interface."
|
|
::= { dAclIpAccessGroupEntry 1 }
|
|
|
|
dAclIpAccessGroupApplyDirection OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
inbound(1),
|
|
outbound(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether this access list is to be attached to ingress or egress direction."
|
|
::= { dAclIpAccessGroupEntry 2 }
|
|
dAclIpAccessGroupStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclIpAccessGroupEntry 3 }
|
|
|
|
dAclIpAccessGroupAclName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the IP access list to be applied."
|
|
::= { dAclIpAccessGroupEntry 4 }
|
|
|
|
dAclIpAccessGroupAclId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the IP access list to be applied.
|
|
User maybe specify access list ID(by this object) or name (by
|
|
dAclIpAccessGroupAclName) to be applied. If both access list
|
|
ID and name are specified, the access list name specified by
|
|
dAclIpAccessGroupAclName will be take.
|
|
"
|
|
::= { dAclIpAccessGroupEntry 5 }
|
|
-- -----------------------------------------------------------------------------
|
|
dAclIPv6 OBJECT IDENTIFIER ::= { dAclMIBObjects 4 }
|
|
dAclIPv6AccessListNumber OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the number of entries present in the IPv6 access list
|
|
table."
|
|
::= { dAclIPv6 1 }
|
|
|
|
dAclIPv6AccessListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclIPv6AccessListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains IPv6 access list configuration."
|
|
::= { dAclIPv6 2 }
|
|
|
|
dAclIPv6AccessListEntry OBJECT-TYPE
|
|
SYNTAX DAclIPv6AccessListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry defined in dAclIPv6AccessListTable. An entry is
|
|
created/removed when an IPv6 access list is created/deleted."
|
|
INDEX { dAclIPv6AccessListName }
|
|
::= { dAclIPv6AccessListTable 1 }
|
|
|
|
DAclIPv6AccessListEntry ::= SEQUENCE {
|
|
dAclIPv6AccessListName DisplayString,
|
|
dAclIPv6AccessListRowStatus RowStatus,
|
|
dAclIPv6AccessExtended TruthValue,
|
|
dAclIPv6AccessListId Integer32,
|
|
dAclIPv6AccessListCounterEnabled TruthValue,
|
|
dAclIPv6AccessListClearStatAction INTEGER,
|
|
dAclIPv6AccessListRemark DisplayString
|
|
}
|
|
|
|
dAclIPv6AccessListName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the IPv6 access list."
|
|
::= { dAclIPv6AccessListEntry 1 }
|
|
|
|
dAclIPv6AccessListRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows the dynamic creation and
|
|
deletion of an IPv6 access list."
|
|
::= { dAclIPv6AccessListEntry 2 }
|
|
|
|
dAclIPv6AccessExtended OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the IPv6 access list is extended ('true') or
|
|
standard ('false').
|
|
A standard ip access list means only IPv6 address related i.e.
|
|
source or destination IPv6 address is specified for the filter.
|
|
For an extended IPv6 access list, more fields can be chosen for the
|
|
filter."
|
|
::= { dAclIPv6AccessListEntry 3 }
|
|
|
|
dAclIPv6AccessListId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the IPv6 access list."
|
|
::= { dAclIPv6AccessListEntry 4 }
|
|
|
|
dAclIPv6AccessListCounterEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the counter state of the access list is
|
|
enabled('true') or disabled('false'). And the counter just for
|
|
the all interface that applied the access list in
|
|
dAclIPv6AccessGroupTable."
|
|
::= { dAclIPv6AccessListEntry 5 }
|
|
|
|
dAclIPv6AccessListClearStatAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
clear(1),
|
|
noOp(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to clear statistics of the access list when set
|
|
to 'clear'. No action is taken if this object is set to 'noOp'.
|
|
The 'clear' action just for the all interface that applied the access
|
|
list in dAclIPv6AccessGroupTable.
|
|
When read, the value 'noOp' is returned."
|
|
::= { dAclIPv6AccessListEntry 6 }
|
|
|
|
dAclIPv6AccessListRemark OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of the IPv6 access list."
|
|
::= { dAclIPv6AccessListEntry 7 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclIPv6AccessRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclIPv6AccessRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of IPv6 access rules for IPv6 access lists."
|
|
::= { dAclIPv6 3}
|
|
|
|
dAclIPv6AccessRuleEntry OBJECT-TYPE
|
|
SYNTAX DAclIPv6AccessRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is defined dAclIPv6AccessRuleTable.
|
|
The first instance identifier index value identifies the
|
|
dAclIPv6AccessListEntry that an IPv6 access rule (dAclIPv6AccessRuleEntry)
|
|
belongs to. An entry is removed from this table when its
|
|
corresponding dAclIPv6AccessRuleEntry is deleted."
|
|
INDEX {
|
|
dAclIPv6AccessListName,
|
|
dAclIPv6AccessRuleSn
|
|
}
|
|
::= { dAclIPv6AccessRuleTable 1 }
|
|
|
|
DAclIPv6AccessRuleEntry ::= SEQUENCE {
|
|
dAclIPv6AccessRuleSn Integer32,
|
|
dAclIPv6AccessRuleRowStatus RowStatus,
|
|
dAclIPv6AccessRuleAction DlinkAclRuleType,
|
|
dAclIPv6AccessRuleProtocol INTEGER,
|
|
dAclIPv6AccessRuleUserDefProtocol Integer32,
|
|
dAclIPv6AccessRuleSrcAddr InetAddressIPv6,
|
|
dAclIPv6AccessRuleSrcPrefixLen InetAddressPrefixLength,
|
|
dAclIPv6AccessRuleDstAddr InetAddressIPv6,
|
|
dAclIPv6AccessRuleDstPrefixLen InetAddressPrefixLength,
|
|
dAclIPv6AccessRuleDstOperator DlinkAclPortOperatorType,
|
|
dAclIPv6AccessRuleSrcOperator DlinkAclPortOperatorType,
|
|
dAclIPv6AccessRuleSrcPort Integer32,
|
|
dAclIPv6AccessRuleSrcPortRange Integer32,
|
|
dAclIPv6AccessRuleDstPort Integer32,
|
|
dAclIPv6AccessRuleDstPortRange Integer32,
|
|
dAclIPv6AccessRuleDscp Integer32,
|
|
dAclIPv6AccessRuleIcmpType Integer32,
|
|
dAclIPv6AccessRuleIcmpCode Integer32,
|
|
dAclIPv6AccessRuleTimeName DisplayString,
|
|
dAclIPv6AccRuleTcpFlag TcpFlag,
|
|
dAclIPv6AccRuleFragments TruthValue,
|
|
dAclIPv6AccRuleFlowLabel Integer32,
|
|
dAclIPv6AccRuleTrafficClass Integer32,
|
|
dAclIPv6AccRuleUserDefProtocolMask OCTET STRING,
|
|
dAclIPv6AccRuleSrcPortMask OCTET STRING,
|
|
dAclIPv6AccRuleDstPortMask OCTET STRING,
|
|
dAclIPv6AccRuleDscpMask OCTET STRING,
|
|
dAclIPv6AccRuleFlowLabelMask OCTET STRING,
|
|
dAclIPv6AccRuleTrafficClassMask OCTET STRING
|
|
}
|
|
|
|
dAclIPv6AccessRuleSn OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the sequence number of this rule.
|
|
The lower the number is, the higher the priority of the rule.
|
|
The special value of 0 means the sequence number will be automatically
|
|
determined by the agent."
|
|
::= { dAclIPv6AccessRuleEntry 1 }
|
|
|
|
dAclIPv6AccessRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclIPv6AccessRuleEntry 2 }
|
|
|
|
dAclIPv6AccessRuleAction OBJECT-TYPE
|
|
SYNTAX DlinkAclRuleType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the result of the packet examination is to
|
|
permit or deny or prevent to CPU."
|
|
::= { dAclIPv6AccessRuleEntry 3 }
|
|
|
|
dAclIPv6AccessRuleProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(0),
|
|
userDefine(1),
|
|
tcp(2),
|
|
udp(3),
|
|
icmp(4),
|
|
esp(5),
|
|
pcp(6),
|
|
sctp(7)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IP protocol."
|
|
::= { dAclIPv6AccessRuleEntry 4 }
|
|
|
|
dAclIPv6AccessRuleUserDefProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the user defined protocol ID when the
|
|
dAclIPv6AccessRuleProtocol is 'userDefine (1)'.
|
|
The value of -1 means the user defined protocol ID is not
|
|
specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclIPv6AccessRuleEntry 5 }
|
|
|
|
dAclIPv6AccessRuleSrcAddr OBJECT-TYPE
|
|
SYNTAX InetAddressIPv6
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a source IPv6 address."
|
|
::= { dAclIPv6AccessRuleEntry 6 }
|
|
|
|
dAclIPv6AccessRuleSrcPrefixLen OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the length in bits of source IPv6 address will be
|
|
matched. In other words, the value of 0 indicates any source
|
|
IPv6 address is specified. When the value of 128 indicates
|
|
host IPv6 source address is specified."
|
|
::= { dAclIPv6AccessRuleEntry 7 }
|
|
|
|
dAclIPv6AccessRuleDstAddr OBJECT-TYPE
|
|
SYNTAX InetAddressIPv6
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a destination IPv6 address."
|
|
::= { dAclIPv6AccessRuleEntry 8 }
|
|
|
|
dAclIPv6AccessRuleDstPrefixLen OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the length in bits of destination IPv6 address will be
|
|
matched. In other words, the value of 0 indicates any destination
|
|
IPv6 address is specified. When the value of 128 indicates
|
|
host IPv6 destination address is specified."
|
|
::= { dAclIPv6AccessRuleEntry 9 }
|
|
|
|
dAclIPv6AccessRuleSrcOperator OBJECT-TYPE
|
|
SYNTAX DlinkAclPortOperatorType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates how a packet's TCP/UDP source port number is
|
|
compared.
|
|
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
|
|
the dAclIPv6AccessRuleSrcPort as an operand which is the only one needed.
|
|
|
|
When the value of this object is range(6) needs 2 operands. One is
|
|
dAclIPv6AccessRuleSrcPort, which is the starting port number of the
|
|
range, and the other operand is dAclIPv6AccessRuleSrcPortRange,
|
|
which is the ending port number of the range.
|
|
|
|
When the value of this object is mask(7) needs 2 operands. One is
|
|
dAclIPv6AccessRuleSrcPort, the other operand is dAclIPv6AccessRuleSrcPortMask.
|
|
|
|
This object is used for TCP/UDP protocol only, hence when the object
|
|
'dAclIPv6AccessRuleProtocol' is set to other than TCP/UDP, the object has
|
|
to be 'none(1)'."
|
|
::= { dAclIPv6AccessRuleEntry 10 }
|
|
|
|
dAclIPv6AccessRuleSrcPort OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the source port number of TCP/UDP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
If the dAclIPv6AccessRuleSrcOperator object in the same row is
|
|
range(6), this object will be the starting port number of the port
|
|
range.
|
|
This object only can be configured dAclIPv6AccessRuleSrcOperator in
|
|
the same row is not 'none(1)'."
|
|
DEFVAL { -1 }
|
|
::= { dAclIPv6AccessRuleEntry 11 }
|
|
|
|
dAclIPv6AccessRuleSrcPortRange OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port number of the TCP/UDP protocol. If the
|
|
dAclIPv6AccessRuleSrcOperator object in the same row is range(6), this
|
|
object will be the ending port number of the port range.
|
|
The value of -1 means the ending port number is not specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclIPv6AccessRuleEntry 12 }
|
|
|
|
dAclIPv6AccessRuleDstOperator OBJECT-TYPE
|
|
SYNTAX DlinkAclPortOperatorType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates how a packet's TCP/UDP destination port number is
|
|
compared.
|
|
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
|
|
the dAclIPv6AccessRuleDstPort as an operand which is the only one needed.
|
|
|
|
When the value of this object is range(6) needs 2 operands. One is
|
|
dAclIPv6AccessRuleDstPort, which is the starting port number of the
|
|
range, and the other operand is dAclIPv6AccessRuleDstPortRange,
|
|
which is the ending port number of the range.
|
|
|
|
When the value of this object is mask(7) needs 2 operands. One is
|
|
dAclIPv6AccessRuleDstPort, the other operand is dAclIPv6AccessRuleDstPortMask.
|
|
|
|
This object is used for TCP/UDP protocol only, hence when the object
|
|
'dAclIPv6AccessRuleProtocol' is set to other than TCP/UDP, the object has
|
|
to be 'none(1)'."
|
|
::= { dAclIPv6AccessRuleEntry 13 }
|
|
|
|
dAclIPv6AccessRuleDstPort OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the destination port number of TCP/UDP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
If the dAclIPv6AccessRuleDstOperator object in the same row is
|
|
range(6), this object will be the starting port number of the port
|
|
range.
|
|
This object only can be configured dAclIPv6AccessRuleDstOperator in
|
|
the same row is not 'none(1)'."
|
|
DEFVAL { -1 }
|
|
::= { dAclIPv6AccessRuleEntry 14 }
|
|
|
|
dAclIPv6AccessRuleDstPortRange OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port number of the TCP/UDP protocol. If the
|
|
dAclIPv6AccessRuleDstOperator object in the same row is range(6), this
|
|
object will be the ending port number of the port range.
|
|
The value of -1 means the ending port number is not specified."
|
|
::= { dAclIPv6AccessRuleEntry 15 }
|
|
|
|
dAclIPv6AccessRuleDscp OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0 .. 63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the matching DSCP code value in IPv6 header.
|
|
The value of -1 means the DSCP value is not specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclIPv6AccessRuleEntry 16 }
|
|
|
|
dAclIPv6AccessRuleIcmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of ICMP protocol.
|
|
The value of -1 means the ICMP type is not specified.
|
|
This object is used for ICMP protocol only, hence when the object
|
|
'dAclIPv6AccessRuleProtocol' is set to other than ICMP, the object has
|
|
to be -1."
|
|
DEFVAL { -1 }
|
|
::= { dAclIPv6AccessRuleEntry 17 }
|
|
|
|
dAclIPv6AccessRuleIcmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the code of ICMP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
This object is used for ICMP protocol only, hence when the object
|
|
'dAclIPv6AccessRuleProtocol' is set to other than ICMP, the object has
|
|
to be -1."
|
|
DEFVAL { -1 }
|
|
::= { dAclIPv6AccessRuleEntry 18 }
|
|
|
|
dAclIPv6AccessRuleTimeName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the name of time-period profile associated with the
|
|
access-list delineating its activation period.
|
|
The value 'NULL' means that this rule is not bound with any Time
|
|
mechanism."
|
|
::= { dAclIPv6AccessRuleEntry 19 }
|
|
|
|
dAclIPv6AccRuleTcpFlag OBJECT-TYPE
|
|
SYNTAX TcpFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the TCP flag fields. And this node is available only for TCP protocol.
|
|
The default value for this node is empty set, which means no TCP flag values are set.
|
|
"
|
|
::= { dAclIPv6AccessRuleEntry 20 }
|
|
|
|
dAclIPv6AccRuleFragments OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Packet fragment filtering status
|
|
is enabled('true') or disabled('false')."
|
|
::= { dAclIPv6AccessRuleEntry 21 }
|
|
|
|
dAclIPv6AccRuleFlowLabel OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..1048575)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Flow label value.
|
|
The value of -1 means the flow-label value is not specified.
|
|
"
|
|
DEFVAL { -1 }
|
|
::= { dAclIPv6AccessRuleEntry 22 }
|
|
|
|
dAclIPv6AccRuleTrafficClass OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0 .. 255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the matching traffic class value in IPv6 header.
|
|
The value of -1 means the traffic class value is not specified.
|
|
This node and dAclIPv6AccessRuleDscp cannot be specified at same time in a row.
|
|
"
|
|
DEFVAL { -1 }
|
|
::= { dAclIPv6AccessRuleEntry 23 }
|
|
|
|
dAclIPv6AccRuleUserDefProtocolMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for protocol ID defined by dAclIPv6AccessRuleUserDefProtocol.
|
|
Valid values are from 0x00 to 0xFF.
|
|
Default value is 0xFF.
|
|
This node is valid only for the dAclIPv6AccessRuleUserDefProtocol specified."
|
|
::= { dAclIPv6AccessRuleEntry 24 }
|
|
|
|
dAclIPv6AccRuleSrcPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for L4 source port defined by dAclIPv6AccessRuleSrcPort.
|
|
Valid values are from 0x0 to 0xFFFF.
|
|
Default value is 0xFFFF.
|
|
This object only can be configured dAclIPv6AccessRuleSrcOperator in the
|
|
same row is 'mask(7)'.
|
|
This node is valid only for the dAclIPv6AccessRuleSrcPort specified."
|
|
::= { dAclIPv6AccessRuleEntry 25 }
|
|
|
|
dAclIPv6AccRuleDstPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for L4 destination port defined by dAclIPv6AccessRuleDstPort.
|
|
Valid values are from 0x0 to 0xFFFF.
|
|
Default value is 0xFFFF.
|
|
This object only can be configured dAclIPv6AccessRuleDstOperator in the
|
|
same row is 'mask(7)'.
|
|
This node is valid only for the dAclIPv6AccessRuleDstPort specified."
|
|
::= { dAclIPv6AccessRuleEntry 26 }
|
|
|
|
dAclIPv6AccRuleDscpMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for DSCP code defined by dAclIPv6AccessRuleDscp.
|
|
Valid values are from 0x0 to 0x3F.
|
|
Default value is 0x3F.
|
|
This node is valid only for the dAclIPv6AccessRuleDscp specified."
|
|
::= { dAclIPv6AccessRuleEntry 27 }
|
|
|
|
dAclIPv6AccRuleFlowLabelMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(3))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for Flow label value defined by dAclIPv6AccRuleFlowLabel.
|
|
Valid values are from 0x0 to 0xFFFFF.
|
|
Default value is 0xFFFFF.
|
|
This node is valid only for the dAclIPv6AccRuleFlowLabel specified."
|
|
::= { dAclIPv6AccessRuleEntry 28 }
|
|
|
|
dAclIPv6AccRuleTrafficClassMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for traffic class defined by dAclIPv6AccRuleTrafficClass.
|
|
Valid values are from 0x0 to 0xFF.
|
|
Default value is 0xFF.
|
|
This node is valid only for the dAclIPv6AccRuleTrafficClass specified."
|
|
::= { dAclIPv6AccessRuleEntry 29 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclIPv6AccessGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclIPv6AccessGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table represents a list of IPv6 access group configuration."
|
|
::= { dAclIPv6 4 }
|
|
|
|
dAclIPv6AccessGroupEntry OBJECT-TYPE
|
|
SYNTAX DAclIPv6AccessGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in dAclIPv6AccessGroupTable contains interface specific
|
|
IPv6 access list association."
|
|
INDEX { dAclIPv6AccessGroupIfIndex, dAclIpv6AccessGroupApplyDirection }
|
|
::= { dAclIPv6AccessGroupTable 1 }
|
|
|
|
DAclIPv6AccessGroupEntry ::= SEQUENCE {
|
|
dAclIPv6AccessGroupIfIndex InterfaceIndex,
|
|
dAclIpv6AccessGroupApplyDirection INTEGER,
|
|
dAclIPv6AccessGroupStatus RowStatus,
|
|
dAclIPv6AccessGroupAclName DisplayString,
|
|
dAclIPv6AccessGroupAclId Integer32
|
|
}
|
|
|
|
dAclIPv6AccessGroupIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the ifIndex of the interface.
|
|
Only physical port is valid interface."
|
|
::= { dAclIPv6AccessGroupEntry 1 }
|
|
|
|
dAclIpv6AccessGroupApplyDirection OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
inbound(1),
|
|
outbound(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether this ACL access list is to be attached to ingress or egress direction."
|
|
::= { dAclIPv6AccessGroupEntry 2 }
|
|
dAclIPv6AccessGroupStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclIPv6AccessGroupEntry 3 }
|
|
|
|
dAclIPv6AccessGroupAclName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the IPv6 access list to be applied."
|
|
::= { dAclIPv6AccessGroupEntry 4 }
|
|
|
|
dAclIPv6AccessGroupAclId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the IPv6 access list to be applied.
|
|
User maybe specify access list ID(by this object) or name (by
|
|
dAclIPv6AccessGroupAclName) to be applied. If both access list
|
|
ID and name are specified, the access list name specified by
|
|
dAclIPv6AccessGroupAclName will be take.
|
|
"
|
|
::= { dAclIPv6AccessGroupEntry 5 }
|
|
-- -----------------------------------------------------------------------------
|
|
dAclExpert OBJECT IDENTIFIER ::= { dAclMIBObjects 5 }
|
|
dAclExpertAccessListNumber OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the number of entries present in the extended expert
|
|
access list table."
|
|
::= { dAclExpert 1 }
|
|
|
|
dAclExpertAccessListTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclExpertAccessListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains information about extended expert access list."
|
|
::= { dAclExpert 2 }
|
|
|
|
dAclExpertAccessListEntry OBJECT-TYPE
|
|
SYNTAX DAclExpertAccessListEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry defined in dAclExpertAccessListTable. An entry is
|
|
created/removed when an extended expert access list is
|
|
created/deleted."
|
|
INDEX { dAclExpertAccessListName }
|
|
::= { dAclExpertAccessListTable 1 }
|
|
|
|
DAclExpertAccessListEntry ::= SEQUENCE {
|
|
dAclExpertAccessListName DisplayString,
|
|
dAclExpertAccessListRowStatus RowStatus,
|
|
dAclExpertAccessListId Integer32,
|
|
dAclExpertAccessListCounterEnabled TruthValue,
|
|
dAclExpertAccessListClearStatAction INTEGER,
|
|
dAclExpertAccessListRemark DisplayString
|
|
}
|
|
|
|
dAclExpertAccessListName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the extended expert access list."
|
|
::= { dAclExpertAccessListEntry 1 }
|
|
|
|
dAclExpertAccessListRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object allows the dynamic creation and
|
|
deletion of an extended expert access list."
|
|
::= { dAclExpertAccessListEntry 2 }
|
|
|
|
dAclExpertAccessListId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of the extended expert access list."
|
|
::= { dAclExpertAccessListEntry 3 }
|
|
|
|
dAclExpertAccessListCounterEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the counter state of the access list is
|
|
enabled('true') or disabled('false'). And the counter just for
|
|
the all interface that applied the access list in
|
|
dAclExpertAccessGroupTable."
|
|
::= { dAclExpertAccessListEntry 4 }
|
|
|
|
dAclExpertAccessListClearStatAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
clear(1),
|
|
noOp(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to clear statistics of the access list when set
|
|
to 'clear'. No action is taken if this object is set to 'noOp'.
|
|
The 'clear' action just for the all interface that applied the access
|
|
list in dAclExpertAccessGroupTable.
|
|
When read, the value 'noOp' is returned."
|
|
::= { dAclExpertAccessListEntry 5 }
|
|
|
|
dAclExpertAccessListRemark OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The description of the Expert access list."
|
|
::= { dAclExpertAccessListEntry 6 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclExpertAccessRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclExpertAccessRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table consists of a list of rules for the extended expert access list."
|
|
::= { dAclExpert 3 }
|
|
|
|
dAclExpertAccessRuleEntry OBJECT-TYPE
|
|
SYNTAX DAclExpertAccessRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is defined ddAclExpertAccessRuleTable.
|
|
The first instance identifier index value identifies the
|
|
dAclExpertAccessListEntry that a extended expert access rule
|
|
(dAclExpertAccessRuleEntry) belongs to.
|
|
An entry is removed from this table when its
|
|
corresponding dAclExpertAccessListEntry is deleted."
|
|
INDEX {
|
|
dAclExpertAccessListName,
|
|
dAclExpertAccRuleSn
|
|
}
|
|
::= { dAclExpertAccessRuleTable 1 }
|
|
|
|
DAclExpertAccessRuleEntry ::= SEQUENCE {
|
|
dAclExpertAccRuleSn Integer32,
|
|
dAclExpertAccRuleRowStatus RowStatus,
|
|
dAclExpertAccRuleAction DlinkAclRuleType,
|
|
dAclExpertAccRuleProtocol INTEGER,
|
|
dAclExpertAccRuleUserDefProtocol Integer32,
|
|
dAclExpertAccRuleSrcIpAddr IpAddress,
|
|
dAclExpertAccRuleSrcIpWildcard IpAddress,
|
|
dAclExpertAccRuleSrcMacAddr MacAddress,
|
|
dAclExpertAccRuleSrcMacWildcard MacAddress,
|
|
dAclExpertAccRuleSrcOperator DlinkAclPortOperatorType,
|
|
dAclExpertAccRuleSrcPort Integer32,
|
|
dAclExpertAccRuleSrcPortRange Integer32,
|
|
dAclExpertAccRuleDstIpAddr IpAddress,
|
|
dAclExpertAccRuleDstIpWildcard IpAddress,
|
|
dAclExpertAccRuleDstMacAddr MacAddress,
|
|
dAclExpertAccRuleDstMacWildcard MacAddress,
|
|
dAclExpertAccRuleDstOperator DlinkAclPortOperatorType,
|
|
dAclExpertAccRuleDstPort Integer32,
|
|
dAclExpertAccRuleDstPortRange Integer32,
|
|
dAclExpertAccRuleVlanID VlanIdOrNone,
|
|
dAclExpertAccRuleInnerVlanID VlanIdOrNone,
|
|
dAclExpertAccRuleQosPrecedence Integer32,
|
|
dAclExpertAccRuleQosTos Integer32,
|
|
dAclExpertAccRuleQosDscp Integer32,
|
|
dAclExpertAccRuleIcmpType Integer32,
|
|
dAclExpertAccRuleIcmpCode Integer32,
|
|
dAclExpertAccRuleTimeName DisplayString,
|
|
dAclExpertAccRuleTcpFlag TcpFlag,
|
|
dAclExpertAccRuleFragments TruthValue,
|
|
dAclExpertAccRuleOuterCos Integer32,
|
|
dAclExpertAccRuleInnerCos Integer32,
|
|
dAclExpertAccRuleUserDefProtocolMask OCTET STRING,
|
|
dAclExpertAccRuleSrcPortMask OCTET STRING,
|
|
dAclExpertAccRuleDstPortMask OCTET STRING,
|
|
dAclExpertAccRuleVlanIDMask OCTET STRING,
|
|
dAclExpertAccRuleInnerVlanIDMask OCTET STRING,
|
|
dAclExpertAccRuleQosPrecedenceMask OCTET STRING,
|
|
dAclExpertAccRuleQosTosMask OCTET STRING,
|
|
dAclExpertAccRuleQosDscpMask OCTET STRING,
|
|
dAclExpertAccRuleOuterCosMask OCTET STRING,
|
|
dAclExpertAccRuleInnerCosMask OCTET STRING,
|
|
dAclExpertAccRuleVlanRangeMin VlanIdOrNone,
|
|
dAclExpertAccRuleVlanRangeMax VlanIdOrNone
|
|
}
|
|
|
|
dAclExpertAccRuleSn OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the sequence number of this rule.
|
|
The lower the number is, the higher the priority of the rule.
|
|
The special value of 0 means the sequence number will be automatically
|
|
determined by the agent."
|
|
::= { dAclExpertAccessRuleEntry 1 }
|
|
|
|
dAclExpertAccRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclExpertAccessRuleEntry 2 }
|
|
|
|
dAclExpertAccRuleAction OBJECT-TYPE
|
|
SYNTAX DlinkAclRuleType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the result of the packet examination is to
|
|
permit or deny or prevent to CPU."
|
|
::= { dAclExpertAccessRuleEntry 3 }
|
|
|
|
dAclExpertAccRuleProtocol OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(0),
|
|
userDefine(1),
|
|
tcp(2),
|
|
udp(3),
|
|
icmp(4),
|
|
gre(5),
|
|
esp(6),
|
|
eigrp(7),
|
|
igmp(8),
|
|
ospf(9),
|
|
pim(10),
|
|
vrrp(11),
|
|
ipinip(12),
|
|
pcp(13)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the IP protocol."
|
|
::= { dAclExpertAccessRuleEntry 4 }
|
|
|
|
dAclExpertAccRuleUserDefProtocol OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the user defined protocol ID when the
|
|
dAclExpertAccRuleProtocol is 'userDefine (1)'.
|
|
The value of -1 means the user defined protocol ID is not
|
|
specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 5 }
|
|
|
|
dAclExpertAccRuleSrcIpAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a source IP address."
|
|
::= { dAclExpertAccessRuleEntry 6 }
|
|
|
|
dAclExpertAccRuleSrcIpWildcard OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a wildcard bitmap to specify a group of source IP
|
|
addresses. The bit value 1 indicates the corresponding bit will
|
|
be ignored. The bit value 0 indicates the corresponding bit will be
|
|
checked. In other words, when the value of all 'ff'Hs indicates any
|
|
IP source address is specified. When the value of all '00'Hs indicates
|
|
host IP source address is specified."
|
|
::= { dAclExpertAccessRuleEntry 7 }
|
|
|
|
dAclExpertAccRuleSrcMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a source MAC address."
|
|
::= { dAclExpertAccessRuleEntry 8 }
|
|
|
|
dAclExpertAccRuleSrcMacWildcard OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a wildcard bitmap to specify a group of source
|
|
MAC addresses. The bit value 1 indicates the corresponding bit will
|
|
be ignored. The bit value 0 indicates the corresponding bit will be
|
|
checked. In other words, when the value of all 'ff'Hs indicates any
|
|
source MAC address is specified. When the value of all '00'Hs indicates
|
|
host source MAC address is specified."
|
|
::= { dAclExpertAccessRuleEntry 9 }
|
|
|
|
dAclExpertAccRuleSrcOperator OBJECT-TYPE
|
|
SYNTAX DlinkAclPortOperatorType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates how a packet's source TCP/UDP port number is
|
|
compared.
|
|
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
|
|
the dAclExpertAccsRuleSrcPort as an operand which is the only one needed.
|
|
|
|
When the value of this object is range(6) needs 2 operands. One is
|
|
dAclExpertAccsRuleSrcPort, which is the starting port number of the
|
|
range, and the other operand is dAclExpertAccsRuleSrcPortRange,
|
|
which is the ending port number of the range.
|
|
|
|
When the value of this object is mask(7) needs 2 operands. One is
|
|
dAclExpertAccsRuleSrcPort, the other operand is dAclExpertAccsRuleSrcPortMask.
|
|
|
|
This object is used for TCP/UDP protocol only, hence when the object
|
|
'dAclExpertAccRuleProtocol' is set to other than TCP/UDP, the object has
|
|
to be 'none(1)'."
|
|
::= { dAclExpertAccessRuleEntry 10 }
|
|
|
|
dAclExpertAccRuleSrcPort OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the source port number of TCP/UDP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
If the dAclExpertAccsRuleSrcOperator object in the same row is
|
|
range(6), this object will be the starting port number of the port
|
|
range.
|
|
This object only can be configured dAclExpertAccsRuleSrcOperator in
|
|
the same row is not 'none(1)'."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 11 }
|
|
|
|
dAclExpertAccRuleSrcPortRange OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The source port number of the TCP/UDP protocol. If the
|
|
dAclExpertAccsRuleSrcOperator object in the same row is range(6), this
|
|
object will be the ending port number of the port range.
|
|
The value of -1 means the ending port number is not specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 12 }
|
|
|
|
dAclExpertAccRuleDstIpAddr OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a destination IP address."
|
|
::= { dAclExpertAccessRuleEntry 13 }
|
|
|
|
dAclExpertAccRuleDstIpWildcard OBJECT-TYPE
|
|
SYNTAX IpAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a wildcard bitmap to specify a group of destination IP
|
|
addresses. The bit value 1 indicates the corresponding bit will
|
|
be ignored. The bit value 0 indicates the corresponding bit will be
|
|
checked. In other words, when the value of all 'ff'Hs indicates any
|
|
IP destination address is specified. When the value of all '00'Hs indicates
|
|
host IP destination address is specified."
|
|
::= { dAclExpertAccessRuleEntry 14 }
|
|
|
|
dAclExpertAccRuleDstMacAddr OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies a destination MAC address."
|
|
::= { dAclExpertAccessRuleEntry 15 }
|
|
|
|
dAclExpertAccRuleDstMacWildcard OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is a wildcard bitmap to specify a group of destination
|
|
MAC addresses. The bit value 1 indicates the corresponding bit will
|
|
be ignored. The bit value 0 indicates the corresponding bit will be
|
|
checked. In other words, when the value of all 'ff'Hs indicates any
|
|
destination MAC address is specified. When the value of all '00'Hs
|
|
indicates host destination MAC address is specified."
|
|
::= { dAclExpertAccessRuleEntry 16 }
|
|
|
|
dAclExpertAccRuleDstOperator OBJECT-TYPE
|
|
SYNTAX DlinkAclPortOperatorType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates how a packet's TCP/UDP destination port number is
|
|
compared.
|
|
When the value of this object is eq(2),gt(3),lt(4) or neq(5) uses
|
|
the dAclExpertAccsRuleDstPort as an operand which is the only one needed.
|
|
|
|
When the value of this object is range(6) needs 2 operands. One is
|
|
dAclExpertAccsRuleDstPort, which is the starting port number of the
|
|
range, and the other operand is dAclExpertAccsRuleDstPortRange,
|
|
which is the ending port number of the range.
|
|
|
|
When the value of this object is mask(7) needs 2 operands. One is
|
|
dAclExpertAccsRuleDstPort, the other operand is dAclExpertAccsRuleDstPortMask.
|
|
|
|
This object is used for TCP/UDP protocol only, hence when the object
|
|
'dAclExpertAccRuleProtocol' is set to other than TCP/UDP, the object has
|
|
to be 'none(1)'."
|
|
::= { dAclExpertAccessRuleEntry 17 }
|
|
|
|
dAclExpertAccRuleDstPort OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the destination port number of TCP/UDP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
If the dAclExpertAccsRuleDstOperator object in the same row is
|
|
range(6), this object will be the starting port number of the port
|
|
range.
|
|
This object only can be configured dAclExpertAccsRuleDstOperator in
|
|
the same row is not 'none(1)'."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 18 }
|
|
|
|
dAclExpertAccRuleDstPortRange OBJECT-TYPE
|
|
SYNTAX Integer32 (-1..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The destination port number of the TCP/UDP protocol. If the
|
|
dAclExpertAccsRuleDstOperator object in the same row is range(6), this
|
|
object will be the ending port number of the port range.
|
|
The value of -1 means the ending port number is not specified."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 19 }
|
|
|
|
dAclExpertAccRuleVlanID OBJECT-TYPE
|
|
SYNTAX VlanIdOrNone
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the VLAN ID.
|
|
A value of zero indicates the VLAN ID is not specified."
|
|
DEFVAL { 0 }
|
|
::= { dAclExpertAccessRuleEntry 20 }
|
|
|
|
dAclExpertAccRuleInnerVlanID OBJECT-TYPE
|
|
SYNTAX VlanIdOrNone
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the inner VLAN ID. A value of zero indicates
|
|
the inner VLAN ID is not specified."
|
|
DEFVAL { 0 }
|
|
::= { dAclExpertAccessRuleEntry 21 }
|
|
|
|
dAclExpertAccRuleQosPrecedence OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of precedence.
|
|
The value of -1 means the value is not specified or not applicable.
|
|
dAclExpertAccRuleQosPrecedence and dAclExpertAccRuleQosDscp cannot
|
|
be specified at same time in a row."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 22 }
|
|
|
|
dAclExpertAccRuleQosTos OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..15)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of type of service.
|
|
The value of -1 means the value is not specified or not applicable.
|
|
dAclExpertAccRuleQosTos and dAclExpertAccRuleQosDscp cannot
|
|
be specified at same time in a row."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 23 }
|
|
|
|
dAclExpertAccRuleQosDscp OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..63)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of DSCP code.
|
|
The value of -1 means the value is not specified or not applicable.
|
|
Neither dAclExpertAccRuleQosPrecedence nor dAclExpertAccRuleQosTos
|
|
can be specified with dAclExpertAccRuleQosDscp at same time in a
|
|
row."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 24 }
|
|
|
|
dAclExpertAccRuleIcmpType OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of ICMP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
This object is used for ICMP protocol only, hence when the object
|
|
'dAclExpertAccRuleProtocol' is set to other than ICMP, the object has
|
|
to be -1."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 25 }
|
|
|
|
dAclExpertAccRuleIcmpCode OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..255)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the code of ICMP protocol.
|
|
If the value is -1, it means the value is not specified.
|
|
This object is used for ICMP protocol only, hence when the object
|
|
'dAclExpertAccRuleProtocol' is set to other than ICMP, the object has
|
|
to be -1."
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 26 }
|
|
|
|
dAclExpertAccRuleTimeName OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the name of time-period profile associated with the
|
|
access-list delineating its activation period.
|
|
The value 'NULL' means that this rule is not bound with any Time
|
|
mechanism."
|
|
::= { dAclExpertAccessRuleEntry 27 }
|
|
|
|
dAclExpertAccRuleTcpFlag OBJECT-TYPE
|
|
SYNTAX TcpFlag
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the TCP flag fields.
|
|
This node is available only for TCP protocol.
|
|
The default value for this node is empty set, which means no TCP flag
|
|
values are set.
|
|
"
|
|
::= { dAclExpertAccessRuleEntry 28 }
|
|
|
|
dAclExpertAccRuleFragments OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the Packet fragment filtering status
|
|
is enabled('true') or disabled('false')."
|
|
::= { dAclExpertAccessRuleEntry 29 }
|
|
|
|
dAclExpertAccRuleOuterCos OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of inner priority.
|
|
The value of -1 means the value is not specified or not applicable.
|
|
"
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 30 }
|
|
|
|
dAclExpertAccRuleInnerCos OBJECT-TYPE
|
|
SYNTAX Integer32 (-1 | 0..7)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the value of inner priority, the node is availabe just for the
|
|
node dAclExpertAccRuleOuterCos be specified.
|
|
The value of -1 means the value is not specified or not applicable.
|
|
"
|
|
DEFVAL { -1 }
|
|
::= { dAclExpertAccessRuleEntry 31 }
|
|
|
|
dAclExpertAccRuleUserDefProtocolMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for protocol ID defined by dAclExpertAccRuleUserDefProtocol.
|
|
Valid values are from 0x00 to 0xFF.
|
|
Default value is 0xFF.
|
|
This node is valid only for the dAclExpertAccRuleUserDefProtocol specified."
|
|
::= { dAclExpertAccessRuleEntry 32 }
|
|
|
|
dAclExpertAccRuleSrcPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for L4 source port defined by dAclExpertAccRuleSrcPort.
|
|
Valid values are from 0x0 to 0xFFFF.
|
|
Default value is 0xFFFF.
|
|
This object only can be configured dAclExpertAccRuleSrcOperator in the
|
|
same row is 'mask(7)'.
|
|
"
|
|
::= { dAclExpertAccessRuleEntry 33 }
|
|
|
|
dAclExpertAccRuleDstPortMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for L4 destination port defined by dAclExpertAccRuleDstPort.
|
|
Valid values are from 0x0 to 0xFFFF.
|
|
Default value is 0xFFFF.
|
|
This object only can be configured dAclExpertAccRuleDstOperator in the
|
|
same row is 'mask(7)'."
|
|
::= { dAclExpertAccessRuleEntry 34 }
|
|
|
|
dAclExpertAccRuleVlanIDMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for VLAN ID defined by dAclExpertAccRuleVlanID.
|
|
Valid values are from 0x0000 to 0x0FFF.
|
|
This node and dAclExpertAccRuleVlanRangeMin/dAclExpertAccRuleVlanRangeMax
|
|
cannot be specified at same time in a row.
|
|
Default value is 0x0FFF.
|
|
This node is valid only for the dAclExpertAccRuleVlanID specified."
|
|
::= { dAclExpertAccessRuleEntry 35 }
|
|
|
|
dAclExpertAccRuleInnerVlanIDMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(2))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for inner VLAN ID defined by dAclExpertAccRuleInnerVlanID.
|
|
Valid values are from 0x0000 to 0x0FFF.
|
|
Default value is 0x0FFF.
|
|
This node is valid only for the dAclExpertAccRuleInnerVlanID specified."
|
|
::= { dAclExpertAccessRuleEntry 36 }
|
|
|
|
dAclExpertAccRuleQosPrecedenceMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for ip precedence defined by dAclExpertAccRuleQosPrecedence.
|
|
Valid values are from 0x0 to 0x7.
|
|
Default value is 0x7.
|
|
This node is valid only for the dAclExpertAccRuleQosPrecedence specified."
|
|
::= { dAclExpertAccessRuleEntry 37 }
|
|
|
|
dAclExpertAccRuleQosTosMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for type of service defined by dAclExpertAccRuleQosTos.
|
|
Valid values are from 0x0 to 0xF.
|
|
Default value is 0xF.
|
|
This node is valid only for the dAclExpertAccRuleQosTos specified."
|
|
::= { dAclExpertAccessRuleEntry 38 }
|
|
|
|
dAclExpertAccRuleQosDscpMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for DSCP code defined by dAclExpertAccRuleQosDscp.
|
|
Valid values are from 0x0 to 0x3F.
|
|
Default value is 0x3F.
|
|
This node is valid only for the dAclExpertAccRuleQosDscp specified."
|
|
::= { dAclExpertAccessRuleEntry 39 }
|
|
|
|
dAclExpertAccRuleOuterCosMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for priority defined by dAclExpertAccRuleOuterCos.
|
|
Valid values are from 0x00 to 0x07.
|
|
Default value is 0x07.
|
|
This node is valid only for the dAclExpertAccRuleOuterCos specified."
|
|
::= { dAclExpertAccessRuleEntry 40 }
|
|
|
|
dAclExpertAccRuleInnerCosMask OBJECT-TYPE
|
|
SYNTAX OCTET STRING(SIZE(1))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the mask for inner priority defined by dAclExpertAccRuleInnerCos.
|
|
Valid values are from 0x00 to 0x07.
|
|
Default value is 0x07.
|
|
This node is valid only for the dAclExpertAccRuleInnerCos specified."
|
|
::= { dAclExpertAccessRuleEntry 41 }
|
|
|
|
dAclExpertAccRuleVlanRangeMin OBJECT-TYPE
|
|
SYNTAX VlanIdOrNone
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the minimum outer VLAN ID of a VLAN range. A value of zero
|
|
indicates the VLAN range is not specified.
|
|
This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
|
|
be specified at same time in a row.
|
|
This node is valid only for the dAclExpertAccRuleVlanRangeMax specified."
|
|
DEFVAL { 0 }
|
|
::= { dAclExpertAccessRuleEntry 42 }
|
|
|
|
dAclExpertAccRuleVlanRangeMax OBJECT-TYPE
|
|
SYNTAX VlanIdOrNone
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the maximum outer VLAN ID of a VLAN range. A value of zero
|
|
indicates the VLAN range is not specified.
|
|
This node and dAclMacAccessRuleVlanID/dAclMacAccessRuleVlanIDMask cannot
|
|
be specified at same time in a row.
|
|
This node is valid only for the dAclExpertAccRuleVlanRangeMin specified."
|
|
DEFVAL { 0 }
|
|
::= { dAclExpertAccessRuleEntry 43 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclExpertAccessGroupTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclExpertAccessGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table represents a list of extended expert access group
|
|
configuration."
|
|
::= { dAclExpert 4 }
|
|
|
|
dAclExpertAccessGroupEntry OBJECT-TYPE
|
|
SYNTAX DAclExpertAccessGroupEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in dAclExpertAccessGroupTable contains interface specific
|
|
extended expert access list association."
|
|
INDEX { dAclExpertAccessGroupIfIndex , dAclExpertAccessGroupApplyDirection }
|
|
::= { dAclExpertAccessGroupTable 1 }
|
|
|
|
DAclExpertAccessGroupEntry ::= SEQUENCE {
|
|
dAclExpertAccessGroupIfIndex InterfaceIndex,
|
|
dAclExpertAccessGroupApplyDirection INTEGER,
|
|
dAclExpertAccessGroupRowStatus RowStatus,
|
|
dAclExpertAccessGroupAclName DisplayString,
|
|
dAclExpertAccessGroupAclId Integer32
|
|
}
|
|
|
|
dAclExpertAccessGroupIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndex
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the ifIndex of the interface.
|
|
Only physical port is valid interface."
|
|
::= { dAclExpertAccessGroupEntry 1 }
|
|
|
|
dAclExpertAccessGroupApplyDirection OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
inbound(1),
|
|
outbound(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether this ACL access list is to be attached to ingress or egress direction."
|
|
::= { dAclExpertAccessGroupEntry 2 }
|
|
dAclExpertAccessGroupRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclExpertAccessGroupEntry 3 }
|
|
|
|
dAclExpertAccessGroupAclName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the Expert access list to be applied."
|
|
::= { dAclExpertAccessGroupEntry 4 }
|
|
|
|
dAclExpertAccessGroupAclId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of the Expert access list to be applied.
|
|
User maybe specify access list ID(by this object) or name (by
|
|
dAclExpertAccessGroupAclName) to be applied. If both access list
|
|
ID and name are specified, the access list name specified by
|
|
dAclExpertAccessGroupAclName will be take.
|
|
"
|
|
::= { dAclExpertAccessGroupEntry 5 }
|
|
-- -----------------------------------------------------------------------------
|
|
dAclVlan OBJECT IDENTIFIER ::= { dAclMIBObjects 6 }
|
|
|
|
dAclVlanSubMapTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclVlanSubMapEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of sub-map configuration. The first
|
|
instance identifier index value (dAclVlanAccMapName) identifies the
|
|
entry(dAclVlanSubMapEntry) belongs to.
|
|
A VLAN access map can contain multiple sub-maps, the packet that
|
|
matches a sub-map (that is packet permitted by the associated
|
|
access-list) will take the action specified for the same entry.
|
|
No further check against the next sub-maps is done.
|
|
If the packet does not match a sub-map, then the next sub-map will
|
|
be checked. The checking sequence is determined by the value of
|
|
dAclVlanAccSubMapSeq for a same VLAN acess map."
|
|
::= { dAclVlan 1}
|
|
|
|
dAclVlanSubMapEntry OBJECT-TYPE
|
|
SYNTAX DAclVlanSubMapEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is defined dAclVlanSubMapTable.
|
|
"
|
|
INDEX {
|
|
dAclVlanAccMapName,
|
|
dAclVlanAccSubMapSeq
|
|
}
|
|
::= { dAclVlanSubMapTable 1 }
|
|
|
|
DAclVlanSubMapEntry ::= SEQUENCE {
|
|
dAclVlanAccMapName DisplayString,
|
|
dAclVlanAccSubMapSeq Integer32,
|
|
dAclVlanAccSubMapRowStatus RowStatus,
|
|
dAclVlanAccSubMapMatchAclName DisplayString,
|
|
dAclVlanAccessSubMapAction INTEGER,
|
|
dAclVlanAccSubMapRedirectIfIndex InterfaceIndexOrZero,
|
|
dAclVlanAccSubMapMatchAclId Integer32
|
|
}
|
|
|
|
dAclVlanAccMapName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to specify the name of an VLAN
|
|
acess map."
|
|
::= { dAclVlanSubMapEntry 1 }
|
|
|
|
dAclVlanAccSubMapSeq OBJECT-TYPE
|
|
SYNTAX Integer32 ( 0 | 1..65535 )
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the sequence number of a VLAN access rule.
|
|
The value range is 1 to 65535.
|
|
The value of 0 indicates the number is not specified and
|
|
sequence number will be automatically assigned.
|
|
"
|
|
::= { dAclVlanSubMapEntry 2 }
|
|
|
|
dAclVlanAccSubMapRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclVlanSubMapEntry 3 }
|
|
|
|
dAclVlanAccSubMapMatchAclName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the name of MAC/IP/IPv6 ACL
|
|
which will be associated."
|
|
::= { dAclVlanSubMapEntry 4 }
|
|
|
|
dAclVlanAccessSubMapAction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
none(1),
|
|
forward(2),
|
|
drop(3),
|
|
redirect(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the action when the packet that matches
|
|
a sub-map (that is packet permitted by the associated access-list). "
|
|
::= { dAclVlanSubMapEntry 5 }
|
|
|
|
dAclVlanAccSubMapRedirectIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates ifIndex of the interface the packet will be
|
|
redirected.
|
|
When the dAclVlanAccessAction in the same row
|
|
is set to other than 'redirect', the object has to be zero,
|
|
which indicates the redirected interface is not specified or not
|
|
applicable."
|
|
::= { dAclVlanSubMapEntry 6 }
|
|
|
|
dAclVlanAccSubMapMatchAclId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the ID of MAC/IP/IPv6 ACL access list
|
|
which will be associated.
|
|
User may specify access list ID(by this object) or name (by
|
|
dAclVlanAccSubMapMatchAclName) to be applied. If both access list
|
|
ID and name are specified, the access list name specified by
|
|
dAclVlanAccSubMapMatchAclName will be take.
|
|
"
|
|
::= { dAclVlanSubMapEntry 7 }
|
|
-- -----------------------------------------------------------------------------
|
|
dAclVlanFilterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclVlanFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table represents a list of VLAN access map configuration."
|
|
::= { dAclVlan 2 }
|
|
|
|
dAclVlanFilterEntry OBJECT-TYPE
|
|
SYNTAX DAclVlanFilterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in dAclVlanFilterTable contains vlan-specific
|
|
VLAN access map association."
|
|
INDEX { dAclVlanFilterVlanId }
|
|
::= { dAclVlanFilterTable 1 }
|
|
|
|
DAclVlanFilterEntry ::= SEQUENCE {
|
|
dAclVlanFilterVlanId VlanId,
|
|
dAclVlanFilterRowStatus RowStatus,
|
|
dAclVlanFilterVlanAccMapName DisplayString
|
|
|
|
}
|
|
|
|
dAclVlanFilterVlanId OBJECT-TYPE
|
|
SYNTAX VlanId
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the VLAN ID of the entry. "
|
|
::= { dAclVlanFilterEntry 1 }
|
|
|
|
dAclVlanFilterRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The row status variable, used according to installation
|
|
and removal conventions for conceptual rows."
|
|
::= { dAclVlanFilterEntry 2 }
|
|
|
|
dAclVlanFilterVlanAccMapName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of the access list to be applied for the VLAN.
|
|
NULL value indicates the access list is not specified."
|
|
::= { dAclVlanFilterEntry 3 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclVlanAccessMapTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclVlanAccessMapEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The table contains a list of VLAN access map configuration. "
|
|
::= { dAclVlan 3}
|
|
|
|
dAclVlanAccessMapEntry OBJECT-TYPE
|
|
SYNTAX DAclVlanAccessMapEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is defined dAclVlanAccessMapTable.
|
|
"
|
|
INDEX {
|
|
dAclVlanAccMapName
|
|
}
|
|
::= { dAclVlanAccessMapTable 1 }
|
|
|
|
DAclVlanAccessMapEntry ::= SEQUENCE {
|
|
dAclVlanAccessMapCounterEnabled TruthValue,
|
|
dAclVlanAccessMapClearStatAction INTEGER
|
|
}
|
|
|
|
dAclVlanAccessMapCounterEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the counter state of the VLAN access map
|
|
is enabled('true') or disabled('false').
|
|
The counter state setting just for the all VLAN interface that applied
|
|
the access map in dAclVlanFilterTable."
|
|
::= { dAclVlanAccessMapEntry 1 }
|
|
|
|
dAclVlanAccessMapClearStatAction OBJECT-TYPE
|
|
SYNTAX INTEGER{
|
|
clear(1),
|
|
noOp(2)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object is used to clear statistics of the VLAN access map
|
|
when set to 'clear'. No action is taken if this object is set to 'noOp'.
|
|
The 'clear' action just for the all entry that applied the VLAN
|
|
access map in dAclVlanFilterTable.
|
|
When read, the value 'noOp' is returned."
|
|
::= { dAclVlanAccessMapEntry 2 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclCounter OBJECT IDENTIFIER ::= { dAclMIBObjects 7 }
|
|
|
|
dAclAccessGroupCounterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclAccessGroupCounterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maintains counter information associated with
|
|
a specific access list rule in the access rule table.
|
|
Please refer to the dAclMacAccessRuleTable, dAclIpAccessRuleTable,
|
|
dAclIPv6AccessRuleTable and dAclExpertAccessRuleTable for
|
|
detailed ACL rule information.
|
|
"
|
|
::= { dAclCounter 1}
|
|
|
|
dAclAccessGroupCounterEntry OBJECT-TYPE
|
|
SYNTAX DAclAccessGroupCounterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is defined dAclAccessGroupCounterTable.
|
|
"
|
|
INDEX {
|
|
dAclAccessGroupCounterAccListId,
|
|
dAclAccessGroupCounterAccRuleSn
|
|
}
|
|
::= { dAclAccessGroupCounterTable 1 }
|
|
|
|
DAclAccessGroupCounterEntry ::= SEQUENCE {
|
|
dAclAccessGroupCounterAccListId Integer32,
|
|
dAclAccessGroupCounterAccRuleSn Integer32,
|
|
dAclAccessGroupCounterIngressStat Counter64,
|
|
dAclAccessGroupCounterEgressStat Counter64
|
|
}
|
|
|
|
dAclAccessGroupCounterAccListId OBJECT-TYPE
|
|
SYNTAX Integer32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The ID of an access list which access group counter enabled.
|
|
the access list was defined by the tables:
|
|
dAclMacAccessListTable, dAclIpAccessListTable,
|
|
dAclIPv6AccessListTable, dAclExpertAccessListTable."
|
|
::= { dAclAccessGroupCounterEntry 1 }
|
|
|
|
dAclAccessGroupCounterAccRuleSn OBJECT-TYPE
|
|
SYNTAX Integer32(1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the sequence number of this rule entry as related to the
|
|
dAclAccessGroupCounterAccListId."
|
|
::= { dAclAccessGroupCounterEntry 2 }
|
|
|
|
dAclAccessGroupCounterIngressStat OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the total number of matched packets for the access rule
|
|
applied on inbound of all interface in dAclMacAccessGroupTable,
|
|
dAclIpAccessGroupTable, dAclIPv6AccessGroupTable, or
|
|
dAclExpertAccessGroupTable.
|
|
"
|
|
::= { dAclAccessGroupCounterEntry 3 }
|
|
|
|
dAclAccessGroupCounterEgressStat OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the total number of matched packets for the access rule
|
|
applied on outbound of all interface in dAclMacAccessGroupTable,
|
|
dAclIpAccessGroupTable, dAclIPv6AccessGroupTable, or
|
|
dAclExpertAccessGroupTable.
|
|
"
|
|
::= { dAclAccessGroupCounterEntry 4 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dAclVlanFilterCounterTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DAclVlanFilterCounterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maintains counter information associated with
|
|
a specific access sub map in the dAclVlanSubMapTable.
|
|
"
|
|
::= { dAclCounter 2}
|
|
|
|
dAclVlanFilterCounterEntry OBJECT-TYPE
|
|
SYNTAX DAclVlanFilterCounterEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry is defined dAclVlanFilterCounterTable.
|
|
"
|
|
INDEX {
|
|
dAclVlanFilterCounterAccMapName,
|
|
dAclVlanFilterCounterSubMapSeq
|
|
}
|
|
::= { dAclVlanFilterCounterTable 1 }
|
|
|
|
DAclVlanFilterCounterEntry ::= SEQUENCE {
|
|
dAclVlanFilterCounterAccMapName DisplayString,
|
|
dAclVlanFilterCounterSubMapSeq Integer32,
|
|
dAclVlanFilterCounterStatistics Counter64
|
|
}
|
|
|
|
dAclVlanFilterCounterAccMapName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name of a VLAN access map which counter enabled. the VLAN
|
|
access map was defined by the dAclVlanSubMapTable.
|
|
"
|
|
::= { dAclVlanFilterCounterEntry 1 }
|
|
|
|
dAclVlanFilterCounterSubMapSeq OBJECT-TYPE
|
|
SYNTAX Integer32(1..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates the sequence number of a VLAN access sub map. the vlan
|
|
sub map sequence number was defined by the dAclVlanSubMapTable."
|
|
::= { dAclVlanFilterCounterEntry 2 }
|
|
|
|
dAclVlanFilterCounterStatistics OBJECT-TYPE
|
|
SYNTAX Counter64
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the total number of matched packets for the
|
|
sub map that applied on all VLAN interface in dAclVlanFilterTable."
|
|
::= { dAclVlanFilterCounterEntry 3 }
|
|
|
|
-- ***************************************************************************
|
|
-- Conformance
|
|
-- ***************************************************************************
|
|
dAclCompliances OBJECT IDENTIFIER ::= { dAclMIBConformance 1 }
|
|
|
|
dAclCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which implement the
|
|
DLINKSW-ACL-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS {
|
|
dAclGenGroup,
|
|
dAclMacGroup,
|
|
dAclIpGroup
|
|
}
|
|
|
|
GROUP dAclIPv6Group
|
|
DESCRIPTION
|
|
"This group is required only if the IPv6 access list feature
|
|
is implemented by the agent."
|
|
|
|
GROUP dAclExpertGroup
|
|
DESCRIPTION
|
|
"This group is required only if the extended expert access list
|
|
feature is implemented by the agent."
|
|
|
|
GROUP dAclVlanFilterGroup
|
|
DESCRIPTION
|
|
"This group is required only if vlan filter feature is implemented
|
|
by the agent."
|
|
::= { dAclCompliances 1 }
|
|
|
|
dAclGroups OBJECT IDENTIFIER ::= { dAclMIBConformance 2 }
|
|
|
|
dAclGenGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
dAclReSeqStartingNumber, dAclReSeqIncrement
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing general access list configuration."
|
|
::= { dAclGroups 1 }
|
|
|
|
dAclMacGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
dAclMacAccessListNumber, dAclMacAccessListRowStatus,
|
|
dAclMacAccessListId, dAclMacAccessListCounterEnabled,
|
|
dAclMacAccessListClearStatAction,dAclMacAccessListRemark,
|
|
dAclMacAccessRuleRowStatus, dAclMacAccessRuleAction,
|
|
dAclMacAccessRuleSrcMacAddr, dAclMacAccessRuleSrcMacWildcard,
|
|
dAclMacAccessRuleDstMacAddr, dAclMacAccessRuleDstMacWildcard,
|
|
dAclMacAccessRulePacketType, dAclMacAccessRuleEthernetType,
|
|
dAclMacAccessRuleLlcDSAP, dAclMacAccessRuleLlcSSAP,
|
|
dAclMacAccessRuleLlcCntl,
|
|
dAclMacAccessRuleDot1p, dAclMacAccessRuleInnerDot1p,
|
|
dAclMacAccessRuleVlanID, dAclMacAccessRuleInnerVlanID,
|
|
dAclMacAccessRuleTimeName,
|
|
dAclMacAccessGroupRowStatus,
|
|
dAclMacAccessGroupAclName,dAclMacAccessGroupAclId
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing MAC access list configuration."
|
|
::= { dAclGroups 2 }
|
|
|
|
dAclIpGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
dAclIpAccessListNumber, dAclIpAccessListRowStatus,
|
|
dAclIpAccessExtended, dAclIpAccessListId,
|
|
dAclIpAccessListCounterEnabled, dAclIpAccessListClearStatAction,
|
|
dAclIpAccessListRemark,
|
|
dAclIpAccessRuleRowStatus, dAclIpAccessRuleAction,
|
|
dAclIpAccessRuleProtocol, dAclIpAccessRuleUserDefProtocol,
|
|
dAclIpAccessRuleSrcAddr, dAclIpAccessRuleSrcWildcard,
|
|
dAclIpAccessRuleDstAddr, dAclIpAccessRuleDstWildcard,
|
|
dAclIpAccessRuleSrcOperator, dAclIpAccessRuleSrcPort,
|
|
dAclIpAccessRuleSrcPortRange,
|
|
dAclIpAccessRuleDstOperator, dAclIpAccessRuleDstPort,
|
|
dAclIpAccessRuleDstPortRange,
|
|
dAclIpAccessRuleQosPrecedence, dAclIpAccessRuleQosTos,
|
|
dAclIpAccessRuleQosDscp,
|
|
dAclIpAccessRuleIcmpType, dAclIpAccessRuleIcmpCode,
|
|
dAclIpAccessRuleTimeName, dAclIpAccRuleTcpFlag,
|
|
dAclIpAccRuleFragments,
|
|
dAclIpAccessGroupStatus,
|
|
dAclIpAccessGroupAclName, dAclIpAccessGroupAclId
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing IP access list configuration."
|
|
::= { dAclGroups 3 }
|
|
|
|
dAclIPv6Group OBJECT-GROUP
|
|
OBJECTS {
|
|
dAclIPv6AccessListNumber, dAclIPv6AccessListRowStatus,
|
|
dAclIPv6AccessExtended, dAclIPv6AccessListId,
|
|
dAclIPv6AccessListCounterEnabled,
|
|
dAclIPv6AccessListClearStatAction,
|
|
dAclIPv6AccessListRemark,
|
|
dAclIPv6AccessRuleRowStatus, dAclIPv6AccessRuleAction,
|
|
dAclIPv6AccessRuleProtocol, dAclIPv6AccessRuleUserDefProtocol,
|
|
dAclIPv6AccessRuleSrcAddr, dAclIPv6AccessRuleSrcPrefixLen,
|
|
dAclIPv6AccessRuleDstAddr, dAclIPv6AccessRuleDstPrefixLen,
|
|
dAclIPv6AccessRuleSrcOperator, dAclIPv6AccessRuleSrcPort,
|
|
dAclIPv6AccessRuleSrcPortRange,
|
|
dAclIPv6AccessRuleDstOperator, dAclIPv6AccessRuleDstPort,
|
|
dAclIPv6AccessRuleDstPortRange,
|
|
dAclIPv6AccessRuleDscp,
|
|
dAclIPv6AccessRuleIcmpType, dAclIPv6AccessRuleIcmpCode,
|
|
dAclIPv6AccessRuleTimeName,
|
|
dAclIPv6AccessGroupStatus,
|
|
dAclIPv6AccessGroupAclName,dAclIPv6AccessGroupAclId,
|
|
dAclIPv6AccRuleTcpFlag,
|
|
dAclIPv6AccRuleFragments,
|
|
dAclIPv6AccRuleFlowLabel
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing IPv6 access list configuration."
|
|
::= { dAclGroups 4 }
|
|
|
|
dAclExpertGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
dAclExpertAccessListNumber, dAclExpertAccessListRowStatus,
|
|
dAclExpertAccessListId, dAclExpertAccessListCounterEnabled,
|
|
dAclExpertAccessListClearStatAction, dAclExpertAccessListRemark,
|
|
dAclExpertAccRuleRowStatus, dAclExpertAccRuleAction,
|
|
dAclExpertAccRuleProtocol, dAclExpertAccRuleUserDefProtocol,
|
|
dAclExpertAccRuleSrcIpAddr, dAclExpertAccRuleSrcIpWildcard,
|
|
dAclExpertAccRuleSrcMacAddr, dAclExpertAccRuleSrcMacWildcard,
|
|
dAclExpertAccRuleSrcOperator, dAclExpertAccRuleSrcPort,
|
|
dAclExpertAccRuleSrcPortRange,
|
|
dAclExpertAccRuleDstIpAddr, dAclExpertAccRuleDstIpWildcard,
|
|
dAclExpertAccRuleDstMacAddr, dAclExpertAccRuleDstMacWildcard,
|
|
dAclExpertAccRuleDstOperator, dAclExpertAccRuleDstPort,
|
|
dAclExpertAccRuleDstPortRange,
|
|
dAclExpertAccRuleVlanID, dAclExpertAccRuleInnerVlanID,
|
|
dAclExpertAccRuleQosPrecedence, dAclExpertAccRuleQosTos,
|
|
dAclExpertAccRuleQosDscp,
|
|
dAclExpertAccRuleIcmpType, dAclExpertAccRuleIcmpCode,
|
|
dAclExpertAccRuleTimeName,
|
|
dAclExpertAccessGroupRowStatus,
|
|
dAclExpertAccessGroupAclName,dAclExpertAccessGroupAclId,
|
|
dAclExpertAccRuleTcpFlag,
|
|
dAclExpertAccRuleFragments,
|
|
dAclExpertAccRuleOuterCos,
|
|
dAclExpertAccRuleInnerCos
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing extended expert access list configuration."
|
|
::= { dAclGroups 5 }
|
|
|
|
dAclVlanFilterGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
dAclVlanAccSubMapRowStatus, dAclVlanAccSubMapMatchAclName,
|
|
dAclVlanAccessSubMapAction, dAclVlanAccSubMapRedirectIfIndex,
|
|
dAclVlanFilterRowStatus, dAclVlanFilterVlanAccMapName,
|
|
dAclVlanAccSubMapMatchAclId, dAclVlanAccessMapCounterEnabled,
|
|
dAclVlanAccessMapClearStatAction
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing VLAN access map configuration."
|
|
::= { dAclGroups 6 }
|
|
|
|
dAclCounterGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
dAclAccessGroupCounterIngressStat,
|
|
dAclAccessGroupCounterEgressStat,
|
|
dAclVlanFilterCounterStatistics
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects providing ACL counter information."
|
|
::= { dAclGroups 7 }
|
|
END
|
|
|
|
|