637 lines
18 KiB
Plaintext
637 lines
18 KiB
Plaintext
-- MIB File: BROCADE-ACL-MIB.mib
|
|
-- *********************************************************************
|
|
--
|
|
-- BROCADE-ACL-MIB.mib : Extreme MIB for ACLs
|
|
--
|
|
-- Copyright (c) 2018 Extreme Networks, Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- ***************************************************************
|
|
|
|
BROCADE-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
|
|
IMPORTS
|
|
|
|
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32
|
|
|
|
FROM SNMPv2-SMI
|
|
|
|
MODULE-COMPLIANCE, OBJECT-GROUP
|
|
|
|
FROM SNMPv2-CONF
|
|
|
|
TEXTUAL-CONVENTION
|
|
|
|
FROM SNMPv2-TC
|
|
|
|
ifIndex
|
|
|
|
FROM IF-MIB
|
|
|
|
bcsiModules
|
|
|
|
FROM Brocade-REG-MIB;
|
|
|
|
brocadeACLMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201805291200Z" -- May 29, 2018 12:00pm
|
|
|
|
ORGANIZATION "Extreme Networks, Inc."
|
|
|
|
CONTACT-INFO
|
|
|
|
"Postal: Extreme Networks, Inc.
|
|
|
|
6480 Via Del Oro
|
|
|
|
San Jose, CA 95119 USA
|
|
|
|
Phone: +1 408 579-2800
|
|
|
|
E-mail: support@extremenetworks.com
|
|
|
|
WWW: http://www.extremenetworks.com"
|
|
|
|
DESCRIPTION
|
|
|
|
"MIB module for management of ACLs."
|
|
|
|
REVISION "201805291200Z" -- May 29, 2018 12:00pm
|
|
|
|
DESCRIPTION "Updated ORGANIZATION and CONTACT-INFO with Extreme Networks"
|
|
|
|
::= {bcsiModules 16}
|
|
|
|
bcsiACLNotifications OBJECT IDENTIFIER ::= { brocadeACLMIB 0 }
|
|
|
|
bcsiACLObjects OBJECT IDENTIFIER ::= { brocadeACLMIB 1 }
|
|
|
|
bcsiACLConformance OBJECT IDENTIFIER ::= { brocadeACLMIB 2 }
|
|
|
|
BcsiTrafficDirection ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The packet flow direction within an interface for which ACL needs to be applied."
|
|
SYNTAX INTEGER { inbound(1), outbound(2) }
|
|
|
|
BcsiAclNameString ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "255t"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The name for a given access-list."
|
|
SYNTAX OCTET STRING (SIZE (0..255))
|
|
|
|
BcsiAclAction ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The action to be taken on the packet after filtering is done."
|
|
SYNTAX INTEGER { deny(1), permit(2), hardDrop(3) }
|
|
|
|
BcsiVlanIdOrNoneTC ::= TEXTUAL-CONVENTION
|
|
DISPLAY-HINT "d"
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The VLAN-ID that uniquely identifies a specific VLAN,
|
|
or no VLAN. The special value of zero is used to
|
|
indicate that no VLAN-ID is present or used. This can
|
|
be used in any situation where an object or a table entry
|
|
must refer either to a specific VLAN, or to no VLAN.
|
|
|
|
Note that a MIB object that is defined using this
|
|
TEXTUAL-CONVENTION should clarify the meaning of
|
|
'no VLAN' (i.e., the special value 0)."
|
|
SYNTAX Unsigned32 (0 | 1..4090)
|
|
|
|
BcsiPortQosTC ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The port QOS Priority hardware queue. 1 is lowest priority, 8 is the highest."
|
|
SYNTAX INTEGER {
|
|
|
|
level1(1),
|
|
level2(2),
|
|
level3(3),
|
|
level4(4),
|
|
level5(5),
|
|
level6(6),
|
|
level7(7),
|
|
level0(8),
|
|
invalid(127)
|
|
}
|
|
|
|
BcsiAclType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Type of ACL, extended or standard."
|
|
SYNTAX INTEGER {
|
|
standard(1),
|
|
extended(2)
|
|
}
|
|
|
|
BcsiAclMacType ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ways of representing the source mac address.
|
|
The souce mac address will be accepted in the following 3 formats:
|
|
Mac address in HHHH.HHHH.HHHH format, Any source mac address, Host specific mac address."
|
|
SYNTAX INTEGER {
|
|
standard(1),
|
|
any(2),
|
|
host(3)
|
|
}
|
|
|
|
BcsiAclLevel ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACLs can be defined at various levels of the OSI model"
|
|
SYNTAX INTEGER {
|
|
l2(1),
|
|
ipv4(2),
|
|
ipv6(3)
|
|
}
|
|
|
|
BcsiVlanTagFormat ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A VLAN can be untagged, single tagged or double tagged"
|
|
SYNTAX INTEGER {
|
|
singleTagged(1),
|
|
doubleTagged(2),
|
|
untagged(3)
|
|
}
|
|
|
|
BcsiDropPrecedenceForce ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Represents Priority"
|
|
SYNTAX INTEGER {
|
|
zero(0),
|
|
one(1),
|
|
two(2)
|
|
}
|
|
|
|
--
|
|
-- Mapping table for ACL name to ID
|
|
--
|
|
|
|
bcsiAclNameToIdMappingTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF BcsiAclNameToAclIdMappingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table maps the string name of an ACL to its numeric ACL ID for both L2 and L3 ACLs."
|
|
::= { bcsiACLObjects 1 }
|
|
|
|
bcsiAclNameToAclIdMappingEntry OBJECT-TYPE
|
|
SYNTAX BcsiAclNameToAclIdMappingEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the bcsiAclNameToIdMappingTable which lists the ACl-ID for ACL-Names."
|
|
INDEX {bcsiAclNametoAclIdMappingAclName}
|
|
::= { bcsiAclNameToIdMappingTable 1 }
|
|
|
|
BcsiAclNameToAclIdMappingEntry ::= SEQUENCE {
|
|
bcsiAclNametoAclIdMappingAclName
|
|
BcsiAclNameString,
|
|
bcsiAclNametoAclIdMappingAclId
|
|
Unsigned32,
|
|
bcsiAclNametoAclIdMappingAclType
|
|
BcsiAclType,
|
|
bcsiAclNametoAclIdMappingAclLevel
|
|
BcsiAclLevel
|
|
}
|
|
|
|
bcsiAclNametoAclIdMappingAclName OBJECT-TYPE
|
|
SYNTAX BcsiAclNameString
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the ACL."
|
|
::= {bcsiAclNameToAclIdMappingEntry 1}
|
|
|
|
bcsiAclNametoAclIdMappingAclId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Numeric ID of the ACL."
|
|
::= {bcsiAclNameToAclIdMappingEntry 2}
|
|
|
|
bcsiAclNametoAclIdMappingAclType OBJECT-TYPE
|
|
SYNTAX BcsiAclType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"ACL can be of two types, namely standard and extended ACL."
|
|
::= {bcsiAclNameToAclIdMappingEntry 3}
|
|
|
|
bcsiAclNametoAclIdMappingAclLevel OBJECT-TYPE
|
|
SYNTAX BcsiAclLevel
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Protocol Layer at which ACLs are applied. L2 and L3 are the supported levels."
|
|
::= {bcsiAclNameToAclIdMappingEntry 4}
|
|
--
|
|
|
|
-- L2 Named ACL Rule Table
|
|
|
|
--
|
|
|
|
bcsiL2NamedAclRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF BcsiL2NamedAclRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table to display the L2 Named Access Control List Information listed below among others:
|
|
- Source MAC address
|
|
- Source MAC mask
|
|
- Destination MAC address
|
|
- Destination MAC mask
|
|
- VLAN ID
|
|
- Ethernet type"
|
|
::= { bcsiACLObjects 2 }
|
|
|
|
bcsiL2NamedAclRuleEntry OBJECT-TYPE
|
|
SYNTAX BcsiL2NamedAclRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the L2 Access Control List table."
|
|
INDEX { bcsiL2NamedAclId, bcsiL2NamedAclSequenceNumber }
|
|
::= { bcsiL2NamedAclRuleTable 1 }
|
|
|
|
BcsiL2NamedAclRuleEntry ::= SEQUENCE {
|
|
bcsiL2NamedAclId
|
|
Unsigned32,
|
|
bcsiL2NamedAclSequenceNumber
|
|
Unsigned32,
|
|
bcsiL2NamedAclName
|
|
BcsiAclNameString,
|
|
bcsiL2NamedAclAction
|
|
BcsiAclAction,
|
|
bcsiL2NamedAclSourceType
|
|
BcsiAclMacType,
|
|
bcsiL2NamedAclSourceMac
|
|
MacAddress,
|
|
bcsiL2NamedAclSourceMacMask
|
|
MacAddress,
|
|
bcsiL2NamedAclDestinationType
|
|
BcsiAclMacType,
|
|
bcsiL2NamedAclDestinationMac
|
|
MacAddress,
|
|
bcsiL2NamedAclDestinationMacMask
|
|
MacAddress,
|
|
bcsiL2NamedAclCount
|
|
TruthValue,
|
|
bcsiL2NamedAclCopySflow
|
|
TruthValue,
|
|
bcsiL2NamedAclDropPrecedenceForce
|
|
BcsiDropPrecedenceForce,
|
|
bcsiL2NamedAclVlanTagFormat
|
|
BcsiVlanTagFormat,
|
|
bcsiL2NamedAclInnerVlanId
|
|
BcsiVlanIdOrNoneTC,
|
|
bcsiL2NamedAclOuterVlanId
|
|
BcsiVlanIdOrNoneTC,
|
|
bcsiL2NamedAclVlanId
|
|
BcsiVlanIdOrNoneTC,
|
|
bcsiL2NamedAclEthernetType
|
|
Unsigned32,
|
|
bcsiL2NamedAclArpGuard
|
|
TruthValue,
|
|
bcsiL2NamedAclDot1Priority
|
|
BcsiPortQosTC,
|
|
bcsiL2NamedAclDot1PriorityForce
|
|
BcsiPortQosTC,
|
|
bcsiL2NamedAclMirrorPackets
|
|
TruthValue,
|
|
bcsiL2NamedAclLogEnable
|
|
TruthValue
|
|
}
|
|
|
|
bcsiL2NamedAclId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Unique Numeric ID of ACL.
|
|
It is the same as bcsiAclNametoAclIdMappingAclId in bcsiAclNameToIdMappingTable"
|
|
::= { bcsiL2NamedAclRuleEntry 1 }
|
|
|
|
bcsiL2NamedAclSequenceNumber OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Sequence number is the number associated with rules of ACL"
|
|
::= { bcsiL2NamedAclRuleEntry 2 }
|
|
|
|
bcsiL2NamedAclName OBJECT-TYPE
|
|
SYNTAX BcsiAclNameString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Represents the name of each configured L2 named ACL.
|
|
It is the same as bcsiAclNametoAclIdMappingAclName in bcsiAclNameToIdMappingTable"
|
|
::= { bcsiL2NamedAclRuleEntry 3 }
|
|
|
|
bcsiL2NamedAclAction OBJECT-TYPE
|
|
SYNTAX BcsiAclAction
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Action to take if the ingress L2 packet matches this ACL."
|
|
::= { bcsiL2NamedAclRuleEntry 4 }
|
|
|
|
bcsiL2NamedAclSourceType OBJECT-TYPE
|
|
SYNTAX BcsiAclMacType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Source can be represented in three ways:
|
|
1. Mac address in HHHH.HHHH.HHHH format.
|
|
2. Any source mac address
|
|
3. Host specific mac address
|
|
|
|
Interpretation of bcsiL2NamedAclSourceMacMask depends on the value of this object"
|
|
::= { bcsiL2NamedAclRuleEntry 5 }
|
|
|
|
bcsiL2NamedAclSourceMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Optional Source MAC address. It depends on the value of bcsiL2NamedAclSourceType.
|
|
For standard(1) value of bcsiL2NamedAclSourceType, bcsiL2NamedAclSourceMac is user specified value.
|
|
For any(2) value of bcsiL2NamedAclSourceType, bcsiL2NamedAclSourceMac is 0.
|
|
For host(3) value of bcsiL2NamedAclSourceType, bcsiL2NamedAclSourceMac is user specified value.
|
|
"
|
|
::= { bcsiL2NamedAclRuleEntry 6 }
|
|
|
|
bcsiL2NamedAclSourceMacMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Optional Source MAC address mask.
|
|
By default, it matches with any source MAC within a packet.
|
|
To match on the first two bytes of the address
|
|
aabb.ccdd.eeff, use the mask ffff.0000.0000. In this case,
|
|
the clause matches all source MAC addresses that contain
|
|
'aabb' as the first two bytes and any values in the
|
|
remaining bytes of the MAC address.
|
|
|
|
Applicable for Extended ACLs only."
|
|
::= { bcsiL2NamedAclRuleEntry 7 }
|
|
|
|
bcsiL2NamedAclDestinationType OBJECT-TYPE
|
|
SYNTAX BcsiAclMacType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Destination can be represented in three ways.
|
|
1. Mac address in HHHH.HHHH.HHHH format.
|
|
2. Any destination mac address
|
|
3. Host specific mac address
|
|
Interpretation of bcsiL2NamedAclDestinationMacMask depends on the value of this object
|
|
"
|
|
::= { bcsiL2NamedAclRuleEntry 8 }
|
|
|
|
bcsiL2NamedAclDestinationMac OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Optional destination MAC address. By default, it matches with any destination MAC within a packet.
|
|
It depends on the value of bcsiL2NamedAclDestinationType.
|
|
For standard(1) value of bcsiL2NamedAclDestinationType, bcsiL2NamedAclDestinationMac is user specified value.
|
|
For any(2) value of bcsiL2NamedAclDestinationType, bcsiL2NamedAclDestinationMac is 0.
|
|
For host(3) value of bcsiL2NamedAclDestinationType, bcsiL2NamedAclDestinationMac is user specified value.
|
|
|
|
Applicable for Extended ACLs only."
|
|
::= { bcsiL2NamedAclRuleEntry 9 }
|
|
|
|
bcsiL2NamedAclDestinationMacMask OBJECT-TYPE
|
|
SYNTAX MacAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Optional destination MAC address mask.
|
|
By default, it matches with any destination MAC within a packet.
|
|
To match on the first two bytes of the address
|
|
aabb.ccdd.eeff, use the mask ffff.0000.0000. In this case,
|
|
the clause matches all destination MAC addresses that contain
|
|
'aabb' as the first two bytes and any values in the
|
|
remaining bytes of the MAC address.
|
|
|
|
Applicable for Extended ACLs only."
|
|
::= { bcsiL2NamedAclRuleEntry 10 }
|
|
|
|
bcsiL2NamedAclCount OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates if the user has enabled/disabled count for number of
|
|
packets against which the configured action is taken, for a given rule"
|
|
::= { bcsiL2NamedAclRuleEntry 11 }
|
|
|
|
bcsiL2NamedAclCopySflow OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Indicates whether to sample the packet for sflow collection or not"
|
|
::= { bcsiL2NamedAclRuleEntry 12 }
|
|
|
|
bcsiL2NamedAclDropPrecedenceForce OBJECT-TYPE
|
|
SYNTAX BcsiDropPrecedenceForce
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Force ingress drop precedence"
|
|
::= { bcsiL2NamedAclRuleEntry 13 }
|
|
|
|
bcsiL2NamedAclVlanTagFormat OBJECT-TYPE
|
|
SYNTAX BcsiVlanTagFormat
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan tag format can be of 3 types, namely single-tagged, double-tagged and untagged.
|
|
When neither of these 3 types of tag are used, the feild is represented by 0.
|
|
When the value of this field is single-tagged(1),bcsiL2NamedAclVlanId represents the Vlan ID."
|
|
::= { bcsiL2NamedAclRuleEntry 14 }
|
|
|
|
bcsiL2NamedAclInnerVlanId OBJECT-TYPE
|
|
SYNTAX BcsiVlanIdOrNoneTC
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"vlan ID of the tagged inner vlan.
|
|
If bcsiL2NamedAclVlanTagFormat is double-tagged(2),
|
|
then 0 value of this field indicates any."
|
|
::= { bcsiL2NamedAclRuleEntry 15 }
|
|
|
|
bcsiL2NamedAclOuterVlanId OBJECT-TYPE
|
|
SYNTAX BcsiVlanIdOrNoneTC
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Vlan ID of the tagged outer vlan.
|
|
If bcsiL2NamedAclVlanTagFormat is double-tagged(2),
|
|
then 0 value of bcsiL2NamedAclInnerVlanId indicates any."
|
|
::= { bcsiL2NamedAclRuleEntry 16 }
|
|
|
|
bcsiL2NamedAclVlanId OBJECT-TYPE
|
|
SYNTAX BcsiVlanIdOrNoneTC
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Optional VLAN ID to match against that of the incoming packet.
|
|
By default, the VLAN ID field is ignored during the match. In this case,
|
|
value 0 is returned.
|
|
This field is interpreted as Vlan ID when bcsiL2NamedAclVlanTagFormat is either
|
|
0(not tagged) or 1(single-tagged).
|
|
Supported for Extended ACL only."
|
|
DEFVAL { 0 }
|
|
::= { bcsiL2NamedAclRuleEntry 17 }
|
|
|
|
bcsiL2NamedAclEthernetType OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Ethernet Type to match against the 'Ethertype' field
|
|
in the L2 header of the incoming packet.
|
|
By default, etype field is ignored during the match.
|
|
|
|
Applicable for Extended ACLs only."
|
|
DEFVAL { 0 }
|
|
::= { bcsiL2NamedAclRuleEntry 18 }
|
|
|
|
bcsiL2NamedAclArpGuard OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Represents enabling/disabling of arp-gurad for a given ACL"
|
|
::= { bcsiL2NamedAclRuleEntry 19 }
|
|
|
|
bcsiL2NamedAclDot1Priority OBJECT-TYPE
|
|
SYNTAX BcsiPortQosTC
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority option assigns traffic that matches the ACL to a
|
|
hardware forwarding queue. In addition to changing the internal
|
|
forwarding priority, if the outgoing interface is an 802.1q interface,
|
|
this option maps the specified priority to its equivalent 802.1p (QoS)
|
|
priority and marks the packet with the new 802.1p priority.
|
|
This option is applicable for inbound ACLs only.
|
|
NOTE: bcsiL2NamedAclDot1Priority following bcsiL2NamedAclDot1PriorityForce
|
|
cannot be used together in an ACL entry.
|
|
|
|
Applicable for Extended ACLs only."
|
|
DEFVAL { level0 }
|
|
::= { bcsiL2NamedAclRuleEntry 20 }
|
|
|
|
bcsiL2NamedAclDot1PriorityForce OBJECT-TYPE
|
|
SYNTAX BcsiPortQosTC
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The priority-force option assigns packets of outgoing traffic
|
|
that match the ACL to a specific hardware forwarding queue,
|
|
even though the incoming packet may be assigned to another queue.
|
|
This option is applicable for inbound ACLs only.
|
|
NOTE: bcsiL2NamedAclDot1Priority following bcsiL2NamedAclDot1PriorityForce
|
|
cannot be used together in an ACL entry.
|
|
|
|
Applicable for Extended ACL only"
|
|
DEFVAL { level0 }
|
|
::= { bcsiL2NamedAclRuleEntry 21 }
|
|
|
|
bcsiL2NamedAclMirrorPackets OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Mirror packets matching ACL permit clause.
|
|
Applicable for Extended ACLs only"
|
|
DEFVAL { false }
|
|
::= { bcsiL2NamedAclRuleEntry 22 }
|
|
|
|
bcsiL2NamedAclLogEnable OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Optional parameter to enable logging only when deny clause
|
|
is specified. Note that traffic denied by implicit deny mechanism is not
|
|
subject to logging. The implicit deny kicks in when the traffic
|
|
does not match any of the clauses and there is no 'permit any any'
|
|
clause specified at the end."
|
|
DEFVAL { false }
|
|
::= { bcsiL2NamedAclRuleEntry 23 }
|
|
|
|
--
|
|
|
|
-- L2 ACL Binding Table
|
|
|
|
--
|
|
|
|
bcsiAclIfBindTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF BcsiAclIfBindEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Table for binding L2 and L3 ACLs to interfaces.
|
|
- One cannot bind Layer 2 ACLs and Layer 3 ACLs to the same port.
|
|
However, configuration can be made on one port to use Layer 2 ACLs, and
|
|
another port on the same device to use Layer 3 ACLs.
|
|
- In general, Layer 2 ACLs cannot be bound to virtual interfaces, unlike L3 ACLs.
|
|
- One can not modify an existing Layer 2 ACL clause. For that, one must
|
|
unbind the ACL, delete it and make a new clause.
|
|
"
|
|
::= { bcsiACLObjects 3 }
|
|
|
|
bcsiAclIfBindEntry OBJECT-TYPE
|
|
SYNTAX BcsiAclIfBindEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry in the L2 and L3 ACL binding table which lists the ACL bindings to an interface.
|
|
"
|
|
INDEX {ifIndex, bcsiAclIfBindDirection}
|
|
::= { bcsiAclIfBindTable 1 }
|
|
|
|
BcsiAclIfBindEntry ::= SEQUENCE {
|
|
bcsiAclIfBindDirection
|
|
BcsiTrafficDirection,
|
|
bcsiAclIfBindAclName
|
|
BcsiAclNameString
|
|
}
|
|
|
|
bcsiAclIfBindDirection OBJECT-TYPE
|
|
SYNTAX BcsiTrafficDirection
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Direction in which this ACL should be applied on this port."
|
|
::= { bcsiAclIfBindEntry 1 }
|
|
|
|
bcsiAclIfBindAclName OBJECT-TYPE
|
|
SYNTAX BcsiAclNameString
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Represents the Name of each configured L2 or L3 named ACL.
|
|
It is the same as bcsiAclNametoAclIdMappingAclName in bcsiAclNameToIdMappingTable"
|
|
::= { bcsiAclIfBindEntry 2 }
|
|
|
|
END
|
|
|
|
-- ========================================================================================
|