1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
|
-- This file was included in WWP MIB release 04-16-00-0047
--
-- CIENA-CES-ACCESS-LIST-MIB
--
CIENA-CES-ACCESS-LIST-MIB DEFINITIONS ::= BEGIN
IMPORTS
Integer32, Unsigned32, Counter64, OBJECT-TYPE, MODULE-IDENTITY
FROM SNMPv2-SMI
DisplayString, MacAddress, TruthValue, TEXTUAL-CONVENTION
FROM SNMPv2-TC
cienaCesConfig
FROM CIENA-SMI
CienaGlobalState
FROM CIENA-TC
InetAddressType, InetAddress, InetAddressPrefixLength, InetPortNumber
FROM INET-ADDRESS-MIB;
cienaCesAccessListMIB MODULE-IDENTITY
LAST-UPDATED "201504020000Z"
ORGANIZATION "Ciena, Inc"
CONTACT-INFO
"Mib Meister
115 North Sullivan Road
Spokane Valley, WA 99037
USA
Phone: +1 509 242 9000
Email: support@ciena.com"
DESCRIPTION
"This MIB module defines objects that describe Hardware
ACLs (Access Control Lists).
The MIB describes different objects that enable the
network administrator to remotely view ACL profile/rule,
configuration in addition to monitoring ACL rule statistics."
REVISION "201504020000Z"
DESCRIPTION
"The initial version of this MIB module."
::= { cienaCesConfig 35 }
--
-- Node definitions
--
cienaCesAccessListMIBObjects OBJECT IDENTIFIER ::= { cienaCesAccessListMIB 1 }
cienaCesAclConfiguration OBJECT IDENTIFIER ::= { cienaCesAccessListMIBObjects 1 }
cienaCesAclStatistics OBJECT IDENTIFIER ::= { cienaCesAccessListMIBObjects 2 }
cienaCesAccessListMIBConformance OBJECT IDENTIFIER ::= { cienaCesAccessListMIB 2 }
cienaCesAccessListMIBCompliances OBJECT IDENTIFIER ::= { cienaCesAccessListMIBConformance 1 }
cienaCesAccessListMIBGroups OBJECT IDENTIFIER ::= { cienaCesAccessListMIBConformance 2 }
--
-- Textual Conventions
--
AclFilterAction ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "An enumeration value to indicate the filter action applied by an ACL rule."
SYNTAX INTEGER
{
allow(1),
deny(2)
}
AclTrafficDirection ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "An enumeration value to indicate the traffic direction to which
an ACL profile is applied."
SYNTAX INTEGER
{
ingress(1),
egress(2)
}
AclIpFragmentMatchType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "An enumeration value to indicate the type of IP fragment filtering
to be done as part of an ACL rule."
SYNTAX INTEGER
{
any(1),
isfragment(2),
notfragment(3)
}
AclL4PortMatchType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "An enumeration value to indicate the type of match to perform on
an L4 src/dst port filter term."
SYNTAX INTEGER
{
any(1),
single(2),
range(3)
}
AclInterfaceType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "An enumeration value to indicate the type of interface to which
an ACL profile is attached."
SYNTAX INTEGER
{
port(1),
vlan(2),
virtualswitch(3),
ipinterface(4),
remoteinterface(5),
localinterface(6)
}
AclL4DstProtocol ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "An enumeration value to indicate the L4 destination protocol
specified as part of an ACL rule filter term."
SYNTAX INTEGER
{
any(1),
bgp(2),
bootpclient(3),
bootpserver(4),
dhcpclient(5),
dhcpserver(6),
dhcpv6client(7),
dhcpv6server(8),
dns(9),
ftp(10),
http(11),
ldp(12),
ntp(13),
olsr(14),
rip(15),
rpc(16),
snmp(17),
snmptrap(18),
ssh(19),
syslog(20),
tacacs(21),
telnet(22),
tftp(23),
twampctrl(24)
}
--
-- ACL Global Config Objects
--
cienaCesAclGlobalConfig OBJECT IDENTIFIER ::= { cienaCesAclConfiguration 1 }
cienaCesAclAdminStatus OBJECT-TYPE
SYNTAX CienaGlobalState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether the ACL feature is globally enabled or disabled."
::= { cienaCesAclGlobalConfig 1 }
cienaCesAclFilterMode OBJECT-TYPE
SYNTAX INTEGER
{
l2l3combo(1),
l3only(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates which global ACL device mode is currently in use."
::= { cienaCesAclGlobalConfig 2 }
cienaCesAclNumAclProfileDefs OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of configured ACL profile definitions on the device."
::= { cienaCesAclGlobalConfig 3 }
cienaCesAclRemainingAclProfileDefs OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of remaining ACL profile definitions that can be configured on the device."
::= { cienaCesAclGlobalConfig 4 }
cienaCesAclNumAclRuleDefs OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the total number of configured ACL rule definitions on the device."
::= { cienaCesAclGlobalConfig 5 }
cienaCesAclRemainingAclRuleDefs OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of remaining ACL rule definitions that can be configured on the device."
::= { cienaCesAclGlobalConfig 6 }
--
-- ACL Profile Config Table
--
cienaCesAclProfileConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF CienaCesAclProfileConfigTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of ACL profiles configured on the device. Each
entry contains the ACL profile configuration data."
::= { cienaCesAclConfiguration 2 }
cienaCesAclProfileConfigTableEntry OBJECT-TYPE
SYNTAX CienaCesAclProfileConfigTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing the ACL profile configuration data."
INDEX { cienaCesAclProfileId }
::= { cienaCesAclProfileConfigTable 1 }
CienaCesAclProfileConfigTableEntry ::= SEQUENCE {
cienaCesAclProfileId Integer32,
cienaCesAclProfileName DisplayString,
cienaCesAclProfileAdminState CienaGlobalState,
cienaCesAclProfileOperState CienaGlobalState,
cienaCesAclProfileDefaultFilterAction AclFilterAction,
cienaCesAclProfileNumRules Integer32,
cienaCesAclProfileAttachedInterfaces Unsigned32
}
cienaCesAclProfileId OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The unique identifier of this ACL profile."
::= { cienaCesAclProfileConfigTableEntry 1 }
cienaCesAclProfileName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..31))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The unique name of this ACL profile."
::= { cienaCesAclProfileConfigTableEntry 2 }
cienaCesAclProfileAdminState OBJECT-TYPE
SYNTAX CienaGlobalState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The configured administrative State of the ACL profile."
::= { cienaCesAclProfileConfigTableEntry 3 }
cienaCesAclProfileOperState OBJECT-TYPE
SYNTAX CienaGlobalState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Operational State of the ACL profile.
A profile is operationally enabled if it is administratively enabled
and attached to at least one interface. It is otherwise disabled.
Note that the ACL feature must also be globally enabled for
any profile to be operationally enabled."
::= { cienaCesAclProfileConfigTableEntry 4 }
cienaCesAclProfileDefaultFilterAction OBJECT-TYPE
SYNTAX AclFilterAction
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The configured default filter action for this ACL profile."
::= { cienaCesAclProfileConfigTableEntry 5 }
cienaCesAclProfileNumRules OBJECT-TYPE
SYNTAX Integer32 (1..256)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of ACL rules configured in this profile. There will always
be at least one rule defined in each profile - the default rule."
::= { cienaCesAclProfileConfigTableEntry 6 }
cienaCesAclProfileAttachedInterfaces OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of interfaces to which this profile is attached."
::= { cienaCesAclProfileConfigTableEntry 7 }
--
-- ACL Rule Config Table
--
cienaCesAclRuleConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF CienaCesAclRuleConfigTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of ACL rules configured on the device. Each
entry contains the ACL rule configuration data."
::= { cienaCesAclConfiguration 3 }
cienaCesAclRuleConfigTableEntry OBJECT-TYPE
SYNTAX CienaCesAclRuleConfigTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing the ACL rule configuration data."
INDEX { cienaCesAclProfileId,
cienaCesAclRulePrecedence
}
::= { cienaCesAclRuleConfigTable 1 }
CienaCesAclRuleConfigTableEntry ::= SEQUENCE {
cienaCesAclRulePrecedence Unsigned32,
cienaCesAclRuleName DisplayString,
cienaCesAclRuleFilterAction AclFilterAction,
cienaCesAclRuleMatchAny TruthValue,
cienaCesAclRuleMatchSrcMacAddr TruthValue,
cienaCesAclRuleSrcMacAddr MacAddress,
cienaCesAclRuleSrcMacAddrMask MacAddress,
cienaCesAclRuleMatchDstMacAddr TruthValue,
cienaCesAclRuleDstMacAddr MacAddress,
cienaCesAclRuleDstMacAddrMask MacAddress,
cienaCesAclRuleMatchOuterVid TruthValue,
cienaCesAclRuleOuterVid Unsigned32,
cienaCesAclRuleOuterVidMask Unsigned32,
cienaCesAclRuleMatchOuterPcp TruthValue,
cienaCesAclRuleOuterPcp Unsigned32,
cienaCesAclRuleOuterPcpMask Unsigned32,
cienaCesAclRuleMatchOuterDei TruthValue,
cienaCesAclRuleOuterDei Unsigned32,
cienaCesAclRuleMatchBaseEtype TruthValue,
cienaCesAclRuleBaseEtype Unsigned32,
cienaCesAclRuleMatchSrcIpAddr TruthValue,
cienaCesAclRuleSrcIpAddrType InetAddressType,
cienaCesAclRuleSrcIpAddr InetAddress,
cienaCesAclRuleSrcIpAddrPrefixLength InetAddressPrefixLength,
cienaCesAclRuleMatchDstIpAddr TruthValue,
cienaCesAclRuleDstIpAddrType InetAddressType,
cienaCesAclRuleDstIpAddr InetAddress,
cienaCesAclRuleDstIpAddrPrefixLength InetAddressPrefixLength,
cienaCesAclRuleMatchIpProtocol TruthValue,
cienaCesAclRuleIpProtocol Unsigned32,
cienaCesAclRuleMatchDscp TruthValue,
cienaCesAclRuleDscp Unsigned32,
cienaCesAclRuleDscpMask Unsigned32,
cienaCesAclRuleMatchL4SrcPort AclL4PortMatchType,
cienaCesAclRuleL4SrcPort InetPortNumber,
cienaCesAclRuleL4SrcPortUpper InetPortNumber,
cienaCesAclRuleMatchL4DstPort AclL4PortMatchType,
cienaCesAclRuleL4DstPort InetPortNumber,
cienaCesAclRuleL4DstPortUpper InetPortNumber,
cienaCesAclRuleMatchL4DstProtocol AclL4DstProtocol,
cienaCesAclRuleMatchIpFragment AclIpFragmentMatchType,
cienaCesAclRuleMatchTcpFlags TruthValue,
cienaCesAclRuleTcpFlags DisplayString
}
cienaCesAclRulePrecedence OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The unique precedence value (within the profile) of this ACL rule."
::= { cienaCesAclRuleConfigTableEntry 1 }
cienaCesAclRuleName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..31))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The unique name (within the profile) of this ACL rule."
::= { cienaCesAclRuleConfigTableEntry 2 }
cienaCesAclRuleFilterAction OBJECT-TYPE
SYNTAX AclFilterAction
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The configured filter action for this ACL rule."
::= { cienaCesAclRuleConfigTableEntry 3 }
cienaCesAclRuleMatchAny OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches any traffic, False otherwise.
Matching on any traffic automatically disregards all the remaining fields."
::= { cienaCesAclRuleConfigTableEntry 4 }
cienaCesAclRuleMatchSrcMacAddr OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the source MAC address, False otherwise.
When True, the cienaCesAclRuleSrcMacAddr and cienaCesAclRuleSrcMacAddrMask fields
will contain the source MAC address and mask that are to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 5 }
cienaCesAclRuleSrcMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the source MAC address that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchSrcMacAddr field is set to False."
::= { cienaCesAclRuleConfigTableEntry 6 }
cienaCesAclRuleSrcMacAddrMask OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the source MAC address mask that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchSrcMacAddr field is set to False."
::= { cienaCesAclRuleConfigTableEntry 7 }
cienaCesAclRuleMatchDstMacAddr OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the destination MAC address, False otherwise.
When True, the cienaCesAclRuleDstMacAddr and cienaCesAclRuleDstMacAddrMask fields
will contain the destination MAC address and mask that are to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 8 }
cienaCesAclRuleDstMacAddr OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the destination MAC address that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchDstMacAddr field is set to False."
::= { cienaCesAclRuleConfigTableEntry 9 }
cienaCesAclRuleDstMacAddrMask OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the destination MAC address mask that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchDstMacAddr field is set to False."
::= { cienaCesAclRuleConfigTableEntry 10 }
cienaCesAclRuleMatchOuterVid OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the outer VID, False otherwise.
When True, the cienaCesAclRuleOuterVid and cienaCesAclRuleOuterVidMask fields
will contain the outer VID value and mask that are to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 11 }
cienaCesAclRuleOuterVid OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the outer VID that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchOuterVid field is set to False."
::= { cienaCesAclRuleConfigTableEntry 12 }
cienaCesAclRuleOuterVidMask OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the outer VID mask that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchOuterVid field is set to False."
::= { cienaCesAclRuleConfigTableEntry 13 }
cienaCesAclRuleMatchOuterPcp OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the outer PCP, False otherwise.
When True, the cienaCesAclRuleOuterPcp and cienaCesAclRuleOuterPcpMask fields
will contain the outer PCP value and mask that are to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 14 }
cienaCesAclRuleOuterPcp OBJECT-TYPE
SYNTAX Unsigned32 (0..7)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the outer PCP that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchOuterPcp field is set to False."
::= { cienaCesAclRuleConfigTableEntry 15 }
cienaCesAclRuleOuterPcpMask OBJECT-TYPE
SYNTAX Unsigned32 (0..7)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the outer PCP mask that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchOuterPcp field is set to False."
::= { cienaCesAclRuleConfigTableEntry 16 }
cienaCesAclRuleMatchOuterDei OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the outer DEI bit, False otherwise.
When True, the cienaCesAclRuleOuterDei field
will contain the outer DEI value that is to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 17 }
cienaCesAclRuleOuterDei OBJECT-TYPE
SYNTAX Unsigned32 (0..1)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the outer DEI bit that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchOuterDei field is set to False."
::= { cienaCesAclRuleConfigTableEntry 18 }
cienaCesAclRuleMatchBaseEtype OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the base ethertype, False otherwise.
When True, the cienaCesAclRuleBaseEtype field
will contain the base ethertype value that is to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 19 }
cienaCesAclRuleBaseEtype OBJECT-TYPE
SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the base ethertype that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchBaseEtype field is set to False."
::= { cienaCesAclRuleConfigTableEntry 20 }
cienaCesAclRuleMatchSrcIpAddr OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the source IP address, False otherwise.
When True, the cienaCesAclRuleSrcIpAddrType field will contain the
IP address type (IPv4 or IPv6) and the cienaCesAclRuleSrcIpAddr and
cienaCesAclRuleSrcIpAddrPrefixLength fields will contain the IP address
value and mask that are to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 21 }
cienaCesAclRuleSrcIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Identifies the address family of the source IP address (IPv4/IPv6). This field is
not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False"
::= { cienaCesAclRuleConfigTableEntry 22 }
cienaCesAclRuleSrcIpAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the source IP address that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False."
::= { cienaCesAclRuleConfigTableEntry 23 }
cienaCesAclRuleSrcIpAddrPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the prefix length of the source IP address that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchSrcIpAddr field is set to False."
::= { cienaCesAclRuleConfigTableEntry 24 }
cienaCesAclRuleMatchDstIpAddr OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the destination IP address, False otherwise.
When True, the cienaCesAclRuleDstIpAddrType field will contain the
IP address type (IPv4 or IPv6) and the cienaCesAclRuleDstIpAddr and
cienaCesAclRuleDstIpAddrPrefixLength fields will contain the IP address
value and mask that are to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 25 }
cienaCesAclRuleDstIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Identifies the address family of the destination IP address (IPv4/IPv6).
This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False"
::= { cienaCesAclRuleConfigTableEntry 26 }
cienaCesAclRuleDstIpAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the destination IP address that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False."
::= { cienaCesAclRuleConfigTableEntry 27 }
cienaCesAclRuleDstIpAddrPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the prefix length of the destination IP address that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchDstIpAddr field is set to False."
::= { cienaCesAclRuleConfigTableEntry 28 }
cienaCesAclRuleMatchIpProtocol OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the IP protocol, False otherwise.
When True, the cienaCesAclRuleIpProtocol field
will contain the IP protocol value that is to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 29 }
cienaCesAclRuleIpProtocol OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the IP protocol value that is to be matched by this rule. This field is
not applicable when the cienaCesAclRuleMatchIpProtocol field is set to False."
::= { cienaCesAclRuleConfigTableEntry 30 }
cienaCesAclRuleMatchDscp OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on the DSCP value, False otherwise.
When True, the cienaCesAclRuleDscp and cienaCesAclRuleDscpMask fields
will contain the DSCP value and mask that are to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 31 }
cienaCesAclRuleDscp OBJECT-TYPE
SYNTAX Unsigned32 (0..63)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the DSCP value that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchDscp field is set to False."
::= { cienaCesAclRuleConfigTableEntry 32 }
cienaCesAclRuleDscpMask OBJECT-TYPE
SYNTAX Unsigned32 (0..63)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the outer DSCP mask that is to be matched by this rule.
This field is not applicable when the cienaCesAclRuleMatchDscp field is set to False."
::= { cienaCesAclRuleConfigTableEntry 33 }
cienaCesAclRuleMatchL4SrcPort OBJECT-TYPE
SYNTAX AclL4PortMatchType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the type of L4 source port matching that the ACL rule is performing.
A value of 'any' indicates that the rule matches any L4 source port.
A value of 'single' indicates that the rules matches on a single L4 source port
specified in the cienaCesAclRuleL4SrcPort field. A value of 'range' indicates that
the rule matches on a range of ports, with the cienaCesAclRuleL4SrcPort field specifiying
the lower bound and the cienaCesAclRuleL4SrcPortUpper specifying the upper bound of the range."
::= { cienaCesAclRuleConfigTableEntry 34 }
cienaCesAclRuleL4SrcPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the lower bound or single L4 source port value that is to be matched by this rule
depending on the value of cienaCesAclRuleMatchL4SrcPort.
This field is not applicable when the cienaCesAclRuleMatchL4SrcPort field is set to 'any'."
::= { cienaCesAclRuleConfigTableEntry 35 }
cienaCesAclRuleL4SrcPortUpper OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the upper bound of the L4 source port range that is to be matched by this rule
depending on the value of cienaCesAclRuleMatchL4SrcPort.
This field is not applicable when the cienaCesAclRuleMatchL4SrcPort field is set to 'any' or 'single'."
::= { cienaCesAclRuleConfigTableEntry 36 }
cienaCesAclRuleMatchL4DstPort OBJECT-TYPE
SYNTAX AclL4PortMatchType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the type of L4 destination port matching that the ACL rule is performing.
A value of 'any' indicates that the rule matches any L4 destination port.
A value of 'single' indicates that the rules matches on a single L4 destination port
specified in the cienaCesAclRuleL4SrcPort field. A value of 'range' indicates that
the rule matches on a range of ports, with the cienaCesAclRuleL4DstPort field specifiying
the lower bound and the cienaCesAclRuleL4DstPortUpper specifying the upper bound of the range."
::= { cienaCesAclRuleConfigTableEntry 37 }
cienaCesAclRuleL4DstPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the lower bound or single L4 destination port value that is to be matched by this rule
depending on the value of cienaCesAclRuleMatchL4DstPort.
This field is not applicable when the cienaCesAclRuleMatchL4DstPort field is set to 'any'."
::= { cienaCesAclRuleConfigTableEntry 38 }
cienaCesAclRuleL4DstPortUpper OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains the upper bound of the L4 destination port range that is to be matched by this rule
depending on the value of cienaCesAclRuleMatchL4DstPort.
This field is not applicable when the cienaCesAclRuleMatchL4DstPort field is set to 'any' or 'single'."
::= { cienaCesAclRuleConfigTableEntry 39 }
cienaCesAclRuleMatchL4DstProtocol OBJECT-TYPE
SYNTAX AclL4DstProtocol
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the L4 destination protocol name that is to be matched by this rule.
A value of 'any' indicates that the rule will match any protocol. Note that
this field is mutually exclusive with cienaCesAclRuleMatchL4DstPort - i.e. only
one of these fields can have a value different from 'any' at a given time."
::= { cienaCesAclRuleConfigTableEntry 40 }
cienaCesAclRuleMatchIpFragment OBJECT-TYPE
SYNTAX AclIpFragmentMatchType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the type of IP fragment matching that is to be matched by this rule.
A value of 'any' indicates that the rule will match both fragmented and non-fragmented
packets. A value of 'fragment' indicates that the rule will match only fragmented packets.
A value of 'nonfragment' indicates that the rule will match only non-fragmented (head) packets."
::= { cienaCesAclRuleConfigTableEntry 41 }
cienaCesAclRuleMatchTcpFlags OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if the ACL rule matches on specific TCP Flags, False otherwise.
When True, the cienaCesAclRuleTcpFlags field will contain the TCP Flags
that are to be matched by this rule."
::= { cienaCesAclRuleConfigTableEntry 42 }
cienaCesAclRuleTcpFlags OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Contains a comma-separated uppercase string list of TCP Flags
that are to be matched by this rule, i.e. 'SYN,ACK,RST,...'.
This field is not applicable when the cienaCesAclRuleMatchTcpFlags
field is set to False."
::= { cienaCesAclRuleConfigTableEntry 43 }
--
-- ACL Profile Attachment Table
--
cienaCesAclProfileAttachmentTable OBJECT-TYPE
SYNTAX SEQUENCE OF CienaCesAclProfileAttachmentTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table showing the interface attachments for each
profile on the device. Each entry contains the name of
the interface and the traffic direction on which the profile is applied."
::= { cienaCesAclConfiguration 4 }
cienaCesAclProfileAttachmentTableEntry OBJECT-TYPE
SYNTAX CienaCesAclProfileAttachmentTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing the ACL profile attachment data."
INDEX { cienaCesAclProfileId,
cienaCesAclInterfaceType,
cienaCesAclInterfaceId
}
::= { cienaCesAclProfileAttachmentTable 1 }
CienaCesAclProfileAttachmentTableEntry ::= SEQUENCE {
cienaCesAclInterfaceType AclInterfaceType,
cienaCesAclInterfaceId Integer32,
cienaCesAclInterfaceName DisplayString,
cienaCesAclDirection AclTrafficDirection
}
cienaCesAclInterfaceType OBJECT-TYPE
SYNTAX AclInterfaceType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The type of the interface to which this ACL profile is attached."
::= { cienaCesAclProfileAttachmentTableEntry 1 }
cienaCesAclInterfaceId OBJECT-TYPE
SYNTAX Integer32 (1..1048576)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ID of the interface to which this ACL profile is attached."
::= { cienaCesAclProfileAttachmentTableEntry 2 }
cienaCesAclInterfaceName OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..31))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the interface to which this ACL profile is attached."
::= { cienaCesAclProfileAttachmentTableEntry 3 }
cienaCesAclDirection OBJECT-TYPE
SYNTAX AclTrafficDirection
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The interface's traffic direction (ingress/egress) on which the ACL profile is applied."
::= { cienaCesAclProfileAttachmentTableEntry 4 }
--
-- ACL Profile Global Rule Stats Table
--
cienaCesAclProfileGlobalRuleStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF CienaCesAclProfileGlobalRuleStatsTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of global ACL profile rule statistics. Global ACL profile rule statistics
are the aggregate counts of the hit statistics for all instances of the ACL profile's rules."
::= { cienaCesAclStatistics 1 }
cienaCesAclProfileGlobalRuleStatsTableEntry OBJECT-TYPE
SYNTAX CienaCesAclProfileGlobalRuleStatsTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing the ACL profile global rule hit statistics."
INDEX { cienaCesAclProfileId,
cienaCesAclRulePrecedence
}
::= { cienaCesAclProfileGlobalRuleStatsTable 1 }
CienaCesAclProfileGlobalRuleStatsTableEntry ::= SEQUENCE {
cienaCesAclGlobalRuleStatsPacketCount Counter64,
cienaCesAclGlobalRuleStatsByteCount Counter64
}
cienaCesAclGlobalRuleStatsPacketCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets that matched this ACL rule."
::= { cienaCesAclProfileGlobalRuleStatsTableEntry 1 }
cienaCesAclGlobalRuleStatsByteCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of bytes that matched this ACL rule."
::= { cienaCesAclProfileGlobalRuleStatsTableEntry 2 }
--
-- ACL Profile Rule Instance Stats Table
--
cienaCesAclProfileRuleInstanceStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF CienaCesAclProfileRuleInstanceStatsTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of ACL profile rule instance statistics. These ACL rule hit statistics are
specific to the rules applied on the particular interface."
::= { cienaCesAclStatistics 2 }
cienaCesAclProfileRuleInstanceStatsTableEntry OBJECT-TYPE
SYNTAX CienaCesAclProfileRuleInstanceStatsTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing the ACL profile rule instance hit statistics."
INDEX { cienaCesAclProfileId,
cienaCesAclInterfaceType,
cienaCesAclInterfaceId,
cienaCesAclRulePrecedence
}
::= { cienaCesAclProfileRuleInstanceStatsTable 1 }
CienaCesAclProfileRuleInstanceStatsTableEntry ::= SEQUENCE {
cienaCesAclRuleInstanceStatsPacketCount Counter64,
cienaCesAclRuleInstanceStatsByteCount Counter64
}
cienaCesAclRuleInstanceStatsPacketCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets that matched this ACL rule instance."
::= { cienaCesAclProfileRuleInstanceStatsTableEntry 1 }
cienaCesAclRuleInstanceStatsByteCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of bytes that matched this ACL rule instance."
::= { cienaCesAclProfileRuleInstanceStatsTableEntry 2 }
END
|
