-- ----------------------------------------------------------------------------- -- MIB NAME : Access Control List(ACL) Common mib -- FILE NAME: ACL.mib -- DATE : 2008/04/18 -- VERSION : 2.08 -- PURPOSE : To construct the MIB structure of Access Control List -- for proprietary enterprise -- ----------------------------------------------------------------------------- -- MODIFICTION HISTORY: -- ----------------------------------------------------------------------------- -- Version, Date, Author -- Description: -- [New Object] -- [Modification] -- Notes: (Requested by who and which project) -- -- Version 2.08, 2008/04/18, Marco -- Description: -- [New Object] -- [Modification] -- 1. change range of the ff nodes to include case node is not active: -- swACLEtherRule8021P -- swACLIpRuleDscp -- swAclIpRuleType -- swAclIpRuleCode -- swACLIpRuleSrcPort -- swACLIpRuleDstPort -- swACLIpRuleProtoID -- swCpuAclEtherRule8021P -- swCpuAclIpRuleDscp -- swCpuAclIpRuleType -- swCpuAclIpRuleCode -- swCpuAclIpRuleSrcPort -- swCpuAclIpRuleDstPort -- swCpuAclIpRuleProtoID -- removed *replaceprioritywith objects -- Requested by Marco Visaya for project DES30XXP. -- -- Version 2.07, 2008/04/11, Marco -- Description: -- [New Object] -- 1. Added swACLEtherRuleReplacePriorityWith -- 2. Added swACLIPRuleReplacePriorityWith -- [Modification] -- 1. Remove the range of xxxProfileID, and xxxRxRate. The maximum value of the objects depend on the device. -- Requested by Marco Visaya for project DES30XXP. -- -- -- Version 2.06, 2008/04/02, Kelvin -- Description: -- [New Object] -- 1.add objects swACLIpv6MaskUseProtoType, swACLIpv6MaskTcpOption, swACLIpv6MaskUdpOption -- swACLIpv6MaskTCPorUDPSrcPortMask, swACLIpv6MaskTCPorUDPDstPortMask in swACLIpv6MaskTable. -- 2.add objects swACLIpv6RuleProtocol, swACLIpv6RuleSrcPort, swACLIpv6RuleDstPort in swACLIpv6RuleTable. -- Requested by Kelvin Tao for project DGS3700. -- -- Version 2.05, 2008/02/20, Kelvin -- Description: -- [New Object] -- 1.add objects swACLEtherRuleVID in swACLEtherRuleTable. -- 2.add objects swACLIpRuleVID in swACLIpRuleTable. -- 3.add objects swACLPktContRuleVID in swACLPktContRuleTable. -- 4.add objects swACLIpv6RuleVID in swACLIpv6RuleTable. -- 5.add objects swACLPktContRuleOptionVID in swACLPktContRuleOptionTable. -- Requested by Kelvin Tao for project DGS3700. -- -- Version 2.04, 2008/01/15, Yan -- Description: -- [New Object] -- 1.add objects swACLEtherRuleEnableReplaceTosPrecedence, swACLEtherRuleRepTosPrecedence in swACLEtherRuleTable. -- 2.add objects swACLIpRuleEnableReplaceTosPrecedence, swACLIpRuleRepTosPrecedence in swACLIpRuleTable. -- 3.add objects swACLPktContRuleEnableReplaceTosPrecedence, swACLPktContRuleRepTosPrecedence in swACLPktContRuleTable. -- 4.add objects swACLIpv6RuleEnableReplaceDscp, swACLIpv6RuleRepDscp, swACLIpv6RuleEnableReplaceTosPrecedence and -- swACLIpv6RuleRepTosPrecedence in swACLIpv6RuleTable. -- 5.add objects swACLPktContRuleOptionEnableReplaceTosPrecedence, swACLPktContRuleOptionRepTosPrecedence in -- swACLPktContRuleOptionTable. -- Requested by Yan Zhang for project DES35XX. -- -- Version 2.03, 2007/12/27 by Ronald Hsu -- 1.Add 'lease-renew(4)' in the value list of object swACLPktContRulePermit. -- Requested by Ronald Hsu for project DES3828R4. -- -- Version 2.02, 2007/12/18, Jenny -- Description: -- [New Object] -- 1.add object swACLPktContMaskOptionProfileName in swACLPktContMaskOptionTable. -- 2.add object swACLIpv6MaskProfileName in swACLIpv6MaskTable. -- 3.add object swACLIpProfileName in swACLIpTable. -- 4.add object swACLEthernetProfileName in swACLEthernetTable. -- 5.add object swACLPktContMaskProfileName in swACLPktContMaskTable. -- Requested by Jenny for project DES35XX. -- -- Version 2.01, 2007/05/15, Yan -- Description: -- [Modification] -- 1. add Value List remark-dscp(4) of object swAclMeterActionForRateExceed, change the access -- of objects swAclMeterRate and swAclMeterActionForRateExceed from read-write to read-create for CLI. -- 2. change the access of object swACLIpRuleProtocol from read-only to read-write for supporting -- the new chip of project DGS3600R2. -- [New Object] -- 1. add objects swACLIpSrcMacAddrMask, swACLIpRuleSrcMacAddress for supporting the lab-out project DGS3400R2. -- 2. add tables swACLCounterTable, swACLPktContMaskOptionTable and swACLPktContRuleOptionTable for CLI. -- 3. add read-only objects swACLTotalUsedRuleEntries, swACLTotalUnusedRuleEntries, swACLEthernetUnusedRuleEntries, -- swACLIpUnusedRuleEntries, swACLPktContMaskUnusedRuleEntries, swACLIpv6MaskUnusedRuleEntries for CLI. -- 4. add objects swCpuAclEtherRuleEtherPort, swCpuAclIpRulePort, swCpuAclPktContRulePort, swCpuAclIpv6RulePort for CLI. -- 5. add object swCpuACLMaskDelAllState for supporting the lab-out project DGS3400R2. -- 6. add objects swAclMeterRemarkDscp, swAclMeterBurstSize, swAclMeterMode, swAclMeterTrtcmCir, swAclMeterTrtcmCbs, -- swAclMeterTrtcmPir, swAclMeterTrtcmPbs, swAclMeterTrtcmColorMode, swAclMeterTrtcmConformState, swAclMeterTrtcmConformReplaceDscp, -- swAclMeterTrtcmConformCounterState, swAclMeterTrtcmExceedState, swAclMeterTrtcmExceedReplaceDscp, swAclMeterTrtcmExceedCounterState, -- swAclMeterTrtcmViolateState, swAclMeterTrtcmViolateReplaceDscp, swAclMeterTrtcmViolateCounterState, swAclMeterSrtcmCir, -- swAclMeterSrtcmCbs, swAclMeterSrtcmEbs, swAclMeterSrtcmColorMode, swAclMeterSrtcmConformState, swAclMeterSrtcmConformReplaceDscp, -- swAclMeterSrtcmConformCounterState, swAclMeterSrtcmExceedState, swAclMeterSrtcmExceedReplaceDscp, swAclMeterSrtcmExceedCounterState, -- swAclMeterSrtcmViolateState, swAclMeterSrtcmViolateReplaceDscp, swAclMeterSrtcmViolateCounterState, swAclMeterRowStatus for CLI. -- 7. add objects swACLEtherRuleRxRate, swACLIpRuleRxRate, swACLPktContRuleRxRate, swACLIpv6RuleRxRate for supporting -- the older CLI Command, and these objects could be used for some projects. -- 8. add swIBPACLEthernetTable, swIBPACLIpTable, swIBPACLEtherRuleTable, swIBPACLIpRuleTable for keeping the OID -- of lab-out project DGS3400R2, but these objects can not be used for other project, so the status is obsolete. -- Requested by Yan for DGS3600R2. -- -- Version 2.00, 2007/03/27, Yedda -- This is the first formal version for universal MIB definition. -- ----------------------------------------------------------------------------- ACLMGMT-MIB DEFINITIONS ::= BEGIN IMPORTS Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE, MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32 FROM SNMPv2-SMI MacAddress, RowStatus FROM SNMPv2-TC DisplayString FROM RFC1213-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB dlink-common-mgmt FROM DLINK-ID-REC-MIB; swAclMgmtMIB MODULE-IDENTITY LAST-UPDATED "0804180000Z" ORGANIZATION "D-Link Corp." CONTACT-INFO "http://support.dlink.com" DESCRIPTION "The structure of Access Control List information for the proprietary enterprise." ::= { dlink-common-mgmt 9 } PortList ::= OCTET STRING(SIZE (0..127)) swAclCtrl OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 } swAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 } swAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 3 } swCpuAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 4 } swCpuAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 5 } swAclMeteringMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 6 } -- ----------------------------------------------------------------------------- -- Textual Conventions -- ----------------------------------------------------------------------------- -- This definition may be excluded if IPv6 Supported Ipv6Address ::= TEXTUAL-CONVENTION DISPLAY-HINT "2x:" STATUS current DESCRIPTION "This data type is used to model IPv6 addresses. This is a binary string of 16 octets in network byte-order." SYNTAX OCTET STRING (SIZE (16)) -- ----------------------------------------------------------------------------- -- swAclCtrl -- ----------------------------------------------------------------------------- swCpuInterfacefilterState OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable or disable CPU Interface Filtering (also called Software ACL). The default is disabled. If enabled, the filtering entries in the swAclRuleMgmt tables will be set to active if its RuleSwAclState is enabled. If disabled, the software ACL function will be disabled." ::={ swAclCtrl 1} swACLTotalUsedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of used ACL rule entries." ::={ swAclCtrl 2} swACLTotalUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of unused ACL rule entries." ::={ swAclCtrl 3} -- ----------------------------------------------------------------------------- -- swACLEthernetTable -- ----------------------------------------------------------------------------- swACLEthernetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains ACL mask Ethernet information. The access profile will be created on the switch to define which part of each incoming frame's layer 2 header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 1 } swACLEthernetEntry OBJECT-TYPE SYNTAX SwACLEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL for Ethernet." INDEX { swACLEthernetProfileID } ::= { swACLEthernetTable 1 } SwACLEthernetEntry ::= SEQUENCE { swACLEthernetProfileID INTEGER, -- swACLEthernetPort -- PortList, swACLEthernetUsevlan INTEGER, swACLEthernetMacAddrMaskState INTEGER, swACLEthernetSrcMacAddrMask MacAddress, swACLEthernetDstMacAddrMask MacAddress, swACLEthernetUse8021p INTEGER, swACLEthernetUseEthernetType INTEGER, swACLEthernetRowStatus RowStatus, swACLEthernetOwner INTEGER, swACLEthernetUnusedRuleEntries INTEGER, swACLEthernetProfileName DisplayString } swACLEthernetProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the ACL mask entry unique to the mask list. The maximum value of this object depends on the device." ::= { swACLEthernetEntry 1 } -- swACLEthernetPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLEthernetEntry 2 } swACLEthernetUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine the VLAN part of each packet header." ::= { swACLEthernetEntry 2 } swACLEthernetMacAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-mac-addr(2), src-mac-addr(3), dst-src-mac-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the MAC address mask. other (1) - Neither source MAC address nor destination MAC address are masked. dst-mac-addr (2) - Destination MAC addresses within received frames are to be filtered when matched with the MAC address entry for the table. src-mac-addr (3) - Source MAC addresses within received frames are to be filtered when matched with the MAC address entry for the table. dst-src-mac-addr (4) - Source or destination MAC addresses within received frames are to be filtered when matched with the MAC address entry of the table." ::= { swACLEthernetEntry 3 } swACLEthernetSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the MAC address mask for the source MAC address." ::= { swACLEthernetEntry 4 } swACLEthernetDstMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the MAC address mask for the destination MAC address." ::= { swACLEthernetEntry 5 } swACLEthernetUse8021p OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the 802.1p priority value in the frame's header or not." ::= { swACLEthernetEntry 6 } swACLEthernetUseEthernetType OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the Ethernet type value in each frame's header or not." ::= { swACLEthernetEntry 7 } swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLEthernetEntry 8 } swACLEthernetOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLEthernetEntry 9 } swACLEthernetUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries of this Ethernet profile entry." ::={ swACLEthernetEntry 10} swACLEthernetProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLEthernetEntry 11 } -- ----------------------------------------------------------------------------- -- swACLIpTable -- ----------------------------------------------------------------------------- swACLIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the ACL mask for IP information. Access profiles will be created on the switch to define which part of the incoming frame's IP layer packet header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 2 } swACLIpEntry OBJECT-TYPE SYNTAX SwACLIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL of the IP Layer." INDEX { swACLIpProfileID } ::= { swACLIpTable 1 } SwACLIpEntry ::= SEQUENCE { swACLIpProfileID INTEGER, -- swACLIpPort -- PortList, swACLIpUsevlan INTEGER, swACLIpIpAddrMaskState INTEGER, swACLIpSrcIpAddrMask IpAddress, swACLIpDstIpAddrMask IpAddress, swACLIpUseDSCP INTEGER, swACLIpUseProtoType INTEGER, swACLIpIcmpOption INTEGER, swACLIpIgmpOption INTEGER, swACLIpTcpOption INTEGER, swACLIpUdpOption INTEGER, swACLIpTCPorUDPSrcPortMask OCTET STRING, swACLIpTCPorUDPDstPortMask OCTET STRING, swACLIpTCPFlagBit INTEGER, swACLIpTCPFlagBitMask INTEGER, swACLIpProtoIDOption INTEGER, swACLIpProtoID INTEGER, swACLIpProtoIDMask OCTET STRING, swACLIpRowStatus RowStatus, swACLIpOwner INTEGER, -- swACLIpSrcMacAddrMask -- MacAddress, swACLIpUnusedRuleEntries INTEGER, swACLIpProfileName DisplayString } swACLIpProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLIpEntry 1 } -- swACLIpPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLIpEntry 2 } swACLIpUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the IP layer VLAN part is examined or not." ::= { swACLIpEntry 2 } swACLIpIpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ip-addr(2), src-ip-addr(3), dst-src-ip-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of IP address mask. other (1) - Neither source IP address nor destination IP address are masked. dst-ip-addr (2) - Destination IP addresses within received frames are to be filtered when matched with the IP address entry of the table. src-ip-addr (3) - Source IP addresses within received frames are to be filtered when matched with the IP address entry of the table. dst-src-ip-addr (4) - Destination or source IP addresses within received frames are to be filtered when matched with the IP address entry of the table." ::= { swACLIpEntry 3 } swACLIpSrcIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address mask for the source IP address." ::= { swACLIpEntry 4 } swACLIpDstIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address mask for the destination IP address." ::= { swACLIpEntry 5 } swACLIpUseDSCP OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the DSCP protocol in the packet header is to be examined or not." ::= { swACLIpEntry 6 } swACLIpUseProtoType OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "That object indicates which protocol will be examined." ::= { swACLIpEntry 7 } swACLIpIcmpOption OBJECT-TYPE SYNTAX INTEGER { none(1), type(2), code(3), type-code(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which fields are defined for ICMP. none (1)- Both fields are null. type (2)- Type field identified. code (3)- Code field identified. type-code (4)- Both ICMP fields identified. " ::= { swACLIpEntry 8 } swACLIpIgmpOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates if the IGMP options field is identified or not." ::= { swACLIpEntry 9 } swACLIpTcpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the filtered address of TCP. other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swACLIpEntry 10 } swACLIpUdpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the filtered address of UDP . other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swACLIpEntry 11 } swACLIpTCPorUDPSrcPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the source port if swACLIpUseProtoType is TCP Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP. " ::= { swACLIpEntry 12 } swACLIpTCPorUDPDstPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the destination port if swACLIpUseProtoType is TCP Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP." ::= { swACLIpEntry 13 } swACLIpTCPFlagBit OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP connection flag mask." ::= { swACLIpEntry 14 } swACLIpTCPFlagBitMask OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offer. The value is a sum of flag bits. This sum initially takes the value zero. Then, for each flag, L, is added in the range 1 through 6, for which this node performs transactions where 2^(L-1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example, if you want to enable urg bit and ack bit, you should set value 48{2^(5-1) + 2^(6-1)}." ::= { swACLIpEntry 15 } swACLIpProtoIDOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine each frame's protocol ID field or not." ::= { swACLIpEntry 16 } swACLIpProtoID OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID behind the IP header." ::= { swACLIpEntry 17 } swACLIpProtoIDMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the mask options behind the IP header." ::= { swACLIpEntry 18 } swACLIpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpEntry 19 } swACLIpOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example, IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLIpEntry 20 } -- swACLIpSrcMacAddrMask OBJECT-TYPE -- SYNTAX MacAddress -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "This object specifies the MAC address mask for the source MAC address." -- ::= { swACLIpEntry 21 } swACLIpUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries this IP profile entry." ::={ swACLIpEntry 22} swACLIpProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLIpEntry 23 } -- ----------------------------------------------------------------------------- -- swACLPktContMaskTable -- ----------------------------------------------------------------------------- swACLPktContMaskTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the ACL mask for user-defined information. An access profile will be created on the switch to define which part of each incoming frame's user-defined part of the packet header will be examined by switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 3 } swACLPktContMaskEntry OBJECT-TYPE SYNTAX SwACLPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about user-defined ACLs." INDEX { swACLPktContMaskProfileID } ::= { swACLPktContMaskTable 1 } SwACLPktContMaskEntry ::= SEQUENCE { swACLPktContMaskProfileID INTEGER, -- swACLPktContMaskPort -- PortList, swACLPktContMaskOffset0to15 OCTET STRING, swACLPktContMaskOffset16to31 OCTET STRING, swACLPktContMaskOffset32to47 OCTET STRING, swACLPktContMaskOffset48to63 OCTET STRING, swACLPktContMaskOffset64to79 OCTET STRING, swACLPktContMaskRowStatus RowStatus, swACLPktContMaskOwner INTEGER, swACLPktContMaskUnusedRuleEntries INTEGER, swACLPktContMaskProfileName DisplayString } swACLPktContMaskProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLPktContMaskEntry 1 } -- swACLPktContMaskPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLPktContMaskEntry 2 } swACLPktContMaskOffset0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset0to15) and the mask options." ::= { swACLPktContMaskEntry 2 } swACLPktContMaskOffset16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset16to31) and the mask options." ::= { swACLPktContMaskEntry 3 } swACLPktContMaskOffset32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset32to47) and the mask options." ::= { swACLPktContMaskEntry 4 } swACLPktContMaskOffset48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset48to63) and the mask options." ::= { swACLPktContMaskEntry 5 } swACLPktContMaskOffset64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset64to79) and the mask options." ::= { swACLPktContMaskEntry 6 } swACLPktContMaskRowStatus OBJECT-TYPE --swACLEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContMaskEntry 7 } swACLPktContMaskOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example, IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLPktContMaskEntry 8 } swACLPktContMaskUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries of this IP profile entry." ::={ swACLPktContMaskEntry 9} swACLPktContMaskProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLPktContMaskEntry 10 } -- ----------------------------------------------------------------------------- -- swACLIpv6MaskTable -- ----------------------------------------------------------------------------- swACLIpv6MaskTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpv6MaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined ACL mask information. An access profile will be created on the switch to define which parts of each incoming frame's IPv6 part of the packet header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 4 } swACLIpv6MaskEntry OBJECT-TYPE SYNTAX SwACLIpv6MaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about user-defined ACLs." INDEX { swACLIpv6MaskProfileID } ::= { swACLIpv6MaskTable 1 } SwACLIpv6MaskEntry ::= SEQUENCE { swACLIpv6MaskProfileID INTEGER, -- swACLIpv6MaskPort -- PortList, swACLIpv6MaskClass INTEGER, swACLIpv6MaskFlowlabel INTEGER, swACLIpv6IpAddrMaskState INTEGER, swACLIpv6MaskSrcIpv6Mask Ipv6Address, swACLIpv6MaskDstIpv6Mask Ipv6Address, swACLIpv6MaskRowStatus RowStatus, swACLIpv6MaskOwner INTEGER, swACLIpv6MaskUnusedRuleEntries INTEGER, swACLIpv6MaskProfileName DisplayString, swACLIpv6MaskUseProtoType INTEGER, swACLIpv6MaskTcpOption INTEGER, swACLIpv6MaskUdpOption INTEGER, swACLIpv6MaskTCPorUDPSrcPortMask OCTET STRING, swACLIpv6MaskTCPorUDPDstPortMask OCTET STRING } swACLIpv6MaskProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLIpv6MaskEntry 1 } -- swACLIpv6MaskPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLIpv6MaskEntry 2 } swACLIpv6MaskClass OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 class field and the mask options." ::= { swACLIpv6MaskEntry 2 } swACLIpv6MaskFlowlabel OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 flowlabel field and the mask options." ::= { swACLIpv6MaskEntry 3 } swACLIpv6IpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ipv6-addr(2), src-ipv6-addr(3), dst-src-ipv6-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the IPv6 address mask. other (1) - Neither source IPv6 address nor destination IPv6 address are masked. dst-ipv6-addr (2) - Received frame destination IPv6 address is currently used to be filtered as it meets with the IPv6 address entry of the table. src-ipv6-addr (3) - Received frame source IPv6 address is currently used to be filtered as it meets with the IPv6 address entry of the table. dst-src-ipv6-addr (4) - Received frame destination IPv6 address or source IPv6 address is currently used to be filtered as it meets with the IPv6 address entry of the table." ::= { swACLIpv6MaskEntry 4 } swACLIpv6MaskSrcIpv6Mask OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the Source IPv6 address and the mask options. This should be a 16 byte octet string." ::= { swACLIpv6MaskEntry 5 } swACLIpv6MaskDstIpv6Mask OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the Destination IPv6 address and the mask options. This should be a 16 byte octet string." ::= { swACLIpv6MaskEntry 6 } swACLIpv6MaskRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpv6MaskEntry 7 } swACLIpv6MaskOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example, IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLIpv6MaskEntry 8 } swACLIpv6MaskUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries of this IP profile entry." ::={ swACLIpv6MaskEntry 9} swACLIpv6MaskProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLIpv6MaskEntry 10 } swACLIpv6MaskUseProtoType OBJECT-TYPE SYNTAX INTEGER { none(1), tcp(2), udp(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "That object indicates which protocol will be examined." ::= { swACLIpv6MaskEntry 11 } swACLIpv6MaskTcpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the filtered address of TCP. other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swACLIpv6MaskEntry 12 } swACLIpv6MaskUdpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the filtered address of UDP. other (1) - Neither source port nor destination port is masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swACLIpv6MaskEntry 13 } swACLIpv6MaskTCPorUDPSrcPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the source port if swACLIpv6MaskUseProtoType is TCP Specifies a UDP port mask for the source port if swACLIpv6MaskUseProtoType is UDP. " ::= { swACLIpv6MaskEntry 14 } swACLIpv6MaskTCPorUDPDstPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the destination port if swACLIpv6MaskUseProtoType is TCP Specifies a UDP port mask for the destination port if swACLIpv6MaskUseProtoType is UDP." ::= { swACLIpv6MaskEntry 15 } -- ----------------------------------------------------------------------------- -- swACLMaskDelAllState -- ----------------------------------------------------------------------------- swACLMaskDelAllState OBJECT-TYPE SYNTAX INTEGER{ none(1), start(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to delete all ACL masks." ::= { swAclMaskMgmt 5 } -- ----------------------------------------------------------------------------- --swIBPACLEthernetTable -- ----------------------------------------------------------------------------- swIBPACLEthernetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwIBPACLEthernetEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This table contains IP-MAC-Binding ACL mask Ethernet information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's layer 2 header part the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 6 } swIBPACLEthernetEntry OBJECT-TYPE SYNTAX SwIBPACLEthernetEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "A list of information about the Ethernet ACL." INDEX { swIBPACLEthernetProfileID } ::= { swIBPACLEthernetTable 1 } SwIBPACLEthernetEntry ::= SEQUENCE { swIBPACLEthernetProfileID INTEGER, swIBPACLEthernetUseEthernetType INTEGER } swIBPACLEthernetProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device." ::= { swIBPACLEthernetEntry 1 } swIBPACLEthernetUseEthernetType OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies if the switch will examine the Ethernet type value in each frame's header or not." ::= { swIBPACLEthernetEntry 2 } -- ----------------------------------------------------------------------------- --swIBPACLIpTable -- ----------------------------------------------------------------------------- swIBPACLIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SwIBPACLIpEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This table contains IP-MAC-Binding IP ACL mask information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's IP layer part of the header the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 7 } swIBPACLIpEntry OBJECT-TYPE SYNTAX SwIBPACLIpEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "A list of information about the IP layer of the ACL." INDEX { swIBPACLIpProfileID } ::= { swIBPACLIpTable 1 } SwIBPACLIpEntry ::= SEQUENCE { swIBPACLIpProfileID INTEGER, swIBPACLIpSrcMacAddrMask MacAddress, swIBPACLIpSrcIpAddrMask IpAddress } swIBPACLIpProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device." ::= { swIBPACLIpEntry 1 } swIBPACLIpSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "This object specifies the MAC address mask for the source MAC address." ::= { swIBPACLIpEntry 2 } swIBPACLIpSrcIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "This object specifies IP address masks for the source IP address." ::= { swIBPACLIpEntry 3 } -- ----------------------------------------------------------------------------- -- swACLPktContMaskOptionTable -- ----------------------------------------------------------------------------- swACLPktContMaskOptionTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContMaskOptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the ACL mask for user-defined option information. An access profile will be created on the switch to define which part of each incoming frame's user-defined part of the packet header will be examined by switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swAclMaskMgmt 8 } swACLPktContMaskOptionEntry OBJECT-TYPE SYNTAX SwACLPktContMaskOptionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the user-defined ACL." INDEX { swACLPktContMaskOptionProfileID } ::= { swACLPktContMaskOptionTable 1 } SwACLPktContMaskOptionEntry ::= SEQUENCE { swACLPktContMaskOptionProfileID INTEGER, swACLPktContMaskOffsetChunk1State INTEGER, swACLPktContMaskOffsetChunk1OffsetValue INTEGER, swACLPktContMaskOffsetChunk1Mask OCTET STRING, swACLPktContMaskOffsetChunk2State INTEGER, swACLPktContMaskOffsetChunk2OffsetValue INTEGER, swACLPktContMaskOffsetChunk2Mask OCTET STRING, swACLPktContMaskOffsetChunk3State INTEGER, swACLPktContMaskOffsetChunk3OffsetValue INTEGER, swACLPktContMaskOffsetChunk3Mask OCTET STRING, swACLPktContMaskOffsetChunk4State INTEGER, swACLPktContMaskOffsetChunk4OffsetValue INTEGER, swACLPktContMaskOffsetChunk4Mask OCTET STRING, swACLPktContMaskOptionRowStatus RowStatus, swACLPktContMaskOptionOwner INTEGER, swACLPktContMaskOptionUnusedRuleEntries INTEGER, swACLPktContMaskOptionProfileName DisplayString } swACLPktContMaskOptionProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, unique to the mask list. The maximum value of this object depends on the device." ::= { swACLPktContMaskOptionEntry 1 } swACLPktContMaskOffsetChunk1State OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the state of chunk1." ::= { swACLPktContMaskOptionEntry 2 } swACLPktContMaskOffsetChunk1OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content offset of chunk1." ::= { swACLPktContMaskOptionEntry 3 } swACLPktContMaskOffsetChunk1Mask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content mask of chunk1." ::= { swACLPktContMaskOptionEntry 4 } swACLPktContMaskOffsetChunk2State OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the state of chunk2." ::= { swACLPktContMaskOptionEntry 5 } swACLPktContMaskOffsetChunk2OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content offset of chunk2." ::= { swACLPktContMaskOptionEntry 6 } swACLPktContMaskOffsetChunk2Mask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content mask of chunk2." ::= { swACLPktContMaskOptionEntry 7 } swACLPktContMaskOffsetChunk3State OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the state of chunk3." ::= { swACLPktContMaskOptionEntry 8 } swACLPktContMaskOffsetChunk3OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content offset of chunk3." ::= { swACLPktContMaskOptionEntry 9 } swACLPktContMaskOffsetChunk3Mask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content mask of chunk3." ::= { swACLPktContMaskOptionEntry 10 } swACLPktContMaskOffsetChunk4State OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the state of chunk4." ::= { swACLPktContMaskOptionEntry 11 } swACLPktContMaskOffsetChunk4OffsetValue OBJECT-TYPE SYNTAX INTEGER (0..31) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content offset of chunk4." ::= { swACLPktContMaskOptionEntry 12 } swACLPktContMaskOffsetChunk4Mask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the frame content mask of chunk4." ::= { swACLPktContMaskOptionEntry 13 } swACLPktContMaskOptionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContMaskOptionEntry 14 } swACLPktContMaskOptionOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL mask entry. The type of ACL entry created. ACL type entries can only be modified when being configured through the same type command. For example, IP-MAC Binding entries can only be modified or deleted through the IP-MAC Binding configurations or commands." ::= { swACLPktContMaskOptionEntry 15 } swACLPktContMaskOptionUnusedRuleEntries OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of unused rule entries of this IP profile entry." ::={ swACLPktContMaskOptionEntry 16} swACLPktContMaskOptionProfileName OBJECT-TYPE SYNTAX DisplayString(SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the ACL mask entry unique to the mask list." ::= { swACLPktContMaskOptionEntry 17 } -- ----------------------------------------------------------------------------- -- swACLEtherRuleTable -- ----------------------------------------------------------------------------- swACLEtherRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains Ethernet ACL information." ::= { swAclRuleMgmt 1 } swACLEtherRuleEntry OBJECT-TYPE SYNTAX SwACLEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL rule of the layer 2 part of each packet." INDEX { swACLEtherRuleProfileID,swACLEtherRuleAccessID } ::= { swACLEtherRuleTable 1 } SwACLEtherRuleEntry ::= SEQUENCE { swACLEtherRuleProfileID INTEGER, swACLEtherRuleAccessID INTEGER, swACLEtherRuleVlan SnmpAdminString, swACLEtherRuleSrcMacAddress MacAddress, swACLEtherRuleDstMacAddress MacAddress, swACLEtherRule8021P INTEGER, swACLEtherRuleEtherType OCTET STRING, swACLEtherRuleEnablePriority INTEGER, swACLEtherRulePriority INTEGER, swACLEtherRuleReplacePriority INTEGER, swACLEtherRuleEnableReplaceDscp INTEGER, swACLEtherRuleRepDscp INTEGER, swACLEtherRulePermit INTEGER, swACLEtherRulePort -- INTEGER, PortList, -- swACLEtherRuleSwAclState -- INTEGER, swACLEtherRuleRowStatus RowStatus, swACLEtherRuleOwner INTEGER, swACLEtherRuleRxRate INTEGER, swACLEtherRuleEnableReplaceTosPrecedence INTEGER, swACLEtherRuleRepTosPrecedence INTEGER, swACLEtherRuleVID INTEGER } swACLEtherRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLEtherRuleEntry 1 } swACLEtherRuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the the ACL rule entry relates to the swACLEtherRuleProfileID. When row creation is set to 0, assignment of an Access ID for ports is automatic and the swACLEtherRulePort creates Rule entries for the swACLEtherRulePort accordingly. When set from 1 to 65535, an access ID will be created for the swACLEtherRulePort. The swACLEtherRulePort must be set to one port only otherwise the row creation will fail. " ::= { swACLEtherRuleEntry 2 } swACLEtherRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply to this VLAN only." ::= { swACLEtherRuleEntry 3 } swACLEtherRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply to only packets with this source MAC address." ::= { swACLEtherRuleEntry 4 } swACLEtherRuleDstMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply to only packets with this destination MAC address." ::= { swACLEtherRuleEntry 5 } swACLEtherRule8021P OBJECT-TYPE SYNTAX INTEGER(-1..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this 802.1p priority value. A value of -1 indicates that this node is not actively used." ::= { swACLEtherRuleEntry 6 } swACLEtherRuleEtherType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this hexadecimal 802.1Q Ethernet type value in the packet header." ::= { swACLEtherRuleEntry 7 } swACLEtherRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with priority value." ::= { swACLEtherRuleEntry 8 } swACLEtherRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the priority will be changed in packets while the swACLEtherRuleEnablePriority is enabled ." ::= { swACLEtherRuleEntry 9 } swACLEtherRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile 802.1p priority tag field or not ." ::= { swACLEtherRuleEntry 10 } swACLEtherRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile DSCP field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLEtherRuleEntry 11 } swACLEtherRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLEtherRuleEntry 12 } swACLEtherRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) -- ,mirror(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." -- mirror - Specifies the packets that match the access profile are copied to the mirror port. -- Note: The ACL mirror function will function after mirror has been enabled -- and the mirror port has been configured. ::= { swACLEtherRuleEntry 13 } swACLEtherRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s). This object and swACLEtherRuleVID can not be set together." ::= { swACLEtherRuleEntry 14 } -- swACLEtherRuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to the software ACL state." -- ::= { swACLEtherRuleEntry 15 } swACLEtherRuleRowStatus OBJECT-TYPE --swACLEtherRuleState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLEtherRuleEntry 15 } swACLEtherRuleOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL rule entry. Only owners can modify this entry." ::= { swACLEtherRuleEntry 16 } swACLEtherRuleRxRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rx rate, 0 denotes no_limit. The maximum value of this object depends on the device." ::= { swACLEtherRuleEntry 17 } swACLEtherRuleEnableReplaceTosPrecedence OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile ToS precedence field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLEtherRuleEntry 18 } swACLEtherRuleRepTosPrecedence OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the ToS precedence field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the ToS precedence field of the packet." ::= { swACLEtherRuleEntry 19 } swACLEtherRuleVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies this rule only applies to the specified VLAN. There are two conditions: 1.only the portlist that belongs to this VLAN will be included; 2.packets must belong to this VLAN. This object and swACLEtherRulePort can not be set together. When you set swACLEtherRulePort, the value of this object will automatically change to 0. And this object can not be set to 0." ::= { swACLEtherRuleEntry 20 } -- ----------------------------------------------------------------------------- -- swACLIpRuleTable -- ----------------------------------------------------------------------------- swACLIpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { swAclRuleMgmt 2 } swACLIpRuleEntry OBJECT-TYPE SYNTAX SwACLIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { swACLIpRuleProfileID , swACLIpRuleAccessID } ::= { swACLIpRuleTable 1 } SwACLIpRuleEntry ::= SEQUENCE { swACLIpRuleProfileID INTEGER, swACLIpRuleAccessID INTEGER, swACLIpRuleVlan SnmpAdminString, swACLIpRuleSrcIpaddress IpAddress, swACLIpRuleDstIpaddress IpAddress, swACLIpRuleDscp INTEGER, swACLIpRuleProtocol INTEGER, swACLIpRuleType INTEGER, swACLIpRuleCode INTEGER, swACLIpRuleSrcPort INTEGER, swACLIpRuleDstPort INTEGER, swACLIpRuleFlagBits INTEGER, swACLIpRuleProtoID INTEGER, swACLIpRuleUserMask OCTET STRING, swACLIpRuleEnablePriority INTEGER, swACLIpRulePriority INTEGER, swACLIpRuleReplacePriority INTEGER, swACLIpRuleEnableReplaceDscp INTEGER, swACLIpRuleRepDscp INTEGER, swACLIpRulePermit INTEGER, swACLIpRulePort -- INTEGER, PortList, -- swACLIpRuleSwAclState -- INTEGER, swACLIpRuleRowStatus RowStatus, swACLIpRuleOwner INTEGER, swACLIpRuleRxRate INTEGER, -- swACLIpRuleSrcMacAddress -- MacAddress, swACLIpRuleEnableReplaceTosPrecedence INTEGER, swACLIpRuleRepTosPrecedence INTEGER, swACLIpRuleVID INTEGER } swACLIpRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLIpRuleEntry 1 } swACLIpRuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the ACL rule entry relates to swACLIPRuleProfileID. Row creation set to 0 indicates automatic assignment of the Access ID for the ports in the swACLIpRulePort to create Rule entries for swACLIpRulePort accordingly. Set to 1-65535 causes creation of an access ID for the swACLIpRulePort. The swACLIpRulePort must be set to one port only otherwise the row creation will fail." ::= { swACLIpRuleEntry 2 } swACLIpRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to this VLAN." ::= { swACLIpRuleEntry 3 } swACLIpRuleSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies an IP source address." ::= { swACLIpRuleEntry 4 } swACLIpRuleDstIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies an IP destination address." ::= { swACLIpRuleEntry 5 } swACLIpRuleDscp OBJECT-TYPE SYNTAX INTEGER(-1..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the value of DSCP. The value can be configured from 0 to 63. A value of -1 indicates that this node is not actively used." ::= { swACLIpRuleEntry 6 } swACLIpRuleProtocol OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies the IP protocol. For some older chips, this object can not be set. When getting this object, it always returns the type which has been configured in swACLIpEntry. For some newer chips, this object can only set the type which has been configured in swACLIpEntry. The default value is none (1). " ::= { swACLIpRuleEntry 7 } swACLIpRuleType OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the value of ICMP type traffic. A value of -1 denotes that this object is not active." ::= { swACLIpRuleEntry 8 } swACLIpRuleCode OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the value of ICMP code traffic. A value of -1 denotes that this object is not active." ::= { swACLIpRuleEntry 9 } swACLIpRuleSrcPort OBJECT-TYPE SYNTAX INTEGER(-1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the range of the TCP/UDP source ports. A value of -1 indicates that this node is not actively used." ::= { swACLIpRuleEntry 10 } swACLIpRuleDstPort OBJECT-TYPE SYNTAX INTEGER(-1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the TCP/UDP destination port range. A value of -1 indicates that this node is not actively used." ::= { swACLIpRuleEntry 11 } swACLIpRuleFlagBits OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offer. The value is a sum of flag bits. This sum initially takes the value zero. Then, for each flag, L is added in the range 1 through 6, for which this node performs transactions, where 2^(L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example, it you want to enable urg bit and ack bit, you should set value 48{2^(5-1) + 2^(6-1)}." ::= { swACLIpRuleEntry 12 } swACLIpRuleProtoID OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the value of IP protocol ID traffic. A value of -1 indicates that this node is not actively used." ::= { swACLIpRuleEntry 13 } swACLIpRuleUserMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the range of options behind the IP header." ::= { swACLIpRuleEntry 14 } swACLIpRuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this priority value." ::= { swACLIpRuleEntry 15 } swACLIpRulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the priority will change in packets while the swACLIpRuleEnablePriority is enabled." ::= { swACLIpRuleEntry 16 } swACLIpRuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies whether the packets that match the access profile will change the 802.1p priority tag field by the switch or not." ::= { swACLIpRuleEntry 17 } swACLIpRuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile DSCP field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLIpRuleEntry 18 } swACLIpRuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLIpRuleEntry 19 } swACLIpRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) -- ,mirror(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is to 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." -- mirror - Specifies the packets that match the access profile are sent the copied one -- to the mirror port. -- Note: The ACL mirror function will work after the mirror is enabled and the mirror port has -- been configured. ::= { swACLIpRuleEntry 20 } swACLIpRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s). This object and swACLIpRuleVID can not be set together. " ::= { swACLIpRuleEntry 21 } -- swACLIpRuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to the software ACL state." -- ::= { swACLIpRuleEntry 22 } swACLIpRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpRuleEntry 22 } swACLIpRuleOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL rule entry. Only owners can modify this entry." ::= { swACLIpRuleEntry 23 } swACLIpRuleRxRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device." ::= { swACLIpRuleEntry 24 } -- swACLIpRuleSrcMacAddress OBJECT-TYPE -- SYNTAX MacAddress -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "Specifies that the access will only apply to packets with -- this source MAC address." -- ::= { swACLIpRuleEntry 25 } swACLIpRuleEnableReplaceTosPrecedence OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile ToS precedence field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLIpRuleEntry 26 } swACLIpRuleRepTosPrecedence OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the ToS precedence field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the ToS precedence field of the packet." ::= { swACLIpRuleEntry 27 } swACLIpRuleVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies this rule only applies to the specified VLAN. There are two conditions: 1.only the portlist that belongs to this VLAN will be included; 2.packets must belong to this VLAN. This object and swACLIpRulePort can not be set together. When you set swACLIpRulePort, the value of this object will automatically change to 0. And this object can not be set 0." ::= { swACLIpRuleEntry 28 } -- ----------------------------------------------------------------------------- -- swACLPktContRuleTable -- ----------------------------------------------------------------------------- -- swACLPktContRuleTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLPktContRuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contains ACL rules regarding user-defined information." -- ::= { swAclRuleMgmt 3 } -- swACLPktContRuleEntry OBJECT-TYPE -- SYNTAX SwACLPktContRuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about the ACL rule of the user-defined part of each packet." -- INDEX { swACLPktContRuleProfileID,swACLPktContRuleAccessID } -- ::= { swACLPktContRuleTable 1 } -- SwACLPktContRuleEntry ::= -- SEQUENCE { -- swACLPktContRuleProfileID -- INTEGER, -- swACLPktContRuleAccessID -- INTEGER, -- swACLPktContRuleOffset0to15 -- OCTET STRING, -- swACLPktContRuleOffset16to31 -- OCTET STRING, -- swACLPktContRuleOffset32to47 -- OCTET STRING, -- swACLPktContRuleOffset48to63 -- OCTET STRING, -- swACLPktContRuleOffset64to79 -- OCTET STRING, -- swACLPktContRuleEnablePriority -- INTEGER, -- swACLPktContRulePriority -- INTEGER, -- swACLPktContRuleReplacePriority -- INTEGER, -- swACLPktContRuleEnableReplaceDscp -- INTEGER, -- swACLPktContRuleRepDscp -- INTEGER, -- swACLPktContRulePermit -- INTEGER, -- swACLPktContRulePort -- INTEGER, -- PortList, -- swACLPktContRuleSwAclState -- INTEGER, -- swACLPktContRuleRowStatus -- RowStatus, -- swACLPktContRuleOwner -- INTEGER, -- swACLPktContRuleRxRate -- INTEGER, -- swACLPktContRuleEnableReplaceTosPrecedence -- INTEGER, -- swACLPktContRuleRepTosPrecedence -- INTEGER, -- swACLPktContRuleVID -- INTEGER -- } -- swACLPktContRuleProfileID OBJECT-TYPE -- SYNTAX INTEGER -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." -- ::= { swACLPktContRuleEntry 1 } -- swACLPktContRuleAccessID OBJECT-TYPE -- SYNTAX INTEGER (0..65535) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID. -- When row creation is set to 0, an access ID is automatically created -- for the ports in the swACLPktContRulePort to create rule entries -- for swACLPktContRulePort accordingly. -- Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID -- for the swACLPktContRulePort. The swACLPktContRulePort must be set to -- one port only, otherwise the row creation will fail." -- ::= { swACLPktContRuleEntry 2 } -- swACLPktContRuleOffset0to15 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 3 } -- swACLPktContRuleOffset16to31 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 4 } -- swACLPktContRuleOffset32to47 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 5 } -- swACLPktContRuleOffset48to63 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 6 } -- swACLPktContRuleOffset64to79 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 7 } -- swACLPktContRuleEnablePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will apply only to packets with this -- priority value." -- ::= { swACLPktContRuleEntry 8 } -- swACLPktContRulePriority OBJECT-TYPE -- SYNTAX INTEGER(0..7) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies the priority will change for the packets while the swACLPktContRuleReplacePriority -- is enabled ." -- ::= { swACLPktContRuleEntry 9 } -- swACLPktContRuleReplacePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies if the switch will change priorities of packets that match the access profile -- 802.1p priority tag or not." -- ::= { swACLPktContRuleEntry 10 } -- swACLPktContRuleEnableReplaceDscp OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies if the switch will change priorities of packets that match the access profile -- DSCP field or not. -- Replace DSCP and replace ToS precedence can not both be supported. " -- ::= { swACLPktContRuleEntry 11 } -- swACLPktContRuleRepDscp OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies a value to be written to the DSCP field of an incoming packet -- that meets the criteria specified in the first part of the command. -- This value will over-write the value in the DSCP field of the packet." -- ::= { swACLPktContRuleEntry 12 } -- swACLPktContRulePermit OBJECT-TYPE -- SYNTAX INTEGER { -- deny(1), -- permit(2), -- mirror(3), -- lease-renew(4) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates if the result of the packet examination is 'permit' or 'deny'. -- The default is 'permit'. -- permit - Specifies that packets that match the access profile are -- permitted to be forwarded by the switch. -- deny - Specifies that packets that match the access profile -- are not permitted to be forwarded by the switch and will be filtered. -- mirror - Specifies that the packets that match the access profile are copied to -- the mirror port. -- Note: The ACL mirror function will function after mirror is enabled -- and a mirror port has been configured. -- lease-renew - Specifies the packets that match the access profile are copied to -- the CPU. -- Note : After user enables port's lease-renew state, all kinds of DHCP packets -- (including unicast and broadcast DHCP packets) will be copied to CPU -- (using user ACL mask and rule)." -- ::= { swACLPktContRuleEntry 13 } -- swACLPktContRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to port(s). -- This object and swACLPktContRuleVID can not be set together. " -- ::= { swACLPktContRuleEntry 14 } -- swACLPktContRuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to the software ACL state." -- ::= { swACLPktContRuleEntry 15 } -- swACLPktContRuleRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLPktContRuleEntry 15 } -- swACLPktContRuleOwner OBJECT-TYPE -- SYNTAX INTEGER { -- any(1), -- acl(2), -- ipbind(3), -- other(4), -- dhcp(5), -- netbios(6), -- ext-netbios(7) -- } -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The owner of the ACL rule entry. Only owners can modify this entry." -- ::= { swACLPktContRuleEntry 16 } -- swACLPktContRuleRxRate OBJECT-TYPE -- SYNTAX INTEGER -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device." -- ::= { swACLPktContRuleEntry 17 } -- swACLPktContRuleEnableReplaceTosPrecedence OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies if the switch will change priorities of packets that match the access profile -- ToS precedence field or not. -- Replace DSCP and replace ToS precedence can not both be supported. -- " -- ::= { swACLPktContRuleEntry 18 } -- swACLPktContRuleRepTosPrecedence OBJECT-TYPE -- SYNTAX INTEGER(0..7) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies a value to be written to the ToS precedence field of an incoming packet -- that meets the criteria specified in the first part of the command. -- This value will over-write the value in the ToS precedence field of the packet." -- ::= { swACLPktContRuleEntry 19 } -- swACLPktContRuleVID OBJECT-TYPE -- SYNTAX INTEGER (0..4094) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies this rule only applies to the specified VLAN. There are two conditions: -- 1.only the portlist that belongs to this VLAN will be included; -- 2.packets must belong to this VLAN. -- This object and swACLPktContRulePort can not be set together. -- When you set swACLPktContRulePort, the value of this object will automatically change to 0. -- And this object can not be set 0." -- ::= { swACLPktContRuleEntry 20 } -- ----------------------------------------------------------------------------- -- swACLIpv6RuleTable -- ----------------------------------------------------------------------------- swACLIpv6RuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLIpv6RuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains the IPv6 ACL rule information." ::= { swAclRuleMgmt 4 } swACLIpv6RuleEntry OBJECT-TYPE SYNTAX SwACLIpv6RuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL rules regarding the IPv6 part of each packet." INDEX { swACLIpv6RuleProfileID,swACLIpv6RuleAccessID } ::= { swACLIpv6RuleTable 1 } SwACLIpv6RuleEntry ::= SEQUENCE { swACLIpv6RuleProfileID INTEGER, swACLIpv6RuleAccessID INTEGER, swACLIpv6RuleClass INTEGER, swACLIpv6RuleFlowlabel OCTET STRING, swACLIpv6RuleSrcIpv6Addr Ipv6Address, swACLIpv6RuleDstIpv6Addr Ipv6Address, swACLIpv6RuleEnablePriority INTEGER, swACLIpv6RulePriority INTEGER, swACLIpv6RuleReplacePriority INTEGER, swACLIpv6RulePermit INTEGER, swACLIpv6RulePort -- INTEGER, PortList, -- swACLIpv6RuleSwAclState -- INTEGER, swACLIpv6RuleRowStatus RowStatus, swACLIpv6RuleOwner INTEGER, swACLIpv6RuleRxRate INTEGER, swACLIpv6RuleEnableReplaceDscp INTEGER, swACLIpv6RuleRepDscp INTEGER, swACLIpv6RuleEnableReplaceTosPrecedence INTEGER, swACLIpv6RuleRepTosPrecedence INTEGER, swACLIpv6RuleVID INTEGER, swACLIpv6RuleProtocol INTEGER, swACLIpv6RuleSrcPort INTEGER, swACLIpv6RuleDstPort INTEGER } swACLIpv6RuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swACLIpv6RuleEntry 1 } swACLIpv6RuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry relates to swACLIpv6RuleProfileID. When row creation is set to 0, this indicates the access ID will be assigned automatically for the ports in the swACLIpv6RulePort to create rule entries for swACLIpv6RulePort accordingly. Set to 1-65535 indicates creation of an access ID for the swACLIpv6RulePort. The swACLIpv6RulePort must be set to one port only, otherwise the row creation will fail." ::= { swACLIpv6RuleEntry 2 } swACLIpv6RuleClass OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 class field." ::= { swACLIpv6RuleEntry 3 } swACLIpv6RuleFlowlabel OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 flow label field." ::= { swACLIpv6RuleEntry 4 } swACLIpv6RuleSrcIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the source IPv6 address. This should be a 16 byte octet string." ::= { swACLIpv6RuleEntry 5 } swACLIpv6RuleDstIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the destination IPv6 address. This should be a 16 byte octet string." ::= { swACLIpv6RuleEntry 6 } swACLIpv6RuleEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with priority value." ::= { swACLIpv6RuleEntry 7 } swACLIpv6RulePriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the priority will change in packets while the swACLIpv6RuleReplacePriority is enabled." ::= { swACLIpv6RuleEntry 8 } swACLIpv6RuleReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile 802.1p priority tag or not." ::= { swACLIpv6RuleEntry 9 } swACLIpv6RulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2), mirror(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of packet examination is to 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered. mirror - Specifies the packets that match the access profile are copied to the mirror port. Note: The ACL mirror function will work after mirror has been enabled and the mirror port has been configured." ::= { swACLIpv6RuleEntry 10 } swACLIpv6RulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to port(s). This object and swACLIpv6RuleVID can not be set together. " ::= { swACLIpv6RuleEntry 11 } -- swACLIpv6RuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to the software ACL state." -- ::= { swACLIpv6RuleEntry 13 } swACLIpv6RuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLIpv6RuleEntry 12 } swACLIpv6RuleOwner OBJECT-TYPE SYNTAX INTEGER { any(1), acl(2), ipbind(3), other(4), dhcp(5), netbios(6), ext-netbios(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The owner of the ACL rule entry. Only owners can modify this entry." ::= { swACLIpv6RuleEntry 13 } swACLIpv6RuleRxRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device." ::= { swACLIpv6RuleEntry 14 } swACLIpv6RuleEnableReplaceDscp OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile DSCP field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLIpv6RuleEntry 15 } swACLIpv6RuleRepDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the DSCP field of the packet." ::= { swACLIpv6RuleEntry 16 } swACLIpv6RuleEnableReplaceTosPrecedence OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile ToS precedence field or not. Replace DSCP and replace ToS precedence can not both be supported. " ::= { swACLIpv6RuleEntry 17 } swACLIpv6RuleRepTosPrecedence OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a value to be written to the ToS precedence field of an incoming packet that meets the criteria specified in the first part of the command. This value will over-write the value in the ToS precedence field of the packet." ::= { swACLIpv6RuleEntry 18 } swACLIpv6RuleVID OBJECT-TYPE SYNTAX INTEGER (0..4094) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies this rule only applies to the specified VLAN. There are two conditions: 1.only the portlist that belongs to this VLAN will be included; 2.packets must belong to this VLAN. This object and swACLIpv6RulePort can not be set together. When you set swACLIpv6RulePort, the value of this object will automatically change to 0. And this object can not be set 0." ::= { swACLIpv6RuleEntry 19 } swACLIpv6RuleProtocol OBJECT-TYPE SYNTAX INTEGER { none(1), tcp(2), udp(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the IPv6 protocol. For some older chips, this object can not be set. When getting this object, it always returns the type which has been configured in swACLIpv6Entry. For some newer chips, this object can only set the type which has been configured in swACLIpv6Entry. The default value is none (1). " ::= { swACLIpv6RuleEntry 20 } swACLIpv6RuleSrcPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the range of the TCP/UDP source ports." ::= { swACLIpv6RuleEntry 21 } swACLIpv6RuleDstPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the TCP/UDP destination ports range." ::= { swACLIpv6RuleEntry 22 } -- ----------------------------------------------------------------------------- --swIBPACLEtherRuleTable -- ----------------------------------------------------------------------------- swIBPACLEtherRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwIBPACLEtherRuleEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "This table contains IP-MAC-Binding Ethernet ACL Rule information." ::= { swAclRuleMgmt 5 } swIBPACLEtherRuleEntry OBJECT-TYPE SYNTAX SwIBPACLEtherRuleEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "A list of information about the ACL rule of the layer 2 part of each packet." INDEX { swIBPACLEtherRuleProfileID,swIBPACLEtherRuleAccessID } ::= { swIBPACLEtherRuleTable 1 } SwIBPACLEtherRuleEntry ::= SEQUENCE { swIBPACLEtherRuleProfileID INTEGER, swIBPACLEtherRuleAccessID INTEGER, swIBPACLEtherRuleEtherType OCTET STRING, swIBPACLEtherRulePermit INTEGER, swIBPACLEtherRulePort PortList } swIBPACLEtherRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device." ::= { swIBPACLEtherRuleEntry 1 } swIBPACLEtherRuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL rule entry in relation to swACLEtherRuleProfileID. When row creation is set to 0, this indicates automatically assigning an Access for the ports in the swACLEtherRulePort to create rule entries for swACLEtherRulePort accordingly. Set to 1-65535 indicates to create the exact access ID for the swACLEtherRulePort and the swACLEtherRulePort must set one port only, otherwise the row creation will fail." ::= { swIBPACLEtherRuleEntry 2 } swIBPACLEtherRuleEtherType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies that the access rule will apply only to packets with this 802.1Q Ethernet type value in the packet header." ::= { swIBPACLEtherRuleEntry 3 } swIBPACLEtherRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-only STATUS obsolete DESCRIPTION "This object indicates if the result of the examination is 'permit' or 'deny'. The default is 'permit' (1). permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swIBPACLEtherRuleEntry 4 } swIBPACLEtherRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swIBPACLEtherRuleEntry 5 } -- ----------------------------------------------------------------------------- --swIBPACLIpRuleTable -- ----------------------------------------------------------------------------- swIBPACLIpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwIBPACLIpRuleEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "" ::= { swAclRuleMgmt 6 } swIBPACLIpRuleEntry OBJECT-TYPE SYNTAX SwIBPACLIpRuleEntry MAX-ACCESS not-accessible STATUS obsolete DESCRIPTION "" INDEX { swIBPACLIpRuleProfileID , swIBPACLIpRuleAccessID } ::= { swIBPACLIpRuleTable 1 } SwIBPACLIpRuleEntry ::= SEQUENCE { swIBPACLIpRuleProfileID INTEGER, swIBPACLIpRuleAccessID INTEGER, swIBPACLIpRuleSrcMacAddress MacAddress, swIBPACLIpRuleSrcIpaddress IpAddress, swIBPACLIpRulePermit INTEGER, swIBPACLIpRulePort PortList } swIBPACLIpRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS obsolete DESCRIPTION "The ID of the ACL mask entry, unique in the mask list. The maximum value of this object depends on the device." ::= { swIBPACLIpRuleEntry 1 } swIBPACLIpRuleAccessID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only --read-create STATUS obsolete DESCRIPTION "The ID of the ACL rule entry in relation to swACLIPRuleProfileID. When the row creation is set to 0, this indicates assigning an access ID automatically for the ports in the swACLIpRulePort to create rule entries for swACLIpRulePort accordingly. Set to 1-65535 indicates to create the exact access ID for the swACLIpRulePort and the swACLIpRulePort must be set for one port only, otherwise the row creation will fail." ::= { swIBPACLIpRuleEntry 2 } swIBPACLIpRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies that the access rule will apply to only packets with this source MAC address." ::= { swIBPACLIpRuleEntry 3 } swIBPACLIpRuleSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies an IP source address." ::= { swIBPACLIpRuleEntry 4 } swIBPACLIpRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-only STATUS obsolete DESCRIPTION "This object indicates if the result of the examination is 'permit' or 'deny'; the default is 'permit' (1) permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swIBPACLIpRuleEntry 5 } swIBPACLIpRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-only STATUS obsolete DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swIBPACLIpRuleEntry 6 } -- ----------------------------------------------------------------------------- --swACLPktContRuleOptionTable -- ----------------------------------------------------------------------------- -- swACLPktContRuleOptionTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLPktContRuleOptionEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contains user-defined ACL information." -- ::= { swAclRuleMgmt 7 } -- swACLPktContRuleOptionEntry OBJECT-TYPE -- SYNTAX SwACLPktContRuleOptionEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about the ACL rule regarding the user-defined part of each packet." -- INDEX { swACLPktContRuleOptionProfileID,swACLPktContRuleOptionAccessID } -- ::= { swACLPktContRuleOptionTable 1 } -- SwACLPktContRuleOptionEntry ::= -- SEQUENCE { -- swACLPktContRuleOptionProfileID -- INTEGER, -- swACLPktContRuleOptionAccessID -- INTEGER, -- swACLPktContRuleOffsetChunk1OffsetValue -- INTEGER, -- swACLPktContRuleOffsetChunk1Content -- OCTET STRING, -- swACLPktContRuleOffsetChunk2OffsetValue -- INTEGER, -- swACLPktContRuleOffsetChunk2Content -- OCTET STRING, -- swACLPktContRuleOffsetChunk3OffsetValue -- INTEGER, -- swACLPktContRuleOffsetChunk3Content -- OCTET STRING, -- swACLPktContRuleOffsetChunk4OffsetValue -- INTEGER, -- swACLPktContRuleOffsetChunk4Content -- OCTET STRING, -- swACLPktContRuleOptionEnablePriority -- INTEGER, -- swACLPktContRuleOptionPriority -- INTEGER, -- swACLPktContRuleOptionReplacePriority -- INTEGER, -- swACLPktContRuleOptionEnableReplaceDscp -- INTEGER, -- swACLPktContRuleOptionRepDscp -- INTEGER, -- swACLPktContRuleOptionPermit -- INTEGER, -- swACLPktContRuleOptionPort -- PortList, -- swACLPktContRuleOptionRowStatus -- RowStatus, -- swACLPktContRuleOptionOwner -- INTEGER, -- swACLPktContRuleOptionRxRate -- INTEGER, -- swACLPktContRuleOptionEnableReplaceTosPrecedence -- INTEGER, -- swACLPktContRuleOptionRepTosPrecedence -- INTEGER, -- swACLPktContRuleOptionVID -- INTEGER -- } -- swACLPktContRuleOptionProfileID OBJECT-TYPE -- SYNTAX INTEGER -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of the ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." -- ::= { swACLPktContRuleOptionEntry 1 } -- swACLPktContRuleOptionAccessID OBJECT-TYPE -- SYNTAX INTEGER (0..65535) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of the ACL rule entry in relation to the swACLPktContRuleProfileID. -- When row creation is set to 0, access ID is automatically created -- for the ports in the swACLPktContRulePort to create rule entries -- for swACLPktContRulePort accordingly. -- Set to 1-65535 indicates to creswACLPktContRuleRepDscpate the exact access ID -- for the swACLPktContRulePort. The swACLPktContRulePort must be set to -- one port only, otherwise the row creation will fail." -- ::= { swACLPktContRuleOptionEntry 2 } -- swACLPktContRuleOffsetChunk1OffsetValue OBJECT-TYPE -- SYNTAX INTEGER (0..31) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "Displays the frame content offset of chunk1." -- ::= { swACLPktContRuleOptionEntry 3 } -- swACLPktContRuleOffsetChunk1Content OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(4)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies the frame content of chunk1." -- ::= { swACLPktContRuleOptionEntry 4 } -- swACLPktContRuleOffsetChunk2OffsetValue OBJECT-TYPE -- SYNTAX INTEGER (0..31) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "Displays the frame content offset of chunk2." -- ::= { swACLPktContRuleOptionEntry 5 } -- swACLPktContRuleOffsetChunk2Content OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(4)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies the frame content of chunk2." -- ::= { swACLPktContRuleOptionEntry 6 } -- swACLPktContRuleOffsetChunk3OffsetValue OBJECT-TYPE -- SYNTAX INTEGER (0..31) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "Displays the frame content offset of chunk3." -- ::= { swACLPktContRuleOptionEntry 7 } -- swACLPktContRuleOffsetChunk3Content OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(4)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies the frame content of chunk3." -- ::= { swACLPktContRuleOptionEntry 8 } -- swACLPktContRuleOffsetChunk4OffsetValue OBJECT-TYPE -- SYNTAX INTEGER (0..31) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "Displays the frame content offset of chunk4." -- ::= { swACLPktContRuleOptionEntry 9 } -- swACLPktContRuleOffsetChunk4Content OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(4)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies the frame content of chunk4." -- ::= { swACLPktContRuleOptionEntry 10 } -- swACLPktContRuleOptionEnablePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to packets with this -- priority value." -- ::= { swACLPktContRuleOptionEntry 11 } -- swACLPktContRuleOptionPriority OBJECT-TYPE -- SYNTAX INTEGER(0..7) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the priority will change for the packets while the swACLPktContRuleReplacePriority -- is enabled ." -- ::= { swACLPktContRuleOptionEntry 12 } -- swACLPktContRuleOptionReplacePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies if the switch will change priorities of packets that match the access profile -- 802.1p priority tag or not." -- ::= { swACLPktContRuleOptionEntry 13 } -- swACLPktContRuleOptionEnableReplaceDscp OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies if the switch will change priorities of packets that match the access profile -- DSCP field or not. -- Replace DSCP and replace ToS precedence can not both be supported. " -- ::= { swACLPktContRuleOptionEntry 14 } -- swACLPktContRuleOptionRepDscp OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies a value to be written to the DSCP field of an incoming packet -- that meets the criteria specified in the first part of the command. -- This value will over-write the value in the DSCP field of the packet." -- ::= { swACLPktContRuleOptionEntry 15 } -- swACLPktContRuleOptionPermit OBJECT-TYPE -- SYNTAX INTEGER { -- deny(1), -- permit(2), -- mirror(3) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates if the result of the packet examination is 'permit' or 'deny'. -- The default is 'permit'. -- permit - Specifies that packets that match the access profile are -- permitted to be forwarded by the switch. -- deny - Specifies that packets that match the access profile -- are not permitted to be forwarded by the switch and will be filtered. -- mirror - Specifies that the packets that match the access profile are copied to -- the mirror port. -- Note: The ACL mirror function will function after mirror is enabled -- and a mirror port has been configured." -- ::= { swACLPktContRuleOptionEntry 16 } -- swACLPktContRuleOptionPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will only apply to port(s). -- This object and swACLPktContRuleOptionVID can not be set together. " -- ::= { swACLPktContRuleOptionEntry 17 } -- swACLPktContRuleOptionRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLPktContRuleOptionEntry 18 } -- swACLPktContRuleOptionOwner OBJECT-TYPE -- SYNTAX INTEGER { -- any(1), -- acl(2), -- ipbind(3), -- other(4), -- dhcp(5), -- netbios(6), -- ext-netbios(7) -- } -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The owner of the ACL rule entry. Only owners can modify this entry." -- ::= { swACLPktContRuleOptionEntry 19 } -- swACLPktContRuleOptionRxRate OBJECT-TYPE -- SYNTAX INTEGER -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies the rx-rate, 0 denotes no_limit. The maximum value of this object depends on the device." -- ::= { swACLPktContRuleOptionEntry 20 } -- swACLPktContRuleOptionEnableReplaceTosPrecedence OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies if the switch will change priorities of packets that match the access profile -- ToS precedence field or not. -- Replace DSCP and replace ToS precedence can not both be supported. -- " -- ::= { swACLPktContRuleOptionEntry 21 } -- swACLPktContRuleOptionRepTosPrecedence OBJECT-TYPE -- SYNTAX INTEGER(0..7) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies a value to be written to the ToS precedence field of an incoming packet -- that meets the criteria specified in the first part of the command. -- This value will over-write the value in the ToS precedence field of the packet." -- ::= { swACLPktContRuleOptionEntry 22 } -- swACLPktContRuleOptionVID OBJECT-TYPE -- SYNTAX INTEGER (0..4094) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies this rule only applies to the specified VLAN. There are two conditions: -- 1.only the portlist that belongs to this VLAN will be included; -- 2.packets must belong to this VLAN. -- This object and swACLPktContRuleOptionPort can not be set together. -- When you set swACLPktContRuleOptionPort, the value of this object will automatically change to 0. -- And this object can not be set 0." -- ::= { swACLPktContRuleOptionEntry 23 } -- ----------------------------------------------------------------------------- -- swACLCounterTable -- ----------------------------------------------------------------------------- swACLCounterTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table maintains counter information associated with a specific rule in the ACL rule table. Please refer to the swACLEtherRuleTable, swACLIpRuleTable, swACLIpv6RuleTable and swACLPktContRuleTable for detailed ACL rule information." ::= { swAclRuleMgmt 8 } swACLCounterEntry OBJECT-TYPE SYNTAX SwACLCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The entry maintains counter information associated with the ACL rule table." INDEX { swACLCounterProfileID, swACLCounterAccessID} ::= { swACLCounterTable 1 } SwACLCounterEntry ::= SEQUENCE { swACLCounterProfileID INTEGER, swACLCounterAccessID INTEGER, swACLCounterState INTEGER, swACLCounterTotalCounter Counter64, swACLCounterGreenCounter Counter64, swACLCounterYellowCounter Counter64, swACLCounterRedCounter Counter64 } swACLCounterProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry, which is unique in the mask list." ::= { swACLCounterEntry 1 } swACLCounterAccessID OBJECT-TYPE SYNTAX INTEGER(1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry as related to the swACLCounterProfileID." ::= { swACLCounterEntry 2 } swACLCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies whether the counter feature will be enabled/disabled. 1. This is optional. The default is disable. 2. If the rule is not bound with flow_meter, then all packets that match will be counted. If the rule is bound with flow_meter, then the 'counter' will be overridden. " ::= { swACLCounterEntry 3 } swACLCounterTotalCounter OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of matched packets." ::= { swACLCounterEntry 4 } swACLCounterGreenCounter OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of matched green packets." ::= { swACLCounterEntry 5 } swACLCounterYellowCounter OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of matched yellow packets." ::= { swACLCounterEntry 6 } swACLCounterRedCounter OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of matched red packets." ::= { swACLCounterEntry 7 } -- ----------------------------------------------------------------------------- -- swACLPktContRuleVarOffsetTable -- ----------------------------------------------------------------------------- swACLPktContRuleVarOffsetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwACLPktContRuleVarOffsetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to configure ACL user defined packet content rules for devices that support limited selection of packet content." ::= { swAclRuleMgmt 9 } swACLPktContRuleVarOffsetEntry OBJECT-TYPE SYNTAX SwACLPktContRuleVarOffsetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list which contains information on the ACL rules for user-defined parts of a packet." INDEX { swACLPktContRuleVarOffsetProfileID,swACLPktContRuleVarOffsetAccessID } ::= { swACLPktContRuleVarOffsetTable 1 } SwACLPktContRuleVarOffsetEntry ::= SEQUENCE { swACLPktContRuleVarOffsetProfileID INTEGER, swACLPktContRuleVarOffsetAccessID INTEGER, swACLPktContRuleVarOffsetOffsetIndex1 INTEGER, swACLPktContRuleVarOffsetMask1 OCTET STRING, swACLPktContRuleVarOffsetData1 OCTET STRING, swACLPktContRuleVarOffsetOffsetIndex2 INTEGER, swACLPktContRuleVarOffsetMask2 OCTET STRING, swACLPktContRuleVarOffsetData2 OCTET STRING, swACLPktContRuleVarOffsetOffsetIndex3 INTEGER, swACLPktContRuleVarOffsetMask3 OCTET STRING, swACLPktContRuleVarOffsetData3 OCTET STRING, swACLPktContRuleVarOffsetOffsetIndex4 INTEGER, swACLPktContRuleVarOffsetMask4 OCTET STRING, swACLPktContRuleVarOffsetData4 OCTET STRING, swACLPktContRuleVarOffsetOffsetIndex5 INTEGER, swACLPktContRuleVarOffsetMask5 OCTET STRING, swACLPktContRuleVarOffsetData5 OCTET STRING, swACLPktContRuleVarOffsetEnablePriority INTEGER, swACLPktContRuleVarOffsetPriority INTEGER, swACLPktContRuleVarOffsetReplacePriority INTEGER, -- swACLPktContRuleVarOffsetEnableReplaceDscp -- INTEGER, -- swACLPktContRuleVarOffsetRepDscp -- INTEGER, swACLPktContRuleVarOffsetRxRate INTEGER, swACLPktContRuleVarOffsetPermit INTEGER, swACLPktContRuleVarOffsetPort PortList, -- swACLPktContRuleVarOffsetSwAclState -- INTEGER, -- swACLPktContRuleVarOffsetTimeRange -- OCTET STRING, swACLPktContRuleVarOffsetRowStatus RowStatus, swACLPktContRuleVarOffsetReplacePriorityWith INTEGER } swACLPktContRuleVarOffsetProfileID OBJECT-TYPE SYNTAX INTEGER (1..256) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry, which is unique to the mask list." ::= { swACLPktContRuleVarOffsetEntry 1 } swACLPktContRuleVarOffsetAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL rule entry related to swACLPktContRuleVarOffsetProfileID." ::= { swACLPktContRuleVarOffsetEntry 2 } swACLPktContRuleVarOffsetOffsetIndex1 OBJECT-TYPE SYNTAX INTEGER(0..76) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the first offset will apply in getting the mask for this rule." ::={ swACLPktContRuleVarOffsetEntry 8 } swACLPktContRuleVarOffsetMask1 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex1 and swACLPktContRuleVarOffsetData1." ::={ swACLPktContRuleVarOffsetEntry 9 } swACLPktContRuleVarOffsetData1 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex1 and swACLPktContRuleVarOffsetMask1." ::={ swACLPktContRuleVarOffsetEntry 10 } swACLPktContRuleVarOffsetOffsetIndex2 OBJECT-TYPE SYNTAX INTEGER(0..76) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the second offset will apply in getting the mask for this rule." ::={ swACLPktContRuleVarOffsetEntry 11 } swACLPktContRuleVarOffsetMask2 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex2 and swACLPktContRuleVarOffsetData2." ::={ swACLPktContRuleVarOffsetEntry 12 } swACLPktContRuleVarOffsetData2 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex2 and swACLPktContRuleVarOffsetMask2." ::={ swACLPktContRuleVarOffsetEntry 13 } swACLPktContRuleVarOffsetOffsetIndex3 OBJECT-TYPE SYNTAX INTEGER(0..76) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the third offset will apply in getting the mask for this rule." ::={ swACLPktContRuleVarOffsetEntry 14 } swACLPktContRuleVarOffsetMask3 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex3 and swACLPktContRuleVarOffsetData3." ::={ swACLPktContRuleVarOffsetEntry 15 } swACLPktContRuleVarOffsetData3 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex3 and swACLPktContRuleVarOffsetMask3." ::={ swACLPktContRuleVarOffsetEntry 16 } swACLPktContRuleVarOffsetOffsetIndex4 OBJECT-TYPE SYNTAX INTEGER(0..76) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the fourth offset will apply in getting the mask for this rule." ::={ swACLPktContRuleVarOffsetEntry 17 } swACLPktContRuleVarOffsetMask4 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex4 and swACLPktContRuleVarOffsetData4." ::={ swACLPktContRuleVarOffsetEntry 18 } swACLPktContRuleVarOffsetData4 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex4 and swACLPktContRuleVarOffsetMask4." ::={ swACLPktContRuleVarOffsetEntry 19 } swACLPktContRuleVarOffsetOffsetIndex5 OBJECT-TYPE SYNTAX INTEGER(0..76) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the fifth offset will apply in getting the mask for this rule." ::={ swACLPktContRuleVarOffsetEntry 20 } swACLPktContRuleVarOffsetMask5 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-only STATUS current DESCRIPTION "Display the mask for this rule. This mask corresponds to swACLPktContRuleVarOffsetOffsetIndex5 and swACLPktContRuleVarOffsetData5." ::={ swACLPktContRuleVarOffsetEntry 21 } swACLPktContRuleVarOffsetData5 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the data for this rule. This rule relates to swACLPktContRuleVarOffsetOffsetIndex5 and swACLPktContRuleVarOffsetMask5." ::={ swACLPktContRuleVarOffsetEntry 22 } swACLPktContRuleVarOffsetEnablePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to packets with this priority value." ::= { swACLPktContRuleVarOffsetEntry 23 } swACLPktContRuleVarOffsetPriority OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the priority will change to the packets." ::= { swACLPktContRuleVarOffsetEntry 24 } swACLPktContRuleVarOffsetReplacePriority OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will change priorities of packets that match the access profile 802.1p priority tag or not ." ::= { swACLPktContRuleVarOffsetEntry 25 } -- swACLPktContRuleVarOffsetEnableReplaceDscp OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies if the switch will change priorities of packets that match the access profile -- DSCP field or not ." -- ::= { swACLPktContRuleVarOffsetEntry 26 } -- swACLPktContRuleVarOffsetRepDscp OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "specify a value to be written to the DSCP field of an incoming packet -- that meets the criteria specified in the first part of the command. -- This value will over-write the value in the DSCP field of the packet." -- ::= { swACLPktContRuleVarOffsetEntry 27 } swACLPktContRuleVarOffsetRxRate OBJECT-TYPE SYNTAX INTEGER(64..1024000) MAX-ACCESS read-write STATUS current DESCRIPTION "Specifies that the access rule will apply an RX rate. 0 denotes no limit." ::={ swACLPktContRuleVarOffsetEntry 28 } swACLPktContRuleVarOffsetPermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the result of the packet examination is to permit or deny. The default is permit. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that do not match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swACLPktContRuleVarOffsetEntry 29 } swACLPktContRuleVarOffsetPort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to port(s)." ::= { swACLPktContRuleVarOffsetEntry 30 } -- swACLPktContRuleVarOffsetSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will apply only to software ACL state." -- ::= { swACLPktContRuleVarOffsetEntry 31 } -- swACLPktContRuleVarOffsetTimeRange OBJECT-TYPE -- SYNTAX OCTET STRING(SIZE(1..32)) -- MAX-ACCESS read-write -- STATUS current -- DESCRIPTION -- "Specifies that the access rule will apply to time range while Time-based ACL is enabled." -- ::={ swACLPktContRuleVarOffsetEntry 32 } swACLPktContRuleVarOffsetRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swACLPktContRuleVarOffsetEntry 33 } swACLPktContRuleVarOffsetReplacePriorityWith OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this node will be used to replace the 802.1p priority tag of the packet that matched the access profile." ::= { swACLPktContRuleVarOffsetEntry 34 } -- ----------------------------------------------------------------------------- -- swCpuAclEthernetTable -- ----------------------------------------------------------------------------- swCpuAclEthernetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains software ACL mask Ethernet information. Access profiles will be created on the switch to define which part of each incoming frame's layer 2 header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swCpuAclMaskMgmt 1 } swCpuAclEthernetEntry OBJECT-TYPE SYNTAX SwCpuAclEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about Ethernet ACL masks." INDEX { swCpuAclEthernetProfileID } ::= { swCpuAclEthernetTable 1 } SwCpuAclEthernetEntry ::= SEQUENCE { swCpuAclEthernetProfileID INTEGER, swCpuAclEthernetUsevlan INTEGER, swCpuAclEthernetMacAddrMaskState INTEGER, swCpuAclEthernetSrcMacAddrMask MacAddress, swCpuAclEthernetDstMacAddrMask MacAddress, swCpuAclEthernetUse8021p INTEGER, swCpuAclEthernetUseEthernetType INTEGER, swCpuAclEthernetRowStatus RowStatus } swCpuAclEthernetProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclEthernetEntry 1 } swCpuAclEthernetUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine the VLAN part of each packet header." ::= { swCpuAclEthernetEntry 2 } swCpuAclEthernetMacAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-mac-addr(2), src-mac-addr(3), dst-src-mac-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of the MAC address mask. other (1) - Neither source MAC addresses nor destination MAC addresses are masked. dst-mac-addr (2) - Destination MAC addresses within received frames are to be filtered when matched with the MAC address entry of the table. src-mac-addr (3) - Source MAC address within received frames are to be filtered when matched with the MAC address entry of the table. dst-src-mac-addr (4) - Source or destination MAC addresses within received frames are to be filtered when matched with the MAC address entry of this table." ::= { swCpuAclEthernetEntry 3 } swCpuAclEthernetSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the MAC address mask for the source MAC address." ::= { swCpuAclEthernetEntry 4 } swCpuAclEthernetDstMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the MAC address mask for the destination MAC address." ::= { swCpuAclEthernetEntry 5 } swCpuAclEthernetUse8021p OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the 802.1p priority value in the frame's header or not." ::= { swCpuAclEthernetEntry 6 } swCpuAclEthernetUseEthernetType OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the Ethernet type value in each frame's header or not." ::= { swCpuAclEthernetEntry 7 } swCpuAclEthernetRowStatus OBJECT-TYPE --swCpuAclEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclEthernetEntry 8 } -- ----------------------------------------------------------------------------- -- swCpuAclIpTable -- ----------------------------------------------------------------------------- swCpuAclIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains software ACL mask IP information. Access profiles will be created on the switch to define which parts of each incoming frame's IP layer 2 header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swCpuAclMaskMgmt 2 } swCpuAclIpEntry OBJECT-TYPE SYNTAX SwCpuAclIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the software ACL of the IP Layer." INDEX { swCpuAclIpProfileID } ::= { swCpuAclIpTable 1 } SwCpuAclIpEntry ::= SEQUENCE { swCpuAclIpProfileID INTEGER, swCpuAclIpUsevlan INTEGER, swCpuAclIpIpAddrMaskState INTEGER, swCpuAclIpSrcIpAddrMask IpAddress, swCpuAclIpDstIpAddrMask IpAddress, swCpuAclIpUseDSCP INTEGER, swCpuAclIpUseProtoType INTEGER, swCpuAclIpIcmpOption INTEGER, swCpuAclIpIgmpOption INTEGER, swCpuAclIpTcpOption INTEGER, swCpuAclIpUdpOption INTEGER, swCpuAclIpTCPorUDPSrcPortMask OCTET STRING, swCpuAclIpTCPorUDPDstPortMask OCTET STRING, swCpuAclIpTCPFlagBit INTEGER, swCpuAclIpTCPFlagBitMask INTEGER, swCpuAclIpProtoIDOption INTEGER, swCpuAclIpProtoID INTEGER, swCpuAclIpProtoIDMask OCTET STRING, swCpuAclIpRowStatus RowStatus } swCpuAclIpProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclIpEntry 1 } swCpuAclIpUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the IP layer VLAN part is examined or not." ::= { swCpuAclIpEntry 2 } swCpuAclIpIpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ip-addr(2), src-ip-addr(3), dst-src-ip-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of IP address mask. other (1) - Neither source IP addresses nor destination IP address are masked. dst-ip-addr (2) - Destination IP addresses within received frames are to be filtered when matched with the IP address entry of this table. src-ip-addr (3) - Source IP addresses within received frames are to be filtered when matched with the IP address entry of this table. dst-src-ip-addr (4) - Destination or source IP addresses within received frames are to be filtered when matched with the IP address entry of the table." ::= { swCpuAclIpEntry 3 } swCpuAclIpSrcIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address mask for the source IP address." ::= { swCpuAclIpEntry 4 } swCpuAclIpDstIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address mask for the destination IP address." ::= { swCpuAclIpEntry 5 } swCpuAclIpUseDSCP OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the DSCP protocol in the packet header is to be examined or not." ::= { swCpuAclIpEntry 6 } swCpuAclIpUseProtoType OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which protocol will be examined." ::= { swCpuAclIpEntry 7 } swCpuAclIpIcmpOption OBJECT-TYPE SYNTAX INTEGER { none(1), type(2), code(3), type-code(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which fields are identified for ICMP. none (1)- Both fields are null. type (2)- Type field identified. code (3)- Code field identified. type-code (4)- Both ICMP fields identified. " ::= { swCpuAclIpEntry 8 } swCpuAclIpIgmpOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the IGMP options field is identified or not." ::= { swCpuAclIpEntry 9 } swCpuAclIpTcpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered addresses of TCP. other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered is this destination or source port is identified in received frames." ::= { swCpuAclIpEntry 10 } swCpuAclIpUdpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered addresses of UDP. other (1) - Neither source port nor destination port are masked. dst-addr (2) - Packets will be filtered if this destination port is identified in received frames. src-addr (3) - Packets will be filtered if this source port is identified in received frames. dst-src-addr (4) - Packets will be filtered if this destination or source port is identified in received frames." ::= { swCpuAclIpEntry 11 } swCpuAclIpTCPorUDPSrcPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the source port if swCpuAclIpUseProtoType is TCP. Specifies a UDP port mask for the source port if swCpuAclIpUseProtoType is UDP. " ::= { swCpuAclIpEntry 12 } swCpuAclIpTCPorUDPDstPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the destination port if swCpuAclIpUseProtoType is TCP. Specifies a UDP port mask for the destination port if swCpuAclIpUseProtoType is UDP." ::= { swCpuAclIpEntry 13 } swCpuAclIpTCPFlagBit OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP connection flag mask." ::= { swCpuAclIpEntry 14 } swCpuAclIpTCPFlagBitMask OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offer. The value is a sum of flag bits. This sum initially takes the value zero. Then, for each flag, L is added in the range 1 through 6, for which this node performs transactions where 2^(L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example, if you want to enable urg bit and ack bit, you should set value 48{2^(5-1) + 2^(6-1)}." ::= { swCpuAclIpEntry 15 } swCpuAclIpProtoIDOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine each frame's Protocol ID field or not." ::= { swCpuAclIpEntry 16 } swCpuAclIpProtoID OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "" ::= { swCpuAclIpEntry 17 } swCpuAclIpProtoIDMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the mask options behind the IP header." ::= { swCpuAclIpEntry 18 } swCpuAclIpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpEntry 19 } -- ----------------------------------------------------------------------------- -- swCpuAclPktContMaskTable -- ----------------------------------------------------------------------------- swCpuAclPktContMaskTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined software ACL information. Access profiles will be created on the switch to define which part of each incoming frame's user-defined part of the packet header will be examined by the switch. Masks entered will be combined with the values the switch finds in the specified frame header fields." ::= { swCpuAclMaskMgmt 3 } swCpuAclPktContMaskEntry OBJECT-TYPE SYNTAX SwCpuAclPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about user-defined software ACLs." INDEX { swCpuAclPktContMaskProfileID } ::= { swCpuAclPktContMaskTable 1 } SwCpuAclPktContMaskEntry ::= SEQUENCE { swCpuAclPktContMaskProfileID INTEGER, swCpuAclPktContMaskOffset0to15 OCTET STRING, swCpuAclPktContMaskOffset16to31 OCTET STRING, swCpuAclPktContMaskOffset32to47 OCTET STRING, swCpuAclPktContMaskOffset48to63 OCTET STRING, swCpuAclPktContMaskOffset64to79 OCTET STRING, swCpuAclPktContMaskRowStatus RowStatus } swCpuAclPktContMaskProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclPktContMaskEntry 1 } swCpuAclPktContMaskOffset0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset0to15) and the mask options." ::= { swCpuAclPktContMaskEntry 2 } swCpuAclPktContMaskOffset16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset16to31) and the mask options." ::= { swCpuAclPktContMaskEntry 3 } swCpuAclPktContMaskOffset32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset32to47) and the mask options." ::= { swCpuAclPktContMaskEntry 4 } swCpuAclPktContMaskOffset48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset48to63) and the mask options." ::= { swCpuAclPktContMaskEntry 5 } swCpuAclPktContMaskOffset64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content (Offset64to79) and the mask options." ::= { swCpuAclPktContMaskEntry 6 } swCpuAclPktContMaskRowStatus OBJECT-TYPE --swCpuAclEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclPktContMaskEntry 7 } -- ----------------------------------------------------------------------------- -- swCpuAclIpv6MaskTable -- ----------------------------------------------------------------------------- swCpuAclIpv6MaskTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpv6MaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains IPv6 software ACL mask information. An access profile will be created on the switch to define which part of each incoming frame's IPv6 part of the packet header will be examined by switch. Masks entered will be combined with the values the switch finds in the specified frame header fields. " ::= { swCpuAclMaskMgmt 4 } swCpuAclIpv6MaskEntry OBJECT-TYPE SYNTAX SwCpuAclIpv6MaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about user-defined software ACLs." INDEX { swCpuAclIpv6MaskProfileID } ::= { swCpuAclIpv6MaskTable 1 } SwCpuAclIpv6MaskEntry ::= SEQUENCE { swCpuAclIpv6MaskProfileID INTEGER, swCpuAclIpv6MaskClass INTEGER, swCpuAclIpv6MaskFlowlabel INTEGER, swCpuAclIpv6IpAddrMaskState INTEGER, swCpuAclIpv6MaskSrcIpv6Mask Ipv6Address, swCpuAclIpv6MaskDstIpv6Mask Ipv6Address, swCpuAclIpv6MaskRowStatus RowStatus } swCpuAclIpv6MaskProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclIpv6MaskEntry 1 } swCpuAclIpv6MaskClass OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 class field and the mask options." ::= { swCpuAclIpv6MaskEntry 2 } swCpuAclIpv6MaskFlowlabel OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 flowlabel field and the mask options." ::= { swCpuAclIpv6MaskEntry 3 } swCpuAclIpv6IpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ipv6-addr(2), src-ipv6-addr(3), dst-src-ipv6-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of IPv6 address mask. other (1) - Neither source IPv6 address nor destination IPv6 address are masked. dst-ipv6-addr (2) - Packets will be filtered if this destination IPv6 address is identified as a match in received frames. src-ipv6-addr (3) - Packets will be filtered if this source IPv6 address is identified as a match in received frames. dst-src-ipv6-addr (4) - Packets will be filtered if this destination or source IPv6 address is identified as a match in received frames." ::= { swCpuAclIpv6MaskEntry 4 } swCpuAclIpv6MaskSrcIpv6Mask OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the source IPv6 address and the mask options. This should be a 16 byte octet string." ::= { swCpuAclIpv6MaskEntry 5 } swCpuAclIpv6MaskDstIpv6Mask OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the destination IPv6 address and the mask options. This should be a 16 byte octet string." ::= { swCpuAclIpv6MaskEntry 6 } swCpuAclIpv6MaskRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpv6MaskEntry 7 } -- ----------------------------------------------------------------------------- --swCpuACLMaskDelAllState -- ----------------------------------------------------------------------------- swCpuACLMaskDelAllState OBJECT-TYPE SYNTAX INTEGER{ none(1), start(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Used to delete all software ACL masks." ::= { swCpuAclMaskMgmt 5 } -- ----------------------------------------------------------------------------- -- swCpuAclEtherRuleTable -- ----------------------------------------------------------------------------- swCpuAclEtherRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains Ethernet software ACL rule information." ::= { swCpuAclRuleMgmt 1 } swCpuAclEtherRuleEntry OBJECT-TYPE SYNTAX SwCpuAclEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the software ACL rule of the layer 2 part of each packet." INDEX { swCpuAclEtherRuleProfileID,swCpuAclEtherRuleAccessID } ::= { swCpuAclEtherRuleTable 1 } SwCpuAclEtherRuleEntry ::= SEQUENCE { swCpuAclEtherRuleProfileID INTEGER, swCpuAclEtherRuleAccessID INTEGER, swCpuAclEtherRuleVlan SnmpAdminString, swCpuAclEtherRuleSrcMacAddress MacAddress, swCpuAclEtherRuleDstMacAddress MacAddress, swCpuAclEtherRule8021P INTEGER, swCpuAclEtherRuleEtherType OCTET STRING, swCpuAclEtherRulePermit INTEGER, swCpuAclEtherRuleRowStatus RowStatus, swCpuAclEtherRulePort PortList } swCpuAclEtherRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclEtherRuleEntry 1 } swCpuAclEtherRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL rule entry as it relates to swCpuAclEtherRuleProfileID." ::= { swCpuAclEtherRuleEntry 2 } swCpuAclEtherRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to this VLAN." ::= { swCpuAclEtherRuleEntry 3 } swCpuAclEtherRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to the packets with this source MAC address." ::= { swCpuAclEtherRuleEntry 4 } swCpuAclEtherRuleDstMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to the packets with this destination MAC address." ::= { swCpuAclEtherRuleEntry 5 } swCpuAclEtherRule8021P OBJECT-TYPE SYNTAX INTEGER(-1..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to packets with this 802.1p priority value. A value of -1 indicates that this node is not actively used." ::= { swCpuAclEtherRuleEntry 6 } swCpuAclEtherRuleEtherType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to packets with this 802.1Q Ethernet type value in the packet header." ::= { swCpuAclEtherRuleEntry 7 } swCpuAclEtherRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is to 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclEtherRuleEntry 8 } swCpuAclEtherRuleRowStatus OBJECT-TYPE --swCpuAclEtherRuleState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclEtherRuleEntry 9 } swCpuAclEtherRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swCpuAclEtherRuleEntry 10 } -- ----------------------------------------------------------------------------- -- swCpuAclIpRuleTable -- ----------------------------------------------------------------------------- swCpuAclIpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains IPv4 software ACL rule information." ::= { swCpuAclRuleMgmt 2 } swCpuAclIpRuleEntry OBJECT-TYPE SYNTAX SwCpuAclIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about this software ACL rule." INDEX { swCpuAclIpRuleProfileID , swCpuAclIpRuleAccessID } ::= { swCpuAclIpRuleTable 1 } SwCpuAclIpRuleEntry ::= SEQUENCE { swCpuAclIpRuleProfileID INTEGER, swCpuAclIpRuleAccessID INTEGER, swCpuAclIpRuleVlan SnmpAdminString, swCpuAclIpRuleSrcIpaddress IpAddress, swCpuAclIpRuleDstIpaddress IpAddress, swCpuAclIpRuleDscp INTEGER, swCpuAclIpRuleProtocol INTEGER, swCpuAclIpRuleType INTEGER, swCpuAclIpRuleCode INTEGER, swCpuAclIpRuleSrcPort INTEGER, swCpuAclIpRuleDstPort INTEGER, swCpuAclIpRuleFlagBits INTEGER, swCpuAclIpRuleProtoID INTEGER, swCpuAclIpRuleUserMask OCTET STRING, swCpuAclIpRulePermit INTEGER, swCpuAclIpRuleRowStatus RowStatus, swCpuAclIpRulePort PortList } swCpuAclIpRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclIpRuleEntry 1 } swCpuAclIpRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of the software ACL for the IPv4 rule entry." ::= { swCpuAclIpRuleEntry 2 } swCpuAclIpRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to this VLAN." ::= { swCpuAclIpRuleEntry 3 } swCpuAclIpRuleSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies an IP source address." ::= { swCpuAclIpRuleEntry 4 } swCpuAclIpRuleDstIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies an IP destination address." ::= { swCpuAclIpRuleEntry 5 } swCpuAclIpRuleDscp OBJECT-TYPE SYNTAX INTEGER(-1..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the value of DSCP, the value can be configured from 0 to 63. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 6 } swCpuAclIpRuleProtocol OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the IP protocol which has been configured in swCpuAclIpEntry." ::= { swCpuAclIpRuleEntry 7 } swCpuAclIpRuleType OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rule applies to the value of ICMP type traffic. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 8 } swCpuAclIpRuleCode OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rule applies to the value of ICMP code traffic. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 9 } swCpuAclIpRuleSrcPort OBJECT-TYPE SYNTAX INTEGER(-1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rule applies to the range of TCP/UDP source ports. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 10 } swCpuAclIpRuleDstPort OBJECT-TYPE SYNTAX INTEGER(-1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the range of TCP/UDP destination ports. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 11 } swCpuAclIpRuleFlagBits OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offer. The value is a sum of flag bits. This sum initially takes the value zero. Then, for each flag, L is added in the range 1 through 6, for which this node performs transactions where, 2^(L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example, it you want to enable urg bit and ack bit, you should set the value 48{2^(5-1) + 2^(6-1)}." ::= { swCpuAclIpRuleEntry 12 } swCpuAclIpRuleProtoID OBJECT-TYPE SYNTAX INTEGER(-1..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the rule applies to the value of IP protocol ID traffic. A value of -1 indicates that this node is not actively used." ::= { swCpuAclIpRuleEntry 13 } swCpuAclIpRuleUserMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the range of options behind the IP header." ::= { swCpuAclIpRuleEntry 14 } swCpuAclIpRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is to 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclIpRuleEntry 15 } swCpuAclIpRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpRuleEntry 16 } swCpuAclIpRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swCpuAclIpRuleEntry 17 } -- ----------------------------------------------------------------------------- -- swCpuAclPktContRuleTable -- ----------------------------------------------------------------------------- swCpuAclPktContRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclPktContRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined software ACL rule information." ::= { swCpuAclRuleMgmt 3 } swCpuAclPktContRuleEntry OBJECT-TYPE SYNTAX SwCpuAclPktContRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the software ACL rule of the user-defined part of each packet." INDEX { swCpuAclPktContRuleProfileID,swCpuAclPktContRuleAccessID } ::= { swCpuAclPktContRuleTable 1 } SwCpuAclPktContRuleEntry ::= SEQUENCE { swCpuAclPktContRuleProfileID INTEGER, swCpuAclPktContRuleAccessID INTEGER, swCpuAclPktContRuleOffset0to15 OCTET STRING, swCpuAclPktContRuleOffset16to31 OCTET STRING, swCpuAclPktContRuleOffset32to47 OCTET STRING, swCpuAclPktContRuleOffset48to63 OCTET STRING, swCpuAclPktContRuleOffset64to79 OCTET STRING, swCpuAclPktContRulePermit INTEGER, swCpuAclPktContRuleRowStatus RowStatus, swCpuAclPktContRulePort PortList } swCpuAclPktContRuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL mask entry, which is unique to the mask list. The maximum value of this object depends on the device." ::= { swCpuAclPktContRuleEntry 1 } swCpuAclPktContRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the software ACL rule entry related to swCpuAclPktContRuleProfileID." ::= { swCpuAclPktContRuleEntry 2 } swCpuAclPktContRuleOffset0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 3 } swCpuAclPktContRuleOffset16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 4 } swCpuAclPktContRuleOffset32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 5 } swCpuAclPktContRuleOffset48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 6 } swCpuAclPktContRuleOffset64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 7 } swCpuAclPktContRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the packet examination is to 'permit' or 'deny'. The default is 'permit'. permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclPktContRuleEntry 8 } swCpuAclPktContRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclPktContRuleEntry 9 } swCpuAclPktContRulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will only apply to port(s)." ::= { swCpuAclPktContRuleEntry 10 } -- ----------------------------------------------------------------------------- -- swCpuAclIpv6RuleTable -- ----------------------------------------------------------------------------- swCpuAclIpv6RuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpv6RuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains user-defined ACL rule information." ::= { swCpuAclRuleMgmt 4 } swCpuAclIpv6RuleEntry OBJECT-TYPE SYNTAX SwCpuAclIpv6RuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about the ACL rule of the user-defined part of each packet." INDEX { swCpuAclIpv6RuleProfileID,swCpuAclIpv6RuleAccessID } ::= { swCpuAclIpv6RuleTable 1 } SwCpuAclIpv6RuleEntry ::= SEQUENCE { swCpuAclIpv6RuleProfileID INTEGER, swCpuAclIpv6RuleAccessID INTEGER, swCpuAclIpv6RuleClass INTEGER, swCpuAclIpv6RuleFlowlabel OCTET STRING, swCpuAclIpv6RuleSrcIpv6Addr Ipv6Address, swCpuAclIpv6RuleDstIpv6Addr Ipv6Address, swCpuAclIpv6RulePermit INTEGER, swCpuAclIpv6RuleRowStatus RowStatus, swCpuAclIpv6RulePort PortList } swCpuAclIpv6RuleProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry. This is unique in the mask list. The maximum value of this object depends on the device." ::= { swCpuAclIpv6RuleEntry 1 } swCpuAclIpv6RuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry in relation to swCpuAclIpv6RuleProfileID." ::= { swCpuAclIpv6RuleEntry 2 } swCpuAclIpv6RuleClass OBJECT-TYPE SYNTAX INTEGER (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 class field." ::= { swCpuAclIpv6RuleEntry 3 } swCpuAclIpv6RuleFlowlabel OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IPv6 flowlabel field." ::= { swCpuAclIpv6RuleEntry 4 } swCpuAclIpv6RuleSrcIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the source IPv6 address. This should be a 16 byte octet string." ::= { swCpuAclIpv6RuleEntry 5 } swCpuAclIpv6RuleDstIpv6Addr OBJECT-TYPE SYNTAX Ipv6Address MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the destination IPv6 address. This should be a 16 byte octet string." ::= { swCpuAclIpv6RuleEntry 6 } swCpuAclIpv6RulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if the result of the examination is to 'permit' or 'deny'. The default is 'permit' (1). permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclIpv6RuleEntry 7 } swCpuAclIpv6RuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpv6RuleEntry 8 } swCpuAclIpv6RulePort OBJECT-TYPE SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access rule will apply only to port(s)." ::= { swCpuAclIpv6RuleEntry 9 } -- ----------------------------------------------------------------------------- -- swAclMeteringMgmt -- ----------------------------------------------------------------------------- swAclMeterTable OBJECT-TYPE SYNTAX SEQUENCE OF SwAclMeterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to configure the flow-based metering function. The access rule must first be created before the parameters of this function can be applied. Users may set the preferred bandwidth for this rule, in Kbps; once the bandwidth has been exceeded, overflow packets will be either dropped or set for a drop precedence, depending on user configuration." ::= { swAclMeteringMgmt 1 } swAclMeterEntry OBJECT-TYPE SYNTAX SwAclMeterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This entry displays parameters and configurations set for the flow metering function." INDEX { swAclMeterProfileID, swAclMeterAccessID} ::= { swAclMeterTable 1 } SwAclMeterEntry ::= SEQUENCE { swAclMeterProfileID INTEGER, swAclMeterAccessID INTEGER, swAclMeterRate INTEGER, swAclMeterActionForRateExceed INTEGER, swAclMeterRemarkDscp INTEGER, swAclMeterBurstSize INTEGER, swAclMeterMode INTEGER, swAclMeterTrtcmCir INTEGER, swAclMeterTrtcmCbs INTEGER, swAclMeterTrtcmPir INTEGER, swAclMeterTrtcmPbs INTEGER, swAclMeterTrtcmColorMode INTEGER, swAclMeterTrtcmConformState INTEGER, swAclMeterTrtcmConformReplaceDscp INTEGER, swAclMeterTrtcmConformCounterState INTEGER, swAclMeterTrtcmExceedState INTEGER, swAclMeterTrtcmExceedReplaceDscp INTEGER, swAclMeterTrtcmExceedCounterState INTEGER, swAclMeterTrtcmViolateState INTEGER, swAclMeterTrtcmViolateReplaceDscp INTEGER, swAclMeterTrtcmViolateCounterState INTEGER, swAclMeterSrtcmCir INTEGER, swAclMeterSrtcmCbs INTEGER, swAclMeterSrtcmEbs INTEGER, swAclMeterSrtcmColorMode INTEGER, swAclMeterSrtcmConformState INTEGER, swAclMeterSrtcmConformReplaceDscp INTEGER, swAclMeterSrtcmConformCounterState INTEGER, swAclMeterSrtcmExceedState INTEGER, swAclMeterSrtcmExceedReplaceDscp INTEGER, swAclMeterSrtcmExceedCounterState INTEGER, swAclMeterSrtcmViolateState INTEGER, swAclMeterSrtcmViolateReplaceDscp INTEGER, swAclMeterSrtcmViolateCounterState INTEGER, swAclMeterRowStatus RowStatus } swAclMeterProfileID OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL mask entry is unique in the mask list. The maximum value of this object depends on the device." ::= { swAclMeterEntry 1 } swAclMeterAccessID OBJECT-TYPE SYNTAX INTEGER(1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of the ACL rule entry as related to the swAclMeterProfileID." ::= { swAclMeterEntry 2 } swAclMeterRate OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the committed bandwidth in Kbps for the flow. NOTE: 1. Specifying 0 will disable this flow meter setting. 2. Users must set the swAclMeterActionForRateExceed object to activate this entry." ::= { swAclMeterEntry 3 } swAclMeterActionForRateExceed OBJECT-TYPE SYNTAX INTEGER { other(1), drop-packet(2), set-drop-precedence(3), remark-dscp(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action to take for those packets exceeding the committed rate. NOTE: Users must also set the swAclMeterRate to activate this entry." ::= { swAclMeterEntry 4 } swAclMeterRemarkDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Mark the packet with a specified DSCP. It can be set when swAclMeterActionForRateExceed sets remark-dscp (3)." ::= { swAclMeterEntry 5 } swAclMeterBurstSize OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-create STATUS current DESCRIPTION "This specifies the burst size for the single rate two color mode. The unit is Kbytes. That is to say, 1 means 1kbytes. The set value range is 0..n, the value n is determined by project, the value of 0 means to delete this flow_meter setting." ::= { swAclMeterEntry 6 } swAclMeterMode OBJECT-TYPE SYNTAX INTEGER { other(1), tr-tcm(2), sr-tcm(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "tr-tcm: two rate three color mode; sr-tcm: single rate three color mode. " ::= { swAclMeterEntry 7 } swAclMeterTrtcmCir OBJECT-TYPE SYNTAX INTEGER (1..156249) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'committed information rate' of 'two rate three color mode'. The unit is Kbps." ::= { swAclMeterEntry 8 } swAclMeterTrtcmCbs OBJECT-TYPE SYNTAX INTEGER (1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'committed burst size' of 'two rate three color mode'. 1. The unit is Kbytes. That is to say, 1 means 1Kbytes. 2. This parameter is an optional parameter. The default value is 4*1024. 3. The max set value is 16*1024. " ::= { swAclMeterEntry 9 } swAclMeterTrtcmPir OBJECT-TYPE SYNTAX INTEGER (1..156249) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'Peak Information Rate' of 'two rate three color mode'. The unit is Kbps." ::= { swAclMeterEntry 10 } swAclMeterTrtcmPbs OBJECT-TYPE SYNTAX INTEGER (1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'peak burst size' of 'two rate three color mode'. 1. The unit is Kbytes. That is to say, 1 means 1kbytes. 2. This parameter is an optional parameter. The default value is 4*1024. 3. The max set value is 16*1024. " ::= { swAclMeterEntry 11 } swAclMeterTrtcmColorMode OBJECT-TYPE SYNTAX INTEGER { color-blind(1), color-aware(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the meter mode. The default is color-blind mode. The final color of the packet is determined by the initial color of the packet and the metering result." ::= { swAclMeterEntry 12 } swAclMeterTrtcmConformState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when packet is in 'green color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. " ::= { swAclMeterEntry 13 } swAclMeterTrtcmConformReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when the packet is in 'green color'." ::= { swAclMeterEntry 14 } swAclMeterTrtcmConformCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when the packet is in 'green color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 15 } swAclMeterTrtcmExceedState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3), drop(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when packet is in 'yellow color'. permit: permit the packet. replace-dscp: change the DSCP value of the packet. drop: drop the packet. " ::= { swAclMeterEntry 16 } swAclMeterTrtcmExceedReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of packet when packet is in 'yellow color'." ::= { swAclMeterEntry 17 } swAclMeterTrtcmExceedCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when packet is in 'yellow color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 18 } swAclMeterTrtcmViolateState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3), drop(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when packet is in 'red color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. drop: drop the packet. " ::= { swAclMeterEntry 19 } swAclMeterTrtcmViolateReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when packet is in 'red color'." ::= { swAclMeterEntry 20 } swAclMeterTrtcmViolateCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when packet is in 'red color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 21 } swAclMeterSrtcmCir OBJECT-TYPE SYNTAX INTEGER (1..156249) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'committed information rate' of 'single rate three color mode'. The unit is Kbps." ::= { swAclMeterEntry 22 } swAclMeterSrtcmCbs OBJECT-TYPE SYNTAX INTEGER (1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'committed burst size' of 'single rate three color mode'. 1. The unit is Kbytes. That is to say, 1 means 1Kbytes. 2. The max set value is 16*1024. " ::= { swAclMeterEntry 23 } swAclMeterSrtcmEbs OBJECT-TYPE SYNTAX INTEGER (1..16384) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the 'Excess burst size' of 'single rate three color mode'. 1. The unit is Kbytes. That is to say, 1 means 1kbytes. 2. The max set value is 16*1024. " ::= { swAclMeterEntry 24 } swAclMeterSrtcmColorMode OBJECT-TYPE SYNTAX INTEGER { color-blind(1), color-aware(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the meter mode. The default is color-blind mode. The final color of packet is determined by the initial color of the packet and the metering result." ::= { swAclMeterEntry 25 } swAclMeterSrtcmConformState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when the packet is in 'green color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. " ::= { swAclMeterEntry 26 } swAclMeterSrtcmConformReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when packet is in 'green color'." ::= { swAclMeterEntry 27 } swAclMeterSrtcmConformCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when the packet is in 'green color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited such that counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 28 } swAclMeterSrtcmExceedState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3), drop(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when the packet is in 'yellow color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. drop: drop the packet. " ::= { swAclMeterEntry 29 } swAclMeterSrtcmExceedReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when packet is in 'yellow color'." ::= { swAclMeterEntry 30 } swAclMeterSrtcmExceedCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when the packet is in 'yellow color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited such that counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 31 } swAclMeterSrtcmViolateState OBJECT-TYPE SYNTAX INTEGER { other(1), permit(2), replace-dscp(3), drop(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the action state when the packet is in 'red color'. permit: permit the packet. replace-dscp: change the DSCP value of packet. drop: drop the packet. " ::= { swAclMeterEntry 32 } swAclMeterSrtcmViolateReplaceDscp OBJECT-TYPE SYNTAX INTEGER (0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the DSCP value of the packet when packet is in 'red color'." ::= { swAclMeterEntry 33 } swAclMeterSrtcmViolateCounterState OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies the counter state when the packet is in 'red color'. 1. This is optional. The default is 'disable'. 2. The resource may be limited so that the counter can not be turned on. The limitation is project dependent. 3. counter will be cleared when the function is disabled. " ::= { swAclMeterEntry 34 } swAclMeterRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swAclMeterEntry 35 } swAclMeteringNumOfEntryInUse OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "Used to display total entries of the flow metering." ::= { swAclMeteringMgmt 2 } END