-- ACLMGMT mib -- History: -- -------------------------------------------------------------------------------------- -- Revision 1.9 2005/4/26 by Chrissy Chen -- separate the hardware ACL and CPU ACL tables from two tbls to four tbls. --[1] remove MaskSwAclState , RuleSwAclCheck from all mask and rule tables. -- -------------------------------------------------------------------------------------- -- Revision 1.8 2005/2/3 11:00AM by Chrissy Chen -- Add Software ACL mib --[1] add SwAclState as first table index and apply to all mask and rule tables. -- -------------------------------------------------------------------------------------- -- Revision 1.7 2005/1/28 11:00AM by Chrissy Chen -- Add Software ACL mib --[1] add swAclCtrl --[1] add MaskSwAclState object into mask tebles --[2] add RuleSwAclCheck object into rule tables --[3] move RuleSwAclState object to third item for all rule tables -- -------------------------------------------------------------------------------------- -- Revision 1.6 2004/9/3 12:00AM by Scott Sung -- [1]in swACLIpv6RuleFlowlabel,SYNTAX OCTET STRING (SIZE(4)) -> 6 modify as 4 -- -------------------------------------------------------------------------------------- -- Revision 1.6 2004/9/3 12:00AM by Scott Sung(reported from PX) -- [1] Remove swACLEthernetPort,swACLIpPort,swACLPktContMaskPort,swACLIpv6MaskPort -- ;and some object's OID should be modified(shifted). -- [2] Modify SYNTAX "PortList" of swACLEtherRulePort,swACLIpRulePort, -- swACLPktContRulePort,swACLIpv6RulePort as "INTEGER" -- [3] Add object 'swACLIpv6RuleEnablePriority' -- -------------------------------------------------------------------------------------- -- Revision 1.5 2004/8/9 03:20PM by Scott Sung -- [1] Add two tables : swACLIpv6RuleTable,swACLIpv6MaskTable -- [2] import SYNTAX Ipv6Address from IPV6-TC(now comment), -- Memo: This SYNTAX "Ipv6Address" is originally defined in IPV6-TC.mib. -- In order to convenient,now,we defined "Ipv6Address" locally. -- But if a project supported IPv6,for coherency,it should -- be refered to IPV6-TC.mib. -- [3] in each RuleTable, -- add RulePort and RuleSwAclState -- -------------------------------------------------------------------------------------- -- Revision 1.0 2004/2/5 01:14PM by Richard Chang -- [1] in swACLEtherRuleTable -- change the SYNTAX of swACLEtherRuleEnablePriority, swACLEtherRuleReplacePriority -- and swACLEtherRuleEnableReplaceDscp from read-create to read-only -- [2] in swACLIpRuleTable -- change the SYNTAX of swACLIpRuleEnablePriority, swACLIpRuleReplacePriority -- and swACLIpRuleEnableReplaceDscp from read-create to read-only -- [3] in swACLPktContRuleTable -- add swACLPktContRuleEnablePriority -- change the SYNTAX of swACLPktContRuleReplacePriority -- and swACLPktContRuleEnableReplaceDscp from read-create to read-only -- -------------------------------------------------------------------------------------- -- Revision 0.3 2003/8/13 10:43PM by Scott Sung ,add swACLIpTCPFlagBit for DGS3x12S -- Draft Ver 0.3 2004/1/7 11:50AM by Scott Sung -- [1]in swACLEthernetTable, -- remove object 'swACLEthernetPermit' add object 'swACLEthernetPort' -- [2]in swACLIpTable, -- add object 'swACLIpTCPFlagBitMask',object 'swACLIpPort',and remove object 'swACLIpPermit' -- [3]Add swACLPktContMaskTable -- [4]in swACLEtherRuleTable, -- add object 'swACLEtherRulePermit' -- [5]in swACLIpRuleTable, -- add object 'swACLIpRulePermit' -- [6]Add swACLPktContRuleTable -- [7]Change SW-ACLMGMT-MIB OID from 'dlink-mgmt 5' to 'dlink-common-mgmt 9' -- -------------------------------------------------------------------------------------- -- Revision 0.2 2003/3/12 10:43PM by Richard Chang -- Revision 0.1 2003/2/27 02:44PM by Scott Sung -- -------------------------------------------------------------------------------------- ACLMGMT-MIB DEFINITIONS ::= BEGIN IMPORTS Counter32,Counter64,TimeTicks,NOTIFICATION-TYPE, MODULE-IDENTITY,OBJECT-TYPE,IpAddress, Unsigned32 FROM SNMPv2-SMI MacAddress, RowStatus FROM SNMPv2-TC DisplayString FROM RFC1213-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- Ipv6Address FROM IPV6-TC dlink-common-mgmt FROM DLINK-ID-REC-MIB; swAclMgmtMIB MODULE-IDENTITY LAST-UPDATED "0007150000Z" ORGANIZATION " " CONTACT-INFO " " DESCRIPTION "The Structure of Access Control List Information for the proprietary enterprise." ::= { dlink-common-mgmt 9 } PortList ::= OCTET STRING(SIZE (0..127)) swAclCtrl OBJECT IDENTIFIER ::= { swAclMgmtMIB 1 } -- swAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 2 } -- swAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 3 } swCpuAclMaskMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 4 } swCpuAclRuleMgmt OBJECT IDENTIFIER ::= { swAclMgmtMIB 5 } -- ---------------------------------------------------------- -- -- Textual Conventions -- ---------------------------------------------------------- -- -- This definition may be excluded if IPv6 Supported Ipv6Address ::= TEXTUAL-CONVENTION DISPLAY-HINT "2x:" STATUS current DESCRIPTION "This data type is used to model IPv6 addresses. This is a binary string of 16 octets in network byte-order." SYNTAX OCTET STRING (SIZE (16)) -- ************************************************************************* -- swAclCtrl -- ************************************************************************* swCpuInterfacefilterState OBJECT-TYPE SYNTAX INTEGER{ enable(1), disable(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "enable/disable CPU Interface Filtering( also call Software ACL), default is disabled. If enable is configured, the filtering entries in the swAclRuleMgmt tables will be set to action if it's RuleSwAclState is enable.If disable is configured the software ACL function will be disabled." ::={ swAclCtrl 1} --*************************************************************************** --swACLEthernetTable --*************************************************************************** -- swACLEthernetTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLEthernetEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contain ACL mask of Ethernet information. -- Access profiles will be created on the switch by row creation and to -- define which parts of each incoming frame's layer 2 part of header -- the switch will examine. Masks can be entered that will be combined -- with the values the switch finds in the specified frame header fields. " -- ::= { swAclMaskMgmt 1 } -- -- swACLEthernetEntry OBJECT-TYPE -- SYNTAX SwACLEthernetEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about ACL of Ethernet." -- INDEX { swACLEthernetProfileID } -- ::= { swACLEthernetTable 1 } -- -- SwACLEthernetEntry ::= -- SEQUENCE { -- swACLEthernetProfileID -- INTEGER, -- swACLEthernetPort -- PortList, -- swACLEthernetUsevlan -- INTEGER, -- swACLEthernetMacAddrMaskState -- INTEGER, -- swACLEthernetSrcMacAddrMask -- MacAddress, -- swACLEthernetDstMacAddrMask -- MacAddress, -- swACLEthernetUse8021p -- INTEGER, -- swACLEthernetUseEthernetType -- INTEGER, -- swACLEthernetRowStatus -- RowStatus -- } -- swACLEthernetProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only --read-create -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swACLEthernetEntry 1 } -- -- swACLEthernetPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLEthernetEntry 2 } -- -- swACLEthernetUsevlan OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the switch will examine the VLAN part of each packet header." -- ::= { swACLEthernetEntry 2 } -- -- swACLEthernetMacAddrMaskState OBJECT-TYPE -- SYNTAX INTEGER { -- other(1), -- dst-mac-addr(2), -- src-mac-addr(3), -- dst-src-mac-addr(4) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of MAC address mask. -- -- other(1) - Neither source MAC address nor destination MAC address are -- masked. -- dst-mac-addr(2) - recieved frames's destination MAC address are -- currently used to be filtered as it meets with the MAC -- address entry of the table. -- src-mac-addr(3) - recieved frames's source MAC address are currently -- used to be filtered as it meets with the MAC address entry -- of the table. -- dst-src-mac-addr(4) - recieved frames's destination MAC address or -- source MAC address are currently used to be filtered as it meets -- with the MAC address entry of the table." -- ::= { swACLEthernetEntry 3 } -- -- swACLEthernetSrcMacAddrMask OBJECT-TYPE -- SYNTAX MacAddress -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object Specifies the MAC address mask for the source MAC address." -- ::= { swACLEthernetEntry 4 } -- -- swACLEthernetDstMacAddrMask OBJECT-TYPE -- SYNTAX MacAddress -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object Specifies the MAC address mask for the destination MAC address." -- ::= { swACLEthernetEntry 5 } -- -- swACLEthernetUse8021p OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies if the switch will examine the 802.1p priority value in the frame's header -- or not." -- ::= { swACLEthernetEntry 6 } -- -- swACLEthernetUseEthernetType OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies if the switch will examine the Ethernet type value in each frame's header -- or not." -- ::= { swACLEthernetEntry 7 } -- -- swACLEthernetRowStatus OBJECT-TYPE --swACLEthernetState -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLEthernetEntry 8 } -- -- --*************************************************************************** --swACLIpTable --*************************************************************************** -- swACLIpTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLIpEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contain ACL mask of IP information. -- Access profiles will be created on the switch by row creation and to -- define which parts of each incoming frame's IP layer part of header -- the switch will examine. Masks can be entered that will be combined -- with the values the switch finds in the specified frame header fields." -- ::= { swAclMaskMgmt 2 } -- -- swACLIpEntry OBJECT-TYPE -- SYNTAX SwACLIpEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about ACL of IP Layer." -- INDEX { swACLIpProfileID } -- ::= { swACLIpTable 1 } -- -- SwACLIpEntry ::= -- SEQUENCE { -- swACLIpProfileID -- INTEGER, -- swACLIpPort -- PortList, -- swACLIpUsevlan -- INTEGER, -- swACLIpIpAddrMaskState -- INTEGER, -- swACLIpSrcIpAddrMask -- IpAddress, -- swACLIpDstIpAddrMask -- IpAddress, -- swACLIpUseDSCP -- INTEGER, -- swACLIpUseProtoType -- INTEGER, -- swACLIpIcmpOption -- INTEGER, -- swACLIpIgmpOption -- INTEGER, -- swACLIpTcpOption -- INTEGER, -- swACLIpUdpOption -- INTEGER, -- swACLIpTCPorUDPSrcPortMask -- OCTET STRING, -- swACLIpTCPorUDPDstPortMask -- OCTET STRING, -- swACLIpTCPFlagBit -- INTEGER, -- swACLIpTCPFlagBitMask -- INTEGER, -- swACLIpProtoIDOption -- INTEGER, -- swACLIpProtoIDMask -- OCTET STRING, -- swACLIpRowStatus -- RowStatus -- } -- swACLIpProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swACLIpEntry 1 } -- -- swACLIpPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLIpEntry 2 } -- -- swACLIpUsevlan OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates if IP layer vlan is examined or not." -- ::= { swACLIpEntry 2 } -- -- swACLIpIpAddrMaskState OBJECT-TYPE -- SYNTAX INTEGER { -- other(1), -- dst-ip-addr(2), -- src-ip-addr(3), -- dst-src-ip-addr(4) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of IP address mask. -- -- other(1) - Neither source IP address nor destination IP address are -- masked. -- dst-ip-addr(2) - recieved frames's destination IP address are -- currently used to be filtered as it meets with the IP -- address entry of the table. -- src-ip-addr(3) - recieved frames's source IP address are currently -- used to be filtered as it meets with the IP address entry of -- the table. -- dst-src-ip-addr(4) - recieved frames's destination IP address or -- source IP address are currently used to be filtered as it meets -- with the IP address entry of the table." -- ::= { swACLIpEntry 3 } -- -- swACLIpSrcIpAddrMask OBJECT-TYPE -- SYNTAX IpAddress -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object Specifies IP address mask for the source IP address." -- ::= { swACLIpEntry 4 } -- -- swACLIpDstIpAddrMask OBJECT-TYPE -- SYNTAX IpAddress -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object Specifies the IP address mask for the destination IP address." -- ::= { swACLIpEntry 5 } -- -- swACLIpUseDSCP OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates DSCP protocol is is examined or not." -- ::= { swACLIpEntry 6 } -- -- swACLIpUseProtoType OBJECT-TYPE -- SYNTAX INTEGER { -- none(1), -- icmp(2), -- igmp(3), -- tcp(4), -- udp(5), -- protocolId(6) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "That object indicates which protocol will be examined." -- ::= { swACLIpEntry 7 } -- -- swACLIpIcmpOption OBJECT-TYPE -- SYNTAX INTEGER { -- none(1), -- type(2), -- code(3), -- type-code(4) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which fields should be filled in of ICMP. -- none(1)- two fields are null. -- type(2)- type field should be filled in. -- code(3)- code field should be filled in. -- type-code(4)- not only type fileld but code field should be filled in. -- " -- ::= { swACLIpEntry 8 } -- -- swACLIpIgmpOption OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates Options of IGMP is examined or not." -- ::= { swACLIpEntry 9 } -- -- swACLIpTcpOption OBJECT-TYPE -- SYNTAX INTEGER { -- other(1), -- dst-addr(2), -- src-addr(3), -- dst-src-addr(4) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of filtered address of TCP. -- -- other(1) - Neither source port nor destination port are -- masked. -- dst-addr(2) - recieved frames's destination port are -- currently used to be filtered . -- src-addr(3) - recieved frames's source port are currently -- used to be filtered . -- dst-src-addr(4) - both recieved frames's destination port and -- source port are currently used to be filtered ." -- ::= { swACLIpEntry 10 } -- -- swACLIpUdpOption OBJECT-TYPE -- SYNTAX INTEGER { -- other(1), -- dst-addr(2), -- src-addr(3), -- dst-src-addr(4) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of filtered address of UDP . -- -- other(1) - Neither source port nor destination port are -- masked. -- dst-addr(2) - recieved frames's destination port are -- currently used to be filtered . -- src-addr(3) - recieved frames's source port are currently -- used to be filtered . -- dst-src-addr(4) - recieved frames's destination port or -- source port are currently used to be filtered." -- -- ::= { swACLIpEntry 11 } -- -- swACLIpTCPorUDPSrcPortMask OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(2)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies a TCP port mask for the source port if swACLIpUseProtoType is TCP -- Specifies a UDP port mask for the source port if swACLIpUseProtoType is UDP. -- " -- ::= { swACLIpEntry 12 } -- -- swACLIpTCPorUDPDstPortMask OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(2)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies a TCP port mask for the destination port if swACLIpUseProtoType is TCP -- Specifies a UDP port mask for the destination port if swACLIpUseProtoType is UDP." -- ::= { swACLIpEntry 13 } -- -- swACLIpTCPFlagBit OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies a TCP connection flag mask." -- ::= { swACLIpEntry 14 } -- -- swACLIpTCPFlagBitMask OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "A value which indicates the set of TCP flags that this -- entity may potentially offers. The value is a sum. This -- sum initially takes the value zero, Then, for each flag, L, -- in the range 1 through 6, that this node performs -- transactions for, 2 raised to (L - 1) is added to the sum. -- Note that values should be calculated accordingly: -- -- Flag functionality -- 6 urg bit -- 5 ack bit -- 4 psh bit -- 3 rst bit -- 2 syn bit -- 1 fin bit -- For example,it you want to enable urg bit and ack bit,you -- should set vlaue 48(2^(5-1) + 2^(6-1))." -- ::= { swACLIpEntry 15 } -- -- swACLIpProtoIDOption OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the switch will examine each frame's Protocol ID field or not." -- ::= { swACLIpEntry 16 } -- -- swACLIpProtoIDMask OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(4)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the IP protocol ID and the mask options -- behind the IP header." -- ::= { swACLIpEntry 17 } -- -- swACLIpRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLIpEntry 18 } -- --*************************************************************************** --swACLPktContMaskTable --*************************************************************************** -- swACLPktContMaskTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLPktContMaskEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contain ACL mask of user-defined information. -- Access profiles will be created on the switch by row creation and to -- define which parts of each incoming frame's user-defined part of header -- the switch will examine. Masks can be entered that will be combined -- with the values the switch finds in the specified frame header fields. " -- ::= { swAclMaskMgmt 3 } -- -- swACLPktContMaskEntry OBJECT-TYPE -- SYNTAX SwACLPktContMaskEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about ACL of user-defined." -- INDEX { swACLPktContMaskProfileID } -- ::= { swACLPktContMaskTable 1 } -- -- SwACLPktContMaskEntry ::= -- SEQUENCE { -- swACLPktContMaskProfileID -- INTEGER, -- swACLPktContMaskPort -- PortList, -- swACLPktContMaskOffset0to15 -- OCTET STRING, -- swACLPktContMaskOffset16to31 -- OCTET STRING, -- swACLPktContMaskOffset32to47 -- OCTET STRING, -- swACLPktContMaskOffset48to63 -- OCTET STRING, -- swACLPktContMaskOffset64to79 -- OCTET STRING, -- swACLPktContMaskRowStatus -- RowStatus -- } -- swACLPktContMaskProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swACLPktContMaskEntry 1 } -- -- swACLPktContMaskPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLPktContMaskEntry 2 } -- -- swACLPktContMaskOffset0to15 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the packet content(Offset0to15) and -- the mask options." -- ::= { swACLPktContMaskEntry 2 } -- -- swACLPktContMaskOffset16to31 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the packet content(Offset16to31) and -- the mask options." -- ::= { swACLPktContMaskEntry 3 } -- -- swACLPktContMaskOffset32to47 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the packet content(Offset32to47) and -- the mask options." -- ::= { swACLPktContMaskEntry 4 } -- -- swACLPktContMaskOffset48to63 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the packet content(Offset48to63) and -- the mask options." -- ::= { swACLPktContMaskEntry 5 } -- -- swACLPktContMaskOffset64to79 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the packet content(Offset64to79) and -- the mask options." -- ::= { swACLPktContMaskEntry 6 } -- -- swACLPktContMaskRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLPktContMaskEntry 7 } -- --*************************************************************************** --swACLIpv6MaskTable --*************************************************************************** -- swACLIpv6MaskTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLIpv6MaskEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contain ACL mask of user-defined information. -- Access profiles will be created on the switch by row creation and to -- define which parts of each incoming frame's ipv6 part of header -- the switch will examine. Masks can be entered that will be combined -- with the values the switch finds in the specified frame header fields. " -- ::= { swAclMaskMgmt 4 } -- -- swACLIpv6MaskEntry OBJECT-TYPE -- SYNTAX SwACLIpv6MaskEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about ACL of user-defined." -- INDEX { swACLIpv6MaskProfileID } -- ::= { swACLIpv6MaskTable 1 } -- -- SwACLIpv6MaskEntry ::= -- SEQUENCE { -- swACLIpv6MaskProfileID -- INTEGER, -- swACLIpv6MaskPort -- PortList, -- swACLIpv6MaskClass -- INTEGER, -- swACLIpv6MaskFlowlabel -- INTEGER, -- swACLIpv6IpAddrMaskState -- INTEGER, -- swACLIpv6MaskSrcIpv6Mask -- Ipv6Address, -- swACLIpv6MaskDstIpv6Mask -- Ipv6Address, -- swACLIpv6MaskRowStatus -- RowStatus -- } -- swACLIpv6MaskProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only --read-create -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swACLIpv6MaskEntry 1 } -- -- swACLIpv6MaskPort OBJECT-TYPE -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates which port(s) should be filtered." -- ::= { swACLIpv6MaskEntry 2 } -- -- swACLIpv6MaskClass OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the IPv6 class field and the mask options." -- ::= { swACLIpv6MaskEntry 2 } -- -- swACLIpv6MaskFlowlabel OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the IPv6 flowlabel field and the mask options." -- ::= { swACLIpv6MaskEntry 3 } -- -- swACLIpv6IpAddrMaskState OBJECT-TYPE -- SYNTAX INTEGER { -- other(1), -- dst-ipv6-addr(2), -- src-ipv6-addr(3), -- dst-src-ipv6-addr(4) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of IPv6 address mask. -- -- other(1) - Neither source IPv6 address nor destination IPv6 address are -- masked. -- dst-ipv6-addr(2) - recieved frames's destination IPv6 address are -- currently used to be filtered as it meets with the IPv6 -- address entry of the table. -- src-ipv6-addr(3) - recieved frames's source IPv6 address are currently -- used to be filtered as it meets with the IPv6 address entry of -- the table. -- dst-src-ipv6-addr(4) - recieved frames's destination IPv6 address or -- source IPv6 address are currently used to be filtered as it meets -- with the IPv6 address entry of the table." -- ::= { swACLIpv6MaskEntry 4 } -- -- swACLIpv6MaskSrcIpv6Mask OBJECT-TYPE -- SYNTAX Ipv6Address -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the Source IPv6 address and the mask options. -- This should be 16 byte octet string." -- ::= { swACLIpv6MaskEntry 5 } -- -- swACLIpv6MaskDstIpv6Mask OBJECT-TYPE -- SYNTAX Ipv6Address -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the Destination IPv6 address and the mask options. -- This should be 16 byte octet string." -- ::= { swACLIpv6MaskEntry 6 } -- -- swACLIpv6MaskRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLIpv6MaskEntry 7 } -- -- --*************************************************************************** --swACLEtherRuleTable --*************************************************************************** -- swACLEtherRuleTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLEtherRuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contain ACL rule of ethernet information." -- ::= { swAclRuleMgmt 1 } -- -- swACLEtherRuleEntry OBJECT-TYPE -- SYNTAX SwACLEtherRuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about ACL rule of the layer 2 part of each packet." -- INDEX { swACLEtherRuleProfileID,swACLEtherRuleAccessID } -- ::= { swACLEtherRuleTable 1 } -- -- SwACLEtherRuleEntry ::= -- SEQUENCE { -- swACLEtherRuleProfileID -- INTEGER, -- swACLEtherRuleAccessID -- INTEGER, -- swACLEtherRuleVlan -- SnmpAdminString, -- swACLEtherRuleSrcMacAddress -- MacAddress, -- swACLEtherRuleDstMacAddress -- MacAddress, -- swACLEtherRule8021P -- INTEGER, -- swACLEtherRuleEtherType -- OCTET STRING, -- swACLEtherRuleEnablePriority -- INTEGER, -- swACLEtherRulePriority -- INTEGER, -- swACLEtherRuleReplacePriority -- INTEGER, -- swACLEtherRuleEnableReplaceDscp -- INTEGER, -- swACLEtherRuleRepDscp -- INTEGER, -- swACLEtherRulePermit -- INTEGER, -- swACLEtherRulePort -- PortList, -- INTEGER, -- swACLEtherRuleSwAclState -- INTEGER, -- swACLEtherRuleRowStatus -- RowStatus -- } -- swACLEtherRuleProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swACLEtherRuleEntry 1 } -- -- swACLEtherRuleAccessID OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL rule entry relate to swACLEtherRuleProfileID." -- ::= { swACLEtherRuleEntry 2 } -- -- swACLEtherRuleVlan OBJECT-TYPE -- SYNTAX SnmpAdminString (SIZE (1..32)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to this VLAN." -- ::= { swACLEtherRuleEntry 3 } -- -- swACLEtherRuleSrcMacAddress OBJECT-TYPE -- SYNTAX MacAddress -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only packets with -- this source MAC address." -- ::= { swACLEtherRuleEntry 4 } -- -- swACLEtherRuleDstMacAddress OBJECT-TYPE -- SYNTAX MacAddress -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only packets -- with this destination MAC address." -- ::= { swACLEtherRuleEntry 5 } -- -- swACLEtherRule8021P OBJECT-TYPE -- SYNTAX INTEGER(0..7) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply only to packets with -- this 802.1p priority value." -- ::= { swACLEtherRuleEntry 6 } -- -- swACLEtherRuleEtherType OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE (2)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply only to packets with this -- hexidecimal 802.1Q Ethernet type value in the packet header." -- ::= { swACLEtherRuleEntry 7 } -- -- swACLEtherRuleEnablePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply only to packets with -- priority value." -- ::= { swACLEtherRuleEntry 8 } -- -- swACLEtherRulePriority OBJECT-TYPE -- SYNTAX INTEGER(0..7) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the priority will change to the packets while the swACLEtherRuleReplacePriority -- is enabled ." -- ::= { swACLEtherRuleEntry 9 } -- -- swACLEtherRuleReplacePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the packets that match the access profile will changed the -- 802.1p priority tag field by the switch or not ." -- ::= { swACLEtherRuleEntry 10 } -- -- swACLEtherRuleEnableReplaceDscp OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the packets that match the access profile will replaced the -- DSCP field by the switch or not ." -- ::= { swACLEtherRuleEntry 11 } -- -- swACLEtherRuleRepDscp OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "specify a value to be written to the DSCP field of an incoming packet -- that meets the criteria specified in the first part of the command. -- This value will over-write the value in the DSCP field of the packet." -- ::= { swACLEtherRuleEntry 12 } -- -- swACLEtherRulePermit OBJECT-TYPE -- SYNTAX INTEGER { -- deny(1), -- permit(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates resoult of examination is permit or deny;default is permit(1) -- permit - Specifies that packets that match the access profile are -- permitted to be forwarded by the switch. -- deny - Specifies that packets that do not match the access profile -- are not permitted to be forwarded by the switch and will be filtered." -- ::= { swACLEtherRuleEntry 13 } -- -- swACLEtherRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to port(s)." -- ::= { swACLEtherRuleEntry 14 } -- -- swACLEtherRuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to software ACL state." -- ::= { swACLEtherRuleEntry 15 } -- -- swACLEtherRuleRowStatus OBJECT-TYPE --swACLEtherRuleState -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLEtherRuleEntry 15 } -- --*************************************************************************** --swACLIpRuleTable --*************************************************************************** -- swACLIpRuleTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLIpRuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "" -- ::= { swAclRuleMgmt 2 } -- -- swACLIpRuleEntry OBJECT-TYPE -- SYNTAX SwACLIpRuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "" -- INDEX { swACLIpRuleProfileID , swACLIpRuleAccessID } -- ::= { swACLIpRuleTable 1 } -- -- SwACLIpRuleEntry ::= -- SEQUENCE { -- swACLIpRuleProfileID -- INTEGER, -- swACLIpRuleAccessID -- INTEGER, -- swACLIpRuleVlan -- SnmpAdminString, -- swACLIpRuleSrcIpaddress -- IpAddress, -- swACLIpRuleDstIpaddress -- IpAddress, -- swACLIpRuleDscp -- INTEGER, -- swACLIpRuleProtocol -- INTEGER, -- swACLIpRuleIcmp -- INTEGER, -- swACLIpRuleIgmp -- INTEGER, -- swACLIpRuleSrcPort -- INTEGER, -- swACLIpRuleDstPort -- INTEGER, -- swACLIpRuleFlagBits -- INTEGER, -- swACLIpRuleProtoID -- INTEGER, -- swACLIpRuleUserMask -- OCTET STRING, -- swACLIpRuleEnablePriority -- INTEGER, -- swACLIpRulePriority -- INTEGER, -- swACLIpRuleReplacePriority -- INTEGER, -- swACLIpRuleEnableReplaceDscp -- INTEGER, -- swACLIpRuleRepDscp -- INTEGER, -- swACLIpRulePermit -- INTEGER, -- swACLIpRulePort -- INTEGER, -- PortList, -- swACLIpRuleSwAclState -- INTEGER, -- swACLIpRuleRowStatus -- RowStatus -- } -- swACLIpRuleProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swACLIpRuleEntry 1 } -- -- swACLIpRuleAccessID OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- MAX-ACCESS read-only --read-create -- STATUS current -- DESCRIPTION -- "The ID of ACL IP rule entry ." -- ::= { swACLIpRuleEntry 2 } -- -- swACLIpRuleVlan OBJECT-TYPE -- SYNTAX SnmpAdminString (SIZE (1..32)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to this VLAN." -- ::= { swACLIpRuleEntry 3 } -- -- swACLIpRuleSrcIpaddress OBJECT-TYPE -- SYNTAX IpAddress -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific an IP source address." -- ::= { swACLIpRuleEntry 4 } -- -- swACLIpRuleDstIpaddress OBJECT-TYPE -- SYNTAX IpAddress -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific an IP destination address." -- ::= { swACLIpRuleEntry 5 } -- -- swACLIpRuleDscp OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the value of dscp, the value can be configured 0 to 63" -- ::= { swACLIpRuleEntry 6 } -- -- swACLIpRuleProtocol OBJECT-TYPE -- SYNTAX INTEGER { -- none(1), -- icmp(2), -- igmp(3), -- tcp(4), -- udp(5), -- protocolId(6) -- } -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "Specifies the IP protocol which has been configured in swACLIpEntry ." -- ::= { swACLIpRuleEntry 7 } -- -- swACLIpRuleIcmp OBJECT-TYPE -- SYNTAX INTEGER{ -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific that the rule applies to the igmp type traffic." -- ::= { swACLIpRuleEntry 8 } -- -- swACLIpRuleIgmp OBJECT-TYPE -- SYNTAX INTEGER{ -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific that the rule applies to the igmp type traffic." -- ::= { swACLIpRuleEntry 9 } -- -- swACLIpRuleSrcPort OBJECT-TYPE -- SYNTAX INTEGER(0..65535) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific that the rule applies the range of tcp/udp source port" -- ::= { swACLIpRuleEntry 10 } -- -- swACLIpRuleDstPort OBJECT-TYPE -- SYNTAX INTEGER(0..65535) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the range of tcp/udp destination port range" -- ::= { swACLIpRuleEntry 11 } -- -- swACLIpRuleFlagBits OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "A value which indicates the set of TCP flags that this -- entity may potentially offers. The value is a sum. This -- sum initially takes the value zero, Then, for each flag, L, -- in the range 1 through 6, that this node performs -- transactions for, 2 raised to (L - 1) is added to the sum. -- Note that values should be calculated accordingly: -- -- Flag functionality -- 6 urg bit -- 5 ack bit -- 4 psh bit -- 3 rst bit -- 2 syn bit -- 1 fin bit -- For example,it you want to enable urg bit and ack bit,you -- should set vlaue 48(2^(5-1) + 2^(6-1))." -- ::= { swACLIpRuleEntry 12 } -- -- swACLIpRuleProtoID OBJECT-TYPE -- SYNTAX INTEGER(0..255) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific that the rule applies to the value of ip protocol id traffic" -- ::= { swACLIpRuleEntry 13 } -- -- swACLIpRuleUserMask OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(4)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific that the rule applies to the ip protocol id and the range of -- options behind the IP header." -- ::= { swACLIpRuleEntry 14 } -- -- swACLIpRuleEnablePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply only to packets with -- priority value." -- ::= { swACLIpRuleEntry 15 } -- -- swACLIpRulePriority OBJECT-TYPE -- SYNTAX INTEGER(0..7) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the priority will change to the packets while the swACLIpRuleEnablePriority -- is enabled ." -- ::= { swACLIpRuleEntry 16 } -- -- swACLIpRuleReplacePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the packets that match the access profile will changed the -- 802.1p priority tag field by the switch or not ." -- ::= { swACLIpRuleEntry 17 } -- -- swACLIpRuleEnableReplaceDscp OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Indicate weather the DSCP field can be over-write or not. " -- ::= { swACLIpRuleEntry 18 } -- -- swACLIpRuleRepDscp OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "specify a value to be written to the DSCP field of an incoming packet -- that meets the criteria specified in the first part of the command. -- This value will over-write the value in the DSCP field of the packet." -- ::= { swACLIpRuleEntry 19 } -- -- swACLIpRulePermit OBJECT-TYPE -- SYNTAX INTEGER { -- deny(1), -- permit(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates resoult of examination is permit or deny;default is permit(1) -- permit - Specifies that packets that match the access profile are -- permitted to be forwarded by the switch. -- deny - Specifies that packets that do not match the access profile -- are not permitted to be forwarded by the switch and will be filtered." -- ::= { swACLIpRuleEntry 20 } -- -- swACLIpRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to port(s)." -- ::= { swACLIpRuleEntry 21 } -- -- swACLIpRuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to software ACL state." -- ::= { swACLIpRuleEntry 22 } -- -- swACLIpRuleRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLIpRuleEntry 22 } -- --*************************************************************************** --swACLPktContRuleTable --*************************************************************************** -- swACLPktContRuleTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLPktContRuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contain ACL rule of user-defined information." -- ::= { swAclRuleMgmt 3 } -- -- swACLPktContRuleEntry OBJECT-TYPE -- SYNTAX SwACLPktContRuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about ACL rule of the user-defined part of each packet." -- INDEX { swACLPktContRuleProfileID,swACLPktContRuleAccessID } -- ::= { swACLPktContRuleTable 1 } -- -- SwACLPktContRuleEntry ::= -- SEQUENCE { -- swACLPktContRuleProfileID -- INTEGER, -- swACLPktContRuleAccessID -- INTEGER, -- swACLPktContRuleOffset0to15 -- OCTET STRING, -- swACLPktContRuleOffset16to31 -- OCTET STRING, -- swACLPktContRuleOffset32to47 -- OCTET STRING, -- swACLPktContRuleOffset48to63 -- OCTET STRING, -- swACLPktContRuleOffset64to79 -- OCTET STRING, -- swACLPktContRuleEnablePriority -- INTEGER, -- swACLPktContRulePriority -- INTEGER, -- swACLPktContRuleReplacePriority -- INTEGER, -- swACLPktContRuleEnableReplaceDscp -- INTEGER, -- swACLPktContRuleRepDscp -- INTEGER, -- swACLPktContRulePermit -- INTEGER, -- swACLPktContRulePort -- INTEGER, -- PortList, -- swACLPktContRuleSwAclState -- INTEGER, -- swACLPktContRuleRowStatus -- RowStatus -- } -- swACLPktContRuleProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swACLPktContRuleEntry 1 } -- -- swACLPktContRuleAccessID OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL rule entry relate to swACLPktContRuleProfileID." -- ::= { swACLPktContRuleEntry 2 } -- -- swACLPktContRuleOffset0to15 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 3 } -- -- swACLPktContRuleOffset16to31 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 4 } -- -- swACLPktContRuleOffset32to47 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 5 } -- -- swACLPktContRuleOffset48to63 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 6 } -- -- swACLPktContRuleOffset64to79 OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(16)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the user-defined packet." -- ::= { swACLPktContRuleEntry 7 } -- -- swACLPktContRuleEnablePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply only to packets with -- priority value." -- ::= { swACLPktContRuleEntry 8 } -- -- swACLPktContRulePriority OBJECT-TYPE -- SYNTAX INTEGER(0..7) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the priority will change to the packets while the swACLPktContRuleReplacePriority -- is enabled ." -- ::= { swACLPktContRuleEntry 9 } -- -- swACLPktContRuleReplacePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the packets that match the access profile will changed the -- 802.1p priority tag field by the switch or not ." -- ::= { swACLPktContRuleEntry 10 } -- -- swACLPktContRuleEnableReplaceDscp OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the packets that match the access profile will replaced the -- DSCP field by the switch or not ." -- ::= { swACLPktContRuleEntry 11 } -- -- swACLPktContRuleRepDscp OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "specify a value to be written to the DSCP field of an incoming packet -- that meets the criteria specified in the first part of the command. -- This value will over-write the value in the DSCP field of the packet." -- ::= { swACLPktContRuleEntry 12 } -- -- swACLPktContRulePermit OBJECT-TYPE -- SYNTAX INTEGER { -- deny(1), -- permit(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates resoult of examination is permit or deny;default is permit(1) -- permit - Specifies that packets that match the access profile are -- permitted to be forwarded by the switch. -- deny - Specifies that packets that do not match the access profile -- are not permitted to be forwarded by the switch and will be filtered." -- ::= { swACLPktContRuleEntry 13 } -- -- swACLPktContRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to port(s)." -- ::= { swACLPktContRuleEntry 14 } -- -- swACLPktContRuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to software ACL state." -- ::= { swACLPktContRuleEntry 15 } -- -- swACLPktContRuleRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLPktContRuleEntry 15 } -- --*************************************************************************** --swACLIpv6RuleTable --*************************************************************************** -- swACLIpv6RuleTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwACLIpv6RuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contain ACL rule of user-defined information." -- ::= { swAclRuleMgmt 4 } -- -- swACLIpv6RuleEntry OBJECT-TYPE -- SYNTAX SwACLIpv6RuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about ACL rule of the user-defined part of each packet." -- INDEX { swACLIpv6RuleProfileID,swACLIpv6RuleAccessID } -- ::= { swACLIpv6RuleTable 1 } -- -- SwACLIpv6RuleEntry ::= -- SEQUENCE { -- swACLIpv6RuleProfileID -- INTEGER, -- swACLIpv6RuleAccessID -- INTEGER, -- swACLIpv6RuleClass -- INTEGER, -- swACLIpv6RuleFlowlabel -- OCTET STRING, -- swACLIpv6RuleSrcIpv6Addr -- Ipv6Address, -- swACLIpv6RuleDstIpv6Addr -- Ipv6Address, -- swACLIpv6RuleEnablePriority -- INTEGER, -- swACLIpv6RulePriority -- INTEGER, -- swACLIpv6RuleReplacePriority -- INTEGER, -- swACLIpv6RuleEnableReplaceDscp -- INTEGER, -- swACLIpv6RuleRepDscp -- INTEGER, -- swACLIpv6RulePermit -- INTEGER, -- swACLIpv6RulePort -- INTEGER, -- PortList, -- swACLIpv6RuleSwAclState -- INTEGER, -- swACLIpv6RuleRowStatus -- RowStatus -- } -- swACLIpv6RuleProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swACLIpv6RuleEntry 1 } -- -- swACLIpv6RuleAccessID OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL rule entry relate to swACLIpv6RuleProfileID." -- ::= { swACLIpv6RuleEntry 2 } -- -- swACLIpv6RuleClass OBJECT-TYPE -- SYNTAX INTEGER (0..255) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the IPv6 class filed." -- ::= { swACLIpv6RuleEntry 3 } -- -- swACLIpv6RuleFlowlabel OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(4)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the IPv6 flowlabel filed." -- ::= { swACLIpv6RuleEntry 4 } -- -- swACLIpv6RuleSrcIpv6Addr OBJECT-TYPE -- SYNTAX Ipv6Address -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the source IPv6 address. -- This should be 16 byte octet string." -- ::= { swACLIpv6RuleEntry 5 } -- -- swACLIpv6RuleDstIpv6Addr OBJECT-TYPE -- SYNTAX Ipv6Address -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the destination IPv6 address. -- This should be 16 byte octet string." -- ::= { swACLIpv6RuleEntry 6 } -- -- swACLIpv6RuleEnablePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply only to packets with -- priority value." -- ::= { swACLIpv6RuleEntry 7 } -- -- swACLIpv6RulePriority OBJECT-TYPE -- SYNTAX INTEGER(0..7) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the priority will change to the packets while the swACLIpv6RuleReplacePriority -- is enabled ." -- ::= { swACLIpv6RuleEntry 8 } -- -- swACLIpv6RuleReplacePriority OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the packets that match the access profile will changed the -- 802.1p priority tag field by the switch or not ." -- ::= { swACLIpv6RuleEntry 9 } -- -- swACLIpv6RuleEnableReplaceDscp OBJECT-TYPE -- SYNTAX INTEGER { -- enabled(1), -- disabled(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specific the packets that match the access profile will replaced the -- DSCP field by the switch or not ." -- ::= { swACLIpv6RuleEntry 9 } -- -- swACLIpv6RuleRepDscp OBJECT-TYPE -- SYNTAX INTEGER(0..63) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "specify a value to be written to the DSCP field of an incoming packet -- that meets the criteria specified in the first part of the command. -- This value will over-write the value in the DSCP field of the packet." -- ::= { swACLIpv6RuleEntry 10 } -- -- swACLIpv6RulePermit OBJECT-TYPE -- SYNTAX INTEGER { -- deny(1), -- permit(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates resoult of examination is permit or deny;default is permit(1) -- permit - Specifies that packets that match the access profile are -- permitted to be forwarded by the switch. -- deny - Specifies that packets that do not match the access profile -- are not permitted to be forwarded by the switch and will be filtered." -- ::= { swACLIpv6RuleEntry 10 } -- -- swACLIpv6RulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to port(s)." -- ::= { swACLIpv6RuleEntry 11 } -- -- swACLIpv6RuleSwAclState OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to software ACL state." -- ::= { swACLIpv6RuleEntry 13 } -- -- swACLIpv6RuleRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swACLIpv6RuleEntry 12 } --*************************************************************************** --swCpuAclEthernetTable --*************************************************************************** swCpuAclEthernetTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL mask of Ethernet information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's layer 2 part of header the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields. " ::= { swCpuAclMaskMgmt 1 } swCpuAclEthernetEntry OBJECT-TYPE SYNTAX SwCpuAclEthernetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL of Ethernet." INDEX { swCpuAclEthernetProfileID } ::= { swCpuAclEthernetTable 1 } SwCpuAclEthernetEntry ::= SEQUENCE { swCpuAclEthernetProfileID INTEGER, swCpuAclEthernetUsevlan INTEGER, swCpuAclEthernetMacAddrMaskState INTEGER, swCpuAclEthernetSrcMacAddrMask MacAddress, swCpuAclEthernetDstMacAddrMask MacAddress, swCpuAclEthernetUse8021p INTEGER, swCpuAclEthernetUseEthernetType INTEGER, swCpuAclEthernetRowStatus RowStatus } swCpuAclEthernetProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swCpuAclEthernetEntry 1 } swCpuAclEthernetUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine the VLAN part of each packet header." ::= { swCpuAclEthernetEntry 2 } swCpuAclEthernetMacAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-mac-addr(2), src-mac-addr(3), dst-src-mac-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of MAC address mask. other(1) - Neither source MAC address nor destination MAC address are masked. dst-mac-addr(2) - recieved frames's destination MAC address are currently used to be filtered as it meets with the MAC address entry of the table. src-mac-addr(3) - recieved frames's source MAC address are currently used to be filtered as it meets with the MAC address entry of the table. dst-src-mac-addr(4) - recieved frames's destination MAC address or source MAC address are currently used to be filtered as it meets with the MAC address entry of the table." ::= { swCpuAclEthernetEntry 3 } swCpuAclEthernetSrcMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies the MAC address mask for the source MAC address." ::= { swCpuAclEthernetEntry 4 } swCpuAclEthernetDstMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies the MAC address mask for the destination MAC address." ::= { swCpuAclEthernetEntry 5 } swCpuAclEthernetUse8021p OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the 802.1p priority value in the frame's header or not." ::= { swCpuAclEthernetEntry 6 } swCpuAclEthernetUseEthernetType OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies if the switch will examine the Ethernet type value in each frame's header or not." ::= { swCpuAclEthernetEntry 7 } swCpuAclEthernetRowStatus OBJECT-TYPE --swCpuAclEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclEthernetEntry 8 } --*************************************************************************** --swCpuAclIpTable --*************************************************************************** swCpuAclIpTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL mask of IP information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's IP layer part of header the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields." ::= { swCpuAclMaskMgmt 2 } swCpuAclIpEntry OBJECT-TYPE SYNTAX SwCpuAclIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL of IP Layer." INDEX { swCpuAclIpProfileID } ::= { swCpuAclIpTable 1 } SwCpuAclIpEntry ::= SEQUENCE { swCpuAclIpProfileID INTEGER, swCpuAclIpUsevlan INTEGER, swCpuAclIpIpAddrMaskState INTEGER, swCpuAclIpSrcIpAddrMask IpAddress, swCpuAclIpDstIpAddrMask IpAddress, swCpuAclIpUseDSCP INTEGER, swCpuAclIpUseProtoType INTEGER, swCpuAclIpIcmpOption INTEGER, swCpuAclIpIgmpOption INTEGER, swCpuAclIpTcpOption INTEGER, swCpuAclIpUdpOption INTEGER, swCpuAclIpTCPorUDPSrcPortMask OCTET STRING, swCpuAclIpTCPorUDPDstPortMask OCTET STRING, swCpuAclIpTCPFlagBit INTEGER, swCpuAclIpTCPFlagBitMask INTEGER, swCpuAclIpProtoIDOption INTEGER, swCpuAclIpProtoIDMask OCTET STRING, swCpuAclIpRowStatus RowStatus } swCpuAclIpProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swCpuAclIpEntry 1 } swCpuAclIpUsevlan OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates if IP layer vlan is examined or not." ::= { swCpuAclIpEntry 2 } swCpuAclIpIpAddrMaskState OBJECT-TYPE SYNTAX INTEGER { other(1), dst-ip-addr(2), src-ip-addr(3), dst-src-ip-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of IP address mask. other(1) - Neither source IP address nor destination IP address are masked. dst-ip-addr(2) - recieved frames's destination IP address are currently used to be filtered as it meets with the IP address entry of the table. src-ip-addr(3) - recieved frames's source IP address are currently used to be filtered as it meets with the IP address entry of the table. dst-src-ip-addr(4) - recieved frames's destination IP address or source IP address are currently used to be filtered as it meets with the IP address entry of the table." ::= { swCpuAclIpEntry 3 } swCpuAclIpSrcIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies IP address mask for the source IP address." ::= { swCpuAclIpEntry 4 } swCpuAclIpDstIpAddrMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object Specifies the IP address mask for the destination IP address." ::= { swCpuAclIpEntry 5 } swCpuAclIpUseDSCP OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates DSCP protocol is is examined or not." ::= { swCpuAclIpEntry 6 } swCpuAclIpUseProtoType OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-create STATUS current DESCRIPTION "That object indicates which protocol will be examined." ::= { swCpuAclIpEntry 7 } swCpuAclIpIcmpOption OBJECT-TYPE SYNTAX INTEGER { none(1), type(2), code(3), type-code(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates which fields should be filled in of ICMP. none(1)- two fields are null. type(2)- type field should be filled in. code(3)- code field should be filled in. type-code(4)- not only type fileld but code field should be filled in. " ::= { swCpuAclIpEntry 8 } swCpuAclIpIgmpOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates Options of IGMP is examined or not." ::= { swCpuAclIpEntry 9 } swCpuAclIpTcpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered address of TCP. other(1) - Neither source port nor destination port are masked. dst-addr(2) - recieved frames's destination port are currently used to be filtered . src-addr(3) - recieved frames's source port are currently used to be filtered . dst-src-addr(4) - both recieved frames's destination port and source port are currently used to be filtered ." ::= { swCpuAclIpEntry 10 } swCpuAclIpUdpOption OBJECT-TYPE SYNTAX INTEGER { other(1), dst-addr(2), src-addr(3), dst-src-addr(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of filtered address of UDP . other(1) - Neither source port nor destination port are masked. dst-addr(2) - recieved frames's destination port are currently used to be filtered . src-addr(3) - recieved frames's source port are currently used to be filtered . dst-src-addr(4) - recieved frames's destination port or source port are currently used to be filtered." ::= { swCpuAclIpEntry 11 } swCpuAclIpTCPorUDPSrcPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the source port if swCpuAclIpUseProtoType is TCP Specifies a UDP port mask for the source port if swCpuAclIpUseProtoType is UDP. " ::= { swCpuAclIpEntry 12 } swCpuAclIpTCPorUDPDstPortMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP port mask for the destination port if swCpuAclIpUseProtoType is TCP Specifies a UDP port mask for the destination port if swCpuAclIpUseProtoType is UDP." ::= { swCpuAclIpEntry 13 } swCpuAclIpTCPFlagBit OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies a TCP connection flag mask." ::= { swCpuAclIpEntry 14 } swCpuAclIpTCPFlagBitMask OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offers. The value is a sum. This sum initially takes the value zero, Then, for each flag, L, in the range 1 through 6, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example,it you want to enable urg bit and ack bit,you should set vlaue 48(2^(5-1) + 2^(6-1))." ::= { swCpuAclIpEntry 15 } swCpuAclIpProtoIDOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the switch will examine each frame's Protocol ID field or not." ::= { swCpuAclIpEntry 16 } swCpuAclIpProtoIDMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the IP protocol ID and the mask options behind the IP header." ::= { swCpuAclIpEntry 17 } swCpuAclIpRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpEntry 18 } --*************************************************************************** --swCpuAclPktContMaskTable --*************************************************************************** swCpuAclPktContMaskTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL mask of user-defined information. Access profiles will be created on the switch by row creation and to define which parts of each incoming frame's user-defined part of header the switch will examine. Masks can be entered that will be combined with the values the switch finds in the specified frame header fields. " ::= { swCpuAclMaskMgmt 3 } swCpuAclPktContMaskEntry OBJECT-TYPE SYNTAX SwCpuAclPktContMaskEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL of user-defined." INDEX { swCpuAclPktContMaskProfileID } ::= { swCpuAclPktContMaskTable 1 } SwCpuAclPktContMaskEntry ::= SEQUENCE { swCpuAclPktContMaskProfileID INTEGER, swCpuAclPktContMaskOffset0to15 OCTET STRING, swCpuAclPktContMaskOffset16to31 OCTET STRING, swCpuAclPktContMaskOffset32to47 OCTET STRING, swCpuAclPktContMaskOffset48to63 OCTET STRING, swCpuAclPktContMaskOffset64to79 OCTET STRING, swCpuAclPktContMaskRowStatus RowStatus } swCpuAclPktContMaskProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swCpuAclPktContMaskEntry 1 } swCpuAclPktContMaskOffset0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content(Offset0to15) and the mask options." ::= { swCpuAclPktContMaskEntry 2 } swCpuAclPktContMaskOffset16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content(Offset16to31) and the mask options." ::= { swCpuAclPktContMaskEntry 3 } swCpuAclPktContMaskOffset32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content(Offset32to47) and the mask options." ::= { swCpuAclPktContMaskEntry 4 } swCpuAclPktContMaskOffset48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content(Offset48to63) and the mask options." ::= { swCpuAclPktContMaskEntry 5 } swCpuAclPktContMaskOffset64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the packet content(Offset64to79) and the mask options." ::= { swCpuAclPktContMaskEntry 6 } swCpuAclPktContMaskRowStatus OBJECT-TYPE --swCpuAclEthernetState SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclPktContMaskEntry 7 } --*************************************************************************** --swCpuAclIpv6MaskTable --*************************************************************************** -- swCpuAclIpv6MaskTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwCpuAclIpv6MaskEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contain ACL mask of user-defined information. -- Access profiles will be created on the switch by row creation and to -- define which parts of each incoming frame's ipv6 part of header -- the switch will examine. Masks can be entered that will be combined -- with the values the switch finds in the specified frame header fields. " -- ::= { swCpuAclMaskMgmt 4 } -- -- swCpuAclIpv6MaskEntry OBJECT-TYPE -- SYNTAX SwCpuAclIpv6MaskEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about ACL of user-defined." -- INDEX { swCpuAclIpv6MaskProfileID } -- ::= { swCpuAclIpv6MaskTable 1 } -- -- SwCpuAclIpv6MaskEntry ::= -- SEQUENCE { -- swCpuAclIpv6MaskProfileID -- INTEGER, -- swCpuAclIpv6MaskClass -- INTEGER, -- swCpuAclIpv6MaskFlowlabel -- INTEGER, -- swCpuAclIpv6IpAddrMaskState -- INTEGER, -- swCpuAclIpv6MaskSrcIpv6Mask -- Ipv6Address, -- swCpuAclIpv6MaskDstIpv6Mask -- Ipv6Address, -- swCpuAclIpv6MaskRowStatus -- RowStatus -- } -- swCpuAclIpv6MaskProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swCpuAclIpv6MaskEntry 1 } -- -- swCpuAclIpv6MaskClass OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the IPv6 class field and the mask options." -- ::= { swCpuAclIpv6MaskEntry 2 } -- -- swCpuAclIpv6MaskFlowlabel OBJECT-TYPE -- SYNTAX INTEGER { -- enable(1), -- disable(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the IPv6 flowlabel field and the mask options." -- ::= { swCpuAclIpv6MaskEntry 3 } -- -- swCpuAclIpv6IpAddrMaskState OBJECT-TYPE -- SYNTAX INTEGER { -- other(1), -- dst-ipv6-addr(2), -- src-ipv6-addr(3), -- dst-src-ipv6-addr(4) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of IPv6 address mask. -- -- other(1) - Neither source IPv6 address nor destination IPv6 address are -- masked. -- dst-ipv6-addr(2) - recieved frames's destination IPv6 address are -- currently used to be filtered as it meets with the IPv6 -- address entry of the table. -- src-ipv6-addr(3) - recieved frames's source IPv6 address are currently -- used to be filtered as it meets with the IPv6 address entry of -- the table. -- dst-src-ipv6-addr(4) - recieved frames's destination IPv6 address or -- source IPv6 address are currently used to be filtered as it meets -- with the IPv6 address entry of the table." -- ::= { swCpuAclIpv6MaskEntry 4 } -- -- swCpuAclIpv6MaskSrcIpv6Mask OBJECT-TYPE -- SYNTAX Ipv6Address -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the Source IPv6 address and the mask options. -- This should be 16 byte octet string." -- ::= { swCpuAclIpv6MaskEntry 5 } -- -- swCpuAclIpv6MaskDstIpv6Mask OBJECT-TYPE -- SYNTAX Ipv6Address -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the Destination IPv6 address and the mask options. -- This should be 16 byte octet string." -- ::= { swCpuAclIpv6MaskEntry 6 } -- -- swCpuAclIpv6MaskRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swCpuAclIpv6MaskEntry 7 } --*************************************************************************** --swCpuAclEtherRuleTable --*************************************************************************** swCpuAclEtherRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL rule of ethernet information." ::= { swCpuAclRuleMgmt 1 } swCpuAclEtherRuleEntry OBJECT-TYPE SYNTAX SwCpuAclEtherRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL rule of the layer 2 part of each packet." INDEX { swCpuAclEtherRuleProfileID,swCpuAclEtherRuleAccessID } ::= { swCpuAclEtherRuleTable 1 } SwCpuAclEtherRuleEntry ::= SEQUENCE { swCpuAclEtherRuleProfileID INTEGER, swCpuAclEtherRuleAccessID INTEGER, swCpuAclEtherRuleVlan SnmpAdminString, swCpuAclEtherRuleSrcMacAddress MacAddress, swCpuAclEtherRuleDstMacAddress MacAddress, swCpuAclEtherRule8021P INTEGER, swCpuAclEtherRuleEtherType OCTET STRING, swCpuAclEtherRulePermit INTEGER, swCpuAclEtherRuleEtherPort PortList, swCpuAclEtherRuleRowStatus RowStatus } swCpuAclEtherRuleProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swCpuAclEtherRuleEntry 1 } swCpuAclEtherRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL rule entry relate to swCpuAclEtherRuleProfileID." ::= { swCpuAclEtherRuleEntry 2 } swCpuAclEtherRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only to this VLAN." ::= { swCpuAclEtherRuleEntry 3 } swCpuAclEtherRuleSrcMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only packets with this source MAC address." ::= { swCpuAclEtherRuleEntry 4 } swCpuAclEtherRuleDstMacAddress OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only packets with this destination MAC address." ::= { swCpuAclEtherRuleEntry 5 } swCpuAclEtherRule8021P OBJECT-TYPE SYNTAX INTEGER(0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with this 802.1p priority value." ::= { swCpuAclEtherRuleEntry 6 } swCpuAclEtherRuleEtherType OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply only to packets with this hexidecimal 802.1Q Ethernet type value in the packet header." ::= { swCpuAclEtherRuleEntry 7 } swCpuAclEtherRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates resoult of examination is permit or deny;default is permit(1) permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that do not match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclEtherRuleEntry 8 } swCpuAclEtherRuleEtherPort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only to port(s)." ::= { swCpuAclEtherRuleEntry 9 } swCpuAclEtherRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclEtherRuleEntry 10 } --*************************************************************************** --swCpuAclIpRuleTable --*************************************************************************** swCpuAclIpRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" ::= { swCpuAclRuleMgmt 2 } swCpuAclIpRuleEntry OBJECT-TYPE SYNTAX SwCpuAclIpRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "" INDEX { swCpuAclIpRuleProfileID , swCpuAclIpRuleAccessID } ::= { swCpuAclIpRuleTable 1 } SwCpuAclIpRuleEntry ::= SEQUENCE { swCpuAclIpRuleProfileID INTEGER, swCpuAclIpRuleAccessID INTEGER, swCpuAclIpRuleVlan SnmpAdminString, swCpuAclIpRuleSrcIpaddress IpAddress, swCpuAclIpRuleDstIpaddress IpAddress, swCpuAclIpRuleDscp INTEGER, swCpuAclIpRuleProtocol INTEGER, swCpuAclIpRuleType INTEGER, swCpuAclIpRuleCode INTEGER, swCpuAclIpRuleSrcPort INTEGER, swCpuAclIpRuleDstPort INTEGER, swCpuAclIpRuleFlagBits INTEGER, swCpuAclIpRuleProtoID INTEGER, swCpuAclIpRuleUserMask OCTET STRING, swCpuAclIpRulePermit INTEGER, swCpuAclIpRulePort PortList, swCpuAclIpRuleRowStatus RowStatus } swCpuAclIpRuleProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swCpuAclIpRuleEntry 1 } swCpuAclIpRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only --read-create STATUS current DESCRIPTION "The ID of CpuAcl IP rule entry ." ::= { swCpuAclIpRuleEntry 2 } swCpuAclIpRuleVlan OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only to this VLAN." ::= { swCpuAclIpRuleEntry 3 } swCpuAclIpRuleSrcIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specific an IP source address." ::= { swCpuAclIpRuleEntry 4 } swCpuAclIpRuleDstIpaddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Specific an IP destination address." ::= { swCpuAclIpRuleEntry 5 } swCpuAclIpRuleDscp OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the value of dscp, the value can be configured 0 to 63" ::= { swCpuAclIpRuleEntry 6 } swCpuAclIpRuleProtocol OBJECT-TYPE SYNTAX INTEGER { none(1), icmp(2), igmp(3), tcp(4), udp(5), protocolId(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "Specifies the IP protocol which has been configured in swCpuAclIpEntry ." ::= { swCpuAclIpRuleEntry 7 } swCpuAclIpRuleType OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the value of icmp type traffic." ::= { swCpuAclIpRuleEntry 8 } swCpuAclIpRuleCode OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the value of icmp code traffic." ::= { swCpuAclIpRuleEntry 9 } swCpuAclIpRuleSrcPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies the range of tcp/udp source port" ::= { swCpuAclIpRuleEntry 10 } swCpuAclIpRuleDstPort OBJECT-TYPE SYNTAX INTEGER(0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific the range of tcp/udp destination port range" ::= { swCpuAclIpRuleEntry 11 } swCpuAclIpRuleFlagBits OBJECT-TYPE SYNTAX INTEGER(0..63) MAX-ACCESS read-create STATUS current DESCRIPTION "A value which indicates the set of TCP flags that this entity may potentially offers. The value is a sum. This sum initially takes the value zero, Then, for each flag, L, in the range 1 through 6, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. Note that values should be calculated accordingly: Flag functionality 6 urg bit 5 ack bit 4 psh bit 3 rst bit 2 syn bit 1 fin bit For example,it you want to enable urg bit and ack bit,you should set vlaue 48(2^(5-1) + 2^(6-1))." ::= { swCpuAclIpRuleEntry 12 } swCpuAclIpRuleProtoID OBJECT-TYPE SYNTAX INTEGER(0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the value of ip protocol id traffic" ::= { swCpuAclIpRuleEntry 13 } swCpuAclIpRuleUserMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE(4)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specific that the rule applies to the ip protocol id and the range of options behind the IP header." ::= { swCpuAclIpRuleEntry 14 } swCpuAclIpRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates resoult of examination is permit or deny;default is permit(1) permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that do not match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclIpRuleEntry 15 } swCpuAclIpRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only to port(s)." ::= { swCpuAclIpRuleEntry 16 } swCpuAclIpRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclIpRuleEntry 17 } --*************************************************************************** --swCpuAclPktContRuleTable --*************************************************************************** swCpuAclPktContRuleTable OBJECT-TYPE SYNTAX SEQUENCE OF SwCpuAclPktContRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contain ACL rule of user-defined information." ::= { swCpuAclRuleMgmt 3 } swCpuAclPktContRuleEntry OBJECT-TYPE SYNTAX SwCpuAclPktContRuleEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of information about ACL rule of the user-defined part of each packet." INDEX { swCpuAclPktContRuleProfileID,swCpuAclPktContRuleAccessID } ::= { swCpuAclPktContRuleTable 1 } SwCpuAclPktContRuleEntry ::= SEQUENCE { swCpuAclPktContRuleProfileID INTEGER, swCpuAclPktContRuleAccessID INTEGER, swCpuAclPktContRuleOffset0to15 OCTET STRING, swCpuAclPktContRuleOffset16to31 OCTET STRING, swCpuAclPktContRuleOffset32to47 OCTET STRING, swCpuAclPktContRuleOffset48to63 OCTET STRING, swCpuAclPktContRuleOffset64to79 OCTET STRING, swCpuAclPktContRulePermit INTEGER, swCpuAclPktContRulePort PortList, swCpuAclPktContRuleRowStatus RowStatus } swCpuAclPktContRuleProfileID OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL mask entry ,and is unique in the mask list." ::= { swCpuAclPktContRuleEntry 1 } swCpuAclPktContRuleAccessID OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The ID of ACL rule entry relate to swCpuAclPktContRuleProfileID." ::= { swCpuAclPktContRuleEntry 2 } swCpuAclPktContRuleOffset0to15 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 3 } swCpuAclPktContRuleOffset16to31 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 4 } swCpuAclPktContRuleOffset32to47 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 5 } swCpuAclPktContRuleOffset48to63 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 6 } swCpuAclPktContRuleOffset64to79 OBJECT-TYPE SYNTAX OCTET STRING (SIZE(16)) MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the rule applies to the user-defined packet." ::= { swCpuAclPktContRuleEntry 7 } swCpuAclPktContRulePermit OBJECT-TYPE SYNTAX INTEGER { deny(1), permit(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates resoult of examination is permit or deny;default is permit(1) permit - Specifies that packets that match the access profile are permitted to be forwarded by the switch. deny - Specifies that packets that do not match the access profile are not permitted to be forwarded by the switch and will be filtered." ::= { swCpuAclPktContRuleEntry 8 } swCpuAclPktContRulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) SYNTAX PortList MAX-ACCESS read-create STATUS current DESCRIPTION "Specifies that the access will apply to only to port(s)." ::= { swCpuAclPktContRuleEntry 9 } swCpuAclPktContRuleRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the status of this entry." ::= { swCpuAclPktContRuleEntry 10 } --*************************************************************************** --swCpuAclIpv6RuleTable --*************************************************************************** -- swCpuAclIpv6RuleTable OBJECT-TYPE -- SYNTAX SEQUENCE OF SwCpuAclIpv6RuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table contain ACL rule of user-defined information." -- ::= { swCpuAclRuleMgmt 4 } -- -- swCpuAclIpv6RuleEntry OBJECT-TYPE -- SYNTAX SwCpuAclIpv6RuleEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A list of information about ACL rule of the user-defined part of each packet." -- INDEX { swCpuAclIpv6RuleProfileID,swCpuAclIpv6RuleAccessID } -- ::= { swCpuAclIpv6RuleTable 1 } -- -- SwCpuAclIpv6RuleEntry ::= -- SEQUENCE { -- swCpuAclIpv6RuleProfileID -- INTEGER, -- swCpuAclIpv6RuleAccessID -- INTEGER, -- swCpuAclIpv6RuleClass -- INTEGER, -- swCpuAclIpv6RuleFlowlabel -- OCTET STRING, -- swCpuAclIpv6RuleSrcIpv6Addr -- Ipv6Address, -- swCpuAclIpv6RuleDstIpv6Addr -- Ipv6Address, -- swCpuAclIpv6RulePermit -- INTEGER, -- swCpuAclIpv6RulePort -- PortList, -- swCpuAclIpv6RuleRowStatus -- RowStatus -- } -- swCpuAclIpv6RuleProfileID OBJECT-TYPE -- SYNTAX INTEGER (1..255) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL mask entry ,and is unique in the mask list." -- ::= { swCpuAclIpv6RuleEntry 1 } -- -- swCpuAclIpv6RuleAccessID OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The ID of ACL rule entry relate to swCpuAclIpv6RuleProfileID." -- ::= { swCpuAclIpv6RuleEntry 2 } -- -- swCpuAclIpv6RuleClass OBJECT-TYPE -- SYNTAX INTEGER (0..255) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the IPv6 class filed." -- ::= { swCpuAclIpv6RuleEntry 3 } -- -- swCpuAclIpv6RuleFlowlabel OBJECT-TYPE -- SYNTAX OCTET STRING (SIZE(4)) -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the IPv6 flowlabel filed." -- ::= { swCpuAclIpv6RuleEntry 4 } -- -- swCpuAclIpv6RuleSrcIpv6Addr OBJECT-TYPE -- SYNTAX Ipv6Address -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the source IPv6 address. -- This should be 16 byte octet string." -- ::= { swCpuAclIpv6RuleEntry 5 } -- -- swCpuAclIpv6RuleDstIpv6Addr OBJECT-TYPE -- SYNTAX Ipv6Address -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the rule applies to the destination IPv6 address. -- This should be 16 byte octet string." -- ::= { swCpuAclIpv6RuleEntry 6 } -- -- swCpuAclIpv6RulePermit OBJECT-TYPE -- SYNTAX INTEGER { -- deny(1), -- permit(2) -- } -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates resoult of examination is permit or deny;default is permit(1) -- permit - Specifies that packets that match the access profile are -- permitted to be forwarded by the switch. -- deny - Specifies that packets that do not match the access profile -- are not permitted to be forwarded by the switch and will be filtered." -- ::= { swCpuAclIpv6RuleEntry 7 } -- -- swCpuAclIpv6RulePort OBJECT-TYPE -- SYNTAX INTEGER (1..65535) -- SYNTAX PortList -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "Specifies that the access will apply to only to port(s)." -- ::= { swCpuAclIpv6RuleEntry 8 } -- -- swCpuAclIpv6RuleRowStatus OBJECT-TYPE -- SYNTAX RowStatus -- MAX-ACCESS read-create -- STATUS current -- DESCRIPTION -- "This object indicates the status of this entry." -- ::= { swCpuAclIpv6RuleEntry 9 } END