2018-05-19 23:38:39 +02:00
|
|
|
NETGEAR-QOS-ACL-MIB DEFINITIONS ::= BEGIN
|
|
|
|
|
|
|
|
-- LVL7 Quality of Service - ACL Package MIB
|
|
|
|
-- Copyright LVL7 Systems (2002-2005) All rights reserved.
|
|
|
|
|
|
|
|
-- This SNMP Management Information Specification
|
|
|
|
-- embodies LVL7 System's confidential and proprietary
|
|
|
|
-- intellectual property. LVL7 Systems retains all title
|
|
|
|
-- and ownership in the Specification including any revisions.
|
|
|
|
|
|
|
|
-- This Specification is supplied "AS IS", LVL7 Systems
|
|
|
|
-- makes no warranty, either expressed or implied,
|
|
|
|
-- as to the use, operation, condition, or performance of the
|
|
|
|
-- Specification.
|
|
|
|
|
|
|
|
|
|
|
|
IMPORTS
|
|
|
|
TEXTUAL-CONVENTION FROM SNMPv2-TC
|
|
|
|
MODULE-IDENTITY, OBJECT-TYPE, IpAddress,
|
|
|
|
Integer32, Unsigned32 FROM SNMPv2-SMI
|
|
|
|
RowStatus,MacAddress,TruthValue FROM SNMPv2-TC
|
|
|
|
|
|
|
|
DisplayString FROM RFC1213-MIB
|
|
|
|
InterfaceIndexOrZero FROM IF-MIB
|
|
|
|
|
|
|
|
agentQOS FROM NETGEAR-QOS-MIB;
|
|
|
|
|
|
|
|
agentQOSACL MODULE-IDENTITY
|
|
|
|
LAST-UPDATED "200409200000Z" -- 09 Sep 2004 12:00:00 GMT
|
|
|
|
ORGANIZATION "Netgear"
|
|
|
|
CONTACT-INFO
|
|
|
|
""
|
|
|
|
DESCRIPTION
|
|
|
|
"The MIB definitions for Quality of Service - ACL Flex package."
|
|
|
|
|
|
|
|
-- Revision history.
|
|
|
|
REVISION
|
|
|
|
"200409200000Z" -- 20 Sep 2004 12:00:00 GMT
|
|
|
|
DESCRIPTION
|
|
|
|
"Added L2 MAC ACL support."
|
|
|
|
REVISION
|
|
|
|
"200311210000Z" -- 21 Nov 2003 12:00:00 GMT
|
|
|
|
DESCRIPTION
|
|
|
|
"Revisions made for new release."
|
|
|
|
REVISION
|
|
|
|
"200302062334Z" -- 6 February 2003
|
|
|
|
DESCRIPTION
|
|
|
|
"Updated for release"
|
|
|
|
::= { agentQOS 2 }
|
|
|
|
|
|
|
|
|
|
|
|
EtypeValue ::= TEXTUAL-CONVENTION
|
|
|
|
DISPLAY-HINT "x"
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Ethertype value of a packet. The allowed value is 0x0600 to 0xFFFF."
|
|
|
|
SYNTAX Unsigned32 (1536..65535) -- hex value 0x0600 to 0xFFFF
|
|
|
|
|
|
|
|
|
|
|
|
--**************************************************************************************
|
|
|
|
|
|
|
|
aclTable OBJECT-TYPE
|
|
|
|
SYNTAX SEQUENCE OF AclEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"A table of ACL instances."
|
|
|
|
::= { agentQOSACL 1 }
|
|
|
|
|
|
|
|
aclEntry OBJECT-TYPE
|
|
|
|
SYNTAX AclEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
""
|
|
|
|
INDEX { aclIndex }
|
|
|
|
::= { aclTable 1 }
|
|
|
|
|
|
|
|
AclEntry ::= SEQUENCE {
|
|
|
|
aclIndex
|
|
|
|
Integer32,
|
|
|
|
aclStatus
|
|
|
|
RowStatus
|
|
|
|
}
|
|
|
|
|
|
|
|
aclIndex OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The IP ACL table index this instance is associated with."
|
|
|
|
::= { aclEntry 1 }
|
|
|
|
|
|
|
|
aclStatus OBJECT-TYPE
|
|
|
|
SYNTAX RowStatus
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Status of this instance. Entries can not be deleted until all rows in
|
|
|
|
the aclIfTable and aclRuleTable with corresponding values of aclIndex
|
|
|
|
have been deleted.
|
|
|
|
|
|
|
|
active(1) - this ACL instance is active
|
|
|
|
createAndGo(4) - set to this value to create an instance
|
|
|
|
destroy(6) - set to this value to delete an instance"
|
|
|
|
::= { aclEntry 3 }
|
|
|
|
|
|
|
|
--**************************************************************************************
|
|
|
|
|
|
|
|
aclIfTable OBJECT-TYPE
|
|
|
|
SYNTAX SEQUENCE OF AclIfEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"A table of ACL interface instances per direction."
|
|
|
|
::= { agentQOSACL 2 }
|
|
|
|
|
|
|
|
aclIfEntry OBJECT-TYPE
|
|
|
|
SYNTAX AclIfEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
""
|
|
|
|
INDEX { aclIfIndex, aclIfDirection, aclIfSequence, aclIfAclType, aclIfAclId }
|
|
|
|
::= { aclIfTable 1 }
|
|
|
|
|
|
|
|
AclIfEntry ::= SEQUENCE {
|
|
|
|
aclIfIndex
|
|
|
|
Integer32,
|
|
|
|
aclIfDirection
|
|
|
|
INTEGER,
|
|
|
|
aclIfSequence
|
|
|
|
Unsigned32,
|
|
|
|
aclIfAclType
|
|
|
|
INTEGER,
|
|
|
|
aclIfAclId
|
|
|
|
Integer32,
|
|
|
|
aclIfStatus
|
|
|
|
RowStatus
|
|
|
|
}
|
|
|
|
|
|
|
|
aclIfIndex OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The interface to which this ACL instance applies."
|
|
|
|
::= { aclIfEntry 1 }
|
|
|
|
|
|
|
|
aclIfDirection OBJECT-TYPE
|
|
|
|
SYNTAX INTEGER {
|
|
|
|
inbound(1),
|
|
|
|
outbound(2)
|
|
|
|
}
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The interface direction to which this ACL instance applies."
|
|
|
|
::= { aclIfEntry 2 }
|
|
|
|
|
|
|
|
aclIfSequence OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32 (1..4294967295)
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The relative evaluation sequence of this ACL for this
|
|
|
|
interface and direction. When multiple ACLs are allowed
|
|
|
|
for a given interface and direction, the sequence number
|
|
|
|
determines the order in which the list of ACLs are evaluated,
|
|
|
|
with lower sequence numbers given higher precedence. The
|
|
|
|
sequence number value is arbitrary, but must be a unique
|
|
|
|
non-zero value for a given interface and direction.
|
|
|
|
|
|
|
|
Setting this object to an existing sequence number
|
|
|
|
value for a given interface and direction causes the
|
|
|
|
ACL corresponding to that value to be replaced with
|
|
|
|
this ACL."
|
|
|
|
::= { aclIfEntry 3 }
|
|
|
|
|
|
|
|
aclIfAclType OBJECT-TYPE
|
|
|
|
SYNTAX INTEGER {
|
|
|
|
ip(1),
|
|
|
|
mac(2)
|
|
|
|
}
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The type of this ACL, which is used to interpret the
|
|
|
|
aclIfId object value. Each type of ACL uses its own
|
|
|
|
numbering scheme for identification (see aclIfId object
|
|
|
|
for details).
|
|
|
|
|
|
|
|
The aclIfId object must be specified along with this
|
|
|
|
object."
|
|
|
|
::= { aclIfEntry 4 }
|
|
|
|
|
|
|
|
aclIfAclId OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The ACL identifier value, which is interpreted based on
|
|
|
|
the aclIfType object.
|
|
|
|
|
|
|
|
For the IP ACLs, the actual ACL number is its identifier
|
|
|
|
as follows: IP standard ranges from 1-99, while
|
|
|
|
IP extended ranges from 100-199. Here, aclIfAclId represents
|
|
|
|
aclIndex.
|
|
|
|
|
|
|
|
The MAC ACLs use an internally-generated index value
|
|
|
|
that is assigned when the ACL is created.Here, aclIfAclId
|
|
|
|
represents aclMacIndex.
|
|
|
|
|
|
|
|
The aclIfType object must be specified along with
|
|
|
|
this object."
|
|
|
|
::= { aclIfEntry 5 }
|
|
|
|
|
|
|
|
aclIfStatus OBJECT-TYPE
|
|
|
|
SYNTAX RowStatus
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Status of this instance.
|
|
|
|
|
|
|
|
active(1) - this ACL interface instance is active
|
|
|
|
createAndGo(4) - set to this value to assign an ACL to an interface and direction
|
|
|
|
destroy(6) - set to this value to remove an ACL from an interface and direction"
|
|
|
|
::= { aclIfEntry 6 }
|
|
|
|
|
|
|
|
|
|
|
|
--**************************************************************************************
|
|
|
|
-- Layer 3 IP Access List Rules
|
|
|
|
--
|
|
|
|
--**************************************************************************************
|
|
|
|
|
|
|
|
aclRuleTable OBJECT-TYPE
|
|
|
|
SYNTAX SEQUENCE OF AclRuleEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"A table of IP ACL Rule instances."
|
|
|
|
::= { agentQOSACL 4 }
|
|
|
|
|
|
|
|
aclRuleEntry OBJECT-TYPE
|
|
|
|
SYNTAX AclRuleEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"A table of IP ACL Classification Rules"
|
|
|
|
INDEX { aclIndex, aclRuleIndex }
|
|
|
|
::= { aclRuleTable 1 }
|
|
|
|
|
|
|
|
AclRuleEntry ::= SEQUENCE {
|
|
|
|
aclRuleIndex
|
|
|
|
Integer32,
|
|
|
|
aclRuleAction
|
|
|
|
INTEGER,
|
|
|
|
aclRuleProtocol
|
|
|
|
Integer32,
|
|
|
|
aclRuleSrcIpAddress
|
|
|
|
IpAddress,
|
|
|
|
aclRuleSrcIpMask
|
|
|
|
IpAddress,
|
|
|
|
aclRuleSrcL4Port
|
|
|
|
Integer32,
|
|
|
|
aclRuleSrcL4PortRangeStart
|
|
|
|
Integer32,
|
|
|
|
aclRuleSrcL4PortRangeEnd
|
|
|
|
Integer32,
|
|
|
|
aclRuleDestIpAddress
|
|
|
|
IpAddress,
|
|
|
|
aclRuleDestIpMask
|
|
|
|
IpAddress,
|
|
|
|
aclRuleDestL4Port
|
|
|
|
Integer32,
|
|
|
|
aclRuleDestL4PortRangeStart
|
|
|
|
Integer32,
|
|
|
|
aclRuleDestL4PortRangeEnd
|
|
|
|
Integer32,
|
|
|
|
aclRuleIPDSCP
|
|
|
|
Integer32,
|
|
|
|
aclRuleIpPrecedence
|
|
|
|
Integer32,
|
|
|
|
aclRuleIpTosBits
|
|
|
|
Integer32,
|
|
|
|
aclRuleIpTosMask
|
|
|
|
Integer32,
|
|
|
|
aclRuleStatus
|
|
|
|
RowStatus,
|
|
|
|
aclRuleAssignQueueId
|
|
|
|
Unsigned32,
|
|
|
|
aclRuleRedirectIntf
|
|
|
|
InterfaceIndexOrZero,
|
|
|
|
aclRuleMatchEvery
|
|
|
|
TruthValue
|
|
|
|
}
|
|
|
|
|
|
|
|
aclRuleIndex OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The index of this rule instance within an IP ACL."
|
|
|
|
::= { aclRuleEntry 1 }
|
|
|
|
|
|
|
|
aclRuleAction OBJECT-TYPE
|
|
|
|
SYNTAX INTEGER {
|
|
|
|
permit(1),
|
|
|
|
deny(2)
|
|
|
|
}
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The type of action this rule should perform."
|
|
|
|
DEFVAL { deny }
|
|
|
|
::= { aclRuleEntry 2 }
|
|
|
|
|
|
|
|
aclRuleProtocol OBJECT-TYPE
|
|
|
|
SYNTAX Integer32 (1..255)
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"icmp - 1
|
|
|
|
igmp - 2
|
|
|
|
ip - 4
|
|
|
|
tcp - 6
|
|
|
|
udp - 17
|
|
|
|
All values from 1 to 255 are valid."
|
|
|
|
::= { aclRuleEntry 3 }
|
|
|
|
|
|
|
|
aclRuleSrcIpAddress OBJECT-TYPE
|
|
|
|
SYNTAX IpAddress
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Source IP Address used in the ACL Classification."
|
|
|
|
::= { aclRuleEntry 4 }
|
|
|
|
|
|
|
|
aclRuleSrcIpMask OBJECT-TYPE
|
|
|
|
SYNTAX IpAddress
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Source IP Mask used in the ACL Classification.
|
|
|
|
This mask is expressed using wild-card notation,which
|
|
|
|
is the 1's compliment of traditional Subnet Masks.
|
|
|
|
Here, the 'Don't care bits' are represented by binary 1's and
|
|
|
|
'Do care bits' are represented by binary 0's. "
|
|
|
|
::= { aclRuleEntry 5 }
|
|
|
|
|
|
|
|
|
|
|
|
aclRuleSrcL4Port OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Source Port Number (Layer 4) used in the ACL Classification."
|
|
|
|
::= { aclRuleEntry 6 }
|
|
|
|
|
|
|
|
aclRuleSrcL4PortRangeStart OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Source Port Number(Layer 4) range start."
|
|
|
|
::= { aclRuleEntry 7 }
|
|
|
|
|
|
|
|
aclRuleSrcL4PortRangeEnd OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Source Port Number(Layer 4) range end."
|
|
|
|
::= { aclRuleEntry 8 }
|
|
|
|
|
|
|
|
aclRuleDestIpAddress OBJECT-TYPE
|
|
|
|
SYNTAX IpAddress
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Destination IP Address used in the ACL Classification."
|
|
|
|
::= { aclRuleEntry 9 }
|
|
|
|
|
|
|
|
aclRuleDestIpMask OBJECT-TYPE
|
|
|
|
SYNTAX IpAddress
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Destination IP Mask used in the ACL Classification.
|
|
|
|
This mask is expressed using wild-card notation,which
|
|
|
|
is the 1's compliment of traditional Subnet Masks.
|
|
|
|
Here, the 'Don't care bits' are represented by binary 1's and
|
|
|
|
'Do care bits' are represented by binary 0's. "
|
|
|
|
::= { aclRuleEntry 10 }
|
|
|
|
|
|
|
|
aclRuleDestL4Port OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Destination Port (Layer 4) used in ACl classification."
|
|
|
|
::= { aclRuleEntry 11 }
|
|
|
|
|
|
|
|
aclRuleDestL4PortRangeStart OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Destination Port (Layer 4) starting range used in ACL classification."
|
|
|
|
::= { aclRuleEntry 12 }
|
|
|
|
|
|
|
|
aclRuleDestL4PortRangeEnd OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Destination Port (Layer 4) ending range used in ACL classification."
|
|
|
|
::= { aclRuleEntry 13 }
|
|
|
|
|
|
|
|
aclRuleIPDSCP OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Differentiated Services Code Point value."
|
|
|
|
::= { aclRuleEntry 14 }
|
|
|
|
|
|
|
|
aclRuleIpPrecedence OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Type of Service (TOS) IP Precedence value."
|
|
|
|
::= { aclRuleEntry 15 }
|
|
|
|
|
|
|
|
aclRuleIpTosBits OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Type of Service (TOS) Bits value."
|
|
|
|
::= { aclRuleEntry 16 }
|
|
|
|
|
|
|
|
aclRuleIpTosMask OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Type of Service (TOS) Mask value."
|
|
|
|
::= { aclRuleEntry 17 }
|
|
|
|
|
|
|
|
aclRuleStatus OBJECT-TYPE
|
|
|
|
SYNTAX RowStatus
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Status of this instance.
|
|
|
|
|
|
|
|
active(1) - this ACL Rule is active
|
|
|
|
createAndGo(4) - set to this value to create an instance
|
|
|
|
destroy(6) - set to this value to delete an instance"
|
|
|
|
::= { aclRuleEntry 18 }
|
|
|
|
|
|
|
|
aclRuleAssignQueueId OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Queue identifier to which all inbound packets matching this
|
|
|
|
ACL rule are directed. This object defaults to the standard
|
|
|
|
queue assignment for user priority 0 traffic per the IEEE 802.1D
|
|
|
|
specification based on the number of assignable queues in the
|
|
|
|
system:
|
|
|
|
1-3 queues: 0
|
|
|
|
4-7 queues: 1
|
|
|
|
8 queues: 2
|
|
|
|
This default assignment is static and is not influenced by
|
|
|
|
other system configuration changes."
|
|
|
|
::= { aclRuleEntry 19 }
|
|
|
|
|
|
|
|
aclRuleRedirectIntf OBJECT-TYPE
|
|
|
|
SYNTAX InterfaceIndexOrZero
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"A non-zero value indicates the external ifIndex to which all
|
|
|
|
inbound packets matching this ACL rule are directed. A
|
|
|
|
value of zero means packet redirection is not in effect, which
|
|
|
|
is the default value of this object."
|
|
|
|
DEFVAL { 0 }
|
|
|
|
::= { aclRuleEntry 20 }
|
|
|
|
|
|
|
|
aclRuleMatchEvery OBJECT-TYPE
|
|
|
|
SYNTAX TruthValue
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Flag to indicate that the acl rule is defined to match on every IP packet,
|
|
|
|
regardless of content."
|
|
|
|
::= { aclRuleEntry 21 }
|
|
|
|
|
|
|
|
|
|
|
|
--**************************************************************************************
|
|
|
|
-- Layer 2 MAC Access Lists
|
|
|
|
--
|
|
|
|
--**************************************************************************************
|
|
|
|
|
|
|
|
aclMacGroup OBJECT IDENTIFIER ::= { agentQOSACL 5 }
|
|
|
|
|
|
|
|
aclMacIndexNextFree OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS read-only
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"This object contains an unused value for the aclMacIndex
|
|
|
|
to be used when creating a new MAC ACL. A value of zero
|
|
|
|
zero indicates the ACL table is full."
|
|
|
|
::= { aclMacGroup 1 }
|
|
|
|
|
|
|
|
--**************************************************************************************
|
|
|
|
|
|
|
|
aclMacTable OBJECT-TYPE
|
|
|
|
SYNTAX SEQUENCE OF AclMacEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"A table of MAC ACL instances."
|
|
|
|
::= { aclMacGroup 2 }
|
|
|
|
|
|
|
|
aclMacEntry OBJECT-TYPE
|
|
|
|
SYNTAX AclMacEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
""
|
|
|
|
INDEX { aclMacIndex }
|
|
|
|
::= { aclMacTable 1 }
|
|
|
|
|
|
|
|
AclMacEntry ::= SEQUENCE {
|
|
|
|
aclMacIndex
|
|
|
|
Integer32,
|
|
|
|
aclMacName
|
|
|
|
DisplayString,
|
|
|
|
aclMacStatus
|
|
|
|
RowStatus
|
|
|
|
}
|
|
|
|
|
|
|
|
aclMacIndex OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The MAC ACL table index this instance is associated with.
|
|
|
|
When creating a new MAC ACL, refer to the aclMacIndexNextFree
|
|
|
|
object to determine the next available aclMacIndex to use."
|
|
|
|
::= { aclMacEntry 1 }
|
|
|
|
|
|
|
|
aclMacName OBJECT-TYPE
|
|
|
|
SYNTAX DisplayString (SIZE(1..31))
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The name of this MAC ACL entry, which must consist of
|
|
|
|
1 to 31 alphanumeric characters and uniquely identify
|
|
|
|
this MAC ACL. An existing MAC ACL can be renamed by
|
|
|
|
setting this object to a new name.
|
|
|
|
|
|
|
|
This object must be set to complete a new MAC ACL
|
|
|
|
row instance."
|
|
|
|
::= { aclMacEntry 2 }
|
|
|
|
|
|
|
|
aclMacStatus OBJECT-TYPE
|
|
|
|
SYNTAX RowStatus
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Status of this instance. ACL MAC entries can not be deleted until all rows in
|
|
|
|
the aclIfTable and aclRuleTable with corresponding values of aclMacIndex
|
|
|
|
have been deleted.
|
|
|
|
|
|
|
|
active(1) - this ACL instance is active
|
|
|
|
createAndGo(4) - set to this value to create an instance
|
|
|
|
destroy(6) - set to this value to delete an instance
|
|
|
|
|
|
|
|
The aclMacName object must be set to complete this row instance."
|
|
|
|
::= { aclMacEntry 3 }
|
|
|
|
|
|
|
|
--**************************************************************************************
|
|
|
|
|
|
|
|
aclMacRuleTable OBJECT-TYPE
|
|
|
|
SYNTAX SEQUENCE OF AclMacRuleEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"A table of layer 2 MAC ACL Rule instances."
|
|
|
|
::= { aclMacGroup 3 }
|
|
|
|
|
|
|
|
aclMacRuleEntry OBJECT-TYPE
|
|
|
|
SYNTAX AclMacRuleEntry
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"A table of layer 2 MAC ACL Classification Rules"
|
|
|
|
INDEX { aclMacIndex, aclMacRuleIndex }
|
|
|
|
::= { aclMacRuleTable 1 }
|
|
|
|
|
|
|
|
AclMacRuleEntry ::= SEQUENCE {
|
|
|
|
aclMacRuleIndex
|
|
|
|
Integer32,
|
|
|
|
aclMacRuleAction
|
|
|
|
INTEGER,
|
|
|
|
aclMacRuleCos
|
|
|
|
Unsigned32,
|
|
|
|
aclMacRuleCos2
|
|
|
|
Unsigned32,
|
|
|
|
aclMacRuleDestMacAddr
|
|
|
|
MacAddress,
|
|
|
|
aclMacRuleDestMacMask
|
|
|
|
MacAddress,
|
|
|
|
aclMacRuleEtypeKey
|
|
|
|
INTEGER,
|
|
|
|
aclMacRuleEtypeValue
|
|
|
|
EtypeValue,
|
|
|
|
aclMacRuleSrcMacAddr
|
|
|
|
MacAddress,
|
|
|
|
aclMacRuleSrcMacMask
|
|
|
|
MacAddress,
|
|
|
|
aclMacRuleVlanId
|
|
|
|
Unsigned32,
|
|
|
|
aclMacRuleVlanIdRangeStart
|
|
|
|
Unsigned32,
|
|
|
|
aclMacRuleVlanIdRangeEnd
|
|
|
|
Unsigned32,
|
|
|
|
aclMacRuleVlanId2
|
|
|
|
Unsigned32,
|
|
|
|
aclMacRuleVlanId2RangeStart
|
|
|
|
Unsigned32,
|
|
|
|
aclMacRuleVlanId2RangeEnd
|
|
|
|
Unsigned32,
|
|
|
|
aclMacRuleStatus
|
|
|
|
RowStatus,
|
|
|
|
aclMacRuleAssignQueueId
|
|
|
|
Unsigned32,
|
|
|
|
aclMacRuleRedirectIntf
|
|
|
|
InterfaceIndexOrZero,
|
|
|
|
aclMacRuleMatchEvery
|
|
|
|
TruthValue
|
|
|
|
}
|
|
|
|
|
|
|
|
aclMacRuleIndex OBJECT-TYPE
|
|
|
|
SYNTAX Integer32
|
|
|
|
MAX-ACCESS not-accessible
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The index of this rule instance within an MAC ACL."
|
|
|
|
::= { aclMacRuleEntry 1 }
|
|
|
|
|
|
|
|
aclMacRuleAction OBJECT-TYPE
|
|
|
|
SYNTAX INTEGER {
|
|
|
|
permit(1),
|
|
|
|
deny(2)
|
|
|
|
}
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The type of action this MAC ACL rule should perform."
|
|
|
|
DEFVAL { deny }
|
|
|
|
::= { aclMacRuleEntry 2 }
|
|
|
|
|
|
|
|
aclMacRuleCos OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32 (0..7)
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Class of Service (COS) used in the MAC ACL Classification.
|
|
|
|
|
|
|
|
This is the three-bit user priority field in the 802.1Q tag
|
|
|
|
header of a tagged Ethernet frame. For frames containing a
|
|
|
|
double VLAN tag, this field is located in the first/outer tag."
|
|
|
|
::= { aclMacRuleEntry 3 }
|
|
|
|
|
|
|
|
aclMacRuleCos2 OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32 (0..7)
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Secondary Class of Service (COS2) used in the MAC ACL Classification.
|
|
|
|
|
|
|
|
This is the three-bit user priority field in the second/inner 802.1Q
|
|
|
|
tag header of a double VLAN tagged Ethernet frame."
|
|
|
|
::= { aclMacRuleEntry 4 }
|
|
|
|
|
|
|
|
aclMacRuleDestMacAddr OBJECT-TYPE
|
|
|
|
SYNTAX MacAddress
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Destination MAC address used in the MAC ACL Classification."
|
|
|
|
::= { aclMacRuleEntry 5 }
|
|
|
|
|
|
|
|
aclMacRuleDestMacMask OBJECT-TYPE
|
|
|
|
SYNTAX MacAddress
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Destination MAC address mask used in the MAC ACL Classification.
|
|
|
|
|
|
|
|
This mask value identifies the portion of the aclMacRuleDestMacAddr
|
|
|
|
that is compared against a packet. A non-contiguous mask value is
|
|
|
|
permitted."
|
|
|
|
::= { aclMacRuleEntry 6 }
|
|
|
|
|
|
|
|
aclMacRuleEtypeKey OBJECT-TYPE
|
|
|
|
SYNTAX INTEGER {
|
|
|
|
custom(1),
|
|
|
|
appletalk(2),
|
|
|
|
arp(3),
|
|
|
|
ibmsna(4),
|
|
|
|
ipv4(5),
|
|
|
|
ipv6(6),
|
|
|
|
ipx(7),
|
|
|
|
mplsmcast(8),
|
|
|
|
mplsucast(9),
|
|
|
|
netbios(10),
|
|
|
|
novell(11),
|
|
|
|
pppoe(12),
|
|
|
|
rarp(13)
|
|
|
|
}
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Ethertype keyword used in the MAC ACL Classification.
|
|
|
|
|
|
|
|
A keyword of custom(1) requires that the aclMacRuleEtypeValue
|
|
|
|
object also be set."
|
|
|
|
::= { aclMacRuleEntry 7 }
|
|
|
|
|
|
|
|
aclMacRuleEtypeValue OBJECT-TYPE
|
|
|
|
SYNTAX EtypeValue
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Ethertype custom value used in the MAC ACL Classification.
|
|
|
|
|
|
|
|
This object is only valid if the aclMacRuleEtypeKey is set to
|
|
|
|
custom(1). The allowed value for this object is 0x0600 to 0xFFFF
|
|
|
|
(1536 to 65535)."
|
|
|
|
::= { aclMacRuleEntry 8 }
|
|
|
|
|
|
|
|
aclMacRuleSrcMacAddr OBJECT-TYPE
|
|
|
|
SYNTAX MacAddress
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Source MAC address used in the MAC ACL Classification."
|
|
|
|
::= { aclMacRuleEntry 9 }
|
|
|
|
|
|
|
|
aclMacRuleSrcMacMask OBJECT-TYPE
|
|
|
|
SYNTAX MacAddress
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Source MAC address mask used in the MAC ACL Classification.
|
|
|
|
|
|
|
|
This mask value identifies the portion of the aclMacRuleSrcMacAddr
|
|
|
|
that is compared against a packet. A non-contiguous mask value is
|
|
|
|
permitted."
|
|
|
|
::= { aclMacRuleEntry 10 }
|
|
|
|
|
|
|
|
aclMacRuleVlanId OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32 (0..4095)
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The VLAN ID value used in the MAC ACL Classification.
|
|
|
|
|
|
|
|
The VLAN ID field is defined as the 12-bit VLAN identifier
|
|
|
|
in the 802.1Q tag header of a tagged Ethernet frame. This is
|
|
|
|
contained in the first/outer tag of a double VLAN tagged frame."
|
|
|
|
::= { aclMacRuleEntry 11 }
|
|
|
|
|
|
|
|
aclMacRuleVlanIdRangeStart OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32 (0..4095)
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The VLAN ID range start value used in the MAC ACL Classification.
|
|
|
|
Setting this value greater than the current aclMacRuleVlanIdRangeEnd
|
|
|
|
changes the VLAN ID range end to the same value as the range start.
|
|
|
|
|
|
|
|
The VLAN ID field is defined as the 12-bit VLAN identifier
|
|
|
|
in the 802.1Q tag header of a tagged Ethernet frame. This is
|
|
|
|
contained in the first/outer tag of a double VLAN tagged frame."
|
|
|
|
::= { aclMacRuleEntry 12 }
|
|
|
|
|
|
|
|
aclMacRuleVlanIdRangeEnd OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32 (0..4095)
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The VLAN ID range end value used in the MAC ACL Classification.
|
|
|
|
Setting this value less than the current aclMacRuleVlanIdRangeStart
|
|
|
|
changes the VLAN ID range start to the same value as the range end.
|
|
|
|
|
|
|
|
The VLAN ID field is defined as the 12-bit VLAN identifier
|
|
|
|
in the 802.1Q tag header of a tagged Ethernet frame. This is
|
|
|
|
contained in the first/outer tag of a double VLAN tagged frame."
|
|
|
|
::= { aclMacRuleEntry 13 }
|
|
|
|
|
|
|
|
aclMacRuleVlanId2 OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32 (0..4095)
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Secondary VLAN ID value used in the MAC ACL Classification.
|
|
|
|
|
|
|
|
The Secondary VLAN ID field is defined as the 12-bit VLAN identifier
|
|
|
|
in the second/inner 802.1Q tag header of a double VLAN tagged Ethernet
|
|
|
|
frame."
|
|
|
|
::= { aclMacRuleEntry 14 }
|
|
|
|
|
|
|
|
aclMacRuleVlanId2RangeStart OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32 (0..4095)
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Secondary VLAN ID range start value used in the MAC ACL Classification.
|
|
|
|
Setting this value greater than the current aclMacRuleVlanId2RangeEnd
|
|
|
|
changes the Secondary VLAN ID range end to the same value as the range start.
|
|
|
|
|
|
|
|
The Secondary VLAN ID field is defined as the 12-bit VLAN identifier
|
|
|
|
in the second/inner 802.1Q tag header of a double VLAN tagged Ethernet
|
|
|
|
frame."
|
|
|
|
::= { aclMacRuleEntry 15 }
|
|
|
|
|
|
|
|
aclMacRuleVlanId2RangeEnd OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32 (0..4095)
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"The Secondary VLAN ID range end value used in the MAC ACL Classification.
|
|
|
|
Setting this value less than the current aclMacRuleVlanId2RangeStart
|
|
|
|
changes the Secondary VLAN ID range start to the same value as the range end.
|
|
|
|
|
|
|
|
The Secondary VLAN ID field is defined as the 12-bit VLAN identifier
|
|
|
|
in the second/inner 802.1Q tag header of a double VLAN tagged Ethernet
|
|
|
|
frame."
|
|
|
|
::= { aclMacRuleEntry 16 }
|
|
|
|
|
|
|
|
aclMacRuleStatus OBJECT-TYPE
|
|
|
|
SYNTAX RowStatus
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Status of this instance.
|
|
|
|
|
|
|
|
active(1) - this ACL Rule is active
|
|
|
|
createAndGo(4) - set to this value to create an instance
|
|
|
|
destroy(6) - set to this value to delete an instance"
|
|
|
|
::= { aclMacRuleEntry 17 }
|
|
|
|
|
|
|
|
aclMacRuleAssignQueueId OBJECT-TYPE
|
|
|
|
SYNTAX Unsigned32
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Queue identifier to which all inbound packets matching this
|
|
|
|
MAC ACL rule are directed. This object defaults to the standard
|
|
|
|
queue assignment for user priority 0 traffic per the IEEE 802.1D
|
|
|
|
specification based on the number of assignable queues in the
|
|
|
|
system:
|
|
|
|
1-3 queues: 0
|
|
|
|
4-7 queues: 1
|
|
|
|
8 queues: 2
|
|
|
|
This default assignment is static and is not influenced by
|
|
|
|
other system configuration changes."
|
|
|
|
::= { aclMacRuleEntry 18 }
|
|
|
|
|
|
|
|
aclMacRuleRedirectIntf OBJECT-TYPE
|
|
|
|
SYNTAX InterfaceIndexOrZero
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"A non-zero value indicates the external ifIndex to which all
|
|
|
|
inbound packets matching this MAC ACL rule are directed. A
|
|
|
|
value of zero means packet redirection is not in effect, which
|
|
|
|
is the default value of this object."
|
|
|
|
DEFVAL { 0 }
|
|
|
|
::= { aclMacRuleEntry 19 }
|
|
|
|
|
|
|
|
aclMacRuleMatchEvery OBJECT-TYPE
|
|
|
|
SYNTAX TruthValue
|
|
|
|
MAX-ACCESS read-create
|
|
|
|
STATUS current
|
|
|
|
DESCRIPTION
|
|
|
|
"Flag to indicate that the MAC acl rule is defined to match all packets,
|
|
|
|
regardless of Ethertype."
|
|
|
|
::= { aclMacRuleEntry 20 }
|
|
|
|
|
|
|
|
END
|