1-- COPYRIGHT NOTICE 2-- Copyright (c) Hewlett Packard Company, 2005 3-- All rights reserved 4-- 5-- 6 7BLADETYPE2-ACL-MIB DEFINITIONS ::= BEGIN 8 9IMPORTS 10 MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, IpAddress 11 FROM SNMPv2-SMI 12 MacAddress 13 FROM SNMPv2-TC 14 hpSwitchBladeType2-Mgmt 15 FROM HP-SWITCH-PL-MIB 16 ; 17 18acl MODULE-IDENTITY 19 LAST-UPDATED "200510120000Z" -- 12 October 2005 20 ORGANIZATION "Hewlett Packard Company" 21 CONTACT-INFO "customerservice@hp.com" 22 DESCRIPTION 23 "The MIB module for the Access Control List configuration 24 and statistics." 25 ::= { hpSwitchBladeType2-Mgmt 9 } 26 27-- MIB_INSERT_START 28-- ---------------------------------------------------------------------------- 29-- { INSERT: bt2acl 30-- ---------------------------------------------------------------------------- 31 32acConfig OBJECT IDENTIFIER ::= { acl 1 } 33 34acList OBJECT IDENTIFIER ::= { acConfig 1 } 35aclBlock OBJECT IDENTIFIER ::= { acConfig 2 } 36aclGroup OBJECT IDENTIFIER ::= { acConfig 3 } 37 38-- ---------------------------------------------------------- -- 39-- Access Control List (ACL) Configuration 40-- ---------------------------------------------------------- -- 41 42aclCurCfgTable OBJECT-TYPE 43 SYNTAX SEQUENCE OF AclCurCfgEntry 44 MAX-ACCESS not-accessible 45 STATUS current 46 DESCRIPTION 47 "The table of current ACL configuration." 48 ::= { acList 1 } 49 50aclCurCfgEntry OBJECT-TYPE 51 SYNTAX AclCurCfgEntry 52 MAX-ACCESS not-accessible 53 STATUS current 54 DESCRIPTION 55 "Current information about a particular ACL configuration entry." 56 INDEX { aclCurCfgIndex } 57 ::= { aclCurCfgTable 1 } 58 59AclCurCfgEntry ::= SEQUENCE { 60 aclCurCfgIndex Unsigned32, 61 aclCurCfgBlock Unsigned32, 62 aclCurCfgGroup Unsigned32, 63 aclCurCfgFilterAction INTEGER, 64 aclCurCfgFilterActionSetCOS INTEGER, 65 aclCurCfgEthFmt INTEGER, 66 aclCurCfgTagFmt INTEGER, 67 aclCurCfgSrcMACAddress MacAddress, 68 aclCurCfgSrcMACMask MacAddress, 69 aclCurCfgDstMACAddress MacAddress, 70 aclCurCfgDstMACMask MacAddress, 71 aclCurCfgEthernetTypeName INTEGER, 72 aclCurCfgEthernetTypeValue INTEGER, 73 aclCurCfgVLanId INTEGER, 74 aclCurCfgVLanMask INTEGER, 75 aclCurCfg8021pPriority INTEGER, 76 aclCurCfgTypeOfService INTEGER, 77 aclCurCfgProtocol INTEGER, 78 aclCurCfgSrcIPAddress IpAddress, 79 aclCurCfgSrcIPMask IpAddress, 80 aclCurCfgDstIPAddress IpAddress, 81 aclCurCfgDstIPMask IpAddress, 82 aclCurCfgSrcPort INTEGER, 83 aclCurCfgSrcPortMask INTEGER, 84 aclCurCfgDstPort INTEGER, 85 aclCurCfgDstPortMask INTEGER, 86 aclCurCfgTCPFlags BITS, 87 aclCurCfgTCPFlagsMask BITS, 88 aclCurCfgEgressPorts OCTET STRING, 89 aclCurCfgStatistics INTEGER 90 } 91 92aclCurCfgIndex OBJECT-TYPE 93 SYNTAX Unsigned32 94 MAX-ACCESS not-accessible 95 STATUS current 96 DESCRIPTION 97 "The index associated with this ACL entry." 98 ::= { aclCurCfgEntry 1 } 99 100aclCurCfgBlock OBJECT-TYPE 101 SYNTAX Unsigned32 102 MAX-ACCESS read-only 103 STATUS current 104 DESCRIPTION 105 "The index of the ACL block to which this ACL entry is a member of. 106 A value of zero means the ACL is not a member of any block." 107 ::= { aclCurCfgEntry 2 } 108 109aclCurCfgGroup OBJECT-TYPE 110 SYNTAX Unsigned32 111 MAX-ACCESS read-only 112 STATUS current 113 DESCRIPTION 114 "The index of the ACL group to which this ACL entry is a member of. 115 A value of zero means the ACL is not a member of any group." 116 ::= { aclCurCfgEntry 3 } 117 118aclCurCfgFilterAction OBJECT-TYPE 119 SYNTAX INTEGER { 120 none(0), 121 permit(1), 122 deny(2), 123 setcos(3) 124 } 125 MAX-ACCESS read-only 126 STATUS current 127 DESCRIPTION 128 "The action to be performed on a packet that matches the filter 129 settings of this ACL entry." 130 ::= { aclCurCfgEntry 4 } 131 132aclCurCfgFilterActionSetCOS OBJECT-TYPE 133 SYNTAX INTEGER { 134 none(0), 135 cos0(1), 136 cos1(2), 137 cos2(3), 138 cos3(4), 139 cos4(5), 140 cos5(6), 141 cos6(7), 142 cos7(8) 143 } 144 MAX-ACCESS read-only 145 STATUS current 146 DESCRIPTION 147 "The value to be used when the action to be performed is setCOS 148 for this ACL entry." 149 ::= { aclCurCfgEntry 5 } 150 151aclCurCfgEthFmt OBJECT-TYPE 152 SYNTAX INTEGER { 153 none(0), 154 ethernet2(1), 155 snap(2), 156 llc(3), 157 ieee802dot3(4) 158 } 159 MAX-ACCESS read-only 160 STATUS current 161 DESCRIPTION 162 "The packet ethernet format to be filtered." 163 ::= { aclCurCfgEntry 6 } 164 165aclCurCfgTagFmt OBJECT-TYPE 166 SYNTAX INTEGER { 167 untagged(1), 168 tagged(2) 169 } 170 MAX-ACCESS read-only 171 STATUS current 172 DESCRIPTION 173 "The packet tag format to be filtered." 174 ::= { aclCurCfgEntry 7 } 175 176aclCurCfgSrcMACAddress OBJECT-TYPE 177 SYNTAX MacAddress 178 MAX-ACCESS read-only 179 STATUS current 180 DESCRIPTION 181 "The source MAC address to be filtered." 182 ::= { aclCurCfgEntry 9 } 183 184aclCurCfgSrcMACMask OBJECT-TYPE 185 SYNTAX MacAddress 186 MAX-ACCESS read-only 187 STATUS current 188 DESCRIPTION 189 "The address mask applied to aclCurCfgSrcMACAddress for filtering." 190 ::= { aclCurCfgEntry 10 } 191 192aclCurCfgDstMACAddress OBJECT-TYPE 193 SYNTAX MacAddress 194 MAX-ACCESS read-only 195 STATUS current 196 DESCRIPTION 197 "The destination MAC address to be filtered." 198 ::= { aclCurCfgEntry 11 } 199 200aclCurCfgDstMACMask OBJECT-TYPE 201 SYNTAX MacAddress 202 MAX-ACCESS read-only 203 STATUS current 204 DESCRIPTION 205 "The address mask applied to aclCurCfgDstMACAddress for filtering." 206 ::= { aclCurCfgEntry 12 } 207 208aclCurCfgEthernetTypeName OBJECT-TYPE 209 SYNTAX INTEGER { 210 none(0), 211 arp(1), 212 ipv4(2), 213 ipv6(3), 214 mpls(4), 215 rarp(5), 216 any(6), 217 other(7) 218 } 219 MAX-ACCESS read-only 220 STATUS current 221 DESCRIPTION 222 "The Ethernet type to be filtered. If the value of this 223 object is other(7), the value of aclNewCfgEthernetTypeValue 224 indicates the ethernet type that will be filtered." 225 ::= { aclCurCfgEntry 13 } 226 227aclCurCfgEthernetTypeValue OBJECT-TYPE 228 SYNTAX INTEGER (0..65535) 229 MAX-ACCESS read-only 230 STATUS current 231 DESCRIPTION 232 "The Ethernet type value to be filtered. The value of this 233 object is equivalent to the value of aclNewCfgEthernetTypeName 234 except when the value of aclNewCfgEthernetTypeName is other(7), 235 which can be any user-defined value for this object." 236 ::= { aclCurCfgEntry 14 } 237 238aclCurCfgVLanId OBJECT-TYPE 239 SYNTAX INTEGER (0..4095) 240 MAX-ACCESS read-only 241 STATUS current 242 DESCRIPTION 243 "The virtual LAN identifier to be filtered." 244 ::= { aclCurCfgEntry 15 } 245 246aclCurCfgVLanMask OBJECT-TYPE 247 SYNTAX INTEGER (0..4095) 248 MAX-ACCESS read-only 249 STATUS current 250 DESCRIPTION 251 "The mask applied to aclCurCfgVLanId for filtering." 252 ::= { aclCurCfgEntry 16 } 253 254aclCurCfg8021pPriority OBJECT-TYPE 255 SYNTAX INTEGER { 256 none(0), 257 priority0(1), 258 priority1(2), 259 priority2(3), 260 priority3(4), 261 priority4(5), 262 priority5(6), 263 priority6(7), 264 priority7(8) 265 } 266 MAX-ACCESS read-only 267 STATUS current 268 DESCRIPTION 269 "The 802.1p priority to be filtered." 270 ::= { aclCurCfgEntry 17 } 271 272aclCurCfgTypeOfService OBJECT-TYPE 273 SYNTAX INTEGER (0..255) 274 MAX-ACCESS read-only 275 STATUS current 276 DESCRIPTION 277 "The type of service to be filtered." 278 ::= { aclCurCfgEntry 18 } 279 280aclCurCfgProtocol OBJECT-TYPE 281 SYNTAX INTEGER (0..255) 282 MAX-ACCESS read-only 283 STATUS current 284 DESCRIPTION 285 "The protocol to be filtered." 286 ::= { aclCurCfgEntry 19 } 287 288aclCurCfgSrcIPAddress OBJECT-TYPE 289 SYNTAX IpAddress 290 MAX-ACCESS read-only 291 STATUS current 292 DESCRIPTION 293 "The source IP address to be filtered." 294 ::= { aclCurCfgEntry 20 } 295 296aclCurCfgSrcIPMask OBJECT-TYPE 297 SYNTAX IpAddress 298 MAX-ACCESS read-only 299 STATUS current 300 DESCRIPTION 301 "The address mask applied to aclCurCfgSrcIPAddress for filtering." 302 ::= { aclCurCfgEntry 21 } 303 304aclCurCfgDstIPAddress OBJECT-TYPE 305 SYNTAX IpAddress 306 MAX-ACCESS read-only 307 STATUS current 308 DESCRIPTION 309 "The destination IP address to be filtered." 310 ::= { aclCurCfgEntry 22 } 311 312aclCurCfgDstIPMask OBJECT-TYPE 313 SYNTAX IpAddress 314 MAX-ACCESS read-only 315 STATUS current 316 DESCRIPTION 317 "The address mask applied to aclCurCfgDstIPAddress for filtering." 318 ::= { aclCurCfgEntry 23 } 319 320aclCurCfgSrcPort OBJECT-TYPE 321 SYNTAX INTEGER (0..65535) 322 MAX-ACCESS read-only 323 STATUS current 324 DESCRIPTION 325 "The source TCP/UDP port number to be filtered." 326 ::= { aclCurCfgEntry 24 } 327 328aclCurCfgSrcPortMask OBJECT-TYPE 329 SYNTAX INTEGER (0..65535) 330 MAX-ACCESS read-only 331 STATUS current 332 DESCRIPTION 333 "The mask applied to aclCurCfgSrcPort for filtering." 334 ::= { aclCurCfgEntry 25 } 335 336aclCurCfgDstPort OBJECT-TYPE 337 SYNTAX INTEGER (0..65535) 338 MAX-ACCESS read-only 339 STATUS current 340 DESCRIPTION 341 "The destination TCP/UDP port number to be filtered." 342 ::= { aclCurCfgEntry 26 } 343 344aclCurCfgDstPortMask OBJECT-TYPE 345 SYNTAX INTEGER (0..65535) 346 MAX-ACCESS read-only 347 STATUS current 348 DESCRIPTION 349 "The mask applied to aclCurCfgDstPort for filtering." 350 ::= { aclCurCfgEntry 27 } 351 352aclCurCfgTCPFlags OBJECT-TYPE 353 SYNTAX BITS { 354 reserved1(0), 355 reserved2(1), 356 tcpURG(2), 357 tcpACK(3), 358 tcpPSH(4), 359 tcpRST(5), 360 tcpSYN(6), 361 tcpFIN(7) 362 } 363 MAX-ACCESS read-only 364 STATUS current 365 DESCRIPTION 366 "The TCP flags to be filtered. 367 OCTET 368 xxxxxxxx 369 ||||..|| 370 ||||..||_tcpFIN(7) 371 ||||..|__tcpSYN(6) 372 |||| 373 ||||_____tcpACK(3) 374 |||______tcpURG(2) 375 ||_______reserved2(1) 376 |________reserved1(0) 377 378 where: 379 - reserved1 - 0; 380 - reserved2 - 0; 381 - x - 0 or 1; 382 " 383 ::= { aclCurCfgEntry 28 } 384 385aclCurCfgTCPFlagsMask OBJECT-TYPE 386 SYNTAX BITS { 387 reserved1(0), 388 reserved2(1), 389 tcpURG(2), 390 tcpACK(3), 391 tcpPSH(4), 392 tcpRST(5), 393 tcpSYN(6), 394 tcpFIN(7) 395 } 396 MAX-ACCESS read-only 397 STATUS current 398 DESCRIPTION 399 "The TCP flags mask. 400 OCTET 401 xxxxxxxx 402 ||||..|| 403 ||||..||_tcpFIN(7) 404 ||||..|__tcpSYN(6) 405 |||| 406 ||||_____tcpACK(3) 407 |||______tcpURG(2) 408 ||_______reserved2(1) 409 |________reserved1(0) 410 411 where: 412 - reserved1 - 0; 413 - reserved2 - 0; 414 - x - 0 or 1; 415 " 416 ::= { aclCurCfgEntry 39 } 417 418aclCurCfgEgressPorts OBJECT-TYPE 419 SYNTAX OCTET STRING 420 MAX-ACCESS read-only 421 STATUS current 422 DESCRIPTION 423 "The port list in the ACL configured for egress filtering. 424 The ports are presented in bitmap format, as follows: 425 426 OCTET 1 OCTET 2 ..... 427 xxxxxxxx xxxxxxxx ..... 428 || || | 429 || || |_ port 9 430 || || 431 || ||___ port 8 432 || |____ port 7 433 || . . . 434 ||_________ port 2 435 |__________ port 1 436 437 where x: 438 1 - the represented port is configured for filtering. 439 0 - the represented port is not configured for filtering." 440 ::= { aclCurCfgEntry 29 } 441 442aclCurCfgStatistics OBJECT-TYPE 443 SYNTAX INTEGER { 444 disable(0), 445 enable(1) 446 } 447 MAX-ACCESS read-only 448 STATUS current 449 DESCRIPTION 450 "Whether statistics collection for this ACL is enabled or not." 451 ::= { aclCurCfgEntry 30 } 452 453 454-- 455-- New ACL Configuration Table 456-- 457 458aclNewCfgTable OBJECT-TYPE 459 SYNTAX SEQUENCE OF AclNewCfgEntry 460 MAX-ACCESS not-accessible 461 STATUS current 462 DESCRIPTION 463 "The table of new ACL configuration." 464 ::= { acList 2 } 465 466aclNewCfgEntry OBJECT-TYPE 467 SYNTAX AclNewCfgEntry 468 MAX-ACCESS not-accessible 469 STATUS current 470 DESCRIPTION 471 "New information about a particular ACL configuration." 472 INDEX { aclNewCfgIndex } 473 ::= { aclNewCfgTable 1 } 474 475AclNewCfgEntry ::= SEQUENCE { 476 aclNewCfgIndex Unsigned32, 477 aclNewCfgBlock Unsigned32, 478 aclNewCfgGroup Unsigned32, 479 aclNewCfgFilterAction INTEGER, 480 aclNewCfgFilterActionSetCOS INTEGER, 481 aclNewCfgEthFmt INTEGER, 482 aclNewCfgTagFmt INTEGER, 483 aclNewCfgSrcMACAddress MacAddress, 484 aclNewCfgSrcMACMask MacAddress, 485 aclNewCfgDstMACAddress MacAddress, 486 aclNewCfgDstMACMask MacAddress, 487 aclNewCfgEthernetTypeName INTEGER, 488 aclNewCfgEthernetTypeValue INTEGER, 489 aclNewCfgVLanId INTEGER, 490 aclNewCfgVLanMask INTEGER, 491 aclNewCfg8021pPriority INTEGER, 492 aclNewCfgTypeOfService INTEGER, 493 aclNewCfgProtocol INTEGER, 494 aclNewCfgSrcIPAddress IpAddress, 495 aclNewCfgSrcIPMask IpAddress, 496 aclNewCfgDstIPAddress IpAddress, 497 aclNewCfgDstIPMask IpAddress, 498 aclNewCfgSrcPort INTEGER, 499 aclNewCfgSrcPortMask INTEGER, 500 aclNewCfgDstPort INTEGER, 501 aclNewCfgDstPortMask INTEGER, 502 aclNewCfgTCPFlags BITS, 503 aclNewCfgTCPFlagsMask BITS, 504 aclNewCfgEgressPorts OCTET STRING, 505 aclNewCfgStatistics INTEGER, 506 aclNewCfgAddEgressPort Unsigned32, 507 aclNewCfgRemoveEgressPort Unsigned32, 508 aclNewCfgDelete INTEGER 509 } 510 511aclNewCfgIndex OBJECT-TYPE 512 SYNTAX Unsigned32 513 MAX-ACCESS not-accessible 514 STATUS current 515 DESCRIPTION 516 "The index associated with this ACL entry." 517 ::= { aclNewCfgEntry 1 } 518 519aclNewCfgBlock OBJECT-TYPE 520 SYNTAX Unsigned32 521 MAX-ACCESS read-only 522 STATUS current 523 DESCRIPTION 524 "The index of the ACL block to which this ACL entry is a member of. 525 A value of zero means the ACL is not a member of any block." 526 ::= { aclNewCfgEntry 2 } 527 528aclNewCfgGroup OBJECT-TYPE 529 SYNTAX Unsigned32 530 MAX-ACCESS read-only 531 STATUS current 532 DESCRIPTION 533 "The index of the ACL group to which this ACL entry is a member of. 534 A value of zero means the ACL is not a member of any group." 535 ::= { aclNewCfgEntry 3 } 536 537aclNewCfgFilterAction OBJECT-TYPE 538 SYNTAX INTEGER { 539 none(0), 540 permit(1), 541 deny(2), 542 setcos(3) 543 } 544 MAX-ACCESS read-write 545 STATUS current 546 DESCRIPTION 547 "The action to be performed on a packet that matches the filter 548 settings of this ACL entry." 549 ::= { aclNewCfgEntry 4 } 550 551aclNewCfgFilterActionSetCOS OBJECT-TYPE 552 SYNTAX INTEGER { 553 none(0), 554 cos0(1), 555 cos1(2), 556 cos2(3), 557 cos3(4), 558 cos4(5), 559 cos5(6), 560 cos6(7), 561 cos7(8) 562 } 563 MAX-ACCESS read-write 564 STATUS current 565 DESCRIPTION 566 "The COS queue to be used when the action for this ACL entry is 567 set to SetCOS." 568 ::= { aclNewCfgEntry 5 } 569 570aclNewCfgEthFmt OBJECT-TYPE 571 SYNTAX INTEGER { 572 none(0), 573 ethernet2(1), 574 snap(2), 575 llc(3), 576 ieee802dot3(4) 577 } 578 MAX-ACCESS read-write 579 STATUS current 580 DESCRIPTION 581 "The packet ethernet format to be filtered." 582 ::= { aclNewCfgEntry 6 } 583 584aclNewCfgTagFmt OBJECT-TYPE 585 SYNTAX INTEGER { 586 none(1), 587 tagged(2) 588 } 589 MAX-ACCESS read-write 590 STATUS current 591 DESCRIPTION 592 "The packet tagging format to be filtered." 593 ::= { aclNewCfgEntry 7 } 594 595aclNewCfgSrcMACAddress OBJECT-TYPE 596 SYNTAX MacAddress 597 MAX-ACCESS read-write 598 STATUS current 599 DESCRIPTION 600 "The source MAC address to be filtered. Whenever this object is 601 set to a nonzero value, the aclNewCfgSrcMACMask object, if not 602 yet set, will be automatically set to ff:ff:ff:ff:ff." 603 ::= { aclNewCfgEntry 9 } 604 605aclNewCfgSrcMACMask OBJECT-TYPE 606 SYNTAX MacAddress 607 MAX-ACCESS read-write 608 STATUS current 609 DESCRIPTION 610 "The address mask to be applied to aclNewCfgSrcMACAddress 611 for filtering." 612 ::= { aclNewCfgEntry 10 } 613 614aclNewCfgDstMACAddress OBJECT-TYPE 615 SYNTAX MacAddress 616 MAX-ACCESS read-write 617 STATUS current 618 DESCRIPTION 619 "The destination MAC address to be filtered. Whenever this object 620 is set to a nonzero value, the aclNewCfgDstMACMask object, if not 621 yet set, will be automatically set to ff:ff:ff:ff:ff." 622 ::= { aclNewCfgEntry 11 } 623 624aclNewCfgDstMACMask OBJECT-TYPE 625 SYNTAX MacAddress 626 MAX-ACCESS read-write 627 STATUS current 628 DESCRIPTION 629 "The address mask to be applied to aclNewCfgDstMACAddress 630 for filtering." 631 ::= { aclNewCfgEntry 12 } 632 633aclNewCfgEthernetTypeName OBJECT-TYPE 634 SYNTAX INTEGER { 635 none(0), 636 arp(1), 637 ipv4(2), 638 ipv6(3), 639 mpls(4), 640 rarp(5), 641 any(6), 642 other(7) 643 } 644 MAX-ACCESS read-write 645 STATUS current 646 DESCRIPTION 647 "The Ethernet type to be filtered. If the value of this 648 object is other(7), the value of aclNewCfgEthernetTypeValue 649 indicates the ethernet type that will be filtered. If this 650 object is set to a value other than other(7), the value of 651 the aclNewCfgEthernetTypeValue object is automatically set, 652 as follows: 653 654 aclNewCfgEthernetTypeName aclNewCfgEthernetTypeValue 655 none(0) 0 656 arp(1) 2054 (0x0806) 657 ipv4(2) 2048 (0x0800) 658 ipv6(3) 34525 (0x86dd) 659 mpls(4) 34887 (0x8847) 660 rarp(5) 32821 (0x8035) 661 any(6) 65535 (0xffff) 662 " 663 ::= { aclNewCfgEntry 13 } 664 665aclNewCfgEthernetTypeValue OBJECT-TYPE 666 SYNTAX INTEGER (0..65535) 667 MAX-ACCESS read-write 668 STATUS current 669 DESCRIPTION 670 "The Ethernet type value to be filtered. The value of this 671 object is equivalent to the value of aclNewCfgEthernetTypeName 672 except when the value of aclNewCfgEthernetTypeName is other(7), 673 which can be any user-defined value for this object." 674 ::= { aclNewCfgEntry 14 } 675 676aclNewCfgVLanId OBJECT-TYPE 677 SYNTAX INTEGER (1..4095) 678 MAX-ACCESS read-write 679 STATUS current 680 DESCRIPTION 681 "The virtual LAN identifier to be filtered. Whenever this object 682 is set to a nonzero value, the aclNewCfgVLanMask object, if not 683 yet set, will be automatically set to 4095 (0xfff)." 684 ::= { aclNewCfgEntry 15 } 685 686aclNewCfgVLanMask OBJECT-TYPE 687 SYNTAX INTEGER (0..4095) 688 MAX-ACCESS read-write 689 STATUS current 690 DESCRIPTION 691 "The mask to be applied to aclNewCfgVLanId for filtering." 692 ::= { aclNewCfgEntry 16 } 693 694aclNewCfg8021pPriority OBJECT-TYPE 695 SYNTAX INTEGER { 696 none(0), 697 priority0(1), 698 priority1(2), 699 priority2(3), 700 priority3(4), 701 priority4(5), 702 priority5(6), 703 priority6(7), 704 priority7(8) 705 } 706 MAX-ACCESS read-write 707 STATUS current 708 DESCRIPTION 709 "The 802.1p priority to be filtered." 710 ::= { aclNewCfgEntry 17 } 711 712aclNewCfgTypeOfService OBJECT-TYPE 713 SYNTAX INTEGER (0..255) 714 MAX-ACCESS read-write 715 STATUS current 716 DESCRIPTION 717 "The type of service to be filtered." 718 ::= { aclNewCfgEntry 18 } 719 720aclNewCfgProtocol OBJECT-TYPE 721 SYNTAX INTEGER (0..255) 722 MAX-ACCESS read-write 723 STATUS current 724 DESCRIPTION 725 "The protocol to be filtered." 726 ::= { aclNewCfgEntry 19 } 727 728aclNewCfgSrcIPAddress OBJECT-TYPE 729 SYNTAX IpAddress 730 MAX-ACCESS read-write 731 STATUS current 732 DESCRIPTION 733 "The source IP address to be filtered. Whenever this object is set 734 to a nonzero value, the aclNewCfgSrcIPMask object, if not yet set, 735 will be automatically set to 255.255.255.255." 736 ::= { aclNewCfgEntry 20 } 737 738aclNewCfgSrcIPMask OBJECT-TYPE 739 SYNTAX IpAddress 740 MAX-ACCESS read-write 741 STATUS current 742 DESCRIPTION 743 "The address mask to be applied to aclNewCfgSrcIPAddress 744 for filtering." 745 ::= { aclNewCfgEntry 21 } 746 747aclNewCfgDstIPAddress OBJECT-TYPE 748 SYNTAX IpAddress 749 MAX-ACCESS read-write 750 STATUS current 751 DESCRIPTION 752 "The destination IP address to be filtered. Whenever this object is set 753 to a nonzero value, the aclNewCfgDstIPMask object, if not yet set, 754 will be automatically set to 255.255.255.255." 755 ::= { aclNewCfgEntry 22 } 756 757aclNewCfgDstIPMask OBJECT-TYPE 758 SYNTAX IpAddress 759 MAX-ACCESS read-write 760 STATUS current 761 DESCRIPTION 762 "The address mask to be applied to aclNewCfgDstIPAddress for filtering." 763 ::= { aclNewCfgEntry 23 } 764 765aclNewCfgSrcPort OBJECT-TYPE 766 SYNTAX INTEGER (1..65535) 767 MAX-ACCESS read-write 768 STATUS current 769 DESCRIPTION 770 "The source TCP/UDP port number to be filtered. Whenever this 771 object is set if the aclNewCfgSrcPortMask object is not set 772 will be automatically set to 65535 (0xffff)." 773 ::= { aclNewCfgEntry 24 } 774 775aclNewCfgSrcPortMask OBJECT-TYPE 776 SYNTAX INTEGER (0..65535) 777 MAX-ACCESS read-write 778 STATUS current 779 DESCRIPTION 780 "The mask to be applied to aclNewCfgSrcPort for filtering." 781 ::= { aclNewCfgEntry 25 } 782 783aclNewCfgDstPort OBJECT-TYPE 784 SYNTAX INTEGER (1..65535) 785 MAX-ACCESS read-write 786 STATUS current 787 DESCRIPTION 788 "The destination TCP/UDP port number to be filtered. Whenever this 789 object is set the aclNewCfgSrcPortMask object, if not yet set, will 790 be automatically set to 65535 (0xffff)." 791 ::= { aclNewCfgEntry 26 } 792 793aclNewCfgDstPortMask OBJECT-TYPE 794 SYNTAX INTEGER (0..65535) 795 MAX-ACCESS read-write 796 STATUS current 797 DESCRIPTION 798 "The mask to be applied to aclNewCfgDstPort for filtering." 799 ::= { aclNewCfgEntry 27 } 800 801aclNewCfgTCPFlags OBJECT-TYPE 802 SYNTAX BITS { 803 reserved1(0), 804 reserved2(1), 805 tcpURG(2), 806 tcpACK(3), 807 tcpPSH(4), 808 tcpRST(5), 809 tcpSYN(6), 810 tcpFIN(7) 811 } 812 MAX-ACCESS read-write 813 STATUS current 814 DESCRIPTION 815 "The TCP flags to be filtered. 816 The TCP flags are presented in bitmap format, as follows: 817 OCTET 818 xxxxxxxx 819 ||||..|| 820 ||||..||_tcpFIN(7) 821 ||||..|__tcpSYN(6) 822 |||| 823 ||||_____tcpACK(3) 824 |||______tcpURG(2) 825 ||_______reserved2(1) 826 |________reserved1(0) 827 828 where: 829 - reserved1 - 0; 830 - reserved2 - 0; 831 - x - 0 or 1; 832 " 833 ::= { aclNewCfgEntry 28 } 834 835aclNewCfgTCPFlagsMask OBJECT-TYPE 836 SYNTAX BITS { 837 reserved1(0), 838 reserved2(1), 839 tcpURG(2), 840 tcpACK(3), 841 tcpPSH(4), 842 tcpRST(5), 843 tcpSYN(6), 844 tcpFIN(7) 845 } 846 MAX-ACCESS read-write 847 STATUS current 848 DESCRIPTION 849 "The TCP flags mask. 850 The TCP flags are presented in bitmap format, as follows: 851 OCTET 852 xxxxxxxx 853 ||||..|| 854 ||||..||_tcpFIN(7) 855 ||||..|__tcpSYN(6) 856 |||| 857 ||||_____tcpACK(3) 858 |||______tcpURG(2) 859 ||_______reserved2(1) 860 |________reserved1(0) 861 862 where: 863 - reserved1 - 0; 864 - reserved2 - 0; 865 - x - 0 or 1; 866 Default value is 0x3f." 867 ::= { aclNewCfgEntry 39 } 868 869aclNewCfgEgressPorts OBJECT-TYPE 870 SYNTAX OCTET STRING 871 MAX-ACCESS read-only 872 STATUS current 873 DESCRIPTION 874 "The port list in the ACL configured for egress filtering. 875 The ports are presented in bitmap format, as follows: 876 877 OCTET 1 OCTET 2 ..... 878 xxxxxxxx xxxxxxxx ..... 879 || || | 880 || || |_ port 9 881 || || 882 || ||___ port 8 883 || |____ port 7 884 || . . . 885 ||_________ port 2 886 |__________ port 1 887 888 where x: 889 1 - the represented port is configured for filtering. 890 0 - the represented port is not configured for filtering." 891 ::= { aclNewCfgEntry 29 } 892 893aclNewCfgStatistics OBJECT-TYPE 894 SYNTAX INTEGER { 895 disable(0), 896 enable(1) 897 } 898 MAX-ACCESS read-write 899 STATUS current 900 DESCRIPTION 901 "Whether statistics collection for this ACL is enabled or not." 902 ::= { aclNewCfgEntry 30 } 903 904aclNewCfgAddEgressPort OBJECT-TYPE 905 SYNTAX Unsigned32 906 MAX-ACCESS read-write 907 STATUS current 908 DESCRIPTION 909 "The port to be added to the specified ACL for egress filtering. 910 A value of zero is always returned when this object is read." 911 ::= { aclNewCfgEntry 31 } 912 913aclNewCfgRemoveEgressPort OBJECT-TYPE 914 SYNTAX Unsigned32 915 MAX-ACCESS read-write 916 STATUS current 917 DESCRIPTION 918 "The port to be removed from the specified ACL. A value of zero 919 is always returned when this object is read." 920 ::= { aclNewCfgEntry 32 } 921 922aclNewCfgDelete OBJECT-TYPE 923 SYNTAX INTEGER { 924 other(1), 925 delete(2) 926 } 927 MAX-ACCESS read-write 928 STATUS current 929 DESCRIPTION 930 "This is an action object to delete an ACL entry. A value of 931 other(1) is always returned when this object is read." 932 ::= { aclNewCfgEntry 33 } 933 934 935-- ---------------------------------------------------------- -- 936-- ACL Block Configuration 937-- ---------------------------------------------------------- -- 938 939aclBlockCurCfgTable OBJECT-TYPE 940 SYNTAX SEQUENCE OF AclBlockCurCfgEntry 941 MAX-ACCESS not-accessible 942 STATUS current 943 DESCRIPTION 944 "The table of current ACL block configuration." 945 ::= { aclBlock 1 } 946 947aclBlockCurCfgEntry OBJECT-TYPE 948 SYNTAX AclBlockCurCfgEntry 949 MAX-ACCESS not-accessible 950 STATUS current 951 DESCRIPTION 952 "Current information about a particular ACL block configuration." 953 INDEX { aclBlockCurCfgIndex } 954 ::= { aclBlockCurCfgTable 1 } 955 956AclBlockCurCfgEntry ::= SEQUENCE { 957 aclBlockCurCfgIndex Unsigned32, 958 aclBlockCurCfgMemberAcls OCTET STRING 959 } 960 961aclBlockCurCfgIndex OBJECT-TYPE 962 SYNTAX Unsigned32 963 MAX-ACCESS not-accessible 964 STATUS current 965 DESCRIPTION 966 "The index associated with this ACL block entry." 967 ::= { aclBlockCurCfgEntry 1 } 968 969aclBlockCurCfgMemberAcls OBJECT-TYPE 970 SYNTAX OCTET STRING 971 MAX-ACCESS read-only 972 STATUS current 973 DESCRIPTION 974 "The ACL members of this ACL block, presented in bitmap 975 format, as follows: 976 977 OCTET 1 OCTET 2 ..... 978 xxxxxxxx xxxxxxxx ..... 979 || || | 980 || || |_ ACL 9 981 || || 982 || ||___ ACL 8 983 || |____ ACL 7 984 || . . . 985 ||_________ ACL 2 986 |__________ ACL 1 987 988 where x: 989 1 - the represented ACL is a member of the block. 990 0 - the represented ACL is not a member of the block." 991 ::= { aclBlockCurCfgEntry 2 } 992 993aclBlockNewCfgTable OBJECT-TYPE 994 SYNTAX SEQUENCE OF AclBlockNewCfgEntry 995 MAX-ACCESS not-accessible 996 STATUS current 997 DESCRIPTION 998 "The table of new ACL block configuration." 999 ::= { aclBlock 2 } 1000 1001aclBlockNewCfgEntry OBJECT-TYPE 1002 SYNTAX AclBlockNewCfgEntry 1003 MAX-ACCESS not-accessible 1004 STATUS current 1005 DESCRIPTION 1006 "New information about a particular ACL block configuration." 1007 INDEX { aclBlockNewCfgIndex } 1008 ::= { aclBlockNewCfgTable 1 } 1009 1010AclBlockNewCfgEntry ::= SEQUENCE { 1011 aclBlockNewCfgIndex Unsigned32, 1012 aclBlockNewCfgMemberAcls OCTET STRING, 1013 aclBlockNewCfgAddAcl Unsigned32, 1014 aclBlockNewCfgRemoveAcl Unsigned32, 1015 aclBlockNewCfgDelete INTEGER 1016 } 1017 1018aclBlockNewCfgIndex OBJECT-TYPE 1019 SYNTAX Unsigned32 1020 MAX-ACCESS not-accessible 1021 STATUS current 1022 DESCRIPTION 1023 "The index associated with this ACL block entry." 1024 ::= { aclBlockNewCfgEntry 1 } 1025 1026aclBlockNewCfgMemberAcls OBJECT-TYPE 1027 SYNTAX OCTET STRING 1028 MAX-ACCESS read-only 1029 STATUS current 1030 DESCRIPTION 1031 "The ACL members of this ACL block, presented in bitmap 1032 format, as follows: 1033 1034 OCTET 1 OCTET 2 ..... 1035 xxxxxxxx xxxxxxxx ..... 1036 || || | 1037 || || |_ ACL 9 1038 || || 1039 || ||___ ACL 8 1040 || |____ ACL 7 1041 || . . . 1042 ||_________ ACL 2 1043 |__________ ACL 1 1044 1045 where x: 1046 1 - the represented ACL is a member of the block. 1047 0 - the represented ACL is not a member of the block." 1048 ::= { aclBlockNewCfgEntry 2 } 1049 1050aclBlockNewCfgAddAcl OBJECT-TYPE 1051 SYNTAX Unsigned32 1052 MAX-ACCESS read-write 1053 STATUS current 1054 DESCRIPTION 1055 "The index of the ACL entry to be added into this ACL block. 1056 A successful set operation on this object will also set the bit 1057 corresponding to the ACL entry in the aclBlockNewCfgMemberAcls 1058 bitmap. A value of zero is always returned when this object 1059 is read." 1060 ::= { aclBlockNewCfgEntry 3 } 1061 1062aclBlockNewCfgRemoveAcl OBJECT-TYPE 1063 SYNTAX Unsigned32 1064 MAX-ACCESS read-write 1065 STATUS current 1066 DESCRIPTION 1067 "The index of the ACL entry to be removed from this ACL block. 1068 A successful set operation on this object will unset the bit 1069 corresponding to the ACL entry in the aclBlockNewCfgMemberAcls 1070 bitmap. A value of zero is always returned when this object 1071 is read." 1072 ::= { aclBlockNewCfgEntry 4 } 1073 1074aclBlockNewCfgDelete OBJECT-TYPE 1075 SYNTAX INTEGER { 1076 other(1), 1077 delete(2) 1078 } 1079 MAX-ACCESS read-write 1080 STATUS current 1081 DESCRIPTION 1082 "This is an action object to delete an ACL block. A value of 1083 other(1) is always returned when this object is read." 1084 ::= { aclBlockNewCfgEntry 5 } 1085 1086 1087-- ---------------------------------------------------------- -- 1088-- ACL Group Configuration 1089-- ---------------------------------------------------------- -- 1090 1091aclGroupCurCfgTable OBJECT-TYPE 1092 SYNTAX SEQUENCE OF AclGroupCurCfgEntry 1093 MAX-ACCESS not-accessible 1094 STATUS current 1095 DESCRIPTION 1096 "The table of current ACL Group configuration." 1097 ::= { aclGroup 1 } 1098 1099aclGroupCurCfgEntry OBJECT-TYPE 1100 SYNTAX AclGroupCurCfgEntry 1101 MAX-ACCESS not-accessible 1102 STATUS current 1103 DESCRIPTION 1104 "Information about a particular ACL configuration." 1105 INDEX { aclGroupCurCfgIndex } 1106 ::= { aclGroupCurCfgTable 1 } 1107 1108AclGroupCurCfgEntry ::= SEQUENCE { 1109 aclGroupCurCfgIndex Unsigned32, 1110 aclGroupCurCfgMemberAcls OCTET STRING, 1111 aclGroupCurCfgMemberBlocks OCTET STRING 1112 } 1113 1114aclGroupCurCfgIndex OBJECT-TYPE 1115 SYNTAX Unsigned32 1116 MAX-ACCESS not-accessible 1117 STATUS current 1118 DESCRIPTION 1119 "The index associated with this ACL Group entry." 1120 ::= { aclGroupCurCfgEntry 1 } 1121 1122aclGroupCurCfgMemberAcls OBJECT-TYPE 1123 SYNTAX OCTET STRING 1124 MAX-ACCESS read-only 1125 STATUS current 1126 DESCRIPTION 1127 "The ACL members of this ACL group, presented in bitmap 1128 format, as follows: 1129 1130 OCTET 1 OCTET 2 ..... 1131 xxxxxxxx xxxxxxxx ..... 1132 || || | 1133 || || |_ ACL 9 1134 || || 1135 || ||___ ACL 8 1136 || |____ ACL 7 1137 || . . . 1138 ||_________ ACL 2 1139 |__________ ACL 1 1140 1141 where x: 1142 1 - the represented ACL is a member of the group. 1143 0 - the represented ACL is not a member of the group." 1144 ::= { aclGroupCurCfgEntry 2 } 1145 1146aclGroupCurCfgMemberBlocks OBJECT-TYPE 1147 SYNTAX OCTET STRING 1148 MAX-ACCESS read-only 1149 STATUS current 1150 DESCRIPTION 1151 "The ACL block members of this ACL group, presented in bitmap 1152 format, as follows: 1153 1154 OCTET 1 OCTET 2 ..... 1155 xxxxxxxx xxxxxxxx ..... 1156 || || | 1157 || || |_ ACL Block 9 1158 || || 1159 || ||___ ACL Block 8 1160 || |____ ACL Block 7 1161 || . . . . 1162 ||_________ ACL Block 2 1163 |__________ ACL Block 1 1164 1165 where x: 1166 1 - the represented ACL block is a member of the group. 1167 0 - the represented ACL block is not a member of the group." 1168 ::= { aclGroupCurCfgEntry 3 } 1169 1170aclGroupNewCfgTable OBJECT-TYPE 1171 SYNTAX SEQUENCE OF AclGroupNewCfgEntry 1172 MAX-ACCESS not-accessible 1173 STATUS current 1174 DESCRIPTION 1175 "The table of new ACL Group configuration." 1176 ::= { aclGroup 2 } 1177 1178aclGroupNewCfgEntry OBJECT-TYPE 1179 SYNTAX AclGroupNewCfgEntry 1180 MAX-ACCESS not-accessible 1181 STATUS current 1182 DESCRIPTION 1183 "New information about a particular ACL configuration." 1184 INDEX { aclGroupNewCfgIndex } 1185 ::= { aclGroupNewCfgTable 1 } 1186 1187AclGroupNewCfgEntry ::= SEQUENCE { 1188 aclGroupNewCfgIndex Unsigned32, 1189 aclGroupNewCfgMemberAcls OCTET STRING, 1190 aclGroupNewCfgMemberBlocks OCTET STRING, 1191 aclGroupNewCfgAddAcl Unsigned32, 1192 aclGroupNewCfgRemoveAcl Unsigned32, 1193 aclGroupNewCfgAddBlock Unsigned32, 1194 aclGroupNewCfgRemoveBlock Unsigned32, 1195 aclGroupNewCfgDelete INTEGER 1196 } 1197 1198aclGroupNewCfgIndex OBJECT-TYPE 1199 SYNTAX Unsigned32 1200 MAX-ACCESS not-accessible 1201 STATUS current 1202 DESCRIPTION 1203 "The index associated with this ACL Group entry." 1204 ::= { aclGroupNewCfgEntry 1 } 1205 1206aclGroupNewCfgMemberAcls OBJECT-TYPE 1207 SYNTAX OCTET STRING 1208 MAX-ACCESS read-only 1209 STATUS current 1210 DESCRIPTION 1211 "The ACL members of this ACL group, presented in bitmap 1212 format, as follows: 1213 1214 OCTET 1 OCTET 2 ..... 1215 xxxxxxxx xxxxxxxx ..... 1216 || || | 1217 || || |_ ACL 9 1218 || || 1219 || ||___ ACL 8 1220 || |____ ACL 7 1221 || . . . 1222 ||_________ ACL 2 1223 |__________ ACL 1 1224 1225 where x: 1226 1 - the represented ACL is a member of the group. 1227 0 - the represented ACL is not a member of the group." 1228 ::= { aclGroupNewCfgEntry 2 } 1229 1230aclGroupNewCfgMemberBlocks OBJECT-TYPE 1231 SYNTAX OCTET STRING 1232 MAX-ACCESS read-only 1233 STATUS current 1234 DESCRIPTION 1235 "The ACL block members of this ACL group, presented in bitmap 1236 format, as follows: 1237 1238 OCTET 1 OCTET 2 ..... 1239 xxxxxxxx xxxxxxxx ..... 1240 || || | 1241 || || |_ ACL Block 9 1242 || || 1243 || ||___ ACL Block 8 1244 || |____ ACL Block 7 1245 || . . . . 1246 ||_________ ACL Block 2 1247 |__________ ACL Block 1 1248 1249 where x: 1250 1 - the represented ACL block is a member of the group. 1251 0 - the represented ACL block is not a member of the group." 1252 ::= { aclGroupNewCfgEntry 3 } 1253 1254aclGroupNewCfgAddAcl OBJECT-TYPE 1255 SYNTAX Unsigned32 1256 MAX-ACCESS read-write 1257 STATUS current 1258 DESCRIPTION 1259 "The index of the ACL entry to be added into this ACL group. 1260 A successful set operation on this object will also set the bit 1261 corresponding to the ACL entry in the aclGroupNewCfgMemberAcls 1262 bitmap. A value of zero is always returned when this object 1263 is read." 1264 ::= { aclGroupNewCfgEntry 4 } 1265 1266aclGroupNewCfgRemoveAcl OBJECT-TYPE 1267 SYNTAX Unsigned32 1268 MAX-ACCESS read-write 1269 STATUS current 1270 DESCRIPTION 1271 "The index of the ACL entry to be removed from this ACL group. 1272 A successful set operation on this object will unset the bit 1273 corresponding to the ACL entry in the aclGroupNewCfgMemberAcls 1274 bitmap. A value of zero is always returned when this object 1275 is read." 1276 ::= { aclGroupNewCfgEntry 5 } 1277 1278aclGroupNewCfgAddBlock OBJECT-TYPE 1279 SYNTAX Unsigned32 1280 MAX-ACCESS read-write 1281 STATUS current 1282 DESCRIPTION 1283 "The index of the ACL block entry to be added into this ACL group. 1284 A successful set operation on this object will also set the bit 1285 corresponding to the ACL block entry in the aclGroupNewCfgMemberBlocks 1286 bitmap. A value of zero is always returned when this object 1287 is read." 1288 ::= { aclGroupNewCfgEntry 6 } 1289 1290aclGroupNewCfgRemoveBlock OBJECT-TYPE 1291 SYNTAX Unsigned32 1292 MAX-ACCESS read-write 1293 STATUS current 1294 DESCRIPTION 1295 "The index of the ACL block entry to be removed from this ACL group. 1296 A successful set operation on this object will unset the bit 1297 corresponding to the ACL block entry in the aclGroupNewCfgMemberBlocks 1298 bitmap. A value of zero is always returned when this object 1299 is read." 1300 ::= { aclGroupNewCfgEntry 7 } 1301 1302aclGroupNewCfgDelete OBJECT-TYPE 1303 SYNTAX INTEGER { 1304 other(1), 1305 delete(2) 1306 } 1307 MAX-ACCESS read-write 1308 STATUS current 1309 DESCRIPTION 1310 "This is an action object to delete an ACL group. A value of other(1) 1311 is always returned when this object is read." 1312 ::= { aclGroupNewCfgEntry 8 } 1313 1314 1315-- ---------------------------------------------------------------------------- 1316-- } INSERT: bt2acl 1317-- ---------------------------------------------------------------------------- 1318 1319END 1320 1321 1322