1-- ***************************************************************** 2-- CISCO-CATOS-ACL-QOS-MIB.my: Cisco CatOS Acl Qos MIB 3-- 4-- November 2001, Edward Pham 5-- January 2002, Edward Pham 6-- August 2002, Edward Pham 7-- March 2003, Edward Pham 8-- July 2003, Edward Pham 9-- September 2003, Edward Pham 10-- October 2003, Liwei Lue 11-- November 2003, Edward Pham 12-- 13-- Copyright (c) 2001-2007 by cisco Systems, Inc. 14-- All rights reserved. 15-- 16-- ***************************************************************** 17 18CISCO-CATOS-ACL-QOS-MIB DEFINITIONS ::= BEGIN 19 20IMPORTS 21 MODULE-IDENTITY, 22 OBJECT-TYPE, 23 Counter32, 24 Counter64, 25 Gauge32, 26 Integer32, 27 Unsigned32 28 FROM SNMPv2-SMI 29 30 MODULE-COMPLIANCE, 31 OBJECT-GROUP 32 FROM SNMPv2-CONF 33 34 TEXTUAL-CONVENTION, 35 RowStatus, 36 MacAddress, 37 DateAndTime, 38 TruthValue 39 FROM SNMPv2-TC 40 41 ifIndex, 42 InterfaceIndex 43 FROM IF-MIB 44 45 ciscoMgmt 46 FROM CISCO-SMI 47 48 VlanIndex 49 FROM CISCO-VTP-MIB 50 51 Dscp, 52 QosLayer2Cos, 53 Percent, 54 QosInterfaceQueueType 55 FROM CISCO-QOS-PIB-MIB 56 57 cseFlowDataEntry 58 FROM CISCO-SWITCH-ENGINE-MIB 59 60 CounterBasedGauge64 61 FROM HCNUM-TC 62 63 SnmpAdminString 64 FROM SNMP-FRAMEWORK-MIB 65 66 CiscoPortList, 67 CiscoIpProtocol 68 FROM CISCO-TC 69 70 InetAddressType, 71 InetAddress, 72 InetPortNumber 73 FROM INET-ADDRESS-MIB 74 ; 75 76 77ciscoCatOSAclQosMIB MODULE-IDENTITY 78 LAST-UPDATED "200711020000Z" 79 ORGANIZATION "Cisco Systems Inc. " 80 CONTACT-INFO 81 "Cisco Systems 82 Customer Service 83 84 Postal: 170 W Tasman Drive 85 San Jose, CA 95134 86 USA 87 88 Tel: +1 800 553-NETS 89 90 E-mail: cs-wbu@cisco.com" 91 DESCRIPTION 92 "This MIB module is for Access Control Lists(ACLs) configuration 93 of Quality of Service (QoS) as well as Security feature on the 94 Cisco Catalyst 5000/6000 series switch running CatOS. It also 95 provides QoS configuration and statistics information. 96 97 Configuration information available through this MIB includes 98 Security and QoS ACL configuration for IP, IPX and Layer 2 99 traffic, QoS and Security configuration parameters. 100 101 Statistics available through this MIB includes QoS statistics 102 for Layer 3 traffic. In addition, detailed, flow-specific 103 statistics are also available. 104 105 This MIB module is applied in conjunction with 106 CISCO-QOS-POLICY-CONFIG-MIB. The configuration information 107 available through this MIB takes effect throughout the device 108 when the value of qosPrOperPolicySource object in 109 CISCO-QOS-POLICY-CONFIG-MIB is 'local' or applies to a specific 110 interface when the value of qosPrIfOperPolicySource object 111 in CISCO-QOS-POLICY-CONFIG-MIB which associates with that 112 interface is 'local' while the value of qosPrOperPolicySource is 113 not 'local'. 114 115 The following terms are used throughout this MIB: 116 117 ACE stands for Access Control Entry. An ACL consists of an 118 ordered set of ACEs. ACE is a filter which is used to 119 identify flows with certain characteristics. It includes 120 fields such as ingress/egress ports, L2(layer 2) addresses, 121 L3(layer 3) addresses, TCP/UDP port numbers, etc. 122 123 QoS ACE and Security ACE are very similar to each other 124 but the actions of the ACEs are different. 125 126 Security ACEs are compared to each packet, and each ACE 127 specifies whether packets that match with it are either 128 forwarded or dropped. 129 130 ESP: Enscrypted Security Payload. 131 132 QoS is the method which attempts to ensure that the network 133 requirements of different applications can be met by giving 134 preferential forwarding treatment to some traffic. It is 135 usually consisted of these steps: classification, policing, 136 output scheduling, marking and shaping. Classification 137 identifies the traffic. Policing checks if the traffic 138 conformed to a specified criteria. Output scheduling, 139 marking and shaping control how the traffic is transmitted 140 to the next hop. 141 142 A flow is a non-specific term for a microflow or an 143 aggregate flow. 144 145 Microflow is a single instance of an application to 146 application flow of packets which is identified by source 147 address, source port, destination address, destination port 148 and protocol id. 149 150 Aggregate flow is a collection of microflows that are 151 treated together as one for the purpose of QoS. 152 153 DSCP (Differentiated Services Code Point) is the six most 154 significant bits of the ToS field in a IP packet header. 155 156 DSCP Mutation: the previous hop(s) and the following hop(s) 157 of a device may reside in a different QoS domain. A QoS 158 domain refers to the set of QoS rules and conventions 159 adopted by an administrative entity. For instance, a set 160 of DSCP values may have a different meaning in different 161 domains. DSCP mutation allows a DSCP set to be mutated or 162 transformed in order to maintain semantic compatibility 163 between adjacent domains. The mutation is done via mapping 164 tables which maps the old DSCP value from one domain to a 165 new DSCP value in the other domain. 166 167 IP precedence is the three most significant bits of the ToS 168 field in a IP packet header. 169 170 Cos (Class of Service) is the three bits in the layer 2 171 header that indicates user priority value assigned to this 172 packet. 173 174 Trust state is a parameter configured at a physical 175 interface or an ACL to determine a DSCP value assigned to 176 a packet for QoS purpose. 177 178 In profile packet is a packet that does not cause the 179 committed access rate of the packet's flow to be exceeded. 180 181 Out of profile packet is a packet that cause the committed 182 access rate of the packet's flow to be exceeded. 183 184 To accomplish classification, the user defines an ACL describing 185 the specification of a traffic flow then attaches this ACL to a 186 physical interface or a vlan. When a packet arrives at an 187 interface, depending on the configured trust state at that 188 interface, it can either be matched against an ACL if the trust 189 state is not trusted or get a DSCP assigned and go directly to 190 output scheduling. In the former case, when the packet matches 191 an ACE in the attached ACL, the next step will be policing. At 192 the end of classification process, a packet has a DSCP value 193 assigned. In some platform (e.g. Catalyst 4000) that does not 194 support ACL configuration, classification is accomplished by 195 matching the Cos value of incoming packet. 196 197 A packet can be policed at microflow or aggregate flow level. 198 Policing is done using the token bucket algorithm. 199 At the end of policing process, if packet does not cause the 200 flow to exceed the normal rate, it will continue to the next 201 step. Otherwise, the packet is dropped or assigned a 'policed' 202 DSCP value. Some platforms support multi-rate policing. When 203 packet causes the flow to exceed the normal rate but not the 204 excess rate, it is assigned a 'policed' DSCP value. When packet 205 causes the flow to exceed excess rate, it is either dropped or 206 has a 'policed' DSCP value assigned. After policing process, 207 the next step is output scheduling. 208 209 Output scheduling is the process of assigning a packet to 210 a queue and a threshold according to the packet's Cos value. 211 To get its Cos value, a DSCP to Cos mapping will be performed. 212 213 This MIB also defines 'Security ACLs' which some devices support 214 as a mean to enforce security. Security ACLs, attached at an 215 ingress interface, are compared to each packet arriving at that 216 interface. If the packet matches an ACE in the ACLs, it is 217 either permitted to go through the device or blocked and 218 dropped or redirected to another interface." 219 REVISION "200711020000Z" 220 DESCRIPTION 221 "Add the following groups: 222 caqDownloadClassifierGroup, 223 caqIpOperClassifierGroup, 224 caqSecurityDownloadAclInfoGroup, 225 caqSecurityDownloadIpAceGroup, 226 caqIfDownloadAclMapGroup, 227 caqIfIpPhoneMapGroup, 228 caqArpLoggingSourceGroup, 229 caqIpAceTypeGroup." 230 REVISION "200607150000Z" 231 DESCRIPTION 232 "Add 'include' enumeration value for caqSecurityAction. 233 234 Add caqQosL3StatsRateGroup, 235 caqQosL3StatsPeakGroup, 236 caqAggPolicerOctetsRateGroup, 237 caqAggPolicerPacketsRateGroup, 238 caqAggPolicerOctetsPeakGroup, 239 caqAggPolicerPacketsPeakGroup, 240 caqQosPortRateGroup, 241 caqQosPortPeakGroup, 242 caqSecurityActionDnldAceGroup." 243 REVISION "200507260000Z" 244 DESCRIPTION 245 "Add 'matchEapoudp' and 'matchUrlRedirect' enum value 246 for caqIpProtocolMatchCriteria object." 247 REVISION "200405260000Z" 248 DESCRIPTION 249 "Add the following groups to support ACL hit count 250 configuration and statistics: 251 252 caqAclFeatureGroup 253 caqAclHitCountGroup 254 255 Add the following groups to support additional matching 256 criteria for MAC ACE and MAC packet classify feature on 257 VLAN: 258 259 caqMacAceExtGroup. 260 caqMacPktClassifyVlanGroup." 261 REVISION "200311260000Z" 262 DESCRIPTION 263 "Add the following objects to support group name for source 264 and destination fields in caqIpAceTable: 265 caqIpAceSrcGroup 266 caqIpAceDestGroup." 267 REVISION "200310280000Z" 268 DESCRIPTION 269 "Add caqIfSecurityAclConfigGroup to support port ACL." 270 REVISION "200309300000Z" 271 DESCRIPTION 272 "Add the dhcpSnooping bit for caqSecurityRateLimitFeatures 273 object. 274 275 Fix a typo in the DESCRIPTION clause for caqSecurityAction 276 object." 277 REVISION "200307010000Z" 278 DESCRIPTION 279 "Deprecate caqSecurityRedirectPortList object and add 280 caqSecurityRedirect2kPortList to support up to 2048 281 bridge ports." 282 REVISION "200303050000Z" 283 DESCRIPTION 284 "Add the following objects and tables: 285 caqClassifierMapDirection, 286 caqIpAceSecurityId, 287 caqDscpRewriteEnabled, 288 caqAggPolicerOctets, 289 caqAggPolicerNRExceedOctets, 290 caqAggPolicerERExceedOctets, 291 caqDscpMutationMapTable, 292 caqVlanMutationIdMapTable, 293 caqQosDefaultActionTable." 294 REVISION "200210100000Z" 295 DESCRIPTION 296 "Add the caqLoggingGroup, caqArpInspGroup and 297 caqSecurityRateLimitGroup to support security ACL logging, 298 security ACL features rate limit and ARP Inspection 299 device configuration." 300 REVISION "200201170000Z" 301 DESCRIPTION 302 "Add the caqIfTrustDeviceGroup and caqQosExcessBurstGroup 303 to support Qos information on excess burst size and trusted 304 device configuration." 305 REVISION "200110180000Z" 306 DESCRIPTION 307 "Add the caqPbfObjects group and modify the 308 caqSecurityActionTable to support policy based forwarding." 309 REVISION "200102150000Z" 310 DESCRIPTION 311 "Add the following objects: 312 caqAggPolicerName, 313 caqAggPolicerPackets, 314 caqAggPolicerNRExceedPackets, 315 caqAggPolicerERExceedPackets." 316 REVISION "200102070000Z" 317 DESCRIPTION 318 "Initial version of this MIB module." 319 320 ::= { ciscoMgmt 179 } 321 322-- 323-- 324-- Textual Conventions 325-- 326-- 327CaqAclName ::= TEXTUAL-CONVENTION 328 DISPLAY-HINT "31a" 329 STATUS current 330 DESCRIPTION 331 "A character string for an ACL (Access Control List) name. 332 Valid characters are a-z, A-Z, 0-9, '-', '_' and '.'. Some 333 devices may require that an AclName contains at least one 334 non-numeric character. Acl name is case sensitive." 335 SYNTAX OCTET STRING (SIZE(1..31)) 336 337CaqPolicerName ::= TEXTUAL-CONVENTION 338 DISPLAY-HINT "31a" 339 STATUS current 340 DESCRIPTION 341 "A character string for a policer name. Valid characters are 342 a-z, A-Z, 0-9, '-', '_' and '.'. Some devices may require that 343 a PolicerName contains at least one non-numeric character. 344 Policer name is case sensitive." 345 SYNTAX OCTET STRING (SIZE(1..31)) 346 347CaqPolicerNameOrEmpty ::= TEXTUAL-CONVENTION 348 DISPLAY-HINT "31a" 349 STATUS current 350 DESCRIPTION 351 "This textual convention is an extension of the PolicerName 352 convention. The latter defines a non-empty policer name. This 353 extension permits the additional value of empty string. Examples 354 of the usage of empty string might include situations where 355 there is no policer defined for an ACE." 356 SYNTAX OCTET STRING (SIZE(0..31)) 357 358CaqAdjacencyName ::= TEXTUAL-CONVENTION 359 DISPLAY-HINT "18a" 360 STATUS current 361 DESCRIPTION 362 "A character string for an adjacency name. Valid characters 363 are a-z, A-Z, 0-9, '-', '_' and '.'. Some devices may require 364 that an AdjacencyName contains at least one non-numeric 365 character. Adjacency name is case sensitive." 366 SYNTAX OCTET STRING (SIZE(1..18)) 367 368-- 369-- Direction 370-- 371CaqDirection ::= TEXTUAL-CONVENTION 372 STATUS current 373 DESCRIPTION 374 "Indicates a particular direction of traffic." 375 SYNTAX INTEGER { 376 ingress(1), 377 egress(2) 378 } 379 380-- 381-- IP Precedence 382-- 383CaqIpPrecedence ::= TEXTUAL-CONVENTION 384 STATUS current 385 DESCRIPTION 386 "Indicates the IP precedence." 387 REFERENCE 388 "RFC791 INTERNET PROTOCOL, Chapter 3.1" 389 SYNTAX Unsigned32 (0..7) 390 391 392-- 393-- Queue Number 394-- 395CaqQueueNumber ::= TEXTUAL-CONVENTION 396 STATUS current 397 DESCRIPTION 398 "An integer indicates a queue number." 399 SYNTAX Unsigned32 (1..100) 400 401-- 402-- Threshold Number 403-- 404CaqThresholdNumber ::= TEXTUAL-CONVENTION 405 STATUS current 406 DESCRIPTION 407 "An integer indicates a threshold number." 408 SYNTAX Unsigned32 (1..100) 409 410-- 411-- HitCountAclType 412-- 413CaqHitCountAclType ::= TEXTUAL-CONVENTION 414 STATUS current 415 DESCRIPTION 416 "An integer indicating the ACL type that 417 supports ACL hit count feature." 418 SYNTAX INTEGER { ipSecurity(1), 419 ipxSecurity(2), 420 macSecurity(3) 421 } 422-- 423-- Cisco CatOS Acl Qos MIB object definitions 424-- 425 426ciscoCatOSAclQosMIBObjects OBJECT IDENTIFIER 427 ::= { ciscoCatOSAclQosMIB 1 } 428 429-- Cisco CatOS Acl Qos MIB consists of the following groups 430-- [1] Cisco CatOS Acl Qos Global Group (caqGlobalObjects). 431-- [2] Cisco CatOS Acl Qos Interface Group (caqInterfaceObjects). 432-- [3] Cisco CatOS Acl Qos Acl Group (caqAclObjects). 433-- [4] Cisco CatOS Acl Qos Statistics Group (caqQosStatsObjects). 434-- [5] Cisco CatOS Acl Qos Extension Group (caqExtObjects). 435-- [6] Cisco CatOS Acl Qos Policy-Based Forwarding (PBF) 436-- Group (caqPbfObjects). 437-- [7] Cisco CatOS Acl Security Logging Group (caqLoggingObjects) 438-- [8] Cisco CatOS Acl ARP Inspection Group (caqArpInspObjects) 439caqGlobalObjects OBJECT IDENTIFIER 440 ::= { ciscoCatOSAclQosMIBObjects 1 } 441caqInterfaceObjects OBJECT IDENTIFIER 442 ::= { ciscoCatOSAclQosMIBObjects 2 } 443caqAclObjects OBJECT IDENTIFIER 444 ::= { ciscoCatOSAclQosMIBObjects 3 } 445caqQosStatsObjects OBJECT IDENTIFIER 446 ::= { ciscoCatOSAclQosMIBObjects 4 } 447caqExtObjects OBJECT IDENTIFIER 448 ::= { ciscoCatOSAclQosMIBObjects 5 } 449caqPbfObjects OBJECT IDENTIFIER 450 ::= { ciscoCatOSAclQosMIBObjects 6 } 451caqLoggingObjects OBJECT IDENTIFIER 452 ::= { ciscoCatOSAclQosMIBObjects 7 } 453caqArpInspObjects OBJECT IDENTIFIER 454 ::= { ciscoCatOSAclQosMIBObjects 8 } 455caqAclHitCountObjects OBJECT IDENTIFIER 456 ::= { ciscoCatOSAclQosMIBObjects 9 } 457caqDownloadAclObjects OBJECT IDENTIFIER 458 ::= { ciscoCatOSAclQosMIBObjects 10 } 459 460--********************************************************************** 461-- Cisco CatOS Acl Qos Global Group 462--********************************************************************** 463 464-- 465-- The caqCosToDscpTable 466-- 467 468caqCosToDscpTable OBJECT-TYPE 469 SYNTAX SEQUENCE OF CaqCosToDscpEntry 470 MAX-ACCESS not-accessible 471 STATUS current 472 DESCRIPTION 473 "This table contains the mapping of Cos values to DSCP values. 474 This map is used to associate the Cos of packets arriving at a 475 port to a DSCP where the port's trust state is trustCoS(2). 476 This map is a table of eight Cos values (0 through 7) and their 477 corresponding DSCP values. This mapping applies to every port on 478 the device." 479 ::= { caqGlobalObjects 1 } 480 481caqCosToDscpEntry OBJECT-TYPE 482 SYNTAX CaqCosToDscpEntry 483 MAX-ACCESS not-accessible 484 STATUS current 485 DESCRIPTION 486 "Each row contains the mapping from a CoS value to a DSCP 487 value." 488 INDEX { caqCosToDscpCos } 489 ::= { caqCosToDscpTable 1 } 490 491CaqCosToDscpEntry ::= SEQUENCE { 492 caqCosToDscpCos QosLayer2Cos, 493 caqCosToDscpDscp Dscp 494} 495 496caqCosToDscpCos OBJECT-TYPE 497 SYNTAX QosLayer2Cos 498 MAX-ACCESS not-accessible 499 STATUS current 500 DESCRIPTION 501 "The CoS value being mapped to the DSCP value in this device." 502 ::= { caqCosToDscpEntry 1 } 503 504caqCosToDscpDscp OBJECT-TYPE 505 SYNTAX Dscp 506 MAX-ACCESS read-write 507 STATUS current 508 DESCRIPTION 509 "The DSCP value which the CoS value maps to. The default 510 configuration is : 511 512 CoS DSCP 513 0 0 514 1 8 515 2 16 516 3 24 517 4 32 518 5 40 519 6 48 520 7 56 521 ." 522 ::= { caqCosToDscpEntry 2 } 523 524-- 525-- CaqIpPrecToDscpTable 526-- 527caqIpPrecToDscpTable OBJECT-TYPE 528 SYNTAX SEQUENCE OF CaqIpPrecToDscpEntry 529 MAX-ACCESS not-accessible 530 STATUS current 531 DESCRIPTION 532 "This table contains the mapping of IP Precedence to DSCP. 533 This map is used to associate the IP Precedence of IP packets 534 arriving at a port to a DSCP where the port's trust state is 535 trustIpPrec(3). This map is a table of eight IpPrecedence 536 values (0 through 7) and their corresponding DSCP values. 537 This mapping applies to every port on the device." 538 ::= { caqGlobalObjects 2 } 539 540caqIpPrecToDscpEntry OBJECT-TYPE 541 SYNTAX CaqIpPrecToDscpEntry 542 MAX-ACCESS not-accessible 543 STATUS current 544 DESCRIPTION 545 "Each row contains the mapping from an IP Precedence value to 546 a DSCP value." 547 INDEX { caqIpPrecToDscpIpPrec } 548 ::= { caqIpPrecToDscpTable 1 } 549 550CaqIpPrecToDscpEntry ::= SEQUENCE { 551 caqIpPrecToDscpIpPrec CaqIpPrecedence, 552 caqIpPrecToDscpDscp Dscp 553} 554 555caqIpPrecToDscpIpPrec OBJECT-TYPE 556 SYNTAX CaqIpPrecedence 557 MAX-ACCESS not-accessible 558 STATUS current 559 DESCRIPTION 560 "The IP Precedence value being mapped to the DSCP value in 561 this device." 562 ::= { caqIpPrecToDscpEntry 1 } 563 564caqIpPrecToDscpDscp OBJECT-TYPE 565 SYNTAX Dscp 566 MAX-ACCESS read-write 567 STATUS current 568 DESCRIPTION 569 "The DSCP value which the IP Precedence value maps to. The 570 default configuration is the identity function : 571 572 IPPrec DSCP 573 0 0 574 1 8 575 2 16 576 3 24 577 4 32 578 5 40 579 6 48 580 7 56 581 ." 582 ::= { caqIpPrecToDscpEntry 2 } 583 584-- 585-- caqDscpMappingTable 586-- 587 588caqDscpMappingTable OBJECT-TYPE 589 SYNTAX SEQUENCE OF CaqDscpMappingEntry 590 MAX-ACCESS not-accessible 591 STATUS current 592 DESCRIPTION 593 "This table always has 64 entries, one for each DSCP value. The 594 table contains three mappings from the DSCP value assigned to 595 a packet. One mapping is to the egress CoS to be stored in the 596 layer-2 frame headers for output on 802.1Q or ISL interfaces. 597 The other two mappings are to the remarked (or 'marked down') 598 DSCP values which are used when a policer's requires that 599 a packet's DSCP value to be modified. Of these two mappings, 600 one is for a Normal Rate policer, and the other is for an 601 Excess Rate policer. These mappings apply for every port on the 602 device." 603 ::= { caqGlobalObjects 3 } 604 605caqDscpMappingEntry OBJECT-TYPE 606 SYNTAX CaqDscpMappingEntry 607 MAX-ACCESS not-accessible 608 STATUS current 609 DESCRIPTION 610 "Each row contains the mapping from DSCP value to CoS value 611 and policed DSCP." 612 INDEX { caqDscpMappingDscp } 613 ::= { caqDscpMappingTable 1 } 614 615CaqDscpMappingEntry ::= SEQUENCE { 616 caqDscpMappingDscp Dscp, 617 caqDscpMappingCos QosLayer2Cos, 618 caqDscpMappingNRPolicedDscp Dscp, 619 caqDscpMappingERPolicedDscp Dscp 620} 621 622caqDscpMappingDscp OBJECT-TYPE 623 SYNTAX Dscp 624 MAX-ACCESS not-accessible 625 STATUS current 626 DESCRIPTION 627 "The DSCP value being mapped to the CoS value and policed DSCP 628 value in this device." 629 ::= { caqDscpMappingEntry 1 } 630 631caqDscpMappingCos OBJECT-TYPE 632 SYNTAX QosLayer2Cos 633 MAX-ACCESS read-write 634 STATUS current 635 DESCRIPTION 636 "The CoS value which the DSCP values maps to. 637 638 The default configuration is calculated from the 639 formula CoS = DSCP divide by 8. 640 That is: 641 DSCP 0-7 all map to CoS 0; 642 DSCP 8-15 all map to CoS 1; 643 ... 644 DSCP 32-39 all map to CoS 4; 645 ... 646 DSCP 56-63 all map to CoS 7." 647 ::= { caqDscpMappingEntry 2 } 648 649caqDscpMappingNRPolicedDscp OBJECT-TYPE 650 SYNTAX Dscp 651 MAX-ACCESS read-write 652 STATUS current 653 DESCRIPTION 654 "The normal rate policed DSCP value which the DSCP values maps 655 to. The normal rate default mapping of DSCP to 'marked down' 656 DSCP is the identity function. 657 That is: 658 63 -> 63 659 62 -> 62 660 ... 661 31 -> 31 662 ... 663 2 -> 2 664 1 -> 1 665 0 -> 0." 666 ::= { caqDscpMappingEntry 3 } 667 668caqDscpMappingERPolicedDscp OBJECT-TYPE 669 SYNTAX Dscp 670 MAX-ACCESS read-write 671 STATUS current 672 DESCRIPTION 673 "The excess rate policed DSCP value which the DSCP values maps 674 to. If the value of caqFlowPolicerExcessRateSupport object is 675 false(2), this object cannot be instantiated. The excess rate 676 default DSCP mapping of DSCP to 'marked down' DSCP is the 677 identity function. 678 That is: 679 63 -> 63 680 62 -> 62 681 ... 682 31 -> 31 683 ... 684 2 -> 2 685 1 -> 1 686 0 -> 0." 687 ::= { caqDscpMappingEntry 4 } 688 689-- 690-- Queue assignment table 691-- 692 693-- The Assignment of packets to queues and thresholds based on 694-- their CoS value. 695 696caqCosAssignmentTable OBJECT-TYPE 697 SYNTAX SEQUENCE OF CaqCosAssignmentEntry 698 MAX-ACCESS not-accessible 699 STATUS current 700 DESCRIPTION 701 "This table provides the information for and configuration of 702 assigning packets to queues and thresholds based on their CoS 703 value." 704 ::= { caqGlobalObjects 4 } 705 706caqCosAssignmentEntry OBJECT-TYPE 707 SYNTAX CaqCosAssignmentEntry 708 MAX-ACCESS not-accessible 709 STATUS current 710 DESCRIPTION 711 "The assignment of packets to a pair of queue and threshold 712 based on their Cos value. The packets assignment also depends 713 on port types. For each port type, there is a set of Cos 714 value (0..7) associated with a pair of queue number and 715 threshold number (q,t). Packets that have their Cos value 716 belong to a particular set will be assigned to the pair of 717 queue number and threshold number that this set associated 718 with." 719 INDEX { caqCosAssignQueueType, caqCosAssignCos } 720 ::= { caqCosAssignmentTable 1 } 721 722CaqCosAssignmentEntry ::= SEQUENCE { 723 caqCosAssignQueueType QosInterfaceQueueType, 724 caqCosAssignCos QosLayer2Cos, 725 caqCosAssignQueueNumber CaqQueueNumber, 726 caqCosAssignThresholdNumber CaqThresholdNumber 727} 728 729caqCosAssignQueueType OBJECT-TYPE 730 SYNTAX QosInterfaceQueueType 731 MAX-ACCESS not-accessible 732 STATUS current 733 DESCRIPTION 734 "The queue type of this interface." 735 ::= { caqCosAssignmentEntry 1 } 736 737caqCosAssignCos OBJECT-TYPE 738 SYNTAX QosLayer2Cos 739 MAX-ACCESS not-accessible 740 STATUS current 741 DESCRIPTION 742 "Indicates the Cos value which is used to match the 743 Cos value of packets for queue assignment." 744 ::= { caqCosAssignmentEntry 2 } 745 746caqCosAssignQueueNumber OBJECT-TYPE 747 SYNTAX CaqQueueNumber 748 MAX-ACCESS read-write 749 STATUS current 750 DESCRIPTION 751 "The queue number which the Cos value denoted by 752 caqCosAssignCos will be associated with. This queue number 753 must not larger than the queue count defined by 754 caqCosAssignQueueType." 755 ::= { caqCosAssignmentEntry 3 } 756 757caqCosAssignThresholdNumber OBJECT-TYPE 758 SYNTAX CaqThresholdNumber 759 MAX-ACCESS read-write 760 STATUS current 761 DESCRIPTION 762 "The threshold number which the Cos value denoted by 763 caqCosAssignCos will be associated with. This threshold 764 number must not larger than the threshold count defined 765 by caqCosAssignQueueType." 766 ::= { caqCosAssignmentEntry 4 } 767 768 769-- 770-- The Queue Threshold Table 771-- 772 773caqQueueThresholdTable OBJECT-TYPE 774 SYNTAX SEQUENCE OF CaqQueueThresholdEntry 775 MAX-ACCESS not-accessible 776 STATUS current 777 DESCRIPTION 778 "This table maintains threshold parameters for the specified 779 queue number and threshold number of a port type." 780 ::= { caqGlobalObjects 5 } 781 782caqQueueThresholdEntry OBJECT-TYPE 783 SYNTAX CaqQueueThresholdEntry 784 MAX-ACCESS not-accessible 785 STATUS current 786 DESCRIPTION 787 "For each threshold of a queue, there are parameters to set on 788 the threshold. This entry contains the parameters." 789 INDEX { caqQueueThreshQueueType, 790 caqQueueThreshQueueIndex, 791 caqQueueThreshThresholdIndex } 792 ::= { caqQueueThresholdTable 1 } 793 794CaqQueueThresholdEntry ::= SEQUENCE { 795 caqQueueThreshQueueType QosInterfaceQueueType, 796 caqQueueThreshQueueIndex CaqQueueNumber, 797 caqQueueThreshThresholdIndex CaqThresholdNumber, 798 caqQueueThreshDropAlgorithm INTEGER, 799 caqQueueThreshDropThreshold Unsigned32, 800 caqQueueThreshMinWredThreshold Percent, 801 caqQueueThreshMaxWredThreshold Unsigned32 802} 803 804caqQueueThreshQueueType OBJECT-TYPE 805 SYNTAX QosInterfaceQueueType 806 MAX-ACCESS not-accessible 807 STATUS current 808 DESCRIPTION 809 "Indicates the queue type." 810 ::= { caqQueueThresholdEntry 1 } 811 812 813caqQueueThreshQueueIndex OBJECT-TYPE 814 SYNTAX CaqQueueNumber 815 MAX-ACCESS not-accessible 816 STATUS current 817 DESCRIPTION 818 "Indicates queue number. This queue number must not be larger 819 than the queue count defined by caqQueueThreshQueueType." 820 ::= { caqQueueThresholdEntry 2 } 821 822caqQueueThreshThresholdIndex OBJECT-TYPE 823 SYNTAX CaqThresholdNumber 824 MAX-ACCESS not-accessible 825 STATUS current 826 DESCRIPTION 827 "Indicates threshold number. This threshold number must not 828 be larger than the threshold count defined by 829 caqQueueThreshQueueType." 830 ::= { caqQueueThresholdEntry 3 } 831 832caqQueueThreshDropAlgorithm OBJECT-TYPE 833 SYNTAX INTEGER { tailDrop(1), wred(2) } 834 MAX-ACCESS read-only 835 STATUS current 836 DESCRIPTION 837 "Indicates the drop algorithm used at this queue and threshold. 838 839 tailDrop(1) indicates that tailDrop is used. 840 841 wred(2) indicates that WRED is used." 842 ::= { caqQueueThresholdEntry 4 } 843 844caqQueueThreshDropThreshold OBJECT-TYPE 845 SYNTAX Unsigned32 (1..100) 846 UNITS "percent" 847 MAX-ACCESS read-write 848 STATUS current 849 DESCRIPTION 850 "This object specifies the drop threshold parameter for a 851 pair of queue and threshold of an interface queue type when the 852 drop algorithm is tail drop. Once the packets in the buffer is 853 more than the value of this object, the incoming packets of the 854 buffer are dropped. The value is a percentage of the full 855 buffer. 856 857 This object is instantiated only if the value of 858 caqQueueThreshDropAlgorithm is tailDrop(1)." 859 ::= { caqQueueThresholdEntry 5 } 860 861caqQueueThreshMinWredThreshold OBJECT-TYPE 862 SYNTAX Percent 863 MAX-ACCESS read-write 864 STATUS current 865 DESCRIPTION 866 "This object specifies the min WRED threshold parameter of a 867 threshold number for the specific port type when WRED drop 868 algorithm is used. 869 870 WRED (Weighted Random Early Detect) is a mechanism which drops 871 packets fairly during congestion so that adaptive applications 872 can react to congestion. This object specifies a percentage of 873 the buffer size. 874 875 This object is instantiated only if the value of 876 caqQueueThreshDropAlgorithm is wred(2)." 877 ::= { caqQueueThresholdEntry 6 } 878 879caqQueueThreshMaxWredThreshold OBJECT-TYPE 880 SYNTAX Unsigned32 (1..100) 881 UNITS "percent" 882 MAX-ACCESS read-write 883 STATUS current 884 DESCRIPTION 885 "This object specifies the max WRED threshold parameter of a 886 threshold number for the specific port type when WRED drop 887 algorithm is used. 888 889 This object is instantiated only if the value of 890 caqQueueThreshDropAlgorithm is wred(2)." 891 ::= { caqQueueThresholdEntry 7 } 892 893-- 894-- The Queue Table 895-- 896 897caqQueueTable OBJECT-TYPE 898 SYNTAX SEQUENCE OF CaqQueueEntry 899 MAX-ACCESS not-accessible 900 STATUS current 901 DESCRIPTION 902 "A table used to configure the WRR (weighted round robin) 903 weights for queues and the ratio of memory buffer allocation 904 for each queue. It only contains entries for the specific port 905 types which supports either WRR or buffer allocation." 906 ::= { caqGlobalObjects 6 } 907 908caqQueueEntry OBJECT-TYPE 909 SYNTAX CaqQueueEntry 910 MAX-ACCESS not-accessible 911 STATUS current 912 DESCRIPTION 913 "A set of WRR weight and memory buffer allocation ratio for 914 ingress or egress of a specific queue." 915 INDEX { caqQueueDirection, 916 caqQueueType, 917 caqQueueNumber } 918 ::= { caqQueueTable 1 } 919 920CaqQueueEntry ::= SEQUENCE { 921 caqQueueDirection CaqDirection, 922 caqQueueType QosInterfaceQueueType, 923 caqQueueNumber CaqQueueNumber, 924 caqQueueWrrWeight Unsigned32, 925 caqQueueBufferSizeRatio Unsigned32 926} 927 928caqQueueDirection OBJECT-TYPE 929 SYNTAX CaqDirection 930 MAX-ACCESS not-accessible 931 STATUS current 932 DESCRIPTION 933 "Indicates whether this row's queue parameters are to 934 be applied for ingress or for egress traffic." 935 ::= { caqQueueEntry 1 } 936 937caqQueueType OBJECT-TYPE 938 SYNTAX QosInterfaceQueueType 939 MAX-ACCESS not-accessible 940 STATUS current 941 DESCRIPTION 942 "Indicates the queue type." 943 ::= { caqQueueEntry 2 } 944 945 946caqQueueNumber OBJECT-TYPE 947 SYNTAX CaqQueueNumber 948 MAX-ACCESS not-accessible 949 STATUS current 950 DESCRIPTION 951 "Indicates queue number." 952 ::= { caqQueueEntry 3 } 953 954caqQueueWrrWeight OBJECT-TYPE 955 SYNTAX Unsigned32 (1..255) 956 MAX-ACCESS read-write 957 STATUS current 958 DESCRIPTION 959 "This object is to configure the weight for the specified 960 queue type and for the specified direction." 961 ::= { caqQueueEntry 4 } 962 963caqQueueBufferSizeRatio OBJECT-TYPE 964 SYNTAX Unsigned32 (1..99) 965 UNITS "percent" 966 MAX-ACCESS read-write 967 STATUS current 968 DESCRIPTION 969 "Indicates the percentage of ingress or egress packet buffer 970 memory allocated to the specified queue." 971 ::= { caqQueueEntry 5 } 972 973-- 974-- The Dscp Mutation Map Table 975-- 976 977caqDscpMutationMapTable OBJECT-TYPE 978 SYNTAX SEQUENCE OF CaqDscpMutationMapEntry 979 MAX-ACCESS not-accessible 980 STATUS current 981 DESCRIPTION 982 "The table provides the DSCP mutation mapping configuration 983 on the device. This table is only instantiated if DSCP 984 Mutation is supported by the device." 985 ::= { caqGlobalObjects 7 } 986 987caqDscpMutationMapEntry OBJECT-TYPE 988 SYNTAX CaqDscpMutationMapEntry 989 MAX-ACCESS not-accessible 990 STATUS current 991 DESCRIPTION 992 "Each row contains the mapping from old DSCP value to new 993 DSCP value per specific mutation table." 994 INDEX { caqDscpMutationTableId, caqDscpMutationOldDscp } 995 ::= { caqDscpMutationMapTable 1 } 996 997CaqDscpMutationMapEntry ::= SEQUENCE { 998 caqDscpMutationTableId Unsigned32, 999 caqDscpMutationOldDscp Dscp, 1000 caqDscpMutationNewDscp Dscp 1001} 1002 1003caqDscpMutationTableId OBJECT-TYPE 1004 SYNTAX Unsigned32 1005 MAX-ACCESS not-accessible 1006 STATUS current 1007 DESCRIPTION 1008 "The mutation table ID number." 1009 ::= { caqDscpMutationMapEntry 1 } 1010 1011caqDscpMutationOldDscp OBJECT-TYPE 1012 SYNTAX Dscp 1013 MAX-ACCESS not-accessible 1014 STATUS current 1015 DESCRIPTION 1016 "The old DSCP value." 1017 ::= { caqDscpMutationMapEntry 2 } 1018 1019caqDscpMutationNewDscp OBJECT-TYPE 1020 SYNTAX Dscp 1021 MAX-ACCESS read-write 1022 STATUS current 1023 DESCRIPTION 1024 "The new DSCP value which the old DSCP values maps to for 1025 a specific mutation table. The default mapping of old DSCP to 1026 new DSCP for mutation purpose is the identity function. 1027 That is: 1028 63 -> 63 1029 62 -> 62 1030 ... 1031 31 -> 31 1032 ... 1033 2 -> 2 1034 1 -> 1 1035 0 -> 0." 1036 ::= { caqDscpMutationMapEntry 3 } 1037 1038-- 1039-- The VLAN to Mutation Table Map Table 1040-- 1041 1042caqVlanMutationIdMapTable OBJECT-TYPE 1043 SYNTAX SEQUENCE OF CaqVlanMutationIdMapEntry 1044 MAX-ACCESS not-accessible 1045 STATUS current 1046 DESCRIPTION 1047 "The table provides the VLAN to mutation table mapping 1048 configuration on the device. This table is only 1049 instantiated if DSCP Mutation is supported by the 1050 device." 1051 ::= { caqGlobalObjects 8 } 1052 1053caqVlanMutationIdMapEntry OBJECT-TYPE 1054 SYNTAX CaqVlanMutationIdMapEntry 1055 MAX-ACCESS not-accessible 1056 STATUS current 1057 DESCRIPTION 1058 "When the first time a VLAN is created in a device supporting 1059 this table, a corresponding entry of this table will be added. 1060 The value of caqVlanMutationTableId object in such row will be 1061 initialized to 0." 1062 INDEX { caqVlanMutationIndex } 1063 ::= { caqVlanMutationIdMapTable 1 } 1064 1065CaqVlanMutationIdMapEntry ::= SEQUENCE { 1066 caqVlanMutationIndex VlanIndex, 1067 caqVlanMutationTableId Unsigned32 1068} 1069 1070caqVlanMutationIndex OBJECT-TYPE 1071 SYNTAX VlanIndex 1072 MAX-ACCESS not-accessible 1073 STATUS current 1074 DESCRIPTION 1075 "Indicates the VLAN number." 1076 ::= { caqVlanMutationIdMapEntry 1 } 1077 1078caqVlanMutationTableId OBJECT-TYPE 1079 SYNTAX Unsigned32 1080 MAX-ACCESS read-write 1081 STATUS current 1082 DESCRIPTION 1083 "Indicates the mutation table ID number. The value of this 1084 object should match one of caqDscpMutationTableId object 1085 value in caqDscpMutationMapTable. 1086 1087 Mutation table 0 always provides the identity mapping." 1088 ::= { caqVlanMutationIdMapEntry 2 } 1089 1090caqDscpRewriteEnabled OBJECT-TYPE 1091 SYNTAX TruthValue 1092 MAX-ACCESS read-write 1093 STATUS current 1094 DESCRIPTION 1095 "Indicates whether DSCP rewrite is enabled or disabled 1096 in the device. 1097 1098 if true(1), all outgoing packets will have their DSCP 1099 value rewrited based on the result of classification, 1100 policing or DSCP mutation configured in the device. 1101 1102 if false(2), all outgoing packets will have their DSCP 1103 values as when they arrived." 1104 ::= { caqGlobalObjects 9 } 1105 1106caqMacPktClassifyVlansLow OBJECT-TYPE 1107 SYNTAX OCTET STRING (SIZE(0..256)) 1108 MAX-ACCESS read-write 1109 STATUS current 1110 DESCRIPTION 1111 "A string of octets containing one bit per VLAN for 1112 VLANs with VlanIndex value of 0 to 2047. The first 1113 octet corresponds to VLANs with VlanIndex values 1114 of 0 through 7; the second octet to VLANs 8 through 1115 15; etc. The most significant bit of each octet 1116 corresponds to the lowest value VlanIndex in that octet. 1117 1118 For each VLAN, if Ethernet packet classify feature is 1119 enabled then the bit corresponding to that VLAN is set 1120 to '1'. 1121 1122 Note that if the length of this string is less than 1123 256 octets, any 'missing' octets are assumed to contain 1124 the value zero. A NMS may omit any zero-valued octets 1125 from the end of this string in order to reduce SetPDU size, 1126 and the agent may also omit zero-valued trailing octets, 1127 to reduce the size of GetResponse PDUs." 1128 ::= { caqGlobalObjects 10 } 1129 1130caqMacPktClassifyVlansHigh OBJECT-TYPE 1131 SYNTAX OCTET STRING (SIZE(0..256)) 1132 MAX-ACCESS read-write 1133 STATUS current 1134 DESCRIPTION 1135 "A string of octets containing one bit per VLAN for 1136 VLANs with VlanIndex value of 2048 to 4095. The first 1137 octet corresponds to VLANs with VlanIndex values 1138 of 2048 through 2055; the second octet to VLANs 2056 1139 through 2063; etc. The most significant bit of each 1140 octet corresponds to the lowest value VlanIndex in that 1141 octet. 1142 1143 For each VLAN, if Ethernet packet classify feature is 1144 enabled then the bit corresponding to that VLAN is set 1145 to '1'. 1146 1147 Note that if the length of this string is less than 1148 256 octets, any 'missing' octets are assumed to contain 1149 the value zero. A NMS may omit any zero-valued octets 1150 from the end of this string in order to reduce SetPDU size, 1151 and the agent may also omit zero-valued trailing octets, 1152 to reduce the size of GetResponse PDUs." 1153 ::= { caqGlobalObjects 11 } 1154 1155 1156--********************************************************************* 1157-- Cisco CatOS Acl Qos Interface Group 1158--********************************************************************* 1159-- 1160-- 1161 1162-- 1163-- caqIfConfigTable 1164-- 1165 1166caqIfConfigTable OBJECT-TYPE 1167 SYNTAX SEQUENCE OF CaqIfConfigEntry 1168 MAX-ACCESS not-accessible 1169 STATUS current 1170 DESCRIPTION 1171 "This table describes the trust state and the default Cos 1172 value configured at each physical interface. It also 1173 indicates whether an ACL attached to a Qos capable physical 1174 interface is applied per VLAN or per physical interface if 1175 the platform supports ACL configuration." 1176 ::= { caqInterfaceObjects 1 } 1177 1178caqIfConfigEntry OBJECT-TYPE 1179 SYNTAX CaqIfConfigEntry 1180 MAX-ACCESS not-accessible 1181 STATUS current 1182 DESCRIPTION 1183 "The index of this table is the ifIndex of a 1184 physical port with QoS capability." 1185 INDEX { ifIndex } 1186 ::= { caqIfConfigTable 1 } 1187 1188CaqIfConfigEntry ::= SEQUENCE { 1189 caqIfCos QosLayer2Cos, 1190 caqIfTrustStateConfig INTEGER, 1191 caqIfAclBase INTEGER, 1192 caqIfTrustDevice BITS, 1193 caqIfOperTrustState INTEGER 1194} 1195 1196 1197caqIfCos OBJECT-TYPE 1198 SYNTAX QosLayer2Cos 1199 MAX-ACCESS read-write 1200 STATUS current 1201 DESCRIPTION 1202 "This object indicates the default Cos value configured at this 1203 physical interface. This default value will be assigned to 1204 packet which does not have a Cos value in its layer-2 header 1205 when the packet arrives at this interface." 1206 ::= { caqIfConfigEntry 1 } 1207 1208caqIfTrustStateConfig OBJECT-TYPE 1209 SYNTAX INTEGER { 1210 untrusted(1), 1211 trustCoS(2), 1212 trustIpPrec(3), 1213 trustDscp(4) 1214 } 1215 MAX-ACCESS read-write 1216 STATUS current 1217 DESCRIPTION 1218 "This object is used to set the trust state of an interface. 1219 (whether the packets arriving at an interface are trusted to 1220 carry the correct data for classification.) 1221 1222 If the object is untrusted(1), then the DSCP assigned to the 1223 packet is the DSCP specified by classification rule obtained 1224 from the matching ACE (Access Control Entry). ACE is a filter 1225 that is used to identify flows with certain characteristics. It 1226 includes fields such as ingress/egress ports, L2 addresses, L3 1227 addresses , TCP/UDP port number. 1228 1229 If this object is trustCoS(2), then the DSCP assigned 1230 to the packet is the layer2 CoS of the packet mapped to a 1231 DSCP by the CoS-to-DSCP mapping defined in object 1232 caqCosToDscpDscp. 1233 1234 When this object is trustIpPrec(3), a DSCP is assigned to 1235 an IP packet according to the IP-Precedence-to-DSCP mapping 1236 defined by the values contained in caqIpPrecToDscpTable. For 1237 non-IP packets, trustIpPrec(3) has identical behavior as 1238 trustCoS(2). 1239 1240 When this object is trustDscp(4), the DSCP contained in an IP 1241 packet is trusted as being the correct value to assign to it. 1242 For non-IP packets, trustDscp(4) has identical behavior as 1243 trustCoS(2)." 1244 DEFVAL { untrusted } 1245 ::= { caqIfConfigEntry 2 } 1246 1247caqIfAclBase OBJECT-TYPE 1248 SYNTAX INTEGER { vlan(1), port(2) } 1249 MAX-ACCESS read-write 1250 STATUS current 1251 DESCRIPTION 1252 "For a given physical interface, this object indicates whether 1253 packets arriving at that interface are classified and policed 1254 based on port's ACL or based on the ACL of the VLAN which the 1255 port belongs to. This object is only instantiated if the 1256 platform support ACL configuration." 1257 ::= { caqIfConfigEntry 3 } 1258 1259caqIfTrustDevice OBJECT-TYPE 1260 SYNTAX BITS { 1261 trustCiscoIPPhone(0) 1262 } 1263 MAX-ACCESS read-write 1264 STATUS current 1265 DESCRIPTION 1266 "For a given physical interface, this object indicates the 1267 restriction on trusting only a specific type of device which 1268 is connected to this interface to carry the correct data for 1269 classification. 1270 1271 trustCiscoIPPhone(0) indicates that there is a restriction 1272 on trusting only ciscoIPPhone to carry the correct data for 1273 classification. 1274 1275 If there is no bits turned on, any device connected to 1276 this interface is trusted to carry the correct data for 1277 clarification. 1278 1279 This object is only instantiated if the platform supports 1280 trust device configuration." 1281 ::= { caqIfConfigEntry 4 } 1282 1283caqIfOperTrustState OBJECT-TYPE 1284 SYNTAX INTEGER { 1285 untrusted(1), 1286 trustCoS(2), 1287 trustIpPrec(3), 1288 trustDscp(4) 1289 } 1290 MAX-ACCESS read-only 1291 STATUS current 1292 DESCRIPTION 1293 "This object is used to indicate the operational trust state of 1294 an interface. The operational trust state may or may not be 1295 identical to the config trust state denoted by 1296 caqIfTrustStateConfig. The value of this object depends on the 1297 runtime conditions such as whether the interface is configured 1298 to trust a certain type of device as denoted by caqIfTrustDevice 1299 as well as whether a device of the trusted type is connected to 1300 the interface. For example, if the interface is configured to 1301 only trust Cisco IP Phone and the phone is not connected to 1302 the interface at runtime, the operational trust state of this 1303 interface will have the untrusted(1) value even if the 1304 trustCoS(2) value is configured in caqIfTrustStateConfig. 1305 1306 This object is only instantiated if the platform supports 1307 trust device configuration. 1308 1309 If the object is untrusted(1), then the DSCP assigned to the 1310 packet is the DSCP specified by classification rule obtained 1311 from the matching ACE (Access Control Entry). ACE is a filter 1312 that is used to identify flows with certain characteristics. It 1313 includes fields such as ingress/egress ports, L2 addresses, L3 1314 addresses , TCP/UDP port number. 1315 1316 If this object is trustCoS(2), then the DSCP assigned 1317 to the packet is the layer2 CoS of the packet mapped to a 1318 DSCP by the CoS-to-DSCP mapping defined in object 1319 caqCosToDscpDscp. 1320 1321 When this object is trustIpPrec(3), a DSCP is assigned to 1322 an IP packet according to the IP-Precedence-to-DSCP mapping 1323 defined by the values contained in caqIpPrecToDscpTable. For 1324 non-IP packets, trustIpPrec(3) has identical behavior as 1325 trustCoS(2). 1326 1327 When this object is trustDscp(4), the DSCP contained in an IP 1328 packet is trusted as being the correct value to assign to it. 1329 For non-IP packets, trustDscp(4) has identical behavior as 1330 trustCoS(2)." 1331 ::= { caqIfConfigEntry 5 } 1332 1333-- 1334-- The caqClassifierTable 1335-- 1336 1337caqClassifierTable OBJECT-TYPE 1338 SYNTAX SEQUENCE OF CaqClassifierEntry 1339 MAX-ACCESS not-accessible 1340 STATUS current 1341 DESCRIPTION 1342 "This table identifies which ACLs are in use on which 1343 interfaces. Some devices may impose constraints on the number 1344 of ACLs that can be attached to each interface; for example a 1345 constraint that at most three Qos ACLs, one for each type: IP, 1346 IPX and MAC, and at most three Security ACLs, one for each 1347 type: IP, IPX and MAC, can be attached to an interface." 1348 ::= { caqInterfaceObjects 2 } 1349 1350caqClassifierEntry OBJECT-TYPE 1351 SYNTAX CaqClassifierEntry 1352 MAX-ACCESS not-accessible 1353 STATUS current 1354 DESCRIPTION 1355 "An entry identifies that a particular ACL is in use on a 1356 particular interface. An interface can be a physical port 1357 or a VLAN." 1358 INDEX { ifIndex, caqClassifierAclType, 1359 IMPLIED caqClassifierAclName } 1360 ::= { caqClassifierTable 1 } 1361 1362CaqClassifierEntry ::= SEQUENCE { 1363 caqClassifierAclType INTEGER, 1364 caqClassifierAclName CaqAclName, 1365 caqClassifierMapStatus RowStatus, 1366 caqClassifierMapDirection BITS 1367} 1368 1369caqClassifierAclType OBJECT-TYPE 1370 SYNTAX INTEGER { 1371 ipQos(1), 1372 ipxQos(2), 1373 macQos(3), 1374 ipSecurity(4), 1375 ipxSecurity(5), 1376 macSecurity(6) 1377 } 1378 MAX-ACCESS not-accessible 1379 STATUS current 1380 DESCRIPTION 1381 "Indicates the type of ACL attached to this interface. 1382 1383 ipQos(1) indicates that this ACL is an IP Qos ACL. 1384 1385 ipxQos(2) indicates that this ACL is an IPX Qos ACL. 1386 1387 macQos(3) indicates that this ACL is a MAC Qos ACL. 1388 1389 ipSecurity(4) indicates that this ACL is an IP Security ACL. 1390 1391 ipxSecurity(5) indicates that this ACL is an IPX Security ACL. 1392 1393 macSecurity(6) indicates that this ACL is a MAC Security ACL." 1394 ::= { caqClassifierEntry 1 } 1395 1396caqClassifierAclName OBJECT-TYPE 1397 SYNTAX CaqAclName 1398 MAX-ACCESS not-accessible 1399 STATUS current 1400 DESCRIPTION 1401 "Indicates the ACL name which should exist in the ACL tables 1402 e.g. in caqIpAceTable. This ACL can be a Qos ACL or a 1403 Security ACL." 1404 ::= { caqClassifierEntry 2 } 1405 1406caqClassifierMapStatus OBJECT-TYPE 1407 SYNTAX RowStatus 1408 MAX-ACCESS read-create 1409 STATUS current 1410 DESCRIPTION 1411 "The status of this classifier conceptual row entry. 1412 An entry may not exist in the active state unless the 1413 ACL name denoted by caqClassifierAclName object in the 1414 entry exist and active (i.e. its RowStatus object is 1415 active(1)) in an ACL table. 1416 1417 Once a row becomes active, value in any other column within 1418 such row cannot be modified except by setting 1419 caqClassifierMapStatus to notInService(2) for such row." 1420 ::= { caqClassifierEntry 3 } 1421 1422caqClassifierMapDirection OBJECT-TYPE 1423 SYNTAX BITS { ingress(0), egress(1) } 1424 MAX-ACCESS read-create 1425 STATUS current 1426 DESCRIPTION 1427 "Indicates whether this ACL are to be attached to ingress or 1428 egress direction." 1429 DEFVAL { {ingress} } 1430 ::= { caqClassifierEntry 4 } 1431 1432caqIfSecurityAclConfigTable OBJECT-TYPE 1433 SYNTAX SEQUENCE OF CaqIfSecurityAclConfigEntry 1434 MAX-ACCESS not-accessible 1435 STATUS current 1436 DESCRIPTION 1437 "A list of the interfaces which support the security 1438 ACL feature." 1439 ::= { caqInterfaceObjects 3 } 1440 1441caqIfSecurityAclConfigEntry OBJECT-TYPE 1442 SYNTAX CaqIfSecurityAclConfigEntry 1443 MAX-ACCESS not-accessible 1444 STATUS current 1445 DESCRIPTION 1446 "An entry contains configuration information about 1447 a security ACL mapped to a interface which is capable 1448 for this feature." 1449 INDEX { ifIndex } 1450 ::= { caqIfSecurityAclConfigTable 1 } 1451 1452CaqIfSecurityAclConfigEntry ::= 1453 SEQUENCE { 1454 caqIfSecurityAclBase INTEGER 1455 } 1456 1457caqIfSecurityAclBase OBJECT-TYPE 1458 SYNTAX INTEGER { 1459 port(1), 1460 vlan(2), 1461 merge(3) 1462 } 1463 MAX-ACCESS read-write 1464 STATUS current 1465 DESCRIPTION 1466 "The security ACL configuration mode for an interface. 1467 1468 Setting this variable to the value port(1) will cause the 1469 packets (L3 forwarded packets and L2 packets) arriving at that 1470 interface to be filtered based on the ACL mapped to that 1471 interface. 1472 1473 Setting this variable to the value vlan(2) will cause the 1474 packets (L3 forwarded packets and L2 packets) arriving at that 1475 access interface to be filtered based on two ACL(the router's 1476 ACL and the ACL of the VLAN to which the interface belongs). 1477 If it is a trunking interface, the vlan-tag packets will be 1478 filtered based on the ACL of the tag-vlan. 1479 1480 Setting this variable to the value merge(3) will merge the 1481 physical interface ACL, the VLAN ACL and the router ACL 1482 together to emulate the logical serial model shown below. 1483 1484 L3 only 1485 Port ACL -> VLAN ACL -> Router ACL -> Router ACL -> VLAN ACL 1486 physical ingress ingress egress egress 1487 interface" 1488 ::= { caqIfSecurityAclConfigEntry 1 } 1489 1490 1491-- 1492-- The caqIpOperClassifierTable 1493-- 1494 1495caqIpOperClassifierTable OBJECT-TYPE 1496 SYNTAX SEQUENCE OF CaqIpOperClassifierEntry 1497 MAX-ACCESS not-accessible 1498 STATUS current 1499 DESCRIPTION 1500 "This table identifies which operational IP ACLs are in use 1501 on which interfaces." 1502 ::= { caqInterfaceObjects 4 } 1503 1504caqIpOperClassifierEntry OBJECT-TYPE 1505 SYNTAX CaqIpOperClassifierEntry 1506 MAX-ACCESS not-accessible 1507 STATUS current 1508 DESCRIPTION 1509 "An entry in this table identifies operational IP ACLs that 1510 are currently in use on a particular interface. An interface 1511 can be a physical port or a VLAN." 1512 INDEX { ifIndex, caqIpOperAclFeature } 1513 ::= { caqIpOperClassifierTable 1 } 1514 1515CaqIpOperClassifierEntry ::= SEQUENCE { 1516 caqIpOperAclFeature INTEGER, 1517 caqIpOperAclName SnmpAdminString, 1518 caqIpOperAclMapSource BITS 1519} 1520 1521caqIpOperAclFeature OBJECT-TYPE 1522 SYNTAX INTEGER { 1523 ingressIpQos(1), 1524 egressIpQos(2), 1525 ipSecurity(3) 1526 } 1527 MAX-ACCESS not-accessible 1528 STATUS current 1529 DESCRIPTION 1530 "An index indicates the feature to which the operational 1531 IP ACLs mapped at this interface are applied. 1532 1533 'ingressIpQos' indicates the ACL mapped at this interface 1534 is used to classify ingress IP traffic for QoS feature. 1535 1536 'egressIpQos' indicates the ACL mapped at this interface 1537 is used to classify egress IP traffic for QoS feature. 1538 1539 'ipSecurity' indicates the ACL mapped at this interface 1540 is used to classify IP traffic for security feature." 1541 ::= { caqIpOperClassifierEntry 1 } 1542 1543caqIpOperAclName OBJECT-TYPE 1544 SYNTAX SnmpAdminString 1545 MAX-ACCESS read-only 1546 STATUS current 1547 DESCRIPTION 1548 "This object indicates the name of an operational IP ACL 1549 which is mapped at this interface to classify IP traffic 1550 for feature denoted by caqIpOperAclFeature object." 1551 ::= { caqIpOperClassifierEntry 2 } 1552 1553caqIpOperAclMapSource OBJECT-TYPE 1554 SYNTAX BITS { 1555 configured(0), 1556 dot1x(1), 1557 macAuth(2), 1558 webAuth(3), 1559 eou(4) 1560 } 1561 MAX-ACCESS read-only 1562 STATUS current 1563 DESCRIPTION 1564 "This object indicates the sources that map the operational 1565 IP ACLs at this interface. 1566 1567 'configured' indicates that the ACL mapping is introduced 1568 by manual configuration through CLI or an NMS application. 1569 1570 'dot1x' indicates that the ACL mapping is introduced by 1571 the operation of 802.1x feature. 1572 1573 'macAuth' indicates that the ACL mapping is introduced by 1574 the operation of Mac Authentication Bypass feature. 1575 1576 'webAuth' indicates that the ACL mapping is introduced by 1577 the operation of Web Authentication feature. 1578 1579 'eou' indicates that the ACL mapping is introduced by 1580 the operation of Extensible Authentication Protocol over 1581 UDP (EOU) feature." 1582 ::= { caqIpOperClassifierEntry 3 } 1583 1584-- 1585-- The caqDownloadClassifierTable 1586-- 1587 1588caqDownloadClassifierTable OBJECT-TYPE 1589 SYNTAX SEQUENCE OF CaqDownloadClassifierEntry 1590 MAX-ACCESS not-accessible 1591 STATUS current 1592 DESCRIPTION 1593 "This table identifies ACLs assignment to capable 1594 interface which is downloaded using different 1595 security features." 1596 ::= { caqInterfaceObjects 5 } 1597 1598caqDownloadClassifierEntry OBJECT-TYPE 1599 SYNTAX CaqDownloadClassifierEntry 1600 MAX-ACCESS not-accessible 1601 STATUS current 1602 DESCRIPTION 1603 "An entry identifies ACLs assignment on a capable 1604 physical interface." 1605 INDEX { ifIndex, caqDownloadAclFeature } 1606 ::= { caqDownloadClassifierTable 1 } 1607 1608CaqDownloadClassifierEntry ::= SEQUENCE { 1609 caqDownloadAclFeature INTEGER, 1610 caqDownloadClassifierAclName CaqAclName, 1611 caqDownloadMapSource INTEGER, 1612 caqDownloadAclType INTEGER 1613} 1614 1615caqDownloadAclFeature OBJECT-TYPE 1616 SYNTAX INTEGER { 1617 ingressIpQos(1), 1618 egressIpQos(2), 1619 ipSecurity(3) 1620 } 1621 MAX-ACCESS not-accessible 1622 STATUS current 1623 DESCRIPTION 1624 "This object indicates the feature that ACLs mapped 1625 at this interface is used for. 1626 1627 'ingressIpQos' indicates the ACL mapped at this interface 1628 is used to classify ingress IP traffic for QoS feature. 1629 1630 'egressIpQos' indicates the ACL mapped at this interface 1631 is used to classify egress IP traffic for QoS feature. 1632 1633 'ipSecurity' indicates the ACL mapped at this interface 1634 is used to classify IP traffic for security feature." 1635 ::= { caqDownloadClassifierEntry 1 } 1636 1637caqDownloadClassifierAclName OBJECT-TYPE 1638 SYNTAX CaqAclName 1639 MAX-ACCESS read-only 1640 STATUS current 1641 DESCRIPTION 1642 "This object indicates the ACL name mapped to this 1643 interface to classify traffic for a specific feature 1644 denoted by the corresponding caqDownloadAclFeature." 1645 ::= { caqDownloadClassifierEntry 2 } 1646 1647caqDownloadMapSource OBJECT-TYPE 1648 SYNTAX INTEGER { 1649 dot1x(1), 1650 macAuth(2) 1651 } 1652 MAX-ACCESS read-only 1653 STATUS current 1654 DESCRIPTION 1655 "This object indicates the source that maps the ACLs at this 1656 interface. 1657 1658 'dot1x' indicates that the ACL mapping is introduced by 1659 the operation of 802.1x feature. 1660 1661 'macAuth' indicates that the ACL mapping is introduced by 1662 the operation of Mac Authentication Bypass feature." 1663 ::= { caqDownloadClassifierEntry 3 } 1664 1665caqDownloadAclType OBJECT-TYPE 1666 SYNTAX INTEGER { pacl(1), vacl(2) } 1667 MAX-ACCESS read-only 1668 STATUS current 1669 DESCRIPTION 1670 "This object indicates the type of the ACL. 1671 1672 'pacl' indicates this is a port-based ACL. 1673 'vacl' indicates this is a VLAN-based ACL." 1674 ::= { caqDownloadClassifierEntry 4 } 1675 1676--********************************************************************** 1677-- Cisco CatOS Acl Qos Acl Group 1678--********************************************************************** 1679-- 1680-- 1681 1682caqAclCapabilities OBJECT-TYPE 1683 SYNTAX BITS { 1684 ipQos(0), 1685 ipxQos(1), 1686 macQos(2), 1687 ipSecurity(3), 1688 ipxSecurity(4), 1689 macSecurity(5) } 1690 MAX-ACCESS read-only 1691 STATUS current 1692 DESCRIPTION 1693 "Indicates what ACL capabilities are supported on the device. 1694 An ACL belongs to one of the following types: IP, IPX and MAC. 1695 Furthermore, an ACL can be used for either QoS or Security 1696 feature. 1697 1698 If ipQos(0) bit is turned on, caqIpAceTable can be instantiated 1699 for Qos feature, otherwise it can not. 1700 1701 If ipxQos(1) bit is turned on, caqIpxAceTable can be 1702 instantiated for Qos feature, otherwise it can not. 1703 1704 If macQos(2) bit is turned on, caqMacAceTable can be 1705 instantiated for Qos feature, otherwise it can not. 1706 1707 If ipSecurity(3) bit is turned on, caqIpAceTable can be 1708 instantiated for Security feature, otherwise it can not. 1709 1710 If ipxSecurity(4) bit is turned on, caqIpxAceTable can be 1711 instantiated for Security feature, otherwise it can not. 1712 1713 If macSecurity(5) bit is turned on, caqMacAceTable can be 1714 instantiated for Security feature, otherwise it can not." 1715 ::= { caqAclObjects 1 } 1716 1717 1718-- 1719-- caqIpAceTable 1720-- 1721 1722caqIpAceTable OBJECT-TYPE 1723 SYNTAX SEQUENCE OF CaqIpAceEntry 1724 MAX-ACCESS not-accessible 1725 STATUS current 1726 DESCRIPTION 1727 "This table contains a list of IP ACEs. Each ACE consists of 1728 a filter specification and behavior associated with it which 1729 describes what action to carry out on packets which match. 1730 1731 An ACL is defined as the set of ACEs of the same type (all 1732 QoS, or all Security). Within a feature (qos or security), 1733 each ACE is named by a combination of an AclName and an ACE 1734 index, such that all the ACEs which are named using the same 1735 AclName are part of the same ACL." 1736 ::= { caqAclObjects 2 } 1737 1738caqIpAceEntry OBJECT-TYPE 1739 SYNTAX CaqIpAceEntry 1740 MAX-ACCESS not-accessible 1741 STATUS current 1742 DESCRIPTION 1743 "An entry defines an ACE, consisting of a set of match 1744 criteria. For a packet to match an entry, it has to match 1745 all the criteria specified in that entry." 1746 INDEX { caqIpAceFeature, caqIpAclName, caqIpAceIndex } 1747 ::= { caqIpAceTable 1 } 1748 1749CaqIpAceEntry ::= SEQUENCE { 1750 caqIpAceFeature INTEGER, 1751 caqIpAclName CaqAclName, 1752 caqIpAceIndex Unsigned32, 1753 caqIpAceMatchedAction Unsigned32, 1754 caqIpAceProtocolType Unsigned32, 1755 caqIpAceAddrType InetAddressType, 1756 caqIpAceSrcIp InetAddress, 1757 caqIpAceSrcIpMask InetAddress, 1758 caqIpAceSrcPortOp INTEGER, 1759 caqIpAceSrcPort Unsigned32, 1760 caqIpAceSrcPortRange Unsigned32, 1761 caqIpAceDestIp InetAddress, 1762 caqIpAceDestIpMask InetAddress, 1763 caqIpAceDestPortOp INTEGER, 1764 caqIpAceDestPort Unsigned32, 1765 caqIpAceDestPortRange Unsigned32, 1766 caqIpAceTosMatchCriteria INTEGER, 1767 caqIpAceIpPrec CaqIpPrecedence, 1768 caqIpAceDscp Dscp, 1769 caqIpAceProtocolMatchCriteria INTEGER, 1770 caqIpAceIcmpType Unsigned32, 1771 caqIpAceIcmpCode Unsigned32, 1772 caqIpAceIgmpType Unsigned32, 1773 caqIpAceOrderPosition Unsigned32, 1774 caqIpAceBeforePosition Unsigned32, 1775 caqIpAceStatus RowStatus, 1776 caqIpAceSecurityId Unsigned32, 1777 caqIpAceSrcGroup SnmpAdminString, 1778 caqIpAceDestGroup SnmpAdminString, 1779 caqIpAceType INTEGER 1780} 1781 1782caqIpAceFeature OBJECT-TYPE 1783 SYNTAX INTEGER { qos(1), security(2) } 1784 MAX-ACCESS not-accessible 1785 STATUS current 1786 DESCRIPTION 1787 "Indicates whether this entry is a Qos ACL or Security ACL. 1788 ACEs belongs to the same ACL should have the same value 1789 for this object." 1790 ::= { caqIpAceEntry 1 } 1791 1792caqIpAclName OBJECT-TYPE 1793 SYNTAX CaqAclName 1794 MAX-ACCESS not-accessible 1795 STATUS current 1796 DESCRIPTION 1797 "The name of an ACL. Within a feature (qos or security), the 1798 name is unique across all of the ACL tables that identifies 1799 the list to which the entry belongs in the device." 1800 ::= { caqIpAceEntry 2 } 1801 1802caqIpAceIndex OBJECT-TYPE 1803 SYNTAX Unsigned32 (1..65535) 1804 MAX-ACCESS not-accessible 1805 STATUS current 1806 DESCRIPTION 1807 "The index of an ACE within an ACL." 1808 ::= { caqIpAceEntry 3 } 1809 1810caqIpAceMatchedAction OBJECT-TYPE 1811 SYNTAX Unsigned32 (1..65535) 1812 MAX-ACCESS read-create 1813 STATUS current 1814 DESCRIPTION 1815 "Indicates the action to be taken if a packet matches this ACE. 1816 If the value of this ACE's caqIpAceFeature object is: 'qos(1)', 1817 then this object contains the index of an active row in 1818 caqQosActionSelectTable. If the value of this ACE's 1819 caqIpAceFeature object is: 'security(2)', then this object 1820 contains the index of an active row in caqSecurityActionTable." 1821 ::= { caqIpAceEntry 4 } 1822 1823caqIpAceProtocolType OBJECT-TYPE 1824 SYNTAX Unsigned32 (0..255) 1825 MAX-ACCESS read-create 1826 STATUS current 1827 DESCRIPTION 1828 "The protocol number field in the IP header used to indicate 1829 the higher layer protocol as specified in RFC 1700. A value 1830 value of 0 matches every IP packet. 1831 1832 For example : 1833 0 is IP, 1 is ICMP, 2 is IGMP, 4 is IP in IP encapsulation, 1834 6 is TCP, 9 is IGRP, 17 is UDP, 47 is GRE, 50 is ESP, 51 is AH, 1835 88 is IGRP, 89 is OSPF, 94 is KA9Q/NOS compatible IP over IP, 1836 103 is PIMv2, 108 is PCP." 1837 REFERENCE 1838 "RFC 1700, Assigned Numbers." 1839 DEFVAL { 0 } -- IP 1840 ::= { caqIpAceEntry 5 } 1841 1842caqIpAceAddrType OBJECT-TYPE 1843 SYNTAX InetAddressType 1844 MAX-ACCESS read-only 1845 STATUS current 1846 DESCRIPTION 1847 "The type of IP address used by this ACE entry." 1848 ::= { caqIpAceEntry 6 } 1849 1850caqIpAceSrcIp OBJECT-TYPE 1851 SYNTAX InetAddress 1852 MAX-ACCESS read-create 1853 STATUS current 1854 DESCRIPTION 1855 "The specified source IP address. The packet's source address is 1856 AND-ed with the value of caqIpAceSrcIpMask and then compared 1857 against the value of this object. If this object value is 1858 0.0.0.0, and the value of caqIpAceSrcIpMask object in the same 1859 entry is 255.255.255.255, this entry matches any source IP 1860 address." 1861 ::= { caqIpAceEntry 7 } 1862 1863caqIpAceSrcIpMask OBJECT-TYPE 1864 SYNTAX InetAddress 1865 MAX-ACCESS read-create 1866 STATUS current 1867 DESCRIPTION 1868 "The specified source IP address mask." 1869 ::= { caqIpAceEntry 8 } 1870 1871caqIpAceSrcPortOp OBJECT-TYPE 1872 SYNTAX INTEGER { noOperator(1), lt(2), gt(3), 1873 eq(4), neq(5), range(6) } 1874 MAX-ACCESS read-create 1875 STATUS current 1876 DESCRIPTION 1877 "Indicates how a packet's source TCP/UDP port number is 1878 to be compared. 1879 1880 If the caqIpAceProtocolType object in the same row does not 1881 indicate TCP or UDP, this object has to be 'noOperator(1)' and 1882 cannot be changed while this row is active, i.e., the value of 1883 caqIpAceStatus in the same row has the value 'active(1)'. 1884 1885 'noOperator(1)', which is the default value, means that no 1886 comparison is to be made with the source TCP/UDP port number. 1887 1888 lt(2) means less than, gt(3) means greater than, eq(4) 1889 means equal, neq(5) means not equal. Those 4 operators 1890 are using the caqIpAceSrcPort object as an operand which 1891 is the only one needed. 1892 1893 range(6) means that it compares the port value between two 1894 numbers, so this operator needs 2 operands. One operand is 1895 the starting port number of the range which is caqIpAceSrcPort 1896 object, and the other operand is the ending port number of the 1897 range which the caqIpAceSrcPortRange object is in." 1898 DEFVAL { noOperator } 1899 ::= { caqIpAceEntry 9 } 1900 1901caqIpAceSrcPort OBJECT-TYPE 1902 SYNTAX Unsigned32 (0..65535) 1903 MAX-ACCESS read-create 1904 STATUS current 1905 DESCRIPTION 1906 "The source port number of the TCP or UDP protocol. If the 1907 caqIpAceSrcPortOp object in the same row is range(6), this 1908 object will be the starting port number of the port range. 1909 This object cannot be configured if caqIpAceStatus in the 1910 same row is active(1) or caqIpAceSrcPortOp in the same row 1911 is noOperator(1)." 1912 ::= { caqIpAceEntry 10 } 1913 1914caqIpAceSrcPortRange OBJECT-TYPE 1915 SYNTAX Unsigned32 (0..65535) 1916 MAX-ACCESS read-create 1917 STATUS current 1918 DESCRIPTION 1919 "The source port number of the TCP or UDP protocol. If the 1920 caqIpAceSrcPortOp object in the same row is range(6), this 1921 object will be the ending port number of the port range. 1922 This object cannot be configured if caqIpAceStatus in the 1923 same row is active(1) or caqIpAceSrcPortOp in the same row 1924 is not range(6)." 1925 ::= { caqIpAceEntry 11 } 1926 1927caqIpAceDestIp OBJECT-TYPE 1928 SYNTAX InetAddress 1929 MAX-ACCESS read-create 1930 STATUS current 1931 DESCRIPTION 1932 "The specified destination IP address. The packet's destination 1933 address is AND-ed with the value of caqIpAceDestIpMask and then 1934 compared against the value of this object. If this object value 1935 is 0.0.0.0 and the value of caqIpAceDestIpMask object in the 1936 same entry is 255.255.255.255, this entry matches any 1937 destination IP address." 1938 DEFVAL { '00000000'H } -- 0.0.0.0 1939 ::= { caqIpAceEntry 12 } 1940 1941caqIpAceDestIpMask OBJECT-TYPE 1942 SYNTAX InetAddress 1943 MAX-ACCESS read-create 1944 STATUS current 1945 DESCRIPTION 1946 "The specified destination IP address mask." 1947 DEFVAL { 'FFFFFFFF'H } -- 255.255.255.255 1948 ::= { caqIpAceEntry 13 } 1949 1950caqIpAceDestPortOp OBJECT-TYPE 1951 SYNTAX INTEGER { noOperator(1), lt(2), gt(3), 1952 eq(4), neq(5), range(6) } 1953 MAX-ACCESS read-create 1954 STATUS current 1955 DESCRIPTION 1956 "Indicates how a packet's destination TCP/UDP port number is 1957 to be compared. 1958 1959 If the caqIpAceProtocolType object in the same row does not 1960 indicate TCP or UDP, this object has to be 'noOperator(1)' and 1961 cannot be changed while this row is active, i.e., the value of 1962 caqIpAceStatus in the same row has the value 'active(1)'. 1963 1964 'noOperator(1)', which is the default value, means that no 1965 comparison is to be made with the destination TCP/UDP port 1966 number. 1967 1968 lt(2) means less than. 1969 1970 gt(3) means greater than. 1971 1972 eq(4) means equal. 1973 1974 neq(5) means not equal. Those 4 operators are using the 1975 caqIpAceDestPort object as an operand which is the only one 1976 needed. 1977 1978 range(6) means that it compares the port value between two 1979 numbers, so this operator needs 2 operands. One operand is the 1980 starting port number of the range which is caqIpAceDestPort 1981 object, and the other operand is the ending port number 1982 of the range which the caqIpAceDestPortRange object is in." 1983 DEFVAL { noOperator } 1984 ::= { caqIpAceEntry 14 } 1985 1986caqIpAceDestPort OBJECT-TYPE 1987 SYNTAX Unsigned32 (0..65535) 1988 MAX-ACCESS read-create 1989 STATUS current 1990 DESCRIPTION 1991 "The destination port number of the TCP or UDP protocol. 1992 If the caqIpAceDestPortOp object in the same row is range(6), 1993 this object will be the starting port number of the port range. 1994 This object cannot be configured if caqIpAceStatus in the 1995 same row is active(1) or caqIpAceDestPortOp in the same row 1996 is noOperator(1)." 1997 ::= { caqIpAceEntry 15 } 1998 1999caqIpAceDestPortRange OBJECT-TYPE 2000 SYNTAX Unsigned32 (0..65535) 2001 MAX-ACCESS read-create 2002 STATUS current 2003 DESCRIPTION 2004 "The destination port number of the TCP or UDP protocol. 2005 If the caqIpAceDestPortOp object in the same row is range(6), 2006 this object will be the ending port number of the port range. 2007 This object cannot be configured if caqIpAceStatus in the 2008 same row is active(1) or caqIpAceDestPortOp in the same row 2009 is not range(6)." 2010 ::= { caqIpAceEntry 16 } 2011 2012caqIpAceTosMatchCriteria OBJECT-TYPE 2013 SYNTAX INTEGER { 2014 none(1), 2015 matchDscp(2), 2016 matchIpPrec(3) 2017 } 2018 MAX-ACCESS read-create 2019 STATUS current 2020 DESCRIPTION 2021 "Indicates what field of Tos octet in the packet header 2022 to be matched. 2023 2024 none(1) means that there is no need to match the ToS octet. 2025 2026 matchDscp(2) means that the DSCP value of packet header need 2027 to be matched. If this value is specified, the caqIpAceDscp 2028 object in the same row should be configured. 2029 2030 matchIpPrec(3) means that the IpPrecedence value of packet 2031 header need to be matched. If this value is specifed, the 2032 caqIpAceIpPrec object in the same row should be configured." 2033 DEFVAL { none } 2034 ::= { caqIpAceEntry 17 } 2035 2036caqIpAceIpPrec OBJECT-TYPE 2037 SYNTAX CaqIpPrecedence 2038 MAX-ACCESS read-create 2039 STATUS current 2040 DESCRIPTION 2041 "Specifies the IP precedence value to be matched against. 2042 This object could not be configured when the status of the 2043 entry, caqIpAceStatus, is active(1). 2044 2045 The value of this object is ignored whenever the value of 2046 caqIpAceTosMatchCritial object is not matchIpPrec(3)." 2047 DEFVAL { 0 } 2048 ::= { caqIpAceEntry 18 } 2049 2050caqIpAceDscp OBJECT-TYPE 2051 SYNTAX Dscp 2052 MAX-ACCESS read-create 2053 STATUS current 2054 DESCRIPTION 2055 "Specifies the Dscp value to be matched against. 2056 This object could not be configured when the status of the 2057 entry, caqIpAceStatus, is active(1). Packets can be matched 2058 the DSCP level from 0 to 63. 2059 2060 The value of this object is ignored whenever the value of 2061 caqIpAceTosMatchCritial object is not matchDscp(2)." 2062 DEFVAL { 0 } 2063 ::= { caqIpAceEntry 19 } 2064 2065caqIpAceProtocolMatchCriteria OBJECT-TYPE 2066 SYNTAX INTEGER { 2067 none(1), 2068 matchIgmpType(2), 2069 matchIcmpType(3), 2070 matchIcmpTypeAndCode(4), 2071 matchEstablished(5), 2072 matchSecurityId(6), 2073 matchEapoudp(7), 2074 matchUrlRedirect(8) 2075 } 2076 MAX-ACCESS read-create 2077 STATUS current 2078 DESCRIPTION 2079 "Indicates what field in the packet header for ICMP or IGMP 2080 or TCP protocol or IPv4 ESP (Enscrypted Security Payload) 2081 to be matched. 2082 2083 none(1) = no comparison is to be done for ICMP/IGMP/TCP/ESP. 2084 2085 matchIgmpType(2) means that the Type field of IGMP protocol 2086 packet header needs to be matched. If this value is specified, 2087 the caqIpAceIgmpType object in the same row should be 2088 configured. 2089 2090 matchIcmpType(3) means that the Type field of ICMP protocol 2091 packet header needs to be matched. If this value is specified, 2092 the caqIpAceIcmpType object in the same row should be 2093 configured. 2094 2095 matchIcmpTypeAndCode(4) means that both the Type and Code 2096 fields of ICMP protocol packet header need to be matched. 2097 If this value is specified, the caqIpAceIcmpType and 2098 caqIpAceIcmpCode object in the same row should be configured. 2099 2100 matchEstablished(5) means that a match occurs if the TCP packet 2101 has the ACK or RST bits set. The non matching case is that of 2102 the intial TCP packet to form a connection. 2103 2104 matchSecurityId(6) means that the Security Association 2105 Identifier field of IPv4 ESP packet header needs to be matched. 2106 If this value is specified, the caqIpAceSecurityId object in 2107 the same row should be configured. 2108 2109 matchEapoudp(7) means that this ACE needs to be matched 2110 against the criteria for EAP (Extensible Authentication 2111 Protocol) over UDP purpose. 2112 2113 matchUrlRedirect(8) means that this ACE needs to be matched 2114 against the criteria for URL redirection purpose." 2115 DEFVAL { none } 2116 ::= { caqIpAceEntry 20 } 2117 2118caqIpAceIcmpType OBJECT-TYPE 2119 SYNTAX Unsigned32 (0..255) 2120 MAX-ACCESS read-create 2121 STATUS current 2122 DESCRIPTION 2123 "Indicates the message type of ICMP packets. The type is 2124 a number from 0 to 255. 2125 2126 The value of this object is ignored whenever the value of 2127 caqIpAceProtocolMatchCritial object is not matchIcmpType(3) or 2128 matchIcmpTypeAndCode(4)." 2129 DEFVAL { 0 } 2130 ::= { caqIpAceEntry 21 } 2131 2132caqIpAceIcmpCode OBJECT-TYPE 2133 SYNTAX Unsigned32 (0..255) 2134 MAX-ACCESS read-create 2135 STATUS current 2136 DESCRIPTION 2137 "Indicates the message code of ICMP packets. The code is 2138 a number from 0 to 255. 2139 2140 The value of this object is ignored whenever the value of 2141 caqIpAceProtocolMatchCritial object is not 2142 matchIcmpTypeAndCode(4)." 2143 DEFVAL { 0 } 2144 ::= { caqIpAceEntry 22 } 2145 2146caqIpAceIgmpType OBJECT-TYPE 2147 SYNTAX Unsigned32 (0..15) 2148 MAX-ACCESS read-create 2149 STATUS current 2150 DESCRIPTION 2151 "Indicates the message type of IGMP packets. The code is 2152 a number from 0 to 15. 2153 2154 The value of this object is ignored whenever the value of 2155 caqIpAceProtocolMatchCritial object is not matchIgmpType(2)." 2156 DEFVAL { 0 } 2157 ::= { caqIpAceEntry 23 } 2158 2159caqIpAceOrderPosition OBJECT-TYPE 2160 SYNTAX Unsigned32 (0..65535) 2161 MAX-ACCESS read-only 2162 STATUS current 2163 DESCRIPTION 2164 "The ordering position of this ACE in the ACL. If this entry 2165 is not in active(1) state, this object has value of 0." 2166 ::= { caqIpAceEntry 24 } 2167 2168caqIpAceBeforePosition OBJECT-TYPE 2169 SYNTAX Unsigned32 (0..65535) 2170 MAX-ACCESS read-create 2171 STATUS current 2172 DESCRIPTION 2173 "The object is to control the position of an ACE in the ACL. 2174 Indicates the order position of a new ACE before an active ACE 2175 which is already in the ACL. It means that the new ACE will 2176 replace the position of the ACE which the object specifies. 2177 2178 For example, if there are 6 ACEs in an ACL, so the positions 2179 of those 6 ACEs will be 1, 2, 3, 4, 5, 6. If the user would 2180 like to add a new ACE and specifies 4 to be the value of 2181 this object, the old ACEs in positions, 4, 5, 6 will become 2182 5, 6, 7 while the entry containing the new ACE is active. 2183 Be careful, for example, if the user would like to move an ACE 2184 whose position is 2 to before the ACE whose position is 5. He 2185 put the status of that entry to in-active and the position order 2186 will be 1, 2, 3, 4, 5. The old ACEs in positions 3, 4, 5, 6 2187 becomes 2, 3, 4, 5. So, the user has to specify the object to 4, 2188 because the ACE in old position 5 has been moved to position 4. 2189 2190 If not specified, the default value 0 will be used. And the 2191 new ACE is appended to the end of the ACL. 0 will be always 2192 returned if the status of this row is active. If the entry 2193 is from active(1) to notInService(2), this object should have 2194 default value." 2195 DEFVAL { 0 } 2196 ::= { caqIpAceEntry 25 } 2197 2198caqIpAceStatus OBJECT-TYPE 2199 SYNTAX RowStatus 2200 MAX-ACCESS read-create 2201 STATUS current 2202 DESCRIPTION 2203 "The status of this IP ACE conceptual row entry. This object is 2204 used to manage creation, deletion and modification of rows in 2205 this table. 2206 2207 An entry may not exist in the active state unless all objects 2208 in the entry have an appropriate value. Especially, it cannot 2209 be in active state unless the caqIpAceMatchedAction object in 2210 the entry point to an active entry (i.e its RowStatus object is 2211 active(1)) in the caqQosActionSelectTable or 2212 caqSecurityActionTable. Once a row becomes active, value in any 2213 other column within such row cannot be modified. 2214 2215 If this row is the only ACE in an ACL and the value of its 2216 caqIpAclName object matches the value of caqClassifierAclName 2217 object in any active entry of the caqClassifierTable, removing 2218 this entry will also remove the associated entry in the 2219 caqClassifierTable. 2220 2221 If the value of caqIpAceType in this row is 'systemGenerated', 2222 this row cannot be deleted or modified." 2223 ::= { caqIpAceEntry 26 } 2224 2225caqIpAceSecurityId OBJECT-TYPE 2226 SYNTAX Unsigned32 (0 |4..233) 2227 MAX-ACCESS read-create 2228 STATUS current 2229 DESCRIPTION 2230 "Indicates the Security Association Identifier of IPv4 ESP 2231 packets. 2232 2233 The value of this object is ignored whenever the value of 2234 caqIpAceProtocolMatchCritial object is not matchSecurityId(6)." 2235 DEFVAL { 0 } 2236 ::= { caqIpAceEntry 27 } 2237 2238caqIpAceSrcGroup OBJECT-TYPE 2239 SYNTAX SnmpAdminString 2240 MAX-ACCESS read-create 2241 STATUS current 2242 DESCRIPTION 2243 "Indicates the source group name which the source IP address 2244 in the IP packet header belongs to. If this object is 2245 configured, the value of caqIpAceProtocolType object in the 2246 same row will have the value of 0." 2247 DEFVAL { "" } 2248 ::= { caqIpAceEntry 28 } 2249 2250caqIpAceDestGroup OBJECT-TYPE 2251 SYNTAX SnmpAdminString 2252 MAX-ACCESS read-create 2253 STATUS current 2254 DESCRIPTION 2255 "Indicates the destination group name which the destination 2256 IP address in the IP packet header belongs to. If this object 2257 is configured, the value of caqIpAceProtocolType object in 2258 the same row will have the value of 0." 2259 DEFVAL { "" } 2260 ::= { caqIpAceEntry 29 } 2261 2262caqIpAceType OBJECT-TYPE 2263 SYNTAX INTEGER { configured(1), systemGenerated(2) } 2264 MAX-ACCESS read-only 2265 STATUS current 2266 DESCRIPTION 2267 "Indicates the ACE type." 2268 ::= { caqIpAceEntry 30 } 2269 2270-- 2271-- caqIpxAceTable 2272-- 2273 2274caqIpxAceTable OBJECT-TYPE 2275 SYNTAX SEQUENCE OF CaqIpxAceEntry 2276 MAX-ACCESS not-accessible 2277 STATUS current 2278 DESCRIPTION 2279 "This table contains a list of IPX ACEs. Each ACE consists of 2280 a filter specification and behavior associated with it which 2281 describes what action to carry out on packets which match. 2282 2283 An ACL is defined as the set of ACEs of the same type (all 2284 QoS, or all Security). Within each feature (qos or security), 2285 each ACE is named by a combination of an AclName and an ACE 2286 index, such that all the ACEs which are named using the same 2287 AclName are part of the same ACL. This table is instantiated 2288 only if the ipxQos bit or ipxSecurity bit of caqAclCapabilities 2289 object is turned on." 2290 ::= { caqAclObjects 3 } 2291 2292caqIpxAceEntry OBJECT-TYPE 2293 SYNTAX CaqIpxAceEntry 2294 MAX-ACCESS not-accessible 2295 STATUS current 2296 DESCRIPTION 2297 "Each entry of caqIpxAceTable consists of a set of match 2298 creteria. For a IPX flow to match an entry, it has to match 2299 all the conditions specified in that entry." 2300 INDEX { caqIpxAceFeature, caqIpxAclName , caqIpxAceIndex } 2301 ::= { caqIpxAceTable 1 } 2302 2303CaqIpxAceEntry ::= SEQUENCE { 2304 caqIpxAceFeature INTEGER, 2305 caqIpxAclName CaqAclName, 2306 caqIpxAceIndex Unsigned32, 2307 caqIpxAceMatchedAction Unsigned32, 2308 caqIpxAceSrcNet OCTET STRING, 2309 caqIpxAceDestMatchCriteria BITS, 2310 caqIpxAceProtocolType Unsigned32, 2311 caqIpxAceDestNet OCTET STRING, 2312 caqIpxAceDestNode OCTET STRING, 2313 caqIpxAceDestNetMask OCTET STRING, 2314 caqIpxAceDestNodeMask OCTET STRING, 2315 caqIpxAceOrderPosition Unsigned32, 2316 caqIpxAceBeforePosition Unsigned32, 2317 caqIpxAceStatus RowStatus 2318} 2319 2320caqIpxAceFeature OBJECT-TYPE 2321 SYNTAX INTEGER { qos(1), security(2) } 2322 MAX-ACCESS not-accessible 2323 STATUS current 2324 DESCRIPTION 2325 "Indicates whether this entry is a Qos ACL or Security ACL. 2326 ACEs belongs to the same ACL should have the same value 2327 for this object." 2328 ::= { caqIpxAceEntry 1 } 2329 2330caqIpxAclName OBJECT-TYPE 2331 SYNTAX CaqAclName 2332 MAX-ACCESS not-accessible 2333 STATUS current 2334 DESCRIPTION 2335 "The name of an ACL. Within a feature (qos or security), this 2336 name is unique across all of the ACL tables that identifies 2337 the list to which the entry belongs in the device." 2338 ::= { caqIpxAceEntry 2 } 2339 2340caqIpxAceIndex OBJECT-TYPE 2341 SYNTAX Unsigned32 (1..65535) 2342 MAX-ACCESS not-accessible 2343 STATUS current 2344 DESCRIPTION 2345 "The index of an IPX ACE within an ACL." 2346 ::= { caqIpxAceEntry 3 } 2347 2348caqIpxAceMatchedAction OBJECT-TYPE 2349 SYNTAX Unsigned32 (1..65535) 2350 MAX-ACCESS read-create 2351 STATUS current 2352 DESCRIPTION 2353 "Indicates the action to be taken if a packet matches this ACE. 2354 If the value of this ACE's caqIpxAceFeature object is: 'qos(1)', 2355 then this object contains the index of an active row in 2356 caqQosActionSelectTable. If the value of this ACE's 2357 caqIpxAceFeature object is: 'security(2)', then this object 2358 contains the index of an active row in caqSecurityActionTable." 2359 ::= { caqIpxAceEntry 4 } 2360 2361caqIpxAceSrcNet OBJECT-TYPE 2362 SYNTAX OCTET STRING (SIZE(4)) 2363 MAX-ACCESS read-create 2364 STATUS current 2365 DESCRIPTION 2366 "Indicates the source network from which the packet is 2367 being sent. This is a 32-bits value that uniquely identifies 2368 network cable segment in IPX protocol. 2369 A network number of 0xFFFFFFFF matches all networks." 2370 ::= { caqIpxAceEntry 5 } 2371 2372caqIpxAceDestMatchCriteria OBJECT-TYPE 2373 SYNTAX BITS { 2374 matchProtocol(0), 2375 matchIpxDestNet(1), 2376 matchIpxDestNode(2), 2377 matchIpxDestNetMask(3), 2378 matchIpxDestNodeMask(4) 2379 } 2380 MAX-ACCESS read-create 2381 STATUS current 2382 DESCRIPTION 2383 "Indicate which matches to be checked for the 2384 destination network of the flow. 2385 2386 matchProtocol(0) means that the flow protocol 2387 will be matched against the value specified by 2388 caqIpxAceProtocolType object in the same row. 2389 2390 matchIpxDestNet(1) means that the flow destination 2391 network will be matched against the value specified 2392 by caqIpxAceDestNet object in the same row. 2393 2394 matchIpxDestNode(2) means that the flow destination node 2395 will be matched against the value specified by 2396 caqIpxAceDestNode object in the same row. 2397 If this option bit is on, the matchIpxDestNet(1) bit has 2398 to be on also. 2399 2400 matchIpxDestNetMask(3) means that the packet's flow destination 2401 network will be AND-ed with the value specified by 2402 caqIpxAceDestNetMask object in the same row and then compared 2403 against the value of caqIpxAceDestNet object. 2404 2405 matchIpxDestNodeMask(4) means that the packet's flow 2406 destination node will be AND-ed with the value specified by 2407 caqIpxAceDestNodeMask object in the same row and then compared 2408 against the value of caqIpxAceDestNode object." 2409 DEFVAL { { } } 2410 ::= { caqIpxAceEntry 6 } 2411 2412caqIpxAceProtocolType OBJECT-TYPE 2413 SYNTAX Unsigned32 (0..255) 2414 MAX-ACCESS read-create 2415 STATUS current 2416 DESCRIPTION 2417 "The protocol number field in the IPX header used to indicate 2418 the higher layer protocol. It can be any, ncp, netbios, rip, 2419 sap or an integer between 0 to 255." 2420 REFERENCE 2421 "RFC 1700, Assigned Numbers." 2422 ::= { caqIpxAceEntry 7 } 2423 2424caqIpxAceDestNet OBJECT-TYPE 2425 SYNTAX OCTET STRING (SIZE(4)) 2426 MAX-ACCESS read-create 2427 STATUS current 2428 DESCRIPTION 2429 "Number of the destination network to which the packet 2430 is being sent. This is a 32-bit value that uniquely identifies 2431 the IPX network cable segment in IPX protocol. A network 2432 number of 0xFFFFFFFF matches all networks. 2433 2434 The value of this object is ignored whenever the 2435 matchIpxDestNet(1) and matchIpxDestNetMask(3) bits of 2436 caqIpxAceDestMatchCriteria object are not on." 2437 ::= { caqIpxAceEntry 8 } 2438 2439caqIpxAceDestNode OBJECT-TYPE 2440 SYNTAX OCTET STRING (SIZE (6)) 2441 MAX-ACCESS read-create 2442 STATUS current 2443 DESCRIPTION 2444 "Node on the destination network to which the packet is being 2445 sent. This is a 48 bits value. 2446 2447 The value of this object is ignored whenever the 2448 matchIpxDestNode(2) and matchIpxDestNodeMask(4) bits of 2449 caqIpxAceDestMatchCriteria object are not on." 2450 ::= { caqIpxAceEntry 9 } 2451 2452caqIpxAceDestNetMask OBJECT-TYPE 2453 SYNTAX OCTET STRING (SIZE(4)) 2454 MAX-ACCESS read-create 2455 STATUS current 2456 DESCRIPTION 2457 "Mask to be applied to the destination net. This is an 2458 32-bit value that has the same format as destination net. 2459 2460 The value of this object is ignored whenever the 2461 matchIpxDestNetMask(3) bit of caqIpxAceDestMatchCriteria 2462 object is not on." 2463 ::= { caqIpxAceEntry 10 } 2464 2465caqIpxAceDestNodeMask OBJECT-TYPE 2466 SYNTAX OCTET STRING (SIZE (6)) 2467 MAX-ACCESS read-create 2468 STATUS current 2469 DESCRIPTION 2470 "Mask to be applied to the destination node. This is a 48-bit 2471 value. 2472 2473 The value of this object is ignored whenever the 2474 matchIpxDestNodeMask(4) bit of caqIpxAceDestMatchCriteria 2475 object is not on." 2476 ::= { caqIpxAceEntry 11 } 2477 2478caqIpxAceOrderPosition OBJECT-TYPE 2479 SYNTAX Unsigned32 (0..65535) 2480 MAX-ACCESS read-only 2481 STATUS current 2482 DESCRIPTION 2483 "The ordering position of this ACE in the ACL. If this entry 2484 is not in active(1) state, this object has value of 0." 2485 ::= { caqIpxAceEntry 12 } 2486 2487caqIpxAceBeforePosition OBJECT-TYPE 2488 SYNTAX Unsigned32 (0..65535) 2489 MAX-ACCESS read-create 2490 STATUS current 2491 DESCRIPTION 2492 "The object is to control the position of an ACE in the ACL. 2493 Specifies the order position of a new ACE before an active ACE 2494 which is already in the ACL. It means that the new ACE will 2495 replace the position of the ACE which the object specifies. 2496 2497 For example, if there are 6 ACEs in an ACL, so the positions 2498 of those 6 ACEs will be 1, 2, 3, 4, 5, 6. If the user would 2499 like to add a new ACE and he specifies 4 to be the value of 2500 this object, the old ACEs in positions, 4, 5, 6 will become 2501 5, 6, 7 while the entry containing the new ACE is active. 2502 The removing is similar. Be careful, for example, if the 2503 user would like to move an ACE whose position is 2 to before 2504 the ACE whose position is 5. He put the status of that entry 2505 to in-active and the position order will be 1, 2, 3, 4, 5. 2506 The old ACEs in positions 3, 4, 5, 6 becomes 2, 3, 4, 5. So, 2507 the user has to specify the object to 4, because the ACE in 2508 old position 5 has been moved to position 4. 2509 2510 If not specified, the default value 0 will be used. And the 2511 new ACE is appended to the end of the ACL. 0 will be always 2512 returned if the status of this row is active. If the entry 2513 is from active(1) to notInService(2), this object should be 2514 default value." 2515 DEFVAL { 0 } 2516 ::= { caqIpxAceEntry 13 } 2517 2518 2519caqIpxAceStatus OBJECT-TYPE 2520 SYNTAX RowStatus 2521 MAX-ACCESS read-create 2522 STATUS current 2523 DESCRIPTION 2524 "The status of this IPX ACE conceptual row entry. This object 2525 is used to manage creation, deletion and modification of rows 2526 in this table. 2527 2528 An entry may not exist in the active state unless all objects 2529 in the entry have an appropriate value. Especially, it cannot 2530 be in active state unless the caqIpxAceMatchedAction object in 2531 the entry point to an active entry (i.e its RowStatus object is 2532 active(1)) in the caqQosActionSelectTable or 2533 caqSecurityActionTable. Once a row becomes active, value in any 2534 other column within such row cannot be modified. 2535 2536 If this row is the only ACE in an ACL and the value of its 2537 caqIpxAclName object matches the value of caqClassifierAclName 2538 object in any active entry of the caqClassifierTable, removing 2539 this entry will also remove the associated entry in the 2540 caqClassifierTable." 2541 ::= { caqIpxAceEntry 14 } 2542 2543-- 2544-- caqMacAceTable 2545-- 2546 2547caqMacAceTable OBJECT-TYPE 2548 SYNTAX SEQUENCE OF CaqMacAceEntry 2549 MAX-ACCESS not-accessible 2550 STATUS current 2551 DESCRIPTION 2552 "This table contains a list of MAC ACEs. Each ACE consists of 2553 a filter specification and behavior associated with it which 2554 describes what action to carry out on packets which match. 2555 2556 An ACL is defined as the set of ACEs of the same type (all 2557 QoS, or all Security). Within a feature (qos or security), each 2558 ACE is named by a combination of an AclName and an ACE index, 2559 such that all the ACEs which are named using the same AclName 2560 are part of the same ACL. This table is instantiated only if 2561 the macQos bit or macSecurity bit of caqAclCapabilities object 2562 is turned on." 2563 ::= { caqAclObjects 4 } 2564 2565caqMacAceEntry OBJECT-TYPE 2566 SYNTAX CaqMacAceEntry 2567 MAX-ACCESS not-accessible 2568 STATUS current 2569 DESCRIPTION 2570 "Each entry of caqMacAceTable consist of a set of match 2571 criteria. For a layer 2 flow to match an entry, it has to 2572 match all the conditions specified in that entry." 2573 INDEX { caqMacAceFeature, caqMacAclName, caqMacAceIndex } 2574 ::= { caqMacAceTable 1 } 2575 2576CaqMacAceEntry ::= SEQUENCE { 2577 caqMacAceFeature INTEGER, 2578 caqMacAclName CaqAclName, 2579 caqMacAceIndex Unsigned32, 2580 caqMacAceMatchedAction Unsigned32, 2581 caqMacAceSrcMac MacAddress, 2582 caqMacAceSrcMacMask MacAddress, 2583 caqMacAceDestMac MacAddress, 2584 caqMacAceDestMacMask MacAddress, 2585 caqMacAceEthertype Unsigned32, 2586 caqMacAceOrderPosition Unsigned32, 2587 caqMacAceBeforePosition Unsigned32, 2588 caqMacAceStatus RowStatus, 2589 caqMacAceMatchCriteria BITS, 2590 caqMacAceCos QosLayer2Cos, 2591 caqMacAceVlan VlanIndex 2592} 2593 2594caqMacAceFeature OBJECT-TYPE 2595 SYNTAX INTEGER { qos(1), security(2) } 2596 MAX-ACCESS not-accessible 2597 STATUS current 2598 DESCRIPTION 2599 "Indicates whether this entry is a Qos ACL or Security ACL." 2600 ::= { caqMacAceEntry 1 } 2601 2602caqMacAclName OBJECT-TYPE 2603 SYNTAX CaqAclName 2604 MAX-ACCESS not-accessible 2605 STATUS current 2606 DESCRIPTION 2607 "The name of an ACL. Within a feature (qos or security), this 2608 name is unique across all the ACL tables that identifies the 2609 list to which the entry belongs in the device." 2610 ::= { caqMacAceEntry 2 } 2611 2612caqMacAceIndex OBJECT-TYPE 2613 SYNTAX Unsigned32 (1..65535) 2614 MAX-ACCESS not-accessible 2615 STATUS current 2616 DESCRIPTION 2617 "The index of an Mac ACE within an ACL." 2618 ::= { caqMacAceEntry 3 } 2619 2620caqMacAceMatchedAction OBJECT-TYPE 2621 SYNTAX Unsigned32 (1..65535) 2622 MAX-ACCESS read-create 2623 STATUS current 2624 DESCRIPTION 2625 "Indicates the action to be taken if a packet matches this ACE. 2626 If the value of this ACE's caqMacAceFeature object is: 'qos(1)', 2627 then this object contains the index of an active row in 2628 caqQosActionSelectTable. If the value of this ACE's 2629 caqMacAceFeature object is: 'security(2)', then this object 2630 contains the index of an active row in caqSecurityActionTable." 2631 ::= { caqMacAceEntry 4 } 2632 2633caqMacAceSrcMac OBJECT-TYPE 2634 SYNTAX MacAddress 2635 MAX-ACCESS read-create 2636 STATUS current 2637 DESCRIPTION 2638 "Indicates the 48 bits source MAC address. The packet's source 2639 address is AND-ed with the value of caqMacAceSrcMacMask and then 2640 compared against the value of this object. If this object value 2641 is 00-00-00-00-00-00, and the value of caqMacAceSrcMacMask 2642 object in the same entry is ff-ff-ff-ff-ff-ff, this entry 2643 matches any source Mac address." 2644 ::= { caqMacAceEntry 5 } 2645 2646caqMacAceSrcMacMask OBJECT-TYPE 2647 SYNTAX MacAddress 2648 MAX-ACCESS read-create 2649 STATUS current 2650 DESCRIPTION 2651 "Indicates the 48 bit source MAC address mask." 2652 ::= { caqMacAceEntry 6 } 2653 2654caqMacAceDestMac OBJECT-TYPE 2655 SYNTAX MacAddress 2656 MAX-ACCESS read-create 2657 STATUS current 2658 DESCRIPTION 2659 "Indicates the 48 bits destination MAC address. The packet's 2660 destination address is AND-ed with the value of 2661 caqMacAceDestMacMask and then compared against the value of 2662 this object. If this object value is 00-00-00-00-00-00, and the 2663 value of caqMacAceDestMacMask object in the same entry is 2664 ff-ff-ff-ff-ff-ff, this entry matches any destionation Mac 2665 address." 2666 ::= { caqMacAceEntry 7 } 2667 2668caqMacAceDestMacMask OBJECT-TYPE 2669 SYNTAX MacAddress 2670 MAX-ACCESS read-create 2671 STATUS current 2672 DESCRIPTION 2673 "Indicates the 48 bit destination MAC address mask." 2674 ::= { caqMacAceEntry 8 } 2675 2676caqMacAceEthertype OBJECT-TYPE 2677 SYNTAX Unsigned32 ('0000'H..'FFFF'H) 2678 MAX-ACCESS read-create 2679 STATUS current 2680 DESCRIPTION 2681 "This 16-bit hexadecimal number indicates the matched Ethernet 2682 type. 0x0000 means any Ethernet type will be matched." 2683 REFERENCE 2684 "RFC 1700, Assigned Numbers." 2685 DEFVAL { '0000'H } 2686 ::= { caqMacAceEntry 9 } 2687 2688caqMacAceOrderPosition OBJECT-TYPE 2689 SYNTAX Unsigned32 (0..65535) 2690 MAX-ACCESS read-only 2691 STATUS current 2692 DESCRIPTION 2693 "The ordering position of this ACE in the ACL. If this entry 2694 is not in active(1) state, this object has value of 0." 2695 ::= { caqMacAceEntry 10 } 2696 2697caqMacAceBeforePosition OBJECT-TYPE 2698 SYNTAX Unsigned32 (0..65535) 2699 MAX-ACCESS read-create 2700 STATUS current 2701 DESCRIPTION 2702 "The object is to control the position of an ACE in the ACL. 2703 Specifies the order position of a new ACE before a ACE which 2704 is already in the ACL. It means that the new ACE will replace 2705 the position of the ACE which the object specifies. 2706 2707 For example, if there are 6 ACEs in an ACL, so the positions 2708 of those 6 ACEs will be 1, 2, 3, 4, 5, 6. If the user would 2709 like to add a new ACE and he specifies 4 to be the value of 2710 this object, the old ACEs in positions, 4, 5, 6 will become 2711 5, 6, 7 while the entry containing the new ACE is active. 2712 The removing is similar. Be careful, for example, if the 2713 user would like to move an ACE whose position is 2 to before 2714 the ACE whose position is 5. He put the status of that entry 2715 to in-active and the position order will be 1, 2, 3, 4, 5. 2716 The old ACEs in positions 3, 4, 5, 6 becomes 2, 3, 4, 5. So, 2717 the user has to specify the object to 4, because the ACE in 2718 old position 5 has been moved to position 4. 2719 2720 If not specified, the default value 0 will be used. And the 2721 new ACE is appended to the end of the ACL. 0 will be always 2722 returned if the status of this row is active. If the entry 2723 is from active to notInService, this object should has default 2724 value." 2725 DEFVAL { 0 } 2726 ::= { caqMacAceEntry 11 } 2727 2728caqMacAceStatus OBJECT-TYPE 2729 SYNTAX RowStatus 2730 MAX-ACCESS read-create 2731 STATUS current 2732 DESCRIPTION 2733 "The status of this MAC ACE conceptual row entry. This object 2734 is used to manage creation, deletion and modification of rows 2735 in this table. 2736 2737 An entry may not exist in the active state unless all objects 2738 in the entry have an appropriate value. Especially, it cannot 2739 be in active state unless the caqMacAceMatchedAction object in 2740 the entry point to an active entry (i.e its RowStatus object is 2741 active(1)) in the caqQosActionSelectTable or 2742 caqSecurityActionTable. Once a row becomes active, value in any 2743 other column within such row cannot be modified. 2744 2745 If this row is the only ACE in an ACL and the value of its 2746 caqMacAclName object matches the value of caqClassifierAclName 2747 object in any active entry of the caqClassifierTable, removing 2748 this entry will also remove the associated entry in the 2749 caqClassifierTable." 2750 ::= { caqMacAceEntry 12 } 2751 2752caqMacAceMatchCriteria OBJECT-TYPE 2753 SYNTAX BITS { 2754 matchCos(0), 2755 matchVlan(1) 2756 } 2757 MAX-ACCESS read-create 2758 STATUS current 2759 DESCRIPTION 2760 "Indicates which field in the packet header to be matched. 2761 2762 matchCos(0) means that the packet Cos value 2763 will be matched against the value specified by 2764 caqMacAceCos object in the same row. 2765 2766 matchVlan(1) means that the packet VLAN value 2767 will be matched against the value specified by 2768 caqMacAceVlan object in the same row." 2769 DEFVAL { { } } 2770 ::= { caqMacAceEntry 13 } 2771 2772caqMacAceCos OBJECT-TYPE 2773 SYNTAX QosLayer2Cos 2774 MAX-ACCESS read-create 2775 STATUS current 2776 DESCRIPTION 2777 "Indicates the packet Cos value to be matched. 2778 2779 The value of this object is ignored whenever the 2780 matchCos(0) bit of caqMacAceMatchCriteria object 2781 is not on." 2782 ::= { caqMacAceEntry 14 } 2783 2784caqMacAceVlan OBJECT-TYPE 2785 SYNTAX VlanIndex 2786 MAX-ACCESS read-create 2787 STATUS current 2788 DESCRIPTION 2789 "Indicates the packet VLAN number to be matched. 2790 2791 The value of this object is ignored whenever the 2792 matchVlan(1) bit of caqMacAceMatchCriteria object 2793 is not on." 2794 ::= { caqMacAceEntry 15 } 2795 2796-- 2797-- Flow policing capability 2798-- 2799 2800caqFlowPolicingCpb OBJECT-TYPE 2801 SYNTAX BITS { 2802 microFlow(0), 2803 aggregate(1) 2804 } 2805 MAX-ACCESS read-only 2806 STATUS current 2807 DESCRIPTION 2808 "Indicates the flow policing capability of the device. 2809 2810 microFlow(0) indicates that microflow can be policed. 2811 2812 aggregate(1) indicates that aggregate flow can be policed." 2813 ::= { caqAclObjects 5 } 2814 2815-- 2816-- caqQosActionSelectTable 2817-- 2818 2819caqQosActionSelectTable OBJECT-TYPE 2820 SYNTAX SEQUENCE OF CaqQosActionSelectEntry 2821 MAX-ACCESS not-accessible 2822 STATUS current 2823 DESCRIPTION 2824 "This table describes the actions of ACEs. Once an ACE is 2825 matched, it follows its MatchedAction object to an entry of this 2826 table to get an action for the matching ACE. 2827 An action includes policer information as well as an DSCP 2828 associated with trust state information of the matching ACE." 2829 ::= { caqAclObjects 6 } 2830 2831caqQosActionSelectEntry OBJECT-TYPE 2832 SYNTAX CaqQosActionSelectEntry 2833 MAX-ACCESS not-accessible 2834 STATUS current 2835 DESCRIPTION 2836 "An entry of an ACE action. It links to the entries of 2837 caqFlowPolicerTable with caqQosActionSelectMicroflow, 2838 caqQosActionSelectAggregate objects." 2839 INDEX { caqQosActionSelectIndex } 2840 ::= { caqQosActionSelectTable 1 } 2841 2842CaqQosActionSelectEntry ::= SEQUENCE { 2843 caqQosActionSelectIndex Unsigned32, 2844 caqQosActionSelectTrust INTEGER, 2845 caqQosActionSelectDscp Dscp, 2846 caqQosActionSelectMicroflow CaqPolicerNameOrEmpty, 2847 caqQosActionSelectAggregate CaqPolicerNameOrEmpty, 2848 caqQosActionSelectStatus RowStatus 2849} 2850 2851caqQosActionSelectIndex OBJECT-TYPE 2852 SYNTAX Unsigned32 (1..65535) 2853 MAX-ACCESS not-accessible 2854 STATUS current 2855 DESCRIPTION 2856 "The index of this table for indicating an ACE Action for QoS." 2857 ::= { caqQosActionSelectEntry 1 } 2858 2859caqQosActionSelectTrust OBJECT-TYPE 2860 SYNTAX INTEGER { noTrust(1), trustCos(2), 2861 trustIpPrec(3), trustDscp(4) } 2862 MAX-ACCESS read-create 2863 STATUS current 2864 DESCRIPTION 2865 "Determines if the packets matching the ACE should be trusted 2866 or if a specific DSCP should be assigned to it. 2867 2868 If trustCos(2) is specified, the final DSCP value should refer 2869 to caqCosToDscpDscp object in caqCosToDscpTable to transfer 2870 layer 2 CoS value to DSCP value. 2871 2872 If trustIpPrec(3) is specified, the final DSCP value should 2873 refer to caqIpPrecToDscpDscp object in caqIpPrecToDscpTable 2874 to transfer IP Precedence value to DSCP value. 2875 2876 If trustDscp(4) is specified, the final DSCP value is the one 2877 which packets carry. 2878 2879 If noTrust(1) is specified, the final DSCP value will have the 2880 value of caqQosActionSelectDscp object. That is, if an instance 2881 of this object is noTrust(1), the caqQosActionSelectStatus 2882 object can not become 'active(1)' until a value has been 2883 assigned to the corresponding instance of 2884 caqQosActionSelectDscp." 2885 ::= { caqQosActionSelectEntry 2 } 2886 2887caqQosActionSelectDscp OBJECT-TYPE 2888 SYNTAX Dscp 2889 MAX-ACCESS read-create 2890 STATUS current 2891 DESCRIPTION 2892 "This object is only instantiated when the 2893 caqQosActionSelectTrust object in the same entry has been set 2894 to noTrust(1)." 2895 ::= { caqQosActionSelectEntry 4 } 2896 2897caqQosActionSelectMicroflow OBJECT-TYPE 2898 SYNTAX CaqPolicerNameOrEmpty 2899 MAX-ACCESS read-create 2900 STATUS current 2901 DESCRIPTION 2902 "Indicates a policer name. The value of this object either 2903 matches the value of caqFlowPolicerName object of an active 2904 entry in caqFlowPolicerTable or has an empty string value. The 2905 ACE uses this object to link to a policer flow entry. If there 2906 is no microflow policer defined for the ACE pointed to this 2907 entry, this object should be an empty string. If the 2908 microflow(0) bit of caqFlowPolicingCpb object is turned off, 2909 this object should also be an empty string. Otherwise it should 2910 match the value of caqFlowPolicerName of an entry in the 2911 caqFlowPolicerTable which has its RowStatus value to be 2912 active(1) and the type of the policer should be microflow(1)." 2913 ::= { caqQosActionSelectEntry 5 } 2914 2915caqQosActionSelectAggregate OBJECT-TYPE 2916 SYNTAX CaqPolicerNameOrEmpty 2917 MAX-ACCESS read-create 2918 STATUS current 2919 DESCRIPTION 2920 "Indicates a policer name. The value of this object either 2921 matches the value of caqFlowPolicerName object of an active 2922 entry in caqFlowPolicerTable or has an empty string value. 2923 The ACE uses this object to link to a policer flow entry. 2924 If there is no aggregate policer defined for the ACE pointed 2925 to this entry, this object should be an empty string. If the 2926 aggregate(1) bit of caqFlowPolicingCpb object is turned off, 2927 this object should also be an an empty string. Otherwise 2928 it should match the value of caqFlowPolicerName of an entry in 2929 the caqFlowPolicerTable which has its RowStatus value to be 2930 active(1) and the type of the policer should be aggregate(2)." 2931 ::= { caqQosActionSelectEntry 6 } 2932 2933caqQosActionSelectStatus OBJECT-TYPE 2934 SYNTAX RowStatus 2935 MAX-ACCESS read-create 2936 STATUS current 2937 DESCRIPTION 2938 "The status of this Qos Action Select conceptual row entry. This 2939 object is used to manage creation, deletion and modification of 2940 rows in this table. 2941 2942 An entry may not exist in the active state unless all objects 2943 in the entry have an appropriate value. Once a row becomes 2944 active, value in any other column within such row cannot be 2945 modified. 2946 2947 If this row is pointed to by an active entry in the ACL tables, 2948 this object cannot be changed from active(1) to any other 2949 value." 2950 ::= { caqQosActionSelectEntry 7 } 2951 2952caqFlowPolicerExcessRateSupport OBJECT-TYPE 2953 SYNTAX TruthValue 2954 MAX-ACCESS read-only 2955 STATUS current 2956 DESCRIPTION 2957 "Indicates whether the device supports excess rate 2958 configuration." 2959 ::= { caqAclObjects 7 } 2960 2961 2962-- 2963-- Flow Policing Table 2964-- 2965 2966caqFlowPolicerTable OBJECT-TYPE 2967 SYNTAX SEQUENCE OF CaqFlowPolicerEntry 2968 MAX-ACCESS not-accessible 2969 STATUS current 2970 DESCRIPTION 2971 "This table defines the flow policing rules. A flow policing 2972 rule comprises a rate, burst size and drop-or-mark indication." 2973 ::= { caqAclObjects 8 } 2974 2975caqFlowPolicerEntry OBJECT-TYPE 2976 SYNTAX CaqFlowPolicerEntry 2977 MAX-ACCESS not-accessible 2978 STATUS current 2979 DESCRIPTION 2980 "The attributes defining a flow policing rule." 2981 INDEX { IMPLIED caqFlowPolicerName } 2982 ::= { caqFlowPolicerTable 1 } 2983 2984CaqFlowPolicerEntry ::= SEQUENCE { 2985 caqFlowPolicerName CaqPolicerName, 2986 caqFlowPolicerType INTEGER, 2987 caqFlowPolicerNormalRateRequest Integer32, 2988 caqFlowPolicerNormalRateGrant Integer32, 2989 caqFlowPolicerNormalRateAction INTEGER, 2990 caqFlowPolicerExcessRateRequest Integer32, 2991 caqFlowPolicerExcessRateGrant Integer32, 2992 caqFlowPolicerExcessRateAction INTEGER, 2993 caqFlowPolicerBurstSizeRequest Integer32, 2994 caqFlowPolicerBurstSizeGrant Integer32, 2995 caqFlowPolicerStatus RowStatus, 2996 caqFlowPolicerExcessBurstRequest Unsigned32, 2997 caqFlowPolicerExcessBurstGrant Unsigned32 2998} 2999 3000caqFlowPolicerName OBJECT-TYPE 3001 SYNTAX CaqPolicerName 3002 MAX-ACCESS not-accessible 3003 STATUS current 3004 DESCRIPTION 3005 "The name of a policer. This name has to be unique to identify 3006 a microflow or an aggregate policer in the device." 3007 ::= { caqFlowPolicerEntry 1 } 3008 3009caqFlowPolicerType OBJECT-TYPE 3010 SYNTAX INTEGER { 3011 microflow(1), 3012 aggregate(2) 3013 } 3014 MAX-ACCESS read-create 3015 STATUS current 3016 DESCRIPTION 3017 "The type of this policer." 3018 ::= { caqFlowPolicerEntry 2 } 3019 3020caqFlowPolicerNormalRateRequest OBJECT-TYPE 3021 SYNTAX Integer32 (0 | 32..8000000) 3022 UNITS "kbps" 3023 MAX-ACCESS read-create 3024 STATUS current 3025 DESCRIPTION 3026 "The requested average rate of the flow. The base unit of this 3027 object is 1 kilo-bits per second. 0 may be specified for a 3028 rate which causes all packets to be out-of-profile. 3029 Out-of-profile indicates that a packet causes the committed 3030 access rate of the packet's flow to be exceeded. Committed 3031 access rate is the bandwidth that has been committed to a 3032 specific flow or group of flows. The committed rate can be 3033 enforced by policing or by shaping." 3034 ::= { caqFlowPolicerEntry 3 } 3035 3036caqFlowPolicerNormalRateGrant OBJECT-TYPE 3037 SYNTAX Integer32 3038 UNITS "kbps" 3039 MAX-ACCESS read-only 3040 STATUS current 3041 DESCRIPTION 3042 "The granted average rate of the flow. The base unit of this 3043 object is 1 kilo-bits per second. If the status of this row is 3044 not active, the value of this object will be the same as 3045 caqFlowPolicerNormalRateRequest's value. 3046 3047 If the QoS function is enabled and the policy source is from 3048 local configuration, this MIB object is from the runtime 3049 hardware information. Due to hardware granularity, the 3050 granted value may not be the same as the value specified 3051 by caqFlowPolicerNormalRateRequest object. It will be the 3052 closest value to the requested one that the hardware can 3053 support." 3054 ::= { caqFlowPolicerEntry 4 } 3055 3056caqFlowPolicerNormalRateAction OBJECT-TYPE 3057 SYNTAX INTEGER { drop(1), policedDscp(2) } 3058 MAX-ACCESS read-create 3059 STATUS current 3060 DESCRIPTION 3061 "The action for those normal rate out-of-profile packets. The 3062 action is to drop the packets or mark down its DSCP to the 3063 value of caqDscpMappingNRPolicedDscp defined in 3064 caqDscpMappingTable. 3065 3066 If the caqFlowPolicerExcessRateSupport is true(1), this object 3067 cannot be set to drop(1). Setting the value of 3068 caqFlowPolicerExcessRateRequest object equal to the value of 3069 caqFlowPolicerNormalRateRequest object together with setting the 3070 value of caqFlowPolicerExcessRateAction object to drop(1) will 3071 effectively drop the packet at normal rate." 3072 ::= { caqFlowPolicerEntry 5 } 3073 3074caqFlowPolicerExcessRateRequest OBJECT-TYPE 3075 SYNTAX Integer32 (0 | 32..8000000) 3076 UNITS "kbps" 3077 MAX-ACCESS read-create 3078 STATUS current 3079 DESCRIPTION 3080 "The requested excess rate of the flow. The base unit of this 3081 object is 1 kilo-bits per second. 0 may be specified for a 3082 rate which causes all packets to be out-of-profile. 3083 Out-of-profile indicates that a packet causes the committed 3084 access rate of the packet's flow to be exceeded. Committed 3085 access rate is the bandwidth that has been committed to a 3086 specific flow or group of flows. The committed rate can be 3087 enforced by policing or by shaping. 3088 3089 If the caqFlowPolicerExcessRateSupport is false(2), this object 3090 cannot be instantiated." 3091 ::= { caqFlowPolicerEntry 6 } 3092 3093caqFlowPolicerExcessRateGrant OBJECT-TYPE 3094 SYNTAX Integer32 3095 UNITS "kbps" 3096 MAX-ACCESS read-only 3097 STATUS current 3098 DESCRIPTION 3099 "The granted excess rate of the flow. The base unit of this 3100 object is 1 kilo-bits per second. If the status of this row is 3101 not active, the value of this object will be the same as 3102 caqFlowPolicerExcessRateRequest's value. 3103 3104 If the QoS function is enabled and the policy source is from 3105 local configuration, this MIB object is from the runtime 3106 hardware information. Due to hardware granularity, the 3107 granted value may not be the same as the value specified 3108 by caqFlowPolicerExcessRateRequest object. It will be the 3109 closest value to the requested one that the hardware can 3110 support. 3111 3112 If the caqFlowPolicerExcessRateSupport is false(2), this object 3113 cannot be instantiated." 3114 ::= { caqFlowPolicerEntry 7 } 3115 3116caqFlowPolicerExcessRateAction OBJECT-TYPE 3117 SYNTAX INTEGER { drop(1), policedDscp(2) } 3118 MAX-ACCESS read-create 3119 STATUS current 3120 DESCRIPTION 3121 "The action for those excess rate out-of-profile packets. The 3122 action is to drop the packets or mark down its DSCP value to 3123 value of caqDscpMappingERPolicedDscp defined in 3124 caqDscpMappingTable. 3125 3126 If the caqFlowPolicerExcessRateSupport is false(2), this object 3127 cannot be instantiated." 3128 ::= { caqFlowPolicerEntry 8 } 3129 3130caqFlowPolicerBurstSizeRequest OBJECT-TYPE 3131 SYNTAX Integer32 (1..32000) 3132 UNITS "kilo-bits" 3133 MAX-ACCESS read-create 3134 STATUS current 3135 DESCRIPTION 3136 "The requested burst rate of the flow. The base unit of this 3137 object is 1 kilo-bits." 3138 ::= { caqFlowPolicerEntry 9 } 3139 3140caqFlowPolicerBurstSizeGrant OBJECT-TYPE 3141 SYNTAX Integer32 3142 UNITS "kilo-bits" 3143 MAX-ACCESS read-only 3144 STATUS current 3145 DESCRIPTION 3146 "The granted burst rate of the flow. The base unit of this 3147 object is 1 kilo-bits. If the status of this row is not 3148 active, the value of this object will be the same as 3149 caqFlowPolicerBurstSizeRequest's value. 3150 3151 If the QoS function is enabled and the policy source is from 3152 local configuration, this MIB object is from the runtime 3153 hardware information. Due to hardware granularity, the 3154 granted value may not be the same as the value specified 3155 by caqFlowPolicerBurstSizeRequest object. It will be the 3156 closest value to the requested one that the hardware can 3157 support." 3158 ::= { caqFlowPolicerEntry 10 } 3159 3160caqFlowPolicerStatus OBJECT-TYPE 3161 SYNTAX RowStatus 3162 MAX-ACCESS read-create 3163 STATUS current 3164 DESCRIPTION 3165 "The status of this flow policer conceptual row entry. This 3166 object is used to manage creation, deletion and modification of 3167 rows in this table. 3168 3169 An entry may not exist in the active state unless all objects 3170 in the entry have an appropriate value. Once a row becomes 3171 active, value in any other column within such row cannot be 3172 modified. 3173 3174 If this row is pointed to by an active entry in the 3175 caqQosActionSelectTable, this object cannot be changed from 3176 active(1) to any other value." 3177 ::= { caqFlowPolicerEntry 11 } 3178 3179caqFlowPolicerExcessBurstRequest OBJECT-TYPE 3180 SYNTAX Unsigned32 (1..32000) 3181 UNITS "kilo-bits" 3182 MAX-ACCESS read-create 3183 STATUS current 3184 DESCRIPTION 3185 "The requested excess burst size of the flow. 3186 3187 If the caqFlowPolicerExcessBurstSupport is false(2), this 3188 object cannot be instantiated." 3189 ::= { caqFlowPolicerEntry 12 } 3190 3191caqFlowPolicerExcessBurstGrant OBJECT-TYPE 3192 SYNTAX Unsigned32 (1..32000) 3193 UNITS "kilo-bits" 3194 MAX-ACCESS read-only 3195 STATUS current 3196 DESCRIPTION 3197 "The granted excess burst size of the flow. If the status of 3198 this row is not active, the value of this object will be the 3199 same as caqFlowPolicerExcessBurstRequest's value. 3200 3201 If the QoS function is enabled and the policy source is from 3202 local configuration, this MIB object is from the runtime 3203 hardware information. Due to hardware granularity, the 3204 granted value may not be the same as the value specified 3205 by caqFlowPolicerExcessBurstRequest object. It will be the 3206 closest value to the requested one that the hardware can 3207 support. 3208 3209 If the caqFlowPolicerExcessBurstSupport is false(2), this 3210 object cannot be instantiated." 3211 ::= { caqFlowPolicerEntry 13 } 3212 3213-- 3214-- caqSecurityActionTable 3215-- 3216 3217caqSecurityActionTable OBJECT-TYPE 3218 SYNTAX SEQUENCE OF CaqSecurityActionEntry 3219 MAX-ACCESS not-accessible 3220 STATUS current 3221 DESCRIPTION 3222 "This table describes the actions of Security ACEs. Once an ACE 3223 is matched and it can go through an entry of this table to find 3224 the Security action." 3225 ::= { caqAclObjects 9 } 3226 3227caqSecurityActionEntry OBJECT-TYPE 3228 SYNTAX CaqSecurityActionEntry 3229 MAX-ACCESS not-accessible 3230 STATUS current 3231 DESCRIPTION 3232 "An entry of a Security ACE action. It provides the action for 3233 for the traffic matching Security ACEs." 3234 INDEX { caqSecurityActionIndex } 3235 ::= { caqSecurityActionTable 1 } 3236 3237CaqSecurityActionEntry ::= SEQUENCE { 3238 caqSecurityActionIndex Unsigned32, 3239 caqSecurityAction INTEGER, 3240 caqSecurityRedirectPortList OCTET STRING, 3241 caqSecurityCapture TruthValue, 3242 caqSecurityActionStatus RowStatus, 3243 caqSecurityAdjIndex Unsigned32, 3244 caqSecurityArpMacAddress MacAddress, 3245 caqSecurityRedirect2kPortList OCTET STRING, 3246 caqSecurityDownloadedAceFeature INTEGER 3247} 3248 3249caqSecurityActionIndex OBJECT-TYPE 3250 SYNTAX Unsigned32 (1..65535) 3251 MAX-ACCESS not-accessible 3252 STATUS current 3253 DESCRIPTION 3254 "The index of this table for indicating a Security ACE action 3255 entry." 3256 ::= { caqSecurityActionEntry 1 } 3257 3258caqSecurityAction OBJECT-TYPE 3259 SYNTAX INTEGER { 3260 permit(1), 3261 deny(2), 3262 redirect(3), 3263 redirectWithAdj(4), 3264 denyWithLog(5), 3265 denyArpInspection(6), 3266 denyArpInspWithLog(7), 3267 permitArpInspection(8), 3268 include(9) 3269 } 3270 MAX-ACCESS read-create 3271 STATUS current 3272 DESCRIPTION 3273 "Determines the action that the device will take if the traffic 3274 matches the ACE. 3275 3276 If permit(1) is specified, the matched traffic will be allowed 3277 through the device. 3278 3279 If deny(2) is specified, the matched traffic will be blocked and 3280 dropped. 3281 3282 If redirect(3) is specified, the matched traffic will be 3283 redirected to physical port(s) which should be configured 3284 in the caqSecurityRedirectPortList object. Redirect means 3285 taking packet coming in and putting it out of port(s) 3286 as is. 3287 3288 If redirectWithAdj(4) is specified, the matched traffic will 3289 be redirected to the VLAN configured in the adjacency entry 3290 denoted by caqSecurityAdjIndex. 3291 3292 If denyWithLog(5) is specified, the matched traffic will be 3293 blocked, dropped and logged. 3294 3295 If denyArpInspection(6) is specified, the matched ARP traffic 3296 will be blocked and dropped. 3297 3298 If denyArpInspWithLog(7) is specified, the matched ARP traffic 3299 will be blocked, dropped and logged. 3300 3301 If permitArpInspection(8) is specified, the matched ARP 3302 traffic will be allowed through the device. 3303 3304 if include(9) is specified, the matched trafic will be 3305 regulated according to the downloaded ACE type denoted 3306 by caqSecurityDownloadedAceFeature object." 3307 ::= { caqSecurityActionEntry 2 } 3308 3309caqSecurityRedirectPortList OBJECT-TYPE 3310 SYNTAX OCTET STRING(SIZE(0..128)) 3311 MAX-ACCESS read-create 3312 STATUS deprecated 3313 DESCRIPTION 3314 "Indicates the set of physical port(s) that matched 3315 traffic is redirected to. Each octet within the value of 3316 this object specifies a set of eight ports, with the first 3317 octet specifying ports 1 through 8, the second octet 3318 specifying ports 9 through 16, etc. Within each octet, the 3319 most significant bit represents the lowest numbered port, 3320 and the least significant bit represents the highest numbered 3321 port. Thus, each port is represented by a single bit within 3322 the value of this object. If that bit has a value of '1' then 3323 that port is included in the set of redirect ports; the port 3324 is not included if its bit has a value of '0'. The value of 3325 this object is ignored whenever the value of caqSecurityAction 3326 object in the same row is not redirect(3)." 3327 ::= { caqSecurityActionEntry 3 } 3328 3329caqSecurityCapture OBJECT-TYPE 3330 SYNTAX TruthValue 3331 MAX-ACCESS read-create 3332 STATUS current 3333 DESCRIPTION 3334 "Indicates whether the matched traffic is to be captured. 3335 Capture means the packet is not only switched normally but also 3336 a copy of the switched packet is transmitted on the capture 3337 port(s). Traffic which is dropped cannot be captured; only 3338 traffic that is forwarded to its appropriate destination, can 3339 also be forwarded to a capture port. Redirected traffic 3340 cannot be captured. 3341 3342 Packets are only output on a capture port if they are on 3343 a VLAN which is carried on that port. To capture traffic 3344 from many vlans, the capture port(s) should be a trunk 3345 carrying the required vlans. 3346 3347 The capturing destination port(s) should be configured in 3348 caqSecurityAclCaptureIfTable." 3349 DEFVAL { false } 3350 ::= { caqSecurityActionEntry 4 } 3351 3352caqSecurityActionStatus OBJECT-TYPE 3353 SYNTAX RowStatus 3354 MAX-ACCESS read-create 3355 STATUS current 3356 DESCRIPTION 3357 "The status of this Security ACE action conceptual row entry. 3358 This object is used to manage creation, deletion and 3359 modification of rows in this table. 3360 3361 An entry may not exist in the active state unless all objects 3362 in the entry have appropriate value. If the value of 3363 caqSecurityAction object in the same row is redirectWithAdj(4), 3364 user must use the value of the index object of an active entry 3365 in caqAdjacencyTable to configure the caqSecurityAdjIndex 3366 object. Once a row becomes active, value in any other column 3367 within such row cannot be modified. 3368 3369 If this row is pointed to by an active entry in the ACL tables, 3370 this object cannot be changed from active(1) to any other 3371 value." 3372 ::= { caqSecurityActionEntry 5 } 3373 3374caqSecurityAdjIndex OBJECT-TYPE 3375 SYNTAX Unsigned32 (0..65535) 3376 MAX-ACCESS read-create 3377 STATUS current 3378 DESCRIPTION 3379 "Indicates the index of an active adjacency entry in 3380 caqAdjacencyTable. The value of this object is ignored whenever 3381 the value of caqSecurityAction object in the same row is not 3382 redirectWithAdj(4)." 3383 DEFVAL { 0 } 3384 ::= { caqSecurityActionEntry 6 } 3385 3386caqSecurityArpMacAddress OBJECT-TYPE 3387 SYNTAX MacAddress 3388 MAX-ACCESS read-create 3389 STATUS current 3390 DESCRIPTION 3391 "Indicates the 48 bits Mac address used in ARP packet. 3392 The value of this object is ignored whenever the value of 3393 caqSecurityAction object in the same row is not one of 3394 the following values denyArpInspection(6), denyArpInspWithLog(7) 3395 and permitArpInspection(8)." 3396 DEFVAL { 'FFFFFFFFFFFF'H } 3397 ::= { caqSecurityActionEntry 7 } 3398 3399caqSecurityRedirect2kPortList OBJECT-TYPE 3400 SYNTAX OCTET STRING (SIZE(0..256)) 3401 MAX-ACCESS read-create 3402 STATUS current 3403 DESCRIPTION 3404 "Indicates the set of physical port(s) that matched 3405 traffic is redirected to. Each octet within the value of 3406 this object specifies a set of eight ports, with the first 3407 octet specifying ports 1 through 8, the second octet 3408 specifying ports 9 through 16, etc. Within each octet, the 3409 most significant bit represents the lowest numbered port, 3410 and the least significant bit represents the highest numbered 3411 port. Thus, each port is represented by a single bit within 3412 the value of this object. If that bit has a value of '1' then 3413 that port is included in the set of redirect ports; the port 3414 is not included if its bit has a value of '0'. The value of 3415 this object is ignored whenever the value of caqSecurityAction 3416 object in the same row is not redirect(3). This object can 3417 accommodate up to 2048 ports. 3418 3419 A port number is the value of dot1dBasePort for the port in 3420 the BRIDGE-MIB (RFC 1493)." 3421 ::= { caqSecurityActionEntry 8 } 3422 3423caqSecurityDownloadedAceFeature OBJECT-TYPE 3424 SYNTAX INTEGER { 3425 notApplicable(1), 3426 dot1x(2), 3427 macAuth(3), 3428 webAuth(4), 3429 eou(5), 3430 ipPhone(6) 3431 } 3432 MAX-ACCESS read-create 3433 STATUS current 3434 DESCRIPTION 3435 "Indicates the feature type of the downloaded ACE. 3436 3437 'notApplicable' indicates that this security action 3438 entry is not applied to any downloaded ACE. 3439 3440 'dot1x' indicates that this security action entry is 3441 applied to downloaded ACE for 802.1x feature. 3442 3443 'macAuth' indicates that this security action entry is 3444 applied to downloaded ACE for Mac Authentication 3445 Bypass feature. 3446 3447 'webAuth' indicates that this security action entry is 3448 applied to downloaded ACE for Web-Proxy Authentication 3449 feature. 3450 3451 'eou' indicates that this security action entry is 3452 applied to downloaded ACE for Extensible Authentication 3453 Protocol over UDP (EOU) feature. 3454 3455 'ipPhone' indicates that this security action entry is 3456 applied to downloaded ACE for IP Phone feature. 3457 3458 The value of this object is 'notApplicable' whenever the 3459 value of caqSecurityAction object in the same row is not 3460 'include'. When an entry of this table is created with 3461 'include' value specified for caqSecurityAction, 'notApplicable' 3462 cannot be used for this object value." 3463 DEFVAL { notApplicable } 3464 ::= { caqSecurityActionEntry 9 } 3465-- 3466-- caqSecurityAclCaptureIfTable 3467-- 3468 3469caqSecurityAclCaptureIfTable OBJECT-TYPE 3470 SYNTAX SEQUENCE OF CaqSecurityAclCaptureIfEntry 3471 MAX-ACCESS not-accessible 3472 STATUS current 3473 DESCRIPTION 3474 "This table contains all the physical ports which are capable 3475 of being capture interfaces on which captured packets are 3476 output." 3477 ::= { caqAclObjects 10 } 3478 3479caqSecurityAclCaptureIfEntry OBJECT-TYPE 3480 SYNTAX CaqSecurityAclCaptureIfEntry 3481 MAX-ACCESS not-accessible 3482 STATUS current 3483 DESCRIPTION 3484 "The index of this table is the ifIndex value of a 3485 physical port which is capable of being a capture interface 3486 on which captured packets are output." 3487 INDEX { ifIndex } 3488 ::= { caqSecurityAclCaptureIfTable 1 } 3489 3490CaqSecurityAclCaptureIfEntry ::= SEQUENCE { 3491 caqSecurityAclCaptureEnable TruthValue 3492} 3493 3494caqSecurityAclCaptureEnable OBJECT-TYPE 3495 SYNTAX TruthValue 3496 MAX-ACCESS read-write 3497 STATUS current 3498 DESCRIPTION 3499 "An interface can be a destination of captured traffic which 3500 matched any Security ACL. 3501 3502 This object is to specify whether to enable or disable this 3503 interface as a destination of captured traffic." 3504 DEFVAL { false } 3505 ::= { caqSecurityAclCaptureIfEntry 1 } 3506 3507-- 3508-- Excess Burst Capability Object 3509-- 3510 3511caqFlowPolicerExcessBurstSupport OBJECT-TYPE 3512 SYNTAX TruthValue 3513 MAX-ACCESS read-only 3514 STATUS current 3515 DESCRIPTION 3516 "Indicates whether the device supports excess burst 3517 size configuration." 3518 ::= { caqAclObjects 11 } 3519 3520-- 3521-- Security Acl Feature Rate Limit objects 3522-- 3523caqSecurityRateLimitFeatures OBJECT-TYPE 3524 SYNTAX BITS { 3525 arpInspection(0), 3526 dot1xDHCP(1), 3527 dhcpSnooping(2) 3528 } 3529 MAX-ACCESS read-only 3530 STATUS current 3531 DESCRIPTION 3532 "Indicates the features which implement rate limit 3533 on their traffic flows using the rate limit value 3534 denoted by caqSecurityAclRateLimit object. This 3535 rate limit value is shared among all features denoted 3536 by this object." 3537 ::= { caqAclObjects 12 } 3538 3539caqSecurityAclRateLimit OBJECT-TYPE 3540 SYNTAX Unsigned32 3541 UNITS "packet per second" 3542 MAX-ACCESS read-write 3543 STATUS current 3544 DESCRIPTION 3545 "Indicates the maximum rate of all traffic flows 3546 subjected to rate limiting imposed by all features 3547 denoted by caqSecurityRateLimitFeatures object." 3548 ::= { caqAclObjects 13 } 3549 3550-- 3551-- The caqQosDefaultAction table 3552-- 3553 3554caqQosDefaultActionTable OBJECT-TYPE 3555 SYNTAX SEQUENCE OF CaqQosDefaultActionEntry 3556 MAX-ACCESS not-accessible 3557 STATUS current 3558 DESCRIPTION 3559 "This table contains the QoS default action taken by the 3560 device for traffic which is not matched by a specific 3561 QoS ACE." 3562 ::= { caqAclObjects 14 } 3563 3564caqQosDefaultActionEntry OBJECT-TYPE 3565 SYNTAX CaqQosDefaultActionEntry 3566 MAX-ACCESS not-accessible 3567 STATUS current 3568 DESCRIPTION 3569 "The entries in this table are corresponding to the type of 3570 traffic as well as its direction and contain the default 3571 DSCP value, trust state and policers information. The number 3572 of entry in this table depends on what type of traffic 3573 supported by the device." 3574 INDEX { caqQosTrafficDirection, caqQosTrafficType } 3575 ::= { caqQosDefaultActionTable 1 } 3576 3577CaqQosDefaultActionEntry ::= SEQUENCE { 3578 caqQosTrafficDirection CaqDirection, 3579 caqQosTrafficType INTEGER, 3580 caqQosDefaultTrustState INTEGER, 3581 caqQosDefaultDscp Dscp, 3582 caqQosDefaultMicroflow CaqPolicerNameOrEmpty, 3583 caqQosDefaultAggregate CaqPolicerNameOrEmpty 3584} 3585 3586caqQosTrafficDirection OBJECT-TYPE 3587 SYNTAX CaqDirection 3588 MAX-ACCESS not-accessible 3589 STATUS current 3590 DESCRIPTION 3591 "Indicates whether this row's parameters are to 3592 be applied for ingress or for egress traffic." 3593 ::= { caqQosDefaultActionEntry 1 } 3594 3595caqQosTrafficType OBJECT-TYPE 3596 SYNTAX INTEGER { 3597 mac(1), 3598 ip(2), 3599 ipx(3) 3600 } 3601 MAX-ACCESS not-accessible 3602 STATUS current 3603 DESCRIPTION 3604 "Indicates whether this row's parameters are to 3605 be applied for Ethernet, IP or IPX traffic." 3606 ::= { caqQosDefaultActionEntry 2 } 3607 3608caqQosDefaultTrustState OBJECT-TYPE 3609 SYNTAX INTEGER { 3610 noTrust(1), 3611 trustCos(2), 3612 trustIpPrec(3), 3613 trustDscp(4) 3614 } 3615 MAX-ACCESS read-write 3616 STATUS current 3617 DESCRIPTION 3618 "Indicates the default assigned trust state. 3619 3620 If trustCos(2) is specified, the default DSCP value of an 3621 unmatched packet should refer to caqCosToDscpDscp 3622 object in caqCosToDscpTable to transfer layer 2 CoS value to 3623 DSCP value. 3624 3625 If trustIpPrec(3) is specified, the default DSCP value of an 3626 unmatched packet should refer to caqIpPrecToDscpDscp 3627 object in caqIpPrecToDscpTable to transfer IP Precedence value 3628 to DSCP value. 3629 3630 If trustDscp(4) is specified, the default DSCP value of an 3631 unmatched packet is the one which packets carry. 3632 3633 If noTrust(1) is specified, the default DSCP value of an 3634 unmatched packet will have the value of caqQosDefaultDscp 3635 object." 3636 ::= { caqQosDefaultActionEntry 3 } 3637 3638caqQosDefaultDscp OBJECT-TYPE 3639 SYNTAX Dscp 3640 MAX-ACCESS read-write 3641 STATUS current 3642 DESCRIPTION 3643 "This object is only instantiated when the 3644 caqQosDefaultTrust object in the same entry has been set 3645 to noTrust(1)." 3646 ::= { caqQosDefaultActionEntry 4 } 3647 3648caqQosDefaultMicroflow OBJECT-TYPE 3649 SYNTAX CaqPolicerNameOrEmpty 3650 MAX-ACCESS read-write 3651 STATUS current 3652 DESCRIPTION 3653 "Indicates a microflow policer name. The value of 3654 this object either matches the value of caqFlowPolicerName 3655 object of an active entry in caqFlowPolicerTable or has an 3656 empty string value. 3657 If there is no default microflow policer defined for unmatched 3658 traffic, this object should be an empty string. If the 3659 microflow(0) bit of caqFlowPolicingCpb object is turned off, 3660 this object should also be an empty string. Otherwise it should 3661 match the value of caqFlowPolicerName of an entry in the 3662 caqFlowPolicerTable which has its RowStatus value to be 3663 active(1) and the type of the policer should be microflow(1)." 3664 ::= { caqQosDefaultActionEntry 5 } 3665 3666caqQosDefaultAggregate OBJECT-TYPE 3667 SYNTAX CaqPolicerNameOrEmpty 3668 MAX-ACCESS read-write 3669 STATUS current 3670 DESCRIPTION 3671 "Indicates an aggregate policer name. The value of this object 3672 either matches the value of caqFlowPolicerName object of an 3673 active entry in caqFlowPolicerTable or has an empty string 3674 value. If there is no default aggregate policer defined for 3675 unmatched traffic, this object should be an empty string. If 3676 the aggregate(1) bit of caqFlowPolicingCpb object is turned 3677 off, this object should also be an an empty string. Otherwise 3678 it should match the value of caqFlowPolicerName of an entry in 3679 the caqFlowPolicerTable which has its RowStatus value to be 3680 active(1) and the type of the policer should be aggregate(2)." 3681 ::= { caqQosDefaultActionEntry 6 } 3682 3683-- 3684-- Acl Feature support 3685-- 3686 3687caqAclFeatureCpb OBJECT-TYPE 3688 SYNTAX BITS { vlanAclHitCount(0), portAclHitCount (1) } 3689 MAX-ACCESS read-only 3690 STATUS current 3691 DESCRIPTION 3692 "Indicates the set of features that the device supports 3693 related to ACLs configured in the device. 3694 3695 vlanAclHitCount(0) indicates that the device supports 3696 ACL hit count feature for ACLs attached to VLAN interfaces. 3697 3698 portAclHitCount(1) indicates that the device supports 3699 ACL hit count feature for ACLs attached to physical 3700 interfaces." 3701 ::= { caqAclObjects 15 } 3702 3703-- 3704-- The caqQosStatsObjects 3705-- 3706 3707caqL3PacketsDropByPolicer OBJECT-TYPE 3708 SYNTAX Counter64 3709 MAX-ACCESS read-only 3710 STATUS current 3711 DESCRIPTION 3712 "Indicates the number of Layer 3 packets dropped due to 3713 policing." 3714 ::= { caqQosStatsObjects 1 } 3715 3716caqTosChangedIpPackets OBJECT-TYPE 3717 SYNTAX Counter64 3718 MAX-ACCESS read-only 3719 STATUS current 3720 DESCRIPTION 3721 "Indicates the number of IP packets have the Tos value 3722 changed." 3723 ::= { caqQosStatsObjects 2 } 3724 3725caqCosChangedIpPackets OBJECT-TYPE 3726 SYNTAX Counter64 3727 MAX-ACCESS read-only 3728 STATUS current 3729 DESCRIPTION 3730 "Indicates the number of IP packets have the Cos value 3731 changed." 3732 ::= { caqQosStatsObjects 3 } 3733 3734caqCosChangedNonIpPackets OBJECT-TYPE 3735 SYNTAX Counter64 3736 MAX-ACCESS read-only 3737 STATUS current 3738 DESCRIPTION 3739 "Indicates the number of non IP packets have the Cos 3740 value changed." 3741 ::= { caqQosStatsObjects 4 } 3742 3743-- 3744-- The Port Statistics Table 3745-- 3746 3747caqPortStatsTable OBJECT-TYPE 3748 SYNTAX SEQUENCE OF CaqPortStatsEntry 3749 MAX-ACCESS not-accessible 3750 STATUS current 3751 DESCRIPTION 3752 "A table containing QoS statistics counters per physical 3753 interface." 3754 ::= { caqQosStatsObjects 5 } 3755 3756caqPortStatsEntry OBJECT-TYPE 3757 SYNTAX CaqPortStatsEntry 3758 MAX-ACCESS not-accessible 3759 STATUS current 3760 DESCRIPTION 3761 "An entry contains QoS statistics maintained by the switching 3762 engine." 3763 INDEX { ifIndex, 3764 caqPortStatsDirection, 3765 caqPortStatsQueueNumber, 3766 caqPortStatsThresholdNumber } 3767 ::= { caqPortStatsTable 1 } 3768 3769CaqPortStatsEntry ::= SEQUENCE { 3770 caqPortStatsDirection CaqDirection, 3771 caqPortStatsQueueNumber CaqQueueNumber, 3772 caqPortStatsThresholdNumber CaqThresholdNumber, 3773 caqPortStatsDropPkts Counter64, 3774 caqPortStatsDropPktsAveRate Gauge32, 3775 caqPortStatsDropPktsPeakRate Gauge32 3776} 3777 3778caqPortStatsDirection OBJECT-TYPE 3779 SYNTAX CaqDirection 3780 MAX-ACCESS not-accessible 3781 STATUS current 3782 DESCRIPTION 3783 "Indicates traffic direction of an physical interface." 3784 ::= { caqPortStatsEntry 1 } 3785 3786caqPortStatsQueueNumber OBJECT-TYPE 3787 SYNTAX CaqQueueNumber 3788 MAX-ACCESS not-accessible 3789 STATUS current 3790 DESCRIPTION 3791 "Indicates the queue number of the interface for which 3792 statistics are collected. For example : if the port type of 3793 this interface is 1P2Q2T, this object can be 1, 2, 3." 3794 ::= { caqPortStatsEntry 2 } 3795 3796caqPortStatsThresholdNumber OBJECT-TYPE 3797 SYNTAX CaqThresholdNumber 3798 MAX-ACCESS not-accessible 3799 STATUS current 3800 DESCRIPTION 3801 "Indicates the threshold number of a queue on the interface for 3802 which statistics are collected. For example : if the port type 3803 of this interface is 1P2Q2T, this object can be 1, 2." 3804 ::= { caqPortStatsEntry 3 } 3805 3806caqPortStatsDropPkts OBJECT-TYPE 3807 SYNTAX Counter64 3808 MAX-ACCESS read-only 3809 STATUS current 3810 DESCRIPTION 3811 "The number of packets have been received then dropped from the 3812 interface because they exceeded the threshold value configured 3813 at this queue and threshold of this interface." 3814 ::= { caqPortStatsEntry 4 } 3815 3816caqPortStatsDropPktsAveRate OBJECT-TYPE 3817 SYNTAX Gauge32 3818 UNITS "packets per second" 3819 MAX-ACCESS read-only 3820 STATUS current 3821 DESCRIPTION 3822 "The five minute linearly-decayed moving average of packets 3823 have been received then dropped from the interface because 3824 they exceeded the threshold value configured at this queue 3825 and threshold of this interface." 3826 ::= { caqPortStatsEntry 5 } 3827 3828caqPortStatsDropPktsPeakRate OBJECT-TYPE 3829 SYNTAX Gauge32 3830 UNITS "packets per second" 3831 MAX-ACCESS read-only 3832 STATUS current 3833 DESCRIPTION 3834 "The peak rate of packets have been received then dropped from 3835 the interface because they exceeded the threshold value 3836 configured at this queue and threshold of this interface over 3837 the past five minutes." 3838 ::= { caqPortStatsEntry 6 } 3839 3840-- 3841-- The Flow specific Statistics Table 3842-- 3843 3844caqFlowStatsTable OBJECT-TYPE 3845 SYNTAX SEQUENCE OF CaqFlowStatsEntry 3846 MAX-ACCESS not-accessible 3847 STATUS current 3848 DESCRIPTION 3849 "A table containing QoS statistics counter per flow." 3850 ::= { caqQosStatsObjects 6 } 3851 3852caqFlowStatsEntry OBJECT-TYPE 3853 SYNTAX CaqFlowStatsEntry 3854 MAX-ACCESS not-accessible 3855 STATUS current 3856 DESCRIPTION 3857 "An entry contains the number of out of profile packet 3858 per flow maintained by the switching engine." 3859 AUGMENTS { cseFlowDataEntry } 3860 ::= { caqFlowStatsTable 1 } 3861 3862CaqFlowStatsEntry ::= SEQUENCE { 3863 caqFlowStatsOutOfProfilePackets Counter64 3864} 3865 3866caqFlowStatsOutOfProfilePackets OBJECT-TYPE 3867 SYNTAX Counter64 3868 MAX-ACCESS read-only 3869 STATUS current 3870 DESCRIPTION 3871 "Indicates the number of out-of-profile packets in 3872 this flow." 3873 ::= { caqFlowStatsEntry 1 } 3874 3875-- 3876-- The Aggregate Policer Statistics Table 3877-- 3878 3879caqAggPolicerStatsTable OBJECT-TYPE 3880 SYNTAX SEQUENCE OF CaqAggPolicerStatsEntry 3881 MAX-ACCESS not-accessible 3882 STATUS current 3883 DESCRIPTION 3884 "A table containing QoS statistics counter per aggregate 3885 policer." 3886 ::= { caqQosStatsObjects 7 } 3887 3888caqAggPolicerStatsEntry OBJECT-TYPE 3889 SYNTAX CaqAggPolicerStatsEntry 3890 MAX-ACCESS not-accessible 3891 STATUS current 3892 DESCRIPTION 3893 "An entry contains the number of packet policed and the 3894 number of out of profile packets per aggregate policer." 3895 INDEX { IMPLIED caqAggPolicerName } 3896 ::= { caqAggPolicerStatsTable 1 } 3897 3898CaqAggPolicerStatsEntry ::= SEQUENCE { 3899 caqAggPolicerName CaqPolicerName, 3900 caqAggPolicerPackets Counter64, 3901 caqAggPolicerNRExceedPackets Counter64, 3902 caqAggPolicerERExceedPackets Counter64, 3903 caqAggPolicerOctets Counter64, 3904 caqAggPolicerNRExceedOctets Counter64, 3905 caqAggPolicerERExceedOctets Counter64, 3906 caqAggPolicerOctetsRate CounterBasedGauge64, 3907 caqAggPolicerNRExceedOctetsRate CounterBasedGauge64, 3908 caqAggPolicerERExceedOctetsRate CounterBasedGauge64, 3909 caqAggPolicerOctetsPeakRate CounterBasedGauge64, 3910 caqAggPolicerPacketsRate CounterBasedGauge64, 3911 caqAggPolicerNRExceedPacketsRate CounterBasedGauge64, 3912 caqAggPolicerERExceedPacketsRate CounterBasedGauge64, 3913 caqAggPolicerPacketsPeakRate CounterBasedGauge64 3914} 3915 3916caqAggPolicerName OBJECT-TYPE 3917 SYNTAX CaqPolicerName 3918 MAX-ACCESS not-accessible 3919 STATUS current 3920 DESCRIPTION 3921 "The name of a policer. This name has to be unique to identify 3922 an aggregate policer in the device." 3923 ::= { caqAggPolicerStatsEntry 1 } 3924 3925caqAggPolicerPackets OBJECT-TYPE 3926 SYNTAX Counter64 3927 MAX-ACCESS read-only 3928 STATUS current 3929 DESCRIPTION 3930 "Indicates the number of packets is policed by this aggregate 3931 policer. This object is only instantiated if such info is 3932 available in the device." 3933 ::= { caqAggPolicerStatsEntry 2 } 3934 3935caqAggPolicerNRExceedPackets OBJECT-TYPE 3936 SYNTAX Counter64 3937 MAX-ACCESS read-only 3938 STATUS current 3939 DESCRIPTION 3940 "Indicates the number of packets exceeded the normal rate of 3941 this aggregate policer. This object in only instantiated if 3942 such info is available in the device." 3943 ::= { caqAggPolicerStatsEntry 3 } 3944 3945caqAggPolicerERExceedPackets OBJECT-TYPE 3946 SYNTAX Counter64 3947 MAX-ACCESS read-only 3948 STATUS current 3949 DESCRIPTION 3950 "Indicates the number of packets exceeded the excess rate of 3951 this policer. This object is only instantiated if such info 3952 is available in the device and if excess rate is supported 3953 by the device as indicated by caqFlowPolicerExcessRateSupport 3954 object." 3955 ::= { caqAggPolicerStatsEntry 4 } 3956 3957caqAggPolicerOctets OBJECT-TYPE 3958 SYNTAX Counter64 3959 MAX-ACCESS read-only 3960 STATUS current 3961 DESCRIPTION 3962 "Indicates the number of octets is policed by this aggregate 3963 policer. This object is only instantiated if such info is 3964 available in the device." 3965 ::= { caqAggPolicerStatsEntry 5 } 3966 3967caqAggPolicerNRExceedOctets OBJECT-TYPE 3968 SYNTAX Counter64 3969 MAX-ACCESS read-only 3970 STATUS current 3971 DESCRIPTION 3972 "Indicates the number of octets exceeded the normal rate of 3973 this aggregate policer. This object is only instantiated if 3974 such info is available in the device." 3975 ::= { caqAggPolicerStatsEntry 6 } 3976 3977caqAggPolicerERExceedOctets OBJECT-TYPE 3978 SYNTAX Counter64 3979 MAX-ACCESS read-only 3980 STATUS current 3981 DESCRIPTION 3982 "Indicates the number of octets exceeded the excess rate of 3983 this policer. This object is only instantiated if such info 3984 is available in the device and if excess rate is supported 3985 by the device as indicated by caqFlowPolicerExcessRateSupport 3986 object." 3987 ::= { caqAggPolicerStatsEntry 7 } 3988 3989caqAggPolicerOctetsRate OBJECT-TYPE 3990 SYNTAX CounterBasedGauge64 3991 UNITS "kbps" 3992 MAX-ACCESS read-only 3993 STATUS current 3994 DESCRIPTION 3995 "Indicates five minute linearly-decayed moving average of 3996 octets policed by this aggregate policer. 3997 This object is only instantiated if such info is available in 3998 the device." 3999 ::= { caqAggPolicerStatsEntry 8 } 4000 4001caqAggPolicerNRExceedOctetsRate OBJECT-TYPE 4002 SYNTAX CounterBasedGauge64 4003 UNITS "kbps" 4004 MAX-ACCESS read-only 4005 STATUS current 4006 DESCRIPTION 4007 "Indicates five minute linearly-decayed moving average of 4008 octets exceeded the normal rate of this aggregate policer. 4009 This object is only instantiated if such info is available in 4010 the device." 4011 ::= { caqAggPolicerStatsEntry 9 } 4012 4013caqAggPolicerERExceedOctetsRate OBJECT-TYPE 4014 SYNTAX CounterBasedGauge64 4015 UNITS "kbps" 4016 MAX-ACCESS read-only 4017 STATUS current 4018 DESCRIPTION 4019 "Indicates five minute linearly-decayed moving average of 4020 octets exceeded the excess rate of this policer. This object 4021 is only instantiated if such info is available in the device 4022 and if excess rate is supported by the device as indicated by 4023 caqFlowPolicerExcessRateSupport object." 4024 ::= { caqAggPolicerStatsEntry 10 } 4025 4026caqAggPolicerOctetsPeakRate OBJECT-TYPE 4027 SYNTAX CounterBasedGauge64 4028 UNITS "kbps" 4029 MAX-ACCESS read-only 4030 STATUS current 4031 DESCRIPTION 4032 "Indicates peak rate of octets is policed by this aggregate 4033 policer over the past five minute. This object is only 4034 instantiated if such info is available in the device." 4035 ::= { caqAggPolicerStatsEntry 11 } 4036 4037caqAggPolicerPacketsRate OBJECT-TYPE 4038 SYNTAX CounterBasedGauge64 4039 UNITS "packets per second" 4040 MAX-ACCESS read-only 4041 STATUS current 4042 DESCRIPTION 4043 "Indicates five minute linearly-decayed moving average of 4044 packets policed by this aggregate policer. 4045 This object is only instantiated if such info is available in 4046 the device." 4047 ::= { caqAggPolicerStatsEntry 12 } 4048 4049caqAggPolicerNRExceedPacketsRate OBJECT-TYPE 4050 SYNTAX CounterBasedGauge64 4051 UNITS "packets per second" 4052 MAX-ACCESS read-only 4053 STATUS current 4054 DESCRIPTION 4055 "Indicates five minute linearly-decayed moving average of 4056 packets exceeded the normal rate of this aggregate policer. 4057 This object is only instantiated if such info is available in 4058 the device." 4059 ::= { caqAggPolicerStatsEntry 13 } 4060 4061caqAggPolicerERExceedPacketsRate OBJECT-TYPE 4062 SYNTAX CounterBasedGauge64 4063 UNITS "packets per second" 4064 MAX-ACCESS read-only 4065 STATUS current 4066 DESCRIPTION 4067 "Indicates five minute linearly-decayed moving average of 4068 packets exceeded the excess rate of this policer. This object 4069 is only instantiated if such info is available in the device 4070 and if excess rate is supported by the device as indicated by 4071 caqFlowPolicerExcessRateSupport object." 4072 ::= { caqAggPolicerStatsEntry 14 } 4073 4074caqAggPolicerPacketsPeakRate OBJECT-TYPE 4075 SYNTAX CounterBasedGauge64 4076 UNITS "packets per second" 4077 MAX-ACCESS read-only 4078 STATUS current 4079 DESCRIPTION 4080 "Indicates peak rate of packets is policed by this aggregate 4081 policer over the past five minutes. This object is only 4082 instantiated if such info is available in the device." 4083 ::= { caqAggPolicerStatsEntry 15 } 4084 4085caqL3PacketsDropByPolicerAveRate OBJECT-TYPE 4086 SYNTAX CounterBasedGauge64 4087 UNITS "packets per second" 4088 MAX-ACCESS read-only 4089 STATUS current 4090 DESCRIPTION 4091 "Indicates five minute linearly-decayed moving average of 4092 Layer 3 packets dropped due to policing." 4093 ::= { caqQosStatsObjects 8 } 4094 4095caqL3PacketsDropByPolicerPeakRate OBJECT-TYPE 4096 SYNTAX CounterBasedGauge64 4097 UNITS "packets per second" 4098 MAX-ACCESS read-only 4099 STATUS current 4100 DESCRIPTION 4101 "Indicates the peak rate of Layer 3 packets dropped due to 4102 policing over the past five minutes." 4103 ::= { caqQosStatsObjects 9 } 4104 4105caqTosChangedIpPacketsAveRate OBJECT-TYPE 4106 SYNTAX CounterBasedGauge64 4107 UNITS "packets per second" 4108 MAX-ACCESS read-only 4109 STATUS current 4110 DESCRIPTION 4111 "Indicates five minute linearly-decayed moving average of 4112 IP packets have the Tos value change." 4113 ::= { caqQosStatsObjects 10 } 4114 4115caqTosChangedIpPacketsPeakRate OBJECT-TYPE 4116 SYNTAX CounterBasedGauge64 4117 UNITS "packets per second" 4118 MAX-ACCESS read-only 4119 STATUS current 4120 DESCRIPTION 4121 "Indicates the peak rate of IP packets have the Tos value 4122 change over the past five minute." 4123 ::= { caqQosStatsObjects 11 } 4124 4125caqCosChangedIpPacketsAveRate OBJECT-TYPE 4126 SYNTAX CounterBasedGauge64 4127 UNITS "packets per second" 4128 MAX-ACCESS read-only 4129 STATUS current 4130 DESCRIPTION 4131 "Indicates five minute linearly-decayed moving average of 4132 IP packets have the Cos value change." 4133 ::= { caqQosStatsObjects 12 } 4134 4135caqCosChangedIpPacketsPeakRate OBJECT-TYPE 4136 SYNTAX CounterBasedGauge64 4137 UNITS "packets per second" 4138 MAX-ACCESS read-only 4139 STATUS current 4140 DESCRIPTION 4141 "Indicates the peak rate of IP packets have the Cos value 4142 change over the past five minutes." 4143 ::= { caqQosStatsObjects 13 } 4144 4145caqCosChangedNonIpPacketsAveRate OBJECT-TYPE 4146 SYNTAX CounterBasedGauge64 4147 UNITS "packets per second" 4148 MAX-ACCESS read-only 4149 STATUS current 4150 DESCRIPTION 4151 "Indicates five minute linearly-decayed moving average of 4152 non IP packets have the Cos value change." 4153 ::= { caqQosStatsObjects 14 } 4154 4155caqCosChangedNonIpPacketPeakRate OBJECT-TYPE 4156 SYNTAX CounterBasedGauge64 4157 UNITS "packets per second" 4158 MAX-ACCESS read-only 4159 STATUS current 4160 DESCRIPTION 4161 "Indicates the peak rate of non IP packets have the Cos 4162 value change over the past five minutes." 4163 ::= { caqQosStatsObjects 15 } 4164 4165 4166--********************************************************************* 4167-- Cisco CatOS Acl Qos Extension Group 4168--********************************************************************* 4169 4170 4171-- 4172-- caqBridgedPolicerTable 4173-- 4174 4175 4176 4177caqBridgedPolicerTable OBJECT-TYPE 4178 SYNTAX SEQUENCE OF CaqBridgedPolicerEntry 4179 MAX-ACCESS not-accessible 4180 STATUS current 4181 DESCRIPTION 4182 "This table provides configuration information for each 4183 (existing) VLAN on whether or not bridged packets are policed 4184 at the microflow level on that VLAN. This configuration is 4185 useful in situations in which there are insufficient resources 4186 to police bridged packets at the microflow level on all VLANs. 4187 This configuration has no effect on aggregate policing." 4188 ::= { caqExtObjects 1 } 4189 4190caqBridgedPolicerEntry OBJECT-TYPE 4191 SYNTAX CaqBridgedPolicerEntry 4192 MAX-ACCESS not-accessible 4193 STATUS current 4194 DESCRIPTION 4195 "A conceptual row in the caqBridgedPolicerTable 4196 to control if bridged packets are policed at microflow 4197 level on a particular VLAN." 4198 INDEX { caqBridgedFlowVlanIndex } 4199 ::= { caqBridgedPolicerTable 1 } 4200 4201CaqBridgedPolicerEntry ::= SEQUENCE { 4202 caqBridgedFlowVlanIndex VlanIndex, 4203 caqBridgedFlowEnabled TruthValue 4204} 4205 4206caqBridgedFlowVlanIndex OBJECT-TYPE 4207 SYNTAX VlanIndex 4208 MAX-ACCESS not-accessible 4209 STATUS current 4210 DESCRIPTION 4211 "The VLAN-id of this VLAN." 4212 ::= { caqBridgedPolicerEntry 1 } 4213 4214caqBridgedFlowEnabled OBJECT-TYPE 4215 SYNTAX TruthValue 4216 MAX-ACCESS read-write 4217 STATUS current 4218 DESCRIPTION 4219 "Enable or Disable this function. If this objects is set to 4220 true, the bridged packets will be policed at microflow level. 4221 If it is set to false, bridged packets won't be policed at 4222 microflow level. This value has no effect on aggregate 4223 policing. The default is false." 4224 DEFVAL { false } 4225 ::= { caqBridgedPolicerEntry 2 } 4226 4227 4228-- 4229-- caqCosMacVlanRouterTable 4230-- 4231 4232caqCosMacVlanRouterTable OBJECT-TYPE 4233 SYNTAX SEQUENCE OF CaqCosMacVlanRouterEntry 4234 MAX-ACCESS not-accessible 4235 STATUS current 4236 DESCRIPTION 4237 "This table is used either to assign a Cos value to frames 4238 on a specific VLAN and which have a specific destination MAC 4239 address and/or to indicate if the configured destination MAC 4240 address is of a router. This table is applied only for platform 4241 that supports these features." 4242 ::= { caqExtObjects 2 } 4243 4244caqCosMacVlanRouterEntry OBJECT-TYPE 4245 SYNTAX CaqCosMacVlanRouterEntry 4246 MAX-ACCESS not-accessible 4247 STATUS current 4248 DESCRIPTION 4249 "The Cos value to be assigned to frames on a specific VLAN and 4250 which have a specific destination MAC address and/or the 4251 configured destination MAC address is of a router." 4252 INDEX { caqCosMacAddress, caqCosVlanNumber } 4253 ::= { caqCosMacVlanRouterTable 1 } 4254 4255CaqCosMacVlanRouterEntry ::= SEQUENCE { 4256 caqCosMacAddress MacAddress, 4257 caqCosVlanNumber VlanIndex, 4258 caqMacAddressCpb BITS, 4259 caqCosValue QosLayer2Cos, 4260 caqCosMacVlanRouterStatus RowStatus 4261} 4262 4263caqCosMacAddress OBJECT-TYPE 4264 SYNTAX MacAddress 4265 MAX-ACCESS not-accessible 4266 STATUS current 4267 DESCRIPTION 4268 "Indicates the destination MAC address to match against the 4269 flow." 4270 ::= { caqCosMacVlanRouterEntry 1 } 4271 4272caqCosVlanNumber OBJECT-TYPE 4273 SYNTAX VlanIndex 4274 MAX-ACCESS not-accessible 4275 STATUS current 4276 DESCRIPTION 4277 "Indicates the VLAN number." 4278 ::= { caqCosMacVlanRouterEntry 2 } 4279 4280caqMacAddressCpb OBJECT-TYPE 4281 SYNTAX BITS { 4282 routerMac(0), 4283 cosVlanMac(1) 4284 } 4285 MAX-ACCESS read-create 4286 STATUS current 4287 DESCRIPTION 4288 "Indicates the capability of the destination MAC address denoted 4289 by caqCosMacAddress object in the same row. 4290 4291 routerMac(0) means that it is a router Mac address. 4292 4293 cosVlanMac(1) means that a Cos value is assigned to frames 4294 on a specific VLAN and which has this MAC address as its 4295 destination." 4296 ::= { caqCosMacVlanRouterEntry 3 } 4297 4298caqCosValue OBJECT-TYPE 4299 SYNTAX QosLayer2Cos 4300 MAX-ACCESS read-create 4301 STATUS current 4302 DESCRIPTION 4303 "Indicates the Cos value. This object is only instantiated 4304 if the cosVlanMac bit in caqMacAddressCpb object is turned 4305 on." 4306 ::= { caqCosMacVlanRouterEntry 4 } 4307 4308caqCosMacVlanRouterStatus OBJECT-TYPE 4309 SYNTAX RowStatus 4310 MAX-ACCESS read-create 4311 STATUS current 4312 DESCRIPTION 4313 "The status of this conceptual row entry. This object is 4314 used to manage creation, deletion and modification of rows in 4315 this table. 4316 4317 An entry may not exist in the active state unless all objects 4318 in the entry have an appropriate value. Once a row becomes 4319 active, value in any other column within such row cannot be 4320 modified except by setting caqCosMacVlanRouterStatus to 4321 notInService(2) for such row." 4322 ::= { caqCosMacVlanRouterEntry 5 } 4323 4324 4325--********************************************************************* 4326-- Cisco CatOS Acl Qos PBF Group 4327--********************************************************************* 4328 4329caqPbfStatus OBJECT-TYPE 4330 SYNTAX INTEGER { 4331 macAddrOk(1), 4332 macAddrNotSet(2), 4333 msfcPresent(3) 4334 } 4335 MAX-ACCESS read-only 4336 STATUS current 4337 DESCRIPTION 4338 "Indicates the status of policy-based forwarding (PBF) engine. 4339 4340 macAddrOk(1) indicates that the MAC address of the PBF engine 4341 is set successfully and PBF engine is operational. 4342 4343 macAddrNotSet(2) indicates that the MAC address of the PBF 4344 engine is not set and PBF engine is not operational. 4345 4346 msfcPresent(3) indicates that there is a Multiplayer Switch 4347 Feature Card (MSFC) present in the device thus the PBF engine 4348 is not operational." 4349 ::= { caqPbfObjects 1 } 4350 4351caqPbfMacAddress OBJECT-TYPE 4352 SYNTAX MacAddress 4353 MAX-ACCESS read-write 4354 STATUS current 4355 DESCRIPTION 4356 "Indicates the PBF engine MAC address. When the value of 4357 caqPbfStatus is msfcPresent(3), this object cannot be configured 4358 and its previously configured value is ignored." 4359 ::= { caqPbfObjects 2 } 4360 4361-- 4362-- The Adjacency Table. 4363-- 4364 4365caqAdjacencyTable OBJECT-TYPE 4366 SYNTAX SEQUENCE OF CaqAdjacencyEntry 4367 MAX-ACCESS not-accessible 4368 STATUS current 4369 DESCRIPTION 4370 "This table contains a list of adjacencies to use in 4371 policy-based forwarding (PBF). PBF is a feature that 4372 makes possible forwarding between two different VLANs 4373 without having a router." 4374 ::= { caqPbfObjects 3 } 4375 4376caqAdjacencyEntry OBJECT-TYPE 4377 SYNTAX CaqAdjacencyEntry 4378 MAX-ACCESS not-accessible 4379 STATUS current 4380 DESCRIPTION 4381 "An entry defines an adjacency. Each adjacency consists 4382 of a destination VLAN, source and destination MAC address as 4383 well as adjacency name and MTU configuration." 4384 INDEX { caqAdjIndex } 4385 ::= { caqAdjacencyTable 1 } 4386 4387CaqAdjacencyEntry ::= SEQUENCE { 4388 caqAdjIndex Unsigned32, 4389 caqAdjDstVlanNumber VlanIndex, 4390 caqAdjDstMacAddress MacAddress, 4391 caqAdjSrcMacAddress MacAddress, 4392 caqAdjName CaqAdjacencyName, 4393 caqAdjMtu Unsigned32, 4394 caqAdjHitCount Counter64, 4395 caqAdjStatus RowStatus 4396} 4397 4398caqAdjIndex OBJECT-TYPE 4399 SYNTAX Unsigned32 (1..65535) 4400 MAX-ACCESS not-accessible 4401 STATUS current 4402 DESCRIPTION 4403 "Indicates the index of this adjacency." 4404 ::= { caqAdjacencyEntry 1 } 4405 4406caqAdjDstVlanNumber OBJECT-TYPE 4407 SYNTAX VlanIndex 4408 MAX-ACCESS read-create 4409 STATUS current 4410 DESCRIPTION 4411 "Indicates the destination VLAN number of this adjacency." 4412 ::= { caqAdjacencyEntry 2 } 4413 4414caqAdjDstMacAddress OBJECT-TYPE 4415 SYNTAX MacAddress 4416 MAX-ACCESS read-create 4417 STATUS current 4418 DESCRIPTION 4419 "Indicates the adjacency destination MAC address." 4420 ::= { caqAdjacencyEntry 3 } 4421 4422caqAdjSrcMacAddress OBJECT-TYPE 4423 SYNTAX MacAddress 4424 MAX-ACCESS read-create 4425 STATUS current 4426 DESCRIPTION 4427 "Indicates the adjacency source MAC address. If this object 4428 is not configured, it will contain the MAC address of the 4429 PBF engine which is denoted by caqPbfMacAddress object." 4430 ::= { caqAdjacencyEntry 4 } 4431 4432caqAdjName OBJECT-TYPE 4433 SYNTAX CaqAdjacencyName 4434 MAX-ACCESS read-create 4435 STATUS current 4436 DESCRIPTION 4437 "Indicates the adjacency name. The adjacency name should be 4438 unique among all entries in this table." 4439 ::= { caqAdjacencyEntry 5 } 4440 4441caqAdjMtu OBJECT-TYPE 4442 SYNTAX Unsigned32 (576..18190) 4443 UNITS "bytes" 4444 MAX-ACCESS read-create 4445 STATUS current 4446 DESCRIPTION 4447 "Indicates the adjacency MTU." 4448 DEFVAL { 9216 } 4449 ::= { caqAdjacencyEntry 6 } 4450 4451caqAdjHitCount OBJECT-TYPE 4452 SYNTAX Counter64 4453 MAX-ACCESS read-only 4454 STATUS current 4455 DESCRIPTION 4456 "Indicates the number of packets that have matched this 4457 adjacency's criteria. The value of this object is cleared when 4458 this row is derefenced by entries in caqSecurityActionTable." 4459 ::= { caqAdjacencyEntry 7 } 4460 4461caqAdjStatus OBJECT-TYPE 4462 SYNTAX RowStatus 4463 MAX-ACCESS read-create 4464 STATUS current 4465 DESCRIPTION 4466 "Indicates the status of this adjacency conceptual entry. 4467 This object is used to manage creation, deletion and 4468 modification of rows in this table. 4469 4470 An entry may not exist in the active state unless all objects 4471 in the entry have an appropriate value. Once a row becomes 4472 active, value in any other column within such row cannot be 4473 modified. 4474 4475 This object cannot be changed from active(1) to any other value 4476 if the following two conditions are met: 4477 - There is an active entry in caqSecurityActionTable with 4478 caqSecurityAdjIndex equal to caqAdjIndex. 4479 - That entry has caqSecurityAction set to redirectWithAdj(4)." 4480 ::= { caqAdjacencyEntry 8 } 4481 4482--********************************************************************* 4483-- Cisco CatOS Acl Security Logging Group 4484--********************************************************************* 4485 4486caqAclLogMaxFlow OBJECT-TYPE 4487 SYNTAX Unsigned32 (256..2048) 4488 MAX-ACCESS read-write 4489 STATUS current 4490 DESCRIPTION 4491 "Indicates the maximum number of traffic flow will be logged 4492 by the device." 4493 ::= { caqLoggingObjects 1 } 4494 4495caqAclSecurityLoggingRateLimit OBJECT-TYPE 4496 SYNTAX Unsigned32 (500..5000) 4497 UNITS "packet per second" 4498 MAX-ACCESS read-write 4499 STATUS current 4500 DESCRIPTION 4501 "Indicates the redirect rate of traffic flow subjected 4502 to security ACL logging." 4503 ::= { caqLoggingObjects 2 } 4504 4505caqAclRouterAclRateLimit OBJECT-TYPE 4506 SYNTAX Unsigned32 (1..1000) 4507 UNITS "packet per second" 4508 MAX-ACCESS read-write 4509 STATUS current 4510 DESCRIPTION 4511 "Indicates the redirect rate of traffic flow subjected 4512 to router ACL logging." 4513 ::= { caqLoggingObjects 3 } 4514 4515-- 4516-- caqIpFlowLoggingTable 4517-- 4518 4519caqIpFlowLoggingTable OBJECT-TYPE 4520 SYNTAX SEQUENCE OF CaqIpFlowLoggingEntry 4521 MAX-ACCESS not-accessible 4522 STATUS current 4523 DESCRIPTION 4524 "This table contains a list of IP flows that describes the 4525 IP traffic denied and logged by the device." 4526 ::= { caqLoggingObjects 4 } 4527 4528caqIpFlowLoggingEntry OBJECT-TYPE 4529 SYNTAX CaqIpFlowLoggingEntry 4530 MAX-ACCESS not-accessible 4531 STATUS current 4532 DESCRIPTION 4533 "An entry describes an IP flow, consisting of a set of data 4534 such as source and destination address, source and destination 4535 port as well as protocol specific information. To keep the 4536 table from overflow, each entry contains a TTL (Time to Live) 4537 object. An entry will be removed from this table when its TTL 4538 value reaches zero." 4539 INDEX { caqIpFlowLoggingIndex } 4540 ::= { caqIpFlowLoggingTable 1 } 4541 4542CaqIpFlowLoggingEntry ::= SEQUENCE { 4543 caqIpFlowLoggingIndex Unsigned32, 4544 caqIpFlowVlan VlanIndex, 4545 caqIpFlowIfIndex InterfaceIndex, 4546 caqIpFlowProtocolType Unsigned32, 4547 caqIpFlowAddrType InetAddressType, 4548 caqIpFlowSrcIp InetAddress, 4549 caqIpFlowSrcPort Integer32, 4550 caqIpFlowDestIp InetAddress, 4551 caqIpFlowDestPort Integer32, 4552 caqIpFlowIcmpType Integer32, 4553 caqIpFlowIcmpCode Integer32, 4554 caqIpFlowIgmpType Integer32, 4555 caqIpFlowArpOpcode INTEGER, 4556 caqIpFlowArpSrcMacAddr MacAddress, 4557 caqIpFlowArpHeaderSrcMacAddr MacAddress, 4558 caqIpFlowPacketsCount Counter32, 4559 caqIpFlowLoggingTTL Unsigned32, 4560 caqIpFlowArpLoggingSource INTEGER, 4561 caqIpFlowArpAclName SnmpAdminString, 4562 caqIpFlowArpAceNumber Unsigned32 4563} 4564 4565caqIpFlowLoggingIndex OBJECT-TYPE 4566 SYNTAX Unsigned32 (1..65535) 4567 MAX-ACCESS not-accessible 4568 STATUS current 4569 DESCRIPTION 4570 "The index of this table for indicating a logged IP flow." 4571 ::= { caqIpFlowLoggingEntry 1 } 4572 4573caqIpFlowVlan OBJECT-TYPE 4574 SYNTAX VlanIndex 4575 MAX-ACCESS read-only 4576 STATUS current 4577 DESCRIPTION 4578 "Indicates the VLAN number which this logged IP flow belongs." 4579 ::= { caqIpFlowLoggingEntry 2 } 4580 4581caqIpFlowIfIndex OBJECT-TYPE 4582 SYNTAX InterfaceIndex 4583 MAX-ACCESS read-only 4584 STATUS current 4585 DESCRIPTION 4586 "Indicates the ifIndex of the interface where this logged 4587 IP flow arrived." 4588 ::= { caqIpFlowLoggingEntry 3 } 4589 4590caqIpFlowProtocolType OBJECT-TYPE 4591 SYNTAX Unsigned32 (0..255) 4592 MAX-ACCESS read-only 4593 STATUS current 4594 DESCRIPTION 4595 "The protocol number field in the IP header of this logged 4596 IP flow as specified in RFC 1700." 4597 REFERENCE 4598 "RFC 1700, Assigned Numbers." 4599 ::= { caqIpFlowLoggingEntry 4 } 4600 4601caqIpFlowAddrType OBJECT-TYPE 4602 SYNTAX InetAddressType 4603 MAX-ACCESS read-only 4604 STATUS current 4605 DESCRIPTION 4606 "Indicates the address type for addresses specified in 4607 caqIpFlowSrcIp and caqIpFlowDestIp of this logged IP 4608 flow." 4609 ::= { caqIpFlowLoggingEntry 5 } 4610 4611caqIpFlowSrcIp OBJECT-TYPE 4612 SYNTAX InetAddress 4613 MAX-ACCESS read-only 4614 STATUS current 4615 DESCRIPTION 4616 "Indicates the source address of this logged IP flow." 4617 ::= { caqIpFlowLoggingEntry 6 } 4618 4619caqIpFlowSrcPort OBJECT-TYPE 4620 SYNTAX Integer32 (-1 | 0..65535) 4621 MAX-ACCESS read-only 4622 STATUS current 4623 DESCRIPTION 4624 "Indicates the source port number of this logged IP flow 4625 when its protocol field is TCP or UDP. The value of this 4626 object is -1 if the flow is not UDP or TCP traffic." 4627 ::= { caqIpFlowLoggingEntry 7 } 4628 4629caqIpFlowDestIp OBJECT-TYPE 4630 SYNTAX InetAddress 4631 MAX-ACCESS read-only 4632 STATUS current 4633 DESCRIPTION 4634 "Indicates the destination address of this logged IP flow." 4635 ::= { caqIpFlowLoggingEntry 8 } 4636 4637caqIpFlowDestPort OBJECT-TYPE 4638 SYNTAX Integer32 (-1 | 0..65535) 4639 MAX-ACCESS read-only 4640 STATUS current 4641 DESCRIPTION 4642 "Indicates the destination port number of this logged IP flow 4643 when its protocol field is TCP or UDP. The value of this 4644 object is -1 if the flow is not UDP or TCP traffic." 4645 ::= { caqIpFlowLoggingEntry 9 } 4646 4647caqIpFlowIcmpType OBJECT-TYPE 4648 SYNTAX Integer32 (-1 | 0..255) 4649 MAX-ACCESS read-only 4650 STATUS current 4651 DESCRIPTION 4652 "Indicates the message type of ICMP packets. The value of this 4653 object is -1 if the flow is not ICMP traffic." 4654 ::= { caqIpFlowLoggingEntry 10 } 4655 4656caqIpFlowIcmpCode OBJECT-TYPE 4657 SYNTAX Integer32 (-1 | 0..255) 4658 MAX-ACCESS read-only 4659 STATUS current 4660 DESCRIPTION 4661 "Indicates the message code of ICMP packets. The value of this 4662 object is -1 if the flow is not ICMP traffic." 4663 ::= { caqIpFlowLoggingEntry 11 } 4664 4665caqIpFlowIgmpType OBJECT-TYPE 4666 SYNTAX Integer32 (-1 | 0..15) 4667 MAX-ACCESS read-only 4668 STATUS current 4669 DESCRIPTION 4670 "Indicates the message type of IGMP packets. The value of this 4671 object is -1 if the flow is not IGMP traffic." 4672 ::= { caqIpFlowLoggingEntry 12 } 4673 4674caqIpFlowArpOpcode OBJECT-TYPE 4675 SYNTAX INTEGER { 4676 notApplicable(1), 4677 request(2), 4678 reply(3) 4679 } 4680 MAX-ACCESS read-only 4681 STATUS current 4682 DESCRIPTION 4683 "Indicates the ARP opcode value of this ARP flow. 4684 4685 If the value of this object is notApplicable(1), this flow 4686 is not ARP traffic. 4687 4688 If the value of this object is request(2), this flow 4689 is ARP request traffic. 4690 4691 If the value of this object is reply(3), this flow 4692 is ARP reply traffic." 4693 4694 ::= { caqIpFlowLoggingEntry 13 } 4695 4696caqIpFlowArpSrcMacAddr OBJECT-TYPE 4697 SYNTAX MacAddress 4698 MAX-ACCESS read-only 4699 STATUS current 4700 DESCRIPTION 4701 "Indicates the Ethernet Source Address value of this ARP 4702 flow. This object is ignored if the flow is not ARP 4703 traffic." 4704 ::= { caqIpFlowLoggingEntry 14 } 4705 4706caqIpFlowArpHeaderSrcMacAddr OBJECT-TYPE 4707 SYNTAX MacAddress 4708 MAX-ACCESS read-only 4709 STATUS current 4710 DESCRIPTION 4711 "Indicates the Ethernet Source Address value included in the 4712 ARP header of this ARP flow. This object is ignored if the 4713 flow is not ARP traffic." 4714 ::= { caqIpFlowLoggingEntry 15 } 4715 4716caqIpFlowPacketsCount OBJECT-TYPE 4717 SYNTAX Counter32 4718 UNITS "packets" 4719 MAX-ACCESS read-only 4720 STATUS current 4721 DESCRIPTION 4722 "Indicates the number of packets that belong to this IP flow." 4723 ::= { caqIpFlowLoggingEntry 16 } 4724 4725caqIpFlowLoggingTTL OBJECT-TYPE 4726 SYNTAX Unsigned32 4727 UNITS "seconds" 4728 MAX-ACCESS read-only 4729 STATUS current 4730 DESCRIPTION 4731 "Indicates the TTL (Time to Live) of this entry. The entry 4732 is removed when its value of this object reaches 0." 4733 ::= { caqIpFlowLoggingEntry 17 } 4734 4735caqIpFlowArpLoggingSource OBJECT-TYPE 4736 SYNTAX INTEGER { 4737 notApplicable(1), 4738 dai(2), 4739 acl(3) 4740 } 4741 MAX-ACCESS read-only 4742 STATUS current 4743 DESCRIPTION 4744 "Indicates the source that triggered the logging of this 4745 ARP flow. This object value is 'notApplicable' if the 4746 flow is not ARP traffic. 4747 4748 'dai' indicates the logging source is Dynamic Arp Inspection 4749 feature. 4750 4751 'acl' indicates the logging source is a configured security 4752 access control list (ACL)." 4753 ::= { caqIpFlowLoggingEntry 18 } 4754 4755caqIpFlowArpAclName OBJECT-TYPE 4756 SYNTAX SnmpAdminString 4757 MAX-ACCESS read-only 4758 STATUS current 4759 DESCRIPTION 4760 "Indicates the security ACL name which triggered the 4761 logging of this ARP flow. This object is ignored if 4762 the value of caqIpFlowArpLoggingSource object in the 4763 same row is not 'acl'." 4764 ::= { caqIpFlowLoggingEntry 19 } 4765 4766caqIpFlowArpAceNumber OBJECT-TYPE 4767 SYNTAX Unsigned32 4768 MAX-ACCESS read-only 4769 STATUS current 4770 DESCRIPTION 4771 "Indicates the ACE number within the ACL denoted by 4772 caqIpFlowArpAclName object which triggered the logging 4773 of this ARP flow. This object is ignored if the value of 4774 caqIpFlowArpLoggingSource object in the same row is not 'acl'." 4775 ::= { caqIpFlowLoggingEntry 20 } 4776 4777--********************************************************************* 4778--********************************************************************* 4779-- Cisco CatOS Acl ARP Inspection Group 4780--********************************************************************* 4781caqAclArpInspMatchMac OBJECT-TYPE 4782 SYNTAX INTEGER { 4783 disable(1), 4784 enable(2), 4785 drop(3), 4786 dropAndLog(4) 4787 } 4788 MAX-ACCESS read-write 4789 STATUS current 4790 DESCRIPTION 4791 "Indicates whether for ARP packets MAC address matching of 4792 ethernet header and the source MAC address specified in ARP 4793 header is enabled. It also indicates the action taken when 4794 the addresses do not match. 4795 4796 If this object value is disable(1), the device will not check 4797 for matching of source MAC address in ethernet header with the 4798 sender MAC address in ARP header for ARP packets. 4799 4800 If this object value is enable(2), the device will check 4801 for matching of source MAC address in ethernet header with the 4802 sender MAC address in ARP header for ARP packets. A syslog 4803 message is generated if the MAC addresses check fails. 4804 4805 If this object value is drop(3), the device will check for 4806 MAC addresses matching and ARP packets whose MAC addresses 4807 do not match will be dropped. 4808 4809 If this object value is dropAndLog(4), the device will check 4810 for MAC addresses matching and ARP packets whose MAC addresses 4811 do not match will be dropped and logged into 4812 caqIpFlowLoggingTable." 4813 ::= { caqArpInspObjects 2 } 4814 4815caqAclArpInspAddrValidation OBJECT-TYPE 4816 SYNTAX INTEGER { 4817 disable(1), 4818 enable(2), 4819 drop(3), 4820 dropAndLog(4) 4821 } 4822 MAX-ACCESS read-write 4823 STATUS current 4824 DESCRIPTION 4825 "Indicates whether for ARP packets checking for valid source MAC 4826 and source IP address specified in ARP header is enabled. It 4827 also indicates the action taken when the addresses are not 4828 valid. 4829 4830 If this object value is disable(1), the device will not check 4831 for valid MAC and IP address for ARP packets. 4832 4833 If this object value is enable(2), the device will check 4834 for valid MAC and IP address for ARP packets. A syslog 4835 message is generated if the addresses check fails. 4836 4837 If this object value is drop(3), the device will check for 4838 valid MAC and IP addresses. ARP packets whose have illegal MAC 4839 and IP addresses will be dropped. 4840 4841 If this object value is dropAndLog(4), the device will check 4842 for valid MAC and IP addresses. ARP packets whose have invalid 4843 MAC and IP addresses will be dropped and logged into 4844 caqIpFlowLoggingTable." 4845 ::= { caqArpInspObjects 3 } 4846 4847caqArpInspGlobalForwardedPkts OBJECT-TYPE 4848 SYNTAX Counter64 4849 UNITS "packets" 4850 MAX-ACCESS read-only 4851 STATUS current 4852 DESCRIPTION 4853 "Indicates the total number of packets subjected to 4854 ARP Inspection is forwarded." 4855 ::= { caqArpInspObjects 4 } 4856 4857caqArpInspGlobalDroppedPkts OBJECT-TYPE 4858 SYNTAX Counter64 4859 UNITS "packets" 4860 MAX-ACCESS read-only 4861 STATUS current 4862 DESCRIPTION 4863 "Indicates the total number of packets subjected to 4864 ARP Inspection is dropped." 4865 ::= { caqArpInspObjects 5 } 4866 4867caqRARPForwardedPkts OBJECT-TYPE 4868 SYNTAX Counter64 4869 UNITS "packets" 4870 MAX-ACCESS read-only 4871 STATUS current 4872 DESCRIPTION 4873 "Indicates the total number of packets subjected to 4874 Reverse ARP (RARP) Inspection is forwarded." 4875 ::= { caqArpInspObjects 6 } 4876 4877caqMatchedMacFailedPkts OBJECT-TYPE 4878 SYNTAX Counter64 4879 UNITS "packets" 4880 MAX-ACCESS read-only 4881 STATUS current 4882 DESCRIPTION 4883 "Indicates the total number of packets subjected to 4884 ARP Inspection whose MAC address specified in the ethernet 4885 header and the source MAC address specified in ARP 4886 header does not match." 4887 ::= { caqArpInspObjects 7 } 4888 4889caqAddrValidationFailedPkts OBJECT-TYPE 4890 SYNTAX Counter64 4891 UNITS "packets" 4892 MAX-ACCESS read-only 4893 STATUS current 4894 DESCRIPTION 4895 "Indicates the total number of ARP packets that have 4896 invalid source MAC address or invalid source IP address 4897 specified in the ARP header." 4898 ::= { caqArpInspObjects 8 } 4899 4900caqArpInspIpDroppedPkts OBJECT-TYPE 4901 SYNTAX Counter64 4902 UNITS "packets" 4903 MAX-ACCESS read-only 4904 STATUS current 4905 DESCRIPTION 4906 "Indicates the total number of IP packets dropped by 4907 ARP Inspection because of invalid IP address." 4908 ::= { caqArpInspObjects 9 } 4909 4910-- 4911-- 4912-- The Arp Inspection Statistics Table 4913-- 4914 4915caqArpInspStatsTable OBJECT-TYPE 4916 SYNTAX SEQUENCE OF CaqArpInspStatsEntry 4917 MAX-ACCESS not-accessible 4918 STATUS current 4919 DESCRIPTION 4920 "A table containing ARP Inspection statistics counter per ACL." 4921 ::= { caqArpInspObjects 10 } 4922 4923caqArpInspStatsEntry OBJECT-TYPE 4924 SYNTAX CaqArpInspStatsEntry 4925 MAX-ACCESS not-accessible 4926 STATUS current 4927 DESCRIPTION 4928 "An entry contains the numbers of packet permitted or denied 4929 per ACL." 4930 INDEX { IMPLIED caqArpInspAclName } 4931 ::= { caqArpInspStatsTable 1 } 4932 4933CaqArpInspStatsEntry ::= SEQUENCE { 4934 caqArpInspAclName CaqAclName, 4935 caqArpInspForwardedPackets Counter64, 4936 caqArpInspDroppedPackets Counter64 4937} 4938 4939caqArpInspAclName OBJECT-TYPE 4940 SYNTAX CaqAclName 4941 MAX-ACCESS not-accessible 4942 STATUS current 4943 DESCRIPTION 4944 "The name of an ACL that contains ACE used for ARP Inspection." 4945 ::= { caqArpInspStatsEntry 1 } 4946 4947caqArpInspForwardedPackets OBJECT-TYPE 4948 SYNTAX Counter64 4949 UNITS "packets" 4950 MAX-ACCESS read-only 4951 STATUS current 4952 DESCRIPTION 4953 "Indicates the number of packets subjected to ARP Inspection 4954 is forwarded by this ACL." 4955 ::= { caqArpInspStatsEntry 2 } 4956 4957caqArpInspDroppedPackets OBJECT-TYPE 4958 SYNTAX Counter64 4959 UNITS "packets" 4960 MAX-ACCESS read-only 4961 STATUS current 4962 DESCRIPTION 4963 "Indicates the number of packets subjected to ARP Inspection 4964 is dropped by this ACL." 4965 ::= { caqArpInspStatsEntry 3 } 4966 4967-- 4968-- caqIfArpInspConfigTable 4969-- 4970 4971caqIfArpInspConfigTable OBJECT-TYPE 4972 SYNTAX SEQUENCE OF CaqIfArpInspConfigEntry 4973 MAX-ACCESS not-accessible 4974 STATUS current 4975 DESCRIPTION 4976 "This table contains the configuration of several threshold 4977 values related to ARP Inspection at each physical interface." 4978 ::= { caqArpInspObjects 11 } 4979 4980caqIfArpInspConfigEntry OBJECT-TYPE 4981 SYNTAX CaqIfArpInspConfigEntry 4982 MAX-ACCESS not-accessible 4983 STATUS current 4984 DESCRIPTION 4985 "Each entry contains the configuration for drop threshold 4986 and shutdown threshold for ARP Inspection at each physical 4987 interface that supports this feature. Some of the 4988 interfaces (but not limited to) for which this feature 4989 might be applicable are: ifType = ethernetCsmacd(6)." 4990 INDEX { ifIndex } 4991 ::= { caqIfArpInspConfigTable 1 } 4992 4993CaqIfArpInspConfigEntry ::= SEQUENCE { 4994 caqIfArpInspDropThreshold Unsigned32, 4995 caqIfArpInspShutdownThreshold Unsigned32 4996} 4997 4998caqIfArpInspDropThreshold OBJECT-TYPE 4999 SYNTAX Unsigned32 (0..5000) 5000 UNITS "packet per second" 5001 MAX-ACCESS read-write 5002 STATUS current 5003 DESCRIPTION 5004 "Indicates the drop threshold value where excess packets of 5005 a traffic flow subjected to ARP Inspection will be dropped 5006 if its rate is greater than this threshold value. If the value 5007 of this object is 0, no rate limit is applied for dropping 5008 ARP traffic at this interface." 5009 ::= { caqIfArpInspConfigEntry 1 } 5010 5011caqIfArpInspShutdownThreshold OBJECT-TYPE 5012 SYNTAX Unsigned32 (0..5000) 5013 UNITS "packet per second" 5014 MAX-ACCESS read-write 5015 STATUS current 5016 DESCRIPTION 5017 "Indicates the threshold value where the interface will be 5018 shutdown if traffic rate subjected to ARP Inspection is greater 5019 than this threshold value. If the value of this object is 0, 5020 no ARP traffic rate limit is applied for shutting down the 5021 interface." 5022 ::= { caqIfArpInspConfigEntry 2 } 5023 5024-- 5025-- caqAclHitCountObjects group 5026-- 5027 5028caqAclHitCountVlansLow OBJECT-TYPE 5029 SYNTAX OCTET STRING (SIZE(0..256)) 5030 MAX-ACCESS read-write 5031 STATUS current 5032 DESCRIPTION 5033 "A string of octets containing one bit per VLAN for 5034 VLANs with VlanIndex value of 0 to 2047. The first 5035 octet corresponds to VLANs with VlanIndex values 5036 of 0 through 7; the second octet to VLANs 8 through 5037 15; etc. The most significant bit of each octet 5038 corresponds to the lowest value VlanIndex in that octet. 5039 5040 For each VLAN, if ACL hit count feature is enabled then 5041 the bit corresponding to that VLAN is set to '1'. 5042 5043 Note that if the length of this string is less than 5044 256 octets, any 'missing' octets are assumed to contain 5045 the value zero. A NMS may omit any zero-valued octets 5046 from the end of this string in order to reduce SetPDU size, 5047 and the agent may also omit zero-valued trailing octets, 5048 to reduce the size of GetResponse PDUs. 5049 5050 This object is only instantiated when the vlanAclHitCount(0) 5051 bit is set to '1' in the caqAclFeatureCpb object." 5052 ::= { caqAclHitCountObjects 1 } 5053 5054caqAclHitCountVlansHigh OBJECT-TYPE 5055 SYNTAX OCTET STRING (SIZE(0..256)) 5056 MAX-ACCESS read-write 5057 STATUS current 5058 DESCRIPTION 5059 "A string of octets containing one bit per VLAN for 5060 VLANs with VlanIndex value of 2048 to 4095. The first 5061 octet corresponds to VLANs with VlanIndex values 5062 of 2048 through 2055; the second octet to VLANs 2056 5063 through 2063; etc. The most significant bit of each 5064 octet corresponds to the lowest value VlanIndex in that 5065 octet. 5066 5067 For each VLAN, if ACL hit count feature is enabled then 5068 the bit corresponding to that VLAN is set to '1'. 5069 5070 Note that if the length of this string is less than 5071 256 octets, any 'missing' octets are assumed to contain 5072 the value zero. A NMS may omit any zero-valued octets 5073 from the end of this string in order to reduce SetPDU size, 5074 and the agent may also omit zero-valued trailing octets, 5075 to reduce the size of GetResponse PDUs. 5076 5077 This object is only instantiated when the vlanAclHitCount(0) 5078 bit is set to '1' in the caqAclFeatureCpb object." 5079 ::= { caqAclHitCountObjects 2 } 5080 5081caqAclHitCountPortList OBJECT-TYPE 5082 SYNTAX CiscoPortList 5083 MAX-ACCESS read-write 5084 STATUS current 5085 DESCRIPTION 5086 "Indicates the set of physical port(s), in bridge port 5087 number, where ACL hit count feature is enabled. 5088 5089 For each port, if ACL hit count feature is enabled then 5090 the bit corresponding to that port is set to '1'. 5091 5092 This object is only instantiated when the portAclHitCount(1) 5093 bit is set to '1' in the caqAclFeatureCpb object." 5094 ::= { caqAclHitCountObjects 3 } 5095 5096-- 5097-- The caqAclHitCountTable 5098-- 5099 5100caqAclHitCountTable OBJECT-TYPE 5101 SYNTAX SEQUENCE OF CaqAclHitCountEntry 5102 MAX-ACCESS not-accessible 5103 STATUS current 5104 DESCRIPTION 5105 "This table provides the hit count configuration on 5106 ACLs which support this feature." 5107 ::= { caqAclHitCountObjects 4 } 5108 5109caqAclHitCountEntry OBJECT-TYPE 5110 SYNTAX CaqAclHitCountEntry 5111 MAX-ACCESS not-accessible 5112 STATUS current 5113 DESCRIPTION 5114 "An entry indicates whether the hit count feature is enabled 5115 on a particular ACL as well as its statistic collection mode." 5116 INDEX { caqAclHitCountAclType, 5117 IMPLIED caqAclHitCountAclName } 5118 ::= { caqAclHitCountTable 1 } 5119 5120CaqAclHitCountEntry ::= SEQUENCE { 5121 caqAclHitCountAclType CaqHitCountAclType, 5122 caqAclHitCountAclName CaqAclName, 5123 caqAclHitCountEnable TruthValue 5124} 5125 5126caqAclHitCountAclType OBJECT-TYPE 5127 SYNTAX CaqHitCountAclType 5128 MAX-ACCESS not-accessible 5129 STATUS current 5130 DESCRIPTION 5131 "Indicates the type of ACL. 5132 5133 ipSecurity(1) indicates that this ACL is an IP Security ACL. 5134 5135 ipxSecurity(2) indicates that this ACL is an IPX Security ACL. 5136 5137 macSecurity(3) indicates that this ACL is a MAC Security ACL." 5138 ::= { caqAclHitCountEntry 1 } 5139 5140caqAclHitCountAclName OBJECT-TYPE 5141 SYNTAX CaqAclName 5142 MAX-ACCESS not-accessible 5143 STATUS current 5144 DESCRIPTION 5145 "Indicates the ACL name which should exist in the ACL tables 5146 e.g. in caqIpAceTable. This ACL must be matching the type 5147 specified in caqAclHitCountAclType in the same row." 5148 ::= { caqAclHitCountEntry 2 } 5149 5150caqAclHitCountEnable OBJECT-TYPE 5151 SYNTAX TruthValue 5152 MAX-ACCESS read-write 5153 STATUS current 5154 DESCRIPTION 5155 "Indicates whether this ACL hit count is enabled." 5156 ::= { caqAclHitCountEntry 3 } 5157 5158-- 5159-- The caqAceHitCountTable 5160-- 5161 5162caqAceHitCountTable OBJECT-TYPE 5163 SYNTAX SEQUENCE OF CaqAceHitCountEntry 5164 MAX-ACCESS not-accessible 5165 STATUS current 5166 DESCRIPTION 5167 "This table provides the hit count configuration on 5168 ACEs which support this feature." 5169 ::= { caqAclHitCountObjects 5 } 5170 5171caqAceHitCountEntry OBJECT-TYPE 5172 SYNTAX CaqAceHitCountEntry 5173 MAX-ACCESS not-accessible 5174 STATUS current 5175 DESCRIPTION 5176 "An entry indicates whether the hit count feature is enabled 5177 on a particular ACE as well as its hit count statistic." 5178 INDEX { caqAceHitCountAclType, 5179 caqAceHitCountAclName, 5180 caqAceHitCountAceIndex } 5181 ::= { caqAceHitCountTable 1 } 5182 5183CaqAceHitCountEntry ::= SEQUENCE { 5184 caqAceHitCountAclType CaqHitCountAclType, 5185 caqAceHitCountAclName CaqAclName, 5186 caqAceHitCountAceIndex Unsigned32, 5187 caqAceHitCountEnable TruthValue, 5188 caqAceIngressHitCount Counter64, 5189 caqAceEgressHitCount Counter64 5190} 5191 5192caqAceHitCountAclType OBJECT-TYPE 5193 SYNTAX CaqHitCountAclType 5194 MAX-ACCESS not-accessible 5195 STATUS current 5196 DESCRIPTION 5197 "Indicates the type of ACL. 5198 5199 ipSecurity(1) indicates that this ACL is an IP Security ACL. 5200 5201 ipxSecurity(2) indicates that this ACL is an IPX Security ACL. 5202 5203 macSecurity(3) indicates that this ACL is a MAC Security ACL." 5204 ::= { caqAceHitCountEntry 1 } 5205 5206caqAceHitCountAclName OBJECT-TYPE 5207 SYNTAX CaqAclName 5208 MAX-ACCESS not-accessible 5209 STATUS current 5210 DESCRIPTION 5211 "Indicates the ACL name which should exist in the ACL tables 5212 e.g. in caqIpAceTable. This ACL must be matching the type 5213 specified in caqAceHitCountAclType in the same row." 5214 ::= { caqAceHitCountEntry 2 } 5215 5216caqAceHitCountAceIndex OBJECT-TYPE 5217 SYNTAX Unsigned32 (1..65535) 5218 MAX-ACCESS not-accessible 5219 STATUS current 5220 DESCRIPTION 5221 "The index of an ACE within an ACL." 5222 ::= { caqAceHitCountEntry 3 } 5223 5224caqAceHitCountEnable OBJECT-TYPE 5225 SYNTAX TruthValue 5226 MAX-ACCESS read-write 5227 STATUS current 5228 DESCRIPTION 5229 "Indicates whether this ACE hit count is enabled." 5230 ::= { caqAceHitCountEntry 4 } 5231 5232caqAceIngressHitCount OBJECT-TYPE 5233 SYNTAX Counter64 5234 MAX-ACCESS read-only 5235 STATUS current 5236 DESCRIPTION 5237 "Indicates number of hit count for this ACE for 5238 ingress traffic." 5239 ::= { caqAceHitCountEntry 5 } 5240 5241caqAceEgressHitCount OBJECT-TYPE 5242 SYNTAX Counter64 5243 MAX-ACCESS read-only 5244 STATUS current 5245 DESCRIPTION 5246 "Indicates number of hit count for this ACE for 5247 egress traffic." 5248 ::= { caqAceHitCountEntry 6 } 5249 5250-- 5251-- The caqAclIfHitCountTable 5252-- 5253 5254caqIfAclHitCountTable OBJECT-TYPE 5255 SYNTAX SEQUENCE OF CaqIfAclHitCountEntry 5256 MAX-ACCESS not-accessible 5257 STATUS current 5258 DESCRIPTION 5259 "This table provides the ACL hit count statistics at 5260 an interface. An interface can be a physical port if 5261 the bit portAclHitCount(1) is set in the object 5262 caqAclFeatureCpb or a VLAN if the bit vlanAclHitCount(0) 5263 is set in the object caqAclFeatureCpb." 5264 ::= { caqAclHitCountObjects 6 } 5265 5266caqIfAclHitCountEntry OBJECT-TYPE 5267 SYNTAX CaqIfAclHitCountEntry 5268 MAX-ACCESS not-accessible 5269 STATUS current 5270 DESCRIPTION 5271 "Each entry indicates the number of hit count at each 5272 ACE belonged to an ACL which supports hit count collection 5273 at an interface where the ACL is attached." 5274 INDEX { ifIndex, 5275 caqIfAclHitCountAclType, 5276 caqIfAclHitCountAclName, 5277 caqIfAclHitCountAceIndex } 5278 ::= { caqIfAclHitCountTable 1 } 5279 5280CaqIfAclHitCountEntry ::= SEQUENCE { 5281 caqIfAclHitCountAclType CaqHitCountAclType, 5282 caqIfAclHitCountAclName CaqAclName, 5283 caqIfAclHitCountAceIndex Unsigned32, 5284 caqIfAclIngressHitCount Counter64, 5285 caqIfAclEgressHitCount Counter64 5286} 5287 5288caqIfAclHitCountAclType OBJECT-TYPE 5289 SYNTAX CaqHitCountAclType 5290 MAX-ACCESS not-accessible 5291 STATUS current 5292 DESCRIPTION 5293 "Indicates the type of ACL. 5294 5295 ipSecurity(1) indicates that this ACL is an IP Security ACL. 5296 5297 ipxSecurity(2) indicates that this ACL is an IPX Security ACL. 5298 5299 macSecurity(3) indicates that this ACL is a MAC Security ACL." 5300 ::= { caqIfAclHitCountEntry 1 } 5301 5302caqIfAclHitCountAclName OBJECT-TYPE 5303 SYNTAX CaqAclName 5304 MAX-ACCESS not-accessible 5305 STATUS current 5306 DESCRIPTION 5307 "Indicates the ACL name which should exist in the ACL tables 5308 e.g. in caqIpAceTable. This ACL must be matching the type 5309 specified in caqIfAclHitCountAclType in the same row." 5310 ::= { caqIfAclHitCountEntry 2 } 5311 5312caqIfAclHitCountAceIndex OBJECT-TYPE 5313 SYNTAX Unsigned32 (1..65535) 5314 MAX-ACCESS not-accessible 5315 STATUS current 5316 DESCRIPTION 5317 "The index of an ACE within an ACL." 5318 ::= { caqIfAclHitCountEntry 3 } 5319 5320 5321caqIfAclIngressHitCount OBJECT-TYPE 5322 SYNTAX Counter64 5323 MAX-ACCESS read-only 5324 STATUS current 5325 DESCRIPTION 5326 "Indicates the number of hit count of this ACE for 5327 ingress traffic on this interface." 5328 ::= { caqIfAclHitCountEntry 4 } 5329 5330caqIfAclEgressHitCount OBJECT-TYPE 5331 SYNTAX Counter64 5332 MAX-ACCESS read-only 5333 STATUS current 5334 DESCRIPTION 5335 "Indicates the number of hit count of this ACE for 5336 egress traffic on this interface." 5337 ::= { caqIfAclHitCountEntry 5 } 5338 5339-- 5340-- The caqDownloadAclInfoTable 5341-- 5342 5343caqDownloadAclInfoTable OBJECT-TYPE 5344 SYNTAX SEQUENCE OF CaqDownloadAclInfoEntry 5345 MAX-ACCESS not-accessible 5346 STATUS current 5347 DESCRIPTION 5348 "This table provides the management information for 5349 downloaded ACLs." 5350 ::= { caqDownloadAclObjects 1 } 5351 5352caqDownloadAclInfoEntry OBJECT-TYPE 5353 SYNTAX CaqDownloadAclInfoEntry 5354 MAX-ACCESS not-accessible 5355 STATUS current 5356 DESCRIPTION 5357 "An entry is populated for each downloaded ACL in 5358 the device." 5359 INDEX { IMPLIED caqDownloadAclName } 5360 ::= { caqDownloadAclInfoTable 1 } 5361 5362CaqDownloadAclInfoEntry ::= SEQUENCE { 5363 caqDownloadAclName SnmpAdminString, 5364 caqDownloadAclUserCount Unsigned32, 5365 caqDownloadAclDownloadTime DateAndTime 5366} 5367 5368caqDownloadAclName OBJECT-TYPE 5369 SYNTAX SnmpAdminString (SIZE (1..255)) 5370 MAX-ACCESS not-accessible 5371 STATUS current 5372 DESCRIPTION 5373 "This object indicates the name of a downloaded ACL." 5374 ::= { caqDownloadAclInfoEntry 1 } 5375 5376caqDownloadAclUserCount OBJECT-TYPE 5377 SYNTAX Unsigned32 5378 MAX-ACCESS read-only 5379 STATUS current 5380 DESCRIPTION 5381 "This object indicates the number of users (i.e., 5382 authenticated hosts) who are using this downloaded ACL." 5383 ::= { caqDownloadAclInfoEntry 2 } 5384 5385caqDownloadAclDownloadTime OBJECT-TYPE 5386 SYNTAX DateAndTime 5387 MAX-ACCESS read-only 5388 STATUS current 5389 DESCRIPTION 5390 "This object indicates the time when this ACL is downloaded 5391 to the device." 5392 ::= { caqDownloadAclInfoEntry 3 } 5393 5394-- 5395-- caqIpDownloadAceTable 5396-- 5397 5398caqIpDownloadAceTable OBJECT-TYPE 5399 SYNTAX SEQUENCE OF CaqIpDownloadAceEntry 5400 MAX-ACCESS not-accessible 5401 STATUS current 5402 DESCRIPTION 5403 "This table contains a list of downloaded IP ACEs for 5404 security purpose. Each ACE consists of a filter specification 5405 and behavior associated with it which describes what action 5406 to carry out on packets which match. 5407 5408 An ACL is defined as the set of ACEs. Each ACE is named by 5409 a combination of an AclName and an ACE index, such that all 5410 the ACEs which are named using the same AclName are part of 5411 the same ACL." 5412 ::= { caqDownloadAclObjects 2 } 5413 5414caqIpDownloadAceEntry OBJECT-TYPE 5415 SYNTAX CaqIpDownloadAceEntry 5416 MAX-ACCESS not-accessible 5417 STATUS current 5418 DESCRIPTION 5419 "An entry defines an ACE, consisting of a set of match 5420 criteria. For a packet to match an entry, it has to match 5421 all the criteria specified in that entry." 5422 INDEX { caqIpDownloadAclName, caqIpDownloadAceIndex } 5423 ::= { caqIpDownloadAceTable 1 } 5424 5425CaqIpDownloadAceEntry ::= SEQUENCE { 5426 caqIpDownloadAclName SnmpAdminString, 5427 caqIpDownloadAceIndex Unsigned32, 5428 caqIpDownloadAceMatchedAction INTEGER, 5429 caqIpDownloadAceProtocolType CiscoIpProtocol, 5430 caqIpDownloadAceAddrType InetAddressType, 5431 caqIpDownloadAceSrcIp InetAddress, 5432 caqIpDownloadAceSrcIpMask InetAddress, 5433 caqIpDownloadAceSrcPortOp INTEGER, 5434 caqIpDownloadAceSrcPort InetPortNumber, 5435 caqIpDownloadAceSrcPortRange InetPortNumber, 5436 caqIpDownloadAceDestIp InetAddress, 5437 caqIpDownloadAceDestIpMask InetAddress, 5438 caqIpDownloadAceDestPortOp INTEGER, 5439 caqIpDownloadAceDestPort InetPortNumber, 5440 caqIpDownloadAceDestPortRange InetPortNumber, 5441 caqIpDownloadAceTosMatchCriteria INTEGER, 5442 caqIpDownloadAceIpPrec CaqIpPrecedence, 5443 caqIpDownloadAceDscp Dscp, 5444 caqIpDnldAcePrtocolMatchCriteria INTEGER, 5445 caqIpDownloadAceIcmpType Unsigned32, 5446 caqIpDownloadAceIcmpCode Unsigned32 5447} 5448 5449caqIpDownloadAclName OBJECT-TYPE 5450 SYNTAX SnmpAdminString 5451 MAX-ACCESS not-accessible 5452 STATUS current 5453 DESCRIPTION 5454 "The name of a downloaded IP ACL." 5455 ::= { caqIpDownloadAceEntry 1 } 5456 5457caqIpDownloadAceIndex OBJECT-TYPE 5458 SYNTAX Unsigned32 5459 MAX-ACCESS not-accessible 5460 STATUS current 5461 DESCRIPTION 5462 "The index of an ACE within a downloaded ACL." 5463 ::= { caqIpDownloadAceEntry 2 } 5464 5465caqIpDownloadAceMatchedAction OBJECT-TYPE 5466 SYNTAX INTEGER { 5467 permit(1), 5468 deny(2), 5469 denyAndLog(3), 5470 permitAndCapture(4) 5471 } 5472 MAX-ACCESS read-only 5473 STATUS current 5474 DESCRIPTION 5475 "Indicates the action to be taken if a packet matches this ACE. 5476 5477 If 'permit' is specified, the matched packet will be allowed 5478 through the device. 5479 5480 If 'deny' is specified, the matched packet will be blocked and 5481 dropped. 5482 5483 If 'denyAndLog' is specified, the matched packet will be 5484 blocked, dropped and logged. 5485 5486 If 'permitAndCapture' is specified, the matched packet will be 5487 allowed, and a copy of it will be forwarded to capture port(s)." 5488 ::= { caqIpDownloadAceEntry 3 } 5489 5490caqIpDownloadAceProtocolType OBJECT-TYPE 5491 SYNTAX CiscoIpProtocol 5492 MAX-ACCESS read-only 5493 STATUS current 5494 DESCRIPTION 5495 "The protocol number field in the IP header used to indicate 5496 the higher layer protocol as specified in RFC 1700. A value 5497 value of 0 matches every IP packet. 5498 5499 For example : 5500 0 is IP, 1 is ICMP, 2 is IGMP, 4 is IP in IP encapsulation, 5501 6 is TCP, 9 is IGRP, 17 is UDP, 47 is GRE, 50 is ESP, 51 is AH, 5502 88 is IGRP, 89 is OSPF, 94 is KA9Q/NOS compatible IP over IP, 5503 103 is PIMv2, 108 is PCP." 5504 REFERENCE 5505 "RFC 1700, Assigned Numbers." 5506 ::= { caqIpDownloadAceEntry 4 } 5507 5508caqIpDownloadAceAddrType OBJECT-TYPE 5509 SYNTAX InetAddressType 5510 MAX-ACCESS read-only 5511 STATUS current 5512 DESCRIPTION 5513 "The type of IP address used by this ACE entry." 5514 ::= { caqIpDownloadAceEntry 5 } 5515 5516caqIpDownloadAceSrcIp OBJECT-TYPE 5517 SYNTAX InetAddress 5518 MAX-ACCESS read-only 5519 STATUS current 5520 DESCRIPTION 5521 "The specified source IP address. The packet's source address 5522 is AND-ed with the value of caqIpDownloadAceSrcIpMask and then 5523 compared against the value of this object. If this object value 5524 is 0.0.0.0, and the value of caqIpDownloadAceSrcIpMask object 5525 in the same entry is 255.255.255.255, this entry matches any 5526 source IP address." 5527 ::= { caqIpDownloadAceEntry 6 } 5528 5529caqIpDownloadAceSrcIpMask OBJECT-TYPE 5530 SYNTAX InetAddress 5531 MAX-ACCESS read-only 5532 STATUS current 5533 DESCRIPTION 5534 "The specified source IP address mask." 5535 ::= { caqIpDownloadAceEntry 7 } 5536 5537caqIpDownloadAceSrcPortOp OBJECT-TYPE 5538 SYNTAX INTEGER { noOperator(1), lt(2), gt(3), 5539 eq(4), neq(5), range(6) } 5540 MAX-ACCESS read-only 5541 STATUS current 5542 DESCRIPTION 5543 "Indicates how a packet's source TCP/UDP port number is 5544 to be compared. 5545 5546 'noOperator', which is the default value, means that no 5547 comparison is to be made with the source TCP/UDP port number. 5548 5549 'lt' means less than, 'gt' means greater than, 'eq' 5550 means equal, 'neq' means not equal. Those 4 operators 5551 are using the caqIpDownloadAceSrcPort object as an operand 5552 which is the only one needed. 5553 5554 'range' means that it compares the port value between two 5555 numbers, so this operator needs 2 operands. One operand is 5556 the starting port number of the range which is 5557 caqIpDownloadAceSrcPort object, and the other operand is the 5558 ending port number of the range which the 5559 caqIpDownloadAceSrcPortRange object is in." 5560 ::= { caqIpDownloadAceEntry 8 } 5561 5562caqIpDownloadAceSrcPort OBJECT-TYPE 5563 SYNTAX InetPortNumber 5564 MAX-ACCESS read-only 5565 STATUS current 5566 DESCRIPTION 5567 "The source port number of the TCP or UDP protocol. If the 5568 caqIpDownloadAceSrcPortOp object in the same row is 'range', 5569 this object will be the starting port number of the port 5570 range." 5571 ::= { caqIpDownloadAceEntry 9 } 5572 5573caqIpDownloadAceSrcPortRange OBJECT-TYPE 5574 SYNTAX InetPortNumber 5575 MAX-ACCESS read-only 5576 STATUS current 5577 DESCRIPTION 5578 "The source port number of the TCP or UDP protocol. If the 5579 caqIpDownloadAceSrcPortOp object in the same row is 'range', 5580 this object will be the ending port number of the port range, 5581 otherwise the value of this object is ignored." 5582 ::= { caqIpDownloadAceEntry 10 } 5583 5584caqIpDownloadAceDestIp OBJECT-TYPE 5585 SYNTAX InetAddress 5586 MAX-ACCESS read-only 5587 STATUS current 5588 DESCRIPTION 5589 "The specified destination IP address. The packet's destination 5590 address is AND-ed with the value of caqIpDownloadAceDestIpMask 5591 and then compared against the value of this object. If this 5592 object value is 0.0.0.0 and the value of 5593 caqIpDownloadAceDestIpMask object in the same entry is 5594 255.255.255.255, this entry matches any destination IP 5595 address." 5596 ::= { caqIpDownloadAceEntry 11 } 5597 5598caqIpDownloadAceDestIpMask OBJECT-TYPE 5599 SYNTAX InetAddress 5600 MAX-ACCESS read-only 5601 STATUS current 5602 DESCRIPTION 5603 "The specified destination IP address mask." 5604 ::= { caqIpDownloadAceEntry 12 } 5605 5606caqIpDownloadAceDestPortOp OBJECT-TYPE 5607 SYNTAX INTEGER { noOperator(1), lt(2), gt(3), 5608 eq(4), neq(5), range(6) } 5609 MAX-ACCESS read-only 5610 STATUS current 5611 DESCRIPTION 5612 "Indicates how a packet's destination TCP/UDP port number is 5613 to be compared. 5614 5615 'noOperator', which is the default value, means that no 5616 comparison is to be made with the destination TCP/UDP port 5617 number. 5618 5619 'lt' means less than. 5620 5621 'gt' means greater than. 5622 5623 'eq' means equal. 5624 5625 'neq' means not equal. Those 4 operators are using the 5626 caqIpDownloadAceDestPort object as an operand which is the 5627 only one needed. 5628 5629 'range' means that it compares the port value between two 5630 numbers, so this operator needs 2 operands. One operand is the 5631 starting port number of the range which is 5632 caqIpDownloadAceDestPort object, and the other operand is the 5633 ending port number of the range which the 5634 caqIpDownloadAceDestPortRange object is in." 5635 ::= { caqIpDownloadAceEntry 13 } 5636 5637caqIpDownloadAceDestPort OBJECT-TYPE 5638 SYNTAX InetPortNumber 5639 MAX-ACCESS read-only 5640 STATUS current 5641 DESCRIPTION 5642 "The destination port number of the TCP or UDP protocol. 5643 If the caqIpDownloadAceDestPortOp object in the same row is 5644 'range' this object will be the starting port number of the 5645 port range." 5646 ::= { caqIpDownloadAceEntry 14 } 5647 5648caqIpDownloadAceDestPortRange OBJECT-TYPE 5649 SYNTAX InetPortNumber 5650 MAX-ACCESS read-only 5651 STATUS current 5652 DESCRIPTION 5653 "The destination port number of the TCP or UDP protocol. 5654 If the caqIpDownloadAceDestPortOp object in the same row is 5655 'range', this object will be the ending port number of the 5656 port range, otherwise this object value is ignored." 5657 ::= { caqIpDownloadAceEntry 15 } 5658 5659caqIpDownloadAceTosMatchCriteria OBJECT-TYPE 5660 SYNTAX INTEGER { 5661 none(1), 5662 matchDscp(2), 5663 matchIpPrec(3) 5664 } 5665 MAX-ACCESS read-only 5666 STATUS current 5667 DESCRIPTION 5668 "Indicates what field of Tos octet in the packet header 5669 to be matched. 5670 5671 'none' means that there is no need to match the ToS octet. 5672 5673 'matchDscp' means that the DSCP value of packet header need 5674 to be matched. If this value is specified, the 5675 caqIpDownloadAceDscp object in the same row should have 5676 valid value. 5677 5678 'matchIpPrec' means that the IpPrecedence value of packet 5679 header need to be matched. If this value is specifed, the 5680 caqIpDownloadAceIpPrec object in the same row should have 5681 a valid value." 5682 ::= { caqIpDownloadAceEntry 16 } 5683 5684caqIpDownloadAceIpPrec OBJECT-TYPE 5685 SYNTAX CaqIpPrecedence 5686 MAX-ACCESS read-only 5687 STATUS current 5688 DESCRIPTION 5689 "Specifies the IP precedence value to be matched against. 5690 5691 The value of this object is ignored whenever the value of 5692 caqIpDownloadAceTosMatchCritial object is not 'matchIpPrec'." 5693 ::= { caqIpDownloadAceEntry 17 } 5694 5695caqIpDownloadAceDscp OBJECT-TYPE 5696 SYNTAX Dscp 5697 MAX-ACCESS read-only 5698 STATUS current 5699 DESCRIPTION 5700 "Specifies the Dscp value to be matched against. 5701 Packets can be matched to DSCP value from 0 to 63. 5702 5703 The value of this object is ignored whenever the value of 5704 caqIpDownloadAceTosMatchCritial object is not 'matchDscp'." 5705 ::= { caqIpDownloadAceEntry 18 } 5706 5707caqIpDnldAcePrtocolMatchCriteria OBJECT-TYPE 5708 SYNTAX INTEGER { 5709 none(1), 5710 matchIcmpType(2), 5711 matchIcmpTypeAndCode(3), 5712 matchEstablished(4) 5713 } 5714 MAX-ACCESS read-only 5715 STATUS current 5716 DESCRIPTION 5717 "Indicates what field in the packet header for ICMP or IGMP 5718 or TCP protocol to be matched. 5719 5720 'none' means no comparison is to be done for ICMP/TCP. 5721 5722 'matchIcmpType' means that the Type field of ICMP protocol 5723 packet header needs to be matched. If this value is specified, 5724 the caqIpDownloadAceIcmpType object in the same row should 5725 have a valid value. 5726 5727 'matchIcmpTypeAndCode' means that both the Type and Code 5728 fields of ICMP protocol packet header need to be matched. 5729 If this value is specified, the caqIpDownloadAceIcmpType and 5730 caqIpDownloadAceIcmpCode object in the same row should have 5731 valid values. 5732 5733 'matchEstablished' means that a match occurs if the TCP packet 5734 has the ACK or RST bits set. The non matching case is that of 5735 the intial TCP packet to form a connection." 5736 ::= { caqIpDownloadAceEntry 19 } 5737 5738caqIpDownloadAceIcmpType OBJECT-TYPE 5739 SYNTAX Unsigned32 5740 MAX-ACCESS read-only 5741 STATUS current 5742 DESCRIPTION 5743 "Indicates the message type of ICMP packets. The type is 5744 a number from 0 to 255. 5745 5746 The value of this object is ignored whenever the value of 5747 caqIpDnldAcePrtocolMatchCriteria object is not 'matchIcmpType' 5748 or 'matchIcmpTypeAndCode'." 5749 ::= { caqIpDownloadAceEntry 20 } 5750 5751caqIpDownloadAceIcmpCode OBJECT-TYPE 5752 SYNTAX Unsigned32 5753 MAX-ACCESS read-only 5754 STATUS current 5755 DESCRIPTION 5756 "Indicates the message code of ICMP packets. The code is 5757 a number from 0 to 255. 5758 5759 The value of this object is ignored whenever the value of 5760 caqIpDnldAcePrtocolMatchCriteria object is not 5761 'matchIcmpTypeAndCode'." 5762 ::= { caqIpDownloadAceEntry 21 } 5763 5764-- 5765-- The caqIfDownloadAclTable 5766-- 5767 5768caqIfDownloadAclTable OBJECT-TYPE 5769 SYNTAX SEQUENCE OF CaqIfDownloadAclEntry 5770 MAX-ACCESS not-accessible 5771 STATUS current 5772 DESCRIPTION 5773 "This table provides the management information for 5774 physical interface where downloaded ACLs are applied." 5775 ::= { caqDownloadAclObjects 3 } 5776 5777caqIfDownloadAclEntry OBJECT-TYPE 5778 SYNTAX CaqIfDownloadAclEntry 5779 MAX-ACCESS not-accessible 5780 STATUS current 5781 DESCRIPTION 5782 "An entry is populated for each interface that utilies 5783 downloaded ACLs in the device." 5784 INDEX { ifIndex, IMPLIED caqDownloadAclName } 5785 ::= { caqIfDownloadAclTable 1 } 5786 5787CaqIfDownloadAclEntry ::= SEQUENCE { 5788 caqIfDownloadAclFeature INTEGER, 5789 caqIfDownloadAclAddressType InetAddressType, 5790 caqIfDownloadAclHostAddress InetAddress 5791} 5792 5793caqIfDownloadAclFeature OBJECT-TYPE 5794 SYNTAX INTEGER { 5795 dot1x(1), 5796 eou(2), 5797 macAuth(3), 5798 webAuth(4) 5799 } 5800 MAX-ACCESS read-only 5801 STATUS current 5802 DESCRIPTION 5803 "This object indicates the security feature running at this 5804 interface and trigger the download of this ACL. 5805 5806 'dot1x' indicates that the 802.1x feature is running at this 5807 interface and trigger the download of this ACL. 5808 5809 'eou' indicates that the Extensible Authentication Protocol 5810 over UDP (EOU) feature is running at this interface and trigger 5811 the download of this ACL. 5812 5813 'macAuth' indicates that the Mac Authentication Bypass 5814 feature is running at this interface and trigger the download 5815 of this ACL. 5816 5817 'webAuth' indicates that the Web Authentication feature is 5818 running at this interface and trigger the download of this ACL." 5819 ::= { caqIfDownloadAclEntry 1 } 5820 5821caqIfDownloadAclAddressType OBJECT-TYPE 5822 SYNTAX InetAddressType 5823 MAX-ACCESS read-only 5824 STATUS current 5825 DESCRIPTION 5826 "This object indicates the type of IP address of the host." 5827 ::= { caqIfDownloadAclEntry 2 } 5828 5829caqIfDownloadAclHostAddress OBJECT-TYPE 5830 SYNTAX InetAddress 5831 MAX-ACCESS read-only 5832 STATUS current 5833 DESCRIPTION 5834 "This object indicates IP address of the host connected 5835 to this interface. The type of this address is determined 5836 by the value of caqIfDownloadAclAddressType object." 5837 ::= { caqIfDownloadAclEntry 3 } 5838 5839-- 5840-- The caqIfIpPhoneMapTable 5841-- 5842 5843caqIfIpPhoneMapTable OBJECT-TYPE 5844 SYNTAX SEQUENCE OF CaqIfIpPhoneMapEntry 5845 MAX-ACCESS not-accessible 5846 STATUS current 5847 DESCRIPTION 5848 "This table provides the management information for 5849 the mapping of IP Phone to interface that utilizes 5850 downloaded ACL." 5851 ::= { caqDownloadAclObjects 4 } 5852 5853caqIfIpPhoneMapEntry OBJECT-TYPE 5854 SYNTAX CaqIfIpPhoneMapEntry 5855 MAX-ACCESS not-accessible 5856 STATUS current 5857 DESCRIPTION 5858 "An entry is populated for each interface that has 5859 an IP Phone connected to and utilizes downloaded ACL." 5860 INDEX { ifIndex } 5861 ::= { caqIfIpPhoneMapTable 1 } 5862 5863CaqIfIpPhoneMapEntry ::= SEQUENCE { 5864 caqIfIpPhoneAddressType InetAddressType, 5865 caqIfIpPhoneHostAddress InetAddress 5866} 5867 5868caqIfIpPhoneAddressType OBJECT-TYPE 5869 SYNTAX InetAddressType 5870 MAX-ACCESS read-only 5871 STATUS current 5872 DESCRIPTION 5873 "This object indicates the type of IP address of the 5874 IP Phone connected to this interface." 5875 ::= { caqIfIpPhoneMapEntry 1 } 5876 5877caqIfIpPhoneHostAddress OBJECT-TYPE 5878 SYNTAX InetAddress 5879 MAX-ACCESS read-only 5880 STATUS current 5881 DESCRIPTION 5882 "This object indicates the IP address of the IP Phone. 5883 The type of this address is determined by the value of 5884 the caqIfIpPhoneAddressType object." 5885 ::= { caqIfIpPhoneMapEntry 2 } 5886 5887-- 5888-- Notifications 5889-- 5890 5891caqMIBNotifications OBJECT IDENTIFIER ::= { ciscoCatOSAclQosMIB 2 } 5892 5893-- no notifications defined 5894 5895 5896-- 5897-- Conformance 5898-- 5899 5900caqMIBConformance OBJECT IDENTIFIER ::= { ciscoCatOSAclQosMIB 3 } 5901 5902caqMIBCompliances OBJECT IDENTIFIER 5903 ::= { caqMIBConformance 1 } 5904 5905caqMIBGroups OBJECT IDENTIFIER 5906 ::= { caqMIBConformance 2 } 5907 5908 5909-- Compliance 5910 5911caqMIBCompliance MODULE-COMPLIANCE 5912 STATUS deprecated 5913 DESCRIPTION 5914 "The compliance statement for the CISCO-CATOS-ACL-QOS-MIB." 5915 MODULE 5916 MANDATORY-GROUPS { caqIfConfigGroup, 5917 caqAclCpbGroup, 5918 caqFlowPolicingCpbGroup, 5919 caqQueueAssignmentGroup, 5920 caqQueueGroup } 5921 5922 GROUP caqQosStatsGroup 5923 DESCRIPTION 5924 "This group is mandatory only for the platform 5925 which support QoS statistics information." 5926 5927 GROUP caqQosMappingGroup 5928 DESCRIPTION 5929 "This group is mandatory only for the platform 5930 which support mapping between Cos, IpPrecedence 5931 and DSCP." 5932 5933 GROUP caqIfAclConfigGroup 5934 DESCRIPTION 5935 "This group is mandatory only for the platform 5936 which support ACL configuration." 5937 5938 GROUP caqIpAceGroup 5939 DESCRIPTION 5940 "This group is mandatory only in agents for which the 5941 ipQos bit or ipSecurity bit of caqAclCapabilities is 5942 turned on." 5943 5944 GROUP caqIpxAceGroup 5945 DESCRIPTION 5946 "This group is mandatory only in agents for which the 5947 ipxQos bit or ipxSecurity bit of caqAclCapabilities is 5948 turned on." 5949 5950 GROUP caqMacAceGroup 5951 DESCRIPTION 5952 "This group is mandatory only in agents for which the 5953 macQos bit or macSecurity bit of caqAclCapabilities is 5954 turned on." 5955 5956 GROUP caqPolicingGroup 5957 DESCRIPTION 5958 "This group is mandatory only for the platform 5959 which supports flow policing." 5960 5961 GROUP caqActionGroup 5962 DESCRIPTION 5963 "This group is mandatory only for the platform 5964 which supports flow classification." 5965 5966 GROUP caqSecurityGroup 5967 DESCRIPTION 5968 "This group is mandatory only for the platform 5969 which supports security feature." 5970 5971 GROUP caqQosBridgedFlowPolicerGroup 5972 DESCRIPTION 5973 "This group is mandatory only for the platform 5974 which supports enabling or disabling bridged packets 5975 policing." 5976 5977 GROUP caqQosMacVlanGroup 5978 DESCRIPTION 5979 "This group is mandatory only for the platform 5980 which support flow classification based on MAC address 5981 and VLAN pair." 5982 5983 GROUP caqQosExcessRateGroup 5984 DESCRIPTION 5985 "This group is mandatory in agents for which the value of 5986 caqFlowPolicerExcessRateSupport is 'true'." 5987 5988 OBJECT caqIpAceSrcIp 5989 SYNTAX InetAddress (SIZE(4)) 5990 DESCRIPTION 5991 "An implementation is only required to support IPv4 addresses." 5992 5993 OBJECT caqIpAceSrcIpMask 5994 SYNTAX InetAddress (SIZE(4)) 5995 DESCRIPTION 5996 "An implementation is only required to support IPv4 addresses." 5997 5998 OBJECT caqIpAceDestIp 5999 SYNTAX InetAddress (SIZE(4)) 6000 DESCRIPTION 6001 "An implementation is only required to support IPv4 addresses." 6002 6003 OBJECT caqIpAceDestIpMask 6004 SYNTAX InetAddress (SIZE(4)) 6005 DESCRIPTION 6006 "An implementation is only required to support IPv4 addresses." 6007 ::= { caqMIBCompliances 1 } 6008 6009 6010caqMIBCompliance2 MODULE-COMPLIANCE 6011 STATUS deprecated 6012 DESCRIPTION 6013 "The compliance statement for the CISCO-CATOS-ACL-QOS-MIB." 6014 MODULE 6015 MANDATORY-GROUPS { caqIfConfigGroup, 6016 caqAclCpbGroup, 6017 caqFlowPolicingCpbGroup, 6018 caqQueueAssignmentGroup, 6019 caqQueueGroup } 6020 6021 GROUP caqQosStatsGroup 6022 DESCRIPTION 6023 "This group is mandatory only for the platform 6024 which support QoS statistics information." 6025 6026 GROUP caqQosMappingGroup 6027 DESCRIPTION 6028 "This group is mandatory only for the platform 6029 which support mapping between Cos, IpPrecedence 6030 and DSCP." 6031 6032 GROUP caqIfAclConfigGroup 6033 DESCRIPTION 6034 "This group is mandatory only for the platform 6035 which support ACL configuration." 6036 6037 GROUP caqIpAceGroup 6038 DESCRIPTION 6039 "This group is mandatory only in agents for which the 6040 ipQos bit or ipSecurity bit of caqAclCapabilities is 6041 turned on." 6042 6043 GROUP caqIpxAceGroup 6044 DESCRIPTION 6045 "This group is mandatory only in agents for which the 6046 ipxQos bit or ipxSecurity bit of caqAclCapabilities is 6047 turned on." 6048 6049 GROUP caqMacAceGroup 6050 DESCRIPTION 6051 "This group is mandatory only in agents for which the 6052 macQos bit or macSecurity bit of caqAclCapabilities is 6053 turned on." 6054 6055 GROUP caqPolicingGroup 6056 DESCRIPTION 6057 "This group is mandatory only for the platform 6058 which supports flow policing." 6059 6060 GROUP caqActionGroup 6061 DESCRIPTION 6062 "This group is mandatory only for the platform 6063 which supports flow classification." 6064 6065 GROUP caqSecurityGroup 6066 DESCRIPTION 6067 "This group is mandatory only for the platform 6068 which supports security feature." 6069 6070 GROUP caqQosBridgedFlowPolicerGroup 6071 DESCRIPTION 6072 "This group is mandatory only for the platform 6073 which supports enabling or disabling bridged packets 6074 policing." 6075 6076 GROUP caqQosMacVlanGroup 6077 DESCRIPTION 6078 "This group is mandatory only for the platform 6079 which support flow classification based on MAC address 6080 and VLAN pair." 6081 6082 GROUP caqLoggingGroup 6083 DESCRIPTION 6084 "Implementation of this group is optional." 6085 6086 GROUP caqArpInspGroup 6087 DESCRIPTION 6088 "Implementation of this group is optional." 6089 6090 OBJECT caqIpAceSrcIp 6091 SYNTAX InetAddress (SIZE(4)) 6092 DESCRIPTION 6093 "An implementation is only required to support IPv4 addresses." 6094 6095 OBJECT caqIpAceSrcIpMask 6096 SYNTAX InetAddress (SIZE(4)) 6097 DESCRIPTION 6098 "An implementation is only required to support IPv4 addresses." 6099 6100 OBJECT caqIpAceDestIp 6101 SYNTAX InetAddress (SIZE(4)) 6102 DESCRIPTION 6103 "An implementation is only required to support IPv4 addresses." 6104 6105 OBJECT caqIpAceDestIpMask 6106 SYNTAX InetAddress (SIZE(4)) 6107 DESCRIPTION 6108 "An implementation is only required to support IPv4 addresses." 6109 ::= { caqMIBCompliances 2 } 6110 6111 6112caqMIBCompliance3 MODULE-COMPLIANCE 6113 STATUS deprecated 6114 DESCRIPTION 6115 "The compliance statement for the CISCO-CATOS-ACL-QOS-MIB." 6116 MODULE 6117 MANDATORY-GROUPS { caqIfConfigGroup, 6118 caqAclCpbGroup, 6119 caqFlowPolicingCpbGroup, 6120 caqQueueAssignmentGroup, 6121 caqQueueGroup } 6122 6123 GROUP caqQosStatsGroup 6124 DESCRIPTION 6125 "This group is mandatory only for the platform 6126 which support QoS statistics information." 6127 6128 GROUP caqQosMappingGroup 6129 DESCRIPTION 6130 "This group is mandatory only for the platform 6131 which support mapping between Cos, IpPrecedence 6132 and DSCP." 6133 6134 GROUP caqIfAclConfigGroup 6135 DESCRIPTION 6136 "This group is mandatory only for the platform 6137 which support ACL configuration." 6138 6139 GROUP caqIpAceGroup 6140 DESCRIPTION 6141 "This group is mandatory only in agents for which the 6142 ipQos bit or ipSecurity bit of caqAclCapabilities is 6143 turned on." 6144 6145 GROUP caqIpxAceGroup 6146 DESCRIPTION 6147 "This group is mandatory only in agents for which the 6148 ipxQos bit or ipxSecurity bit of caqAclCapabilities is 6149 turned on." 6150 6151 GROUP caqMacAceGroup 6152 DESCRIPTION 6153 "This group is mandatory only in agents for which the 6154 macQos bit or macSecurity bit of caqAclCapabilities is 6155 turned on." 6156 6157 GROUP caqPolicingGroup 6158 DESCRIPTION 6159 "This group is mandatory only for the platform 6160 which supports flow policing." 6161 6162 GROUP caqActionGroup 6163 DESCRIPTION 6164 "This group is mandatory only for the platform 6165 which supports flow classification." 6166 6167 GROUP caqSecurityGroup2 6168 DESCRIPTION 6169 "This group is mandatory only for the platform 6170 which supports security feature." 6171 6172 GROUP caqQosBridgedFlowPolicerGroup 6173 DESCRIPTION 6174 "This group is mandatory only for the platform 6175 which supports enabling or disabling bridged packets 6176 policing." 6177 6178 GROUP caqQosMacVlanGroup 6179 DESCRIPTION 6180 "This group is mandatory only for the platform 6181 which support flow classification based on MAC address 6182 and VLAN pair." 6183 6184 GROUP caqLoggingGroup 6185 DESCRIPTION 6186 "Implementation of this group is optional." 6187 6188 GROUP caqArpInspGroup 6189 DESCRIPTION 6190 "Implementation of this group is optional." 6191 6192 OBJECT caqIpAceSrcIp 6193 SYNTAX InetAddress (SIZE(4)) 6194 DESCRIPTION 6195 "An implementation is only required to support IPv4 addresses." 6196 6197 OBJECT caqIpAceSrcIpMask 6198 SYNTAX InetAddress (SIZE(4)) 6199 DESCRIPTION 6200 "An implementation is only required to support IPv4 addresses." 6201 6202 OBJECT caqIpAceDestIp 6203 SYNTAX InetAddress (SIZE(4)) 6204 DESCRIPTION 6205 "An implementation is only required to support IPv4 addresses." 6206 6207 OBJECT caqIpAceDestIpMask 6208 SYNTAX InetAddress (SIZE(4)) 6209 DESCRIPTION 6210 "An implementation is only required to support IPv4 addresses." 6211 ::= { caqMIBCompliances 3 } 6212 6213 6214caqMIBCompliance4 MODULE-COMPLIANCE 6215 STATUS current 6216 DESCRIPTION 6217 "The compliance statement for the CISCO-CATOS-ACL-QOS-MIB." 6218 MODULE 6219 MANDATORY-GROUPS { caqIfConfigGroup, 6220 caqAclCpbGroup, 6221 caqFlowPolicingCpbGroup, 6222 caqQueueAssignmentGroup, 6223 caqQueueGroup } 6224 6225 GROUP caqQosStatsGroup 6226 DESCRIPTION 6227 "This group is mandatory only for the platform 6228 which support QoS statistics information." 6229 6230 GROUP caqQosMappingGroup 6231 DESCRIPTION 6232 "This group is mandatory only for the platform 6233 which support mapping between Cos, IpPrecedence 6234 and DSCP." 6235 6236 GROUP caqIfAclConfigGroup 6237 DESCRIPTION 6238 "This group is mandatory only for the platform 6239 which support ACL configuration." 6240 6241 GROUP caqIpAceGroup 6242 DESCRIPTION 6243 "This group is mandatory only in agents for which the 6244 ipQos bit or ipSecurity bit of caqAclCapabilities is 6245 turned on." 6246 6247 GROUP caqIpxAceGroup 6248 DESCRIPTION 6249 "This group is mandatory only in agents for which the 6250 ipxQos bit or ipxSecurity bit of caqAclCapabilities is 6251 turned on." 6252 6253 GROUP caqMacAceGroup 6254 DESCRIPTION 6255 "This group is mandatory only in agents for which the 6256 macQos bit or macSecurity bit of caqAclCapabilities is 6257 turned on." 6258 6259 GROUP caqPolicingGroup 6260 DESCRIPTION 6261 "This group is mandatory only for the platform 6262 which supports flow policing." 6263 6264 GROUP caqActionGroup 6265 DESCRIPTION 6266 "This group is mandatory only for the platform 6267 which supports flow classification." 6268 6269 GROUP caqSecurityGroup2 6270 DESCRIPTION 6271 "This group is mandatory only for the platform 6272 which supports security feature." 6273 6274 GROUP caqQosBridgedFlowPolicerGroup 6275 DESCRIPTION 6276 "This group is mandatory only for the platform 6277 which supports enabling or disabling bridged packets 6278 policing." 6279 6280 GROUP caqQosMacVlanGroup 6281 DESCRIPTION 6282 "This group is mandatory only for platform which 6283 supports flow classification based on MAC address 6284 and VLAN pair." 6285 6286 GROUP caqLoggingGroup 6287 DESCRIPTION 6288 "Implementation of this group is optional." 6289 6290 GROUP caqArpInspGroup 6291 DESCRIPTION 6292 "Implementation of this group is optional." 6293 6294 GROUP caqQosStatsGroup2 6295 DESCRIPTION 6296 "This group is mandatory only for platform which 6297 supports QoS statistics information per aggregate 6298 policer." 6299 6300 GROUP caqSecurityPBFGroup 6301 DESCRIPTION 6302 "This group is mandatory only for platform which 6303 supports PBF configuration and statistics 6304 information." 6305 6306 GROUP caqQosExcessBurstGroup 6307 DESCRIPTION 6308 "This group is mandatory only for platform which 6309 supports Qos information on excess burst size." 6310 6311 GROUP caqIfTrustDeviceGroup 6312 DESCRIPTION 6313 "This group is mandatory only for platform which 6314 supports trusted device configuration and operational 6315 state." 6316 6317 GROUP caqSecurityRateLimitGroup 6318 DESCRIPTION 6319 "This group is mandatory only for platform which 6320 supports security acl feature rate limit configuration 6321 state." 6322 6323 GROUP caqDscpMutationGroup 6324 DESCRIPTION 6325 "This group is mandatory only for platform which 6326 supports DSCP mutation configuration information." 6327 6328 GROUP caqQosDefaultActionGroup 6329 DESCRIPTION 6330 "This group is mandatory only for platform which 6331 supports default Qos action configuration on the device." 6332 6333 GROUP caqIfAclConfigGroup2 6334 DESCRIPTION 6335 "This group is mandatory only for platform which 6336 supports additional ACL attachment configuration on 6337 the device." 6338 6339 GROUP caqIpEspGroup 6340 DESCRIPTION 6341 "Implementation of this group is optional." 6342 6343 GROUP caqDscpRewriteGroup 6344 DESCRIPTION 6345 "This group is mandatory only for platform which 6346 supports configuration of DSCP rewrite feature on 6347 the device." 6348 6349 GROUP caqAggPolicerOctetStatsGroup 6350 DESCRIPTION 6351 "This group is mandatory only for platform which 6352 supports QoS statistics information per aggregate 6353 policer in unit of octet." 6354 6355 GROUP caqIfSecurityAclConfigGroup 6356 DESCRIPTION 6357 "This group is mandatory only for platform which 6358 supports security ACL information applied at 6359 physical interface on the device." 6360 6361 GROUP caqIpAceExtGroup 6362 DESCRIPTION 6363 "This group is mandatory only for platform which 6364 supports source and destination group information to 6365 configure IP ACL on the device." 6366 6367 GROUP caqAclHitCountGroup 6368 DESCRIPTION 6369 "This group is mandatory only for platform which 6370 supports ACL hit count configuration and statistics 6371 on the device." 6372 6373 GROUP caqMacAceExtGroup 6374 DESCRIPTION 6375 "This group is mandatory only for platform which 6376 supports addtional matching criteria such as the VLAN, 6377 Cos information to configure MAC ACE on the device." 6378 6379 GROUP caqMacPktClassifyVlanGroup 6380 DESCRIPTION 6381 "This group is mandatory only for platform which 6382 supports VLAN configuration for MAC packet classify 6383 feature on the device." 6384 6385 GROUP caqAclFeatureGroup 6386 DESCRIPTION 6387 "This group is mandatory only for platform which 6388 supports device capability related to feature using 6389 ACL configured on the device." 6390 6391 GROUP caqPortAclHitCountGroup 6392 DESCRIPTION 6393 "This group is mandatory only for platform which 6394 supports security ACL information applied at 6395 physical interface on the device." 6396 6397 GROUP caqVlanAclHitCountGroup 6398 DESCRIPTION 6399 "This group is mandatory only for platform which 6400 supports security ACL information applied at 6401 VLAN interface on the device." 6402 6403 OBJECT caqIpAceSrcIp 6404 SYNTAX InetAddress (SIZE(4)) 6405 DESCRIPTION 6406 "An implementation is only required to support IPv4 addresses." 6407 6408 OBJECT caqIpAceSrcIpMask 6409 SYNTAX InetAddress (SIZE(4)) 6410 DESCRIPTION 6411 "An implementation is only required to support IPv4 addresses." 6412 6413 OBJECT caqIpAceDestIp 6414 SYNTAX InetAddress (SIZE(4)) 6415 DESCRIPTION 6416 "An implementation is only required to support IPv4 addresses." 6417 6418 OBJECT caqIpAceDestIpMask 6419 SYNTAX InetAddress (SIZE(4)) 6420 DESCRIPTION 6421 "An implementation is only required to support IPv4 addresses." 6422 ::= { caqMIBCompliances 4 } 6423 6424-- 6425-- Units of Conformance 6426-- 6427 6428caqIfConfigGroup OBJECT-GROUP 6429 OBJECTS { 6430 caqIfTrustStateConfig, 6431 caqIfCos 6432 } 6433 STATUS current 6434 DESCRIPTION 6435 "A collection of objects providing the Qos configuration 6436 information at each physical interface on the device." 6437 ::= { caqMIBGroups 1 } 6438 6439caqIfAclConfigGroup OBJECT-GROUP 6440 OBJECTS { 6441 caqIfAclBase, 6442 caqClassifierMapStatus 6443 } 6444 STATUS current 6445 DESCRIPTION 6446 "A collection of objects providing the ACL information on 6447 the device." 6448 ::= { caqMIBGroups 2 } 6449 6450caqAclCpbGroup OBJECT-GROUP 6451 OBJECTS { 6452 caqAclCapabilities 6453 } 6454 STATUS current 6455 DESCRIPTION 6456 "A collection of objects providing the ACL information on 6457 the device." 6458 ::= { caqMIBGroups 3 } 6459 6460caqIpAceGroup OBJECT-GROUP 6461 OBJECTS { 6462 caqIpAceMatchedAction, 6463 caqIpAceProtocolType, 6464 caqIpAceAddrType, 6465 caqIpAceSrcIp, 6466 caqIpAceSrcIpMask, 6467 caqIpAceSrcPortOp, 6468 caqIpAceSrcPort, 6469 caqIpAceSrcPortRange, 6470 caqIpAceDestIp, 6471 caqIpAceDestIpMask, 6472 caqIpAceDestPortOp, 6473 caqIpAceDestPort, 6474 caqIpAceDestPortRange, 6475 caqIpAceTosMatchCriteria, 6476 caqIpAceProtocolMatchCriteria, 6477 caqIpAceIpPrec, 6478 caqIpAceDscp, 6479 caqIpAceIcmpType, 6480 caqIpAceIcmpCode, 6481 caqIpAceIgmpType, 6482 caqIpAceOrderPosition, 6483 caqIpAceBeforePosition, 6484 caqIpAceStatus 6485 } 6486 STATUS current 6487 DESCRIPTION 6488 "A collection of objects providing the IP ACE 6489 information." 6490 ::= { caqMIBGroups 4 } 6491 6492caqIpxAceGroup OBJECT-GROUP 6493 OBJECTS { 6494 caqIpxAceMatchedAction, 6495 caqIpxAceSrcNet, 6496 caqIpxAceDestMatchCriteria, 6497 caqIpxAceDestNet, 6498 caqIpxAceProtocolType, 6499 caqIpxAceDestNode, 6500 caqIpxAceDestNetMask, 6501 caqIpxAceDestNodeMask, 6502 caqIpxAceOrderPosition, 6503 caqIpxAceBeforePosition, 6504 caqIpxAceStatus 6505 } 6506 STATUS current 6507 DESCRIPTION 6508 "A collection of objects providing the IPX ACE 6509 information." 6510 ::= { caqMIBGroups 5 } 6511 6512caqMacAceGroup OBJECT-GROUP 6513 OBJECTS { 6514 caqMacAceMatchedAction, 6515 caqMacAceSrcMac, 6516 caqMacAceSrcMacMask, 6517 caqMacAceDestMac, 6518 caqMacAceDestMacMask, 6519 caqMacAceEthertype, 6520 caqMacAceOrderPosition, 6521 caqMacAceBeforePosition, 6522 caqMacAceStatus 6523 } 6524 STATUS current 6525 DESCRIPTION 6526 "A collection of objects providing the MAC ACE 6527 information." 6528 ::= { caqMIBGroups 6 } 6529 6530caqActionGroup OBJECT-GROUP 6531 OBJECTS { 6532 caqQosActionSelectTrust, 6533 caqQosActionSelectDscp, 6534 caqQosActionSelectMicroflow, 6535 caqQosActionSelectAggregate, 6536 caqQosActionSelectStatus 6537 } 6538 STATUS current 6539 DESCRIPTION 6540 "A collection of objects providing the ACE action 6541 information." 6542 ::= { caqMIBGroups 7 } 6543 6544caqPolicingGroup OBJECT-GROUP 6545 OBJECTS { 6546 caqFlowPolicerType, 6547 caqFlowPolicerExcessRateSupport, 6548 caqFlowPolicerNormalRateRequest, 6549 caqFlowPolicerNormalRateGrant, 6550 caqFlowPolicerBurstSizeRequest, 6551 caqFlowPolicerBurstSizeGrant, 6552 caqFlowPolicerNormalRateAction, 6553 caqFlowPolicerStatus 6554 } 6555 STATUS current 6556 DESCRIPTION 6557 "A collection of objects providing the microflow and 6558 aggregate flow configuration." 6559 ::= { caqMIBGroups 8 } 6560 6561caqQosExcessRateGroup OBJECT-GROUP 6562 OBJECTS { 6563 caqFlowPolicerExcessRateRequest, 6564 caqFlowPolicerExcessRateGrant, 6565 caqFlowPolicerExcessRateAction 6566 } 6567 STATUS current 6568 DESCRIPTION 6569 "A collection of objects providing Qos 6570 information on excess rate." 6571 ::= { caqMIBGroups 9 } 6572 6573caqQosMappingGroup OBJECT-GROUP 6574 OBJECTS { 6575 caqCosToDscpDscp, 6576 caqIpPrecToDscpDscp, 6577 caqDscpMappingCos, 6578 caqDscpMappingNRPolicedDscp, 6579 caqDscpMappingERPolicedDscp 6580 } 6581 STATUS current 6582 DESCRIPTION 6583 "A collection of objects providing Qos mapping 6584 information." 6585 ::= { caqMIBGroups 10 } 6586 6587caqQueueAssignmentGroup OBJECT-GROUP 6588 OBJECTS { 6589 caqCosAssignQueueNumber, 6590 caqCosAssignThresholdNumber 6591 } 6592 STATUS current 6593 DESCRIPTION 6594 "A collection of objects providing the queue assignment 6595 information." 6596 ::= { caqMIBGroups 11 } 6597 6598caqQueueGroup OBJECT-GROUP 6599 OBJECTS { 6600 caqQueueThreshDropAlgorithm, 6601 caqQueueThreshDropThreshold, 6602 caqQueueThreshMinWredThreshold, 6603 caqQueueThreshMaxWredThreshold, 6604 caqQueueWrrWeight, 6605 caqQueueBufferSizeRatio 6606 } 6607 STATUS current 6608 DESCRIPTION 6609 "A collection of objects providing the queue 6610 information." 6611 ::= { caqMIBGroups 12 } 6612 6613caqQosBridgedFlowPolicerGroup OBJECT-GROUP 6614 OBJECTS { 6615 caqBridgedFlowEnabled 6616 } 6617 STATUS current 6618 DESCRIPTION 6619 "A collection of objects providing the information on 6620 bridged packet policing." 6621 ::= { caqMIBGroups 13 } 6622 6623caqQosMacVlanGroup OBJECT-GROUP 6624 OBJECTS { 6625 caqMacAddressCpb, 6626 caqCosValue, 6627 caqCosMacVlanRouterStatus 6628 } 6629 STATUS current 6630 DESCRIPTION 6631 "A collection of objects providing the classification 6632 information based on Mac address and vlan." 6633 ::= { caqMIBGroups 14 } 6634 6635caqQosStatsGroup OBJECT-GROUP 6636 OBJECTS { 6637 caqL3PacketsDropByPolicer, 6638 caqTosChangedIpPackets, 6639 caqCosChangedIpPackets, 6640 caqCosChangedNonIpPackets, 6641 caqPortStatsDropPkts, 6642 caqFlowStatsOutOfProfilePackets 6643 } 6644 STATUS current 6645 DESCRIPTION 6646 "A collection of objects providing the QoS statistics 6647 information." 6648 ::= { caqMIBGroups 15 } 6649 6650caqSecurityGroup OBJECT-GROUP 6651 OBJECTS { 6652 caqSecurityAction, 6653 caqSecurityCapture, 6654 caqSecurityRedirectPortList, 6655 caqSecurityActionStatus, 6656 caqSecurityAclCaptureEnable 6657 } 6658 STATUS deprecated 6659 DESCRIPTION 6660 "A collection of objects providing the security information." 6661 ::= { caqMIBGroups 16 } 6662 6663caqFlowPolicingCpbGroup OBJECT-GROUP 6664 OBJECTS { 6665 caqFlowPolicingCpb 6666 } 6667 STATUS current 6668 DESCRIPTION 6669 "A collection of object providing the flow policing capability 6670 information." 6671 ::= { caqMIBGroups 17 } 6672 6673caqQosStatsGroup2 OBJECT-GROUP 6674 OBJECTS { 6675 caqAggPolicerPackets, 6676 caqAggPolicerNRExceedPackets, 6677 caqAggPolicerERExceedPackets 6678 } 6679 STATUS current 6680 DESCRIPTION 6681 "A collection of objects providing the QoS statistics 6682 information per aggregate policer." 6683 ::= { caqMIBGroups 18 } 6684 6685caqSecurityPBFGroup OBJECT-GROUP 6686 OBJECTS { 6687 caqPbfStatus, 6688 caqPbfMacAddress, 6689 caqAdjDstVlanNumber, 6690 caqAdjDstMacAddress, 6691 caqAdjSrcMacAddress, 6692 caqAdjName, 6693 caqAdjMtu, 6694 caqAdjHitCount, 6695 caqAdjStatus, 6696 caqSecurityAdjIndex 6697 } 6698 STATUS current 6699 DESCRIPTION 6700 "A collection of objects providing the PBF configuration 6701 and statistics information." 6702 ::= { caqMIBGroups 19 } 6703 6704caqQosExcessBurstGroup OBJECT-GROUP 6705 OBJECTS { 6706 caqFlowPolicerExcessBurstSupport, 6707 caqFlowPolicerExcessBurstRequest, 6708 caqFlowPolicerExcessBurstGrant 6709 } 6710 STATUS current 6711 DESCRIPTION 6712 "A collection of objects providing Qos information on 6713 excess burst size." 6714 ::= { caqMIBGroups 20 } 6715 6716caqIfTrustDeviceGroup OBJECT-GROUP 6717 OBJECTS { 6718 caqIfTrustDevice, 6719 caqIfOperTrustState 6720 } 6721 STATUS current 6722 DESCRIPTION 6723 "A collection of objects providing the trusted device 6724 configuration and operational state." 6725 ::= { caqMIBGroups 21 } 6726 6727caqLoggingGroup OBJECT-GROUP 6728 OBJECTS { 6729 caqAclLogMaxFlow, 6730 caqAclSecurityLoggingRateLimit, 6731 caqAclRouterAclRateLimit, 6732 caqIpFlowVlan, 6733 caqIpFlowIfIndex, 6734 caqIpFlowProtocolType, 6735 caqIpFlowAddrType, 6736 caqIpFlowSrcIp, 6737 caqIpFlowSrcPort, 6738 caqIpFlowDestIp, 6739 caqIpFlowDestPort, 6740 caqIpFlowIcmpType, 6741 caqIpFlowIcmpCode, 6742 caqIpFlowIgmpType, 6743 caqIpFlowArpOpcode, 6744 caqIpFlowArpSrcMacAddr, 6745 caqIpFlowArpHeaderSrcMacAddr, 6746 caqIpFlowPacketsCount, 6747 caqIpFlowLoggingTTL 6748 } 6749 STATUS current 6750 DESCRIPTION 6751 "A collection of objects providing the security logging 6752 configuration and statistics." 6753 ::= { caqMIBGroups 22 } 6754 6755caqArpInspGroup OBJECT-GROUP 6756 OBJECTS { 6757 caqSecurityArpMacAddress, 6758 caqAclArpInspMatchMac, 6759 caqAclArpInspAddrValidation, 6760 caqArpInspGlobalForwardedPkts, 6761 caqArpInspGlobalDroppedPkts, 6762 caqRARPForwardedPkts, 6763 caqMatchedMacFailedPkts, 6764 caqAddrValidationFailedPkts, 6765 caqArpInspIpDroppedPkts, 6766 caqArpInspForwardedPackets, 6767 caqArpInspDroppedPackets, 6768 caqIfArpInspDropThreshold, 6769 caqIfArpInspShutdownThreshold 6770 } 6771 STATUS current 6772 DESCRIPTION 6773 "A collection of objects providing the ARP Inspection 6774 configuration and statistics." 6775 ::= { caqMIBGroups 23 } 6776 6777caqSecurityRateLimitGroup OBJECT-GROUP 6778 OBJECTS { 6779 caqSecurityRateLimitFeatures, 6780 caqSecurityAclRateLimit 6781 } 6782 STATUS current 6783 DESCRIPTION 6784 "A collection of objects providing the security acl 6785 feature rate limit configuration state." 6786 ::= { caqMIBGroups 24 } 6787 6788caqDscpMutationGroup OBJECT-GROUP 6789 OBJECTS { 6790 caqDscpMutationNewDscp, 6791 caqVlanMutationTableId 6792 } 6793 STATUS current 6794 DESCRIPTION 6795 "A collection of objects providing the DSCP mutation 6796 configuration information." 6797 ::= { caqMIBGroups 25 } 6798 6799caqQosDefaultActionGroup OBJECT-GROUP 6800 OBJECTS { 6801 caqQosDefaultTrustState, 6802 caqQosDefaultDscp, 6803 caqQosDefaultMicroflow, 6804 caqQosDefaultAggregate 6805 } 6806 STATUS current 6807 DESCRIPTION 6808 "A collection of objects providing the default Qos action 6809 configuration on the device." 6810 ::= { caqMIBGroups 26 } 6811 6812caqIfAclConfigGroup2 OBJECT-GROUP 6813 OBJECTS { 6814 caqClassifierMapDirection 6815 } 6816 STATUS current 6817 DESCRIPTION 6818 "A collection of object providing the additional ACL attachment 6819 configuration on the device." 6820 ::= { caqMIBGroups 27 } 6821 6822caqIpEspGroup OBJECT-GROUP 6823 OBJECTS { 6824 caqIpAceSecurityId 6825 } 6826 STATUS current 6827 DESCRIPTION 6828 "A collection of object providing the Ip ESP traffic matching 6829 configuration on the device." 6830 ::= { caqMIBGroups 28 } 6831 6832caqDscpRewriteGroup OBJECT-GROUP 6833 OBJECTS { 6834 caqDscpRewriteEnabled 6835 } 6836 STATUS current 6837 DESCRIPTION 6838 "A collection of object providing the configuration of 6839 DSCP rewrite feature on the device." 6840 ::= { caqMIBGroups 29 } 6841 6842caqAggPolicerOctetStatsGroup OBJECT-GROUP 6843 OBJECTS { 6844 caqAggPolicerOctets, 6845 caqAggPolicerNRExceedOctets, 6846 caqAggPolicerERExceedOctets 6847 } 6848 STATUS current 6849 DESCRIPTION 6850 "A collection of objects providing the QoS statistics 6851 information per aggregate policer in unit of octet." 6852 ::= { caqMIBGroups 30 } 6853 6854caqSecurityGroup2 OBJECT-GROUP 6855 OBJECTS { 6856 caqSecurityAction, 6857 caqSecurityCapture, 6858 caqSecurityRedirect2kPortList, 6859 caqSecurityActionStatus, 6860 caqSecurityAclCaptureEnable 6861 } 6862 STATUS current 6863 DESCRIPTION 6864 "A collection of objects providing the security information." 6865 ::= { caqMIBGroups 31 } 6866 6867caqIfSecurityAclConfigGroup OBJECT-GROUP 6868 OBJECTS { 6869 caqIfSecurityAclBase 6870 } 6871 STATUS current 6872 DESCRIPTION 6873 "A collection of objects providing the security ACL 6874 information on the device." 6875 ::= { caqMIBGroups 32 } 6876 6877caqIpAceExtGroup OBJECT-GROUP 6878 OBJECTS { 6879 caqIpAceSrcGroup, 6880 caqIpAceDestGroup 6881 } 6882 STATUS current 6883 DESCRIPTION 6884 "A collection of objects providing the source and destination 6885 group information to configure IP ACL on the device." 6886 ::= { caqMIBGroups 33 } 6887 6888caqAclHitCountGroup OBJECT-GROUP 6889 OBJECTS { 6890 caqAclHitCountEnable, 6891 caqAceHitCountEnable, 6892 caqAceIngressHitCount, 6893 caqAceEgressHitCount, 6894 caqIfAclIngressHitCount, 6895 caqIfAclEgressHitCount 6896 } 6897 STATUS current 6898 DESCRIPTION 6899 "A collection of objects providing the ACL hit count 6900 configuration and statistics on the device." 6901 ::= { caqMIBGroups 34 } 6902 6903caqMacAceExtGroup OBJECT-GROUP 6904 OBJECTS { 6905 caqMacAceMatchCriteria, 6906 caqMacAceVlan, 6907 caqMacAceCos 6908 } 6909 STATUS current 6910 DESCRIPTION 6911 "A collection of objects providing addtional matching 6912 criteria such as the VLAN, Cos information to configure 6913 MAC ACE on the device." 6914 ::= { caqMIBGroups 35 } 6915 6916caqMacPktClassifyVlanGroup OBJECT-GROUP 6917 OBJECTS { 6918 caqMacPktClassifyVlansLow, 6919 caqMacPktClassifyVlansHigh 6920 } 6921 STATUS current 6922 DESCRIPTION 6923 "A collection of objects providing the VLAN 6924 configuration for MAC packet classify feature 6925 on the device." 6926 ::= { caqMIBGroups 36 } 6927 6928caqAclFeatureGroup OBJECT-GROUP 6929 OBJECTS { 6930 caqAclFeatureCpb 6931 } 6932 STATUS current 6933 DESCRIPTION 6934 "A collection of object providing what feature 6935 related to ACL that the device is capable of." 6936 ::= { caqMIBGroups 37 } 6937 6938caqPortAclHitCountGroup OBJECT-GROUP 6939 OBJECTS { 6940 caqAclHitCountPortList 6941 } 6942 STATUS current 6943 DESCRIPTION 6944 "A collection of object providing the set of physical 6945 ports where ACL hit count feature is enabled." 6946 ::= { caqMIBGroups 38 } 6947 6948caqVlanAclHitCountGroup OBJECT-GROUP 6949 OBJECTS { 6950 caqAclHitCountVlansLow, 6951 caqAclHitCountVlansHigh 6952 } 6953 STATUS current 6954 DESCRIPTION 6955 "A collection of objects providing the set of VLANs 6956 where ACL hit count feature is enabled." 6957 ::= { caqMIBGroups 39 } 6958 6959caqQosL3StatsRateGroup OBJECT-GROUP 6960 OBJECTS { 6961 caqL3PacketsDropByPolicerAveRate, 6962 caqTosChangedIpPacketsAveRate, 6963 caqCosChangedNonIpPacketsAveRate, 6964 caqCosChangedIpPacketsAveRate 6965 } 6966 STATUS current 6967 DESCRIPTION 6968 "A collection of objects providing the five minute 6969 linearly-decayed moving average QoS statistics for Layer 3 6970 traffic." 6971 ::= { caqMIBGroups 40 } 6972 6973caqQosL3StatsPeakGroup OBJECT-GROUP 6974 OBJECTS { 6975 caqCosChangedNonIpPacketPeakRate, 6976 caqCosChangedIpPacketsPeakRate, 6977 caqL3PacketsDropByPolicerPeakRate, 6978 caqTosChangedIpPacketsPeakRate 6979 } 6980 STATUS current 6981 DESCRIPTION 6982 "A collection of objects providing the peak rate QoS 6983 statistics over past five minute period for Layer 3 traffic." 6984 ::= { caqMIBGroups 41 } 6985 6986caqAggPolicerOctetsRateGroup OBJECT-GROUP 6987 OBJECTS { 6988 caqAggPolicerOctetsRate, 6989 caqAggPolicerNRExceedOctetsRate, 6990 caqAggPolicerERExceedOctetsRate 6991 } 6992 STATUS current 6993 DESCRIPTION 6994 "A collection of objects providing the five minute 6995 linearly-decayed octets moving average rate per aggregate 6996 policer." 6997 ::= { caqMIBGroups 42 } 6998 6999caqAggPolicerPacketsRateGroup OBJECT-GROUP 7000 OBJECTS { 7001 caqAggPolicerPacketsRate, 7002 caqAggPolicerNRExceedPacketsRate, 7003 caqAggPolicerERExceedPacketsRate 7004 } 7005 STATUS current 7006 DESCRIPTION 7007 "A collection of objects providing the five minute 7008 linearly-decayed packets moving average rate per aggregate 7009 policer." 7010 ::= { caqMIBGroups 43 } 7011 7012caqAggPolicerOctetsPeakGroup OBJECT-GROUP 7013 OBJECTS { 7014 caqAggPolicerOctetsPeakRate 7015 } 7016 STATUS current 7017 DESCRIPTION 7018 "A collection of objects providing the peak rate of octets 7019 over past five minute period per aggregate policer." 7020 ::= { caqMIBGroups 44 } 7021 7022caqAggPolicerPacketsPeakGroup OBJECT-GROUP 7023 OBJECTS { 7024 caqAggPolicerPacketsPeakRate 7025 } 7026 STATUS current 7027 DESCRIPTION 7028 "A collection of objects providing the peak rate of packets 7029 over past five minute period per aggregate policer." 7030 ::= { caqMIBGroups 45 } 7031 7032caqQosPortRateGroup OBJECT-GROUP 7033 OBJECTS { 7034 caqPortStatsDropPktsAveRate 7035 } 7036 STATUS current 7037 DESCRIPTION 7038 "A collection of object providing the five minute 7039 linearly-decayed packets drop rate per interface." 7040 ::= { caqMIBGroups 46 } 7041 7042caqQosPortPeakGroup OBJECT-GROUP 7043 OBJECTS { 7044 caqPortStatsDropPktsPeakRate 7045 } 7046 STATUS current 7047 DESCRIPTION 7048 "A collection of object providing the peak rate of packets 7049 over past five minute period per interface." 7050 ::= { caqMIBGroups 47 } 7051 7052caqSecurityActionDnldAceGroup OBJECT-GROUP 7053 OBJECTS { 7054 caqSecurityDownloadedAceFeature 7055 } 7056 STATUS current 7057 DESCRIPTION 7058 "A collection of object providing feature type of downloaded 7059 ACE." 7060 ::= { caqMIBGroups 48 } 7061 7062caqSecurityDownloadAclInfoGroup OBJECT-GROUP 7063 OBJECTS { 7064 caqDownloadAclUserCount, 7065 caqDownloadAclDownloadTime 7066 } 7067 STATUS current 7068 DESCRIPTION 7069 "A collection of object providing downloaded ACL information." 7070 ::= { caqMIBGroups 49 } 7071 7072caqSecurityDownloadIpAceGroup OBJECT-GROUP 7073 OBJECTS { 7074 caqIpDownloadAceMatchedAction, 7075 caqIpDownloadAceProtocolType, 7076 caqIpDownloadAceAddrType, 7077 caqIpDownloadAceSrcIp, 7078 caqIpDownloadAceSrcIpMask, 7079 caqIpDownloadAceSrcPortOp, 7080 caqIpDownloadAceSrcPort, 7081 caqIpDownloadAceSrcPortRange, 7082 caqIpDownloadAceDestIp, 7083 caqIpDownloadAceDestIpMask, 7084 caqIpDownloadAceDestPortOp, 7085 caqIpDownloadAceDestPort, 7086 caqIpDownloadAceDestPortRange, 7087 caqIpDownloadAceTosMatchCriteria, 7088 caqIpDownloadAceIpPrec, 7089 caqIpDownloadAceDscp, 7090 caqIpDnldAcePrtocolMatchCriteria, 7091 caqIpDownloadAceIcmpType, 7092 caqIpDownloadAceIcmpCode 7093 } 7094 STATUS current 7095 DESCRIPTION 7096 "A collection of object providing download IP ACE information." 7097 ::= { caqMIBGroups 50 } 7098 7099caqIfDownloadAclMapGroup OBJECT-GROUP 7100 OBJECTS { 7101 caqIfDownloadAclFeature, 7102 caqIfDownloadAclAddressType, 7103 caqIfDownloadAclHostAddress 7104 } 7105 STATUS current 7106 DESCRIPTION 7107 "A collection of object providing mapping information of 7108 downloaded ACL to capable interface." 7109 ::= { caqMIBGroups 51 } 7110 7111caqIfIpPhoneMapGroup OBJECT-GROUP 7112 OBJECTS { 7113 caqIfIpPhoneAddressType, 7114 caqIfIpPhoneHostAddress 7115 } 7116 STATUS current 7117 DESCRIPTION 7118 "A collection of object providing mapping information 7119 of IP phone to capable interface where downloaded ACL 7120 is utilized." 7121 ::= { caqMIBGroups 52 } 7122 7123caqIpAceTypeGroup OBJECT-GROUP 7124 OBJECTS { 7125 caqIpAceType 7126 } 7127 STATUS current 7128 DESCRIPTION 7129 "A collection of object providing the type of an Ip ACE." 7130 ::= { caqMIBGroups 53 } 7131 7132caqIpOperClassifierGroup OBJECT-GROUP 7133 OBJECTS { 7134 caqIpOperAclName, 7135 caqIpOperAclMapSource 7136 } 7137 STATUS current 7138 DESCRIPTION 7139 "A collection of objects provides the operational mapping 7140 of IP ACLs to each applicable interface." 7141 ::= { caqMIBGroups 54 } 7142 7143caqDownloadClassifierGroup OBJECT-GROUP 7144 OBJECTS { 7145 caqDownloadClassifierAclName, 7146 caqDownloadMapSource, 7147 caqDownloadAclType 7148 } 7149 STATUS current 7150 DESCRIPTION 7151 "A collection of objects provides the mapping of ACLs to each 7152 applicable interface downloaded by security features." 7153 ::= { caqMIBGroups 55 } 7154 7155caqArpLoggingSourceGroup OBJECT-GROUP 7156 OBJECTS { 7157 caqIpFlowArpLoggingSource, 7158 caqIpFlowArpAclName, 7159 caqIpFlowArpAceNumber 7160 } 7161 STATUS current 7162 DESCRIPTION 7163 "A collection of objects provides the logging source of 7164 ARP flow." 7165 ::= { caqMIBGroups 56 } 7166 7167END 7168 7169 7170 7171