-
Notifications
You must be signed in to change notification settings - Fork 59
/
Copy pathFOUNDRY-SN-IP-ACL-MIB.txt
476 lines (420 loc) · 10.3 KB
/
FOUNDRY-SN-IP-ACL-MIB.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
FOUNDRY-SN-IP-ACL-MIB DEFINITIONS ::= BEGIN
-- Imports
IMPORTS
IpAddress
FROM RFC1155-SMI
OBJECT-TYPE
FROM RFC-1212
Counter64
FROM SNMPv2-SMI
snIp
FROM FOUNDRY-SN-ROOT-MIB;
-- textual conventions
DisplayString ::= OCTET STRING
-- RtrStatus Values
RtrStatus ::= INTEGER { disabled(0), enabled (1) }
-- Row Status
RowStatus ::= INTEGER {
other(1),
valid(2),
delete(3),
create(4)
}
-- Action
Action ::= INTEGER { deny(0), permit(1) }
-- Boolean Values
TruthVal ::= INTEGER { false (0), true (1) }
-- ACL number
AclNumber ::= INTEGER (1..199)
-- Operator
Operator ::= INTEGER { eq(0), neq(1), lt(2), gt(3), range(4), undefined(7) }
-- IP Protocol
IpProtocol ::= INTEGER (0..255)
-- Precedence Value
PrecedenceValue ::= INTEGER { critical(5), flash(3), flashoverride(4),
immediate(2), internet(6), network(7),
priority(1), routine(0), undefined(8) }
-- Tos Value
TosValue ::= INTEGER {
normal(0),
minMonetaryCost(1),
maxReliability(2),
tosValue3(3),
maxThroughput(4),
tosValue5(5),
tosValue6(6),
tosValue7(7),
minDelay(8),
tosValue9(9),
tosValue10(10),
tosValue11(11),
tosValue12(12),
tosValue13(13),
tosValue14(14),
tosValue15(15),
undefined(16)
}
-- Direction
Direction ::= INTEGER { inbound(0), outbound(1) }
------Access Control List
snAgAcl OBJECT IDENTIFIER ::= { snIp 15 }
snAgAclGlobal OBJECT IDENTIFIER ::= { snAgAcl 1 }
snAgAclGblCurRowIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The current row index of the ACL table entry."
::= { snAgAclGlobal 1 }
--
-- ACL Table
--
snAgAclTable OBJECT-TYPE
SYNTAX SEQUENCE OF SnAgAclEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of Access Control List"
::= { snAgAcl 2 }
snAgAclEntry OBJECT-TYPE
SYNTAX SnAgAclEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"An entry in the IP access control list table."
INDEX { snAgAclIndex }
::= { snAgAclTable 1 }
SnAgAclEntry ::= SEQUENCE {
snAgAclIndex
INTEGER,
snAgAclNumber
AclNumber,
snAgAclName
DisplayString,
snAgAclAction
Action,
snAgAclProtocol
IpProtocol,
snAgAclSourceIp
IpAddress,
snAgAclSourceMask
IpAddress,
snAgAclSourceOperator
Operator,
snAgAclSourceOperand1
INTEGER,
snAgAclSourceOperand2
INTEGER,
snAgAclDestinationIp
IpAddress,
snAgAclDestinationMask
IpAddress,
snAgAclDestinationOperator
Operator,
snAgAclDestinationOperand1
INTEGER,
snAgAclDestinationOperand2
INTEGER,
snAgAclPrecedence
PrecedenceValue,
snAgAclTos
TosValue,
snAgAclEstablished
RtrStatus,
snAgAclLogOption
TruthVal,
snAgAclStandardFlag
TruthVal,
snAgAclRowStatus
RowStatus,
snAgAclFlowCounter
Counter64,
snAgAclPacketCounter
Counter64,
snAgAclComments
DisplayString
}
snAgAclIndex OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The access control list item number for an entry.
This is a unique number that identifies different
Access list entries combined with the access list
name and access list number. This one has to be
unique even though the name and number are not unique
for a give access list with same or different source
address, subnet mask, destination address and destination
mask, protocol type, action (permit/deny) type and the
operator (neq, eq, gt and , lt) which makes the index a
unique tuple (name, number, itemnumber)."
::= { snAgAclEntry 1 }
snAgAclNumber OBJECT-TYPE
SYNTAX AclNumber
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The access control list number for an entry.
The standard access list is in the range <1..99>.
The extended access list is in the range <100-199>."
::= { snAgAclEntry 2 }
snAgAclName OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"ACL name for an entry."
::= { snAgAclEntry 3 }
snAgAclAction OBJECT-TYPE
SYNTAX Action
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Action to take if the ip packet matches
with this access control list."
::= { snAgAclEntry 4 }
snAgAclProtocol OBJECT-TYPE
SYNTAX IpProtocol
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Transport protocol. 0 means any protocol."
::= { snAgAclEntry 5 }
snAgAclSourceIp OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Source IP address."
::= { snAgAclEntry 6 }
snAgAclSourceMask OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Source IP subnet mask."
::= { snAgAclEntry 7 }
snAgAclSourceOperator OBJECT-TYPE
SYNTAX Operator
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Type of comparison to perform.
for now, this only applys to tcp or udp
to compare the port number"
::= { snAgAclEntry 8 }
snAgAclSourceOperand1 OBJECT-TYPE
SYNTAX INTEGER(0..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"For now this only refers to transport
protocol port number. 0 means NA"
::= { snAgAclEntry 9 }
snAgAclSourceOperand2 OBJECT-TYPE
SYNTAX INTEGER(0..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"For now this only refers to transport
protocol port number. 0 means NA"
::= { snAgAclEntry 10 }
snAgAclDestinationIp OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Destination IP address."
::= { snAgAclEntry 11 }
snAgAclDestinationMask OBJECT-TYPE
SYNTAX IpAddress
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Destination IP subnet mask."
::= { snAgAclEntry 12 }
snAgAclDestinationOperator OBJECT-TYPE
SYNTAX Operator
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Type of comparison to perform.
for now, this only applys to tcp or udp
to compare the port number"
::= { snAgAclEntry 13 }
snAgAclDestinationOperand1 OBJECT-TYPE
SYNTAX INTEGER(0..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"For now this only refers to transport
protocol port number. 0 means NA"
::= { snAgAclEntry 14 }
snAgAclDestinationOperand2 OBJECT-TYPE
SYNTAX INTEGER(0..65535)
ACCESS read-write
STATUS mandatory
DESCRIPTION
"For now this only refers to transport
protocol port number. 0 means NA"
::= { snAgAclEntry 15 }
snAgAclPrecedence OBJECT-TYPE
SYNTAX PrecedenceValue
ACCESS read-write
STATUS mandatory
DESCRIPTION
"This refers to IP precedence value in the range <0-7>
critical(5),
flash(3),
flash-override(4),
immediate(2),
internet(6),
network(7),
priority(1),
routine(0)"
::= { snAgAclEntry 16 }
snAgAclTos OBJECT-TYPE
SYNTAX TosValue
ACCESS read-write
STATUS mandatory
DESCRIPTION
"This refers to the IP type of service value in range
<0-15> which is the sum of numeric vlaues of the
following options -
match packets with maximum reliability TOS (2)
match packets with maximum throughput TOS (4)
match packets with minimum delay (8)
match packets with minimum monetary cost TOS (1)
match packets with normal TOS (0)"
::= { snAgAclEntry 17 }
snAgAclEstablished OBJECT-TYPE
SYNTAX RtrStatus
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Enable/Disable the filtering of established TCP
packets of which the ACK or RESET flag is on. This
additional filter only applies to TCP transport
protocol."
::= { snAgAclEntry 18 }
snAgAclLogOption OBJECT-TYPE
SYNTAX TruthVal
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Log flag"
::= { snAgAclEntry 19 }
snAgAclStandardFlag OBJECT-TYPE
SYNTAX TruthVal
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Return whether the ACL is standard or extended, 1 for standard ACL"
::= { snAgAclEntry 20 }
snAgAclRowStatus OBJECT-TYPE
SYNTAX RowStatus
ACCESS read-write
STATUS mandatory
DESCRIPTION
"To create or delete a access list
entry."
::= { snAgAclEntry 21 }
snAgAclFlowCounter OBJECT-TYPE
SYNTAX Counter64
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Approximate count of flows matching individual ACL entry."
::= { snAgAclEntry 22 }
snAgAclPacketCounter OBJECT-TYPE
SYNTAX Counter64
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Accurate count of packets matching individual ACL entry."
::= { snAgAclEntry 23 }
snAgAclComments OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Remark description of individual ACL entry."
::= { snAgAclEntry 24 }
--
-- Acl Port Table
snAgAclBindToPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF SnAgAclBindToPortEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"Table of ACL binding to port for router"
::= { snAgAcl 3 }
snAgAclBindToPortEntry OBJECT-TYPE
SYNTAX SnAgAclBindToPortEntry
ACCESS not-accessible
STATUS mandatory
DESCRIPTION
"An entry in the ACL-binding-to-port table."
INDEX {
snAgAclPortNum,
snAgAclPortBindDirection
}
::= { snAgAclBindToPortTable 1 }
SnAgAclBindToPortEntry ::= SEQUENCE {
snAgAclPortNum
INTEGER,
snAgAclPortBindDirection
Direction,
snAgAclNum
INTEGER,
snAgAclNameString
DisplayString,
snAgBindPortListInVirtualInterface
OCTET STRING,
snAgAclPortRowStatus
RowStatus
}
snAgAclPortNum OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
"Binding-to port num, either physical port or virtual interface."
::= { snAgAclBindToPortEntry 1 }
snAgAclPortBindDirection OBJECT-TYPE
SYNTAX Direction
ACCESS read-only
STATUS mandatory
DESCRIPTION
"ACL port direction, inbound or outbound"
::= { snAgAclBindToPortEntry 2 }
snAgAclNum OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Defined ACL number"
::= { snAgAclBindToPortEntry 3 }
snAgAclNameString OBJECT-TYPE
SYNTAX DisplayString
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Defined ACL name"
::= { snAgAclBindToPortEntry 4 }
snAgBindPortListInVirtualInterface OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Port list for binding virtual interface"
::= { snAgAclBindToPortEntry 5 }
snAgAclPortRowStatus OBJECT-TYPE
SYNTAX RowStatus
ACCESS read-write
STATUS mandatory
DESCRIPTION
"To create or delete a ACL port entry."
::= { snAgAclBindToPortEntry 6 }
END